Slashdot Mirror
Linux 'Weblications' with SashXB
Ches2000Pro writes "Via Wired News, IBM has announced a new Linux scripting environment called SashXB. From their description: SashXB is an open source application environment that exposes native functionality to JavaScript. It's ideal for web developers with HTML and JS skills who want to write full-featured native applications, as well as experienced programmers who'd appreciate the convenience of rapid application development. SashXB is being released under the LGPL license." It's not exactly new, but seems to be quite usable now. Has anyone used this?
Am I the only one who gets hives thinking of the security implications of that?
Best Slashdot Co
great, now native apps will be opening popups!
exposes native functionality to JavaScript
/*`
You mean things like `rm -rf
another reason billg can claim that a web browser is an integral part of the OS.
So it'll need code forks for every OS and every distribution and every processor and every case color? Sounds like fun.
So now, it'll be even easier to do nasty things with JS!
Who wants to take bets on when the first JS rootkit comes out?
Of course, this is hypothetical as long as nobody actually uses it. If somebody takes it and puts it a a web browser, that will be the end (or the beginning).
BTW, Windows already has that: ActiveX. You can see what kind of mess it can do.
i dont get this... spend your time learning a real programming language instead.
At least IBM is contributing to the Linux cause. I'd like to see Sun do some actual application development for the env. rather than just throw it on their cheap boxes. This is definitly a good step in the right direction for the community!
Who is John Galt?
For instance, SashXB weblications can currently run in a simple window, in a Glade-designed UI, in a GNOME panel, or even in a console-based scripting environment. Future locations might include ScreenSaver, Nautilus, and an embeddable Bonobo component. We have also written extensions to access the native filesystem, play Vorbis files, parse and construct XML documents, communicate with other machines using the Jabber protocol, use FTP, and interact with the UI using GTK and Glade, among other things.
Dang. Makes me wonder why we even need operating systems anymore.
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
Many, many, moons ago when NS first released the Mozilla code (and the source for the JS API) for a research project I added a bunch of low-level classes to JS in order to allow it to be used for more advanced applications (independent of a browser).
This was long before MSJScript, but anyway, while it worked out pretty cool for the most part, it was horribly painful to add classes and especially painful to map APIs (I was using Win32 at the time) to JS objects.
My second problem was that as a language, JS is just to forgiving. Optional use of semi colons and other things such as that make it a little confusing to distribute and debug.
I always have liked JS though and I'm glad someone wrote a good backend to it. I'll have to check it out...
int func(int a);
func((b += 3, b));
I figure we're all going to be asking what this is about...
;).
This is a reprint of text from MartinG from the old thread:
> Can anyone point to a coherent explaination of what
> Sash can offer on Linux, and what it's parts are?
>
This question is probably going to be asked a lot, so I guess we should
start creating a FAQ somewhere.
Anyway. This is of course by no means an official position on anything;
these are just my thoughts.
The Sash end-user gets:
* Painless installation (no command line necessary -- straight from the
browser to the [graphical] installer).
* One-click uninstallation, with recursive dependency checking to prevent
the removal of vital components.
* A point and click interface for the execution and management of all of
his weblications
* Automatic updating of programs/extensions (this is in the works)
* Tiny download sizes for native, fully functional weblications
* Highly componentized infrastructure avoids bloatware -- a program only
fetches and loads exactly what it needs to run.
* Tight security controls every single thing a weblication tries to do
The Sash developer gets:
[from a structural point of view]
* Rapid deployment and easy management of programs
* Powerful native functionality without having to learn a new skill set
(provided that he already knows JavaScript and HTML)
[from a design point of view]
* Ridiculously easy drag-and-drop design for his weblication's UI
* Painless integration of UI with SashScript
* A full-featured IDE which takes him from start to finish in creating a
weblication, including:
- syntax highlighting
- syntax assistance (a la Microsoft's Intellisense)
- multiple document/multiple window interface
- Druids (wizards) which aid in the creation of any given action,
or in the creation of the weblication as a whole
I'm sure there are more features which I am missing right now.
