And in the docs[0], the manual instructions ask you to run their agent container with --privileged=true, which gives the container access to all devices on the host and more.[1]
Hm.. try to start it without --privileged. WI think it's not necessary now. I don't remember the main reason why we use that flag. Please try without and can you send me feedback about. If it will work good - we'll update installer. Thx you!
You are right. But you can play with our platform this weekends, and on next week we'll opening agent to open-source and enable security. We have some delay with SSL delivery. :(
When I see security as a second-class citizen on user-visible elements, I assume that the same philosophy was applied on the parts I can't audit, even after the front-end stuff was fixed.
I agree. Basically makes me distrust the whole thing inside and out; who knows what other bs engineering practices were used in non visible parts of the stack? Shipping is great, but please don't ship insecure stuff as a product you want customers to use. Please.
You can get HTTPS for free (and hassle-free) if you use Cloudflare as your DNS server. Disclaimer: I am doing this publicity as a happy customer, without earning anything in return.
It's a bit more than DNS. It's sending all of your traffic through cloudflare, and they cache content/act as a CDN. But they can theoretically inspect/modify all traffic.
This looks really compelling. The home page is nicely designed -- but I have some constructive feedback on the copy, which is understandable but clearly not written by a native English speaker.
"Development and deployment never been so simple"
The grammar error here is a little jarring to native English speakers, and it's particularly noticeable because it's in the tagline. Fixing that would make a better first impression.
"Development and deployment have never been so simple" would work better, IMHO. Or perhaps you'd prefer
"Development and deployment made simple", in keeping with the terse / minimalist theme.
While I'm at it, a few other minor corrections, in roughly decreasing importance the further down the page we go:
"GitHub and BitBucket integrations allows you automate DevOps."
should be
"GitHub and BitBucket integrations allow you to automate DevOps."
"Servers and Clouds linking"
should probably be
"Link Servers and Clouds"
for verb consistency with previous headings;
"Create... Build... Link... Manage... " is consistent, whereas
"Create... Build... ..Linking... Manage..." is not.
"You can link your server to Last.Backend with special command. Just copy it and execute in a terminal."
could be
"You can link your server to Last.Backend with a special command. Just copy it and execute it in a terminal."
Finally,
"Just look at scheme and you can see what's going on. Color element indication provide all information about all warning and problems. Logs output gives you ability to know much more."
could be improved as
"Just look at the scheme to see what's going on. Colored elements convey information about warnings and problems at a glance. Log output provides the ability to know much more."
(or similar)
Perhaps "You can link your server to Last.Backend with a special command - just copy it and execute it in a terminal." would work better; notice the "-" which will signify that it's a continued part of the thought.
Every time I read about linking containers I start wondering if they have fixed the proxy scenario. Essentially, multiple DBs that need to connected to a proxy, when you bring up a new DB you don't want to have to restart the proxy container in order to update the links.
I know docker is built to link from application server to db, and not the other way around. So for our production server we have each DB create an apache config file and then hot reload the apache server.
Hi! Yeah, this is known problem and we tried to fix it. Last.Backend has an internal service discovery and internal DNS system. With Last.Backend you can forgot about this :)
This system provide linking between different servers. If you have some feedback - please provide us! We need it! ) Thx a lot for comment :)
I'd love to try it, but when signing up with github it wants to be granted access to all my organizations, which I cannot allow (I only want to grant it access to my repos, not my employer's!). Any way around this?
Looks great, although I was put off when the instructions to add a server used a goo.gl URL, and then piped the output into a sudo shell...
Would be nice if it used your own domain (HTTPS is essential!) and if the script didn't require super user from the outset (or perhaps it could explain what it is going to do, and then request super user permissions)
You are right! It's temporary option. We are testing new installer, located on our domain! HTTPS will be on next week. It's the first update for next week!
1. When signing in with Bitbucket, it tries to add ssh keys to r/w access all my repos.
2. Emails with dots not accepted by your sign up form
3. Drag and drop not working in firefox
4. I created Ubuntu 14 droplet with DigitalOcean, and inserted your "connect new servers" command there. Got result:
Run agent on stack
Error response from daemon: no such id: lb
time="2015-04-18T16:33:03-04:00" level=fatal msg="Error: failed to remove one or more containers"
When I'm trying to "run" my server into your app, I'm getting message "Available server instance not found"
More design suggestions, since that seems to be a trend in this thread:
- "Development and deployment have never been so simple" on two lines, line break after "deployment";
"Development and deployment
have never been so simple"
- Autoplay the "Stack constructor" animation
- Maybe add a automatic sliding for "Build and deploy apps" slides
- Autoplay the "Link Servers and Clouds"
- The "Watch video" should be right at the very top of page with a nice screengrab + big (>) play button in the middle
- Any particular purpose for enclosing headers with : characters?
