I have webspace and I was thinking of setting up a git repository on it.
If I am developing software and I want to host a repository (CVS, SVN, git, etc) online, is there any reason not to use a standard web hosting provider (GoDaddy, etc) to do this?
I'm thinking in terms of security, reliability, etc.
One reason for not using a standard-company is that usually shell-access is needed to setup a Version Control System (VCS). Many providers don't give shell access on normal webspaces.
When you are developing open-source software I'd recommend hosting at SourceForge, github, Google Code or similar providers, as your code is public there, you will get an issue tracker and several other tools that may help you. On github for example adding more developers to your project is very easy.
When you are developing closed-source software you still can use github, this gives you the same advantages as mentioned above, but of course it costs you a few bucks a month. Open-Source projects are free.
So while there is no real reason to not use standard hosting providers there are good reasons to use a company dedicated on hosting code.
As you asked especially for security: github (I use it as an example, as I host my code there as well) gives you a full list of information of what they do to ensure your code is safe.
Related
I'm new to web development and just built my first website with .Net Core. It's primarily HTML, CSS, and JavaScript with a little C# for a contact form.
Without recommending any service providers (question will be taken down), how do I go about deploying the website? The more details the better as I have no idea what I'm doing haha.
Edit: I am definitely going to go with a service provider, however the business I am building the website for doesn't have a large budget so I want to find the best provider at the lowest cost.
Daniel,
As you suspect, this is a bit of a loaded question as there are so many approaches. One approach is to use App Services within Microsoft Azure. You can create a free trial Azure account to start that includes a 200.00 credit, which is more than enough to do all of this for free. Then, using the Azure Management Portal, create an App Service (also free) on an App Service Plan in a region that makes sense for you (i.e. US West). Once you do that, you can download what is called a Publish Profile from within the App Service's Management Portal in Azure.
If you're using Visual Studio, for example, you can then right click your project and "Publish" it (deploy to the cloud, or the App Service you just created). One option in that process is to import an Azure Publish Profile, which you can do with the one you just downloaded. This makes it really simple. The Publish Profile is really just connection information to your Azure App Service (open it in Notepad to see). It will chug for a bit and then publish and load the app for you. You can also get to the hosted version of your app by clicking the Url of the app in the App Service management portal on the main page.
This may be oversimplifying what you need to do, but this is a valid direction to take. AWS and others have similar approaches.
Again, tons of ways to do this, but this is a free approach. :-) I don't consider Azure a Service Provider in the sense that you asked us not to. Instead, I wanted to outline one turn-key approach with specific details on how to get there.
You can find specific steps in a lot of places, such as this link:
https://www.geeksforgeeks.org/deploying-your-web-app-using-azure-app-service/
DanielG's answer is useful, but you mentioned you don't want use any services from service provider.
Usually, there are only three ways to deploy the program,
first one is the app service provided by the service provider mentioned by DanielG,
**Benefits of using service provider products:**
1. Very friendly to newbies, follow the documentation to deploy the application in a few minutes.
2. It offers a very stable, scalable service that monitors the health of our website.
3. We can get their technical support.
**Shortcoming**
It is a paid service, and although Azure's service has a free quota, it will run out.
**Suggestion**
It is recommended that websites that are officially launched use the services of service providers.
second one is to use fixed IP for access (it seems that fixed iPv4 IP is not provided in network operations),
**Benefits of using fixed IP:**
If there is a fixed IP address, or if the carrier supports iPv6, we can deploy our website, and the public network can access it. And if you have domain, it also can support https.
**Shortcoming**
1. There are cybersecurity risks and are vulnerable to attack.
2. Without perfect website health monitoring, all problems need to be checked by yourself, and it is very troublesome to achieve elastic expansion.
**Suggestion**
It is generally not recommended because there is no fixed IP under normal circumstances. Broadband operators used to offer it, but now it doesn't.
If you are interested, you can try ipv6 to test.
the last one is to use tools such as ngrok or frp for intranet penetration.
**Benefits of using intranet penetration:**
Free intranet penetration services such as ngrok, the URL generated by each run is not fixed, and there are some limitations, such as a new URL will be generated after a certain period of time, which is enough for testing.
Of course you can purchase the service of this tool, which provides fixed URLs and supports https.
**Shortcoming (same as the second one)**
**Suggestion**
The functional implementation is the same as the second suggestion, and the physical devices used by the website are all their own. The intranet penetration tool (ngrok, or frp) solves the problem of not having a fixed IP, providing a URL that you can access.
There are few users and the demand for web services is not high, so it is recommended that individual users or small business users use ngrok and frp in this scenario. Generally suitable for OA use in small businesses.
My research and development environment calls for a heavily customised TRAC with a corresponding subversion repository and a binary file store (e.g. WebDAV).
I have my eye on at least 10 plugins that I would like to use (from integration with time tracking software, to specialist mathematics/code rendering). I'd also like to write my own plugins.
