I'm stuck on whether I should focus on Play or Lift for doing web
development in Scala.
Play looks very polished. The Scala-specific tutorial looks amazing.
Furthermore, since I've been coding in MVC frameworks for a long time,
it looks super familiar. However, it doesn't look like it can easily
accomplish all the brilliant things that Lift can do. For instance, I
can't find anywhere where it mentions Comet or Jetty Continuations.
Furthermore, I kind of like the "View First" methodology in Lift
because instead of using one controller, it lets me use a ton of
snippets to piece together a page.
Lift looks brilliant, but leaves me with a lot of questions
unanswered. Being highly stateful looks like it opens up a lot of
possibilities, but I wonder how it'll turn out in practice. The book
on Lift is a bit of a mess, and so is the wiki. The "Getting Started"
page is badly formatted and is no match for Play's tutorial.
Does Play support Jetty Continuations?
Is it painful to get started with Lift doing normal web application development?
How does Lift's statefulness work out in practice? How do you cope
with web servers going down in Lift? If I'm using Lift, and I push a
new version of my code on a daily basis, does that mean I have to
restart the application, and does that mean everyone's session gets
wiped out?
Does Lift's statefulness actually make it easier to code?
What happens if someone messes around with the back button in Lift?
What happens if a user is bouncing back and forth between several
tabs?
Thanks, guys!
-jj
--
In this life we cannot do great things. We can only do small things
with great love. -- Mother Teresa
http://jjinux.blogspot.com/
You'll probably get a much better idea of what development is like. I
intend to go.
On Wed, Sep 8, 2010 at 4:50 PM, Shannon -jj Behrens <jji...@gmail.com> wrote:
> I'm stuck on whether I should focus on Play or Lift for doing web
> development in Scala.
--
miles
--
You received this message because you are subscribed to the Google Groups "Bay Area Scala Enthusiasts" group.
To post to this group, send email to scala...@googlegroups.com.
To unsubscribe from this group, send email to scala-base+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/scala-base?hl=en.
--
You received this message because you are subscribed to the Google Groups "Bay Area Scala Enthusiasts" group.
To post to this group, send email to scala...@googlegroups.com.
To unsubscribe from this group, send email to scala-base+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/scala-base?hl=en.
While I'm not disagreeing with you, I feel like I need to add a little "[citation needed]" to some of those very broad statements, especially "Lift is far more secure than Play." In what ways? Due to what design decisions? Examples?To make that statement, as opposed to something like just "Lift is very secure", I assume you have some sort of reason to believe Play is _less_ secure than Lift, and I'd be interested to know what it is.Thanks,David
David,While I'm not disagreeing with you, I feel like I need to add a little "[citation needed]" to some of those very broad statements, especially "Lift is far more secure than Play." In what ways? Due to what design decisions? Examples?
On Wed, Sep 8, 2010 at 8:14 PM, David Taylor <maxim...@gmail.com> wrote:David,While I'm not disagreeing with you, I feel like I need to add a little "[citation needed]" to some of those very broad statements, especially "Lift is far more secure than Play." In what ways? Due to what design decisions? Examples?Lift is more secure than Play because:
- Lift associates each user action with a GUID on the client and the function on the server. This means that Lift apps are resistant to replay attack, cross site request forgeries, and vulnerabilities associated with leaking DB primary keys (aka insecure object references).
- Lift keeps the page around as XML during page composition. This means that the developer has to do something affirmative to introduce a cross site scripting vulnerabilities.
- Lift's sitemap enforces access control to each page of the application, so Lift apps are generally resistant to URL access vulnerabilities.
If you take a look at the OWASP top 10 security vulnerabilities, Lift's defaults are resistant to most of the listed vulnerabilities (Lift doesn't address cryptographic storage [encrypting data at rest] or transportation layer issues [SSL]).
Thanks for the response. Lift looks like a fantastic framework. I
knew that already because I've a) seen you speak in person b) read all
the docs c) read your blog. However, I'm still struggling with a few
things.
Let me use an analogy. If someone sets you up on a blind date, and
all you keep hearing is "She's got a really great personality," it'll
make you really start wondering what the girl looks like. That's how
I feel about Lift. I can't seem to find anywhere a description of the
things Lift isn't so great at and how it copes with those things.
For instance, statefulness is a big deal. I've read on your blog that
you say, "statelessness is fail." I get that. However, I can't find
anywhere a description of the challenges imposed by statefulness and
session affinity. All I'm looking for is an honest assessment of the
pros *and* cons of Lift.
