[tahoe-dev] [tahoe-lafs] #1200: package up Brian's New Visualization of immutable download

tahoe-lafs trac at tahoe-lafs.org
Wed Nov 24 01:08:39 UTC 2010


#1200: package up Brian's New Visualization of immutable download
-----------------------------+----------------------------------------------
     Reporter:  zooko        |       Owner:  nobody                                                                    
         Type:  enhancement  |      Status:  new                                                                       
     Priority:  major        |   Milestone:  1.9.0                                                                     
    Component:  unknown      |     Version:  1.8β                                                                      
   Resolution:               |    Keywords:  unfinished-business immutable download statistics performance transparency
Launchpad Bug:               |  
-----------------------------+----------------------------------------------

Comment (by warner):

 The viz tool requires two Javascript libraries: jQuery (121KB source,
 57KB minified) and Protovis (510KB source, 117KB minified). It also
 contains a small JS program that is downloaded as part of the
 "download-status" WUI page, included in {{{src/allmydata/web/}}} .

 We identified a couple of goals/concerns around packaging this JS code:

 1. we'd prefer to not include non-Tahoe sources in the Tahoe VC tree.
 2. we only want to manage source code in our VC tree, not
    minified/compressed JS (which is the moral equivalent of object code)
 3. we don't want to store large things in the Tahoe VC tree, compared to
    the 3MB of .py files in src/
 4. we don't want Tahoe user security to depend upon anything beyond
    their own Tahoe node. This rules out having the viz page load the
    libraries from their home pages or from google.

 We used to have zfec and Crypto in src/, and removed them. We managed to
 remove the random windows .exe files from the tree. It'd be nice to
 avoid adding such things back in.

 Unfortunately, there are few established practices for packaging
 Javascript files on the desktop (most web sites either serve their own
 copy or rely upon Google's fast servers). Our current tool for
 obtaining/building dependencies (setuptools) only handles python, not
 JS.

 Debian does appear to have the beginnings of a [http://ianlawrence.info
 /random-stuff/packaging-web-applications-in-debian JS packaging policy]
 and has a [http://packages.debian.org/lenny/libjs-jquery libjs-jquery]
 package (which, when installed together with the
 [http://packages.debian.org/lenny/javascript-common javascript-common]
 package, makes {{{http://HOSTNAME/javascript/jquery/jquery.min.js}}}
 available). This makes it feasible for web apps on a debian box to all
 share the same (upgradable) copy of common libraries.

 We seem to have consensus on the importance of goal 4: Tahoe is very
 focussed on not relying upon outside parties for security, and until
 browsers offer a way to process and enforce cryptographic hashes in URLs
 (so we could specify exactly what script we wanted to pull from e.g.
 google), we're not comfortable with extending the TCB to include
 external web sites, much less the "anyone-who-can-spoof-your-DNS" attack
 enabled by using http URLs (instead of https).

 Some potential solutions we've discussed:

 A. bite-the-bullet: commit copies of the JS libraries into Tahoe's VC
    tree, probably the non-minified form to retain goal 2
 B. build-time: add a build step which downloads the libraries from some
    well-known place, checks their hashes against precomputed
    expectations, and copies them into the source tree somewhere
    ({{{support/lib/js}}}?)
  * this covers run-from-source, but packagers will have to come up with
    something else. Debian packages could depend upon libjs-jquery and use
    symlinks to reach the files, but there is no protovis package yet.
 Other
    OSes are unlikely to have even that.
 C. plugin: define a plugin interface for Tahoe, and put all the viz
    pieces in a new project. The new project's VC repo would have
    precisely the same problem, but maybe we'd be willing to
    bite-the-bullet more readily on the plugin than on the main Tahoe
    repo.
  * For the viz plugin specifically, we'd need two hooks:
   * add a link to each download-status page
   * add code to serve a new page (the viz JS program) from that link
   * (the basic JSON data source could be built-in to the Tahoe core, as
 it's
     useful to more than just a JS-based viz tool)
 D. separate process: if we enable CORS on the JSON data source, the viz
    program could conceivably be served from a separate program (on a
    separate port), but it would take some fussing to let it find out
    what download it should display (the program would need to scrape the
    recent-uploads-and-downloads page to get the download numbers, then
    offer its own menu page)
 E. webapp-in-grid: store the JS viz program in the same grid that the
    Tahoe node is using, then let it behave like the separate-process
    case.

 B (build-time) would be disappointing, because I'm trying to get rid of
 the
 "build" step (#479). My
 [https://github.com/warner/tahoe-lafs/tree/unsuck "unsuck"] branch splits
 the
 build step into two pieces: one is a helper which checks to see if you
 have
 the dependencies available, and the other will download+build them for
 you:
 the idea is that there may be more appropriate ways to obtain the
 dependencies (i.e. {{{apt-get install python-zfec}}}), so download+build
 shouldn't be the default. When OS packages of the JS libraries are
 available,
 this could be done cleanly, but otherwise we have to define what it means
 for
 each JS library to be "available" (i.e. where it lives).

 C (plugin) would be cool for other reasons, but is a lot of work and
 yak-shaving for a fairly small feature. It also just pushes the problem
 elsewhere.

 D (separate process) doesn't sound likely to provide a good user
 experience.
 Download status charts should be reached from a link on the download-
 status
 summary page, not from a completely separate app.

 E (webapp-in-grid) has the same problem, plus I'm uncomfortable with the
 idea
 of storing pieces of Tahoe's functionality in Tahoe itself, both because
 of
 the setup problem (what, should each copy of tahoe auto-upload the JS app
 into each grid it touches upon first boot?), and because of the recursion
 problem (what tool do you use to diagnose download problems of the
 download-status JS?).


 So I'm undecided. I guess I lean towards B, as it seems to be the cleanest
 option. I wish the libraries were small enough that we could just jam them
 into the tree (option A), but they're not. In the long run, C (plugins)
 would
 make it easier to get new functionality into the node, and I bet we'd be
 willing to commit jQuery into the plugin's repo (especially since then, if
 we
 changed our mind, we could just ditch that repo and start another plugin),
 but it doesn't feel right for the near-term.

-- 
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1200#comment:8>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-dev mailing list