Friday, June 26, 2020
Sunday, December 5, 2010
App Engine Zooooms !
Here is a great news on Google App Engine platform. With the release of 1.4.0 Google App Engine platform outplays all its rivals. What we had in 1.3.8 was a great platform and 1.4.0 is just not an evolution.. it is beautiful, powerful and the most economic new product, which developers will love.
The new features released such as Channel API , time enhancements on the Cron / Task Queues jobs opens up large number of fantastic use cases now feasible on this platform. Application Developers and their clients can celebrate.
On the performance side, much ahead of this release, we have been observing quantum improvements. With 1.4.0 release GAE has become an enterprise class product, it has removed several perceived and a few experienced limitations for its large scale adoption.
It is really a Seasons Gift for the computing community.
App Engine Zooooms !
Here is a great news on Google App Engine platform. With the release of 1.4.0 Google App Engine platform outplays all its rivals. What we had in 1.3.8 was a great platform and 1.4.0 is just not an evolution.. it is beautiful, powerful and the most economic new product, which developers will love.
The new features released such as Channel API , time enhancements on the Cron / Task Queues jobs opens up large number of fantastic use cases now feasible on this platform. Application Developers and their clients can celebrate.
On the performance side, much ahead of this release, we have been observing quantum improvements. With 1.4.0 release GAE has become an enterprise class product, it has removed several perceived and a few experienced limitations for its large scale adoption.
It is really a Seasons Gift for the computing community.
Wednesday, June 2, 2010
Google App Engine does it, finally !
Google has announced Google AppEngine for Business ! They are doing it in the most ethical way - with steadfast commitment to AppEngine developers. This new offer will address most of the long drawn 'worries' of the enterprises such as SLA and SSL. Google also has published the Roadmap for this cloud offer. Here is what the communique says :
"Run your enterprise applications on Google’s infrastructure.
Centralized administration: A new, company-focused administration console lets you manage all the applications in your domain.
Reliability and support: 99.9% uptime service level agreement, with premium developer support available.
Secure by default: Only users from your Google Apps domain can access applications by default.
Pricing that makes sense: Each application costs just $8 per user, per month up to a maximum of $1000 a month. Pay only for what you use.
Enterprise features: Coming later this year - hosted SQL databases, SSL on your company’s domain for secure communications, and access to advanced Google services "
I view this as a great step which will enable enterprises to adopt the technology faster and more realistically. Microsoft's approach towards cloud had been somewhat similar, when they announced Azure GA- supporting both Azure platform and hosted SQL. The differentiator between Google and Microsoft would be the quality of services, pricing and the adoption of open source. We need to wait till end of the year 2010 to see the real magic Google will be performing.
Campfire 2010 didn't bring out anything fantastic; however I bet on Google IO - 2011 in April !
"Run your enterprise applications on Google’s infrastructure.
Centralized administration: A new, company-focused administration console lets you manage all the applications in your domain.
Reliability and support: 99.9% uptime service level agreement, with premium developer support available.
Secure by default: Only users from your Google Apps domain can access applications by default.
Pricing that makes sense: Each application costs just $8 per user, per month up to a maximum of $1000 a month. Pay only for what you use.
Enterprise features: Coming later this year - hosted SQL databases, SSL on your company’s domain for secure communications, and access to advanced Google services "
I view this as a great step which will enable enterprises to adopt the technology faster and more realistically. Microsoft's approach towards cloud had been somewhat similar, when they announced Azure GA- supporting both Azure platform and hosted SQL. The differentiator between Google and Microsoft would be the quality of services, pricing and the adoption of open source. We need to wait till end of the year 2010 to see the real magic Google will be performing.
Campfire 2010 didn't bring out anything fantastic; however I bet on Google IO - 2011 in April !
Tuesday, April 7, 2009
Google App Engine platform moves in for the kill !
Earlier, I wrote about Google App Engine platform's great limitation as the non-availability of Python programmers. However, they had promised in the CampFire in 2008 April, the support for new language runtime is just a matter of time. There had been several requests from the Java developer communities and PHP developer communities for enabling their respective skills. There had been some sort of suspense which would the Google's next milestone; 'will it be Java or PHP , both being popular ?' . Microsoft Azure carried and went ahead with PHP.
Google App Engine platform now supports Java
For Google App Engine platform, the thumbs up went ahead with Java. This is a sound business strategy, I believe. Although, not yet released, their decision shows us the path ahead.
Google AppEngine , Eclipse Plugin and GWT - 'The chosen combination'
- GWT is a great product using which you can develop great UIs , that too supporting several Class A browsers. It allows you to produce optimized javascript while you develop and debug your panels using the famililar Java language.
- Eclipse IDE could be the most leading one among programmers, and you have a plugin provided by Google.
- Last but not the least , the Google App Engine platform remains the most competitive cloud provider for you to run your web applications.
7 April 2008 : Google released App Engine with Python run-time
7 April 2009 : A moment of Glory for App Engine SDK with Java
Sunday, March 1, 2009
Cloud platforms can improve Application Layer Security
We learn from our past mistakes and always improve on what we do. One of the biggest threats we faced since the invent of internet had been the web vulnerabilities. Vulnerabilities, not easily understood and accidently created by less experienced programmers, can be easily exploited by criminal-hackers. It took sometime for the industry to catch up with the danger and to bring in some discipline aimed at improving the application layer security measures. But the damages were done already by the hackers. The techniques used by hackers such as SQL injection, Distributed Denial of Service, Man-in-the-middle etc became common, by the time the industry took it seriously.
