
Show HN: Firebase, a scalable real-time backend - jamest
http://firebase.com
======
pkrein
I used Firebase to build thereelbox.com, and enjoyed it thoroughly. It took
2-3 hours from starting into the documentation to completed/nobugs/pushed to
production. Credit for that speed goes entirely to Firebase.

TheReelBox uses Firebase as a sort of API caching layer. This protects against
rate limiting on the Rotten Tomatoes API, decreases request time by caching
queries to the Fandango-via-YQL API, and eliminates an extra request per movie
for Youtube trailers.

At the beginning, this system made it possible to host TheReelBox on my public
dropbox folder, which made for really fast development. Since launch I've
moved the static html and js to a micro AWS instance, but Firebase cleanly and
transparently handles all the data.

Definitely recommend it.

~~~
vvnraman
Wow !! As a movie buff myself I think I'll be vising you site almost everyday
now. This is what I used to do before:

    
    
      - Go to www.imdb.com
      - Click on 'See more movie showtimes' at the right.
      - On the next page, click on the 'Favorites' tab to choose a theater.
      - Go to maps.google.com and plan the route to the theater.
    

This is definitely going to save me at least a few hours every week while I
check which movie is playing at what location.

And its got TRAILERS too !!! I'm addicted !!

~~~
pkrein
Your comment makes me very happy, please enjoy!

------
zmmmmm
Seems slightly misleading with the pitch about "no servers". More like,
"proprietary Javascript framework locked to proprietary hosted cloud service,
no information about pricing".

Not that I begrudge anybody the chance to make some money, but along with
Meteor I feel like there's a slightly deceptive nature to this kind of thing
where the home page is emblazoned with "look, it's all free!" when in fact
there's an unknown price to pay down the line.

~~~
ma2rten
Firebase is not really super complicated. It's just a database with a REST
Api. I can not think of much more things they could add to lock you in more. I
think if this becomes a thing, someone will make an opensource clone sooner or
later.

About Meteor: There might be a lot of things wrong with Meteor (insecure by
design), but this is not one of them: it's opensource and has a command which
makes a self containing tar.gz bundle for you to deploy on your own server.

~~~
mayop100
Firebase is a lot more than a database with a REST API. It pushes changes to
you live, as they happen, in a way that is fast enough that you can use it for
real-time gaming, collaborative whiteboards, and other apps could never work
with a polling architecture.

It also does the work of managing distributed state of data across all of the
clients and the server, and merging that data as needed to prevent conflicts
in a distributed network like this. In fact, it allows you to run operations
atomically across this distributed system -- operations that are latency-
compensated, and work even in offline mode.

And finally, it can scale, with no work from the developer.

~~~
julochrobak
Yeah sure!

Suddenly there is a solution to distributed always consistent real time fully
scalable reliable easy to use inexpensive database :)

Do you know this saying? "Nobody can give so much as I can promise you."

------
smoody
Here's my big concern: If my entire app is client-based JavaScript, wouldn't
that make cloning my app as simple as copying all of the JavaScript and other
asset files and then associating them with another firebase account -- perhaps
modifying them some so they dont't get banned?

It seems like it lowers the barrier to competition a bit too much for me.

~~~
felixchan
I think you're thinking a little too short-term here. It seems like a jump in
technology that could completely change the way people build apps.

~~~
jchrisa
Glad to see interest in the idea. It's not much different from what people
have been doing with projects like <http://couchapp.org> or
<http://unhosted.org/> for some time.

Once you have a basic HTTP database API, you can do most of an app in client-
side JS. Security is the hardest part to get right. In CouchDB we've tried to
follow the web security model when it makes sense (single origin policy,
oauth, etc).

CORS and WebSocket are both changing the web model, so it's not surprising to
see the idea of a simple data API catching on as the web gets more power.
Can't wait to see where this goes.

------
Yxven
When the multi-player asteroids story was published, people were talking about
Firebase, and having never heard of it, I started googling and found this:
<http://www.cubeia.com/index.php/products/firebase> A scalable real-time game
server with a html5/javascript front end. I still don't know which Firebase
that game was built with. You guys have trademark issues.

~~~
ranit8
MMOasteroids.com links to firebase.com

------
amirnathoo
If I understand right: instead of having to worry about calling a REST API for
a back-end data store I can just have JS objects persist automatically and
synchronize between clients.

Dropbox for JS objects.

If I've got that right, I think this is totally awesome for front-end web devs
and the most exciting backend-as-a-service out there.

------
arturadib
Another great step in the right direction.

That being said, I do believe the hardest part of all these attempts to
abstract backends is authentication and security models. It seems to me that
most of these services launch before figuring out that critical part of the
puzzle.

~~~
nicholasreed
We're using authentication in our Firebase app and it works wonderfully.
Although all data is visible on the Firebase backend, we simply put pointer
ids in Firebase, so no identifying data is publicly visible.

~~~
arturadib
Care to elaborate? Firebase's FAQ seems to suggest that they're still working
on a solution.

~~~
nicholasreed
I believe they are working on a fully documented and stable auth solution;
we're running something custom for now. Our whole Firebase namespace is read-
only, so all our writing happens with a private key from our server. I think
when the Firebase admin panel has more protection we can store more
sensitive/identifiable data in there.

------
IanDrake
This is cool. But can someone explain how data is secured in Firebase or
Meteor?

From the Leader Board sample:

// Use setWithPriority to put the name / score in Firebase, and set the
priority to be the score.

userScoreRef.setWithPriority({ name:name, score:newScore }, newScore);

How about I just change newScore to 100,000 in the debug window?

~~~
mayop100
Good catch : ) We mention this briefly in our FAQ. We actually do have
security in place (notice you can't enumerate other people's data for instance
in our own tutorial), but the API is far from complete and we have no docs
yet. There will be a full-fledged security model coming over the next few
months.

~~~
saurik
That's only true until they launch a public product: at that point you can get
access to or modify their data. It is downright irresponsible to launch a
service like this that encourages people to use an insecure design for their
service: security should be built in from the beginning, not tacked on
afterwards, and even at the level of "this is a tutorial" it should be clear
to the developer what they need to do to make it secure (not thrown into the
advanced level of documentation, for example, like some companies do).

------
javert
Can't people find an alternative to the word "real-time" that hasn't already
been used for 30 years to mean something entirely different? (As in, real-time
systems, real-time operating systems, etc.)

I'm not trying to put down Firebase, I imagine it's great.

~~~
IanDrake
Sorry - I think "real-time web" is already in our lexicon.

<http://en.wikipedia.org/wiki/Real-time_web#Real-time_search>

Just make sure people say _web_ after they say real-time and there should be
no confusion.

~~~
javert
I don't think that it's a lost cause. Mainly because calling these things
"real-time" is technically incorrect. Real-time computing is already formally
defined and well established.

Given the definition of real-time, one _could_ actually create a real-time web
or a real-time search. So there is still cause for confusion--or, at least,
technical incorrectness--if one uses that terminology.

~~~
IanDrake
Suggestions?

~~~
pgroves
I'd like to see a term that emphasizes that what web developers consider real
time is "so fast it looks instant to humans," rather than guaranteed low
latency that another system can rely on (or whatever you consider the true
definition of "real time" to be).

So maybe something like "blink speed." (Then we'd have blink speed apps on
retina displays.)

------
lucian1900
Looks very nice.

But just like meteor, doesn't have any authentication or authorisation, which
sadly makes them just toys for now. Looking forward to both projects becoming
usable.

------
haberman
I'd love to see the host-proof scheme that ZeroBin uses, so users can store
sensitive data without having to trust Firebase.
<http://news.ycombinator.com/item?id=3832269>

------
jpdus
Wow, im excited what people are doing out of this (especially in combination
with other new tools like Meteor).

Seems there is a huge development ongoing to reflect new development and
scaling practices...

EDIT: REALLY like the RT-Chat on the site - that is showcasing as it should be
(and not just another "Demo" button).

~~~
mayop100
Everyone has been building their own real-time solutions for the past few
years and re-inventing the wheel over and over again. We saw ourselves doing
it too, so we thought maybe we should do something about it! We think Meteor
is really exciting as well, and should enable faster / better development of
the types of apps that Firebase powers.

~~~
geoffschmidt
Meteor dev here. We're really excited about Firebase -- the time has come for
realtime databases. Every Meteor app needs one.

------
hedgehog
Tools used (from the chat):

Mongo for storage backend

Node.js client is Faye

Scala + Netty backend

custom JS client supporting "IE7+, Opera 10+, Safari / Chrome (recent
versions), FF3.0+"

~~~
mayop100
Thanks for sharing this! Too busy in chat to keep up with all the HN comments
: )

------
plusbryan
This is the way to do demos - easy enough for a non-coder to use, but it
explains and shows the internals for more experienced developers. Nice work!

~~~
mayop100
Thank you! Glad you like it!

------
jdavid
I was part of the beta and really enjoyed working with Firebase it was like
working only in the browser, i could forget there was a backend.

Once you start playing with it you realize that there are so many apps that
can be built.

the team has a few things to work on, and trust me many of us in the beta
flushed a lot of those out. they have their work ahead of them. what's there
is polished and ready for use. give it a try. use this as a chance to explore
what can be done when you can forget about the backend.

------
MrJagil
I'm a non-coder.

A very simple guide to make a very simple, understandable web-app would be the
killer feature for me.

There is a tutorial for a chat-app but that's way over my head(I of course get
how to put in the code, I just don't understand it (REST, roots, references
etc). If I could be shown how to make something insanely simple, and I
actually understood how it worked, it'd lead me on to the next thing. A
collaboration with codecademy might be the thing.

So much potential.

~~~
BryanB55
I'm the same way and have thought about this concept... I'm not even
completely sure exactly what Firebase is but it sounds similar to that idea
just requires more coding experience.

------
asselinpaul
What is the difference between this and let's say 'Meteor'?

~~~
jamest
Good question. Meteor is an application framework, like Ruby on Rails.
Firebase is a database, like MySQL.

We both think that application development is going to radically change in the
future and we're both building products that promote a new way of developing
apps. We're stoked about Meteor and see our products as very complementary.

~~~
tlrobinson
Could Firebase be used as a database for Meteor? (i.e. replacing Mongo)

~~~
tzm
yes. There is a node.js library for Firebase that uses websockets as a
transport layer.

------
michaeldwan
This looks awesome -- a better option than an api-only Rails backend. Realtime
pub/sub is also a big plus. Security is a concern with any 3rd party storage,
but most uses I can think of wouldn't store missile launch codes in here
anyway..

It's also worth pointing out that Firebase grew out of Envolve which supported
millions of users, so you know these guys can handle scale.

------
michaelmartin
This looks really good. It seems to be very similar to the Hydna app that was
on HN yesterday. For the rest of us, that has to be a win. Can't wait to see
how things develop with both companies now!

(Absolutely loved the interactive tutorial. Brilliant way to show off the
service!)

------
webjprgm
A real-time client-side library that ties in to their database hosting
service, basically.

Also, if you want to have any non-realtime parts of your web app that do
server-side processing of data then it looks like you have to use Node.js to
talk to Firebase, as there's no REST API for it that I can see. I guess they
don't mind because they're trying to get you to do all data processing in the
client anyway.

Definitely need security and permissions. How do I make sure only registered
users of my site can access chat? How do I make sure only admin users can
create new chat threads? From my brief reading it looks like all clients can
see everything in the database and modify it all. Am I wrong?

