[HN Gopher] Redbean 2.0 turned into more than a hobby project
___________________________________________________________________
Redbean 2.0 turned into more than a hobby project
Author : jart
Score : 921 points
Date : 2022-06-16 10:47 UTC (1 days ago)
(HTM) web link (justine.lol)
(TXT) w3m dump (justine.lol)
| lxe wrote:
| I love how this is a huge hack and it works so well. Nicely done.
| elamje wrote:
| This is so amazing - I had to give it a shot. There have only
| been a couple of projects I've ever gotten excited about on HN
| and this is certainly one of them!!
|
| I'm curious if any other users ran into issues with MacOS running
| 2.0? I may have just missed a step, but I started an issue
| nonetheless.
|
| https://github.com/jart/cosmopolitan/issues/426#issue-127445...
| jart wrote:
| This is a high priority item. It sounds like you're using a
| recently released Mac OS X version. One of the great fears has
| always been the possibility of Apple breaking the UNIX system
| interface, like they did to the Go team in the past. So I'd
| like to get any issues resolved here as quickly as possible. I
| left a comment on the GitHub issue about next steps.
| paulclinger wrote:
| This issue should be resolved now and redbean-2.0.2+ includes a
| fix for it.
| sscarduzio wrote:
| No ARM64 love?
| DrBazza wrote:
| https://justine.lol/ape.html
|
| One of best technical posts I've read in a while.
| rank0 wrote:
| The project depends on x86 and AFAIK, the voodoo that enables
| the cross-platform executable is simply not available on other
| ISAs.
| panarky wrote:
| Maybe this is common knowledge, but this is a quick and dirty way
| to reduce bots, spam and abuse. if
| geo:get('location', 'accuracy_radius') >= 100 then
| SetStatus(403) Write('you can only post comments from
| your home internet connection') return end
|
| Bad actors often use cheap cloud instances, and the IP addresses
| of their data centers typically have an accuracy radius of 1000
| km.
| _wolfie_ wrote:
| Well, I guess I was a bot all along with 200 on my home IP.
| smt88 wrote:
| This is a really bad idea. Bot detection is an incredibly
| complex problem, and simple rules like this are more likely to
| catch humans than (motivated) bad actors.
| bigiain wrote:
| "(Motivated) bad actors" are a different problem to drive by
| bot spammers.
|
| While I agree with all the people saying "this'll block real
| people at significant rates", for some things (like personal
| blog replies or small forums) that can be a perfectly
| sensible trade off for some sites.
|
| Sure, if you are Netflix, or a government department website
| that people need to use, it's a terrible idea.
|
| For somebody who's sick of deleting spam replies on their
| personal blog posts? Simple rules with known and acceptable
| unintended consequences might be a really good idea.
| ezekiel68 wrote:
| That's precisely the kind of comment we'd expect to read from
| a (motivated) bad actor. </sarcasm>
| cmeacham98 wrote:
| You'd be better off banning known "cloud" IP ranges than this
| (and I think even that protection is questionable).
| heavyset_go wrote:
| It's questionable, and it blocks a lot of legitimate traffic.
| bigiain wrote:
| "A lot"?
|
| What sort of "legitimate traffic" comes off
| AWS/Azure/DigitalOcean et al?
|
| And how does the volume of that (and relevance of that
| traffic) compare to home add and mobile CGNAT ipaddresses?
|
| Unless I'm selling something, dropping all cloud instance
| IP ranges doesn't em like it'd block a lot of "legitimate
| traffic" to me, at least not enough to care about. If my
| choices were "spend time implementing a more sophisticated
| locking technique to reduce blogspam" or "write more
| blogposts", I'd be triggerhappy blocking everybody using
| AWS o browse from and writing more content.
|
| I use FSecure as a VPN, and I see it "do weird shit" at
| about the same rate as I see when I'm using a Hertzner box
| as a wire guard endpoint. (Most common thing there is I
| can't order via menulog when I've got a vpn endpoint out of
| I am getting it delivered to, and I've just got used to
| switching off my phone's vpn while ordering..)
| lstodd wrote:
| Yeah, now consider living in a country which blocks stuff
| left and right (including vpn services) so that
| DO/Hetzner endpoint is the only endpoint outside you
| have.
| m00dy wrote:
| I wouldn't prefer that rule.
| heavyset_go wrote:
| I'd imagine this might hurt those behind CGNAT or anyone that
| chooses to use VPN services.
| [deleted]
| detaro wrote:
| Have a normal connection at one of Germanys biggest ISPs, am a
| bot according to that rule.
| 8organicbits wrote:
| The same is true for some large US based ISPs. Lot's of home
| users would be considered bots using this rule.
| andrewmcwatters wrote:
| Thanks for sharing this, but how are accuracy radii defined by
| MaxMind?
| Kiro wrote:
| For anyone confused by this comment: it's a copypasted example
| from the article itself regarding support in redbean for
| Maxmind.
| achillean wrote:
| For a more specific check, you could query internetdb.shodan.io
| and see if the client IP has port 22 open, has the "vpn" tag or
| is any other services that you wouldn't expect to see from a
| visitor. We have a bunch of enterprise users that created rules
| to filter traffic out from IPs that are compromised or
| otherwise look malicious.
| gazby wrote:
| This strikes me as a terrible idea, relying on an idiosyncrasy
| of an arbitrary database to deny access to users.
|
| For anyone doing something like this with a service that's
| useful to people, consider MaxMind's minFraud service. It's
| PAYG and you can choose three different levels of information
| at three different price points. It's targeted at fraud
| minimization, but you can hand it as little as an IP address
| and it'll give you what you need to know.
| panarky wrote:
| Depends on the use case.
|
| MaxMind's minFraud is $0.015 per request and requires a call
| to an external endpoint. Justified for finance and shopping
| apps, not great for a high volume free service.
|
| And you don't have to deny based on this one signal alone,
| you could fall back to recaptcha or minFraud to reduce the
| false positive rate.
| capableweb wrote:
| > MaxMind's minFraud is $0.015 per request and requires a
| call to an external endpoint. Justified for finance and
| shopping apps, not great for a high volume free service.
|
| What fraud are you trying to prevent that gets abused in a
| free service? Most of the abuse I see for free services I
| host is DDoS, brute-forcing paths/authentication and port
| scanning, but all of those are trivial to deal with rate-
| limiting.
| zdragnar wrote:
| Any and all public form submissions will get spammed.
|
| My wife ran a small business for awhile that catered to
| local customers only (i.e. not an online business,
| products didn't ship through the mail. She added a
| contact us type form which submitted to google forms as a
| quick alternate to phone calls for prospective clients.
| It was used almost exclusively by people trying to sell
| her things from overseas.
|
| She wasn't even running ads or anything online, so how
| they ever found the website in the first place, I have no
| idea.
| capableweb wrote:
| That's also relatively easy to protect. First defense is
| rate-limited, second is captchas, third is having a
| dynamic "secret" key fetching from some backend via JS
| that gets injected into the form and works as a
| "password" to successfully trigger the email to get sent
| (but displaying success messages even if it's not).
| parasti wrote:
| > dynamic "secret" key fetching from some backend via JS
| that gets injected into the form and works as a
| "password" to successfully trigger the email to get sent
|
| Are you describing nonces? A nonce is basically a
| "secret" (due to SSL encryption) number inserted into the
| HTML and submitted via a form. You don't need JS, just
| SSL.