Looks very promising. Like at the "stops me from building something I was about to build" level of promising. However, to get all the way there I need to know more about your team and generally anything else you can do that would build trust that you won't disappear, won't steal my data or access my servers, and won't get hacked - roughly in that order.
Unfortunately, chances are good that we will need to go with more established services for now, but we'll definitely be keeping an eye on you guys to see how things progress.
Hi, Thx! Yeah we are working for spartan support. I hope we'll support it in few weeks. Can you please send us a more feedback? We need all opinions to make Last.Backend better and better.
the biggest problem while using Project spartan is that the left side bar menu is not working properly, you can open them and then you can only see is the "Add new image" button, which doesn't work in project spartan either, but otherwise it seems everything else seem to work like it does in Developer edition firefox
When attaching my servers, the script executed fine. However, none of my servers are recognised. The list shows (2/1), but displays no names (2 empty strings that I can choose from). Couldn't get anything working. Anything I am doing wrong?
P.S. couldn't send any message through neither Intercom nor support button at the top.
I got the same problem (login: bernat). Running on plain Ubuntu 14.04. I have also tried to unlink the agent to relink them, but "Link new" button gives the landing page where we choose the free/non-free version. So now, I don't have any server instance...
Also, I didn't log with GitHub because I didn't want to give write access to anything. You should give the option to only request the email address.
Any plans to have direct integration with cloud providers (AWS, DO, etc.) so that the command doesn't need to be run by hand and we can instead just spin up servers directly?
Wow, this is beautiful. Quick question, is it possible to have an archive of the logs for when I want to debug my crashing app? How much can I go back in time?
I'm as ticked off as anyone here regarding the blatant security lapse(s). But I must confess: The level of tenacity of OP is outstanding in light of all the strongly worded comments that've been directed at him/her (understandably deserved w.r.t security). I do think this is a commendable attitude to display in situations like this. It makes a noticeable difference. Here's hoping OP will turn things around.
It's really quite simple. I'm on an anti-account binge, and have been for a while.
Primarily, I just hate accounts. I have hundreds of them man. It's absurd. I don't bother trying to log in to most of them any more, if it's not a service I use every day I go directly to recovering the username and password, because I'll never get it in the three or five or 10 tries I'm allowed before the account is locked/they start giving me captchas. Often enough, that system breaks, and then I'm left having to email admins and beg them to help. That's always a fun coin to toss.
So I don't make 'em any more, unless I literally have to. Quite seriously, the only new account I recall opening in the last two years is with the Australian government, because it was mandatory to do my tax return via that system. Maybe there's one or two others, I don't know. e: I remember the other one, it's this one! tada, own goal!
I'm currently locked out of the government system, because their secret question/answer system didn't like my answers. I have to call them during business hours to fix it. I moved to another country recently, so that's going to be cheap and stuff.
Secondarily, I'm starting to critique peoples use of accounts. Lots of people implement a username/password system when they don't need it, because it's easy to do so. As a developer myself, I am taking a stand against lazy development.
Maybe I don't fully grasp your product (I'll be honest, the instant I saw "sign up now" my shutters went down), but it seems like a graphical docker container configuration management tool is less effective as a web app than a desktop app, and doesn't need an account system either way.
For example, if you're using the accounts for saving flow setups, could that not be done with a combination of URL parameters (encoding customer specific data like IP addresses) and page ID's to a key-value database (with the benefit of data de-duplication), thus allowing me to save my work with a simple ctrl-d to bookmark it? As a side benefit, I can share it just by emailing it to people.
Hey, maybe I'm wrong, maybe your system really does need accounts, but I'm still not going to make one. I have to draw the line somewhere if I want this endless account sprawl to end.
Ooh, pretty! That's going to convince non-technical managers to use this service. Put that display on a big screen in the manager's office and they'll think they know what's going on.
A display application like that would be useful for AWS, so you know roughly what's going on in your rented subcloud. With, of course, both big screen and phone app versions. From the other comments, it seems that this startup has a poor container management system but a great visualization tool. There are lots of container management systems (one written in Go was announced on HN yesterday) but many are still at the command line level for monitoring. Maybe this startup should pivot and do "cloud management visualization".
http://lastbackend.com/images/landing/timeline/deploy_2.png