147 comments

[ 98.0 ms ] story [ 4557 ms ] thread
Simply Amazing!!
Wow, im excited what people are doing out of this (especially in combination with other new tools like Meteor).

Seems there is a huge development ongoing to reflect new development and scaling practices...

EDIT: REALLY like the RT-Chat on the site - that is showcasing as it should be (and not just another "Demo" button).

Everyone has been building their own real-time solutions for the past few years and re-inventing the wheel over and over again. We saw ourselves doing it too, so we thought maybe we should do something about it! We think Meteor is really exciting as well, and should enable faster / better development of the types of apps that Firebase powers.
Meteor dev here. We're really excited about Firebase -- the time has come for realtime databases. Every Meteor app needs one.
I used Firebase to build thereelbox.com, and enjoyed it thoroughly. It took 2-3 hours from starting into the documentation to completed/nobugs/pushed to production. Credit for that speed goes entirely to Firebase.

TheReelBox uses Firebase as a sort of API caching layer. This protects against rate limiting on the Rotten Tomatoes API, decreases request time by caching queries to the Fandango-via-YQL API, and eliminates an extra request per movie for Youtube trailers.

At the beginning, this system made it possible to host TheReelBox on my public dropbox folder, which made for really fast development. Since launch I've moved the static html and js to a micro AWS instance, but Firebase cleanly and transparently handles all the data.

Definitely recommend it.

Any reason you don't host those static files on a public 'web enabled' ec2 bucket? We do that for http://www.incubatebang.com and it costs us like $1.40/year for hosting
That's a cool idea, Dropbox and S3 both seem like good ways to get started with Firebase really fast.

The AWS micro is free :) and it gives me a bit more flexibility to do things (in the future) like track outbound clicks to Fandango through a redirect that hits a real server.

I love the design of your site! Did you have it done in-house?
Yeah, I'm an owner of http://www.isotope11.com and our designer threw it together in a couple of days. He's awesome, and he's leaving shortly, and we'll miss him :(
Hey, I like your app! I would use it again if I could expand the map to make it larger. Would be the perfect tool for finding a movie.
Nice. The Hunger Games is a rickroll? Is that something you did?
Haha; see nigma's earlier comment about the open admin panel.
Nice. The Hunger Games is a rickroll? Is that something you did?
Wow !! As a movie buff myself I think I'll be vising you site almost everyday now. This is what I used to do before:

  - Go to www.imdb.com
  - Click on 'See more movie showtimes' at the right.
  - On the next page, click on the 'Favorites' tab to choose a theater.
  - Go to maps.google.com and plan the route to the theater.
This is definitely going to save me at least a few hours every week while I check which movie is playing at what location.

And its got TRAILERS too !!! I'm addicted !!

Your comment makes me very happy, please enjoy!
You can also type 'movie showtimes' into google and there is a nice interface with maps which shows movies and which theatres they're playing at.
(comment deleted)
Just out of curiosity. Are you aware that all your data is fully editable through the admin panel? Or is it just a toy project and it doesn't really matter?
yes, side project. my real focus is http://segment.io
Still though, somebody could delete all the movies and showtimes in a couple of clicks. I presume you have the JSON backed up but it's still going to get annoying if somebody decides they want to be a dick.
true [backs up data]. the system will also auto-recover by falling back to the RT/YT/YQL APIs if someone does that, though pages will load significantly slower and Rotten Tomatoes will throw a bunch of rate-limiting errors until Firebase is repopulated.
I'll be honest, it's kind of fun to go to [REDACTED URL] and delete the list of movies and watch them repopulate as people load the site...

Sorry, I'll stop.

Seriously though, this is a neat toy/prototyping platform, but they desperately need to add some security for it to be really useful.

This was also a concern after browsing trough the tutorial. how do we secure the data if it's available to everyone ;)
Just a quick thing - for places that aren't so densely populated (like Tucson) it says there's no information. It'd be nice if you would expand your search a bit outside densely populated areas.
Really nice site! I love the UI. But please make it available for other countries too (me: Switzerland!)!
That's quite useful! I hope you're making money from it.
That's quite useful! I hope you're making money from it.
Your app actually reminds me of a movie version of my app. Kudos!

