Four changes:
- implement +validate-u to allow %u requests over the network
- make +validate-x use our local marks to make %x requests generally
work over the network
- in +start-request, if a foreign ship is making a request that we
shouldn't send over the network, ignore it. This closes a DOS vector.
- in +duce, if we're about to make a request to a foreign ship which
they won't be able to answer, crash the event.
Combined, these fix many of the common cases of weirdness around foreign
clay requests. Notably absent is a fix for reading `%a` across the
network, which I still maintain should happen against the foreign
hoon/zuse.
fixes#4834
see also #4307
Also switches everything to ropsten by default, including ivory pill.
Batches work on ropsten now.
Also adds +tx as a hacky development tool to create text for metamask to
sign and then turn that into a batch. A useful reference for bridge and
aggregator work.
By factoring their shared logic out into +build-dependency, which gets
passed the relevant details about how to track the file being built in
the dependency stack.
Hoon files may want to import nouns from all files in a given directory.
/~ lets you do so, importing as a (map @ta *) (but with typed values).
Note the description as "directories" here, instead of "path prefix".
The behavior, as implemented, will not include /path/hoon for /~ /path,
instead only including /path/more/hoon and more deeply nested files.
This seems to be, generally, the behavior you want, for example when
importing from /app/myapp/* for /app/myapp/hoon.
Actually using the resulting map requires some manual casting, which is
not ideal. Some code style improvement work remains to be done as well.
In +en-json, the vast majority of our time is in +jesc (json string
escaping). Since ships will always be string-safe, we pretend they're
numbers to bypass the escaper. This saves about a second on initial
landscape load.
Avoid allocating hundreds of thousands of cells when giving large
requests. This took the footprint of this function on initial landscape
load from 1 second to 100 ms.
We commonly print many names in a row, often the same ones. For
example, on landscape's initial load, we send all the members of all the
groups we're in, and there's substantial overlap.
At least half the cost is in +fein, which is not currently jetted, but I
believe there's an old jet in the git history.
Fixes#4598.
#4474 made the JSON time conversion no longer invertible, which caused
problems for chat, which uses message timestamp in milliseconds as a key
-- so chat would send a message with ms timestamp x, it would get
encoded as @da x, but then when it went back through the conversion to
milliseconds, it would often (not always) get encoded as x-1.
I still do not fully understand why this is -- and why it doesn't seem
to be a problem with seconds based on cursory testing -- but integer
multiplication and division generally do not invert. And adding a half a
millisecond to the input date before converting it resolves the issue
and makes the functions invertible.
I added a regression test, so hopefully the next courageous adventurer
who winds up here after wondering why +unm looks funny will have a
safeguard against some of the mistakes I made.
State before: in chrono:userlib, there were second-resolution
@da-to-unix and unix-to-@da functions. In en/dejs:format, there were
millisecond-resolution @da-to-unix and unix-to-@da functions. The
@da-to-unix path in time:enjs confusingly rounded to the nearest
millisecond, meaning millisecond n was a label for [n-0.5, n+0.5) rather
than [n, n+1).
This adds a millisecond-resolution @da-to-unix and unix-to-@da to
chrono:userlib, and a second-resolution conversion to en/dejs:format.
It makes use of the chrono:userlib functions in en/dejs, and doesn't do
any rounding.
Backwards-incompatible changes:
- made unt:chrono:userlib take a @da rather than @.
We can't molt until clay has gotten its pork or else we'll build the old
app against the new kernel. This ignores vegas, since we should get a
notification from clay on /sys/lyv.
When we changed wires from /a/foo to /ames/foo, our sorting function
started sorting by last character instead of first character, so breach
notifications were given to gall before ames. This made gall try to
resubscribe before ames cleared its state, so the message would be lost.
Fixes#4177
This had regressed during some breach-related merge. Multiple commits/branches
had touched this codepath recently, eating the code step change introduced in
#3217.
Fixes#4126.
