Great questions. Let me answer them one at a time!
Where is the code running? Every script run happens in its own sandbox on our machines. We use docker, it's awesome. People are asking for dedicated machines specifically for their company, and others are asking to hook into their own machines. Once we figure out how people/companies want to use the site, we'll put up some options for where code will be run. I'm totally open to feedback and would love to hear what you think.
I'm measuring costs right now. But I'm seeing that when we get a fair pricing model up - if you could hit these api's only when you need them, rather than have a dedicated server for them, you'd save a money. A really different way of looking at PaaS + Apis... and I'm super excited about it. Right now, I'm just trying to collect as much awesome feedback as possible for use cases, and then we'll have a better idea for how users would want to be charged. Right now, people are asking for a simple request-based model. Would love your thoughts on this as well.
You may be interested in my Python-on-ZeroVM-On-Docker Dockerfile[1]. This adds the security and isolation of ZeroVM on top of the connivence of Docker.
Note that ZeroVM isn't an x86 VM, so you need a custom Python (which that Dockerfile downloads). There are also no network sockets, so some things are difficult to make work, but you can work around that by using network code in the Docker container, and riskier code in ZeroVM.
I'd be pretty confident in that security model.
However, it's six months old now, and likely to need some updating. ZeroVM was changing pretty quickly when I was working on it.
Do you run the scripts as a specific user inside the container then? I was under the impression that running untrusted code in Docker as UID 0 was not yet safe.
Great questions. Let me answer them one at a time!
Where is the code running? Every script run happens in its own sandbox on our machines. We use docker, it's awesome. People are asking for dedicated machines specifically for their company, and others are asking to hook into their own machines. Once we figure out how people/companies want to use the site, we'll put up some options for where code will be run. I'm totally open to feedback and would love to hear what you think.
I'm measuring costs right now. But I'm seeing that when we get a fair pricing model up - if you could hit these api's only when you need them, rather than have a dedicated server for them, you'd save a money. A really different way of looking at PaaS + Apis... and I'm super excited about it. Right now, I'm just trying to collect as much awesome feedback as possible for use cases, and then we'll have a better idea for how users would want to be charged. Right now, people are asking for a simple request-based model. Would love your thoughts on this as well.
Thanks again for the questions. You're awesome.
paul@blockspring.com 312.834.7265