Announcing alternate App Engine host

[jchris]

Hello all,

I just released App Drop, which is a swappable alternative to Google's
App Spot hosting.

To learn more, visit http://appdrop.com

My blog post announcement is here: http://jchris.mfdz.com/code/2008/4/announcing_appdrop_com__host_go

I support the full API (excepting email sending, which could come
along soon) and the whole project is open source, so you can fork it
all you'd like.

Please upload some apps, and let me know what your experience is!

Enjoy,
Chris

[sg_oneill]

You'll need to replace the storage engine. The flat file stand-in
google supplies is garbage, performance wise, and really doesn't
represent bigtable well at all.

Maybe check out integrating ZODB as the storage layer for the bigtable
stand-in.

On Apr 15, 4:27 am, jchris <jch...@gmail.com> wrote:
> Hello all,
>
> I just released App Drop, which is a swappable alternative to Google's
> App Spot hosting.
>

> To learn more, visithttp://appdrop.com

[jchris]

We'll see how long the flat-file implementation stand up. :)

So far so good. Another big concern will be running it across multiple
EC2 instances...

[Ian Bicking]

jchris wrote:
> Hello all,
>
> I just released App Drop, which is a swappable alternative to Google's
> App Spot hosting.
>
> To learn more, visit http://appdrop.com
>
> My blog post announcement is here: http://jchris.mfdz.com/code/2008/4/announcing_appdrop_com__host_go
>
> I support the full API (excepting email sending, which could come
> along soon) and the whole project is open source, so you can fork it
> all you'd like.

Neat! But how are you handling security? I assume that the SDK is
restricting things so that it's similar to the real environment, but
without the same concern for security (i.e., it is blocking things but
assuming you won't try to get around it).

--
Ian Bicking : ia...@colorstudy.com : http://blog.ianbicking.org

[jchris]

Ian,

I haven't done much for security... At this point, stack traces will
be visible to anyone, should an error occur in your application.
That's not to say I couldn't. Basically I'm just relying on the App
Engine SDK to be decently sandboxed. The worst thing that could happen
is someone pwns my EC2 instance (which is pretty free of secret keys
and the like). I'm encouraging people not to post sensitive data to
the AppDrop apps for the time being.

If you'd like to look at the code my modified SDK is here:

http://github.com/jchris/portable-google-app-engine-sdk/tree/master

and the Rails app that manages uploads and user authentication is
here:

http://github.com/jchris/appdrop/tree/master

I'm happy to accept patches if there's anything easy I could do to
make it less insecure.

Chris

On Apr 14, 3:48 pm, Ian Bicking <i...@colorstudy.com> wrote:
> jchris wrote:
> > Hello all,
>
> > I just released App Drop, which is a swappable alternative to Google's
> > App Spot hosting.
>

> > To learn more, visithttp://appdrop.com

>
> > My blog post announcement is here:http://jchris.mfdz.com/code/2008/4/announcing_appdrop_com__host_go
>
> > I support the full API (excepting email sending, which could come
> > along soon) and the whole project is open source, so you can fork it
> > all you'd like.
>
> Neat!  But how are you handling security?  I assume that the SDK is
> restricting things so that it's similar to the real environment, but
> without the same concern for security (i.e., it is blocking things but
> assuming you won't try to get around it).
>
> --

> Ian Bicking : i...@colorstudy.com :http://blog.ianbicking.org

[oli]

You mentioned CouchDB. Is there any way to authenticate access to a
remote CouchDB? As far as I know CouchDB has no authentication at
all.

[jchris]

Oli,

CouchDB has LDAP authentication on the Roadmap -
http://incubator.apache.org/couchdb/roadmap.html

It's not yet implemented, but it's HTTP so there are oodles of ways to
control access to it by using proxies or firewalls.

Chris

[jchris]

I gave a talk last night on Google App Engine and AppDrop - for anyone
who's interested it provides a general outline of App Engine with a
focus on the authentication component of the Python SDK, as well as an
outline of how to do automated sysadmin tasks using a Rails app as a
controller.

The video and slides are available here:

http://jchris.mfdz.com/code/2008/5/appdrop___google_app_engine_vid

Chris

On Apr 15, 9:43 am, jchris <jch...@gmail.com> wrote:
> Oli,
>

> CouchDB has LDAP authentication on the Roadmap -http://incubator.apache.org/couchdb/roadmap.html

>
> It's not yet implemented, but it's HTTP so there are oodles of ways to
> control access to it by using proxies or firewalls.
>
> Chris
>
> On Apr 15, 4:35 am, oli <oliver....@gmail.com> wrote:
>
> > You mentioned CouchDB. Is there any way to authenticate access to a
> > remote CouchDB? As far as I know CouchDB has no authentication at
> > all.
>
> > On Apr 14, 10:27 pm, jchris <jch...@gmail.com> wrote:
>

> > > My blog post announcement is here:http://jchris.mfdz.com/code/2008/4/announcing_appdrop_com__host_go

On Apr 14, 1:27 pm, jchris <jch...@gmail.com> wrote:
> Hello all,
>
> I just released App Drop, which is a swappable alternative to Google's
> App Spot hosting.
>

> To learn more, visithttp://appdrop.com

[Ondrej Certik]

On May 8, 5:07 am, jchris <jch...@gmail.com> wrote:
> I gave a talk last night on Google App Engine andAppDrop- for anyone

> who's interested it provides a general outline of App Engine with a
> focus on the authentication component of the Python SDK, as well as an
> outline of how to do automated sysadmin tasks using a Rails app as a
> controller.
>
> The video and slides are available here:
>
> http://jchris.mfdz.com/code/2008/5/appdrop___google_app_engine_vid
>

There is a problem with appdrop that if the user executes:

while 1: pass

it hangs. I send you a patch fixing this on April 30, but you didn't
reply. I also attached the patch here:

http://code.google.com/p/googleappengine/issues/detail?id=296

since it is imho also the problem of the SDK.

Ondrej