Intended use is for transitory moons to be able to breach themselves on
startup.
If you run a moon without persistence, then every time the program is
restarted, it must be breached. This lets the moon breach itself
instead of requiring direct interaction with the planet. The moon
should reserve the first bone for this purpose, and then every time it
starts up, it should send [%helm-moon-breach ~moon-name] to hood on the
planet.
This undoes some of the code-splitting done previously as it didn't
affect performance enough, and was actively hurting it in some ways.
Instead this moves the subscription initiation higher and adds scries
for critical data. This also shuffles the calls in App's useEffect so
that they are more colocated with relevant concerns.
Drops unnecessary logs for subscribers, to reduce memory usage. In local
testing, this incurred a 20% improvement in graph-store memory usage.
Note that publishers still retain the entire history, for backlog and
resubscribe purposes. Subscribers still retain a handful of updates so
that they can resubscribe upon kick correctly.
Small touch-ups to simulation behavior and ph tests. Most of them pass
now, even if they're still really slow at times.
The breach ones don't pass, but also complain of dangling bone, so might
work once the fix for that is in.
Empirically this seemed to work before (maybe hind events were never
getting sent?), but `u3a_lose` takes a `u3_noun` so it seems best to
follow the specified API.
This fixes a space leak where the entire ford/clay core would be
included in the ford cache. Heavily reduces memory usage by clay,
reducing total usage from 100-200MB to around 10MB.
Instead of reporting a single memory size for built files, marks and
conversions, we now report memory size per path, mark name and mark
pair, respectively.
If a batch gets bigger than a max size defined by the ethereum node
the raw transaction is sent to, the /ted/roller/send thread will crash and
the batch will be blocked, stopping any subsequent batches to be sent.
This detects when the current batch reaches a certain threshold and only
includes transactions up to that point, moving the ones that are not sent
back to the pending queue, adjusting their history and finding status.
This gives us much higher cycle times when retrying tests over and over,
since we can just fast-forward past the boot sequence, which never
changes unless we change the pill.
scries %azimuth for logs.state, filters the L2 events, and then gets
their timestamps. ought to use ted/eth/get-timestamps but doesn't due to
issues with spawning child threads, but there's probably a way to do it
without child threads
Also I took the liberty of making `build-signing-participants` use a `%lyfe` scry and remove unknowns from the set rather than crashing. This is a choice - happy to change it back the other way.
Too often when dealing with big types the compiler traces and other such
outputs become hard to read. Wrapping a type as $+(shorthand big-type)
will now print #shorthand in place of the type.
+balk defines a datastructure for a parsed remote scry path format in
addition to conversion gates to and from paths.
The new scry path format is /~ship/rift/life/vane/care/spur. Note that
desk no longer appears in the scry path format and should instead be
encoded as the first item of the spur.
Disables automatic dismissal of push notifications in an attempt to
tighten the debugging space. This should prevent unintentional 404s. To
prevent a space leak we clear notifications once a week on a timer.
verified using vim regex search (and corresponding regexes for the 3, 2,
and 1 letter motes):
/c3__\(.\)\(.\)\(.\)\(.\) *c3_s4\(('\1','\2','\3','\4')\)\@!
instead make it a rolling 128-bit integer. 128 bits is the same size as
the +sham space, so is one natural choice for "big enough to never have
to think about this." 64, 32, 16, even 8 bits would probably be fine.
Threads should eventually take and produce $cage instead of $vase. Since
%khan is likely to be used by third parties, we write to the eventual
intended API. We ignore the mark on the input $cage (it is safe to
always specify %noun), and we always use %noun as the output mark.
%fyrd now makes more sense. It was previously discarding the type of the
output %arow and re-encoding the raw noun as a vase of the output mark;
it is now performing mark conversion from the mark of the output $cage
to the originally requested output mark.
