Shinefire Studios

Did you catch that Google is releasing an operating system?  It prompted me to think about the future of desktop apps, desktop operating system as we know them currently, and cloud computing.

I use 3 desktop apps right now:

• Photoshop
• Picasa
• iTunes

That’s it.  Everything else I do in a browser.   Word processing and spreadsheets: Google Docs.  Email: Gmail.  Etc.

With the advent of streaming media sites like Hulu, Netflix, and Pandora…I can’t help but think iTunes will be replaced by web-based versions sooner rather than later.

If you think about it…Apple is already making that move on the iPhone OS 3.0 with wifi downloads of music, podcast, and movies. As the iPhone hard drive storage increases, and wifi download speeds increase…there won’t be much of a need for iTunes.

As far as the Adobe Suite of products go – I don’t think they’ll move away from the desktop. At least not in the next 5 years. Performance requirements are ridiculously high for these apps, and unless websites can find a way to harness the end-user’s CPU through a browser…it ain’t happenin anytime soon.

I’ve been trying to figure out a way to centralize all of my data across computers. Cloud storage and backup has piqued my interest. Carrying an external backup hard drive around everywhere with me isn’t always convenient. Or secure. So I signed up for a free Dropbox account this morning and am gonna give it a test run between all of my machines.

I’m hoping that the cost of cloud storage will continue to decrease, but for about $0.15 per gig…it’s worth it to have 24/7 backups of most of my personal data…not to mention 24/7 accessibility from a web browser.

Final thought:

We are happy users of Basecamp.  When I finished installing Dropbox, I couldn’t help but think “what if I could sync project files to our Basecamp storage?”

Or, what if I could bring my own storage when I signed up for Basecamp?

Extraordinary times, folks.

The topic of tonight’s meeting of the Raleigh Ruby Brigade was Rails Authentication Options, and featured a presentation by Aaron Bedra of Relevance.

Some of the plugins and gems Aaron mentioned were quite familiar to me, such as Restful Authentication and Clearance.  Others, like Authlogic, I hadn’t seen before.

I scribbled some notes during Aaron’s talk and figured someone might find them useful:

###

Rails Authentication Plugins

Restful Authentication

• simple authentication
• a small, single application for user authorization
• the authors of the plugin have done their homework, and seem to have a better overall understanding of how authentication should work
• lots of great documentation surrounding this plugin
• the current release doesn’t really have developer-friendly tests, however

Authlogic

• cleaner code base
• easy to install
• script/plugin install …. run a generator, run the migrations….up and running
• tests tied to Shoulda test framework

Clearance

• new
• clean code, lots of tests

All of the above:

1. are easy to install
2. have decent tests built in
3. are non-transferable
4. are great for single apps that aren’t that big

Single Sign On Authentication Servers

Central Authentication Service

• CAS…originally a java project

Rubycas Server

• bundling apps together on a server
• tests aren’t amazing

Castronaut

• CAS implementation that’s a little more sound and with good tests
• A CAS server should say, “hey, authentication source…is this user cool with us?”
• has adapters for the different authentication systems
• easier to maintain adapters than the code base
• can run multiple authentication sources…against LDAP directory & a database
• can have fallback authentication sources…”try here, if fail, try here”
• to use proprietary auth systems…all you have to do is write the adapter, and you’re done
• to have multiple domain authentication…where there might be an app on one domain and an app on another domain, you have to write another layer of cas, and there’s the issue of domain trust

OAuth

• used by Flickr
• used by the major Google apps
• Facebook supposed to be supporting it
• rails plugin – code.google.com/p/oauth-plugin/
• need ruby oath gem
• twitter’s using the OAth plugin
• using oath returns control, and can revoke keys at any time…unlike cached passwords
• downside => fairly new

Other

Bcrypt

• a crypto-algorithm for generating secure password hashes and the like
• crypto algorithms many times judged on the increase and decrease in CPU resource costs when generating hashes for security
• bcrypt-ruby gem

Lessons

• don’t roll your own authentication framework, leave it to the professionals
• don’t do your own crypto
• if the app is big, really security conscious….split admin concerns
• create a separate admin application…don’t expose www.domain.com/admin to public
• TEST
• if you can…hire somebody to audit your authentication system and try to break into your app, a team of security experts preferably
• don’t just take the plugin, install it, and assume it’s secure
• when in doubt, ask for help from plugin creators, mailing lists, and the like

###

Are there any other systems that you use for rails authentication or single sign-on?  Add your favs in the comments!

…and it needs a nice little visualization, try grabbing yourself a Wordle and populating it with your delicious bookmarks or your rss feed.

Here’s a visualization of my delicious bookmarks:

Apparently I spend a lot of time researching rails, linux, and wordpress. Yup, sounds about right. What a geek!

Forward-thinking Editorial Director Paige Glazer of the local magazine Richmond Hill Reflections recognized the need to develop an online presence for her print publication, and recently chose Shinefire Studios as her web development partner in crime.

Richmond Hill Reflections is currently distributed for free across the town of roughly 10,000 and is supported by local business advertisements.  The bi-monthly magazine showcases the “beauty and many unique characteristics” of the low country in and around Richmond Hill, Georgia.

We’re excited to have Richmond Hill Reflections on the project calendar, and look forward to working with Paige and her team.

Are there any features you’d like to see on their new website?  Let us know in the comments!

[Update]: The Reflections site is now live: http://www.richmondhillreflectionsmag.com/

Chances are, the domain name you’ve thought of for your new app or new business has already been taken.  Heck, I think we went through about 200 names (and therefore domain possibilities) before finally coming to Shinefire Studios and its respective URL.

The following process worked for us, and we suggest you try these steps out the next time you choose a domain:

1. Create a shared Google Spreadsheet for easily logging and collaborating on potential names and URLs
2. Hit up the thesaurus or wikipedia to maximize your business-naming potential
3. Pick out your top 20 favorite names from the spreadsheet
4. Try out each of the top 20 names on the super-quick domain checking site, Ajax Whois

How do you choose your domain names?  Let us know in the comments!