Yeah, this sounds terribly hokey, but it's actually true. We've created a
sample text editor, a web browser, even a simple Lotus Notes mail client
(as demos), each in about an hour, start-to-finish.
Man, I really do sound like a salesman
As for parts, perhaps that's for another email. There are two main parts:
the runtime, which runs the weblications, and the WDE (development
environment) which aids developers in writing weblications. For more info,
check out the README.* files in the source tree...
AJ
I finished doing a web-based application for a client about 4 months ago. That was a complete nightmare. They wanted native gui functionality, yet cross-platform, and it had to work on netscape (all vers) and IE (all vers). Oh, did I mention that we couldn't expect the users to download anything additional, EVER? So that ruled out java applets (since xp doesn't have a jvm by default). The whole thing was done with ASP, Javascript, and plain html forms.
Making a long story short, the Netscape 4.x functionality ended up being severely lacking (since 4.x JS engine wasn't capable of performing most of the functionality they wanted). Oh, we weren't allowed to refresh the pages very often, so almost everything had to be done with JS actively manipulating the current document. To make matters worse, my spineless boss allowed them to change the spec several times throughout the project. When you have 1000+ lines of JS per page, any little change is a pain in the ass.
Keep in mind that SashXB uses JavaScript as an *application* development language, not as a webpage scripting tool. Sash weblications are run just like traditional applications -- not by just browsing to a page in Mozilla. The native functionality added to JavaScript is limited by the Sash security manager, which allows granular control over access to system resources on a per-application basis. For example, if a weblication needs access to the filesystem, the user will be notified prior to installation and be given full details of the weblication's requested security permissions. Sash was designed with security in mind, and is in fact more secure than a typical native application written in C/C++/Perl. Because the JavaScript code is interpreted, the SashXB runtime can actually check each JavaScript call.
Also, the upcoming JScript.NET will have similar functionality, but will be cross-platform.
Oh, I thought it said SlashXB. Nevermind.
room101 -- how much can you stand before they break you?
(they always break you eventually)
...ok...
JavaScript is just a language, just as Python, Perl are languages.
JavaScript can be hosted by browsers, shells, custom applications, etc...
It can only access the OM's supplied to it... For instance, the most (in)famous is the DOM... remember, Document Object Model...
So, if someone wants to write a shell host, expose shell functionality as a SOM (Shell Object Model), it's entirely up to them, but DOES NOT COMPROMISE BROWSER SECURITY....
I'm begining to think "News for Nerds" means techno-weenies, who have no technology/development/systems background whatsover, duuuuuuuude, lets qo to a 2600 meeting and talk about all the coooooool hacker movies we watch.....
"Linux 'Weblications' with SlashXP"
:P
I had a hard time picturing CmdrTaco et al. Embracing porting slashcode to XP.
"Draco dormiens nunquam titillandus."
This is quite similar to XWT. XWT is often described as "A 'lite' version of Mozilla's XUL, packaged as an ActiveX/JavaApplet, using XML-RPC instead of XPCOM.
From the xwt.org front page:
XWT is the XML Windowing Toolkit. It lets you write remote applications -- applications that run on a server, yet can "project" their user interface onto any computer, anywhere on the Internet....
Unlike all other remote-display technologies, XWT applications are usable and responsive regardless of network congestion, delays, and even complete network failures.
The XWT Engine is packaged as both an ActiveX control and a Java applet, so you can access XWT applications from all major platforms (Win95/98/ME/NT/2k/XP, Linux, Solaris, MacOS X) without installing any additional software. It is distributed under an open source license (LGPL and GPL), so it can easily be ported to new platforms.
There's a tutorial to walk you through creating a tic-tac-toe application and a comprehensive reference spelling out all the nitty gritty details about how the engine works.
It's all these great new terms like "weblications" that make this world of new technology (or worlnewology!) a better, happier place.
"I am a cipher, a cipher, wrapped in an enigma, smothered in secret sauce" -Jimmy James
Why is this such a big deal in terms of exploits?
_ __
After all if we are talking Windows hosts there are about a dozen ways to screw the box up using Windows scripting tools and a half bit of VB knowledge. Is there something I am missing from the article?