* master: (33 commits)
groups: updating glob and version
interface: use single sig in NotificationText
interface: fix subscription reconnect issues
landscape: fixing bad glob
landscape: updating glob and version
interface: adds `theme-color` meta tag, removes outdated safari web app meta tag
zuse: add missing assertions
landscape: cache marks again
zuse: comment clarifying sk bounds check
bounds-check against sk=1
zuse: style cleanup, use +rep/+end
pill: solid, brass
interface: refine joining error cases
group-view: fix errored rollback
helm: cleanup +poke-rekey to match #5522
helm: fix |rekey to work with multikey files
test: schnorr bounds checking
zuse: boundary assertions for schnorr
zuse: schnorr test cases
zuse: schnorr address
...
nara: swedish for near, provides a trace from the start of the nearest virtualization
to the statement wrapped by the nara hint.
hela: swedish for whole, provides a trace from the start of the event
to the statement wrapped by the hela hint.
The eventual goal is to present these traces in a way that is most salient & useful to developers
and in a way that is aesthetically pleasing as the bout hint is useful and nice looking.
For this pull request the goal is to provide the actual functionality in code that we can feel
safe and comfortable adding to the master branch. To this end, I've added a trivial set of tests for
nara and hela in pkg/arvo/tests/run/hints.hoon - they only prove that invoking these hints will not
crash the runtime, but I'm open to ideas for how I can test these hints further.
The `ProfileOverlay` component expects a `ship` arg as a patp without the sig. This deSigs the ship value used in `NotificationText`.
This closesurbit/landscape#1376
Use the correct wires when cancelling the scry request and/or its
timers.
Note that we may produce more %rests and %yawns than strictly necessary,
but these no-op cleanly in those cases.
the full type output by vars is now:
(list [cord (list [cord (list [cord @])])])
it's a mouthful, but a consistent mouthful. the first layer of the list
is the IO driver name, nam_m. the second layer is the instance name,
either %all or some driver-relevant identifier (e.g. http instance.) the
third layer is the list of labels and values.
This actually raises difficult questions about the schema for the /vars
peel. One level of nesting makes sense to aggregate per IO driver, but
multiple levels is confusing.
The current output is extremely unprincipled: you just have to know that
there are multiple http servers and handle the output accordingly.
Options would be:
1. collapse the ambiguity to the top level, i.e. 'http-0i8080',
'http-global', etc.
2. collapse the ambiguity to the inner level, i.e. '0i8080-connections'.
3. create a proper recursive data type that e.g. uses an $each.
3b. send some kind of schema.
5. recognize that we have entered a terrifying hall of mirrors and back
out the entire approach of nested metrics in favor of just a bigass
flat list of labels with values like borgmon does.
tid was accidentally getting set to the name of the output mark. As we
don't currently support cancelling threads, there is no reason to
maintain the originally-intended correspondence between tid and conn
request-id.
Take the opportunity to clean up indentation somewhat.
This can occur after upgrade, or when receiving a %delta blob. We do not
know the path or commit timestamp of a file that resolves to the blob,
so we simply fall back to old ames-style blob-by-lobe fetching.
In +work, we simply want to fetch file data, regardless of what the
overarching request is. (In fact, %sing would likely never hit this path
anyway.)
In order to be able to make the scry request, we track the timestamp of
the commit that contains a blob we're missing, and scry for that %da
revision.
There's two edge cases where we cannot immediately know the timestamp
that are currently assumed broken. Fix soon.
%v requests are already handled specially for the ames case. We should
continue to respect that, only doing those kinds of requests over ames.
Also cancels the scry timer after receiving a response, instead of not
doing that.
Ancient version upgraders beware! If you're coming from a home-based
arvo, you must first upgrade to the version prior to this, or else
you'll be in trouble!
When clay wants to download blobs from a foreign ship, it attempts doing
this using the new remote scry protocol.
If it doesn't receive a response within ~m1, it falls back to using the
old ames-based syncing instead. We remember this "prefer ames" state for
the specific ship for an hour, after which we'll begin trying the scry
flow again.