It's no small feat that the documentation and tutorial for Play look
so well done. I keep thinking that it'd be great if someone simply
ported the Play tutorial to Lift. Even though I've read most of the
Lift wiki, I don't feel like I'm capable of doing it. I.e. I fear
that I might not get it right.
I can't find an FAQ for Lift, so there are a lot of things I still
don't have a grasp on. I tried to mention some of these in my
original email:
* Based on what I've read, learning Lift is harder than learning RoR
or Play. How much harder? How long will it take me before I start
feeling comfortable in it? (Note, I'm no newbie to web frameworks.
I've used most of the Python frameworks available at one time or
another, and I've been using RoR for the last year.)
* How does Lift's statefulness work out in practice? How do you cope
with web servers going down in Lift? If I'm using Lift, and I push a
new version of my code on a daily basis, does that mean I have to
restart the application, and does that mean everyone's session gets
wiped out?
* How much state is kept in the database and how much state is kept on
the server? Do I have to worry about the state on the server being
stale compared to what's in the database? For instance, it seems
likely that I'll use state from the database when generating a form.
It seems possible that that state in the database might change by the
time the user submits the form. However, because of the way the
server is stateful, I'll have local variables on the server
referencing the old copy of the data when I'm handing the form
response. How do I cope with that?
* Does Lift's statefulness actually make it easier to code? How much easier?
* What happens if someone messes around with the back button in Lift?
What happens if a user is bouncing back and forth between several
tabs? What happens when a Mac user has both Firefox and Safari going
at the same time, playing around on the site? Earlier on this thread,
someone said that things do work with multiple tabs, so that makes me
feel better, but I'm still a little concerned. Let's imagine a user
is using my site. They're playing around with some data. They edit
the data. Then they hit the delete button to delete the data. Then
they hit the back button a few times and edit the data again. This is
a typical web application problem. I understand how to cope with this
with most web frameworks, but what happens with Lift? If the server
is stateful, what's going to happen when my form handler tries to edit
data that the user has actually already deleted?
* If someone is using Lynx or has JavaScript turned off (thus
disabling the heartbeat that Lift uses), and it takes them an hour to
fill in a credit card form (because their kids keep interrupting them
like mine interrupt me), when they submit the page, will it still
work? I'm worried that either a) sessions will get reaped too quickly
b) if sessions aren't reaped quickly enough, a simple web spider can
cause my web application to go into swap because of too many abandoned
sessions (I've seen this question partially addressed elsewhere).
* Lift's ORM doesn't look 100% polished. How does it compare to
ActiveRecord and JPA? What does it lack? How are people handling
migrations (someone gave me a link to
http://code.google.com/p/scala-migrations/ earlier)?
* I've read the Getting Started guide, and it looks cool. However,
what happens if you have so much traffic that a single machine can't
cut it? When I talked to you in person, you mentioned something about
some feature in the Java world that allows servers to cluster with
each other, but I'm really trying to wrap my mind around the
limitations and challenges. Nothing's perfect. I'm just trying to
understand the "backup plan" for when a single server can't cut it.
For instance, in the RDBMS world, I know the backup plan is to shard,
and I understand that it's a massive pain in the butt.
Having said all that, let me say that I think Lift is a great
framework, and it's probably the one I'll be using. I'm just trying
to find some of its "challenges", and how I can cope with them.
Thanks!
-jj
On Thu, Sep 9, 2010 at 10:22 AM, David Pollak
<feeder.of...@gmail.com> wrote:
> Put another way, the challenges at both the code and operations layers for
> dealing with state in Memcached is far far nastier than putting Nginx and/or
> HAProxy in front of your Lift app.
--
miles
Thanks,
-jj
Has it been your experience that Lift apps can entirely do away with
the kinds of caching layers people usually implement in Memcached or
does it just delay the point at which they become necessary?
On Thu, Sep 9, 2010 at 10:22 AM, David Pollak
<feeder.of...@gmail.com> wrote:
> Put another way, the challenges at both the code and operations layers for--
> dealing with state in Memcached is far far nastier than putting Nginx and/or
> HAProxy in front of your Lift app.
miles
--
You received this message because you are subscribed to the Google Groups "Bay Area Scala Enthusiasts" group.
To post to this group, send email to scala...@googlegroups.com.
To unsubscribe from this group, send email to scala-base+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/scala-base?hl=en.
Hey David,
Thanks for the response. Lift looks like a fantastic framework. I
knew that already because I've a) seen you speak in person b) read all
the docs c) read your blog. However, I'm still struggling with a few
things.