* jb/motion:
pill: solid
zuse: remove %crud from vane-task
arvo: full vane names in $sign
aqua: build again (still broken)
arvo: reform of the scry reform
When you first boot, if you try talk to someone before your azimuth is
up-to-date (for example by import), then if they've ever breached
(twice) then you'll get breach notification, cancelling your message.
This changes is it so that if we haven't heard anything about this ship,
we don't signal a breach.
The implementation complexity is primarily because we need
eth-watcher/azimuth-tracker to produce an update of a list instead of a
list of updates. This way, Jael can keep a "state as of the beginning
of this move" variable to check when deciding whether to signal a
breach.
* na-release/candidate:
kh: use Word8 for Tint true color values
arvo: remove unused app files, libraries, and imports
webterm: improve line-spacing in certain browsers
vere: avoid +scot call for color value rendering
kh: support 24-bit %klr colors
vere: support 24-bit %klr colors
webterm: update mar and js to support 24-bit color
tests: fix ames tests
pill: update ivory pill
dojo: correct mark conversion scry path
pill: solid
aqua/ph: fix comet test
ames: flat packet format
hoon, dill: Add 24-bit true color
+riff-any is all clay requests except "backfill" requests. Change to
`$%` from `$^`, which was used to distinguish originally non-versioned
requests.
+fill is backfill requests and had no version number, so we add one.
We do not have version numbers on responses since those are implied by
the request. If someone requests at version `n` and you're at `n+1`,
you must respond in the format of `n`.
If someone requests at version `n+1` and you're at `n`, you crash;
though possibly you should be able to respond with message "I only know
up to `n`", in which case they may be able to re-request at `n`. In
either case, the version of the response is dictated by the request.
* jb/re-mug-pre:
arvo: temporary, build +brass out of /not-sys
hoon: switches to new +mug
u3: adds new +mug (as u3r_gum_*)
hoon: adds new +mug (as +gum)
u3: updates +muk to truncate seed and removes spurious assertion
hoon: updates +muk to truncate seed and removes spurious assertion
* na-release/candidate: (461 commits)
pill: update
zuse: make octs value @ again
zuse, clay, various: unflop the spur in beams
hoon: add +snip and +rear
arvo: unflop the spur in scry
tests: checks bip32 for xpub/xprv/pif/address
bip32: adds network option for bitcoin addresses
bip32: adds network type option for xpub/priv
pill: all
pill: change to ropsten
zuse: change to ropsten
pill: all
u3: fix accidental neologism in comments
pill: solid
pill: solid
nix: trims trailing whitespace from solid pill builder
hoon: adds $cord to $tank
zuse: modernizes syntax of top-level structures
zuse: removes obselete structures $ares, $coop, and $disc
hoon: moves $json and styled-text molds back to %zuse
...
Unflops the spur in +en-beam, +de-beam, and everything that calls either
of those, or works with the consequences of their output.
This includes clay's interface for mounting and unmounting, which now
no longer expects the arguments to contain an old-style spur.
* na-release/secp:
update solid pill
fix secp test (new-secp staging name is gone)
hoon: ensure lib/bip32 is working with new secp, remove old secp
vere: wire up jets for new secp
zuse: make it clear where the secp jet should make explicit size checks
update solid pill
zuse: add refactored secp core (unjetted)
* na-release/runes:
pill: solid
pill: solid.pill
hoon: bscl to bccl, etc
* jb/co-norm:
pill: solid
pill: solid
hoon: modernizes syntax in the rest of |co
hoon: updates @p rendering to avoid intermediate right-shifts
hoon: refactors @da/@dr coin printing
hoon: comments, modernizes syntax for all +*-co:co gates
hoon: refactors +r-co:co, modernizing syntax
hoon: comments, modernizes syntax for all +**-co gates
hoon: refactors +ro-co:co, modernizing syntax
hoon: use +pow instead of handrolled loop in +ox-co:co
hoon: use +dvr instead of +div/+mod in |co helpers
* na-release/next-vere: (1459 commits)
u3: fix accidental neologism in comments
nix: run tests against the latest arvo source
test: fixes +to-wain (no more trailing empty lines)
pill: solid
u3: refactors dynamic hint bytecodes, documents protocol
u3: adds dynamic hint bytecodes and implementation
u3: moves _n_swap() next to other stack ops
u3: adds ghetto +mook replacement
u3: moves |ut battery to the rightmost cache key position
u3: adds |ut battery to jet cache keys
build: update gcloud to use non-deprecated action
pill: solid
glob: update to 0v4.fpa4r.s6dtc.h8tps.62jv0.qn0fj
notifications: prevent safari shrinkage
glob: update to 0v5.91i1u.1g535.t3de3.6c3ih.fanmv
Sidebar: loosen property access
launch: loosen property access in unread count
notifications: fix scroll to load
glob: update to 0v1.pak02.pfla3.gh56f.qhc6h.3h881
inbox: fix graph resource redirects
...
