[Ur] Live-coding demo (was: New website?)

Adam Chlipala adamc at csail.mit.edu
Tue Jul 28 13:18:24 EDT 2015


This sounds like a great idea.  One of the qualities that makes it great 
is that I believe "the community" could tackle this as a generally 
useful open-source component, without me doing most of the work. ;)

I agree that Ur/Web is unusually well positioned to drive such a service 
securely.  A little-known feature is language-enforced resource limits, 
configured with the 'limit' .urp directive (see the manual for 
details).  I believe they will be sufficient for a demo environment like 
this, with no other resource enforcement required, beyond possibly 
limiting how many demo apps can be running at once. (It becomes 
necessary to use SQLite to take full advantage of resource limits, as I 
could not find a lightweight way to limit database size for PostgreSQL 
or MySQL.)

Sergey, anyone else out there: might I be able to interest you in 
implementing and/or hosting such a service?  I would be very happy to 
link to it prominently from the Ur project site!

On 07/26/2015 10:26 AM, Sergey Mironov wrote:
> Also, I would
> suggest to develop a live-demo component allowing users to design,
> build and run the applications online! Let me explain: one of Ur/Web's
> killer features is IMHO an ability to write small web applications in
> a single file. One can stress the attention on this feature by placing
> the online development environment to the site. Luckily, such a
> component should be very simple in the Ur/Web case (unlike any other
> language where stand-alone security checkers / DB integration code are
> required).
>
> Here is the specification draft:
>
> 1. The try-it-yourself page consists of an big textbox and the 'Run' button
> 2. Run button triggers the build process on the server side, which in turn:
> 2.1 Creates temporary folder $T, copies the context of the box there
> 2.2 Generates basic *urp file (adds safe libraries, adds sqlite DB,
> allows safe urls and so on)
> 2.3 Runs urweb compiler to build the *exe
> 2.4 Runs the *exe in a safe environment (one may think about cgroups
> or even VirtualBox environment here)
> 3. If everything is OK, user sees the link to their application
> running, also they see  'Download source tarball' button which
> downloads the contents of $T
> 4. There should be a resource monitor to kill the applications after
> certain amount of live time or by using different policy, like free
> disk space.
>
> What do you think?



More information about the Ur mailing list