I am looking for a commercial host that will allow me to self-manage my TRAC plugins. I've looked into (and contacted) a few of the commercial providers from the TRAC Commercial Services list, including:
Project Locker
Repository Hosting
SVN Repository
Project Locker have described that they do a code review of plugin requests and handle it on their end (unspecified time period). Repository Hosting have said that they "will probably not add support for that in the near future". SVN Repository have said "you won't be able to install any new plugins" and have suggested one of their VPS accounts instead.
Short of managing my own VPS or dedicated server, does anybody know of a commercial SVN/TRAC host who allows paying customers to install their own plugins? I would have thought a chroot environment would have made this a no-brainer!
(Note: this was originally posted on programmers but was down-voted and I was advised to move it here. Quoting from their FAQ: implementation issues or programming tools (ask on Stack Overflow instead))
You'll probably find a hard time finding what you're looking for because as Craig mentioned in his comment, the concept of commercial hosting services typically revolves around limiting a customer's ability to customize. Keeping things relatively uniform means that the hosting company can manage systems and deploy automated updates much more easily and won't have to worry about their scripts breaking because of something odd that one customer installed or re-configured.
If you want to be able to install and configure plugins at will, I highly recommend going the VPS route and managing the server yourself. It's easier than you might expect (I was thrown into this situation and was pleasantly surprised). You can start with something like the Bitnami Trac stack, which is a virtual machine image that has a Linux OS plus Trac and all of the support tools (database, webserver, etc) set up and ready to go. If you use that as a starting point, all you should have to do is customize your Trac settings and install your plugins.
If you really don't want to have anything to do with the management aspect, remember that you can always go the VPS route and contract out the administration work separately. It might be easier if the hosting provider and the system admin come from the same company, but it's not a requirement. Given the flexibility and customization that you need, this might be a more realistic option.
I am developing a Remote Software Provisioning system that should be able to handle all deployment, installation, un-installation and upgrades of software components. Software can be in any language (java, .net, c/c++ etc) and target side can be PC, embedded systems and smart phones.
I have found Apache ACE as good candidate for developing this system.
I want to know if there is any advantage/necessity of using OSGi at target side as Apache ACE can do software provisioning to non-OSGi targets as well.
Having a modular framework like OSGi at the client side is a huge advantage when doing remote management, because it gives you much insight into what's happening inside - installed bundles, dependencies, states of the bundles, available services etc. This helps a lot when you have to solve a problem remotely. Another advantage is that OSGi basically forces programmers to develop proper modular and dynamic systems, which makes (remote) updating much easier.
So, if you have to decide now what language and framework to use for the client side, I strongly recommend OSGi for the embedded and mobile clients. For the PCs (I guess you mean desktop PCs?) this is probably not the best choice - it depends a lot what you want to achieve there. If you want to install MS Office remotely OSGi won't bring you forward ;)
However, if you already have existing programs at the client side and are discussing whether to convert them to OSGi, I would recommend to investigate some time first to see whether they can be converted easily. Some software packages could give you a lot of trouble converting to OSGi, not because OSGi is complex, but because the program itself is not modular and has a lot of assumptions about the static nature of the environment (e.g. nothing ever disappears, parts of the system never get updated etc.). The irony in the matter is that these are exactly the programs which will give you most trouble later anyway no matter which remote provisioning system you chose.
If you have OSGi at some of the targets be sure to use a remote provisioning system which gives you access to the full OSGi functionality and not only the most basic and simple install and update functions. I haven't yet used Apache ACE, but I have experience with another provisioning system - mPower Remote Manager. Here are some snapshots from the documentation which can give you a feeling what is possible with OSGi as a base - you can draw your own conclusions whether it will be useful for your case or not.
I've given some examples in the other question you asked:
What are the non-osgi targets with which Apache ACE can work
You can write your own management agent that talks to the ACE server and installs artifacts. There actually are a couple of places where you could hook in your own code and protocol. Is there a concrete language/environment you're thinking of using, or are you just exploring the possibilities right now?
Well, the advantages of OSGi haven't changed, so for that I can refer you to the standard page.
To be a bit more constructive, I'll read the question as 'Should I bother converting my application to OSGi, as it is not necessary for ACE?'
I think that depends on what 'kind' of updating mechanism you're after. If you have a monolithical application (at least from the provisioning perspective) which you deploy and update only as a whole (Like an iOS app) then there isn't much to gain for provisioning purposes by using OSGi.
For the rest I can tell you the same as I tell anybody else: Converting an application to OSGi isn't hard, but modularizing code can be a nightmare, but something you'll need to face at some point, OSGi or not. If your code is modularized already, using OSGi should be a piece of cake.
I am looking for a tool capable of generating multiple Xmpp connections to load-test a XMPP server with a secure connection, especially starttls.
For a xmpp plain text authentication I had used jab_simul(followed this tutorial) and tsung both with success.