* na-release/next-vere: (1601 commits)
nix: run tests against the latest arvo source
test: fixes +to-wain (no more trailing empty lines)
pill: solid
build: update gcloud to use non-deprecated action
pill: solid
glob: update to 0v4.fpa4r.s6dtc.h8tps.62jv0.qn0fj
notifications: prevent safari shrinkage
glob: update to 0v5.91i1u.1g535.t3de3.6c3ih.fanmv
Sidebar: loosen property access
launch: loosen property access in unread count
notifications: fix scroll to load
glob: update to 0v1.pak02.pfla3.gh56f.qhc6h.3h881
inbox: fix graph resource redirects
inbox: fix link routing and rendering
glob: update to 0v4.3fbh4.p7j6i.2pi9g.d1ltq.5u7uu
hark-fe: fix crash
hark: update graph marks for editable comments
graph-store: change atom to %1 for all migrated comments
glob: update to 0v5.67obv.15auf.c2rc7.jpcu2.iain3
inbox: correct notification order
...
a tape is just a list of utf8 bytes, it's never save to split one
at an arbitrary position. this is exactly what \/ windowing did,
so i had hacked in to/from utf32 conversions to prevent splitting
multi-byte characters. that is dumb and slow, so it's now gone.
* master: (390 commits)
glob: update to 0v4.fpa4r.s6dtc.h8tps.62jv0.qn0fj
notifications: prevent safari shrinkage
glob: update to 0v5.91i1u.1g535.t3de3.6c3ih.fanmv
Sidebar: loosen property access
launch: loosen property access in unread count
notifications: fix scroll to load
glob: update to 0v1.pak02.pfla3.gh56f.qhc6h.3h881
inbox: fix graph resource redirects
inbox: fix link routing and rendering
glob: update to 0v4.3fbh4.p7j6i.2pi9g.d1ltq.5u7uu
hark-fe: fix crash
hark: update graph marks for editable comments
graph-store: change atom to %1 for all migrated comments
glob: update to 0v5.67obv.15auf.c2rc7.jpcu2.iain3
inbox: correct notification order
inbox: redirect invites correctly
publish: Restore basic 'add writers' form
interface: show currently editing comment as pending
landscape: preclude dropdown duplicates on exact match
interface: links and publish comments both work
...
* na-release/next-vere: (943 commits)
pill: solid
glob: update to 0v4.fpa4r.s6dtc.h8tps.62jv0.qn0fj
notifications: prevent safari shrinkage
glob: update to 0v5.91i1u.1g535.t3de3.6c3ih.fanmv
Sidebar: loosen property access
launch: loosen property access in unread count
notifications: fix scroll to load
glob: update to 0v1.pak02.pfla3.gh56f.qhc6h.3h881
inbox: fix graph resource redirects
inbox: fix link routing and rendering
glob: update to 0v4.3fbh4.p7j6i.2pi9g.d1ltq.5u7uu
hark-fe: fix crash
hark: update graph marks for editable comments
graph-store: change atom to %1 for all migrated comments
glob: update to 0v5.67obv.15auf.c2rc7.jpcu2.iain3
inbox: correct notification order
inbox: redirect invites correctly
publish: Restore basic 'add writers' form
interface: show currently editing comment as pending
landscape: preclude dropdown duplicates on exact match
...
