"There are a lot of bold claims here, but 'automated XSS protection' smells the fishiest to me."
No, there's a variety of ways to accomplish this. You just have to give up the ability to smash strings together with no thought about what kinds of things they are. The fact that smashing strings blindly together, then desperately running along behind it and trying to clean up the resulting mess, is basically industry "best practice", is the biggest failure of the programming community since buffers that overflowed into executable space.
It shouldn't "smell fishy"; a framework that makes it easier to write XSS than to write correct code ought to be what "smells fishy", but here we are.
> There are a lot of bold claims here, but "automated XSS protection" smells the fishiest to me.
I'll detail the mechanism in some other blog post, but it's actually very simple. In the meantime, let me suggest something: go and connect to the chat and attempt to XSS us :)
You have my word that the online chat is exactly the same one as the source code that we have made available. And you can check that there is not one single line of code for XSS.
I respect people that create toy languages. But you are obviously trying to market this language to people with real world projects.
The only thing that I'm interested in when I read about a new language are these:
1. How fast is it?
2. How does it interoperate with C and Java?
Any other advantages are worthless if those two things are not present. Provide some benchmarks against popular webframeworks like nodejs, and if you are faster, we may have a deal.
Why not make the language at least very similar to an existing language? Sure, even if it isnt EXACTLY the same, it at least has a number of people that already write in it, editors that deal with it correctly, etc. Plus you can use general purpose code snippits from such a language, which will help greatly decrease the amount of libraries you will need to make directly before this becomes useful to people.
Well, in my experience, copying & pasting from one language to another one never quite worked - and quite sometimes made it to thedailywtf.com material.
Thanks for tackling such big issues.
Waiting for an access to opalang.org and for EasyOpa, something like EasyPHP but with OPA :) and running on WINDOWS !
When you guys say "a single programing language" do you consider CSS ? Or isn't CSS a programing language ?
We offer some facilities for CSS, but no, you are right, in that sentence, we do not really consider CSS a programming language. Most of our applications use regular CSS stylesheets, embedded in Opa – in particular, that's the case of all the examples in the tutorial.
Actually, we can essentially do that in Opa already, for many (but not all) CSS properties. It's not officially on our feature list, though, because we have many ideas that we haven't had time to implement.
We handle schema changes very nicely. Our db tool can detect automatically whether a binary and a schema match each other. Most common changes (e.g. field renamings, singletons transformed to lists, etc.) can be handled automatically.
Of course, complete refactorings of subsets of the database may require non-trivial transformation. Opa can't do everything automatically, but it will still check whether the database you obtain at the end of the transformation matches the requirements of your new binary.
If your having several instances load-balanced, you can easily update your site, one instance after another. No server runs mono-process. What do you think?
There's no easy answer to your question. Although Opa raises warnings when it detects that the databases your accessing/trying to modify have changed, I guess you'd have to think of a migration process anyway.
What is your best practice so far? (and your expectations :p)
Indeed, Ocsigen is a very nice project that offers some of the features of Opa. If you take a look at our documentation, you will realize that we go much further than Ocsigen in most directions (client-server transparency, distribution, etc.)
You make me think that it would probably be interesting to compare feature-by-feature Ocsigen and Opa. I'll try and do that in another blog entry, possibly with the help of Vincent Balat.
And since when did ostensibly open-source projects have closed betas? Release it now and get more eyes on your code.