Might I recommend incorporating some sort of mechanism to help people figure out a movie to watch?

FYI, hangs on buttering popcorn in Opera.
Awesome dude. Great idea and execution for 3 hrs of work! Minor suggestions:

- Sort by (name, start time, rating, distance)

- include video playback controls, useful info such as time of preview, buffering, etc..

- X out or remove videos from my personal view, this would be KILLER to allow me to narrow down my choices as I watch videos

This is cool. But can someone explain how data is secured in Firebase or Meteor?

From the Leader Board sample:

// Use setWithPriority to put the name / score in Firebase, and set the priority to be the score.

userScoreRef.setWithPriority({ name:name, score:newScore }, newScore);

How about I just change newScore to 100,000 in the debug window?

Good catch : ) We mention this briefly in our FAQ. We actually do have security in place (notice you can't enumerate other people's data for instance in our own tutorial), but the API is far from complete and we have no docs yet. There will be a full-fledged security model coming over the next few months.
Thanks. It will be interesting to see how you guys do that.

Great website BTW.

Highly interested in what you plan to offer for authentication options and security (both data and transport).

This sounds like Model-as-a-service from the MVC pattern.

That's only true until they launch a public product: at that point you can get access to or modify their data. It is downright irresponsible to launch a service like this that encourages people to use an insecure design for their service: security should be built in from the beginning, not tacked on afterwards, and even at the level of "this is a tutorial" it should be clear to the developer what they need to do to make it secure (not thrown into the advanced level of documentation, for example, like some companies do).
If I understand right: instead of having to worry about calling a REST API for a back-end data store I can just have JS objects persist automatically and synchronize between clients.

Dropbox for JS objects.

If I've got that right, I think this is totally awesome for front-end web devs and the most exciting backend-as-a-service out there.

Can't people find an alternative to the word "real-time" that hasn't already been used for 30 years to mean something entirely different? (As in, real-time systems, real-time operating systems, etc.)

I'm not trying to put down Firebase, I imagine it's great.

Sorry - I think "real-time web" is already in our lexicon.

http://en.wikipedia.org/wiki/Real-time_web#Real-time_search

Just make sure people say web after they say real-time and there should be no confusion.

I don't think that it's a lost cause. Mainly because calling these things "real-time" is technically incorrect. Real-time computing is already formally defined and well established.

Given the definition of real-time, one could actually create a real-time web or a real-time search. So there is still cause for confusion--or, at least, technical incorrectness--if one uses that terminology.

Suggestions?
Low-latency seems kinda descriptive if I have understood the 'real-time web' concept correctly.
I'd like to see a term that emphasizes that what web developers consider real time is "so fast it looks instant to humans," rather than guaranteed low latency that another system can rely on (or whatever you consider the true definition of "real time" to be).

So maybe something like "blink speed." (Then we'd have blink speed apps on retina displays.)

I've heard "auto-synchronizing" suggested, but I think that's probably too wordy to catch on. How about "immediate"?
Is this your stock response for any article that mentions real-time? You made an identical comment yesterday about Meteor; only the name differs: http://news.ycombinator.com/item?id=3825728
No, I've never brought it up besides yesterday and today (as far as I recall), and I'm not planning to keep bringing it up and making it a crusade. I try to be a good community member.

Interstingly, I got much more feedback this time, probably due to catching the article soon after it was posted. It's also intersting that you noticed that I'd posted an identical comment yesterday and called me out on it; I was wondering if anyone would.

I hadn't given it much thought, but if making the same comment twice bothers anybody, I apologize.

Meteor dev here. I share your frustration. It's tough to find words to explain these systems that most people will understand. We managed to keep "realtime" off of the meteor.com page :) but we let it slip into the HN story title. That's because some smart people told us that readers scan HN headlines for keywords, and that "realtime" was the word that they were mostly likely to pick up on. I hope that soon we have an appropriate set of words for these new systems.

Interestingly, most of the core Meteor team has worked on systems that you might consider "actually" realtime: I wrote machine vision software that watches a few dozen cameras and tracks objects moving between them, Nick wrote software defined radio code that runs inside rural cell towers, Matt wrote kernel drivers for high performance IO interconnects.

This looks really good. It seems to be very similar to the Hydna app that was on HN yesterday. For the rest of us, that has to be a win. Can't wait to see how things develop with both companies now!

(Absolutely loved the interactive tutorial. Brilliant way to show off the service!)

This is the way to do demos - easy enough for a non-coder to use, but it explains and shows the internals for more experienced developers. Nice work!
Thank you! Glad you like it!
on a sidenote: I wouldn't do business with or trust my data to a company that hides their actual address behind whois protection
Good point. This was on while we were in stealth. I've removed the whois protection.
(comment deleted)
I don't think they are trying to hide anything per se, the company grew from envolve.com. Seems to be pretty open here http://www.firebase.com/about.html

They'll probably remove the whois protection once they fully launch.

Firebase, Burn your servers, you don't need them any more. Firebase is for app developers that don't want to worry about building real time scalable back ends.
Random aside, but when I first saw this comment (it was originally downvoted, IIRC), it sounded like an incoherent insult directed at Firebase for catering to "noob" developers; I only realised that you meant it as a potential marketing line after reading a bit of your comment history :P. I think a colon in place of a comma at the start would have been more clear.
I was part of the beta and really enjoyed working with Firebase it was like working only in the browser, i could forget there was a backend.

Once you start playing with it you realize that there are so many apps that can be built.

the team has a few things to work on, and trust me many of us in the beta flushed a lot of those out. they have their work ahead of them. what's there is polished and ready for use. give it a try. use this as a chance to explore what can be done when you can forget about the backend.

Phenomenal. I've been waiting to try this for months! It looks terrifically easy.
What is the difference between this and let's say 'Meteor'?
Good question. Meteor is an application framework, like Ruby on Rails. Firebase is a database, like MySQL.

We both think that application development is going to radically change in the future and we're both building products that promote a new way of developing apps. We're stoked about Meteor and see our products as very complementary.

Could Firebase be used as a database for Meteor? (i.e. replacing Mongo)
(comment deleted)
yes. There is a node.js library for Firebase that uses websockets as a transport layer.
Good answer :)

One minor quibble.. I like to think of Meteor as an "application platform" rather than a framework, because we're trying to take on some problems that web frameworks don't always tackle, like packaging and deployment. Also, we don't require you to use a particular strategy for generating HTML. For example, it makes sense to use backbone.js with Meteor, if that's your thing. At the end of the day, Meteor is about how you make all of the pieces fit together in a distributed cloud application. (For better or worse, that's what websites have morphed into, when you think about all of the APIs and services they use.)

Meteor dev here. If you're writing a Meteor application, you need a realtime database. Otherwise, Meteor can't make the page update in realtime, because it can't find out about database changes in realtime.

Firebase is a realtime database that you could use with Meteor. The database we use in the Meteor video is MongoDB with Meteor's 'mongo-livedata' package, which adds some realtime glue to Mongo. But there are many potential advantages to using a database that is designed from the ground up to be realtime, and we're very excited that the smart guys at Firebase are taking this on. We predicted that this would happen eventually, but we had no idea it would be so soon.

(If you don't like the word realtime, please s/realtime/reactive/)

Would you say that Meteor is a functional reactive programming platform like Flapjax or FrTime, but over the wire? Distributed FRP?
Yes, except that we have tried to massively simplify FRP to make it more accessible and more familiar-feeling, and to break the system into pieces so it's not one monolithic blob.

I used to work at Asana, where I worked with Luna, which is Asana's inhouse framework and is a distributed FRP system very much like a future-alien-technology version of Flapjax.

This looks awesome -- a better option than an api-only Rails backend. Realtime pub/sub is also a big plus. Security is a concern with any 3rd party storage, but most uses I can think of wouldn't store missile launch codes in here anyway..

It's also worth pointing out that Firebase grew out of Envolve which supported millions of users, so you know these guys can handle scale.

