tag:blogger.com,1999:blog-24867617242510978652024-02-20T01:53:18.154-08:00ESXX - Friendly Server-side JavaScriptLeviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.comBlogger26125tag:blogger.com,1999:blog-2486761724251097865.post-33467535330207761762009-11-19T12:39:00.000-08:002009-11-19T13:00:05.080-08:0090% of all web apps are brokenA couple of weeks ago, µ ran an article that stated that nice out of ten web applications are broken from a security standpoint. Half of the volunabilities were SQL injections and Cross-site scriping problems.A few days later, hackers break in to a Brazilian power grid operator, using, you guessed it, an SQL injection attack.Seriously, isn't is about time we stop accepting these kinds of failuresLeviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com2tag:blogger.com,1999:blog-2486761724251097865.post-90967504891266168572009-06-14T13:22:00.000-07:002014-11-18T01:07:53.862-08:00Using Apache's HttpClient on Google App EngineIf you, like me, have tried to use Google's URL Fetch Java API on the Google App Engine, you've probably been disappointed. Sure, it's a small, clean API, but it's totally feature-less. The most advanced thing it supports seems to be ... well, it can follow redirects automatically. Wow. Cookies? Authentication? Forget it.
In ESXX, I use Apache's HttpClient 4, and it works really well. Wouldn't Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com40tag:blogger.com,1999:blog-2486761724251097865.post-67972191998349706842009-06-06T16:37:00.000-07:002009-06-06T16:47:15.105-07:00ESXX on Google App EngineI got most of ESXX running on Google App Engine today! How cool is that?Most of the code is in the subversion repository already. I'll try to finish the port as soon as possible and also add seamless support for Google's HTTP client APIs. Once fully checked in, you too can deploy ESXX + your custom JavaScript apps on GAE.In the meantime, have a look at http://esxx-demo.appspot.com/.The Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com2tag:blogger.com,1999:blog-2486761724251097865.post-59205940017129406072009-06-06T05:33:00.000-07:002009-06-06T06:36:06.986-07:00ThreadPoolExecutor deadlocksI'm currently trying to get ESXX running on Google's App Engine. One of the problems are that GAE won't let you create background threads or timers, something which most applications, including ESXX, often do.My initial plan was to switch from a plain ThreadPoolExecutor and Timers to a ScheduledExecutorService. Once done, I would write a GAE-specific, single-threaded version of that class tries Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-59441453088228045412009-05-24T05:05:00.000-07:002009-05-24T05:35:44.476-07:00Scaling up with GoGridMy small GoGrid experiment the other day made me curios. Assume the blog I put online became really popular. How would my deployment cope, and how would I be able to increase capacity?So I figured I'd script a small benchmark. Assume all visitors land on the Blog's front page, and that half of the visitors click on the first post to read it comments. Finally, assume a third of those add a commentLeviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com1tag:blogger.com,1999:blog-2486761724251097865.post-39862111776390235672009-05-22T09:04:00.000-07:002009-05-24T03:09:13.434-07:00From localhost to live in 60 minutes using GoGridI made an experiment today. The question I wanted to answer was this:Given a locally developed ESXX application, running on my laptop, how long would it take to go live, assuming you own no servers or Internet connection suitable for such deployment?For this, I turned to my favourite grid/cloud service, GoGrid. GoGrid is pretty amazing. With just a few clicks in their admin UI, you can create allLeviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-54390780740875768872009-05-21T11:56:00.000-07:002009-05-21T12:06:09.653-07:00ESXX advances into betaWhoo, long time, no see ... It's been a while since the last blog post, but today, we celebrate the fact that ESXX is no longer considered alpha quality with an all-new look of esxx.org.I've already blogged about some of the new features in this release, but I just want to mention that there are now two tutorials available in the Wiki. The first one is very basic, while the second one Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com2tag:blogger.com,1999:blog-2486761724251097865.post-91322837708417720972009-02-22T03:47:00.000-08:002009-02-22T03:56:21.993-08:00JavaScript web applications/browser services, the ESXX wayIn ESXX, the difference between a web service (a program that produces XML or JSON intended for other programs) and a web application or browser service (a program that produces HTML documents intended to be viewed by a human using a web browser) is minimal. Basically, it's only the data format (XML/JSON vs HTML) that differs.It's a good idea to remember this when you build a web application. TheLeviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-43024928507892558122009-02-21T05:32:00.000-08:002009-02-21T05:47:41.671-08:00JavaScript request filtersIt's never to late to change your mind, and I'm happy to let you know that I checked in support for request filters in the trunk yesterday.Filters differ from handlers in that more than one filter may be executed for a given request. Before a request is serviced, a matching filter chain is built and all all matching filters are then executed in turn as part of the request handling.Each filter mayLeviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-2041045753963806992009-02-15T15:24:00.000-08:002009-02-15T15:47:27.253-08:00JavaScript servletsToday, I checked in support for running ESXX as a inside servlet a Java EE application server. Why, someone may ask, run an application server within another application server?Well, for starters, it allows you to use ESXX with your existing infrastructure and tool set. If you're already using an app server such as Glassfish or Tomcat, you can add modules powered by ESXX by rebuilding the war Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-58388813839862652032009-02-08T01:46:00.000-08:002009-02-08T01:50:42.457-08:00JavaScript web services, the ESXX wayBy "web service", we mean a service that is intended to be used by a program, not directly by a human surfing the web with a web browser.To use ESXX as a web service engine, you first need to define what request handlers should be available. ESXX currently provides six kinds of handlers: HTTP, SOAP, stylesheet, timer, exit and error handlers. Handlers are defined using a section of the main Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-41215479271535258722009-02-06T12:57:00.000-08:002009-02-06T13:44:30.997-08:00F-Script vs. JavaScriptI read about F-Script on Ars Technica today and couldn't help wondering how the example might have looked like if written as an ESXX command line application. Something like this, perhaps?