Sunday, July 22, 2007

Rails running on Amazon's Elastic Compute Cloud

This is the way I am possibly pointing towards for hosting of my Ajax apps developed in the [not-too-distant] future. At the very least, going to research this a good amount: running a Rails Virtual Machine (or multiple clustered VM's) on Amazon's EC2.

I am currently using AS3 not only for backups, but for cross-domain resource loading (static images and JavaScript files). The value presented by AWS's EC2 is too much to ignore when thinking about the future. It's nice to see some Rails plugins already spring up related to this, (even though EC2 is in limited Beta currently, as far as I know) and no doubt it will continue. It's going to be a fun couple of years and beyond!

Deploy Rails app on EC2 via Capistrano

The site explains that the new version of Capistrano (v2) broke functionality of his plugin, but it's a good reference to keep an eye on as this matures.

I am pointing/researching in this direction for my independent/ out-of-work apps and can only assume many others in industry and even companies might move this way as well, given the value it presents to independent devs, as well as even companies looking to host their app(s). Reason being is one can pretty readily set up redundancy (multiple VM's, clustered) for fault tolerance, and also, you only pay by the hour it's running, and last but not least, its infinitely scalable. [ Amazon's ECC approaches infinity, at least for practical purposes :) ]

So, for example, in the case of one site that runs 12 weeks per year, for hosting, I would effectively only pay for a maximum of 24 hours * 7 days/week * 12 weeks/year * $0.10 per instance hour = $201. per year (+ data transfer @ $0.10 per GB). Since the site doesn't transfer much data beyond static images, JavaScript files, generated html, this wouldn't be much more. Now I pay about $70 * 12 mos = $840 for hosting a variety of sites, which is about what one would pay if you ran Rails on EC2 (not including data) for a full year (~ $875). But, again, the scalable nature of EC2 is key.

Tuesday, July 17, 2007

JSONRequest.js -- from the genius of Doug Crockford

I wish there was more chatter lately about JSONRequest, and similar secure XSS proposals.

We can all think of legitimate reasons why as a developer we'd very much like to be able to request and return data from remote sites, and am EAGERLY awaiting the dust to settle on this issue. Because of the security model of XMLHttpRequest, this sort of data exchange is not possible due to the 'same origin policy', whereby the browser restricts a web page from communicating with a server of a different domain via an XMLHttpRequest (i.e. Ajax) call:

"XMLHttpRequest has a security model which is inadequate for supporting the next generation of web applications. JSONRequest is proposed as a new browser service that allows for two-way data exchange with any JSON data server without exposing users or organization to harm. It exchanges data between scripts on pages with JSON servers in the web. It is hoped that browser makers will build this feature into their products in order to enable the next advance in web application development."
IBM has a well written article discussing the issues, challenges, and proposals on the table with regard to secure cross-site scripting, and provides some insights to what we can currently implement, and what is on the horizon, including Doug Crockford's JSONRequest.js proposal:

"Here and now

A more recently developed content-retrieval technique employs communication between a page's script and a hidden iframe through its src URL's fragment identifier (the part of the URL that comes after the # sign). Scripts in the parent page and embedded iframe can set each other's fragment identifiers despite coming from different origins. An agreed-upon communication protocol is maintained between the scripts, driven by JavaScript timers that periodically fire routines to check for changes in the fragment identifier.

Because the scripts must know each other's addresses and they must collaborate between themselves to agree on a protocol, trust is ensured. Because any server interaction is local to each component and separate from the inter-script communication, cookies are not exposed.

While still imperfect (for example, it relies on an anomaly that is not a designed behavior, and polling for changes is inferior to having an event fire in response to a change), this solution comes closer to providing browser-native, secure, in-page, cross-domain communication than any other.

Note: James Burke, a developer at AOL Developer Network, pioneered the fragment identifier technique and has built it into the latest releases of the Dojo Toolkit JavaScript library."

When will any of these get implemented? I can hardly wait.

Doug Crockford proposals:

JSONRequest files:

Dojo notes related to JSONRequestResponse:

conversation by some of the 'Titans'...,1895,1960822,00.asp

Ajax Experience Conference -- plus past presentations link

Was fishing around the Ajax Experience website (wishing I could be there! getting married in less than a month, can't make it), and came across the following link to a wealth of information from the 2006 year -- conference presentations, videos, etc.

The Ajax Experience is one conference I plan to budget for in terms of dollars and vacation days in the 2008 year. Given the list of presenters and attendees, Dion Almaer and the Ajaxians seemingly put together a wealth of knowledge during this 3 day conference. This must be an intense 3 days. Many of the 'Titans of JavaScript, Ajax, and "Web 2.0" are there -- key JavaScript gurus like Brendan Eich, Douglas Crockford... along with library creators and JavaScript experts John Resig, Christopher Portenueve, Joe Walker et al. (and many others) Here is the link to the conference happening in 9 days. There is another conference in October too:

Sunday, July 15, 2007

Phenomenal Execution by Apple with iPhone

Apple executes when it comes to designing, engineering, and marketing their products. Better than anyone in the hardware world.

"The Most Successful Product Intro of the 21st Century"

"Apple's iPhone could emerge as the most successful product introduction of the 21st century, new research suggests." Conducted by Lightspeed Research, "the research findings are staggering," reports Jonny Evans (Macworld). "Nearly 90 percent" of the respondents had heard about iPhone, and 32% of those who didn't already own one intend to purchase one. In a separate survey, Lightspeed Research also learned that "nearly half of those who would like to own an iPhone stated that the benefits of having music, movie, internet and wireless all in one was the top reason."

Saturday, July 14, 2007

Amazon S3 and Ruby on Rails

From a couple perspectives, I find it tough to beat Amazon S3 for storage of many file assets (esp web developer related file assets). The value and ease of use is very good, especially with regards to file assets that you want to reach from multiple locations and also assets that outlast a machine's lifetime (say, > 3 years). I personally much prefer to store data on a network, where I can access it from anywhere, anytime, even programatically. Likewise, Amazon handles all redundancy, all backups, etc. As a longer term goal, I would like to automate an effective rsync of some data on my local machine to my S3 repository... open to ideas there if anyone wants to post them here or email me.

For those interested (and too lazy to clink on the link above!), here are the costs as of today:

Amazon Simple Storage Service



* $0.15 per GB-Month of storage used

Data Transfer

* $0.10 per GB - all data transfer in
* $0.18 per GB - first 10 TB / month data transfer out
* $0.16 per GB - next 40 TB / month data transfer out
* $0.13 per GB - data transfer out / month over 50 TB

Data transfer in and out refers to transfer into and out of Amazon S3.

Data transferred between Amazon S3 and Amazon EC2 is free of charge.

* $0.01 per 1,000 PUT or LIST requests
* $0.01 per 10,000 GET and all other requests*

* No charge for delete requests

Storage and bandwidth size includes all file overhead

Here is a great link related to using S3 programatically with Rails:

Building a Web Application with Ruby on Rails and Amazon S3

Wednesday, July 11, 2007

Prototype version 1.5.2_pre0

I notice on Backpack, that the 37signals guys are using a new version of Prototype.js. I haven't had time to check the diffs, but wonder what has been added: