Related
There are many related questions, but all of them are about Shiny R, and that requires paid hosting to be always available (since free options such as shinyapps.io have limits). So I'm wondering whether there is any alternative solution for running R code from a website hosted, for example, at GitHub.
To be more clear, I want to use an R script to interactively display a few plots and some derived information, based on some basic settings given by a user. To give a super simple example:
var_from_gui = 7 # input in HTML, user e.g. clicks OK
print(paste("input plus five is:", var_from_gui + 5)) # info displayed on website
plot(c(1, 2, 5) * var_from_gui) # image to be displayed on website
Firstly, I assume this is very possible in Shiny R - is that correct?
Secondly, is this possible in another way that allows me to run this via e.g. GitHub pages? (Actually I can also use this more comprehensive university server, but I don't suppose it helps with this case.)
I'm aware of htmlwidgets too, but, as far as I understand, that only allows very limited interaction such as filtering, and not things like drawing plots based on user input.
One option I found and seems to fit well is OpenCPU, but what's discouraging is the apparent lack of activity (no recent questions/answers/posts etc.) and hardly any useful tutorials or overviews, which also makes it hard to assess whether it's worth trying.
For up to 5 small apps with little traffic you could use the free plan on https://www.shinyapps.io/
very easy to deploy, because its a RStudio service
You can host your R functions on the public OpenCPU server, for free.
I have done that for my own applications and it works well. None of the limitations that you listed in your question. Also tried Shiny but, as you mentioned, not flexible enough for what I was trying to achieve.
OpenCPU is really a great tool, although not well supported by the community (not sure why, looking at the great value it brings)
I followed the docs here to get it up and running. Setup is a bit tedious but fairly well documented.
Once live, I found this server very reliable - your R functions are continuously available, with very low latency (much faster than a Shiny server from my experience)
You are also asking for "a solution for running R code from a website hosted, for example, at GitHub" - OpenCPU does handle CD/CI (Continuous Integration) from your custom GitHub repo through a webhook mechanism.
I also implemented such webhook for my apps, so can confirm it works smoothly. Just follow the well-written provided documentation here.
By now I guess I can answer my own question – though Marc's answer seems also useful in general (and prompted to write my own answer).
In essence, shinyapps.io worked for me perfectly fine. For a small and not too often used application the free plan is easily enough. What's more, even in the unlikely case that the website goes down due to excessive usage, R users have the possibility to easily run the Shiny app from their own computer (provided that they have R installed).
And of course, the example given in the question is very possible to implement in Shiny R: typically the code is executed via the eventReactive function, and, for the "trigger" button, one can use actionButton.
We have released a beta version of our software, and as we talked to people who started using it, we have found that a lot of the features (which we thought were essential) were not known and not used by the users.
What are the possible ways to inform the application users about the features of the application? I personally find the "Tip of the day" popups extremely annoying and disable them quickly. Are there better ways?
It depends on the: features, application, platform and users.
There is no magic usability dial that you can just turn or button you can just push.
Even within the above there may be multiple ways that a feature can be made more discoverable but it the right one(s?) may be dependent upon how much flexibility you have. In that you've just released the app to actual users, I'm guessing that you're not in a position to restructure the app or make dramatic changes to the way it is architected to improve discoverablity.
This is why usablity testing (with real users) should be started early (in the development process) and done often.
If you can provide a more specific example of a feature that you want to make more discoverable then you may get a more sepcific answer. And if you ask it at https://ux.stackexchange.com/ you may get a better answer still.
Issue a "changelog" with new releases, that will show as part of the installer wizard in a "readme"-type dialog.
Yes, tips of the day can be annoying and are often turned off, but try a one-time dialog when the newly-updated program starts, with a summary of new features.
Extensive help documentation, including a series of "How Do I" articles.
Use icons with ToolTips to attract attention to new menu options/buttons/features in the first version they're released.
People often seem dead-set against learning the software they use on a daily basis. Most office-type jobs require regular use of MS Office, but I doubt very many could even tell you how to create an Excel chart without fumbling their way through it while doing so. The best you can do is make the learning resources available.
In your experience as a developer, what kinds of things have turned away users and prospective users from using your programs? Also, what kinds of things turn you away from using someone else's programs?
For example, one thing that really bugs me is when someone provides free software, but require you to enter your name and email address before you download it. Why do they need my name and email address? I just want to use the program! I understand that the developer(s) may want to get a feel for how many users they have, etc, but the extra work I have to do really makes me think twice about downloading their software, even if it does really great things.