~~~
jamest
You can find our REST API docs here: <http://www.firebase.com/docs/rest-
api.html>

We're definitely working on security full speed. We have some basic security
but it's not ready yet. If you'd like to beta test it, please email us:
beta@firebase.com

You can check out our FAQ for more info: <http://www.firebase.com/faq.html>

------
codesuela
on a sidenote: I wouldn't do business with or trust my data to a company that
hides their actual address behind whois protection

~~~
jamest
Good point. This was on while we were in stealth. I've removed the whois
protection.

------
jdavid
Firebase, Burn your servers, you don't need them any more. Firebase is for app
developers that don't want to worry about building real time scalable back
ends.

~~~
buu700
Random aside, but when I first saw this comment (it was originally downvoted,
IIRC), it sounded like an incoherent insult directed at Firebase for catering
to "noob" developers; I only realised that you meant it as a potential
marketing line after reading a bit of your comment history :P. I think a colon
in place of a comma at the start would have been more clear.

------
rgbrgb
What are the main differences between this and Meteor? What a strange
coincidence that two nearly identical platforms launch within days of each
other.

------
trimbo
I just asked them twice on their chat to describe their infrastructure and
they won't do it, at least yet.

I realize this is in beta, and it's early, but am I the only one who would not
trust my data to a service where I can't get at least some idea of how they're
actually functioning behind the curtain?

------
bdunn
A few weeks ago, I wrote about (and presented at RubyNation) on why I think a
"dumb backend" is a really bad idea:
[http://planscope.io/blog/2012/03/25/rails-is-more-than-an-
ap...](http://planscope.io/blog/2012/03/25/rails-is-more-than-an-api/)

------
anandkulkarni
Phenomenal. I've been waiting to try this for months! It looks terrifically
easy.

------
drucken
What I like most about Firebase so far compared to Meteor, is that I can
actually read about Firebase and its excellent documentation from any machine
with any web browser!

Well done, thank you.

------
tomelders
It's been a good week for the real-time-web.

We might need a snappier name though, because this sort of real time is a lot
more real time that the type of real time people are already used to.

~~~
rooshdi
Live-time?

------
ique
I couldn't find any (easily accessible) info about what it actually uses to
communicate. Is it long-polling, websockets, something else?

What kind of browser compliance is there?

~~~
mayop100
It uses a variety of techniques, depending on what is available on the client.
When possible we use web sockets in the browser, but have other methods we can
use when they're not available.

------
Rotor
Congrats on the launch of Firebase and absolutely love the code demo; it hooks
you in.

At the end of the demo you are asked if you'd like early access. Definitely.

------
spladow
For those interested in this kind of service there are a variety of others,
including our own (spire.io), as well as Pusher, PubNub, and others.

------
_dtw
Really interesting idea, look forward to giving it a whirl in a moment.

Quick question, are you affiliated with firebase.co? They seem to be in a
similar field.

------
oluckyman
This should play beautifully with client-side JS web app frameworks like
AngularJS where the JSON models are 2-way bound to the views.

------
lowglow
Fantastic job. This looks phenomenal, James! I can't wait to find an awesome
project to put this to good use. Cheers!

------
mahmud
"real-time" has a very specific meaning when it comes to software, don't
dillute it please.

------
felixchan
This is going to revolutionize the way apps are built.

------
darylteo
Looks similar to what Meteor was trying to achieve?

------
tknew
Firebase will turn into a chat company :p

------
MatthewB
congrats, james. i'll whip something up for teamly soon enough:)

------
gr3g
Simply Amazing!!

------
flav0ur
Great!

------
buremba
I think it's overrated. :/

------
wavephorm
Can someone explain what kind use-cases there are for a database where the
client can read and write directly against the database? CouchDB could do this
(via CouchApp), but I bet not many people do this because it's bad from
security and scaling standpoint and I think there aren't that many types of
apps that can be created without a proper back-end.