Most of the posters here have either screamed about the possibilities of exploits or reached the same conclusion I just did. What are the other half missing?
_______________________________________________
ACK
Next all we need is native support for Lingo and then Satan will have made Linux his home.
Just asking.
sulli
RTFJ.
.... when we have excelent object oriented languages for scripting like ruby ( http://www.ruby-lang.org ), that use features like iterators (python have this too since 2.2), mixins and pols.
-- Wanna textmode user interface for ruby? http://freshmeat.net/projects/jttui/
Any idea if you can use this to make OS X apps, or if there are plans to port to it?
I do all my work on FreeBSD. If this is
truly free source, then it should compile
and run on BSD.
This actually fits in quite nicely something I've been thinking about.
One of the nice things about web pages is that you can just look at the source. Wouldn't it be great if you could look at the source for any widget in an application in the same way? Even make changes just by editing the source directly, if you wanted to. So, for instance, if I'm using a Word processor and there's a function I never use I can just delete it from the source script.
Sash is pretty old news... Saw it either here or on fm.net a year ago. However, a similar technology, XWT was released more recently, and may appeal to a similar crowd.
Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
For those of you interested, there's a book recently published by IBM about the Windows version of Sash. You can buy it online or download the entire thing from here.
I mean, they're a huge company with vast experience of naming products. IMHO, even sed, awk and grok are fine, because at least they are pronouncable, and probably stood for something once.
Maybe I'm wrong though and there is a logical basis to the naming. If so, does anyone know what it is?
I suspect that they might be getting their product names from /dev/urandom
Malike Bamiyi wanted my assistance.
why do I have the impression that this article is 24 hours late?
I find that slashdot is now getting behind in breaking interesting news. Like this news. osnews.com breaks this news first before /. follow suit. These days, I usually read osnews.com first before coming back to /.
I just downloaded some applications and I'm playing with the source code. I think this is great!
Polluting linux with crappy applications written by script kiddies and web programmers is NOT the way to bring it to the mainstream! Sure, it worked for Windows, but our marketing budget is significantly smaller....
ASP,JSP,ChiliASP,ColdFusion... Anyone with experience in writing script based web applications knows that it is a nightmare. You end up with thousands of lines of untyped script code that you have to maintain w/o a decent debugger or development envirornment. Hence the introduction of richer web development envirornments like java servlets and asp.net. This seems like a throwback to me.
Reading the posts thus far, has no one actually used this?
The subject line pretty much says it all.
In many ways this looks like a Visual Basic for Linux. In some ways this would be more cool if there was a Windows version, simply because it would provide a cross-platform development environment that MS didn't control and that would allow for easy transition of users to Linux.
Still, Linux only has some interesting possibilities as well...
Jack William Bell; who writes business software for a living and would like very much to transition his users to Linux
- -
Are you an SF Fan? Are you a Tru-Fan?
http://www-913.ibm.com/employment/us/extremeblue/
Synchronet BBS software has been doing this for about 8-9 months now, using JavaScript to control many aspects of the application as well as allow interoperability with other BBSes. Yeah, they're getting modern. Check it out at www.synchro.net - I've been using this BBS software for over a year now and the JS backend makes it incredibly simple to create applications for use with the system.
0wN5z.prototype.j00 = function () { this.lamer = 'pwned'; }
Huh? So what would you call Macromedia's flash player for Linux?
--- Biffster.org
"Bite my shiny metal ass."
Server-side javascript used to be a function of old versions of NES, and it sucked then also. If you want OO scripting on the server check out Ruby, this is the best thing to happen to scripting yet. http://www.ruby-lang.org
If you're going to toy with a new technology, it should be something that really brings something to the table. Ruby is that kind of tech. Like Perl, it is the work of one individual with a vision, not corporate marketing engineers.
You're probably thinking of ActiveState's Komodo, which does other things in addition to Perl (Python, etc.).
News for Geeks in Austin, TX
I saw a reference to a Lotus Notes Client written in sashXB in the previous post, but now I cant find anything about it in the sashXB homepage. Is there such a thing ? It would be extremely helpfull in convincing my company into changing from Windows to Linux.