Compiles, but untested. Some TODOs and REVIEWs remaining herein.
We intentionally leave the dist-upgraded flag in state to avoid
cluttering the diff here. The next commit will remove it.
Also strips out `$` from khan top-level comment.
There are arguments for keeping $crag in lull, and on the other side for
moving $cast to arvo. This seemed like the most reasonable approach.
%fyrd is now implemented in terms of %fard, and likewise %avow in terms
of %arow. State is tracked via wire rather than in a global map.
Unit tests adjusted to match.
support a `%depth-first` scry constructed as follows `.^(* %gx /=graph-store=/graph/<ship of resource>/<name of resource>/depth-first/<count>/<start>/graph-update-3)`
These take and produce vases, and assign random tids (rather than
deducing them from the input duct.)
Since %fard does not require mark conversion, we make the mark/beak on
$thread-state optional (and use this to decide whether to send %avow or
%arow.) Provide a state adapter since it's possible that people have
been experimenting with this vane.
This makes the negative case of %avow/%arow kind of clunky, since there
is no content difference, but the following does not seem possible
within the Hoon type system:
=/ gif
?~ p.tad
%arow %avow
[hen %give gif %| p.cag tang]~
- use desk parameter instead of %base everywhere
- formatting clean up
- make |story-remove take a case instead of an aeon
- make desk param optional for story-set and story-log
+sign:schnorr crashes on `=(0 sk)`, so the bounds checking code is not
exercised for sk=0. It also crashes on `(gte sk n.domain.c)`, which is
redundant with the size check on sk, so we remove that.
Since we cannot scry the key out of jael during load, and the
alternative is defering this logic through the larval core in some way,
we simply include the type for the old acru interface, letting us reuse
the old core to initialize the new one.
Instead of exporting keys so that caller can do this themselves, we
expose arms for signing and authenticating that produce and operate on
just the signature, without mangling it into the message.
'~.' was a pun with the @ta encoding, which could cause people to get
confused about how the mapping actually worked.
I had previusly wanted the escape sequence to be a valid @ta, since I
had wanted to check that path components were (sane %ta) prior to doing
$knot conversion. However @joemfb mentioned that it was desirable to
have it not be a valid @ta so that if someone messed up the encoding in
the future, the paths would be detectably wrong.
This necessitates calling _unix_knot_to_string on unsanitized input,
which means we can no longer assume that it won't contain non-(sane %ta)
characters, which means we can no longer assert that '\\' is not in the
string on Linux.
Also added a seemingly forgotten null byte to _unix_knot_to_string.
- Don't test for '\\' in u3_unix_safe. Doing otherwise was crashing vere
when unmounting a mountpoint that had come to contain a file with '\\'
in its path. This might mean you can do bad things on Windows if other
checks fail.
- Ignore any files whose names do not pass `(sane %ta)` when scanning
directories. (This reimplements `(sane %ta)` in C. Perhaps it should
instead call `(sane %ta)`.)
- Use '~.' rather than '~' for the escape. We ignore files that end in
'~', probably for vim backup-file reasons.
- Add a _unix_string_to_knot missed in the prior conversion.
unix cannot represent the file with empty name, and it has special
mappings for '.' and '..'. as these three are all valid arvo `+knot`s,
we need to escape them if we come across them.
the method we use to escape is: if we encounter any of those three
`+knot`s, or any `+knot` starting with '~', we prepend its filename with
a '~'. and when going from filename to `+knot`, we do the reverse; i.e.
we ignore a '~' if it is the first character of a filename.
the current implementation just crashes if it encounters a `+knot`
containing '/' or '\\', neither of which are valid under the current
implementation of `@ta` (which only accepts numbers, lowercase, '-',
'~', '.', and '_'.)
it also crashes if it encounters a file containing '\\'. something else
should happen here; most likely vere should just ignore the file.