#!/usr/bin/env esxx-jswith (JavaImporter(java.awt, javax.swing)) { function main() { // Create the window let window = new JFrame("TimeSetter"); window.setLayout(null); window.setPreferredSize(new Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-85780759523121569802009-02-05T14:19:00.000-08:002009-02-06T12:04:02.292-08:00Server-side XML processing, the ESXX wayI've continued to add more documentation to the wiki. Let's talk about server-side XML processing via XSL this time.With all due respect to command line applications, ESXX was designed for web applications.An ESXX web application is defined by an XML file and zero or more JavaScript handlers or XSLT stylesheets. The XML file may be any XML file, and it will be available as an E4X node in the Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-63551099366853301982009-02-04T14:30:00.000-08:002009-02-04T14:44:13.927-08:00JavaScript command line applications, the ESXX wayToday, I added some documentation to the wiki about ESXX command line applications, and I though I'd post it here as well.An ESXX command line application is one or more JavaScript files that define a main() function in the global scope. It's common to also begin the main JavaScript with a shebang, and set the executable flag, so it can easily be executed from the Unix command line. /usr/bin/env Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-69234600232714561232009-02-02T11:40:00.000-08:002009-02-02T11:50:10.418-08:00What does "alpha" mean?You might wonder what the fact that ESXX is still in "alpha" stage means. Is it a constant crashing piece of crap?Far from it! ESXX has been used at a company (which shall remain unnamed for now) for almost six months, serving tens of thousands of user without problems.No, "alpha" simply means that the API's are not yet completely stable and might change slightly. For example, in the last releaseLeviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-3092574890996724682009-02-01T14:54:00.001-08:002009-02-08T02:10:06.965-08:00Final alpha release?It's been quite a while, but a new release is finally available for download. This time, there are proper RPM and DEB packages, as well as Opensolaris IPS and Mac OSX PackageMaker packeges. And a Windows installer, as usual of course.Some of the highlights of the release include: Proper RPM (Fedora/RHEL), DEB (Debian/Ubuntu), PackageMaker (OSX) and IPS (Opensolaris) packages.dns, https URI Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-81842799692717593072008-11-22T08:35:00.000-08:002008-11-22T08:41:02.689-08:00Guns 'n RosesChinese. Democracy. Is. Out.Just so you know. :-)PS. In that context, the lack of recent ESXX releases is not that bad, is it? But anyway, what will probably be the last alpha version will soon be available. Stay tuned.Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-63682672866929460162008-09-27T02:03:00.000-07:002008-09-27T02:06:06.391-07:00Minor release updatedThe last minor release unfortunately contained a bug that caused System.console() to return null in script mode, which is bad because I use it all the time to call the readPassword() method.I also fixed a problem with the internal HTTP server, which would mess up keep-alive connections when returning 1xx, 204 and 304 responses.Get it here.Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-5301323582872264732008-09-24T14:06:00.000-07:002008-09-24T14:11:11.832-07:00New minor releaseI made a new minor release today, available here. There are not a lot of news, but I did fix some bugs and upgraded both HtmlCleaner and HttpClient.Unrelated, I also added some security information to the Wiki, ESXX — Security advantages. It's worth a read.Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-52975308253360415102008-08-24T12:20:00.000-07:002008-08-24T12:22:53.195-07:00More documentationMore documentation has been added to the Wiki; specifically the Request, Response and URI classes have been (rudimentary) documented.Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com1tag:blogger.com,1999:blog-2486761724251097865.post-9643830774766643632008-08-21T09:02:00.001-07:002008-08-24T12:24:21.612-07:00New binary releaseToday, I released the second binary release of ESXX. Go get your favourite server-side JavaScript platfrom while it is still hot!Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-50206022976045382112008-08-07T08:50:00.000-07:002008-08-07T12:00:24.295-07:00JMX supportToday, I added initial JMX support to ESXX, which means that you can now use JConsole or VisualVM (with the MBeans plug-in) to view the loaded server-side Rhino-powered JavaScript applications, plus some statistics about them (when the app was (last re-) started, when it was last active, how many requests the app has handled and wall-clock execution time).Pretty neat. It's also possible to unloadLeviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-31258970467227425552008-08-05T05:52:00.000-07:002008-08-05T14:27:30.324-07:00Using Apache's mod_cache with CGI or FastCGII just though I would elaborate on the caching part in the last post, since I had a real hard time finding good information about this on the web.Scenario: You have a web application that produces static or semi-static content, and you'd like increase the performance and/or reduce the computing load.The first thing you need to do is to mark the produced content as cachable. This involves setting Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-19695131689129358802008-08-04T10:26:00.000-07:002008-08-08T02:22:29.475-07:00Dog FoodTime to eat my own dog food.I have finally converted esxx.org to use ESXX to generate the content, and it turned out more or less the way I expected it to. And not a single URL changed! Unless you knew, you couldn't tell that the pages are dynamically generated using JavaScript and XSLT.Except for the tiny configuration file and the XSLT stylesheet used, there are a few lines of code that loads Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0tag:blogger.com,1999:blog-2486761724251097865.post-37976659164685493982008-07-01T13:52:00.000-07:002008-07-01T13:57:38.291-07:00DocumentationToday, I began adding some documentation on the Wiki. Rudimentary documentation about the runtime and the ESXX and Logger classes are now available.Leviticushttp://www.blogger.com/profile/11934600432163494321noreply@blogger.com0