What scripting languages do we have now? SH, Perl, Python, Ruby, Javascript, etc. There's plenty of them. Why can't we just stick with one (i.e. Perl) and end the needless complexity.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Looked through all of the documentation for this and could not find anywhere that stated weather sash (windows or linux version) had the ability to work with ODBC or any other API's (OCI for oracle, or the MySQL API, etc) If not then this would be of little use for anything above and beyond your typical "Hello World", or "Ticker App" (reading from a flat file of course
To see what it does however here is a link of a one page example that explains it better than reading the whole book!
(+1 Funny) only if I laugh out loud.
Even as we speak I am writing an application for a customer. The app is a cross-platform, GUI/Character installer for their application. No existing installers could do what was necessary, so I'm writing a dedicated one from scratch. What to write it in? Perl/TK, was the only realistic choice.
Now lets look at some Perl/Tk code as compared to SashXB (formatted poorly to avoid lameness filter).Now what I'd much rather do is something like this: And have this run from the OS, not in a browser. It looks like Sash will let me do this, and what could be wrong about that?
Since important parts of SashXB (needs a new name) are Gecko, XPCom, and the Mozilla JavaScript interpreter. It seems that rich, complicated UI's are in reach via XUL. I sincerely hope that a richer version of SashXB will soon be mentioned in the same breath as Perl, Python, and Ruby.
JSP needs to be left off your "ASP,JSP,ChiliASP,ColdFusion" list.
Although its possible to right a JSP that is merely a big ugly server-side-scripted page, It can be used with good MVC design patterns.
Use your JSP as simply a front end to business logic stored in Beans or EJBs. JSP is wonderful technology when used correctly.
The great thing is that virtually every Mac application has hooks for scripting through the standard Apple Events model which is automagically available to all other OSA languages.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Doesn't this break platform independence? Wouldn't you be better off using JNI?
The biggest trick the devil pulled was letting lawyers become politicians so they can write the laws.
...and look what they started doing, creating ActiveX and .NET.
I plan on creating a browser for p0rn only. It caches the p0rn files on a nfs partition that windows can't read, but my weblication thingy can. This way snooper programs can't see my p0rn cause it is not part of the windows file system. WHEEEEE!!!!
You see, I'm shite at C++. I'm decent at C, Javascript, and Perl. So this is just what I need to feel like a real man (ok real geek).
Yes, I'm a moron with 3rd degree burns.
If I'm a Linux developer with access to all the tools that typically come with a Linux distribution, why would I ever want to develop applications with Javascript? Javascript is a horrendous kludge meant for simple, client-side behaviors. The people behind this technology are pure evil.
So where does RMS stand on this issue? It seems to me that the way this scripting environment works, it is somewhere between application-linking-against-a-library and external-process-execution. Can a non-GPL program be controlled from a script?
You need to install an RTFM interface.
How is this any diffrent then any other programming language?
autopr0n is like, down and stuff.
I am so excited about this! I can think of a million uses for this. Now Linux will come into it's own as a desktop. You can write tons of shitty little apps in no time with this. Which has been the main drawback of Linux.
And since it exsposes the OS, there should be no reason why you couldn't access binaries with it as well(ala perl modules). And I can use DOM to make pretty interfaces too.
die C# die!
Then your client is a moron... That dosn't mean that IE/Moz wouldn't provide a stable platfrom... and did you think of using Flash (I don't know if it would have provided everything you wanted, personaly I hate flash :P).
autopr0n is like, down and stuff.
Well, you can get flash for linux, but Most windows/mac users woudln't need to download anything, and while probably less powerfull then JS/DOM it would provide a *stable* development platform for the guy to work with. crossplatform DHTML can really suck, I should know, I'm happy Autopr0n just shows up in netscape4x (they get fed a blank stylesheet, actualy)
autopr0n is like, down and stuff.
I once saw a online chat application who's client side was an *animated gif* in an image map. yeh, really. It was insaine. And it actualy worked!. and worked well. It was pretty impressive. Of course, I have ethernet access to the 'net
autopr0n is like, down and stuff.
Isn't it obvious. Many people lack the ablity to think. it's a sad thing :(
autopr0n is like, down and stuff.
JavaScript OSA is a port of the Mozilla JavaScript 1.5 scripting system to the Macintosh in the form of a OSA (Open Scripting Architecture) component. You can use JavaScript OSA as a scripting language in any Macintosh application supporting OSA languages, such as the Script Editor included with the MacOS or our own Script Debugger product.
Though not necessarily made with "weblications" in mind, you could probably produce a full featured application using this AppleScript component (such as by making calls to a Unix shell or via XML-RPC and SOAP calls implemented in OSX 10.1). My question is, would a Darwin/OSX port of SashXB be more or less useful than just using JavaScript OSA for a system-level JavaScript API?
There is no gravity...the earth just sucks.
This reminds me very much of Java webstart. The security model is also similar in that runtime verification is done.
However, unlike Java, I think this might be very successful on the desktop and might release an avalanche of Applications and I certainly wish it luck and wish to congratulate the developers. The only problem that I can see is that it uses GTK+ which will make it difficult to port.
For all those who kept on dissing Mozilla, perhaps now is the time to have a rethink.
No, javascript is a programming language. It isn't designed to do anything other then let you program. It's actualy pretty good. You're talking about the DOM api that comes with web browsers.
Also, Javascript has nothing to do with Java at all. It was origionaly called LiveScript before sun's Java came out and Netscape decided to confuse the fuck out of everyone.
autopr0n is like, down and stuff.
What does "weblication" mean? Is it the combination of "web" and "plication"? Or is it web replication? Web complication?
Java is the blue pill
Choose the red pill
... A web-based virus toolkit! Ingenious!
Anybody remember VB-Script? Oh wait, it's not MS, so new features are a good thing.
"Derp de derp."
Being a web developer I think this is fabulous!
I'm going to give this tool a try.
"If a show of teeth is not enough, bite
Unfortunately everyone is missing the point. The problem
with SashXB is that it should be deployed as a stand-alone package
without a dependency to certain particular versions of
libraries! As soon as some of these change the whole thing would break!
At least the diretibuition should be one single binary or it should load its own set of libraries.
Personally it should have been built using wxWindows.
As long as you need to download Turing-Complete programs/applets/weblets, or whatever the fudge the spinsters call them this week, you will have too many versioning and security problems for it to work.
It is fat-client in a leaky bottle all over again.
What is really needed[1] is a lite-client remote GUI protocol (like SCGUI, plug plug). IOW, a GUI Browser that does not download any "smart" code that executes.
[1] At least for B-to-B and intranet stuff. Businesses keep trying to create VB/Delphi-like GUI's with JS+DOM, and it really stinks.
Table-ized A.I.
Look at all these people bagging on sashXB because it seems too much like activeX. And we wonder why linux is not dominating the desktop environment. I have news for you all... its things like this which will help the linux desktop market. Besides, sashXB is really not as much like activeX as it is like JAVA, or even PHP-GTK, or maybe some resemblance to PERL-GTK..
If you actually read the documentation you can see that the security hazards are no greater than that of JAVA. It all depends on the level of security of that which is containing the script, just as the JAVA runtime has its "sandbox policy" whilst being executed within an applet. I am confident that IBM has taken measures to keep security as a focus.
This can be a good entry point for Linux-Would-Be developers who maybe are not yet prepared to jump into some more difficult languages or environments.
The only drawback isee is that yes, it may encourage less than perfect code, and may attract more novices, but if you dont run to run a crappy script you dont have to. And besides its not like ive never seen lousy PERL scripts, or even lousy JAVA out there.
The premise also seems wrong to me. People who are so inexperienced that they can't figure out a scripting language like Python or Perl probably shouldn't be writing GUI applications in the first place. And Python and Perl both already have excellent GUI toolkits available to them.
SashXB also falls short in the installation area. It depends on half a dozen other packages to be installed on the user's machine. Sorry, but something like this should be a single download for the user, and a single click install.