Another great step in the right direction.

That being said, I do believe the hardest part of all these attempts to abstract backends is authentication and security models. It seems to me that most of these services launch before figuring out that critical part of the puzzle.

We're using authentication in our Firebase app and it works wonderfully. Although all data is visible on the Firebase backend, we simply put pointer ids in Firebase, so no identifying data is publicly visible.
Care to elaborate? Firebase's FAQ seems to suggest that they're still working on a solution.
I believe they are working on a fully documented and stable auth solution; we're running something custom for now. Our whole Firebase namespace is read-only, so all our writing happens with a private key from our server. I think when the Firebase admin panel has more protection we can store more sensitive/identifiable data in there.
What level of control do you have for authentication? I didn't see much info on this on the website.
Write control was most important for us; all the readable data are simply id's to our internal DB
Meteor dev here. You're absolutely right that authentication is one of the hardest parts. What's happening is that the web is moving from a model analogous to mainframes and dumb terminals (where there is a central authority directly driving everyone's screens), to a distributed model where there are a lot of different actors, with different levels of trust for each other.

Figuring this stuff out is hard. Usually for questions that come up in this shift, we have a good model we can look at, which is the client/server desktop applications of the late 80s and early 90s. But in the case of authentication and security, they tell us not so much, because in those days most software lived inside private corporate silos. These days, our software not just technologically distributed, it's politically distributed.

In the case of Meteor, it's designed from the ground up for security. In fact, it's a second generation security model, designed after reflecting on lessons learned from Asana's Luna platform (I worked on Luna at Asana for a while in 2010.) It just isn't exposed in a user-friendly way in the Tuesday release.

But people dug into the code, found it, and are using it anyway, whether we like it or not. Briefly, 'meteor remove autopublish', use Meteor.publish to define what data clients can access, use Meteor.subscribe to control what data a particular client is getting, use Meteor.methods to define what writes clients can do, and see the following Stack Overflow question to disable the 'newbie mode' insert()/update()/remove() that let you do arbitrary writes to the database.

http://stackoverflow.com/questions/10115042/how-do-you-secur...

Congrats on the launch of Firebase and absolutely love the code demo; it hooks you in.

At the end of the demo you are asked if you'd like early access. Definitely.

It's been a good week for the real-time-web.

We might need a snappier name though, because this sort of real time is a lot more real time that the type of real time people are already used to.

I just asked them twice on their chat to describe their infrastructure and they won't do it, at least yet.

I realize this is in beta, and it's early, but am I the only one who would not trust my data to a service where I can't get at least some idea of how they're actually functioning behind the curtain?

Looks very nice.

But just like meteor, doesn't have any authentication or authorisation, which sadly makes them just toys for now. Looking forward to both projects becoming usable.

Can someone explain what kind use-cases there are for a database where the client can read and write directly against the database? CouchDB could do this (via CouchApp), but I bet not many people do this because it's bad from security and scaling standpoint and I think there aren't that many types of apps that can be created without a proper back-end.
A real-time client-side library that ties in to their database hosting service, basically.

Also, if you want to have any non-realtime parts of your web app that do server-side processing of data then it looks like you have to use Node.js to talk to Firebase, as there's no REST API for it that I can see. I guess they don't mind because they're trying to get you to do all data processing in the client anyway.

Definitely need security and permissions. How do I make sure only registered users of my site can access chat? How do I make sure only admin users can create new chat threads? From my brief reading it looks like all clients can see everything in the database and modify it all. Am I wrong?

There are ACLs for handling security concerns, but it's fairly early in their conception so they aren't really documented yet.

Also, there is a rest API and I believe they're working on clients for other platforms so that nodejs isn't the only player in town.

Fantastic job. This looks phenomenal, James! I can't wait to find an awesome project to put this to good use. Cheers!
I couldn't find any (easily accessible) info about what it actually uses to communicate. Is it long-polling, websockets, something else?

What kind of browser compliance is there?

It uses a variety of techniques, depending on what is available on the client. When possible we use web sockets in the browser, but have other methods we can use when they're not available.