Log in

No account? Create an account
brad's life [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

the content-addressable internet [Oct. 16th, 2005|06:26 pm]
Brad Fitzpatrick

I've always been a fan[1] of files/patches/changesets represented by digest, but here's another cool case:

Mailing list post, "Yes, that was fixed in 55820ee2f8c767a2833b21bd365e5753f50bd8ce".

Without going to a git browser, and without updating my local sources, I just google it using Firefox and presto, there it is.

Props to Google for not restricting the length of search terms.

[1] In theory, if the hash function is good. Not MD5. Arguably not SHA-1, either, lately. I think any content-addressable system should prepend the digest with the function's name: "tiger:f8c767a2833b2f8c767a2833b2", etc., to future-proof it.

[User Picture]From: avva
2005-10-17 01:47 am (UTC)
I like referencing Message-ids better. At least they don't look completely opaque.

What's a content-addressable system? You want your ID to be: a) unique b) indexed by google or some future foo. Using a hash function is an overkill for a) and is no more guaranteed
to be b) than any other unique piece of string embedded in the text somewhere.

Yeah, so in this case the version control system doesn't use a human-readable messageid-like unique commit ids, it uses a hash function to look cooler. Bah.
(Reply) (Thread)
[User Picture]From: brad
2005-10-17 01:55 am (UTC)
Yeah, but you can say:

"Just apply [hash-of-patch]."

And then you can get that patch from anywhere without having to trust anybody (a roundrobin of version control mirrors), since you can verify it yourself.
(Reply) (Parent) (Thread)
[User Picture]From: avva
2005-10-17 02:09 am (UTC)
Except if you're that paranoid, you could consider your words "Just apply [hash-of-patch]" being spoofable in the first place, with the hash value replaced. And since the value is completely opaque, you can't derive any trust from its form.

The right level of trust isn't "wget this url, md5 it and compare to what was transmitted to me through this insecure channel". It's either "wget this url, md5 it and compare to hash value I got through a very secure channel", or, preferrably, just "wget this url and check its signature by someone I trust". In this latter case, your ID not being opaque helps you use your insecure channel (a mailing list, whatever), because it has some meaning to you, like maybe a date, a domain, stuff message-ids have. With hash values an Evil Adversary could direct you to a patch you don't need, or is outdated or buggy, though maybe signed by someone you trust.

Hmm, I think I may have been too anal just now.
(Reply) (Parent) (Thread)
From: evan
2005-10-17 09:06 pm (UTC)
arch uses a global name space based on email addresses, so stuff like [logjam@danga.com--2005/logjam--dev--4.5--patch-5] works.
(Reply) (Parent) (Thread)
[User Picture]From: avva
2005-10-17 09:12 pm (UTC)
Oh, that's good.

What made you ditch svn in favor of arch for logjam and the like? (I don't remember if you ever wrote it down, if you did, I probably missed it).
(Reply) (Parent) (Thread)
From: evan
2005-10-18 01:13 am (UTC)
svn wanted webdav, and I didn't have webdav on danga. And I did a lot of my development in different locations -- I had a few branches on my laptop, a few on my desktop, and a few others at school. (For example, the laptop didn't have GTK so I'd work on the console-only features there, while at school I didn't want to store a copy of my LJ on their NFS so I'd only work on exporting in my home branches.) I suppose these sorts of problems may be address by svn (or svk?) these days but back then I felt like it wasn't sufficient.

I don't especially like arch (really ugly naming, needlessly confusing, lead developer's an ass) but now I'm stuck with it! I like darcs a bit more (fixing the previously-mentioned problems) but the whole "written in Haskell" thing makes it a bit difficult for my users to install. (All one of them -- gaal...) So to compromise I've been using baz (basically arch with renamed commands, as far as I can tell) but I'm getting kinda ridiculously obscure.
(Reply) (Parent) (Thread)
[User Picture]From: niallm
2005-10-17 10:01 am (UTC)
tiger:f8c767blahblahblah looks awfully like a URL to me...

hash://tiger/f8c767blahblahblah maybe?
(Reply) (Thread)