But I was unable to use the tolls above for the starttls,I peeked into the code of both tools and tried different configurations of the tools.
Another option I am pondering is using a xmpp library like eXmpp and make a specific load-testing tool myself with, instead of altering jab_simul (C software with comments in language i do not understand) or altering tsung(all purpose load-testing tool, so lots of place where you can go wrong).
short-story - I am looking for a tool or advice to stress-testing/load-testing a xmpp server.
We are facing exactly the same challenge right now. After deep consideration we found out that only especially build software can deliver the load we want to test. (Remember, you can configure ejabberd to something very specific :-)
For that we developed a small library called xmpp_talker https://github.com/burinov/xmpp_talker (Apache Licence) which is a kind of xmpp client made as a gen_server. I find it is a very nice starting point to build any kind of load simulation software. There is also echo_worker example included. So, you have good base to start. At the moment xmpp_talker is suited for exmpp 0.9.7. As far as I know in a few days will be out version 1.0.0. (or 0.9.9?) There are many bug fixes (trust me you don't want to know about them). On monday I will release xmpp_talker for exmpp 0.9.8 with proper service interruption handling.
In case you deside to go the same way xmpp_talker could be useful for you.
Added: Here is also great article that is realted to the topic: https://support.process-one.net/doc/display/EXMPP/Scalable+XMPP+bots+with+erlang+and+exmpp
There's also the recently started XMPP benchmarking project called xmppench which aims to be a high-performance benchmarking tool simulating some reasonable use cases of XMPP servers. It's written in C++, based on Swiften and boost.
We've discussed SSO before. I would like to re-enhance the conversation with defined requirements, taking into consideration recent new developments.
In the past week I've been doing market research looking for answers to the following key issues:
The project should should be:
Requirements
SSO solution for web applications.
Integrates into existing developed products.
has Policy based password security (Length, Complexity, Duration and co)
Security Policy can be managed using a web interface.
Customizable user interface (the password prompt and co. screens).
Highly available (99.9%)
Scalable.
Runs on Red Hat Linux.
Nice to have
Contains user Groups & Roles.
Written in Java.
Free Software (open source) solution.
None of the solutions came up so far are "killer choice" which leads me to think I will be tooling several projects (OWASP, AcegiSecurity + X??) hence this discussion.
We are ISV delivering front-end & backend application suite. The frontend is broken into several modules which should act as autonomous unit, from client point of view he uses the "application" - which leads to this discussion regrading SSO.
I would appreciate people sharing their experience & ideas regarding the appropriete solutions.
Some solutions are interesting
CAS
Sun OpenSSO Enterprise
JBoss Identity IDM
JOSSO
Tivoli Access Manager for Enterprise Single Sign-On
Or more generally speaking this list
Thank you,
Maxim.
What about FreeIPA?
"FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 (formerly known as Fedora Directory Server), MIT Kerberos, NTP, DNS. It consists of a web interface and command-line administration tools."
If you focus on web applications, check out http://oauth.net/.
CAS has strong adoption, user-base, and a strong lead (who recently switched jobs, but is still comitted to the project). It is straightforward to integrate (if you're comfortable writing Java code/configuring Spring beans), and can do all your requirements, noteably:
SSO solution for web applications.
YES
Integrates into existing developed products.
YES (though some cleaner than others - but many modules are available for major products, and it supports common standards (SAML, OpenID).
has Policy based password security (Length, Complexity, Duration and co)
*YES - can easily be implemented, and some extensions to integrate with LDAP (probably the most common user store) are supported
Security Policy can be managed using a web interface.
NO - though one could be build fairly simply - if you're comfortable with development, and given that this is likely to be a non-trivial project, I'd recommend considering this a non-blocker given that the product is open-source
Customizable user interface (the password prompt and co. screens).
YES - easily customized through some basic HTML/CSS editing
Highly available (99.9%)
YES - both reliable, and can support multiple node/failover scenarios easily
Scalable.
YES - used in many high-traffic environments both intranet and internet
Runs on Red Hat Linux.
YES
Oracle Enterprise Single Sign-On is not what you're after - it requires a Windows executable to be deployed. Oracle Access Manager is closer to what you're after (though it's not free or Java-based).
The major commercial players in the Identity and Access Management (IAM) market space are CA, Oracle, IBM, Sun and Novell. None of these are free solutions but they have many of the features that you are looking for.
For free software, I recommend DACS: The Distributed Access Control System. I know that one department where I work has implemented this with great success. It doesn't have as many features the commercial IAM products but otherwise is a good solution.
I have used Tivoli Access Manager backing onto Websphere and IIS boxes - the way it writes access information into the page headers is very useful. On the downside, I didnt find the DB2 Ldap backend very scalable or reliable, and you know with IBM this isn't going to come cheap.
Also the asynchronous paths (junctions) used to identify different servers is a bit of a hack really eg http://mysite/myserver/myapp - a very bad idea and not thought through very well.