Openfount Library Revisited

Dietrich Kappe, Monday, July 10, 2006 @ 9:00 am

Last week I mentioned the GWT-based Openfount library. I remarked that their Queued Server acted as a proxy for the GWT client on the browser. It turns out that I misunderstood the architecture of the Queued Server. It doesn't in fact allow GWT clients to access S3. Instead, the clients are served from S3 and access the Queued server through S3. To quote from the site:

Openfount supplies the tools to make it easy to develop and deploy an Ajax application to Amazon S3. The trick is how to process requests from clients. The Queued Server solves this problem by using S3 as a queue to process requests. When the Ajax client requests a service, instead of contacting the service directly, the request is written to S3. The client then polls S3 for the response. A server is started up anywhere on the internet to process the requests, and to write the responses to S3, which the Ajax client then picks up.

OK, that's clever. You're service will never get slashdoted because S3 handles all the requests and your servers consume requests at their own pace. Never mind that the effect of underpowered servers means long wait times for GWT clients. Also, a huge deluge of writes to a bucket could really hit your wallet. Consider too this statement from the Amazon doc on pricing:

Network Data Transferred: $0.20 per GB of data transferred. This fee applies anytime data is read from or written to one of your buckets. It does not matter who is reading or writing the data, so consider this when you give public access to one of your objects that may become popular.

I asume that the GWT client needs to know what the key is to be able to enqueue requests to S3, and at the very least, you can either sniff, proxy sniff or use a tool like HTTPLiveheaders to get the S3 bucket and key. The permissions supported for buckets are pretty primitive, i.e. you have a permission to an entire bucket; if I can enqueue a small message to a bucket, I can also upload a 4GB image to it. At best, a malicious user can hammer your in-bucket. At worst, well, I hope they've implemented this stuff so that clients can only write to one bucket and read from another, otherwise how long before the kiddy porn merchants start using your account to distribute their stuff at your expense?

Judging from this little bit of code from the server entry point, it looks like it's open season on both reading and writing to the same bucket:

  public void createBucket() {     
     
         try {     
            Group grantee = new Group();     
             grantee.setURI(ALL_USERS);     
             Grant grantRead = new Grant();     
             grantRead.setGrantee(grantee);     
             grantRead.setPermission(Permission.READ);     
             Grant grantWrite = new Grant();     
             grantWrite.setGrantee(grantee);     
             grantWrite.setPermission(Permission.WRITE);     
             CreateBucketResult res = conn.createBucket(bucket,new Grant[] {grantRead,grantWrite});     
             System.out.println("Bucket created: "+res.getBucketName());     
         } catch (Exception e) {     
             System.out.println("CreateBucket failed, continuing: "+e);     
         }     
     }

Finally, their "Open Source" license contains the following line: "Grace Period" means the number of days that you can use the software without making payment. The grace period is 60 days if not otherwise specified. Now I'm certainly not opposed to making money off of software, but if something isn't Open Source in the GPL or Apache sense, don't call it that. Throw in their licensing fees -- $3/month for up to 100 users all the way to $83/month for a million users -- and this things looks like a good idea that needs to be implemented properly by a real open source effort.

Topics: Ajax Frameworks, GWT, Open Source

Comments (1)

Software Development

Comments: 1 so far

Dietrich,

Many of your concerns will go away if (or when) Amazon makes the Simple Queue Service (SQS) available from the same domain name as S3. The only reason we don’t use SQS is because of the well known XmlHttpRequest cross domain restrictions. If SQS were used, there is no advantage to posting spam.

The post at the AWS blog is informative:
http://aws.typepad.com/aws/2006/06/openfount_queue.html

Thanks again for the comments.

Comment by Bill Donahue, Monday, July 10, 2006 @ 2:33 pm

« Next Post Blog Home Previous Post »

Subscribe via email

Subscribe via RSS

Software Development

Product Strategy

User Experience Design

Technologies and Platforms:

    Rich Internet Applications

    iPhone/Mobile

    Ruby on Rails

    Flex, Flash and Air

    .Net

    Java

    Business Rules Engines

Pathfinder News

.NET .NET Browser Control .Net Development 2d cad 2d physics 3d 3D GPS 3d mapping 3D physics 37signals Acceptance Tests Accessibility ActionMailer actionscript activerecord acts_as_ferret Add new tag Adium ADO.NET Entity Framework Adobe adobe acrobat Adobe AIR adobe flex Adobe Illustrator Advertising aggregation agile Agile Development agile iteration agile thinking AIR Ajax Ajax Applications Ajax Bookmarking Ajax Components Ajax Development Ajax Examples Ajax Experience Ajax Frameworks Ajax history management Ajax Intervention Ajax libraries Ajax library AJAX Obfuscation Ajax Performance Ajax Products Ajax toolkit Ajax Tools Ajax Widgets A list apart Amazon Amazon CDN Amazon Web Services amf Analysis Android animation annotation Announcement Announcements antennae Antipatterns Apache Apollo App Engine SDK apple apple tablet Application Architecture Application Development ap store architecture art AS3 ask a UI guy ASP.NET ASP.NET assembla asterisk Asynchronous Processing authorization awards axiis Azure Back Button backups bandwidth bandwidth profiling Barnes & Noble Barriers to Entry Beans beer Benchmarking Best Practices BitmapData.draw BJAX blackberry Blaze Advisor blender blog blogging blog widgets book review Books Borders braindump browser Browsers Bugs Business Business Concepts Business Reasons for Ajax Business Rules Engines C# c# documentation ndoc sandcastle caching campfire Canvas capistrano career Case Studies CFO change management Charles charting checklist chess Chesspresso Chicago chicagoruby chirb windycityrails Chrome Chrome OS CI CIO Claude Shannon Closure Tools Cloud Computing CloudFront CMS COBOL Cocoa code code art Code Generation code generator Code Style Color COMET Competitive Strategy Compilers Compressor Computer Science Conference Confluence Consistency Content Management continuous integration converget appliances core animation CRM cruise CruiseControl CSS cucumber Custom Application Development Custom Flex Component dashboard Data Mapper data services integration data visualization date datetime Davlik Degrafa deployment deprec Design design documentation Design Patterns design thinking Desktop desktop application development Desktop RIA Desktop Software developer Developer's Notebook development DHTML Diagnose Divide and Conquer documentation Dojo Domain Knowledge don norman Drawing Drools drupal dynamic languages ease of use EC2 Echo2 Echo3 Editorial elections enterprise iphone development Entrepreneur erb ERP error handling Estimating estimation Ethnographic Research events everyblock Evolution Excel externalinterface Ext JS Extreme Programming eye tracking Facebook factory failure Fake Agile Feedback Loop ferret FileReference Firebug Firefox Firefox Extensions fixed bid fixture replacement fixturereplacement fixtures Flare Flash Flash and Air flash awards Flash Catalyst flash player flash player 10 Flash Player optimization Flash Remoting Flex Flex, Flash and Air Flex3 flex 3 flex code generator flex css flex development flexmock Flex optimization flex skins flexunit flex widgets Flickr Flock Flow Fluent forms Frameworks FriendFeed front end front end development fulltext search functional functional specs Games Gang of Four Gauge Component GDI+ gem getting things done ghost GigaOm GIS applications Git github gitignore Golf Google Google Analytics Google Analytics for Flash Google Analytics for Flex google android Google App Engine Google calendar Google Closure Tools google docs Google Gadgets Google Gears google maps Google Web Toolkit Google X Prize GORM government g phone Grails Graphics graphing Greasemonkey Griffon Griffon Plugin Development Groovy GStreamer GTD Gwittir GWT GWT 2.0 GWT Layouts GWT Rich Internet Apps h.264 haml hardware Healthcare heuristic evaluation Hibernate high-performance teams hosting HTML Hudson Hype IBM IDE Ideation IE IE6 IE7 IE8 IE detection iGoogle Illustrator illustrator cs3 ILog ILOG JRules imacros importing graphics to flex Information Architecture information visualization infrastructure Innovation Instructional Design Interaction Design interaction patterns design Internship Interview iPad ipad development iPhone iPhone