@joshuef do you know if there’s a reason MaidSafe have tended to avoid creating web apps and preferred desktop? I think Ben’s video chat was a browser app - but IIRC was created to demonstrate WebRTC - but I don’t recall any others.
I’m interested in the pros and cons of browser v desktop from MaidSafe’s perspective, and whether there are particular issues that lead the team to favour desktop, when the advantages of cross device support and no install lead me to prefer browser, both as developer and user?
My understanding (and correct me if Im wrong @krishna), is that there’s been no specific target so far, just offering up a selection. (The markdown example is a webapp, for eg).
I think the web hosting and email have been picked up as staple/useful/most interesting for the community, and so they’ve gotten more love recently.
As for pros and cons. I think if you can offer both, it’s not that hard to these days. The email app could be a site. The webhosting could be, but would probably not be as usable…
It all comes down to maintenance really, and on that front I’d say sites are simpler (especially on safe, where there’s only one browser to worry about). But electron apps aren’t that far behind.
Desktop app helps us to test applications on all platforms for cross compatibility. It was easy to start building apps as soon as the safe-app-nodejs was ready. If you remember, the web apis were added only after testing the nodejs API. We had to wait for the API to be stable to avoid rework, hence the focus was on the desktop apps.
The purpose of the apps is to help the devs understand the API. The SAFE API playground covers the complete API for web apps.
However, we can start putting out web examples too once the current refactor is over.
@krishna@joshuef I just read this article that perhaps gives us some other reasons for preferring native (desktop/mobile) over web apps, and also some examples of problems in the browser we might want to check for (see the HEIST link).
@dirvine you might be interested in Permazen, described in the second article (as not well known), though you are probably way ahead of me :
One of the interesting things about Permazen is that you can use ‘snapshot transactions’ to serialise and deserialise an object graph. That snapshot even includes indexes, meaning you can stream data into local storage if memory is too small and do indexed queries over it. It should be clear how this can provide a unified form of data storage with offline sync support. Resolving conflicts can be done transactionally as all Permazen operations can be done inside a serialisable transaction (if you want a Google Docs like conflict-free experience that will require an operational transform library).
The “What should follow the web” article was really interesting.
Some of the things already fit in with SAFE web apps. SAFE isn’t the web and doesn’t use a web server after all, things like authentication with a single user id that can be user everywhere is already built-in.
The “missing” things is mainly things that can be done on the app side. Basically binary, type safe data structures. Now the APIs for mutable and immutable data are just low level APIs and you can put whatever data there. A storage library that can automatically serialize and deserialize binary data and has some kind of entity model is what we need I think.
I think another may be cross origin requests within safe:// (although even moreso when users turn on clearnet access). Much less risky than on clearnet, but still may provide ways to unintentionally leak information.
Again, this is left to the app developer (e.g. applying minimum CORS headers), and that is the nub of the problem Mike Hearn is highlighting: developers needing to pay attention to and knowing how to design for security when this is not a prerequisite for building a useful, slick looking app or delivering a product to market.
Turning on clearnet access shouldn’t be done if you want security.
With SAFE only, there’s no ajax requests and the security model is built around the SAFE api. You’re basically connecting directly to the database and not through a server, so there isn’t really directly CORS is there?
CORS allows you to specify who or what can access your endpoint on the server side, but with SAFE, you do that with MD permissions.
Yes, I’m probably worrying about nothing here. I certainly don’t understand security well enough to say one way or another. I’d love to see somebody write about SAFE web app security and show what the possible vulns are and point out how x, y, z etc of clearweb issues don’t apply and why. Not me I’m afraid! Thanks for the comments.
Funny, that electron seems to be part of that broken web technology stack Mike Hearn writes about, and then SAFE makes native apps with it. For me it’s double-broken I think it’s C/Java bindings that we need and then make truly native apps with qt, java, whatever.
Does the ‘hack’ work around the electron crash I was having with mock browser and RS.js? If so, is it in these mock binaries or likely to be in master soon? Thanks.
I’ve tried the MaidSafe mock build and can load an index.html but it won’t load CSS, images or jpg etc in the HTML or directly in the address bar (for the latter it adds a trailing slash which is odd).
This may be because I hacked the gulp stuff, but I don’t know so I’ll see if I can get the safe_api_playground running.
This way of developing seems to require a lot of garbage in your working directory (first clone safe_api_playground etc). Is that still the recommended route?
Not sure to which ‘hack’ you’re referencing, exactly (I dont see it above). Though I think that might be from another thread. In which case, probably about avoiding the electron/devtools crash?
This wont be in master yet (nor the mock bins), I didnt get a chance to test it out properly.
Sorry if I’m reapeating Qs @happybeing , I’m a bit lost in this thread.
I don’t think you should be needing to grab the safe playground for dev. You’re saying that currently with localhost dev you dont get any images/css loading? Right?
And you’re using gulp to run a server which is serving all this?
No worries Josh, I know you guys are busy and I have other things I can get on with while waiting. So…
The OP instructions lead me to think I should start with the playground (“Clone this repo…”) but I see that’s just to get the gulpfile so I can start again and try it, but…
Yes, I was visiting localhost:3003 which was loading my index.html but not the included js, css etc. Perhaps that’s why I am not yet seeing the bug (black view screen). So I guess I need to wait for your changes to be in the mock build or to try again building it myself? If so, no worries. I’d like to be able to use mock but can get by with extra invites mean time
Does anyone recognize the following error from the Web Hosting Manager?
Failed to load native libraries: Error: Dynamic Symbol Retrieval Error: Win32 error 127
I’m trying to run the Web Hosting Manager by building it and running it with yarn dev (and running it on the Alpha network). I’ve apparently made a mistake by removing a Public ID which makes the Web Hosting Manager unable to start. I’d like to see what error the Web Hosting Manager encounters.
I’m able to run it fine with the pre-built binaries from the SAFE examples GitHub repository, but I can’t get a console to show there.
Edit: I think I know why the Web Hosting Manager is unable to start. I’ve inserted an unencrypted entry into the Public Names Container. While the value is empty, the Web Hosting Manager still tries to decrypt the key. I will test this hypotheses tonight. @joshuef, any recommendation on how to proceed if this is the case? Could I make a pull request for the Web Hosting Manager to handle such a case?
You might have missed setting NODE_ENV=dev when doing yarn install. Remove the node_modules folder and run $env:NODE_ENV = "dev" in PowerShell or set NODE_ENV=dev in command prompt, then run yarn install again.
You are actually more than welcome to do so if you know how to solve it!
: