Application stack behind the RightsChain copyright management platform

  • 22/04/2019 00:00

We've been preparing a major update at @RightsChain and it's been interesting to make a list of all the technologies hidden behind our platform.

We've been preparing a major update at @RightsChain and it's been interesting to make a list of all the technologies hidden behind our platform.

Developing a complex platform is never easy, and lots of things can go really wrong. Unless you know what you're doing, recovering from a system fault can be a major issue as well as it can be a normal operation. Here, it's not about the stack of applications, it's about what you know of it.

So with Daniele, head of development at Rights Chain, we've been piling up the stack of technologies we heave been currently (for the past two years) using. I'll try to sum them up shortly.

Long story short, 2 years ago we decided to follow a straight philosophy: total control of our systems, knowledge of what happenes beneath, and completely cloud independent. We decided to use Digital Ocean as our cloud service provider for our Droplets (or VMs if you prefer). We can say we had no down time since when we started, and we're very satisfied with performance vs cost ratio. The entire system currently runs on 8 droplets all CentOS-based. Oh and even if there's a lot of fuss about Kubernetes and Containers for live environments, we've chosen to go straight down on the operating system.

So what's about the application stack. Like I said, I'll try to sum it up from the bottom. The middleware.

We have currently running the following middlewares:

  • Apache HTTPD server for all front-ends
  • nginx for reverse proxies and WSGI interfaces
  • WSGI on Python (Flask) for internal APIs
  • MySQL database servers (that's hard to leave after 20 years)
  • MongoDB object databases
  • Nagios for continuous monitoring of all droplets (another 10 years old friend)
  • Multichain open source is the Blockchain engine
  • RabbitMQ for asynchronous messaging between independent systems

The programming languages, like it or not, are the following:

  • PHP for almost all interfaces (as I said, like it or not)
  • Python for all internal APIs and heavy workloads

Now, we have a bit of discussions about frontend, all HTML based, and part is made with VUE and the other part is made using Bootstrap and jQuery. I am not really a fan of "trends" when it comes to coding, the result is the only thing that matters.

So, what's all about that? Rights Chain is a project born in 2017 and our mission is to create a platform for copyright and intellectual property management. Currently we're working on images and pictures and we're improving the system on a daily basis. The interesting part behind this project is the amount of concepts we're working with. Among those you may find:

  • the already mentioned Blockchain system. No, we do not intend to spread another "coin" to solve the copyright problem where authors can be paid with digital crypto-nothing assets. But the adoption of this system is pretty neat and useful for long-term data conservation, and believe me, copyright is a heck of long-term data.
  • Object storage: object storage archives are really useful if you have massive amount of data to store of any size, without the need of structuring information in folder, and subfolders, and subfolders, and subfolders, and so on... I've seen systems with 10 levels of folders before you can find a single fine in that. Been there, no not gonna get back there. (oh for the record, all droplets have XFS filesystem running).
  • Computer Vision. This is something we're working hard on lately, and it's gonna be interesting to describe the results as soon as they will be available!
  • Machine Learning (or AI if you prefer - 'cause I do not): because, why not. We're studying possibilities of implementing machine learning algorithms to our business processes, but honestly, we didn't find any at this time.
  • Digital Signatures and Hashing. I mean, plenty of digital signatures and hashing. Almost anything with our systems is hashed and/or signed with PGP or some other digital signature algorithm. That's because you want to know if someone did manipulate your data or not.

As I already mentioned, I am not a fan of trends of technologies. I am aware there are frameworks - I mean... **itloads of frameworks - available for any taste. And languages. I've been criticised for using PHP as a language, and for some reasons I can relate to that. Except the use of a custom framework that have low system footprint, and it means high speed and low impact on systems. And that means a lot of things.

  • money: yeah, it all comes to that, and it is a good reason. Lower system impact means lower resource requirements, which means for the same amount of money, you can give more service.
  • management: if you have total control of your framework, you can handle problems more efficiently without the need of third parties to intervene. So when someone had a problem with migration of Node.js some time ago because there were compatibility issues between versions, a lot happens behind the curtains. When we switched from PHP 5 to PHP 7 we had a major issues with regular expression handling. Literally every input is run throughout a regexp. And yet, in one day, we refactored the whole code and it was running on PHP 7. Smooth and neat. A framework that I've been starting developing in 2002 and evolved since then (yeah I am proud of that)
  • security: more code, more tools, more libraries, more frameworks means extending the attack surface of your application. I am not saying that our code is 100% penetration proof, we surely have a lot of work to do more, but so far the most common injection attacks have all been handled correctly. And we keep reviewing logs regularly.

So yeah, I am a former system administrator, but I must confess the amount of technologies and proofs of concept we're using at Rights Chain is absolutely thrilling.

Care to know more about what we're doing? Because source code as well, especially if you're a startup, is something your should be really worried about. And we might give some help about that!

Keep coding, keep flying

  • Contacts

Data Protection & Copyright

RIGHTS CHAIN LTD.

Networking & IT

RIVOLUZIONE DIGITALE SRL

Social Profile