Development iphone framework iPhone SDK iPod ipod touch irb iteration IT M IT Mill Toolkit iTunes jakob nielson Java javafx Javascript JavaScript frameworks Javascript Libraries Java Web Start JBoss Rules Jess Jetty JIT jmeter jnlp job Jobs jQuery JSF JSON JSP JSR-94 JsUnit JVM JWS Kanban keynote Kindle kiosk laptop Lazlo Lean Legacy Systems leopard lightweight LinkedIn LINQ LINUX log4j logging Logical Model and Conceptual Model Low Pro Mac Maintainability Malware Manufacturing mapping marketing Marketplace Mash Note Mashups math measurement Meebo metal metaprogramming MetaWidget Methodology Microformats microsite Microsoft midVentures25 migrations minimalism Mobile mobile platform Mocha Mock mocking mock objects modeling mod_rails monitoring Mootools mortgage calculation mouse mouse scroll mouse wheel Mozilla Music MVC MySql natural key neal ford Netbook NetNewsWire networking NewNet news newspapers new york times nfjs NHibernate nokia notebook NSURLProtocol obj-c Object-Oriented Objective-C Object Relation Mapping (ORM) ocmock Office Om Malik OmniGraffle online spreadsheets OOAD OOP opengl Open Screen OpenSocial Open Source opensource Opera Oracle OReilly origami ORM os osx OS X Packer pagination pairing Pair Programming palm papervision3d Pathfinder Development Pathfinder Events Pathfinder General Patterns pdf pdf application development Peer Creation Performance Personas PGN Photoshop PHP Phusion Passenger physics physics engines planning play at work plugin plugins portableapps pragmatic prawn Predictions preloader presentation primary key privacy process Web/Tech Product Definition Product Design production environments Production Support productive programer productivity product launch product management product manager Product Strategy Progressive Enhancement project concept Project Manage project management Project Website Prototype Prototyping PureMVC Pure MVC purpose purpose built devices PV3D pyro QA qooxdoo Radiant CMS rails railscasts rails controllers rails development Rails Environment Tests rails gem rails polymorphic railsrx rails testing randori Really Simple History Refactor refactoring References regex regular expressions reporting Requirements Requirements Alice Toth requirements definition Requirements Visualization resesign Restlet RETE Review rfp ria Rich Interactions rich internet applicaiton rich internet applications risk management Robert Fogel ROI rspec ruby rubyamf Ruby on Rails Ruby on Rails Internship Ruby on Rails testing role ruport S3 SaaS Safari San Francisco Scalability Scenarios Scriptaculous Scrum SDLC Search Secretariat Security Selenium SeleniumIDE Semantic web SEO Server Side service oriented architecture shoulda Silverlight simplicity Sketch skins SOA soapUI Social Networking Software software arhcitecture software design software develoment Software Development Best Practices Software Engineering Software Maintenance Software Processes software product strategy Songbird SpiderMonkey Sprajax Spreadsheets Spring Framework StageScaleMode Standards standish starting projects Startups static typing Stencils Steve Jobs STI storytelling Story Telling strategy Stress Structured Design Struts Subclassing sun surrogate key Susan Boyle Swing tablet tabs tag taglib Tamarin Tank Engine Task Flows Task Switching tdd teams teamwork Technical Debt telephony Tellurium Test test::unit Test Driven Development Testing tether textmate The Ajax Experience throttling Tilt Component time timezone Tools touch touch screen touch screen kiosk TraceMonkey Training Trends Tumblr Tutorial Tutorials Twitter ubuntu UI UIViewController uml unit testing Unit Tests unity3d Upgrade Usability Usability Testing user centric design user driven agile user experience design User Experience Design user groups user interface User Interface Standards User Modeling User Research uxd Vaadin value velocity Venture Capital Video viral marketing Vision visual analytics visual design visual documentation Visualization VLC VML vmware Volta Waaler Surfaces wapcaplet waterfall watij watir web Web/Tech Web 2.0 web app Web Applications Web Design Web Development web forms web hosting Web Infrastructure Webkit Weblogs Web Services WebSockets Web Standards WebTest Widgets will_paginate Window Forms Development Windows windows development windows mobile WinForms Wireframes WordPress workflow work life balance xcode XML XML Metadata xp XUL Yahoo Map AS3 API YUI Zeigarnik Zeigarnik Effect ZendAMF ZK

Custom Software Developers since 1998. Hire us to build complex software that's easy to use.