[Lift] Lift newbie, some performance considerations and other

[Tadeusz Wójcik]

Hi,
I'm new to Lift ,still learning scala and think that it's very
powerful language. I'm in the middle of building stackoverflow.com
like app and considering porting it to lift/scala. First of all
currently it's a .NET project specifically asp.net mvc .I'm quite
satisfied with that framework but Asp.net Comet support sucks. I have
few questions about lift:
1) why it's generating unique names for each form fields? I assume
it's due to security, but it affects user experience a little because
for example when I once entered email into login field in most web
sites/apps when I secondly access the login form I'd like to have
email field filled with email. Maybe to avoid CSRF attacks it would be
better to issue cookie with random value and apply hidden field in
form with the same value ,and check it in post request?
2) is it possible to have users persistently logged in? (I suppose it
would require send another cookie to user)
3) Lift apps doesn't work in chrome (version 4), maybe because of some
of my chrome extensions (adblock ? maybe?) is it common?
4) What about scalability? I assume sessions in lift are unavoidable,
so there are any scalability best practices?
5) Is lift a good fit of stackoverflow.com like apps? which is more
like website, but I'd like to use comet a lot in my clone.
6) Something about performance : IIS with sample asp.net mvc site can
serve 650 -680 requests per second,( 330 requests per second page with
a lot of html content without db calls) , whereas lift on jetty in
production mode with hellolift site, ( http://localhost:8080/liftbasic-1.0-SNAPSHOT/user_mgt/login
) can serve only 220-250 pages per second which is comparison to
asp.net mvc . I know that real app have a lot of db calls which are
mainly bottlenecks , but still I expected better performance. In
firefox firebug shows me that http://localhost:8080/liftbasic-1.0-SNAPSHOT/user_mgt/login
page loads in 40-70 ms, whereas in asp.net mvc it takes about 10-15
ms. Maybe that's because asp.net mvc views are compiled to classes and
lift parses them at runtime.
7)I'd like to use lift in pair with mongodb , has anyone tried that?

Thanks for the answers :)
Tadeusz Wójcik

--
You received this message because you are subscribed to the Google Groups "Lift" group.
To post to this group, send email to lif...@googlegroups.com.
To unsubscribe from this group, send email to liftweb+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.

[David Pollak]

2010/5/12 Tadeusz Wójcik <tadeus...@gmail.com>

Hi,
I'm new to Lift ,still learning scala and think that it's very
powerful language. I'm in the middle of building stackoverflow.com
like app and considering porting it to lift/scala. First of all
currently it's a .NET project specifically asp.net mvc .I'm quite
satisfied with that framework but Asp.net Comet support sucks. I have
few questions about lift:
1) why it's generating unique names for each form fields? I assume
it's due to security, but it affects user experience a little because
for example when I once entered email into login field in most web
sites/apps when I secondly access the login form I'd like to have
email field filled with email. Maybe to avoid CSRF attacks it would be
better to issue cookie with random value and apply hidden field in
form with the same value ,and check it in post request?

A core design principle of Lift is to associate elements in the browser with functions on the server.  Each form field name is a GUID that's associated with a function (closure, chunk-o-code) on the server.  This design derives from Seaside and WebObjects.  Not only does it deal well with CSRF, it also deals with replay attacks, state management (you can have 5 different browser tabs open to the same page, but the state on the page is different and defined by the GUIDs on the page).

The principle made Ajax a breeze.  Ajax calls can be defined in a single line of code and "just work." because the GUID associated with the HTML element is associated with the function on the server.

While we are always interested in design feedback, we ask that you use Lift for a month or two before suggesting a change to the core way Lift does stuff.

The fact that Lift allows you to associate HTML elements with server-side functions doesn't mean you can't do things "the old way" by defining a stable element name and grabbing the request parameters.  I do this with most of the login panels that I build for production sites.

 

2) is it possible to have users persistently logged in?  (I suppose it
would require send another cookie to user)

Yes.  See the ProtoExtendedSession.scala file in the Mapper package.

 

3) Lift apps doesn't work in chrome (version 4), maybe because of some
of my chrome extensions (adblock ? maybe?) is it common?

I've never seen a browser that doesn't work with Lift.  I use Chrome regularly (about 30% of the time, Firefox 60% of the time and "others" the rest of the time).  I've never seen a bad Lift/Chrome interaction.  If you can create a reproducible case, we'd love to address it.

 

4) What about scalability? I assume sessions in lift are unavoidable,
so there are any scalability best practices?

Nginx and Jetty are recommended.  Using session affinity is required as you move beyond a single server.  There are a number of folks using Lift for very large scale projects (e.g., FourSquare and Novell Pulse.)  If you grow beyond a single server, there are people in the community who can help you.

 

5) Is lift a good fit of stackoverflow.com like apps? which is more
like website, but I'd like to use comet a lot in my clone.

I think so.  Creating dynamic, interactive sites is something that's easier in Lift than almost any other web framework.

 

6) Something about performance : IIS with sample asp.net mvc site can
serve 650 -680 requests per second,( 330 requests per second page with
a lot of html content without db calls) , whereas lift on jetty in
production mode with hellolift site, ( http://localhost:8080/liftbasic-1.0-SNAPSHOT/user_mgt/login
) can serve only 220-250 pages per second which is  comparison to
asp.net mvc . I know that real app have a lot of db calls which are
mainly bottlenecks   , but still I expected better performance. In
firefox firebug shows me that   http://localhost:8080/liftbasic-1.0-SNAPSHOT/user_mgt/login
page  loads in 40-70 ms, whereas in asp.net mvc it takes about 10-15
ms. Maybe that's because asp.net mvc views are compiled to classes and
lift parses them at runtime.

