I am running an Angular app inside app engine. Recently this application was PEN tested and one of the issues that came up was around TLS1.0 and TLS 1.1 in use.
The recommendation from these results are to disable all TLS protocols before TLS1.2. Only use cipher suites considered cryptographically strong.
The application presently doesnt have a custom domain and is purely hosted on .appspot.com
How do I achieve this? Would I need to use a custom domain for this? I've tried read around but feel a little out of my comfort zone with this.
Thanks
To achieve that you should contact directly GCP's Support Team.
Bear in mind that this is not supported within the free trial support package.
If you don't have a Support Plan, upgrading to the Development plan with only 1 user would be enough to open a support case and request TLS changes for the needed domains.
Related
I have tried various ways to connect to different DB engines (asynchronously), but they all failed when I deployed the code and executed it via my browser in WASM format. The code worked well for UWP tho, so I'm a bit baffled.
Although there's a sample for SQLLite in browser, it wasn't too helpful for me. Hopefully someone could give me a few pointers to continue. Thanks in advance
The support for SQLite is about running the database inside of the browser itself, but not about running it from a remote database.
If you need to have such a support, you will need to have a .NET SQL provider that supports plain HTTP/S or WebSockets, which is available for cloud-based databases.
In general though, you may want to consider a WebAssembly app as a mobile app for which it is best to access remote resources like databases through a Web API.
Note that the Chrome developers have in mind the creation of a RAW sockets API, which would enable TCP non-HTTP connections to be created.
I'm need to create an ipad app that has access to a relational database as well a lot of images (which should be hosted on the web). My boss suggested that I use Filemaker, as he has a license for one of the versions.
I searched the web for information on what is the best way to do this but I'm not 100% sure I got it right.
Is it possible to use Filemaker for the following?
Create a relational database
'Host' images
Run custom scripts (optional but not strictly required)
Publish all of the above to the web, to be accessed by an ios app (and later an web app) through an API.
I understand the the first three points can be done but couldn't find much on how to publish everything and then access it securely later.
Are there better alternatives?
Thank you in advance
FileMaker Server has a fairly good XML API that supports all operations, including FileMaker scripts. It can be used as is or through the official PHP client. There's also an unofficial Python client for it.
Is there a good solution for A|B Testing in mobile apps like online? I know with iOS it's against the TOS to have different user experiences with identical actions, but what about Android? And what about firms like Apsalar which claim to offer A|B Testing in their analytics for apps? How would one implement that?
Artisan mobile makes an A/B testing solution for iOS and Android.
The basic idea is that you drop the SDK in your app and then put it out in the app store. You can use the service to create A/B tests and optimize your application without having to touch the code or go back through the app store for each test.
For mobile apps, A/B testing basically works by replacing static, hard-coded objects with dynamic objects that can be controlled from a remote server.
This methodology raises a potential performance issue: What if the end user's device is not connected to pull configuration data for an object being tested? We've built Splitforce (http://splitforce.com) to seamlessly setup and manage A/B testing in mobile apps while controlling for performance risk.
Los details
Once the SDK and experiment has been integrated, non-technical product or marketing folks can setup new tests or tweak existing tests on-the-fly - without having to resubmit to the app stores or hassle engineers.
On first app launch, the mobile app requests configuration data from the server and then caches that data locally on the device. This is to both ensure a consistent user experience on subsequent app launches, and prevent corrupt test results by guaranteeing accurate attribution of conversion events to variations.
If the end user's connection fails or is timed-out on first app launch, the library displays a hard-coded 'default' variation. And to make sure that everything is looking good before you go live, we've built a 'shake to preview' functionality in debug mode that does just that :-)
Once the app is deployed with Splitforce event data are stored locally and sent back to the website to be displayed for each variation alongside measurements of observed improvement and statistical confidence.
Instructions on integration of the SDKs and new tests can be found at https://splitforce.com/documentation.
And how is it used?
We've seen Splitforce used to A/B test:
UI elements + layouts (color, text, images, ad/menu placements)
UX workflows
Game dynamics + rules
Prices + promotions
We've also seen the tool used to control mobile apps remotely, by essentially setting one variation of a test subject to 100%.
Yes there is: E.g. the company Leanplum offers a Visual Interface Editor for iOS and Android: This requires no coding, and Leanplum will automatically detect the elements and allow you to change them. No engineers or app store resubmissions required.
Apple must have updated their TOS (https://developer.apple.com/app-store/review/guidelines/#user-interface) - At least I am not aware of anything that prohibits altering the UI in a way that the Leanplum Visual Editor is doing it.
Generally that is achieved by method swizzling (iOS) and reflection (Android).
To learn more about the Leanplum Visual Interface Editor, check out leanplum.com. They offer a free 30-day trial.
(Disclaimer: I am an Engineer at Leanplum.)
I wrote a small open source project called Switchboard.
It let's you A/B test, remote configure and stage rollout things in your native mobile app. It contains a server component that specifies what information the application should have and 2 native clients for android and iOS.
You can find the codebase at github.com/keepsafe/switchboard and a blog post about how you can use it HERE
The new kid around the block is Arise.io. They provide an A/B testing service for iOS and Android.
I wrote MSActiveConfig, an extremely flexible framework to do remote configuration + A/B testing on iOS, with a portable format to be able to implement clients on other platforms: https://github.com/mindsnacks/MSActiveConfig.
This framework is being used in applications with more than 5 million users.
There have been a spate of new entrants in this field...you could check out Swerve, Appiterate, leanplum...all of them seem to be having SDKs for iOS as well, not really sure whether and how Apple TOS allows for that, but since there are some many of them doing it, there must be a way.
Yes, new entrants are showing up in app A/B testing practically every week! But, I think Appiterate has gone two steps ahead of other competitors by creating a visual interface, without any need to re-write code. I have seen their platform (you can ask for an invite. I got a demo within 12 hours) and believe me, it is actual WYSIWYG that they are providing.
I just heard that a company I do work for may be bringing in the Pyxis Mobile application development system. When I google it most of what I find is from the company's web site and that is not very informative from a geek perspective. Can any one shed some light on what sort of programming environment it is and what programing language is involved (please let there be a text based language). Any additional information would be great.
Note: the company/product changed their name to Verivo in January.
Full Disclosure - I work as an engineer at Pyxis Mobile. However, I have been in the mobile space for 7+ years and have evaluated several approaches to mobile so hopefully this is helpful.
Pyxis Mobile provides a set of tools and components to build cross platform mobile applications. Let me outline them first.
1. Application Studio - All application development, backend integration, user provisioning and application maintenance/debugging is done w/in this tool. Application Studio (for now) is a Windows based desktop app.
2. Application Clients - Pyxis Mobile provides native client runtimes for iPhone, iPad, BlackBerry, and Android devices. These runtimes get branded for the customer through a build service and are primed to point to a specific Application Server URL.
3. Application Server - Pyxis Mobile App Server runs on the .NET stack (on IIS). All client communication is proxied via this server. This server is able to connect to varied of backend systems (via the Plugin Framework listed below) and respond to the client in a mobile optimized manner. This server needs a SQL Server (2005 or newer) for configuration access, session management, logging and more.
4. Plugin Framework - The Plugin Framework is a backend component that provides system specific pre-built access to several of the enterprise and cloud based systems (Oracle, Siebel, SAP, Salesforce.com, social feeds, REST/SOAP web services, etc.) and also offers an API layer in .NET and Python (using IronPython) to allow even further customization. A plugin is essentially comprised of one or more DLLs or a Python file. These assets are then dynamically loaded to normalize communication between Pyxis Mobile and the customers' backend systems.
5. Push Services - This provides a cross-platform push layer that can poll a backend system for change and alert a mobile device via BlackBerry Push, Apple Push Notification Services (APNS) or Android's Cloud to Deice Messaging (C2DM).
6. OverWatch Analytics - This is an optional (but included) component to track users/devices and provide integrated analytics on what the users are using and what kind of devices and locales makes up your users.
The application itself is "coded" via configuration that is build in App Studio. Pyxis Mobile abstracts away from the code so that you can work at a higher level without having to worry about the wide array of device variances (GPS, touch screens, camera, accelerometer, push, screen resolution, etc.). You can drag fields onto a from, connect screens via menus or buttons, set up caching rules and more in this graphical utility. This configuration (essentially think of an XML like document) is interpreted by the native client layer to produce a rich application. There is also a scripting layer in Lua that allows to really customize behavior via code.
The real value of Pyxis Mobile comes up when you have change to make. The clients check for new configuration at app startup or if the server forces the client to get new configuration. This gives you great agility. Lets say once your application is deployed you want start using the swipe gesture to go next/prev through a set of records. This change on other platforms would mean writing some platform specific code to trap and interpret the swipe to perform a navigation (you couldn't trap a swipe on a non-touch screen). However, in Pyxis Mobile this is a simple configuration change that can be quickly deployed to the App Server and the clients automatically download and use the new configuration. No compilation, no redeployment or re-download for the end users.
I could keep going, but hope this provides some level of guidance.
Beware of Pyxis Mobile. While many of the things they say do work, there are some serious platform issues (as a geek) which I've experienced.
1) No version control system process. The Application studio can basically only be developed on by one person at a time or you risk having your changes overwritten by a fellow developer. The "principle of last save" is very much in play.
2) No unit test coverage. This isn't the biggest issue for a lot of people, but it's a concern for anyone who wants to work in the Enterprise world.
3) The middleware server gets you some value, but it's also a PITA to work with. There is no concept of "client side storage" unless you consider the middleware server the client side. If your phone goes out of coverage, your app won't work. Again, this might not be an issue for you.