Requiring lots of information when signing up -- name and email is bad enough, as you say, but some registration forms have many many fields. The fewer the better.
Charging money but refusing to disclose the price unless you speak to a sales rep
Having a web site that only works in certain browsers
No releases since 2003
No documentation
Support forum with many questions and no answers
Here are a few annoyances that I haven't seen anyone else mention:
Programs that auto-launch one or more processes at system startup that run constantly in the background (invisibly, in the clock tray, or otherwise).
While some of these are necessary, most would either be better implemented with a utility that runs periodically (use the system's task scheduler!) or don't need to be launched until the associated program is launched.
Dialog boxes that pop up on top of all open windows (even those of other applications).
This is even more annoying if you run full-screen apps.
Pop-up dialogs that won't let you switch to another app until they are dismissed make me want to throw something.
Stealing my file type associations or changing the icons associated with a MIME type when I already have that type assigned to another application. At an absolute minimum, ask me first.
Storing user data/documents in file types that can't be opened by other applications
The worst is when files are also bound to a specific version of the application
Automatically cluttering my desktop and quick launch menus with icons
Automatically adding a link to your crappy website into my web browser's bookmarks
Assuming I use Internet Explorer and launch it specifically instead of querying the system for the default browser (same goes for media player, email client, etc)
Failing to understand the difference between user-specific settings and system-wide settings
Re-mapping common, near-universal keyboard shortcuts (cut, paste, undo, print, refresh, etc) for no good reason
If you're going to re-map Ctrl+C from "copy" to "close without saving anything", at least pop up a dialog warning people when they use it
Requiring an exact version of a library or framework. I don't want to have to uninstall the .Net 2.0 framework and re-install 1.1 just to run your program.
Spelling, punctuation, or grammar errors in the user interface or documentation. If you can't be bothered to at run (at least) an automated spelling checker, then you probably also didn't bother testing your app properly.
Displaying error messages to the user in a way that isn't useful. I don't care if "unexpected error #3410 occurred", I want to know what on earth that means and what I should do about it.
If you thought the error was important enough to program in a unique error message, why did you instead program error-handling code that could gracefully handle the situation? Only let me know about an error if I caused it directly or if I can fix it.
On a related note, aren't all errors unexpected?
Sending me to a website when I click "Help" instead of including help files with the local installation. I don't mind if you periodically download updated help files from the web, but people still need documentation when an Internet connection isn't available.
Bulleted lists that are way too long.
Setup programs that come bundled with all sorts of freeware (even things like Google toolbar) that are selected by default. I just want the program I downloaded, not all sorts of other programs. I can understand that developers might get something in return for including these add-ons in their setups but I hate it when they are selected to be installed by default.
Automatic updates and "information" screens that pop up every single system startup.
Yes, you updated yourself good job but I don't care nor want to know that you have. Do I really have to click "No, I don't want to upgrade to the pricier version" every single time I start my computer?
Ad infections. You know the kind where if you scroll your mouse over the text your reading it'll pop up a thing so you can't read it anymore. And flash ads that have sound(especially that you can't turn off. this was the reason I installed adblock plus) and pop up windows that happen multiple times while your sitting on a page.
Also, pop ups telling me to join a sites news letter mailing list. (where the "no" button is very small)
I will rethink downloading something if I think they will start sending me SPAM if I give them my e-mail address.
At a previous employer we had a program I helped write that was online as a "free" download. They had to put something in for Name, address, phone, and e-mail. Oh, and no opt-out checkbox. It annoys me when other companies do this, but I didn't have any say in the matter.
The info needed for free things gets me too, but other than that:
Bundled software, most of the time adware or browser bars
Having to click too many times to do a simple action
Websites that advertise "Free Download!" for something that turns out to be a paid app. Wow, so generous to allow me to transfer data over the internet for free.
Putting an icon in the taskbar when I don't want it there.
I installed an app called Pamella that records Skype calls. I'm fine with 1 icon in the taskbar -- Skype's icon -- but Pamela adding a second just got me angry and I uninstalled it.
Ugly / unfit user-interface. For me, this is really important.
Having to register to download the program (specially if it's freeware)
Browser-specific / requiring special/other applications to work properly
Bloated applications that start with a few MBs and finally grow to 100's of MBs and huge mem consumption.
That'd be most of the things that turn me away from a program.
One of the things that bugs me the most (using, not downloading to try in the first place...):
I download or buy software it is because I want to USE it for something. If it is so friendly that it is 100% intuitive and needs no documentation before being useful, great! If it has comprehensive on-line or other help that answers all my questions as they come up, that's OK too.
However, if it has any kind of learning curve at all and nothing but my own persistent trial and error before I can do anything with it.... Off the drive it goes, within the first 5 minutes. Well, maybe I will use it if I am being paid to, but even in these cases I would probably recommend something else.
A user interface that is so simple that practically no documentation is required, or that has documentation that is accessible is a joy to use. If the program is complex and requires non-trivial documentation, that documentation should explain EVERYTHING a user might want to know, making no assumptions about his or her prior knowledge. That also puts my appreciation meter way up there.
Make your software actually do something people want done, and make it painless for them to do that with it, and you will have lots of satisfied users and word of mouth recommendations.
I left this on my list but it's a big enough annoyance that it probably stands on its own:
Software that requires users to pay for bug fixes, security patches, or critical updates.
If you have a patch that adds some new feature that I want, I don't mind paying for it. If you made a mistake and you are trying to get me to pay you to fix your mistake, then that's where we have a problem. Any physical product manufactured and sold would call this a "recall" and wouldn't dare charge customers to fix it.
In the past, some software products have shipped with known flaws to encourage users to buy the "critical updates subscription". This is downright evil.
How much pain am I going to endure to develop a conscious competence in using the program? Some computer games I tried to play but after a few hours if I haven't figured things out, I'll stop playing. If a program is hard to use and I don't have a really good motivation to resolve it, that will stop me right there.
How complicated is the installation process? How many minutes will I spend getting the basics of the program understood so I can be productive with it? How close to other programs is it, so that I can leverage how I use other programs to use this,e.g. if I've used Microsoft Office for years are the menus similar to that or is it someone else's idea of the ultimate menu system? Those are the questions I tend to wrestle with in a new program.
If something takes hours to install and then more hours to configure for my use, this really makes me question how useful is the software, really. I can understand the appeal of software that can be customized in a bazillion ways, but if I'm just getting used to the software, do I want these options at this point? To give an example of how absurd this would be in other situations, imagine if you had to list all the ingredients in a pizza or an automobile before getting to the options that mattered to you? You have to list everything in the pizza dough or car's body that most people don't think twice about what is there.
Client has a dating site and would like to have a popup (either a nice javascript overlay or a new browser window popup. we're flexible.) displayed to users when another user is visiting their page.
I'm familiar with push technology and Comet but it's quite challenging to implement this and may place serious strain on a server with over 100,000 unique visitors per day.
I'm wondering if there is a way of faking this, perhaps by not being accurate to the second. I can't really think of any way.
This is a classic LAMP environment.
Anyone?
EDIT: what about this: placing an iframe on the page that refreshes every few seconds and at each page load it checks in the db if a visitor has been logged on this profile page. if so, it shows a message. the message would be visible but the background of the iframe would blend in with the background of the site and be invisible. if the message fades in and out, it would look like a JS box "popping up".
The only way to "fake" comet is via polling of some sort, which is always a possibility. An iframe, xhr, or jsonp request are all possibilities for performing said polling.
You might be better off purchasing a pre-built comet server (I'll recommend, of course, the one I helped build, WebSync for IIS/ASP.NET). If you're worried about the load, you could check out our On-Demand version where we'll host it for you.
Regardless, WebSync (or whatever other pre-packaged product you might check out) would scale to a hundred thousand users a day without much of a problem, and would potentially be more efficient than polling, since it would only hit your database when new users arrived, rather than every couple seconds; that said, if you keep the "check for new users" query simple enough, and a few seconds of delay is OK, the polling idea would be the "simpler" solution.
Check out http://en.wikipedia.org/wiki/Web_Sockets if you want to do real push. This isn't widely supported in browsers yet, but there are plenty of JavaScript and Flash libraries that provide it already.
Or a cheaper way is to record in your DB each page view.
Then when any user makes a web request, check in the DB if anybody has visited their page since their last web request.
If so, pop up your dialog.
This second way wouldn't popup anything if the user just left their browser sitting there, but if they were actively interacting with the site, it would achieve your goals very easily.
I would start with this second simpler solution, which is very easy to implement. If your client wants it more interactive, you can provide solutions and tradeoffs/costs for various options.
Gather statistics as to how many visitors that user's website gets per day, and then subdivide that, so that it's a percentage chance that the user will be told there is a user on his site (even if there actually isn't), based within the timeframe he's at the part where he can receive the popup. I think this is the closest you are going to get without having some sort of notification being sent.
