Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 1 year ago.
Improve this question
Is there any open source alternative to talky.io? where client code and all server side code is available.
I just double checked and it seems the priologic team are keeping tawk.com code behind a paywall, just like talky.io.
In the webRTC ecosystem, vendors either focus on
an application, and the Backend is hidden (think Skype, or bistri, even though bistri pivoted to propose an API as well.),
a PaaS and
then both the sever code is hidden and you won't have an
application, at best a demo, because they do not focus on any
vertical and do no implement business logic (think AWS in general, or tokbox, temasys for webRTC)
propose consulting/app development and will provide a complete
application most often open source, but keeping some key components
(priologic: mobile SDK + app, &yet: app, algoworks, ...) behind a
paywall. They usually team up with a Paas and or Hardware vendor to
provide more compelte/scalable solution to their client
(priologic/oracle, ...).
It is very unlikely, and I wouldn't know of any, that there were a vendor that would provide a full solution open source. It is still too complicated to have a non commercial entity provide one. The ones which do provide a full solution do so for a limited scope.
In any case, an application is always focussed on a use case. Even though the underlying infrastructure might be the same, and the BE/client API might be the same, an app for contact center, and app for social dating, and an app for conferencing will be quite different because they implement a quite different business logic and address quite different market. It is reasonable NOT to expect a full stack, but to have only the top most layer left to implement.
I put a list of vendors and products there, but it s a little bit raw. So here is a recipe to build a free/open-source solution, and then where to look to upgrade:
mandatory: open source signaling server (easyrtc, signalmaster, peerjs-server, rtc.io, ...)
mandatory: BE API (easyrtc, simplertc, peerjs, rtc.io respectively)
optional but highly recommended: add the free turn server rfc5766, or the most advanced version "coTurn". Some of the open source server and library propose examples or how to to support this TURN server by yourself.
optional: a client API that brings you closer to your use case,
optional: a free plugin to support IE and Safari (temasys free plugin),
optional: a media server if you need to host many-to-many calls or conferences (MCU or SFU) (licode, meteecho's janus, medooze, kurento, jitsi's videobridge)
optional: a SIP gateway to connect to VoIP and/or pone by extension (PSTN).
and ... that's about as far as you can go with open source / free libs today. You might hit a scalability problem quite fast depending on your traction.
A next step would be to get hosted servers, but it's not free anymore.
Separate servers:
ICE/TURN/STUN: See xirsys/twilio for hosted solution,
Media server: see dialogic, radysis, for hardware and meedoze, Jitsi, acano, pexip, openclove for software/hosted solutions,
Full Paas including all of the above:
tokbox (beware of streamed minutes billing if you have large conferences, has recording and some features temasys does not have yet)
temasys
some of the media server vendors also market themselves as PaaS. I have not tested, so I can't comment or recommend.
If you want to connect to SIP/phone, you will need different vendors as hither temasys nor tokbox provide interoperability today.
You could have a look at jitsi https://jitsi.org/, which is an opensource solution for private communication and also serves as a video conference tool for the browser.
You could try Subrosa (latin for "under the rose"). According to https://subrosa.io/source: "The Subrosa client and server are both open source and licensed under GPLv3."
Would be better if the server component was GNU AGPL 3.0, to make sure anyone running a server makes their code changes available for re-use, but at least both ends are free code.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I know I am very bad at asking a question so please tell me rather than downvote me...thanx
Q1: How Is Progressive Web Application Useful?
Q2: What Type of Application Should be Built using PWA is there any Specific Application which contains a lot of CPU utilization or Simple Static Pages with just small interaction with Server?
Q3: What should be the Application Architecture? In General?
There are a lot of reason for using PWA rather than web-apps or native applications.
A1:To answer your first question there are some articles found on internet, here I recommend some of them to read:
Google Developers PWA documentation
What is PWA?
Important tips about PWA
A2: There are no limitation and restriction on app you wanna develop. (Also you should pay attention to the key things like caching, which are considerable and important in native/web apps, too.)
A3: The architecture is very similar to web-apps except it must have some additional files:
manifest.json (Which is used to declare something like application name, the icons and etc. and it must be placed in the root of the project)
serviceWorker.js (Which gives you additional features like push notification, background works and etc.)
NOTE: As it obvious your Progressive Web App should be responsive to support different resolution of mobile screens.
PWA is not a single technology or a framework , set of features in web which helps to improve your application progressively.
It means if you have a modern browser you will get an awesome user experience else those features just not support it , your application will have existing features remains as it is.
Let's talk about what all the features we can use to enhance our existing or new web application .
