Skip to main content

My take on Meteor (meteor.com)

The purpose of this blog post is for me to ramble about Meteor, a new open-source platform for building JavaScript web applications in Node.js.

Likes:

  • JavaScript (Node.js) - If you know me, you know that I love JavaScript!
  • Live Binding / Live Page Updates - IMHO, this is the best feature in Meteor.  View templates update automatically when data in your model changes.  Very cool!
  • Data Synchronization - I like that the client and server communicate and synchronize data, but having database APIs on the client might not be the way to go...
  • Latency Compensation - Cool
  • Hot Code Pushes - A shiny new toy.  It's cool, but I'm not quite sure how useful this will be to most developers.
Dislikes:
  • Database APIs on the client - Okay, yes... having access to your database from any web browser can be nice for programming, but it makes it that much easier for a malicious person to compromise sensitive data.  If someone gains unauthorized access to your system (i.e. someone's password was obtained), having database APIs quickly available to the "hacker" makes it much easier for them to steal your sensitive data.  Instead of navigating around to each page in the web application and performing a copy/paste, the hacker has direct access to the database; running a few queries might be enough to steal everything.  IMHO, security is about making it harder for "bad guys" to steal or corrupt your sensitive data.  I'm not saying RESTful interfaces are the best solution either... just saying that it's not the best idea to expose direct access to the database in a client-side API.
  • Smart packages - Ewww!  Why not use NPM somehow?  We still can't write our own smart packages?
  • Deployment - The Meteor guys haven't thought this through yet?  Sure you can deploy to Meteor servers, but what about your own production server?
Good and Bad:
  • More code on the client - Sometimes having more source code exposed to the client means that it's easier for "bad guys" to reverse engineer your system, steal code, or find security holes in your system.   In the same breath, though, more code on the client can help improve your application's responsiveness.

Comments

Post a Comment

Popular posts from this blog

Developing a lightweight WebSocket library

Late in 2016, I began development on a lightweight, isomorphic WebSocket library for Node.js called ws-wrapper .  Today, this library is stable and has been successfully used in many production apps. Why?  What about socket.io ?  In my opinion, socket.io and its dependencies are way too heavy .  Now that the year is 2018, this couldn't be more true.  Modern browsers have native WebSocket support meaning that all of the transports built into the socket.io project are just dead weight.  On the other hand, ws-wrapper and its dependencies weigh about 3 KB when minified and gzipped.  Similarly, ws-wrapper consists of about 500 lines of code; whereas, socket.io consists of thousands of lines of code.  As Dijkstra once famously said: "Simplicity is prerequisite for reliability." ws-wrapper also provides a few more features out of the box.  The API exposes a two-way, Promise-based request/response interface.  That is, clients can request data from servers just as easily as se
Post a Comment
Read more

Computer Clocks Cause More Issues

Two nights ago, a leap second was added to system clocks running Linux, causing much-undesired havoc. On July 1st at 12:00 AM UTC, both of my Amazon EC2 instances fired an alarm indicating high CPU usage. I investigated to find that it was MySQL that was eating all of the CPU. I logged in and ran SHOW PROCESSLIST to find that no queries were running (these servers don't get hit much after business hours). I stopped MySQL, CPU utilization dropped back down to 1-3% (as normal). I restarted MySQL, and it started eating a lot of CPU again. Then, I restarted the server (shutdown -r now), and the problem went away. Both servers had the exact same problem (running Ubuntu 12.04 LTS). In my particular case, MySQL began eating CPU, even after being restarted.  It was a livelock. The only relevant item I saw in the syslog was: Jun 30 23:59:59 hostname kernel: [14152976.187987] Clock: inserting leap second 23:59:60 UTC Oh yeah... leap seconds.  Those are super important.
Post a Comment
Read more

JavaScript Sticky Footer and Scroll Effect

This post talks about two different HTML/JavaScript effects: How to keep a page footer stuck at the bottom of the browser window. How to create a scrolling <div> without using a scroll bar OK. So... you have a website. You want a header stuck at the top of your page and the footer stuck at the bottom of your page. The stuff in the middle, you want to be able to scrollable. But, you don't want those ugly scrollbars to the right of your scrollable text. Maybe, instead, you'll have up arrows and down arrows above and below your <div>. When you mouseover the arrows, the text in the <div> will move up or down and create a scrolling effect. Suppose your page looks like this... <html> <head> <title>Test</title> </head> <body> <div style="position: relative; width: 700px; margin-left: auto; margin-right: auto;"> <div id="header">Header</div> <div id="scrollUp&q
1 comment
Read more