| capableweb wrote:
| Yeah, but in simpler terms :)
|
| Making it require JS is on purpose as a lot of spam
| robots only parse HTML and don't execute JS, so you get
| less spam that way.
| d110af5ccf wrote:
| > but displaying success messages even if it's not
|
| Please don't do stuff like this. Some of use use VPNs and
| aggressively block third party JS. These sorts of
| shenanigans render many sites unusable which is
| frustrating but simply not using those services is a
| price I'm more than willing to pay at this point.
| capableweb wrote:
| There is no need for 3rd party JS. It's something like
| ten lines and you can embed it in a script tag right next
| to the form elements.
| fire wrote:
| I find it more than a little amusing that we go from decrying
| an arbitrary database solution[1] to recommending one
|
| 1: ( which is likely to be maxmind's geoip DB in many cases
| anyway )
| gazby wrote:
| We go from decrying use of an arbitrary implementation
| detail of a database not fit for purpose, to recommending
| using a separate database for its intended purpose that
| just happens to be from the same vendor.
| [deleted]
| dinobones wrote:
| whenever I need a web server in a pinch: "python3 -m http.server"
| r0b05 wrote:
| I've been following this project but am curious about what are
| the actual use cases apart from being able to send a portable web
| site around?
|
| If you're running a production web server you're not really
| switching OS's often. Something like nginx is battle tested so
| what would be the benefits of using redbean?
|
| It is a marvelous piece of technology but I am struggling to see
| the use cases right now.
| cyber_kinetist wrote:
| I could see usage for web developers who would like to develop
| in Windows (natively without WSL) and then deploy it in a Linux
| server by just copying files via SFTP.
| jart wrote:
| redbean was originally intended as a locally running web
| server, sort of like an Electron competitor, where you launch
| your GUI in Chrome, rather than linking a copy of Chrome into
| your executable.
|
| We live in a fragmented o/s world. If you're someone like me
| then you've got a Macbook from the office, a Windows PC for
| games, a Linux workstation for compiling code, a FreeBSD
| server, an OpenBSD router, etc. When you're dealing with so
| many different systems, sometimes just having something as
| simple as a sed command that works reliably the same seems like
| an impossible ask. Now we've got an entire app platform that
| works on the lion's share of PCs/servers in a small 1mb file.
|
| It's also a question of being able to distribute code. I used
| to work on the TensorFlow team. We were tasked with building an
| open source library that people on pretty much every platform
| imaginable would use. It broke my brain just how difficult it
| was for us to ship open source binaries that actually work and
| don't cause an avalanche of GitHub issues. Even just working on
| more than a few Linux distros felt like an impossible ask back
| then. Now that I've figured out how to do it for every distro
| and seven operating systems total in just one file, I wish I
| could go back in time and use tools like redbean and
| Cosmopolitan Libc to fix all the things with TensorFlow that I
| wish I could have done. It'd've been a different project.
| adictator wrote:
| haberman wrote:
| > sort of like an Electron competitor
|
| How would this work? Does the user start and stop the server
| manually? One nice thing about an electron app is that you
| open and close it like a normal application.
| capableweb wrote:
| Haven't used Redbean specifically for it, but built similar
| things with Rust, Clojure and Golang before.
|
| The way I used it was that if the user launched the binary,
| it spawned a server and opened the browser pointing at it.
|
| If the user closed the tab, it automatically shut down the
| server. Or if it lost connection to any browsers for more
| than one hour.
| Cthulhu_ wrote:
| That seems pretty clever, I think there's actually quite
| a few applications that work like that. And with binary
| servers, startup is pretty fast too.
| jart wrote:
| One way to do it is you'd create a `.init.lua` file in the
| zip with this: LaunchBrowser('/')
|
| That way when redbean starts up, it opens a tab in your
| desktop browser automatically to display your app.
| https://redbean.dev/#LaunchBrowser
| kencausey wrote:
| Is there any possibility that this could be extended to
| be able to specify a preferred browser or ordered list of
| said? I ask this because part of my work involves
| accessing a large number of user computers and I've found
| that few users set their preferred browser, they will
| overlook the browser request to be the default for long
| periods of time or just dismiss it.
| jart wrote:
| This is a great example of something that can be built
| with the new unix module. It's unlikely we'd add a high-
| level API for this. The good news is you don't need us to
| do that since the unix module gives you all the power you
| need, and if it doesn't, please file an issue and we'll
| fix it.
| lewisjoe wrote:
| redbean as an electron alternative is mind-blowing! I had the
| same question as the op, and this perspective does put me in
| fascinating directions. Like, this could be the most light-
| weight electron alternative, with the server acting as a
| escape hatch to sneak cross-domain communications and
| computation intensive parts of the app, etc.
| rfoo wrote:
| > I wish I could go back in time and use tools like redbean
| and Cosmopolitan Libc to fix all the things with TensorFlow
| that I wish I could have done
|
| ... and then people want you to distribute a libtensorflow.so
| which they may link to or dlopen. :cry:
|
| I had been in this "trying to distribute binaries working on
| every Linux distro since 2010" game too and I hate it.
| r0b05 wrote:
| I can see it as an Electron competitor which is itself a
| desktop app competitor. I can also see the value of having a
| cross platform technology albeit using web development.
|
| I cannot currently see it as a traditional web server
| replacement but perhaps that was not the intention. Running
| the web server locally loses the benefits of single place
| updates.
| mister_goo wrote:
| This is a single executable web server with Lua and other libs,
| with a zip file appended. I have done something similar with
| Python+tcltk.
| ok_dad wrote:
| Yea but this one runs on 6 operating systems with the same
| binary artifact.
| socialdemocrat wrote:
| On an OS without a Python interpreter? I doubt it. This is a
| binary that runs anywhere. No interpreter or virtual
| environment needs to be installed for it to work.
| didip wrote:
| I am in awe with this masterpiece. How do you even gained the
| knowledge to pull off something like this (and Cosmopolitan)?
|
| You are up there on the same level as Fabrice Bellard!
| jart wrote:
| Thank you! Through grit, focus, and never giving up no matter
| what.
| ramesh31 wrote:
| But can it read email?
| capableweb wrote:
| Why not?
| https://github.com/vrld/imap4.lua/blob/master/example.lua
| sergiotapia wrote:
| Is this related to the ORM? https://redbeanphp.com/index.php
| xmonkee wrote:
| no
| quickthrower2 wrote:
| The second hardest problem in CS
| speed_spread wrote:
| Depending on what you ORDER BY
| rawoke083600 wrote:
| Absolute hidden treasure in PHP world :)
| JodieBenitez wrote:
| Great ORM by the way.
| kreelman wrote:
| Downloaded redbean by doing curl https://redbean.dev/redbean-
| latest.com >redbean.com in powershell
|
| Tried to run it IN CMD.EXE with
|
| redbean.com -v
|
| I get this error (in a dialog).
|
| --------------------------- Unsupported 16-Bit Application
| ---------------------------
|
| The program or feature "\??\C:\Downloads\redbean.com" cannot
| start or run due to incompatibity with 64-bit versions of
| Windows.
|
| Please contact the software vendor to ask if a 64-bit Windows
| compatible version is available.
|
| --------------------------- OK ---------------------------
|
| If I've missed twiddling an option, please let me know?
