From: Douglas M. <dmc...@fi...> - 2010-07-16 03:27:22
|
On 07/15/2010 06:30 PM, Josep Andreu wrote: > > > Hi > >> As a worst case I suppose cloudsession.com (aka me) is willing to >> donate a fraction of the 1and1.com service I pay $10/month for. >> I'm currently only using<100G of their 250G space, and they have no >> bandwidth cap. I think I could set you up with a private and >> public sftp account to a web space directory, as well as a mysql >> database if you ever decide to go down that route. > > Wow ... that looks good :-) > > We have not take a final decision of what to do .... we need your > support to take decisions ... what I was think is a option in > settings if the user want to share presets ... then if they enable > the option .. each time hi puts a preset on a bank or save a preset > .. ask if hi wanna share ... then ask for some Notes ( like we have > in the docs in the list of presets) ... then send to the server. > Maybe with a external app .. That sounds like a good implementation outline to me. The only thing I see missing is- we need some way to perhaps throttle potential abuse, i.e. someone trying to upload a million presets. I guess I should look and see what tuxguitar and hydrogen are doing as far as authentication or limits go. > > The think is we dont know how to manage that ... because if we use a > "rakarrak" account for everybody ... code is open and everybody can > get the password ... and maybe the sftp can be filled with warez/spam > ... :-( I dont know if the server can be configured to only accept > files with a certain extension or with certain name .... ?? Yeah. And even privately, I realized I don't want to give access to the creation of arbitrary CGI scripts that run as my user to anyone. So the solution I'm thinking of now is- we write a cgi script (perl/python/php/whatever), stored in sf git, that I'd be in charge of putting into a webspace directory, i.e. perhaps http://rakarrack.cloudsession.com/import(.pl/.php/.py) It would be the one point of entry and validate* the file format of incoming presets/banks, and perhaps authenticate the user, before making the preset available in say- http://rakarrack.cloudsession.com/people/<username>/presets * prevents this from being used to distribute warez, etc. I would also have the cgi script store a duplicate copy in a private ftp account that the rakarrack admins would have, and some or all of you could periodically back that up, to mitigate the threat of me turning evil. Also for that reason, there should be a level of indirection. I.e. the rakarrack code could have a sourceforge url hardcoded in it, then when rakarrack starts up, it checks that, which returns the current location of the 'rakarrack cloud database', which at first can be at rakarrack.cloudsession.com. But again, if I turn evil, you can take the backup, host it somewhere else, and change the reference at sourceforge. > Also we need a app that generate a index of the presets in the > repository that users can load ... with a external app probably too > .. the thing is I dont know if the server can execute the app in > cron or when file is uploaded ... to generate the index. yeah, a cronjob would work, or to keep things simple, the import cgi script could and should do it for every import. Obviously at some point scale might be a problem, but I don't think we'll hit 10,000 and 100,000 presets in the DB _that_ soon :) > > Also could be good the possibility to manage banks too .... I really > dont know ... if you have suggestions ... please tell me :-) In the manner you described, perhaps the simplest first pass is just a hook for every time a preset or bank is saved. If the user has enabled support, they are prompted if they want to share. That is the upload side. Then the download side would be some kind of 'load preset/bank from cloud' that would download the index, let the user browse, and then load. Actually, being prompted for notes, should probably be a part of the preset and bank format, and a seperate issue. I.e. a user setting for whether or not to be prompted, that is independent of the network stuff. Also, when the user has not enabled prompting, we can still have menu entries for 'upload current bank/preset to the cloud'. Those are my thoughts for now... -dmc |