Tuesday, August 30, 2016

JSON Information Management and Publishing for Technical and Non-technical users

Like it or not JSON is the data format of the web at the moment. It has found uses in application configuration, taxonomy management and pretty much any domain that used to be handled by XML is now increasingly being taken over by JSON.

While our Hivemind product is first and foremost a web application delivery platform, it doubles as a full-blown Structured Information Manager and Publisher for JSON information. Both technical and non-technical users can use it to create and publish complex structured information without writing code.


Hivemind has a sophisticated Smart Object technology that can be used to create complex objects that are then serialized as JSON.

About Smart Objects

  • Smart Objects are an executable construct on the Hivemind platform, in executable form the file format is itself JSON. You can see an example of a Smart Object executable here: http://crudzilla.s3.amazonaws.com/ip-range.json
  • Smart Objects can invoke other Smart Objects in the way that any executable construct (eg. a php file) should be able to invoke another executable.
  • Smart objects can be invoked in code (eg. Groovy,Javascript,Closure,Ruby) and the resulting complex object is a composite made up of java Objects and ArrayLists.You can use them in your code just like any other object.
  • Smart Objects can be secured in a number of ways
    •   Fields can be marked as final to prevent browser supplied overrides
    •   They can be restricted to only be invoked by another smart object, in other words not invokable directly from the browser.
    •   You can apply role based security as in any Java application, you actually define roles using a smart object :)
  • Smart Objects are composed using the file system structure, in other words you can organize a filesystem folder structure that mirrors your structured information. This is very intuitive and makes it easy to think about your JSON information.

Smart Objects in action

Below is an example of a Smart Object setup for the AWS ip list (https://ip-ranges.amazonaws.com/ip-ranges.json). You can imagine that IP list could be maintained by anyone, they don't need to even know what JSON is.





Benefits

Developers can offload management of JSON information to business users: Often times developers rely on information that is managed by business users, or at least that should be managed by business or non-technical users. For instance a developer building an e-commerce site would need to get information from a product catalog. A developer may need some taxonomy managed by someone else who's non-technical. In order for developers to work together with non-technical users requires the non-technical user mocking about with complex JSON or XML files, increasing the risk of breaking applications when they make simple syntax mistakes.

Whether it is in the domain of retail, healthcare, manufacturing or technology, structure information is everywhere. Hivemind's Smart object technology can help you tame your JSON information.



Friday, August 26, 2016

Hivemind 2.0 is out!

We're happy to announce the release of Hivemind 2.0. This release is a major UI upgrade with a design that conveys the modern approach to web application development that Hivemind is built for. As always your feedback is appreciated.





Wednesday, August 3, 2016

Something pretty, this way comes

It's been two years since there's been a significant development of Hivemind, that is coming to an end. We are going to ratchet up development of the platform and ramp up business activity to get customer acquisition in high gear. To that end we are working on a major UI overhaul of the Hivemind platform.


Hivemind is a very modern platform, the current UI is a bit dated. We are feverishly working on a modern UI upgrade to match the innovation of the platform. Below is a sneak preview of the new slick UI!:

Monday, July 20, 2015

Why Not Signed Password Authentication?

It is now universally acknowledged that basic password authentication does not offer sufficient security. 2-Factor authentication is a major improvement and hopefully would become the standard form of authentication over time.

Another approach that might work well would be to use public key cryptography to authenticate with a signed password instead of just the plain password.

An application (web or native) would generate the public/private key pair and store the private key locally while storing the public key along with the user's password on the server. This key generation can happen for instance during account sign up when it is clear the owner of the account is the one accessing it. Of course a key rotation mechanism can be devised to allow for a flexible way of rotating keys. This would all be transparent to the end user.

Instead of the user submitting just the password, they'll submit both the password and a timestamp based signature, ie plain password+current timestamp. This signature would be generated by the locally stored private key. For instance a developer could simply add Javascript to a login page that would generate the signature using the private key stored in the browser's local storage.

