urbit/pub/docs/user/appliance.md
2016-01-13 18:10:18 -06:00

10 KiB

next sort title
true 5 Appliance handbook

Appliance handbook

You've built and launched your urbit. How do you control it securely? Three ways: through the Unix console, over the Web, or via an Urbit moon.

What are you controlling, anyway? A user-level application on Urbit is called an "appliance." Think of an appliance as like a Unix process that's also a persistent database.

By default, your urbit is running two appliances, the :dojo shell and the :talk messenger. For more advanced information about your appliance state, see the end of this document.

Console

The Unix console is the most basic way you talk to apps. You've already used it a bit, but let's do more.

The Urbit command line is a little like the Unix command line, but different. It's also a little like a window manager.

Your Unix terminal is separated into two parts: the prompt (the bottom line) and the record (the rest of your screen).

The record is shared; all the output from all the apps in your command set appears in it. So you'll see :talk messages while working in the dojo.

The prompt is multiplexed; you switch the prompting app with ^X. Pressing return sends the prompt line to the app. Urbit does not automatically echo your input line into the record, the way a normal Unix console does.

Also unlike a normal Unix console, the application can process your input before you hit return. In general, invalid input is rejected with a beep. Incorrect input may even be corrected! Yes, this is highly advanced console technology.

Like many but not all Unix command lines, Urbit has built-in history editing. You've never seen anything like these innovative key bindings before:

^A    cursor to beginning of the line (Home)
^B    cursor one character backward (left-arrow)
^E    cursor to the end of the line (End)
^F    cursor one character forward (right-arrow)
^G    beep; cancel reverse-search
^K    kill to end of line
^L    clear the screen
^N    next line in history (down-arrow)
^P    previous line in history (up-arrow)
^R    reverse-search
^T    transpose characters
^U    kill to beginning of line
^Y    yank from kill buffer

^C is processed at the Unix layer, not within Urbit. If there's an event currently running, ^C interrupts it and prints a stack trace -- useful for finding infinite loops.

^D from :talk or :dojo stops your Unix process. From any other app, it removes the prompting app from the command set.

Pressing left-arrow or ^B at the start of a line is an input operation with the metaphorical meaning "get me out of here," ie, escape. The exact semantics of an escape are application dependent.

Web

For now, we'll keep assuming you're at http://localhost:8080. But for planets only, we also proxy web domains through Urbit's own servers. Any planet ~fintud-macrep is also at fintud-macrep.urbit.org. Please use this proxy as little as possible; it's not well-optimized.

There's a web interface to :talk at

http://localhost:8080/~~/home/pub/talk

and a dojo interface at

http://localhost:8080/~~/home/pub/dojo/fab

The :talk client is beautiful and works quite well. Use it. The :dojo client is a bit more of a work in progress. (For instance, you can't paste text into it.)

The login flow remains rather a work in progress. It's not at all secure. But the first time you use an Urbit app (not just a generated page -- you can tell by the ~~ in the URL), it will prompt you for a password.

In a righteous world, the password would be (or default to) your initial ticket. Since the world is lawless and filled with evil, just hit return and send a empty password. The real password will be printed on your console.

A URL that starts with /~~/ authenticates your web page as the same urbit as the server. If instead of /~~/ you write /~fintud-macrep/ (you're using an app on someone else's urbit, and want to sign in as yourself), you'll authenticate with a single-signon flow. Don't worry, only your own urbit ever sees your password. Once you log in, a cookie is set and you don 't need to do it again.

Internally, Urbit treats every web page as another urbit; even a request with no /~~/ or /~fintud-macrep/ is an anonymous comet. Appliances actually can't tell whether they're talking to an urbit over %ames, or a browser over HTTP.

Enabling HTTPS

Urbit doesn't yet serve HTTPS directly. But when you route through urbit.org, you can also use HTTPS. Our server handles your HTTP request and proxies it over Urbit. Of course we could MITM you, but we won't. If you want HTTPS on your own urbit, use the "secure" port shown on startup:

http: live ("secure") on 8443

Firewall off this port. Get an nginx or other outer server. Put your SSL certificate in it and reverse-proxy to 8443.

An Urbit moon

The fanciest way to control your urbit is through Urbit itself: a moon, or satellite urbit. Sadly, only planets can have moons.

In this setup, you have a planet running on a box in the cloud, and a moon on your laptop or other mobile. Changes to the planet automatically propagate to the moon. Also, the moon's console is linked to the :talk appliance on the planet, so you communicate as yourself.