You can bring native look and feel of mobile device apps on your web
pages. It's not the responsiveness of web page but you can access the
native features such as camera , accessing geo location, push
notifications.
Offline Capability when your internet connection get lost through caching.
Background Synchronization of data
Icon on the home screen , you don't need to install the application
from the app store to place it on your home screen.
There are three import things I want to summarize about the progressive web application.
Reliable : Application will load instantly even in a uncertain condition and provide offline functionality through caching.
https://developers.google.com/web/progressive-web-apps/#reliable
Fast : Respond quickly as possible based on the user interactions.
https://developers.google.com/web/progressive-web-apps/#fast
Engaging : Feels like a native app on mobile devices.
https://developers.google.com/web/progressive-web-apps/#engaging
Q1: Progressive web applications (particularly the service worker part of them) are useful because they can (a) be very fast and (b) work offline. Using a service worker to cache resources (HTML, JS, CSS) on the user's device can create almost instant page-load times on subsequent visits to your site. In addition, this can make your site available even without a network connection. Progressive web apps (with a manifest file) can also be installed on the device home screen, making them easily accessible, like native apps.
I'm not sure I understand Q2 and Q3, so I'll leave those for someone else to answer.
i'm starting to develop a web application for which I need real-time capability. In particular, as result of a server-side event (without client request), the client must refresh the view. The best solution seems to be a websocket communication.
My doubt is mainly between Node.js and JavaEE 7. Which language do you recommend for development? And with which framework?
The main requirements are:
Interoperability with browsers
Support for mobile devices
Availability of tools for the creation of the graphical interface
Thanks
The question is a bit broad and leads to opinion-based results - that's why it is likely to get close votes, so don't be surprised if it happens ;-)
Nevertheless, I would generally state, that "web application" and "real time" won't work together, because you have components like the network or containers in between which you don't control and thus cannot guarantee real-time requirements.
But I assume, that you are more looking for an "instant" reaction, so that your clients get informed instead of having to ask for something. In that case, web sockets are the state of the art for doing so.
Regarding technology selection, I don't think one is better than the other, it is more a question about available skills or your general programming model or customer requirements. I would think you can perfectly use Java EE 7 for that.
As a reference on that topic, I visited Adam Bien's workshops last year and he talked about an example, where he had a huge number of clients which communicated with a Java EE app server using web sockets.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
Social networking is great, but there is something fundamentally wrong with the way social networking is implemented today in most popular services. I'll put it in this example: Imagine that there is no SMTP, and consequently, it is globally assumed and accepted that you can only send email to addresses on the same domain. The result would be the emergence of a single email service, let's call it emailbook.com, which we all have to subscribe to, if we really want to communicate with the world.
This is what's happening with social networking today. You HAVE to use the same service your fiends/colleagues are using to talk to them.
I would like to be able to put up my own social site, invite my friends who trust me, share amongst us, but still be able to share with the world at large.
What are the chances of this scenario happening in the future? What does it take?
There sure is, and not just one! The future you wanted is now here.
By the time of the question, back in the end of 2010, OStatus had already existed for half a year, and the year before that there was OpenMicroBlogging (OMB), and at about the same time as OMB, the XMPP XEP 0277.
Since then several other protocols have popped up, such as diaspora* just half a year later, and later some smaller players like Friendica's DFRN and HubZilla's Zot.
OStatus never left draft status, but the big buzz[0] these days is about ActivityPub, which is a W3C recommendation since January 2018 and came out of the Social WG mentioned by #keithjgrant in his answer. There is a multitude of implementations[1], finding their niches with different use cases like microblogging, blogging, link sharing, picture sharing, video sharing and audio sharing.
There is also the collection of blog-oriented protocols described on https://indieweb.org/.
[0] pun intended
[1] Diaspora and GNU Social, although shown at fediverse.party, do not implement ActivityPub. The other applications shown do. There are several other applications not shown there, such as FunkWhale, Plume, WriteFreely, Prismo ... There is no terse and complete overview of all of them, but several are listed at https://switching.social/ and https://wedistribute.org/ publishes news and interviews related to all of them.
There are a few. One Social Web uses XMPP which is open and decentralized like SMTP.
Check it out.
http://onesocialweb.org/
I absolutely agree. The good news is, yes, things are happening. Even better, they are happening in the W3C, which means open standards.
The W3C now has a Social Web working group. They are actively working on a handful of standards. The biggest of these seems to be the Social Web Protocol.
Today, they also posted the W3C Recommended spec for Webmention, which is sort of an improved version of the old pingbacks that used to be used on blogs, this time built on HTTP. It allows a post to notify another page on the web when it references it. There are already a number of libraries and services that implement this today.
I think you should take a look at http://code.google.com/apis/opensocial/. It is a spec developed by google and other social networking players. It supports interoperability and much more.
OpenSocial is currently being developed by a broad set of members of the web community. The ultimate goal is for any social website to be able to implement the API and host 3rd party social applications. There are many websites that support OpenSocial, including hi5, LinkedIn, MySpace, Netlog, Ning, orkut, and Yahoo!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
We are developing a web application using Spring framework and Hibernate ORM. As far as application security is concerned we are using acegi to provide authentication and authorization support.
Now about user input sanitation, we have tried to take take care about attacks like XSS and sql injections. We have tried to use as much as prepared statements and hibernate criteria for database updates and queries. Inputs are sanitized for javascript also.
For testing these we have tried to use tools like Firebug, Tamper IEand Fiddler2 etc.
We have also used tools like Watch Mouse to do vulnerability tests.
What are the other tools available for web application security and what are the things to be considered before starting a web applications security testing.
Thanks you
HP has a security assessment tool called Webinspect, but it not free and I wouldn't recommend it. Either my company doesn't know how to use it, or the tool has no consistency in finding vulnerabilities.
You're better off hiring an actual pen-testing contracting agency to look for vulnerabilities in your site. Sure, you could run automated scanners, but they can only do so much. You'll probably waste more money and resources attempting to learn and implement proper pen testing then you would just hiring someone else to do it.
The fact that you're asking this question means that you are not qualified to give the kind of confidence or complete coverage a commercial application would need before launch.
You can use AppScan, but its not free.
Burpsuite is an amazing tool for web application testing.
I do agree with hiring an outside team however, but if your company cannot/will-not, put a weekend into getting familiar with BurpSuite and you will undoubtedly find some bugs.
I agree with those who have encouraged you to look to an outside pen testing firm, if you want the best results now.
That said, one of the best all-around web app pen testing tools I have used is Burp Suite (portswigger.net). There is a free version that gives you most of the functionality, but investing $400 in the Pro version, which adds a vulnerability scanner and the ability to save state, is well worth it.
In addition, you should become very familiar with the OWASP organization (owasp.org), and the information/tools they make available for web app security. The Cheat Sheets and the Testing Guides can be very helpful, if you know how to use them.
Finally, if you are determined to build up your own application security team, then you should consider hiring some folks with extensive application security experience as well as a background in software development. There is more to application security than security testing. Static security code analysis and threat modeling are just two of the other areas you should be thinking about.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I'm in the process of testing my application with respect to security.
Aside from Fiddler, Charles and Poster (Firefox plug in). Are there any other free to use https interception (and editing) applications out there? Especially ones which can be installed w/o admin privileges.
Achilles comes to mind, but I don't think it can handle https traffic.
Achilles does work on HTTPS traffic, but they note on their site that it is not the best tool any more.
Their suggestions are Burp Suite and WebScarab both of which I highly recommend.
OWASP ZAP - its free, open source and cross platform.
Its also the most active open source web security tool and came first and second in the last 2 'Top Security Tools' surveys run by Toolswatch.org (2013, 2014)
It was originally forked from Paros, which is no longer maintained, but it now has loads more functionality.
Its an OWASP Flagship project having replaced WebScarab, which is also essentially no longer maintained.
Simon (ZAP Project Lead)
Wireshark is amazing. It captures everything on the network so you'll need to filter down to http/https: http://wiki.wireshark.org/CaptureFilters.
There are a few programs that I would suggest.
Paros Proxy and Ratproxy have already been noted.
scapy is a powerful packet manipulation tool, and has all of the sniffing and monitoring capabilities as well.
dsniff is a suite of tools that allows manipulation, injection, and all sorts of interception and modification options.
There is also a plugin for IE called Tamper IE that has a simple GUI based packet editor.
All of these are free.
Doing more research I came across Paros Proxy. Seems to be a good alternative to the
others.
I'd strongly recommend HttpWatch. I believe the basic version is free and captures your HTTPS traffic to some extent. The Professional version is worth the money.
Have a look at ratproxy. It may not be exactly what you're asking for, but is very useful in testing the security of your web app.
Rather than intercepting HTTP and allowing you to edit or replay requests, it installs as a proxy and monitors the normal use of your web app, and then provides a report on possible security issues, along with their severity. It can also be configured to attempt active XSS or XSRF attacks where it thinks there is a vulnerability.
The site says "Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments" but I've only used it on Linux.
Check HTTP Debugger Pro
It is proxy-less solution and have zero impact to the transferring data.
Also it has modern user interface :)