Were you using Lift 1.0 or 2.0?  We did a fair amount of performance tuning of Lift about 3 months ago.

What JVM were you using?  You'll generally see better performance running a 64 bit JVM in "server" mode.

How many pages did you load to "warm up" the JVM?  I generally recommend loading about 50,000 pages before starting to benchmark so the JVM can do an analysis of the hot spots in the code.

Did each page load result in a new session?

More broadly, Lift does a bunch of stuff that you'll wind up doing anyway in a production app, but doesn't get reflected in small benchmarks:

• Lift does access control on every page.  Even though you're not using it in your test app, it is something you'll do in production.  You can do it by putting some sort of proxy/filter-ish thing in front of the request (which will slow the request down) or by writing code into every one of your controllers.
• Lift keeps the composed page around as XML rather than Strings and it takes some time to convert at the final rendering phase from XML to String.  The key here is that you don't need a post-render filter to insure that there are no Cross Site Scripting thingies on each page (once again, something that will suck performance down.)

So, what does this mean?  Well, if you have a security fiend ( http://en.wikipedia.org/wiki/Rasmus_Lerdorf ) try see where things are broken on your site and they write http://twitter.com/rasmus/status/5929904263 it makes you feel warm and fuzzy (this is not to say that HarryH isn't a stellar coder, but he wasn't focusing on security during the PHP -> Lift translation of FourSquare.

For a site that has a lot of user generated content, like StackOverflow, working with a framework that makes it easier to be secure allows you to focus on the business part of things.

 

7)I'd like to use lift in pair with mongodb , has anyone tried that?

Yep.  There's a recent addition to Lift (thanks Tim Nelson) that does MongoDB stuff.

Thanks,

David

 

Thanks for the answers :)
Tadeusz Wójcik

--
You received this message because you are subscribed to the Google Groups "Lift" group.
To post to this group, send email to lif...@googlegroups.com.
To unsubscribe from this group, send email to liftweb+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.

--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics

[Tadeusz Wójcik]

Hi,
Thanks for response :)

> I've never seen a browser that doesn't work with Lift. I use Chrome
> regularly (about 30% of the time, Firefox 60% of the time and "others" the
> rest of the time). I've never seen a bad Lift/Chrome interaction. If you
> can create a reproducible case, we'd love to address it.

I use Chrome 4.1.249.1064 on windows 7 64 bit, with quite extensions.
Now that I know that's rather uncommon I disabled my extensions one by
one and it seems that "Right Click Opens Link in New Foreground Tab"
extensions is the cause of not opening sites in Chrome.

> Nginx and Jetty are recommended. Using session affinity is required as you
> move beyond a single server. There are a number of folks using Lift for
> very large scale projects (e.g., FourSquare and Novell Pulse.) If you grow
> beyond a single server, there are people in the community who can help you.

Sessions affinity is basically the same what sticky sessions?

Is it possible in lift to use page level caching?

Is it possible to dispatch on host header? so I would have one lift
app that serves requests from tom.domain.com and phill.domain.com ?
but gets data appropriate to subdomain.

Thanks David for answers :)

[Timothy Perrett]

Hi

> Is it possible in lift to use page level caching?

What kind of caching did you have in mind? Lift already caches templates, and you can apply 2nd level cache etc to persistence. Please clarify?

>
> Is it possible to dispatch on host header? so I would have one lift
> app that serves requests from tom.domain.com and phill.domain.com ?
> but gets data appropriate to subdomain.

Sure, this is possible. I have an app that does this - it also totally re-skins itself based on domain.

Cheers, Tim

[Tadeusz Wójcik]

I thought about rendered html caching (html of whole page or it's
parts)

[David Pollak]

2010/5/12 Tadeusz Wójcik <tadeus...@gmail.com>

Hi,
Thanks for response :)

> I've never seen a browser that doesn't work with Lift.  I use Chrome
> regularly (about 30% of the time, Firefox 60% of the time and "others" the
> rest of the time).  I've never seen a bad Lift/Chrome interaction.  If you
> can create a reproducible case, we'd love to address it.

I use Chrome  4.1.249.1064 on windows 7 64 bit, with quite extensions.
Now that I know that's rather uncommon I disabled my extensions one by
one and it seems that "Right Click Opens Link in New Foreground Tab"
extensions is the cause of not opening sites in Chrome.

Yeah... I don't think this is a Lift issue. ;-)

 

> Nginx and Jetty are recommended.  Using session affinity is required as you
> move beyond a single server.  There are a number of folks using Lift for
> very large scale projects (e.g., FourSquare and Novell Pulse.)  If you grow
> beyond a single server, there are people in the community who can help you.

Sessions affinity is basically the same what sticky sessions?

Yes.

 

Is it possible in lift to use page level caching?

Conceivably, yes, but in practice, for a dynamic site, you're not going to gain anything.

Also, if you can serve 100 pages/second from your server sustained (a reasonable number for an Amazon EC2 instance), you're serving 360K per hour and 3M per day (assuming a traffic pattern where most of your traffic happens during a 10 hour period).  At 3M pages a day, assuming you get 1 penny per page in revenue, you're looking at enough money per day to rent more servers.

Is it possible to dispatch on host header? so I would have one lift
app that serves requests from tom.domain.com and phill.domain.com ?
but gets data appropriate to subdomain.

yes.

 

Thanks David for answers :)

--

You received this message because you are subscribed to the Google Groups "Lift" group.
To post to this group, send email to lif...@googlegroups.com.
To unsubscribe from this group, send email to liftweb+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.

--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics