Everyone has been building their own real-time solutions for the past few years and re-inventing the wheel over and over again. We saw ourselves doing it too, so we thought maybe we should do something about it! We think Meteor is really exciting as well, and should enable faster / better development of the types of apps that Firebase powers.
I used Firebase to build thereelbox.com, and enjoyed it thoroughly. It took 2-3 hours from starting into the documentation to completed/nobugs/pushed to production. Credit for that speed goes entirely to Firebase.
TheReelBox uses Firebase as a sort of API caching layer. This protects against rate limiting on the Rotten Tomatoes API, decreases request time by caching queries to the Fandango-via-YQL API, and eliminates an extra request per movie for Youtube trailers.
At the beginning, this system made it possible to host TheReelBox on my public dropbox folder, which made for really fast development. Since launch I've moved the static html and js to a micro AWS instance, but Firebase cleanly and transparently handles all the data.
Any reason you don't host those static files on a public 'web enabled' ec2 bucket? We do that for http://www.incubatebang.com and it costs us like $1.40/year for hosting
That's a cool idea, Dropbox and S3 both seem like good ways to get started with Firebase really fast.
The AWS micro is free :) and it gives me a bit more flexibility to do things (in the future) like track outbound clicks to Fandango through a redirect that hits a real server.
Yeah, I'm an owner of http://www.isotope11.com and our designer threw it together in a couple of days. He's awesome, and he's leaving shortly, and we'll miss him :(
Wow !! As a movie buff myself I think I'll be vising you site almost everyday now. This is what I used to do before:
- Go to www.imdb.com
- Click on 'See more movie showtimes' at the right.
- On the next page, click on the 'Favorites' tab to choose a theater.
- Go to maps.google.com and plan the route to the theater.
This is definitely going to save me at least a few hours every week while I check which movie is playing at what location.
Just out of curiosity. Are you aware that all your data is fully editable through the admin panel? Or is it just a toy project and it doesn't really matter?
Still though, somebody could delete all the movies and showtimes in a couple of clicks. I presume you have the JSON backed up but it's still going to get annoying if somebody decides they want to be a dick.
true [backs up data]. the system will also auto-recover by falling back to the RT/YT/YQL APIs if someone does that, though pages will load significantly slower and Rotten Tomatoes will throw a bunch of rate-limiting errors until Firebase is repopulated.
Just a quick thing - for places that aren't so densely populated (like Tucson) it says there's no information. It'd be nice if you would expand your search a bit outside densely populated areas.
Good catch : ) We mention this briefly in our FAQ. We actually do have security in place (notice you can't enumerate other people's data for instance in our own tutorial), but the API is far from complete and we have no docs yet. There will be a full-fledged security model coming over the next few months.
That's only true until they launch a public product: at that point you can get access to or modify their data. It is downright irresponsible to launch a service like this that encourages people to use an insecure design for their service: security should be built in from the beginning, not tacked on afterwards, and even at the level of "this is a tutorial" it should be clear to the developer what they need to do to make it secure (not thrown into the advanced level of documentation, for example, like some companies do).
If I understand right: instead of having to worry about calling a REST API for a back-end data store I can just have JS objects persist automatically and synchronize between clients.
Dropbox for JS objects.
If I've got that right, I think this is totally awesome for front-end web devs and the most exciting backend-as-a-service out there.
Can't people find an alternative to the word "real-time" that hasn't already been used for 30 years to mean something entirely different? (As in, real-time systems, real-time operating systems, etc.)
I'm not trying to put down Firebase, I imagine it's great.
I don't think that it's a lost cause. Mainly because calling these things "real-time" is technically incorrect. Real-time computing is already formally defined and well established.
Given the definition of real-time, one could actually create a real-time web or a real-time search. So there is still cause for confusion--or, at least, technical incorrectness--if one uses that terminology.
I'd like to see a term that emphasizes that what web developers consider real time is "so fast it looks instant to humans," rather than guaranteed low latency that another system can rely on (or whatever you consider the true definition of "real time" to be).
So maybe something like "blink speed." (Then we'd have blink speed apps on retina displays.)
Is this your stock response for any article that mentions real-time? You made an identical comment yesterday about Meteor; only the name differs: http://news.ycombinator.com/item?id=3825728
No, I've never brought it up besides yesterday and today (as far as I recall), and I'm not planning to keep bringing it up and making it a crusade. I try to be a good community member.
Interstingly, I got much more feedback this time, probably due to catching the article soon after it was posted. It's also intersting that you noticed that I'd posted an identical comment yesterday and called me out on it; I was wondering if anyone would.
I hadn't given it much thought, but if making the same comment twice bothers anybody, I apologize.
Meteor dev here. I share your frustration. It's tough to find words to explain these systems that most people will understand. We managed to keep "realtime" off of the meteor.com page :) but we let it slip into the HN story title. That's because some smart people told us that readers scan HN headlines for keywords, and that "realtime" was the word that they were mostly likely to pick up on. I hope that soon we have an appropriate set of words for these new systems.
Interestingly, most of the core Meteor team has worked on systems that you might consider "actually" realtime: I wrote machine vision software that watches a few dozen cameras and tracks objects moving between them, Nick wrote software defined radio code that runs inside rural cell towers, Matt wrote kernel drivers for high performance IO interconnects.
This looks really good. It seems to be very similar to the Hydna app that was on HN yesterday. For the rest of us, that has to be a win. Can't wait to see how things develop with both companies now!
(Absolutely loved the interactive tutorial. Brilliant way to show off the service!)
I don't think they are trying to hide anything per se, the company grew from envolve.com. Seems to be pretty open here http://www.firebase.com/about.html
They'll probably remove the whois protection once they fully launch.
Firebase,
Burn your servers, you don't need them any more.
Firebase is for app developers that don't want to worry about building real time scalable back ends.
Random aside, but when I first saw this comment (it was originally downvoted, IIRC), it sounded like an incoherent insult directed at Firebase for catering to "noob" developers; I only realised that you meant it as a potential marketing line after reading a bit of your comment history :P. I think a colon in place of a comma at the start would have been more clear.
I was part of the beta and really enjoyed working with Firebase it was like working only in the browser, i could forget there was a backend.
Once you start playing with it you realize that there are so many apps that can be built.
the team has a few things to work on, and trust me many of us in the beta flushed a lot of those out. they have their work ahead of them. what's there is polished and ready for use. give it a try. use this as a chance to explore what can be done when you can forget about the backend.
Good question. Meteor is an application framework, like Ruby on Rails. Firebase is a database, like MySQL.
We both think that application development is going to radically change in the future and we're both building products that promote a new way of developing apps. We're stoked about Meteor and see our products as very complementary.
One minor quibble.. I like to think of Meteor as an "application platform" rather than a framework, because we're trying to take on some problems that web frameworks don't always tackle, like packaging and deployment. Also, we don't require you to use a particular strategy for generating HTML. For example, it makes sense to use backbone.js with Meteor, if that's your thing. At the end of the day, Meteor is about how you make all of the pieces fit together in a distributed cloud application. (For better or worse, that's what websites have morphed into, when you think about all of the APIs and services they use.)
Meteor dev here. If you're writing a Meteor application, you need a realtime database. Otherwise, Meteor can't make the page update in realtime, because it can't find out about database changes in realtime.
Firebase is a realtime database that you could use with Meteor. The database we use in the Meteor video is MongoDB with Meteor's 'mongo-livedata' package, which adds some realtime glue to Mongo. But there are many potential advantages to using a database that is designed from the ground up to be realtime, and we're very excited that the smart guys at Firebase are taking this on. We predicted that this would happen eventually, but we had no idea it would be so soon.
(If you don't like the word realtime, please s/realtime/reactive/)
Yes, except that we have tried to massively simplify FRP to make it more accessible and more familiar-feeling, and to break the system into pieces so it's not one monolithic blob.
I used to work at Asana, where I worked with Luna, which is Asana's inhouse framework and is a distributed FRP system very much like a future-alien-technology version of Flapjax.
This looks awesome -- a better option than an api-only Rails backend. Realtime pub/sub is also a big plus. Security is a concern with any 3rd party storage, but most uses I can think of wouldn't store missile launch codes in here anyway..
It's also worth pointing out that Firebase grew out of Envolve which supported millions of users, so you know these guys can handle scale.
That being said, I do believe the hardest part of all these attempts to abstract backends is authentication and security models. It seems to me that most of these services launch before figuring out that critical part of the puzzle.
We're using authentication in our Firebase app and it works wonderfully. Although all data is visible on the Firebase backend, we simply put pointer ids in Firebase, so no identifying data is publicly visible.
I believe they are working on a fully documented and stable auth solution; we're running something custom for now. Our whole Firebase namespace is read-only, so all our writing happens with a private key from our server. I think when the Firebase admin panel has more protection we can store more sensitive/identifiable data in there.
Meteor dev here. You're absolutely right that authentication is one of the hardest parts. What's happening is that the web is moving from a model analogous to mainframes and dumb terminals (where there is a central authority directly driving everyone's screens), to a distributed model where there are a lot of different actors, with different levels of trust for each other.