| brabel wrote:
| I'm on mac and also can't run it:
|
| > curl https://redbean.dev/redbean-demo-2.0.1.com >redbean.com
| % Total % Received % Xferd Average Speed Time Time
| Time Current Dload
| Upload Total Spent Left Speed
|
| 100 1984k 100 1984k 0 0 1121k 0 0:00:01 0:00:01 --:--:-- 1129k
|
| ~/programming/apps > chmod +x redbean.com
|
| ~/programming/apps > ./redbean.com -v
|
| zsh: exec format error: ./redbean.com
|
| The file seems to be downloaded OK:
|
| > file redbean.com
|
| redbean.com: DOS/MBR boot sector
|
| I also tried letting Firefox download the 2.0.1 binary from the
| downloads page, but that runs into the same issue as well.
| rootlocus wrote:
| I haven't tried to understand it, but I was getting the same
| error with zsh. Works with bash though.
| jart wrote:
| Try upgrading to the latest version; I upstreamed a patch
| in zsh last year. https://github.com/zsh-
| users/zsh/commit/326d9c203b3980c0f841...
| brabel wrote:
| I tried upgrading but it seems I already have the latest.
|
| Anyway, tried bash now, and I got another error:
|
| > bash ./redbean-2.0.1.com -v --strace SYS 0 22'227 bell
| system five system call support 383 magnums loaded on
| xnu's not unix! SYS 93828 36'725 mprotect(0x700000000000,
| 4'096, 0) - 0 SYS 93828 345'630 mmap(0x700000000000,
| 262'144, PROT_READ|PROT_WRITE, MAP_STACK|MAP_ANONYMOUS,
| -1, 0) - 0x700000000000 (262'144 bytes total) SYS 93828
| 567'580 mmap(0, 65'536, PROT_READ|PROT_WRITE,
| MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) - 0x100080000000
| (327'680 bytes total) SYS 93828 607'673 close(3) - 0 SYS
| 93828 610'080 getcwd(0x5ee720, 1'024) -
| "/Users/renato/programming/apps" SYS 93828 611'532
| getenv("MAKEFLAGS") - NULL SYS 93828 613'435
| getenv("TERM") - "xterm-256color" SYS 93828 637'803
| openat(AT_FDCWD,
| "/Users/renato/programming/apps/redbean-2.0.1.com", 0, 0)
| - 3 SYS 93828 640'621 getfiledescriptorsize(3) -
| 1'999'386 SYS 93828 645'979 mmap(0, 1'999'386, PROT_READ,
| MAP_SHARED, 3, 0) - 0x100080100000 (2'359'296 bytes
| total) SYS 93828 657'750 munmap(0x100080100000,
| 1'703'936) - 0 (655'360 bytes total) SYS 93828 660'467 __
| zipos_get("/Users/renato/programming/apps/redbean-2.0.1.c
| om") SYS 93828 662'273 close(3) - 0 SYS 93828 663'503
| openat(AT_FDCWD, "/zip/.args", 0, 0) - -1 ENOENT/2/No
| such file or directory SYS 93828 668'744 mmap(0, 262'144,
| PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) -
| 0x100080040000 (917'504 bytes total) SYS 93828 671'865
| sigaltstack({.ss_sp=0x100080040000, .ss_flags=0,
| .ss_size=262'144}, [{.ss_sp=0x100080040000, .ss_flags=0,
| .ss_size=262'144}]) - 0 SYS 93828 678'266
| sigaction(SIGQUIT, {.sa_handler=0x52c737, .sa_flags=0x51,
| .sa_mask=~{}}, [{.sa_handler=0, .sa_flags=0,
| .sa_mask={}}]) - 0 SYS 93828 680'693 sigaction(SIGFPE,
| {.sa_handler=0x52c742, .sa_flags=0x51, .sa_mask=~{}},
| [{.sa_handler=0, .sa_flags=0x2, .sa_mask={}}]) - 0 SYS
| 93828 682'732 sigaction(SIGILL, {.sa_handler=0x52c74d,
| .sa_flags=0x51, .sa_mask=~{}}, [{.sa_handler=0,
| .sa_flags=0x2, .sa_mask={}}]) - 0 SYS 93828 685'823
| sigaction(SIGSEGV, {.sa_handler=0x52c758, .sa_flags=0x51,
| .sa_mask=~{}}, [{.sa_handler=0, .sa_flags=0x2,
| .sa_mask={}}]) - 0 SYS 93828 687'845 sigaction(SIGTRAP,
| {.sa_handler=0x52c763, .sa_flags=0x51, .sa_mask=~{}},
| [{.sa_handler=0, .sa_flags=0x2, .sa_mask={}}]) - 0 SYS
| 93828 689'841 sigaction(SIGABRT, {.sa_handler=0x52c76e,
| .sa_flags=0x51, .sa_mask=~{}}, [{.sa_handler=0,
| .sa_flags=0x2, .sa_mask={}}]) - 0 SYS 93828 691'881
| sigaction(SIGBUS, {.sa_handler=0x52c779, .sa_flags=0x51,
| .sa_mask=~{}}, [{.sa_handler=0, .sa_flags=0x2,
| .sa_mask={}}]) - 0 SYS 93828 696'779 mmap(0, 262'144,
| PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) -
| 0x100080080000 (1'179'648 bytes total) SYS 93828
| 1'392'442 inflate([u"SYMT | @ "...], 262'144, u"lnuyV+x
| n>>|baPSC|RANPJQRNoauEui+et"..., 103'922) - 0 SYS 93828
| 1'647'413 GetSymbolTableFromZip() - 0x100080080000 [1]
| 93828 invalid system call bash ./redbean-2.0.1.com -v
| --strace
| jart wrote:
| The invalid system call issue is likely due to a recent
| Mac OS update. It turned out redbean was depending on a
| Mach system call when the intent was to only use the UNIX
| APIs which I believe will be stable since they're much
| more public.
| https://github.com/jart/cosmopolitan/issues/426 New 2.0.2
| release available on https://redbean.dev which includes
| the fix.
| brabel wrote:
| 2.0.3 now :D and I can confirm it runs on my Mac
| (Monterey 12.4 (21F79))...
|
| Looks great!
| jart wrote:
| Try the following: wget -O redbean.com
| https://redbean.dev/redbean-demo-2.0.1.com
| .\redbean.com -v
|
| The "curl" on Windows appears to output a UTF-16 headers list
| to stdout. I verified the above will work in PowerShell.
| kreelman wrote:
| Hi Jart, From powershell, via .\redbean.com -v
|
| Program 'redbean.com' failed to run: Operation did not
| complete successfully because the file contains a virus or
| potentially unwanted software At line:1 char:1 +
| .\redbean.com -v + ~~~~~~~~~~~~~~~~. At line:1 char:1 +
| .\redbean.com -v + ~~~~~~~~~~~~~~~~ + CategoryInfo :
| ResourceUnavailable: (:) [], ApplicationFailedException +
| FullyQualifiedErrorId : NativeCommandFailed
|
| From cmd.exe I get The system cannot execute
| the specified program.
|
| I'll see if I can get it "unblacklisted", Perhaps my anti-
| virus got to it first?
| jart wrote:
| Yes please help us get it unblacklisted with your scanner.
| Security vendors work by keeping an eye out for the strange
| and unusual, and I myself am strange and unusual. The last
| month or so has been particularly bad with the virus
| scanners. Possibly due to some random change I made to the
| APE assembly or performance optimization in the C library.
| For example, we've needed to make changes in the past where
| error messages containing the word "oldskool" needed to be
| removed because virus scanners thought that made it a
| virus. Also if you get a chance, please upvote the redbean
| binaries on VirusTotal. I always try to do that (I'm
| "howishexeasier") since it helps people verify that a
| binary came from me.
