Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
The FuqIt Web Framework (github.com/zedshaw)
139 points by superchink on July 13, 2013 | hide | past | favorite | 77 comments


Well must be a slow news day today so I'll say a few things about FuqIt for the high-minded HN crowd:

1. Don't run this at all in anyway that someone can access it. It's ultra hackable. Extra points if people can point out why.

2. I basically am just goofing off. The idea though is this thought: "What if PHP got it right?"

3. There's some little tricks in there you may not have seen before. Take a look at the code if you're new to Python.

4. If I get around to it I may write a web server for this using my various web-server-maker chops and put in some of the Lamson code and then make it talk to ZeroMQ off of a URL similar to how it's doing jinja and python so it can be a full service web+email+messaging system configured off just files in a directory and then probably I'll get bored and do something else.

Enjoy!


Hey Zed that's pretty cool.

I think this was submitted with a back-thought of possibly generating ridicule. It doesn't matter, anyone coding and playing with shit like this gets upvotes from me.

I also like web.py (the framework conceived and built by Aaron Swartz) for some of the same reasons -- simplicity and cleanliness. Start with something like "let's see how would a clean and simple web framework look like in Python." That's beautiful I think. Yeah I know it hasn't exactly taken off and flask and friends surpassed it but I still like it.

EDIT: corrected Aaraon Swartz's name (thanks bensw)


>That's beautiful I think. Yeah I know it hasn't exactly taken off and flask and friends surpassed it but I still like it.

That reason it still hasn't taken off is that Aaron is very like Zed; they are grasshoppers. They get bored easily from doing something.


:s/is/was/

:(


s/Schwarz/Swartz


I've seen something similar done with the Mako templating library which allows mixing html and Python. We jokingly dubbed it PHPython, and it had grown into horrible spaghetti.

I think what happened was it started out as a quick and dirty thing that just grew and grew.


Just like most PHP projects.


Don't forget PerlHP. ("PHPerl" also seems to exist twice over at least.)

http://wakaba.c3.cx/perlhp/


I'm going to assume the "ultra hackable" is thanks to requesting '../../phpmyadmin/config.php' or whatever.

Oddly enough, I can't easily see any way to load a random (system-level) python module, thanks to including the 'app' package explicitly in the load_module - IIRC you can't resolve imports outside a top-level package.


This looks cool. BTW, thanks for helping me not feel like a total moron while learning Python, the hard way was the right way.


Spend more time on LRTHW. I need more lessons to get better!! (kidding)


Thanks everybody, you made this joke possible:

https://github.com/zedshaw/fuqit#investor-statement


There's a niche for something that's as sloppy-easy-to-get-started as PHP, but with a more concise/consistent/powerful language. Perhaps, a "PYP" - Python with PHP characteristics.

This is a little like that.


I did one of these! The RHP Hypertext Preprocessor - https://github.com/gunn/RHP

Someone asked on stackoverflow why PHP is so easy to learn, so I wondered how much learning curve we could cut away. Drop .erb and .haml files in a dir. Done.


Something like Python Server Pages? Maybe check out Spyce or mod_python (or maybe set *.py to run as CGI)


I feel like http://aspen.io/ sort of does something like this already. Written in Python and just uses the filesystem to generate content rather than a MVC.


Yes, I really feel like aspen is exactly this, and very well done too. Already has real-world things running on it, like http://gittip.com .


Yay! Someone gets it!


I've been thinking along these lines for a while. For python-based, I think your toolkit is a good stake in the ground.

I think Lua-based is very interesting. openresty is a great choice for replacing the simple glory of what Apache/PHP once was.

Although, Lapis (moonscript/Lua) adopts "Web-MVC", the way its coded is a toolkit of un-opinionated libs. You can skip the MVC stuff and just have a clean set of libs for throwing things in a directory and getting your bang for very few bucks.

http://leafo.net/lapis/ http://moonscript.org/ http://openresty.org/


Just serve .py as CGI. Hardly the stuff of legend.


Excuse my French, but... if this hadn't been written by an internet celeb, nobody would have given two shits about it.


The thing with internet celebs in the programming community is that they mostly are celebrities for a reason and not just because they are the pretty daughter of some billionaire.


Zed is not the pretty daughter of a billionaire?!?!?!?!?!?!?!?


Pretty much.

Oh, except, there's actually an interesting idea in there if you look really closely.


Isn't the interesting idea basically CGI?


If you can abstract everything to be anything then nothing has meaning.


Lovely bit o' philosophy there. no sarcasm


Depending on how much you want to reduce it, you can dismiss almost anything having to do with a webserver this way. Some more powerful versions that dismiss any and all computer related ideas that have output:

    - But isn't that just calling a bunch of syscalls?
    - But isn't that just moving a bunch of bytes around?


Well, yes, but I picked CGI for a reason. Zed says in one of the other comments that the inspiration for this was "What if PHP got it right?" PHP came out of a long tradition of CGI apps, as a way to make templating dead-simple and still provide a bunch of programming language tools.

The brilliant idea behind CGI is that you set a directory as your cgi-bin, drop an executable file, and then the webserver will run that executable and pass in a bunch of data from the request as environment variables and on STDIN, and then send STDOUT back to the browser. It's an incredibly powerful idea with a really simple implementation. You can write your scripts in any language, they can do anything, they can present further abstractions and run other scripts, they can embed other languages like Python or PHP or Haskell, and they can embed other frameworks like Django or Rails. And all you have to do is drop a file in a directory and make it executable. All because of the power of plain text: CGI "speaks" a uniform interface that any computer language can understand.