Figuring this stuff out is hard. Usually for questions that come up in this shift, we have a good model we can look at, which is the client/server desktop applications of the late 80s and early 90s. But in the case of authentication and security, they tell us not so much, because in those days most software lived inside private corporate silos. These days, our software not just technologically distributed, it's politically distributed.
In the case of Meteor, it's designed from the ground up for security. In fact, it's a second generation security model, designed after reflecting on lessons learned from Asana's Luna platform (I worked on Luna at Asana for a while in 2010.) It just isn't exposed in a user-friendly way in the Tuesday release.
But people dug into the code, found it, and are using it anyway, whether we like it or not. Briefly, 'meteor remove autopublish', use Meteor.publish to define what data clients can access, use Meteor.subscribe to control what data a particular client is getting, use Meteor.methods to define what writes clients can do, and see the following Stack Overflow question to disable the 'newbie mode' insert()/update()/remove() that let you do arbitrary writes to the database.
I just asked them twice on their chat to describe their infrastructure and they won't do it, at least yet.
I realize this is in beta, and it's early, but am I the only one who would not trust my data to a service where I can't get at least some idea of how they're actually functioning behind the curtain?
But just like meteor, doesn't have any authentication or authorisation, which sadly makes them just toys for now. Looking forward to both projects becoming usable.
Can someone explain what kind use-cases there are for a database where the client can read and write directly against the database? CouchDB could do this (via CouchApp), but I bet not many people do this because it's bad from security and scaling standpoint and I think there aren't that many types of apps that can be created without a proper back-end.
A real-time client-side library that ties in to their database hosting service, basically.
Also, if you want to have any non-realtime parts of your web app that do server-side processing of data then it looks like you have to use Node.js to talk to Firebase, as there's no REST API for it that I can see. I guess they don't mind because they're trying to get you to do all data processing in the client anyway.
Definitely need security and permissions. How do I make sure only registered users of my site can access chat? How do I make sure only admin users can create new chat threads? From my brief reading it looks like all clients can see everything in the database and modify it all. Am I wrong?
We're definitely working on security full speed. We have some basic security but it's not ready yet. If you'd like to beta test it, please email us: beta@firebase.com
It uses a variety of techniques, depending on what is available on the client. When possible we use web sockets in the browser, but have other methods we can use when they're not available.
147 comments
[ 98.0 ms ] story [ 4557 ms ] threadSeems there is a huge development ongoing to reflect new development and scaling practices...
EDIT: REALLY like the RT-Chat on the site - that is showcasing as it should be (and not just another "Demo" button).
TheReelBox uses Firebase as a sort of API caching layer. This protects against rate limiting on the Rotten Tomatoes API, decreases request time by caching queries to the Fandango-via-YQL API, and eliminates an extra request per movie for Youtube trailers.
At the beginning, this system made it possible to host TheReelBox on my public dropbox folder, which made for really fast development. Since launch I've moved the static html and js to a micro AWS instance, but Firebase cleanly and transparently handles all the data.
Definitely recommend it.
The AWS micro is free :) and it gives me a bit more flexibility to do things (in the future) like track outbound clicks to Fandango through a redirect that hits a real server.
And its got TRAILERS too !!! I'm addicted !!
Sorry, I'll stop.
Seriously though, this is a neat toy/prototyping platform, but they desperately need to add some security for it to be really useful.
Might I recommend incorporating some sort of mechanism to help people figure out a movie to watch?
- Sort by (name, start time, rating, distance)
- include video playback controls, useful info such as time of preview, buffering, etc..
- X out or remove videos from my personal view, this would be KILLER to allow me to narrow down my choices as I watch videos
From the Leader Board sample:
// Use setWithPriority to put the name / score in Firebase, and set the priority to be the score.
userScoreRef.setWithPriority({ name:name, score:newScore }, newScore);
How about I just change newScore to 100,000 in the debug window?
Great website BTW.
This sounds like Model-as-a-service from the MVC pattern.
http://news.ycombinator.com/item?id=3834211
Dropbox for JS objects.
If I've got that right, I think this is totally awesome for front-end web devs and the most exciting backend-as-a-service out there.
I'm not trying to put down Firebase, I imagine it's great.
http://en.wikipedia.org/wiki/Real-time_web#Real-time_search
Just make sure people say web after they say real-time and there should be no confusion.
Given the definition of real-time, one could actually create a real-time web or a real-time search. So there is still cause for confusion--or, at least, technical incorrectness--if one uses that terminology.
So maybe something like "blink speed." (Then we'd have blink speed apps on retina displays.)
Interstingly, I got much more feedback this time, probably due to catching the article soon after it was posted. It's also intersting that you noticed that I'd posted an identical comment yesterday and called me out on it; I was wondering if anyone would.
I hadn't given it much thought, but if making the same comment twice bothers anybody, I apologize.
Interestingly, most of the core Meteor team has worked on systems that you might consider "actually" realtime: I wrote machine vision software that watches a few dozen cameras and tracks objects moving between them, Nick wrote software defined radio code that runs inside rural cell towers, Matt wrote kernel drivers for high performance IO interconnects.
(Absolutely loved the interactive tutorial. Brilliant way to show off the service!)
They'll probably remove the whois protection once they fully launch.
Once you start playing with it you realize that there are so many apps that can be built.
the team has a few things to work on, and trust me many of us in the beta flushed a lot of those out. they have their work ahead of them. what's there is polished and ready for use. give it a try. use this as a chance to explore what can be done when you can forget about the backend.
We both think that application development is going to radically change in the future and we're both building products that promote a new way of developing apps. We're stoked about Meteor and see our products as very complementary.
One minor quibble.. I like to think of Meteor as an "application platform" rather than a framework, because we're trying to take on some problems that web frameworks don't always tackle, like packaging and deployment. Also, we don't require you to use a particular strategy for generating HTML. For example, it makes sense to use backbone.js with Meteor, if that's your thing. At the end of the day, Meteor is about how you make all of the pieces fit together in a distributed cloud application. (For better or worse, that's what websites have morphed into, when you think about all of the APIs and services they use.)
Firebase is a realtime database that you could use with Meteor. The database we use in the Meteor video is MongoDB with Meteor's 'mongo-livedata' package, which adds some realtime glue to Mongo. But there are many potential advantages to using a database that is designed from the ground up to be realtime, and we're very excited that the smart guys at Firebase are taking this on. We predicted that this would happen eventually, but we had no idea it would be so soon.
(If you don't like the word realtime, please s/realtime/reactive/)
I used to work at Asana, where I worked with Luna, which is Asana's inhouse framework and is a distributed FRP system very much like a future-alien-technology version of Flapjax.
It's also worth pointing out that Firebase grew out of Envolve which supported millions of users, so you know these guys can handle scale.
That being said, I do believe the hardest part of all these attempts to abstract backends is authentication and security models. It seems to me that most of these services launch before figuring out that critical part of the puzzle.
Figuring this stuff out is hard. Usually for questions that come up in this shift, we have a good model we can look at, which is the client/server desktop applications of the late 80s and early 90s. But in the case of authentication and security, they tell us not so much, because in those days most software lived inside private corporate silos. These days, our software not just technologically distributed, it's politically distributed.
In the case of Meteor, it's designed from the ground up for security. In fact, it's a second generation security model, designed after reflecting on lessons learned from Asana's Luna platform (I worked on Luna at Asana for a while in 2010.) It just isn't exposed in a user-friendly way in the Tuesday release.
But people dug into the code, found it, and are using it anyway, whether we like it or not. Briefly, 'meteor remove autopublish', use Meteor.publish to define what data clients can access, use Meteor.subscribe to control what data a particular client is getting, use Meteor.methods to define what writes clients can do, and see the following Stack Overflow question to disable the 'newbie mode' insert()/update()/remove() that let you do arbitrary writes to the database.
http://stackoverflow.com/questions/10115042/how-do-you-secur...
At the end of the demo you are asked if you'd like early access. Definitely.
We might need a snappier name though, because this sort of real time is a lot more real time that the type of real time people are already used to.
I realize this is in beta, and it's early, but am I the only one who would not trust my data to a service where I can't get at least some idea of how they're actually functioning behind the curtain?
But just like meteor, doesn't have any authentication or authorisation, which sadly makes them just toys for now. Looking forward to both projects becoming usable.
Also, if you want to have any non-realtime parts of your web app that do server-side processing of data then it looks like you have to use Node.js to talk to Firebase, as there's no REST API for it that I can see. I guess they don't mind because they're trying to get you to do all data processing in the client anyway.
Definitely need security and permissions. How do I make sure only registered users of my site can access chat? How do I make sure only admin users can create new chat threads? From my brief reading it looks like all clients can see everything in the database and modify it all. Am I wrong?
Also, there is a rest API and I believe they're working on clients for other platforms so that nodejs isn't the only player in town.
We're definitely working on security full speed. We have some basic security but it's not ready yet. If you'd like to beta test it, please email us: beta@firebase.com
You can check out our FAQ for more info: http://www.firebase.com/faq.html
What kind of browser compliance is there?