I can definitely see the greater simplicity of dumping a separate
caching layer in the infrastructure.
On Thu, Sep 9, 2010 at 10:33 AM, David Pollak
<feeder.of...@gmail.com> wrote:
> Put another way, with 99%+ of the apps people are writing in Lift, they will
> live in a single JVM. The stability of the JVM is on par with the stability
> of memcached, so it's not like a Rails process with needs to be killed every
> 5 minutes to avoid the MRI from sucking down all the swap space on your
> machine.
--
miles
Uh, that's kind of a big deal ;) That's exactly the sort of thing I
need to know before I try to use a new framework on a new project. I
don't remember reading that in the Lift documentation. That'd be the
perfect sort of thing to have in a FAQ.
> Put another way, with 99%+ of the apps people are writing in Lift, they will
> live in a single JVM.
That's also the sort of thing I was looking for. The fact that most
Lift users haven't experienced the challenges of using Lift with
multiple web servers is worth knowing. Performance != scalability. I
was looking for rules of thumb such as "If you have multiple servers
running Lift, make sure you keep persistent data in the database and
beware of stale cached data on the web servers. Otherwise, if a user
has two browsers up, and the browsers are each affiliated with
different Lift servers, one of the browsers might see stale data."
Look, Lift is fantastic, but a project is defined as much by what it
doesn't do as what it does do. I'm just trying to get my head around
what it doesn't do.
Thanks,
> In terms of Lift and older browsers, Lift doesn't support them (or at least it doesn't support them well.) At the end of the day, in
> order to use a Lift app, you need a modern browser (IE 6+, Firefox 1.5+ or WebKit-based [Chrome, Safari]).
M>
That makes sense. A big part of the argument in favor of Memcached is
that cache can be shared by multiple front-end servers. Would it be
fair to say that the worker/cache ratio you see in something like a
rails app is equalled or surpassed by the ratio you see in a single
JVM? In other words, does a shared JVM give you similar overall
caching benefits?
I can definitely see the greater simplicity of dumping a separate
caching layer in the infrastructure.
On Thu, Sep 9, 2010 at 10:33 AM, David Pollak
<feeder.of...@gmail.com> wrote:
> Put another way, with 99%+ of the apps people are writing in Lift, they will--
> live in a single JVM. The stability of the JVM is on par with the stability
> of memcached, so it's not like a Rails process with needs to be killed every
> 5 minutes to avoid the MRI from sucking down all the swap space on your
> machine.
miles
--
You received this message because you are subscribed to the Google Groups "Bay Area Scala Enthusiasts" group.
To post to this group, send email to scala...@googlegroups.com.
To unsubscribe from this group, send email to scala-base+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/scala-base?hl=en.
Will.
--
You received this message because you are subscribed to the Google Groups "Bay Area Scala Enthusiasts" group.
To post to this group, send email to scala...@googlegroups.com.
To unsubscribe from this group, send email to scala-base+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/scala-base?hl=en.
I appreciate your taking the time to answer all our questions.
I have a question about continuous deployment. A lot of companies I
know (but none that I've worked for) like to deploy changes to the
live site anytime anything is checked into source control. Some
companies like to just rely on their customers to find all their bugs
(which I consider negligent) whereas some companies have very strong
test suites and push changes to the live site after the code passes
all the tests. Hence, some companies manage to push new versions of
the code 10s of times a day.
Is continuous deployment possible with Lift? I suspect you have to
restart the application every time someone pushes new code to the
server, and I can't imagine how the strong statefulness of Lift can
survive application restarts since actual function references are
stored in the session.
As for scalability, I think you've convinced us all that Lift has
superb *performance*--that it is fast and uses modest amounts of RAM
and CPU. However, I spend a lot of my time thinking about horizontal
*scalability*. I.e. if I have 10 servers running Lift, and one of the
servers has a harddrive crash, does that mean every one who had items
in their shopping cart and were affiliated with that particular server
will lose everything in their cart? I'm not saying that that's the
end of the world--I'm just trying to understand the tradeoffs.
Thanks!
-jj
> Lift does a lot to detect the browser and render the output accordingly.
> Lift does not have built in support for every browser, although support can
> be added (there is a site that did support for older Blackberry and Nokia
> browsers because there was a business advantage in doing so). The
> JavaScript requirement (page-level GC) can be turned off depending on the
> user agent.