You could do this to minimize server usage if you wanted push:
When a user visits a website, check and see if the person who would be getting the notification is online and capable of being notified, and if so, THEN do all the push stuff, otherwise forget it.
Well, on my free time, I'm making this small web site. The site will not require to authenticate, only some actions (like leaving a comment) will require to do so.
I would expect to have up to 100 (probably less) unique visitors a day. I don't really expect more than 50% to (bother to) register.
Right now, I'm thinking of three possible authentication mechanisms (but I'm open to suggestions):
OpenID authentication;
HTTP Digest or at least HTTP Basic authentication;
My own (form based) authentication.
OpenID seems to me a little bit of an overkill for a small site like this. Also, buzzword like "OpenID" on the login page of my site might scare away the less tech-savvy people.
HTTP Digest (or Basic) authentication provides a low security level (or none at all), because the site will not be under HTTPS.
My own implementation would, most likely, suffer the same security problems as the HTTP Digest would. Although, I could implement some more protection against brute-force attacks (display a captcha after three failures etc).
What other mechanisms would you suggest? What are the pros and cons that I'm not seeing? What would you choose?
Well, if you want your visitors to leave comments I really think you're better of with something like OpenID. Because if you provide your own form based authentication who will really bother registering yet another account with some password wondering if they can trust you?
I think it's safe to say that people who like the internet own a gmail account, and all those people have an OpenID (Google account).
I suggest you use that... that's what I would do.
You haven't said what language/technology you're using. It could affect things. But I'd be inclined to just roll your own form-based authentication. It's not terribly difficult. Just remember a few basics:
Always sanitize user input. It can't be trusted;
Never store a username or password in a cookie (believe me people do);
Only store encrypted passwords using a reliable encryption method like MD5 or SHA1;
Use a non-predictable salt;
Require cookies to be enabled. Don't try and do URL rewriting.
Why not just have a name field when they post a comment, perhaps remember it in a cookie if you want. Most users just want to identify themselves not have an account.
Just make sure that you have some spam blocking in place as forms attract spam bots. Even if that is just a capcha with the form every time.
Openid is the best I think. Also if you give proer help about open id (or like SOF shows) then people will uderstand. Once less tech savvy people uderstand the use of opend id (no new username and pwd) then they will start liking it.
Definitely go with OpenID - the more people we get onboard, the more familiar people will become with it, and it's not really that strange to use the first time. If you are a microsoft dev, the dotNetOpenID library makes implementation pretty straightforward - I have done this for both ASP.NET and ASP.NET MVC sites with no problems.
EDIT:
With regard to supporting non tech-savvy users, some links / explanation on the login page would go a long way to alleviating concerns. The redirect they will see is quite similar to experiences that they are more familiar with, like credit card or paypal authorization, so should be easy to explain in these terms.
It depends in part who your target audience is. If they're all computer geeks, go with OpenID. They're either familiar with it, or will understand what you're doing. If they're not necessarily computer geeks, they may not have been exposed to OpenID authentication yet, so OpenID could present a barrier to entry. In that case, you might want to go a more traditional route, such as register/validate email/login approach, whether roll-your-own or off-the-shelf.
You could distribute some RSA SecurID to your visitors ;-)
Seriously, the main question to ask is: does the total hour of work to implement a decent security system for my users to log in are worth the content that may be accessed if the website security is broken?
You should look into RPX (https://rpxnow.com/), its a layer on top of OpenID and a few other schemes that for most languages is really easy to implement (there is a gem for ruby and I know a friend of mine got it into his php application in a less than a couple of hours).
OpenID rules! As an informed user I'm not sure it's been looked at to the point where it's "bulletproof" for security, so I probably wouldn't use it for financial / medical websites, but for the 95% of other websites, it would save me from having to write down my cheat-sheet of 137 different usernames and passwords. I've used it in a (nonpublic) site I developed and it was a bit of a hassle to get the authentication working properly, but if you can use one of the libraries out there, go for it!
HTTP authentication is standardized but something about it disturbs me. I dunno what. Something about a separate dialog box popping out of the browser makes me suspicious.
p.s. BBC's Digital Planet had a radio program my local radio station aired yesterday (17 Feb 2009) that talked about OpenID. So I guess when the radio talks about it, it must be starting to go mainstream.
My advice: do not reinvent the wheel. Web authentication is a wheel if I ever saw one, and it's remarkably difficult to get all the subtle pitfalls handled correctly. Chances are you'd miss something and end up with effectively no security.
Either go with an OpenID solution, or look into the many auth libraries out there, and pick a thoroughly-tested one.
See also: The Definitive Guide To Website Authentication