HelloZeroNet / Plugin-BackgroundProcessing

ZeroNet plugin for running site code in background, when browser is closed. Safe.
14 stars 11 forks source link

Emulate NodeJS, supporting its API and modules for advanced server-like features #3

Open danimesq opened 6 years ago

danimesq commented 6 years ago

With it, ZeroNet zites can have the most advanced features from PHP servers, but with NodeJS/distributed way And users can authorize it or not

filips123 commented 5 years ago

What are that advanced features that require NodeJs?

And why not support PHP? This would directly support "advanced features from PHP servers".

And also Python and other programming languages.


But this would be not secure. Even if users authorize this, they still don't know what code will run.

And you can already do most of the things just with JavaScript and ZeroFrame API.


If those features are to just use the syntax of other programs (NodeJs, PHP, Python, C) with some additional third-party packages, it would be better to compile them with Emscripten to WebAssemby which can be used in websites.

And if you would need some other features, it would be better and safer to use WebAssemby System Interface which would allow the running program in any language on any computer, but with restricted access to the computer.

danimesq commented 5 years ago

Most server-wide usage relies on NodeJS, and it is growing over PHP. But, yes, I agree about it isnt secure, so is better improve the ZeroFrame API.

filips123 commented 5 years ago

Most server-wide usage relies on NodeJS, and it is growing over PHP.

But PHP has improved a lot, and it is still widely used. If we really want to support running additional languages, it would be better to use something that supports multiple (like WebAssembly). But it is better to improve ZeroFrame API.

I agree about it isnt secure, so is better improve the ZeroFrame API.

Do you have any specific suggestions and features to improve in ZeroFrame API?

danimesq commented 5 years ago

Not only for ZeroFrame.

Things servers haves:

danimesq commented 5 years ago

There are others I cant remember

filips123 commented 5 years ago

Ok, these are really some missing features.

I think that best way to support other languages would be to use WebAssembly (WASM) or WebAssemby System Interface (WASI).

With that, you would be able to run every language that can compiles to WASM in portable and secure way. With WASI, you would even be able to interact with system resources (like files) in secure way. Unfortunantly, WASI is still in proces of developing so some things are currently not implemented. But in (near?) future, it could be best way to do those things.

There is Python library for executing WebAssembly binaries. This would probably be best way to do this.

ghost commented 5 years ago

This plugin is called BackgroundProcessing because it allows running things in the background without having to have a browser open. It allows for lots of very useful things, but most users don't need it right now. Also, it actually does go through the code to restrict things.

filips123 commented 5 years ago

This plugin is called BackgroundProcessing

You can run WebAssembly in the background with Python library.

Also, it actually does go through the code to restrict things.

I saw that. But if NodeJs would just be started as another command (which this blog post does) it would not be restricted.

ghost commented 5 years ago

But if NodeJs would just be started as another command (which this blog post does) it would not be restricted.

Sure, if this allowed running separate commands - but afaik it doesn't - you can't import anything you want - BackgroundProcessing only allows a whitelist of things you can import.

purplesyringa commented 5 years ago

BackgroundProcessing was created as a plugin aimed at security. Its point is to whitelist as much as possible to make sure site owner can't break anything except his site.

What are that advanced features that require NodeJs?

Mostly, NodeJs runtime. Also modules support (i.e. require)

And why not support PHP? This would directly support "advanced features from PHP servers".

Because a. this plugin works by compiling Python code into safe Python code, and b. the advanced features of PHP are mostly connected to client-server architecture, while we use P2P.

And also Python and other programming languages.

If you read the code, you would notice that Python is actually the only supported language for now. Other languages would be supported by transpiling them (and their runtime) to Python.

But this would be not secure. Even if users authorize this, they still don't know what code will run.

That's why BackgroundProcessing exists - it sandboxes the code.

And you can already do most of the things just with JavaScript and ZeroFrame API

You can't do anything in background from browser JavaScript.

And if you would need some other features, it would be better and safer to use WebAssemby System Interface which would allow the running program in any language on any computer, but with restricted access to the computer.

This is a good idea, but afaik wasi is not ready yet. Also we want the ZeroFrame API to be easy to use, which is easy to do in Python but difficult to do if ZeroFrame has to be implemented via syscalls.

But PHP has improved a lot, and it is still widely used. If we really want to support running additional languages, it would be better to use something that supports multiple (like WebAssembly). But it is better to improve ZeroFrame API.

ZeroFrame is a small piece that glues UiWebsocket and the script together. So there's nothing to improve in this glue. Can you give an example of what you're talking about so that I could understand it?

Generation of images

...what? First, this is not something that servers do, it's what cgi scripts do. Second, the ZeroNet way is to do such stuff in client. And, personally, I don't see any problems with this.

Real Time Clock, like used on Windows

a. What is realtime clock at all? b. That's definitely not something that servers support themselves, c. Don't you have access to date and time from JavaScript?

Live media streamming

This is a problem, but it is a problem of ZeroNet core, not its everything-in-browser architecture.

This plugin is called BackgroundProcessing because it allows running things in the background without having to have a browser open. It allows for lots of very useful things, but most users don't need it right now. Also, it actually does go through the code to restrict things.

Thank god someone witn decent knowledge came to this issue.

You can run WebAssembly in the background with Python library

Currently, background scripts are compiled directly into python bytecode. WebAssembly would be a lot slower.