> But at the end of the day, doing all that work winds up reducing your site
> to a lowest common denominator green-screen app. So, I guess technically,
> Lift can render any form of response to anything that can speak HTTP, but
> practically, it's something that you have to work hard for. So, if you've
> got the requirement of supporting Lynx and you don't care about Lift's power
> zone (security, scalability, interactivity, etc.), then start with something
> that's not going to let you go up, but not cost you anything to server Lynx.
--
On Thu, Sep 9, 2010 at 1:48 PM, David Pollak
<feeder.of...@gmail.com> wrote:
> So, this gets into your overall architecture.
--
miles
Sean
> --
> You received this message because you are subscribed to the Google Groups "Bay Area Scala Enthusiasts" group.
> To post to this group, send email to scala...@googlegroups.com.
> To unsubscribe from this group, send email to scala-base+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/scala-base?hl=en.
>
>
--
"I refuse to accept the idea that the ‘isness’ of man’s present nature
makes him morally incapable of reaching up for the eternal ‘oughtness’
that forever confronts him." --MLK
--
miles
On Thu, Sep 9, 2010 at 8:42 PM, s t ong <ston...@gmail.com> wrote:
> I'm also sure that whatever app you're building isn't going to get 5
> requests per minute, let alone 100 or more requests per second.
> Wasting David's time asking about a server farm of 10 servers doesn't
> show very much respect for him. If you're going to deploy to
> production 10+ times a day, you're quite simply an idiot and you've
> got bigger problems that the statefulness of your app.
--
Ian Kallen
blog: http://www.arachna.com/roller/spidaman
tweetz: http://twitter.com/spidaman
vox: 415.505.5208
On Thu, Sep 9, 2010 at 8:42 PM, s t ong <ston...@gmail.com> wrote:
>
I've ever heard of anyone deploying live changes to production ten
times a day, but if someone does do that I would give them the benefit
of the doubt and figure they must have some good reason (i.e., reserve
judgment on the "idiocy" of it until I heard the details). That said,
I was hoping to hear an answer about this question. David, I was
surprised to hear you answer clustering questions with 99% of Lift
apps just need one server because of Lift's performance. I've heard
you give that answer before. The concern I've had for our situation is
deploying software and dealing gracefully with crashes, which is
exactly what JJ brought up here.
No matter what your traffic, when you need to deploy changes, the
question arises can you keep the website running while those changes
are being deployed. Will people in the process of buying something be
kicked off and need to log in again and start over, for example? The
answer I like to hear is yes, you can run two or three instances, and
when one reboots, the other one can take over for the first for the 30
seconds it takes to restart the app server. Once the first one is up,
you can restart the second, etc. This is good because if a server
crashes unexpectedly, it is nice to know that people won't get kicked
out of the shop where they were about to make a purchase. This also
means that whatever state exists needs a way to migrate from one
server to another.
The other thing I like to hear is that I can deploy new code without
restarting the server. It is important to have state migration for
crashes, and the occasional reboot that is likely necessary, but the
JVM has class loaders and it seems like a good use of them is to
support deploying updates.
If Lift's state is in the session, then there are tools to migrate
session data that could probably be applied. Also some app servers may
be able to assist with do live updates, I'm not sure. But I'm curious
if there's a recommended or built-in way to do these things.
Thanks.
Bill
> --
> You received this message because you are subscribed to the Google Groups "Bay Area Scala Enthusiasts" group.
> To post to this group, send email to scala...@googlegroups.com.
> To unsubscribe from this group, send email to scala-base+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/scala-base?hl=en.
>
>
--
Bill Venners
Artima, Inc.
http://www.artima.com
http://www.google.com/search?q=imvu+release+production+interview
No matter what your traffic, when you need to deploy changes, the
question arises can you keep the website running while those changes
are being deployed. Will people in the process of buying something be
kicked off and need to log in again and start over, for example?
The
answer I like to hear is yes, you can run two or three instances, and
when one reboots, the other one can take over for the first for the 30
seconds it takes to restart the app server. Once the first one is up,
you can restart the second, etc. This is good because if a server
crashes unexpectedly, it is nice to know that people won't get kicked
out of the shop where they were about to make a purchase. This also
means that whatever state exists needs a way to migrate from one
server to another.
The other thing I like to hear is that I can deploy new code without
restarting the server. It is important to have state migration for
crashes, and the occasional reboot that is likely necessary, but the
JVM has class loaders and it seems like a good use of them is to
support deploying updates.
If Lift's state is in the session, then there are tools to migrate
session data that could probably be applied.
Thanks for the detailed reply. You answered my questions.
Bill