|
| Traditionally the open source community worked around these
| issues by not distributing binaries and instead asking
| people to build the software on their own. I like the
| convenience of binaries because open source software is
| becoming increasingly fragmented and impossible to build.
| So then people use interpreters instead of compilers, which
| are slower. In any case, I don't think the source code
| workaround is going to last forever. Many companies are now
| focusing on applying the virus scanner model to source code
| too.
| emmelaich wrote:
| > I myself am strange and unusual.
|
| Ha ha! (beetlejuice!)
|
| There's also the possibility that redbean would be used
| for actual malware, being so portable and all.
| technion wrote:
| Microsoft Defender can be particularly difficult about
| unsigned executables, which I appreciate is annoying for
| cross platform developers that don't have that problem
| elsewhere.
|
| I've submitted this as a false positive under our
| enterprise licensing.
| cyanydeez wrote:
| Virus total.com brings up multiple hits. Good luck
| swamp_cypress wrote:
| "There's no need for a proxy like nginx; redbean is vertically
| integrated."
|
| Anyone have suggestions for caching? router? Something small and
| lightweight in the spirit of readbean itself.
| dflock wrote:
| If you like this, you should support Justine & the project, if
| you can spare a few bucks a month:
|
| > Funding for the development of redbean was crowdsourced from
| Justine Tunney's [GitHub
| sponsors](https://github.com/sponsors/jart) and [Patreon
| subscribers](https://www.patreon.com/jart). Your support is what
| makes projects like redbean possible. Thank you.
| keb_ wrote:
| I've been having a lot of fun with this developing tiny webapps
| using Fullmoon[1]. I love Lua, but I frequently bounce between a
| Windows PC and a Linux PC. Having redbean + Fullmoon has made it
| a breeze switching back and forth without having to deal with
| system Lua installs. SQLite and the thorough amount of built-
| ins[2] is also a dream. Lua also has a lovingly awesome hobbyist
| community, so having another outlet for me to leverage that
| ecosystem is great.
|
| [1] https://github.com/pkulchenko/fullmoon
|
| [2] https://redbean.dev/#functions
| lovasoa wrote:
| The idea is incredible ! But it doesn't seem to work on my
| ubuntu: wget
| https://redbean.dev/redbean-2.0.1.com -O redbean.com
| 2022-06-17 10:35:12 (1,95 MB/s) - 'redbean.com' saved
| [1999386/1999386] chmod +x redbean.com
| ./redbean.com ./redbean.com: line 16: /tmp/ape: cannot
| execute binary file: Exec format error ./redbean.com:
| line 16: /tmp/ape: Success
| jart wrote:
| Could you join our Discord and help troubleshoot the issue with
| me? https://discord.gg/EZwQUAcx Normally when it fails to run,
| it's because WINE is installed to binfmt_misc or WSL needs to
| have binfmt_misc disabled. But it looks like it ran the script
| in your case. Could you try downloading
| https://justine.lol/ape.elf and letting me know if that runs?
| It should, since it's designed to work and is regularly tested
| on CentOS5. It's also possible you might have a different shell
| installed.
| mastersummoner wrote:
| Just want to say that your dedication to this project and to
| helping your users is phenomenal.
| TimTheTinker wrote:
| This is _incredible_. Justine 's work continues to amaze.
|
| Work like this proves that assumption-questioning research on its
| own can produce incredible results if done by the right people.
|
| I think a lot of companies have stopped doing this kind of
| research, in favor of chasing more immediate profits, to their
| long-term detriment.
| [deleted]
| m00dy wrote:
| I heard that version 3.0 will be on baremetal, is that true ?
| jart wrote:
| We're working on improving our bare metal support. Once we
| embed a TCP/IP stack your redbean will optionally be able to
| run as its own autonomous operating system with the absolute
| lowest network latency and minimal attack surface area. It's a
| idea whose time has come now that everything runs under a
| hypervisor in the cloud. If the hypervisor is the new operating
| system, then it'd be nice to not need a second operating system
| too.
| [deleted]
| cyanydeez wrote:
| Better get your Redbean As A Service business plan going
| rank0 wrote:
| I love your work! How do you find the time to work on
| readbean/ape/etc? I sponsor you on github, but surely
| donations pale in comparison to what you could earn at an
| engineering day job.
|
| Do you plan on writing your own tcp/ip stack with
| cosmopolitan? Why not pull in the networking stack and
| syscall libraries from MirageOS?
| jart wrote:
| It's not so much could but have. I used to work at Google
| Brain. I decided I'd rather be doing this instead. I make
| it work by living modestly, eating ramen, and avoiding
| doctors. Thank you for sponsoring me! It helps a lot.
| eigenvalue wrote:
| I have really enjoyed your submissions in the past year.
| Just sponsored you on Github. I feel like your work is of
| sufficient excellence and utility that you shouldn't need
| to eat unhealthy food to get by. Have you considered
| applying for grants from the non-profit arms of big tech
| companies? I do think that if you can combine Python in
| redbean in a seamless way, it would really drive adoption
| and lead to more sponsors for your work. Anyway, thanks
| for many hours of entertainment watching blinking lights.
| jart wrote:
| I'll certainly consider it. Are there any in particular
| you'd recommend?
| eigenvalue wrote:
| I don't know much about the subject, but some quick
| searching leads me to believe that the first step is to
| create a legal non-profit entity, since that looks to be
| a requirement for all these big companies to dispense
| grant money. I think it costs a fair amount of money in
| fees and legal help to make a 501c3, so maybe you can do
| a Gofundme to raise the money for that (or ask for help
| from lawyers). Once you have the entity set up with you
| and people you trust in control, you can write a basic
| grant proposal, which wouldn't look that different from
| the articles you've already written explaining the
| project and the benefits. Then you can customize this
| with an addendum that responds to specific questions for
| each grant request application. And then send it to any
| organizations you can find that seem like good fits. I'm
| not a lawyer (and this isn't legal advice), but if you
| can get enough funding, perhaps you can "hire yourself"
| as the first contractor to the organization (I don't know
| if this runs afoul of the rules). I guess it's a lot of
| work if you've never done it before. Your best bet would
| be to find someone who has done this a bunch of times
| (maybe someone associated with the Internet Archive or
| something) who can help put it together for you.
| buzzy_hacker wrote:
| Something different entirely, but look at
| https://www.mercatus.org/emergent-ventures
| c-linkage wrote:
| I must be getting old because I can't tell if this is sarcasm
| or not.
| c-linkage wrote:
| I can't edit my comment (maybe I waited too long?) so I'll
| add more here...
|
| My comment about not knowing if running redbean on bare
| metal was sarcasm was a comment about _me_ , not about
| redbean or Justine, so no disrespect intended.
|
| There's a lot of "turtles all the way down" today (a web
| server compiled to WASM so it runs in a browser running on
| a OS hosted in QEMU that's running on another host OS
| that's a virtual machine running in a linux container on
| top of a hypervisor running on an X86 simulator...) so I
| quite honestly couldn't tell if the idea of running redbean
| on bare metal was sarcasm or a joke.
|
| But Justine says its true, so I guess it's not a joke.
| Consider me schooled.
| kitd wrote:
| Why should it be? It's basically a unikernel in a zip file.
| jart wrote:
| That's correct. Redbean is already capable of booting on
| bare metal. We do what we must because we can. The
| executable file format redbean uses is a DOS Master Boot
| Record with a partition table, so it's technically a
| valid disk image you can `dd` too. If you're willing to
| trade away Windows support, then it can be an EFI image.