4) The application has no true scripting language to work with. The middleware server allows you to intercept requests and responses and modify what you're doing there, but it's not the most elegant solution considering that a native application can have something as simple as "if this then X else Y." This can be accomplished with Pyxis, but the whole process is convoluted and more complicated than one would think it needs to be.
5) Lack of documentation. There's some training guides and the GUI is easy enough to get around for simple apps; however, when you need to do something with guts, you're left relying on Pyxis professional services. There's really no developer community to pose questions to.
I have more complaints, but they are more opinion oriented than Q/A oriented.
I just got note about the most recent comments. I don't want to turn this into a thread of back and forth, but did want to throw a couple of quick notes.
Regarding the points on version control and documentation/developer community - no big contest there. We are definitely working on these shortcommings. We have some basic pieces in place, but we have big plans to focus on this.
Regarding unit testing - we provide a very open interface to our middleware and backend components and they can be very easily unit tested with a bit of instrumentation. We run a ton of unit and integration tests internally. However, mobile unit testing is extremely difficult to get right. We'll investigate this further.
Regarding #4 around middleware and offline capabilities - things are a lot different now. With version 7.1, 7.2 and 7.3 our products have increasing become more capabale offline and now features a secure local database if necessary. I can provide more details as necessary, but you can certainly login and operate the app even if you are out of coverage for weeks at a time!
Regarding #5, we've had a scripting engine for over 2 years. Its Lua based and its actually quite powerful and fast. It was BlackBerry only till the most recent release. Given Apple's change of stance on allowing scripting we now allow scripting on BlackBerry, iPad, iPhone and Android as well now!
#RockMeetHardplace - feel free to reach out to me directly and I'll be happy to give you more detailed live demos of our latest platform. I am at - arunSPAMNOTatpyxismobiledotcom (drop the "SPAMNOT" and replace the at and dot). I happen to be the Director of Software and interested in knowing more about the issues you had.
How can I run a WebSocket server on top of Google App Engine? Is it possible? Will it be possible?
Is it possible?
No.
You can't right now because GAE doesn't allow generic inbound socket connections. Each request is also limited to 30 seconds but this could easily be worked around with automatic reconnection and session tracking.
Will it be possible?
Probably.
Google has been one of the biggest (main) promoters of the WebSockets standard. I would be surprised if they don't push support for it into GAE at some point in the future. Note that the WebSockets draft standard is still in flux so Google might be hesitant to add support before the standard is more solid.
Here is the bug for WebSockets support on GAE: http://code.google.com/p/googleappengine/issues/detail?id=2535
Note that a google employee indicates it's not on the roadmap but that they know it would be useful. That's about as positive an answer as you get from google about features that have not been announced. I recommend adding your voice to that bug in favor of WebSocket support. It can't hurt.
Also, depending on your application, you may consider the Channel API which will likely have GAE support soon:
http://googleappengine.blogspot.com/2010/05/app-engine-at-google-io-2010.html
http://bitshaq.com/2010/09/01/sneak-peak-gae-channel-api/
EDIT (2015): the Channels API is available now (it has been for a while).
All of these answers are out of date.
The Channel API has been deprecated. Google strongly recommends you use Firebase.
It is also worth noting, that Google has now released the flexible environment.
With the flexible environment, you could easily allow socket connections, or use Python 3.
It's officially supported now.
See https://cloud.google.com/appengine/docs/python/channel/
EDIT: the Channel API is supported, not WebSockets. The Channel API is built on WebSockets, but it doesn't give you direct access to the WebSocket. I suppose it's good enough for typical Web apps.
As of January 9, 2019 it is officially in Beta now - but only for App Engine flexible. For example, see the Python documentation. According to the issue tracker, it will work with any language, though.
You can't.
GAE limits HTTP requests to 30 seconds, WebSockets expect to have connection open for a long time.
Will it be possible? Only Google knows this.
A couple people have gotten websockets working with GAE with the help of another server... checkout http://code.google.com/p/typhoonae/wiki/WebSockets
There's also this: https://cloud.google.com/appengine/docs/go/sockets/
It's experimental and very low level though.
Google App Engine has recently launched support for Websockets on App Engine Flexible Environment. You can take a look at their blog post.
https://cloud.google.com/blog/products/application-development/introducing-websockets-support-for-app-engine-flexible-environment
June 2019
Websocket support for GAE is now supported under SLA for Flex.
Hi everyone, I'm happy to announce that Websockets support
for Flex is now Generally Available! We've made no changes since Beta
but Websockets traffic is now subject to our SLA.
We've also published documentation for this feature for all App Engine Flex languages.
See https://issuetracker.google.com/issues/35886348#comment285
Hope helps, but seems to be supported now. 2021
[https://cloud.google.com/appengine/docs/flexible/java/using-websockets-and-session-affinity][1]