Techhawking

If you haven’t noticed already there is a second blog which I maintain which is currently more busy than this particular blog. “Scalable web architectures” is a collection of posts about how web architectures which scale and technologies which make it happen.

Here are some of the posts on that blog

Scaling Powerset using Amazon’s EC2 and S3

Powerset could have gone the way most dot-com companies have gone, but instead they decided to try out Amazon’s EC2 (Elastic Cloud Computing) and S3(Simple Storage Service) to augment their computational needs.

P2P network scalability

Youtube is said to be pushing about 25 petabytes per month which is about 77 Gbps sustained data rate on an average. The bandwidth usage at the peaks would be even higher. Thanks to Limelight networks, Youtube doesn’t really need to scale or provision for that kind of bandwidth and based on the some reports from 2006 it had cost them close to 4 million a month back then. Youtube and services like that have to invest a lot in their infrastructure before they can really launch their service and though using shared Content delivery networks is not ideal, its probably not a bad deal. In Youtube’s case, it helped them survive until Google bought it out.

Sharding: Different from Partitioning and Federation ?

Theo Schlossnagle, the author of “Scalable internet architecutres” argues that federation is form of partitioning, and that sharding is nothing but a form of partitioning and federation. Infact, according to him, Sharding has already been in use use for a long time.

Adventures of scaling eins.de

Eins.de site serves about 1.2 million dynamic pages a day. He wrote a series of articles describing how they redesigned the site to scale for growth. I found these articles very informative with a extreemly mature discussion of the colorful world of scalability.

Session, state and scalability

If I could only give one recommendation to anyone building a brand new web application, I’d say “go stateless“. But going stateless is not the same as going session-less. One could implement a perfectly stateless web architecture which still uses sessions to authenticate, authorize and track user activity. And to complicate matters further, when I say stateless, I really mean that the server should be stateless, not the client.

Loadbalancer for horizontal web scaling: What questions to ask before implementing one.

Loadbalancers, by definition, are supposed to solve performance bottlenecks by distributing or balancing load between different components its managing. Though you would normally find loadbalancers in front of a webserver, a lot of different individuals have found other interesting ways of using it.

The other day I briefly mentioned the pain point of the web2.0 world and how consolidation, aggregation and summarization will help reduce some of it. Microsoft today formally announced the availability of Microsoft Live ID as a contender for the providing SSO (single sign on) services in the web 2.0 world. Live ID, incase you didnt know,  is the repackaged version of Microsoft Passport Network, which had failed so badly that it forced Microsoft to pull it out of the market. Here are some examples of how to use other languages like php, perl, python, ruby etc to do authentication using Live ID. Microsoft is not the first one to openly come out with a SSO technology. Liberty Alliance and OpenID are other opensource competitors which have some foothold in this market already.

The move to SSO, in the web 2.0 world, (Single sign on) is bound to happen regardless of how scary some people might find it to be. If you can trust your online bank with 100000 dollars and trust 3 companies you don’t really know with your entire credit history, then this shouldn’t be that much of a concern. The real question is whether you trust the technology leaders Microsoft, Google, Yahoo  or others like Verisign enough to provide these critical services for you.

In my opinion the reason why OpenID and Liberty Alliance have failed is because of fragmentation of standards and lack of leadership. While Microsoft failed the commercial venture into Authentication services (Microsoft Passport network) it might actually do well as long as it doesn’t screw up this time. Not because the they have done a great job in the past, but because the pain is now so unbearable that people are willing to give almost anything a try. But the real kicker is that almost everyone has a microsoft account anyway, so if I had an option to use my Microsoft account to login to a new web 2.0 product, I’ll do that in a heart beat. Creating yet another account with a new password and doing the email confirmation thing is not an adventure anymore… ( or may be I’m getting old ).

I predict that Google or Yahoo will soon jump into this with its own suite of authentication services (probably using OpenID or Liberty Alliance) which will then become the next battleground in the web2.0 world. I also predict that in a couple of years after that many of the web services will move towards supporting these forms of authentication services so that users are not forced to create new user accounts with new passwords every single time.

And if my predictions don’t really come true… hey, at least I know that I can dream.

References

• OpenID and Identity Systems of Yahoo , Google and MSN
• Google OpenID
• How to use OpenID
• OpenID enabled Sites

I’ve been reading a lot about scalable web architectures lately and made a big enough collection of links to see that this could be interesting to others. Instead of putting all those links here in this blog, I’ve started a separate blog here http://www.royans.net/arch/. If you have an interesting link/links to share please send it over to me.

The next big thing on the internet has to be about simplicity. Internet has come to a point where its growth will become the cause of its own downfall without a dramatic change in the way it grows. Almost everyone I know has a yahoo mail, gmail and hotmail mail accounts. And now they are on linkedin, orkut and facebook too. Keeping track of your own logins,passwords, email addresses is difficult as it is, and now you have to keep up with all the new services your social network is plugged into.

I see 3 things happening in the next couple of years, some of which have already started.

• Consolidation of services - Google is slowly building a suite of applications like microsoft and yahoo. And others who don’t have a big war chest to build it themselves are getting others to build it for them (think facebook apps).
• Aggregation of services - Plaxo does a good job of syncing up multiple addressbooks and phone directories. We would be seeing a lot more of applications like these. This would also lead to more openness, and though its a little farfetched, it is possible to see microsoft,yahoo and google themselves providing an option to sync up with others. And while all this is going on, there are smaller services like symbaloo and IM aggregators like Trillian and meebo filling in the void.
• Information Summarization - This might sound new, but its already happening today. Aggregation of services by itself gives you a birds eye view of all the information flowing in, but without additional intelligence you still have to read through all your blogs and emails to understand what is going on. Using a combination of different mechanisms, like your preference settings , information clustering algorithms, NLP/NLG (Natural language processing/Generation) algorithms, it can help you cut through your daily feeds and emails swiftly.

The same origin policy prevents document or script loaded from one origin from getting or setting properties (XMLHttpRequest) of a document from a different origin. The policy dates from Netscape Navigator 2.0. This is a very important security restriction which disables rogue third-party javascripts from getting information from your authenticated banking server session.

Unfortunately, this also almost completely shuts down any possibility of data sharing between multiple servers. Note the use of the word “almost”, because “JSON” is the new Saviour of web2.0 world. JSON or Javascript Object Notation, is nothing but a simple data interchange format which can be easily used by javascript applications. Whats different here is that unlike XMLHttpRequest which can send back answers in any format the javascript application wants, JSON requires the answers to be in JSON format, which is basically a subset of Javascript Programming language, or to be more specific Standard ECMA-262.

For those who are curious how this works and don’t have time to read the complete documentation, the difference is that a javascript application can still call other javascripts to be loaded from third party websites. So if you are running an application on www.royans.net and you have some data on data.royans.net, you can load that data into your application as long as you masquerade that information as a javascript.

Thats it, there is no rocket science here… but it does feel like one when you first come across it. I surely did.

While you are at it, watch out for JSONP (JSON with padding) too. Google is one company which I know have been using such mechanisms for a long time. They recently came out with more vocal support of this new open data interchange standard.
Oh, and before you go hacking your code, one thing you might like to watch out is to avoid opening up private/privileged information using JSON mechanism, because its open to XSS (Cross site scripting hole).