When I saw FuqIt, I thought of CGI because the brilliant idea behind FuqIt seems to be "Drop a Python file or Jinja template in a directory, and we'll call it via a uniform interface". Kinda like CGI, huh, except it's restricted to Python? (Actually, there's another standard - WSGI - that's built around the same principles as CGI but restricted to Python.)


This is the best explanation of CGI I've encountered so far.


But you were downplaying the project because it is "basically CGI" (inaccurate already). In context I think you'll find you were being hostile about the matter.

Anyway, it is the start of an idea with a proclaimed possible direction (basic error handling, basic web server functionality). It doesn't do a lot right now (and maybe it never will) but it isn't just CGI.


More than one, probably?

  base, ext = os.path.splitext(name[1:])


If that code is an idea, then the idea is "HACK AWAY!"


I think you can run python modules installed in the system through this framework.


Yup, and expose any file on the file system.


Just wanted to say a special mention to the knife_or_banana method:

    def do_GET(self):
            try:
                self.knife_or_banana(self.path)
          [...]

    def knife_or_banana(self, path):
            # THIS AIN'T THAT SECURE, BUT FUQIT
             root, ext = os.path.splitext(path)

          [...]


Out of my own boredom, fuqit in node.js:

https://github.com/ricardobeat/fuqit


Nice. Here's a present for you https://github.com/ricardobeat/fuqit/issues/1


This has too much functionality. Sometimes I just want to statically serve all the files in a directory and its subdirectories.

    cd not_my_porn_folder
    python -m SimpleHTTPServer


Brilliant. I am supercharging it with dilithium crystals and replacing all my production Django sites right this second.


Let me know where they are so I can steal your password files with my uber secure file resolution code.


They are actually inside the NSA ring 0, vacuum isolated, prisming zetabytes of privates emails and facebook lolkatz.


> FuqIt is Copyright (C) Zed A. Shaw All Rights Reserved.

[emphasis mine]

That's an interesting approach. I take that Zed doesn't want this to be actually used anywhere?


Yep, it's not safe to use, so nobody should use it. Edit: I should add, not yet anyway.


Good catch. Without an explicit license grant forking the repo is technically copyright infringement.


And a violation of Github's ToS.

(Interesting reading: http://cr.yp.to/softwarelaw.html)


https://github.com/zedshaw/fuqit/blob/master/app/files/index...

  return "I Am KING!"
https://github.com/zedshaw/fuqit/blob/master/app/files/test....

  I am a test Jinja!
So, which one is it?


Maybe I'm King of The Jinjas!


King of the shrines?


Gotta start somewhere.


Why is this front page? Because he is a celebrity? If Python is the drug of choice, Flask. K? Thx, now get off my news feed.


how the fuck is this the top link on HN right now?


It's almost like I'm famous and people are interested in what I do!


I've never heard of you, but I liked the idea behind a PHP replacement.


In my experience with a new PHP developers, the first hurdle is explaining that urls have nothing to do with the filesystem.


(I don't do PHP) I had the same issue starting with using web APIs in java.

It's understandable though as the early web was essentially serving a filesystem directly (almost ftp).


Start here: http://zedshaw.com/#/start


That aside, I've always been interested in the, as you put it, "shit files into a directory" approach with a language that's not PHP. Now if only we could get ubiquitous hosting for it once you work out the security issues (which I do hope you'll do)...


This is one of those things that becomes immediately "obvious" the moment I see it... but I'd never have thought of.

If we could decrease the amount of understanding required (possibly a bad thing) to get python running on the server it would be great.

Why can't I just go "python app.py -port 80" and call it a day? What would we need to get to that point?


What would we need to get to that point?

To be using PHP.

(runs away)


Would fans of FuqIt be "Fuqers"?


Yes.


Good use of lens flare.


I was intrigued by the reference to Meteor and after a bit of googling "oh yeah okay, those guys who did an unsecure NodeJS realtime framework (last time I used it, every client could call the mongodb database) just got 11M in funding".

When did our jobs become such a joke?


There's a package called 'insecure' that is included by default to get the app up and running as quickly as possible. To remove, just do $ meteor remove insecure

Hope this helps!

P.S. docs.meteor.com is very helpful -- I highly recommend reading it. Also, DiscoverMeteor.com is a great textbook that will cover this material.


The first version now is minimalistic. But to be a second Ruby on Rails framework, your system will get more complicated soon. Good luck.


You obviously know nothing of my work.


Didn't you know, any sufficiently complicated Python framework contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Ruby on Rails.


Anything by Zed Shaw is interesting. One of the real software engineers. Or should I say "Programmers, Motherf..."


Juvenile. If this had any other name or was written by anyone else, no one would give a fuq.


That is a terrible name for a framework, you should have called it 'shdvg'.


Oh Zed.


[deleted]


Yep, works pretty well actually, but not secure yet. It's a hack to test out the idea.


You're my favorite. :)

Didn't you do a lua microframework? I'm more intrigued by that one but whatever gets your creative juices flowing, godspeed.


Github lists his repos, you know. :-) But thanks for pointing this out. I am getting interested in Lua and was unaware of this.

https://github.com/zedshaw/Tir


That mascot is fucking awesome.


Hi Zed,

you nailed the name just right, but a single look at the mascot made me blind for an hour.

And it's already ported to NodeJS, congrats!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: