Seaside on HN

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Seaside on HN

Bert Freudenberg
Reply | Threaded
Open this post in threaded view
|

Re: Seaside on HN

Eliot Miranda-2


On Mar 3, 2016, at 11:21 AM, Bert Freudenberg <[hidden email]> wrote:


Interesting:


Not just way back; HN uses continuations. (Not in many user-visible places any more, but every link on the front page used to be one—expired "next page" continuation links were a frequent source of grumbling.)

Note that you don't have to expire continuations, necessarily—you could actually persist them statelessly (i.e. without server-side state), by shipping their encoded representations to the client embedded into HMAC-signed links. You're basically giving the server a raw bytecode-eval endpoint, and then making sure that it only accepts code you yourself wrote. Kind of a crazy strategy compared to the standard predeclared REST API, but interestingly flexible.



Reply | Threaded
Open this post in threaded view
|

Re: Seaside on HN

Colin Putney-3


On Thu, Mar 3, 2016 at 11:54 AM, Eliot Miranda <[hidden email]> wrote:
Interesting:


Not just way back; HN uses continuations. (Not in many user-visible places any more, but every link on the front page used to be one—expired "next page" continuation links were a frequent source of grumbling.)

Note that you don't have to expire continuations, necessarily—you could actually persist them statelessly (i.e. without server-side state), by shipping their encoded representations to the client embedded into HMAC-signed links. You're basically giving the server a raw bytecode-eval endpoint, and then making sure that it only accepts code you yourself wrote. Kind of a crazy strategy compared to the standard predeclared REST API, but interestingly flexible.


Yeah, it's pretty crazy. I actually implemented this in Altitude, (minus the encryption) and it works fine. Ultimately I that the security nightmare if somebody breaks the signing makes it too dangerous to actually use.

-Colin