Cloud computing technologies anticipate a more wide-spread use of the internet. Will the old threats re-surrect in a new form and vigour ? Not likely, I believe. One reason is the APIs. Resources such as databases and servers are allowed to access only through APIs. None of the low-level accesses will be supported by the cloud platforms. Another reason is the dedicated new genre of 'SQL-like' data manipulation languages . These languages do not support the full set of SQL or SQL compound statements in single query. The third and most important one is the support for self-validating templating engines to handle the views of the application. Remember, unclean data allowed to input through the forms enabled the hackers always.
It looks like cloud computing platforms are making the best possible care at an easily enforcible layer well above the programmers. However, we have not seen any selling effort from the cloud vendors in this direction, so far.
Interestingly, it becomes more expensive for the criminal hackers to create and launch a DDOS , if the application is on the cloud with dynamic scalability with very low increamental cost. Added to this the physical security and access control at the cloud data centers are far above the captive data centers.
What do you think ?
Wednesday, February 25, 2009
Cloud Privacy : Easy to comply with as a SaaS Developer
Some people look at Cloud computing technologies with suspicion on its abilities to comply with effective privacy policies. This equally applies to a cloud software developer, when he tries to recommend the technology for his prospective clients. If you are a SaaS provider, you may have to sell for the Cloud provider also!. It works out something like this. As a SaaS provider, you may collect personal information relevant to extending the services as required. Now you have to assure the use of the personal information you collected from the end customer will comply with an internationally acceptable framework with reference to data privacy. As an organization or even as a specific application you can do this by adhering to the 'Safe Harbour' principles, such as, notice, choice, onward transfer, access, security, data integrity and enforcement.
Reproduced from the Directives provided by U.S.Department of Commerce, below
"
Principle 1: Notice
Organizations must notify individuals about the purposes for which they collect and use information about them. They must provide information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure.
Principle 2: Choice
Organizations must give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice must be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Principle 3: Onward Transfer (Transfers to Third Parties)
To disclose information to a third party, organizations must apply the notice and choice principles. Where an organization wishes to transfer information to a third party that is acting as an agent(1), it may do so if it makes sure that the third party subscribes to the safe harbor principles or is subject to the Directive or another adequacy finding. As an alternative, the organization can enter into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant principles.
Principle 4: Access
Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.
Principle 5 : Security
Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Principle 6 : Data integrity
Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
Principle 7: Enforcement
In order to ensure compliance with the safe harbor principles, there must be (a) readily available and affordable independent recourse mechanisms so that each individual's complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide; (b) procedures for verifying that the commitments companies make to adhere to the safe harbor principles have been implemented; and (c) obligations to remedy problems arising out of a failure to comply with the principles. Sanctions must be sufficiently rigorous to ensure compliance by the organization. Organizations that fail to provide annual self certification letters will no longer appear in the list of participants and safe harbor benefits will no longer be assured.
"
Reproduced from the Directives provided by U.S.Department of Commerce, below
"
Principle 1: Notice
Organizations must notify individuals about the purposes for which they collect and use information about them. They must provide information about how individuals can contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure.
Principle 2: Choice
Organizations must give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, affirmative or explicit (opt in) choice must be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Principle 3: Onward Transfer (Transfers to Third Parties)
To disclose information to a third party, organizations must apply the notice and choice principles. Where an organization wishes to transfer information to a third party that is acting as an agent(1), it may do so if it makes sure that the third party subscribes to the safe harbor principles or is subject to the Directive or another adequacy finding. As an alternative, the organization can enter into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant principles.
Principle 4: Access
Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.
Principle 5 : Security
Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Principle 6 : Data integrity
Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
Principle 7: Enforcement
In order to ensure compliance with the safe harbor principles, there must be (a) readily available and affordable independent recourse mechanisms so that each individual's complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide; (b) procedures for verifying that the commitments companies make to adhere to the safe harbor principles have been implemented; and (c) obligations to remedy problems arising out of a failure to comply with the principles. Sanctions must be sufficiently rigorous to ensure compliance by the organization. Organizations that fail to provide annual self certification letters will no longer appear in the list of participants and safe harbor benefits will no longer be assured.
"
This is important even for small SaaS developers. Invariably a cloud application will be using some sort of authentication and authorization before allowing the access to its end customers, mostly provided by open id providers or at least an email id. Looking at the scope of cloud reaching out to all the seven continents, complying with the safe harbor principles is important. For example, assume you are a start-up getting into the business as a SaaS, leveraging some of the Cloud providers out there. Your application should spell out its privacy policy more rigourously than earlier. Remember, on the internet, your application represents your business.
If you are a product development service provider on the cloud technologies, recommend only the 'Safe Harbour Compliant' cloud provider , build the application clearly announcing the safe harbour policies ' and encourage your client to join the safe harbour framework. Let us save ourselves and our clients from unwanted litigations.
For more details on what you mean privacy policy, visit http://www.export.gov/safeharbor/doc_safeharbor_index.asp
Subscribe to:
Posts (Atom)