| The main blocker is figuring out how to get an e1000
| and/or VirtIO driver in there with a TCP/IP stack. Right
| now Cosmopolitan bare metal support is only adequate for
| stdio applications, which use the serial port and read
| from the zip fs.
| unsafecast wrote:
| That sounds amazing, I love your work! Is ARM support
| planned? A raspi seems like the perfect target for this.
| capableweb wrote:
| The page for APE (https://justine.lol/ape.html) says the
| following about ARM:
|
| > It'll be nice to know that any normal PC program we
| write will "just work" on Raspberry Pi and Apple ARM. All
| we have to do embed an ARM build of the emulator above
| within our x86 executables, and have them morph and re-
| exec appropriately, similar to how Cosmopolitan is
| already doing doing with qemu-x86_64, except that this
| wouldn't need to be installed beforehand. The tradeoff is
| that, if we do this, binaries will only be 10x smaller
| than Go's Hello World, instead of 100x smaller. The other
| tradeoff is the GCC Runtime Exception forbids code
| morphing, but I already took care of that for you, by
| rewriting the GNU runtimes.
|
| Also this, from a GitHub issue (https://github.com/jart/c
| osmopolitan/issues/354#issuecomment...):
|
| > Probably related to #399. The recommended approach
| would be to use a full emulator like Bochs. It's not
| something we use at the moment so we can't provide
| support on this. Although we do intend to have APE
| support ARM at some point in the future.
| csdvrx wrote:
| > That's correct. Redbean is already capable of booting
| on bare metal. We do what we must because we can.
|
| I love the spirit :)
|
| > The main blocker is figuring out how to get an e1000
| and/or VirtIO driver in there with a TCP/IP stack.
|
| Why? Is it for performance reasons or security reasons?
| (or both)
|
| > Right now Cosmopolitan bare metal support is only
| adequate for stdio applications, which use the serial
| port and read from the zip fs.
|
| I'd suggest you "think different", and use instead
| something like ppp to create a TCP/IP stack over a serial
| link.
|
| Modern btuart implementations already routinely achieve
| >1Mbps on commercial devices. The GSI as seen on the
| Intel Serial IO devices support bitrates over 20Mbps.
|
| This could buy you time until you find a better solution,
| if it's ever needed (which I doubt as back of the
| envelope estimations make me believe you'll hit other
| limitations before)
| jart wrote:
| It's less about perf/security and more to do with simply
| needing the time to wrap my head around how to do it.
| Entering ring0 is a whole different world. My
| productivity depends on a responsive TDD workflow and
| it's hard to test kernel code. I currently do it using an
| emulator I wrote called Blinkenlights, because the
| existing ones (Bochs and QEMU) couldn't be integrated
| into my Makefile / Emacs build system. So I not only need
| to build the kernel but I need to emulate the CPU
| features the kernel needs too.
| csdvrx wrote:
| > It's less about perf/security and more to do with
| simply needing the time to wrap my head around how to do
| it.
|
| I can have a look at using ppp for creating a network
| connection using stdio. It doesn't look very complicated.
|
| > it's hard to test kernel code
|
| Exactly why I suggest pppd (userland) instead of VFIO
|
| > So I not only need to build the kernel but I need to
| emulate the CPU features the kernel needs too
|
| You have stdio? No need for anything else.
| branon wrote:
| For the good of all of us! Except the ones who are dead.
| egeozcan wrote:
| This, and "we do what we must because we can" from the GP
| are references to the ending credits in Portal, the game,
| if anyone is wondering.
| csdvrx wrote:
| Recently, I took this approach to get proper ACPI S01x
| sleep on my Lenovo X1 Fold (a wonderful device BTW, once
| you take the time to work around Intel drivers bugs)
|
| A battery discharge rate of 0.5%/h in sleep is just
| great... but I think I can do better: I'm now trying for
| 0.25%/h.
|
| Imagine if you could immediately resume your foldable
| oled tablet, and it'd have only lost like 6% of the
| battery. With a 20% hibernate trigger, it would remain
| immediately available for over 3 days straight!
| moonchild wrote:
| > minimal attack surface area
|
| Just double-checking--it is still written in c?
| db65edfc7996 wrote:
| So many great features in this release. Love the .args and
| subprocess support. I have been toying with redbean on and off,
| and I have been wanting to see if I could kludge together a poor
| man's long running job (scheduled) runner (something like
| Celery).
|
| Also, why is redbean.dev not ported to 2.0?
| jart wrote:
| Try hitting ctrl+shift+r in your browser. Sometimes browsers
| don't respect the cache headers which say 1 hour max and I
| haven't figured out why. This new release includes functions
| like setitimer() to help the primitives be there for anyone
| wanting to use Lua to build something like Celery.
| unsafecast wrote:
| Firefox uses Ctrl-R instead.
| [deleted]
| capableweb wrote:
| Maybe that depends on the OS? Firefox on Linux does a
| normal refresh for me when doing CTRL+R but a hard refresh
| (without any cache) when I do CTRL+SHIFT+R.
| twicetwice wrote:
| This is standard at least across Chrome and Firefox on
| Linux and MacOS-- (ctrl|cmd)+R does a normal page
| refresh, (ctrl|cmd)+shift+R does a "hard refresh" where
| it reloads every resource on the page without caching.
|
| Also, in Chrome, if and only if you have the dev tools
| open, right clicking the reload button will give you a
| menu with the options "Normal Reload", "Hard Reload", and
| "Empty Cache and Hard Reload". The third option will
| ensure that requests initiated by JS or that otherwise
| weren't part of the page load also won't be served from
| cache.
| mastersummoner wrote:
| Ok MacOs (Chrome), I'll usually open View and hold down
| shift. 'Reload This Page' changes to 'Force Reload This
| Page' and I like the visual feedback that it's actually
| doing what I intend.
| igravious wrote:
| How long has this been a thing, and (more worryingly) how
| have I never heard about it until now? Is this common
| knowledge?
| emmelaich wrote:
| Common knowledge for a very long time. Also F5/shift-F5.
| capableweb wrote:
| I think I've been using that shortcut for as long as I
| can remember. In web development circles it's certainly
| common knowledge, as you always end up in a situation or
| two where you need to reload without cache, but you don't
| want to clear the entire browser's cache.
| nl wrote:
| Modifiers have been a thing since at least Netscape
| 4[1][2]
|
| I'm pretty sure I remember using it earlier than that but
| can't be 100%.
|
| [1] https://bugzilla.mozilla.org/show_bug.cgi?id=46845#c7
|
| [2] http://www.bu.edu/uis_web3270/en/doc/troubleshoot/pd_
| ck_down...
| eitland wrote:
| Since before 2009 or something.
|
| But it hasn't always been easy to find documentation
| about it, thanks to a combination I think of
| "simplifying" everything and Google not delivering
| correct results since somewhere around 2010.
|
| Thankfully now there is Kagi that actually makes a bug
| report if you provide them with an example that doesn't
| work.
| daxterspeed wrote:
| HTTP has some strange rules about using stale caches so
| usually you want to add must-revalidate to your cache-control
| header. That ensures that the browser must revalidate once
| the cache goes stale.
|
| https://developer.mozilla.org/en-
| US/docs/Web/HTTP/Headers/Ca...
|
| Personally I've opted for "stale only" caching, so everything
| is served with Cache-Control: max-age=0,must-revalidate and a
| Last-Modified header and the browser will always make
| corresponding If-Modified-Since requests. This means
| significantly more requests per page, even if the responses
| are mostly 304 Not Modified, but getting to avoid all forms
| of cache busting makes developing a lot nicer.
