Koding vm cloud development
ambassador at fourthworld.com
Fri Jan 31 17:40:41 CET 2014
stephen barncard wrote:
> jbv wrote:
>> My remark is probably OT, but I'm still reluctant in putting my
>> clients' data in the cloud, and prefer to keep them on our own
>> servers... Just curious : what is your approach to the problem
>> all of you guys ?
> I would trust somebody like Amazon more than my own security team.
> But I think I would rather wait until we hear from Richard Gaskin.
Thank you for the kind words, Stephen, but I usually just do whatever
Pierre suggests. :)
JBV: is the client data a LiveCode project, or something else?
There's a wide range of options for both, with tons of cloud stuff
available for free.
For team management of LiveCode projects I have a system in progress I
mentioned here an embarrassingly long time ago, back then I was
referring to it as RevCloud:
It turns out that the backend for that has been useful in other
scenarios, from student records to custom CMS solutions. So the upside
is that those client projects have moved the platform along well, but
the downside is that they've kept me too busy to complete the front-end
for the original scenario, LiveCode project management. Hopefully time
will free up later this year to finish that.
But it's not too hard to ad hoc your way into a simple solution to get a
specific job done. With what I used to call RevCloud I spent a lot of
time making a custom data store because I have other needs for it down
the road that will have some unusually tight memory and CPU limits I
need to accommodate. But if instead you take a saner path and use MySQL
or even SQLite you can snap together something useful in a few days.
And if your needs are more general there are tools like OwnCloud where
you can build custom cloud solutions while still leveraging lots of
excellent work from really smart devs.
For security, maybe I'm lax but I feel that if SSL certs are good enough
for banking and medical records they're more than sufficient for any
industrial espionage that might be a risk with client projects. :)
And libURL makes it easy to use both custom and shared certs, the latter
being a fairly cheap option with most hosting companies.
There are other aspects to security beyond encrypting the data stream,
and Stephen is wise to suggest letting others who specialize in that
handle as much as you can offload to them.
But like everything else in computing (and perhaps all of life), it's
all about tradeoffs. With cloud solutions the tradeoffs often involve
cost, flexibility, security, and more. You can choose a solution that
optimizes for two or more, but not likely all.
If flexibility is critical and the nature of the client data doesn't
involve nuclear secrets, you may be pleasantly surprised how nice it is
to work with Ubuntu Server on a VPS, or even on a small box in your
office if you connection will allow it.
Right out of the box Ubuntu's firewall is locked down pretty tight (in
the default configuration it doesn't even allow SSH until you turn it
on). And if you take the five minutes needed to set up a shared key for
password-free login, it's not only more secure but oh so convenient to
On any server your auth.log will show hundreds of attempt to break in
every day, and when you're just getting started it can be pretty
alarming. But with my fairly stock Ubuntu/LAMP/LiveCode test system
here in my office, on a fixed IP and outside my hardware firewall where
it's easy for bots to find, so far no attempts have been successful.
I'm not a security expert, and if a system is critical it's probably a
good idea to hire one, even if you use an outside vendor for your cloud
services. Penetration testing services are often well worth the
investment when the stakes are high.
There are many potential points of failure in online systems, from
injection attacks (relatively easy to avoid with modest effort) to
buffer overruns (to which I'm told LiveCode is almost entirely immune),
Many of these risks are inherent to the app you're building, even when
you're configuring something off-the-shelf, so even with an external
service like Amazon we can't get lax about security.
But on balance, everything is hackable and most of our work doesn't
involve nuclear secrets. Take reasonable precautions, remain willing to
learn, and stay on top of updates to all aspects of the system, and
chances are your system will survive at least as well as Target's. :)
And if you just want to share files, I've been enjoying Ubuntu One with
its native clients for OS X, Windows, iOS, Android, and of course Linux
- here's some tips on setting it up for folder sharing:
Ubuntu One offers 5GB for free, and if you decide to explore it you can
sign up with this link and you and I both will get an additional free
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
Follow me on Twitter: http://twitter.com/FourthWorldSys
More information about the use-livecode