To build your moon, just run

~fintud-macrep:dojo> +moon

This will generate a plot and a ticket. The plot will be a 64-bit plot within your planet, like ~mignel-fotrym-fintud-macrep. On your laptop, install Urbit:

urbit -w $plot -t $ticket

You'll get an urbit where ^x will switch you back and forth between the two prompts:

~mignel-fotrym-fintud-macrep:dojo>
~fintud-macrep:talk() 

Your moon's %home desk is already synced to the %kids desk on your planet. If you want changes on your moon's %home to sync back into your planet's %home,

~fintud-macrep:dojo> |sync %home ~mignel-fotrym-fintud-macrep

Urbit internals

As a user of any machine, you can't help understanding the machine on more or less the same terms as its engineers. You should at least know what the major components are.

Source code

Urbit is a "run-from-repository" OS; all code ships as source on your own urbit, in the revision-control vane %clay. Better yet, live code in every layer updates itself when the source changes. If the local source is subscribed to a remote publisher, the update process is "evergreen" and automatic.

There are five major layers of code in Urbit. Layer 1 is the kernel (arvo/hoon.hoon), which includes both the Hoon compiler and the Arvo event loop. Layer 2 is the main library (arvo/zuse.hoon), Layer 3 is the kernel modules or "vanes" (arvo/*.hoon). Layer 4 is appliances, marks, and fabricators (ape/*.hoon, mar/*.hoon, fab/*.hoon), run from the %gall and %ford vanes. Layer 5 is generators (gen/*.hoon), run from the :dojo appliance.

The kernel (layer 1), the vanes (layer 3) and the apps (layer 4) are stateful; their state is typed, and of course needs to be preserved across code updates. If the new state type differs, the developer must provide a state adaptor. If compilation fails, the new code is disregarded and retried again on the next change.

Appliances are like Unix daemons, except persistent and permanent. But they are the only process-like constructs in Urbit. While Unix uses many short-lived processes that are not daemons, Urbit invokes simple tasks in simple contexts. In Unix terms: since the ls process is not meant to run forever and/or have side effects, giving it the power to do so is asking for trouble. In Urbit, the layer 5 dojo generator +ls is a pure function which simply produces some typed output.

You should never have to worry about any of this stuff; we're just describing it here so it's not a mystery.

Appliances

Your main configuration task is choosing (a) what appliances on your urbit should be running (the active set), and (b) what appliances your console should be linked to (the command set). Again, ^X switches the console prompt between appliances in (b).

Why are these different sets? First, some apps don't need a command prompt. Your urbit runs three default apps: :talk, :dojo, and :hood. The hood is a system appliance and has no direct UI (you control it through the dojo).

Second, you can also link your console to apps on other urbits, and put those connections in the command set. Essentially, the console is also ssh or rlogin. The console is just another appliance (it's actually the drum library within :hood), and Arvo is good at routing events over the network.

What is an appliance or "app," anyway? An app, basically. Think of a Unix daemon, except that (1) it only responds to events and can't run continuously ("nonpreemptive"); and (2) it's "permanent" (never exits, dies, or is even reset).

Why do appliances live forever? They have to. An appliance name is also a sort of port in the Internet sense. A conversation with appliance X on urbit Y is one conversation, not a sequence of disconnected activations.

An appliance is always sourced from a path which is a function of its name, from %foo to /===/ape/foo/hoon. In this path, the urbit is self; the version is now. The desk defaults to %home; changing it will adapt the appliance state.

The normal way to run code written by some external developer is to merge (one time) or sync (for continuous upgrades), the publisher's distribution desk, to a desk on your own urbit. Obviously a desk per vendor is ideal, which also lets you "sidegrade" an app to a different vendor by switching desks.

Configuration commands

Initially, your command set is :talk and :dojo; your active set is :talk, :dojo and :hood. It's completely fine to never even think about changing this, but...

Link your console to an existing appliance, putting it in the command set. If no plot is specified, it's an appliance on your own urbit.

|link %dojo
|link ~tasfyn-partyv %dojo

Permission is up to the appliance, of course.

The opposite of |link. Same interface.

|start [app=term $|(~ [syd=desk ~])]

Start an appliance, adding it to the active set. If syd is not specified, the desk is %home:

|start %foo
|start %foo %away

If the appliance is running, |start sets its desk instead.