| yjftsjthsd-h wrote:
| > This means significantly more requests per page, even if
| the responses are mostly 304 Not Modified,
|
| How expensive is that? I would naively have expected that
| comparing timestamps and sending a 304 was cheap to
| execute.
| fartcannon wrote:
| Every time this masterpiece comes up on HN, I try to think of
| something to say that explains how profoundly good this project
| is and I never feel like I can do it justice. It's small, it's
| fast, it's useful. It makes so much other software look bloated
| by comparison.
|
| In a world where a lot of developers on HN are too scared to run
| apt upgrade, you write this brilliant piece of tech. It's
| inspirational, really.
| [deleted]
| appel wrote:
| I for one sure appreciate your graceful and eloquent tribute,
| fartcannon.
| deepnet wrote:
| It is a masterpiece of tech, eminently useful.
|
| A testament to quality development work.
|
| An example of what can be achieved and how much our community
| benefits from good software.
|
| The Redbean 2.0 license is intriguing (snip):
|
| " Copyright 2020 Justine Alexandra Roberts Tunney | | | |
| Permission to use, copy, modify, and/or distribute this
| software for | | any purpose with or without fee is hereby
| granted, provided that the | | above copyright notice and this
| permission notice appear in all copies. | "
|
| Seems to assert the (FSF) four freedoms well, all is good in
| the world, it can be used and contributed to safely by all.
| bergenty wrote:
| [deleted]
| [deleted]
| christoph wrote:
| It's not often these days that a project pops up where I start
| thinking about re-imagining our whole build/deployment strategy
| around it. This project easily hits that high watermark. I'm
| already thinking about how we re-architect a few existing
| projects around it to reap the benefits. Very excited to do some
| new projects with this as well and get to understand it in more
| detail. Many thanks!
|
| PHP support would be beyond amazing, what would be required (top-
| level) to get that working/usable?
| geek_at wrote:
| Oh wow redbean with PHP support would really be a killer
| feature
| mhd wrote:
| Lua REPL based on new minimalistic readline lib? Interesting...
| FpUser wrote:
| Never heard about it before but after reading a bit it seems like
| Redbean is one of the most insanely cool projects.
| Severian wrote:
| Redbean is amazing. I was able to run some TLS stress tests
| against it (where you setup a handshake and just disconnect). I
| was able to pump out about 1200 connections per second between my
| desktop and laptop on 1gb ethernet. I only had 5 handshake
| errors.
|
| I look forward to playing with this!
| jart wrote:
| Half a percent is small but there should ideally be zero
| errors. Could you file a report so we can fix that?
|
| Part of what makes the redbean TLS stack fast is I spent some
| time hacking on MbedTLS to improve its performance. One of
| things that's counter intuitive about crypto code is assembly
| can be safer in additional to being faster, since it helps
| guarantee the compiler doesn't add branches, for things like
| bit overflow carrying in arithmetic operations. One example is
| https://github.com/jart/cosmopolitan/blob/master/third_party...
| which I wrote to make the NSA curve much faster. I've been
| meaning to upstream into MbedTLS. Another thing I added is
| https://github.com/jart/cosmopolitan/blob/master/libc/nexgen...
| which greatly improves the performance of RSA multiplication
| using Intel's ADX ISA. But C crypto code can be beautiful too!
| For example, I found Everest (curve25519) particularly
| impressive, since they solve overflow in a different way, and
| as such, it's quite possibly the only large piece of C/C++ code
| I've ever seen that contains _zero_ conditional branches and
| _zero_ pointers.
| https://github.com/jart/cosmopolitan/blob/master/third_party...
| The closest thing I've found to measuring the performance
| impact of my changes is by recording how long the MbedTLS test
| suite takes to run. The speedup for suite_ssl is 13.11x faster,
| RSA is 1.91x, ECP is 1.86x, and ECDSA is 2.84x.
| [deleted]
| mysterydip wrote:
| Really impressive feature additions since the first time I heard
| of it. Is Lua backend-able? I've been looking for a langage since
| PHP, the node ecosystem seems too volatile to me.
| oliwary wrote:
| Lua also powers itch.io! [0] Leafo, the creator, has also built
| Moonscript [1], a language that compiles to lua, and Lapis [2],
| a web-framework for Lua and Moonscript. I am always fascinated
| by his productivity.
|
| [0] https://leafo.itch.io/ [1] https://moonscript.org/ [2]
| https://leafo.net/lapis/
| paulclinger wrote:
| > Is Lua backend-able?
|
| I'd say yes; I've been using it to develop
| https://github.com/pkulchenko/fullmoon, which is a redbean-
| based webframework written in Lua.
| jay_kyburz wrote:
| Thank you for ZeroBrane! I am a Love2D user!
| ifyouhate wrote:
| tomcam wrote:
| Fullmoon looks impressive and your README.md is very well
| written.
| paulclinger wrote:
| Thanks tomcam! There are still several sections that need
| to be completed (mostly around template processing), but
| getting feedback like this is always encouraging.
| VWWHFSfQ wrote:
| > Is Lua backend-able?
|
| Yes and some of the largest web infrastructures in the world
| run on it! I'm not sure if it's still true, but it's my
| understanding that CloudFlare runs it at the edge globally. I
| personally know of several other _very large services_ running
| it at massive scale.
|
| In my experience Lua in nginx is such a pleasure to work with.
| It's all transparently async using nginx's event loop. You just
| write regular procedural code in Lua and the runtime handles
| yielding/resuming for you automatically. There's no special
| async/await stuff. Just write your Lua code and the runtime
| figures out the yield points internally. It's a breath of fresh
| air.
|
| [0] https://openresty.org
|
| [1] https://en.wikipedia.org/wiki/OpenResty
|
| Edit:
|
| This was from several years ago, but CloudFlare built their WAF
| product on nginx/Lua:
|
| https://blog.cloudflare.com/cloudflares-new-waf-compiling-to...
| adolph wrote:
| Is Kong still OpenResty based?
| VWWHFSfQ wrote:
| Yes Kong is a custom distribution of OpenResty
| formerly_proven wrote:
| Likely more because of Mike Pall's LuaJIT instead of the
| traditional reference implementation.
| [deleted]
| christoph wrote:
| You're not alone. Maybe it's lack of knowledge on my part...
| but too much around node / npm, still seems like copy/pasting
| random incontations into the command line to try and solve
| whatever problem I have at a specific time. There is lot's of
| good in there, but somethings just don't work how you think
| they will.
|
| For instance, we've been building a totally static site
| recently in node/npm/js/posthtml and posthtml has a concept of
| "local variables". A project called posthtml-expressions in
| theory allows you to put "expressions" into "HTML" modules
| (if's, loops, etc.), but it only works with "globally" defined
| variables. i.e. you can't define a variable locally to a
| component, you need to define it "globally" in the project,
| which IMO defeats the whole purpose of the project. Nowhere is
| this easily explained or defined in their documentation. The
| first thing I want to do is define a property/attribute inline
| to a component, otherwise I end up with word soup of global
| variables - $page_1_title, $page_2_title, etc., rather than
| <component title="xxx">. Bizarre. No idea what the point is if
| I can't declare variables "locally" to said component? And this
| is the feeling I've got of lots of NPM packages - there is just
| no cohesion between things. I love the work people have done,
| it's literally saved me hundreds of man hours, but I've also
| spent untold hours wrestling with things that seem obvious to
| me, that should work, which frankly just don't work how I
| expect. Maybe it's me?
| turnsout wrote:
| Just when you're feeling confident in your own coding skills,
| Justine comes along and releases an update. Just incredible
| stuff!
| heavyset_go wrote:
| Seriously, APE was just impressive and they just keep on going.
| [deleted]
| vsroy wrote:
| How does Readbean beat Nginx? My assumption was that forking is
| very slow.
| jart wrote:
| One thing that helps is the binary size is tiny and the memory
| usage patterns are tight. It's bloat that usually makes fork()
| go slow, since if you have a lot of little pieces updating
| disparate memory locations, then you're going to have a lot of
| page faults. Redbean was built with a singular first-principles
| vision. When I started working on this, all I had was an empty
| file and an assembler. As such, I spent a lot of time using
| things like linker scripts to organize exactly where in the
| binary code gets relocated.
| rawoke083600 wrote:
| >have a lot of little pieces updating disparate memory
| locations, then you're going to have a lot of page faults.
|
| This is wonderful, just thinking out loud. Out of interests
| would something like ECS (Entity Component System) be useful
| or yield _better_ memory usage since it should in theory
| trash the cache less ?
| nielsole wrote:
| Just guessing here, but redbeam likely does not have to access
| the filesystem as the files are in the binary and thus saves on
| syscalls and context switches.
| eismcc wrote:
| It'd be fun to add raft support so that multiple readbeans could
| share state such as monkey patching updates and other useful
| distributed features. On bare metal this could be a whole stack
| in a tiny bin.
| pstuart wrote:
| yep. It's being done today with dqlite -- perhaps there's an
| opportunity for synergy?
| silisili wrote:
| Just curious about the name - what made you pick redbean? Not
| hating on it, it's just unusual enough for me to ask about the
| backstory there.
| jart wrote:
| In my GitHub profile photo https://github.com/jart you'll see
| me holding a stuffed toy I call greenbean which has been cute
| little work desk companion of mine for some time. Later on I
| came into possession of a stuffed red lobster. A Chinese friend
| of mine suggested the name redbean as a companion for
| greenbean. Later in 2020 I was writing demo programs to
| showcase the capabilities of Actually Portable Executable. When
| I decided I wanted to write an HTTP server, redbean was looking
| up at me on my desk. That's when the idea clicked and it's been
| redbean ever since.
| silisili wrote:
| Nice, that explains the lobster logo too. Thanks for sharing
| :).
| wly_cdgr wrote:
| Please keep making Lua more relevant, I want to have more excuses
| to work with a scripting language that's popular in gamedev
| languageserver wrote:
| > Thanks to Linus Torvalds, we not only have a consensus on
| architecture, but we've come pretty close to having a consensus
| on the input output mechanism by which programs communicate with
| their host machines, via the SYSCALL instruction.
|
| Could someone explain this? I cannot find any information online
| justinsaccount wrote:
| https://en.wikipedia.org/wiki/Linux_kernel_interfaces
| jart wrote:
| The Fifth Bell System Interface, Community Edition
| https://github.com/jart/cosmopolitan/blob/master/libc/sysv/s...
| d110af5ccf wrote:
| This provides some detailed low level information.
| https://wiki.osdev.org/System_Calls
| chubot wrote:
| It might help to understand API vs. ABI with respect to the C
| language and CPU architectures.
|
| I put definitions here awhile ago, and mentioned the Actually
| Portable Executable project as an example of taking the ABI
| philosophy to an extreme, and ignoring APIs (source code).
|
| https://www.oilshell.org/cross-ref.html#API
|
| Links to this thread:
|
| https://news.ycombinator.com/item?id=12029321
|
| It's unfortunately not explained well in many places, and even
| experienced C programmers don't understand the details. You
| won't learn about this in a C programming book, because it's
| not really part of the C language proper. It sits at an awkward
| spot between the language, the CPU, and the operating system.
|
| ----
|
| The relation to Linus Torvalds is that historically Unix
| kernels were developed in a single tree and there was no stable
| ABI. For example I believe OpenBSD and NetBSD are still like
| this. But Linux is different in that the kernel maintained a
| stable ABI, and you can run different user utilities on top,
| without necessarily recompiling them against headers.
|
| Highly related blog post and discussion:
| https://old.reddit.com/r/ProgrammingLanguages/comments/tg55o...
| (including comments by me/oilshell explaining the Unix kernel
| interface issue)
| rfoo wrote:
| In short, a stable ABI is a must for portable (and backward-
| compatible) binaries. It does not matter where the stable ABI
| is. It is fine to have a stable userspace ABI only if you
| control the userspace. (e.g. Windows)
| throwaway09223 wrote:
| A syscall is a method for calling a kernel routine to do
| something outside the current process.
|
| All i/o (network, filesystem, ipc), memory allocation, process
| interaction, signals, etc go through syscalls. open(), read()
| and write() are all syscalls.
|
| If the syscall interface exists then the only thing left to do
| is to execute the program -- which depends on the cpu executing
| the machine instructions. If the machine instructions are for
| the wrong cpu then emulation may come into play.
| rcarmo wrote:
| Only thing it's missing is Fennel, although I suspect it should
| be trivial to add :)
| actuallyalys wrote:
| I created a template for adding Fennel to Redbean, although I
| haven't tested it with Redbean
| 2.0:https://gitlab.com/actuallyalys/redbean-fennel.
| javajosh wrote:
| For the curious, Fennel[1] is to Lua what Clojure is to Java.
| I'm curious, though, can you not add Lua libraries to redbean?
| My understanding is that the file is a zip and you can
| therefore add dependencies and (presumably) load them into the
| lua runtime on invocation. E.g. you don't need Justine to add
| it for you, you can add it yourself.
|
| 1 - https://fennel-lang.org/
| rcarmo wrote:
| I don't want it added, I want it as a first-class citizen so
| I don't have to write Lua to configure, load fennel and
| invoke handlers...
| capableweb wrote:
| That was my first thought as well. If it can support Fennel as
| a first-class citizen, then I might just switch wholesale to
| using Redbean for any application development.
| masukomi wrote:
| yup. I was thinking the same thing.
| sydthrowaway wrote:
| Dead link
| jart wrote:
| Do you use Comcast Xfinity? Try using 8.8.8.8 for DNS.
| sydthrowaway wrote:
| True, but why this workaround?
| twicetwice wrote:
| I ran into the same issue on Xfinity, why is it broken there?
| Some nonsense Comcast gets up to?
| jart wrote:
| I don't know yet. This was only reported recently. Do you
| know if there's a form I can fill out to file an appeal?
| Abuses of DNS are very common around the world and we're
| starting to see a lot more of it in the first world. In the
| Cosmopolitan repository, we've always had a PNG file
| checked-in to cope with these kinds of situations. https://
| github.com/jart/cosmopolitan/blob/master/libc/dns/dn...
| cyanydeez wrote:
| You may want to upload the file to virustotal.com
|
| Likely everything you're doing have been done in various
| Trojans, viruses, etc. You'll need to hack the noosphere
| at this point
| jart wrote:
| I always upload my binaries to VirusTotal and always
| have. Like what? Writing assembly? Using the RDTSC
| instruction? Having a run-length decoder to make lookup
| tables smaller? I must be a stone cold black hat hacker.
