http://blog.scoutapp.com/ en-us 40 Scout ~ The Blog comments <p>Brendon,</p> <p>We&#8217;ll have an announcement on that shortly.</p> Mon, 7 Apr 2008 11:46:12 CDT http://blog.scoutapp.com/articles/2008/02/14/hands-on-with-scout-at-atlanta-ruby-user-group#comment-2 http://blog.scoutapp.com/articles/2008/02/14/hands-on-with-scout-at-atlanta-ruby-user-group#comment-2 <p>Any updates on when this will be publicly available?</p> Sat, 5 Apr 2008 10:02:09 CDT http://blog.scoutapp.com/articles/2008/02/14/hands-on-with-scout-at-atlanta-ruby-user-group#comment-1 http://blog.scoutapp.com/articles/2008/02/14/hands-on-with-scout-at-atlanta-ruby-user-group#comment-1 <p>Last night, I demoed <a href="http://scoutapp.com">Scout</a> to a room-full of Rubyists at the <a href="http://ruby.meetup.com/83">Atlanta Ruby User Group</a> Meeting.</p> <p>I would love to share all the wonderful feedback, but instead, I&#8217;ll share some of the excellent questions (and more elaborate answers) that were asked of Scout:</p> <p><b>What are the security pitfalls, i.e. can someone simply write a &#8216;rm -rf&#8217; plugin?</b></p> <p>To answer that, let&#8217;s look at the architecture of Scout first:</p> <ul> <li>You install the tiny Scout client (which is a <a href="http://rubygems.org/">Ruby gem</a>) on your server. </li> <li>The client connects over https (always) through a 256-bit secure, encrypted connection (the same encryption your bank uses). </li> <li>Scout never logs in to any of your servers. </li> <li>All communication is initiated by the client. </li> <li>The client downloads a pre-loaded plugin plan, consisting only of <a href="http://scoutapp.com/plugin_urls">plugins</a> of your choosing, so it cannot run plugins you didn&#8217;t explicitly authorize.</li> <li>The server also uses that same secure encryption for all communication. Individual accounts are protected.</li> <li>Client keys (uniquely generated) can be revoked at any time, disabling the client.</li> </ul> <p>The security measures needed for Scout are the same as for any other software. In fact, in some ways, it&#8217;s easier to be more secure &#8211; the plugins are relatively few lines of code and easy to review. For a more closed environent, you can create a copy of the plugin code and host it on one of your own servers (a plugin is plain text).</p> <p><b>Is Scout open source?</b></p> <p>The Scout client is completely open source. The gem is a normal Ruby gem, open for development, and distributed under the <a href="http://en.wikipedia.org/wiki/MIT_License">MIT</a> and/or Ruby License (whichever you prefer). The <a href="http://scoutapp.com/plugin_urls">Scout Plugins</a> people write are also completely open, in fact, they are surrounded and fostered by a community that encourages branching, fixes, and general open-ness.</p> <p>The Server, where you aggregate your data, do reporting, and in general, collect information about your account is not open-source. We maintain the server, and keep all your data safe and sound.</p> <p><b>When does it launch?</b></p> <p>We&#8217;re doing the plumbing now &#8211; account subscriptions, a new home page, privacy policies, backup procedures, etc. We&#8217;ve recognized that lots of people are anxious to get going and we&#8217;re working to get it ready for public use as fast as possible.</p> Thu, 14 Feb 2008 10:12:00 CST <a href="/articles/2008/02/14/hands-on-with-scout-at-atlanta-ruby-user-group">Hands on with Scout at Atlanta Ruby User Group</a> <a href="/articles/2008/02/14/hands-on-with-scout-at-atlanta-ruby-user-group">Hands on with Scout at Atlanta Ruby User Group</a>