This can be implemented easily both for native and web apps without any complication to the sign-in process for the end user.

On the server, authentication would need to be tweaked of course, but the additional effort is minimal. On platforms like php it is just a matter of updating the authentication logic, on JVM platforms application servers can bake this in as an additional security option and make it easy to configure.

On the server, the signature would be verified using the stored public key and the user can be authenticated. Authentication can be denied perhaps based on some sort of user preference. For instance a user could specify that if they ever attempt to access their account without a valid signature, the server should deny access. Or a user could say if signature verification fails, failover to 2-factor authentication.


This can be of course combined with 2-Factor authentication. Also a process can be developed to make it easy to transfer the locally stored private key to other devices both permanently or temporarily.

Of course private keys could be stolen via other security weaknesses but this seems like a low hanging fruit approach to mitigating the effect of stolen passwords and brute force attacks on weak passwords, thereby significantly increasing the effectiveness of passwords.

At the end of the day, security is not about one perfect solution but rather a combination of solutions that together lead to an effective solution.

Just some thoughts...am I missing something here?

Monday, June 2, 2014

Javascript for Java (ie JVM)

One of the exciting developments in the recent JDK-8 release is the integration of the Nashorn Javascript engine.

Vertically integrated Javascript web application development

Nashorn allows for the development of applications in the Javascript language on the JVM, what this means in general is that you can build both the frontend and backend of web applications in the same language, ie Javascript.


What's in it for you

Vertically integrated Javascript development has great appeal as can be attested to by the popularity of NodeJS. For the JVM this offers massive opportunity. Currently a lot of businesses with JVM infrastructure are constrained by their inability to staff for their Java developer needs. With technology such as Nashorn, a JVM shop doesn't need to demand Java skills, instead as a JVM shop you can hire developers already skilled in Javascript and put them to work building your business applications while still taking full advantage of the massive JVM technology platform.


What HiveMind offers

What HiveMind has to offer is a ready to use web app platform for making full use of Nashorn. Currently if you want to use Nashorn without a platform like HiveMind, you'll either have to manually integrate it into an existing Java application or use it as an ordinary scripting facility. What HiveMind does however is allow a developer to use Nashorn as a fully functional web app solution by means of a middleware that wraps around the Nashorn engine. HiveMind is so far the easiest way to do vertically integrated Javascript web application development on the JVM.

Note
HiveMind ships with Mozilla Rhino Javascript engine, if you are running JDK-8 then using Nashorn is a trivial matter.

Friday, April 11, 2014

Installing HiveMind on a Digital Ocean droplet as a cloud IDE

Digital Oceon is the hot cloud hosting provider that makes setting up a cloud box a breeze.

Well it gets even easier when you throw HiveMind into the mix. HiveMind gives you a one-box hassle-free web app solution.

Assuming you are using a Ubuntu droplet (why would you be using anything else?:)), on the command line do the following:


  1. sudo add-apt-repository ppa:webupd8team/java
  2. sudo apt-get update
  3. sudo apt-get install oracle-java8-installer
  4. cd /home
  5. wget https://s3.amazonaws.com/crudzilla/hivemind.zip
  6. sudo apt-get install unzip
  7. unzip hivemind.zip
  8. cd hivemind/bin
  9. ./jetty.sh start
  10. goto: http://your-digitalocean-ipaddress:7000
  11. login with: developer/developer

You now have a ready to use web app platform that supports a bunch of languages, you can create new web apps as you need to.

Once you are logged in, you can change the login by going to System menu on the upper right and selecting Manage Users.

Wednesday, March 26, 2014

Introducing HiveMind

The Crudzilla Web Application Builder now has a name: HiveMind.

We have released a set updates mostly having to do with the UI builder in our steady move towards building the ultimate web app delivery platform.

Users will also now be able to receive automatic updates without having to download the whole distribution.