| Anyone who monitors the behavior of these programs can
| see they're fully transparent, don't interact with the
| system weirdly, and they don't have any telemetry. The
| truth is some virus scanner person wrote an overly broad
| regex somewhere that's raising false positives due to a
| completely random occurrence. It might not happen as much
| to people who use MSVC since it always generates binaries
| the exact same way. But does that mean we should accept
| an MSVC monopoly? Because MSVC is the kind of compiler
| that's been known to insert telemetry into your programs
| when it wraps main(). Why don't virus scanners complain
| about that? All I'm trying to do is innovate in this
| space and create a better alternative. There shouldn't be
| these kinds of roadblocks to competition. In fact APE
| doesn't even compete. It's designed to be a complementary
| format that bridges gaps between communities and helps
| reduce pain for developers.
| disruptiveink wrote:
| Wait, you reimplemented most of GNU Readline in a single file
| with no dependencies? Appreciate you started from someone else's
| library, but yours actually looks feature complete! Wow.
| delijati wrote:
| .oO(Could be a whole OS written in Cosmopolitan?)
| zX41ZdbW wrote:
| Maybe Cosmopolitan Libc can be developed to become a full-
| featured glibc replacement like Musl and what LLVM libc is going
| to target? To be able to link with large C++ codebases it is
| still missing a ton of small cruft...
| jart wrote:
| That's one of our goals! We recently started porting libcxx:
| https://github.com/jart/cosmopolitan/tree/master/third_party...
| This week we're working on getting the complex math functions
| in, thanks to Musl and one of our most productive contributors:
| https://github.com/jart/cosmopolitan/pull/422 Anyone reading
| who wants to get involved, you're very much welcome to join our
| project. Please join our Discord https://discord.gg/EZwQUAcx
| and read
| https://github.com/jart/cosmopolitan/blob/master/CONTRIBUTIN...
| tangjurine wrote:
| >There's no need for a proxy like nginx; redbean is vertically
| integrated
|
| Not super familiar with this stuff, can someone explain?
| 83457 wrote:
| Most languages expect you to have a high quality web server
| between the outside world and your code. Nginx, Apache, IIS,
| etc are extremely well tested and secure. They can serve up
| assets fast, cache, and much more.
|
| A popular way to host now is to have an nginx server or process
| that accepts requests from the outside and then makes a request
| to a less capable web server for the app internally to provide
| a response, also known as proxying. This provides a clear
| barrier with outside world in one very concise config file.
|
| What redbean apparently has is a sufficiently high quality web
| server included, so they can handle requests from top to bottom
| in one package (vertically integrated).
| jart wrote:
| Thank you for explaining this. To add numbers to the
| explanation, a Python ThreadedHTTPServer can do about 1,500
| qps on my machine whereas NGINX does 400k (and redbean does
| 1.1mqps). https://docs.google.com/presentation/d/1WEtSyz5oyTT
| Ge0Fi2Nhh... So one thing that's always helped Python be more
| secure and stable, is having NGINX as its advance guard which
| can store and forward requests. That way Python can do its
| job as quickly as possible. Because untrusted clients can do
| evil things, like open a bunch of really slow clients that
| send 1 byte every second. NGINX is outstanding at addressing
| that with its evio model. redbean does almost as good of a
| job. But poor little Python would need to preempt the entire
| server acquiring its GIL for each byte received, and that
| would cause a lot of contention.
| newaccount2021 wrote:
| csdvrx wrote:
| I love it!
|
| If I may suggest, supporting more languages than lua could help
| bring more people: say php or python, maybe with something like
| vscodium?
|
| IIRC python2 was a WIP (issue #141 for cosmopolitan)
|
| Personally I'd prefer perl for performance, and vscodevim or
| similar to edit code, but I have weird tastes :)
| giraffe_lady wrote:
| Lua has similar uses to those but has a uniquely simple
| implementation and very close relationship with C that probably
| makes it a far, far better choice for this. I'm not really a
| lua lover in general but this is basically exactly what its
| made for and it shines in this role in a way those won't.
| jart wrote:
| We ported Fabrice Bellard's QuickJS engine to Cosmopolitan last
| year. We ported Python3 too. (You can build Python3 as a 5mb
| single file Actually Portable Executable!) So integrating them
| into redbean is on the table. The big question is whether or
| not redbean should be multitenant with languages, or if we
| should ship separate binaries where you choose the redbean
| "flavor" that has your preferred one. I'm leaning towards the
| latter, since there can only be one REPL language. What do you
| think?
| eigenvalue wrote:
| I also think the latter is cleaner. I might also suggest that
| if you are going to integrate with Python, you should make it
| as "batteries included" as possible with the Python data
| stack (numpy/pandas/scipy/sklearn) so that you can easily add
| a redbean web app to an existing Python project without
| worrying about how those "heavy duty" libraries will work.
| bitexploder wrote:
| Would love to see Python support. This project and your libc
| sort of break my brain and I reverse engineered weird stuff
| for a decade professionally. I understand how it all works,
| but it is easy to understand something once someone built it.
| Some of the design choices and constraints were just not
| things I would have thought reasonable for a project like
| this.
| jart wrote:
| I'm open to considering change. For example, the project
| has a lot less assembly than when it started. Please join
| our Discord and tell us the particular things you had in
| mind! https://discord.gg/EZwQUAcx
| bitexploder wrote:
| I did not mean it in "I would not have done it this way"
| way. Just "I did not even consider that a way to do it"
| in a good/great way. It is like... you had a clear end
| goal in mind and all of the things you wanted led you
| down this really amazing/cool path and the end result is
| just incredibly cool to see. It is the sort of project
| you can only really get done sticking to a plan (first
| principles really?) and not letting it get watered down
| along the way.
| jart wrote:
| Thank you! https://justine.lol/sizetricks/ covers some of
| the hacks for anyone reading who's interested. It's
| certainly felt the last few years, since I discovered the
| hack, the universe had put me on a mission to make
| executables portable. Writing files like //ape/ape.S also
| felt like I was writing a chronicle of the history of
| modern software. It's been a fun ride!
| Aeolun wrote:
| If part of the speed is that the binary is small and
| optimized, the latter seems like a better option.
| foxhop wrote:
| that seems sane to me with my novice understanding of the
| project. im most confortable with Python3 & have existing
| projects which I would try to port over as a test.
|
| a python3 flavor could be experimental at first, I bet it
| would boost overall adoption & be an unfair advantage over
| nginx approach.
|
| having multiple repl in one binary would remind me of
| containers in a very strange but cool way, that would be more
| a fun experimental feature a rabbit hole for others to
| explore.
| csdvrx wrote:
| > having multiple repl in one binary would remind me of
| containers in a very strange but cool way, that would be
| more a fun experimental feature a rabbit hole for others to
| explore.
|
| It would also let the flavors of redbean compete for
| donations, which could be directed towards your language of
| choice (say python3 for you) while limiting the size and
| complexity.
| thesuperbigfrog wrote:
| >> The big question is whether or not redbean should be
| multitenant with languages, or if we should ship separate
| binaries where you choose the redbean "flavor" that has your
| preferred one. I'm leaning towards the latter, since there
| can only be one REPL language. What do you think?
|
| Different flavors of redbean would be awesome!
|
| Thank you for building redbean.
| db65edfc7996 wrote:
| It is a resource strapped project. I doubt they have the
| bandwidth to throw in additional languages. Plus, Lua is
| perfect for this niche: small, easily embeddable, fast, and
| simple enough to pick up in an hour. There are even a variety
| of languages which can transpile down to Lua.
| gavinray wrote:
| TypescriptToLua is excellent and actively maintained
___________________________________________________________________
(page generated 2022-06-17 23:01 UTC)