* master: (390 commits)
glob: update to 0v4.fpa4r.s6dtc.h8tps.62jv0.qn0fj
notifications: prevent safari shrinkage
glob: update to 0v5.91i1u.1g535.t3de3.6c3ih.fanmv
Sidebar: loosen property access
launch: loosen property access in unread count
notifications: fix scroll to load
glob: update to 0v1.pak02.pfla3.gh56f.qhc6h.3h881
inbox: fix graph resource redirects
inbox: fix link routing and rendering
glob: update to 0v4.3fbh4.p7j6i.2pi9g.d1ltq.5u7uu
hark-fe: fix crash
hark: update graph marks for editable comments
graph-store: change atom to %1 for all migrated comments
glob: update to 0v5.67obv.15auf.c2rc7.jpcu2.iain3
inbox: correct notification order
inbox: redirect invites correctly
publish: Restore basic 'add writers' form
interface: show currently editing comment as pending
landscape: preclude dropdown duplicates on exact match
interface: links and publish comments both work
...
* release/next-vere: (1369 commits)
nix: fixes `shellFor` nix-shell helper
vere: print error and exit if stdin is not a tty
build: silence service account activation output
build: minor refactoring of haskell-nix overlays
build: move darwin install_name_tool fixup from vere to king haskell
u3: fixes incorrect double ref-counting in |ff jets
u3: removes unused `Exit` variable
u3: removes obsolete bail:need assertion
u3: refactors fatal exception handling in u3m_bail()
build: remove {sha256,md5} output for push-storage-object effects
build: add log message when destination object already exists
build: force google-cloud-sdk to use python3
build: adding support for hercules ci effects
build: remove push-to-storage for ivory, brass, and solid pills
pill: rebuild solid pill with %lens included in lite boot apps
arvo: run %lens when lite boot (-l) is specified
build: expose configurable arguments when booting/testing fake ships
build: ensure urbit tests are run with the -g argument
vere: ensure debug symbols aren't stripped by default (by nix)
build: remove from-scratch ropsten pill builds on ci
...
Eyre's clog logic was a tad inconsistent about "only facts" vs "not poke-acks".
This makes it consistently say "only facts" when it comes to clog-related logic.
Yes, in theory this means %watch-acks and %kicks can build up endlessly, but
those should take up negligible space compared to %facts.
Should fix any oddball cases of crashes here that #3835 didn't already catch.
This was a little bit too crummy. Instead, we put in a placeholder of ~,
which should be forwards-compatible with atomic session identifiers,
where ~ identifies the default session.
Additionally touches up the herm wires/paths to stick to the above more
closely.
This lets us support the "random userspace app sending dill belts".
Ultimately, we'll want to be able to specify a session identifier
alongside the belt, instead of strictly relying on the duct.
Adds a %view task, which opens a subscription on the output sent to the
specified session. %flee closes the same.
Whenever dill sends a blit to the session, any subscribers get the
output also.
The structures here will become more reasonable once we replace ducts
with proper dill session identifiers.
People using older runtimes might not support the %klr blit. It's not
uncommon for prompts without style to get passed in as %pom though, so
here we catch that case and turn it into a %pro, which gets rendered as
a traditional %lin.
Pretty-printing is expensive, yet we do it whenever we construct the cookie
string, at least once (but usually twice) per authenticated request.
Here we call out the the specific to-tape functions we need, instead of relying
on the pretty-printer for converting... tapes to tapes, among other things.
The primary gains come from the cookie-related instances, we update the others
mostly for good style.
For the "receive request and immediately send response" case, that is processed
synchronously within eyre (ie, client sends channel ack), speeds thing up by
roughly 55%.
Motivation for the change is performance improvements on the un-`^~`d uses of
ream. Parsing turns out to be slow, making ream slow in turn. So we construct
the hoon ast manually instead.
!, is arguably better style than ream, since it doesn't require a ^~ for static
input, and lets syntax highlighting function properly.
For the investigated case, in +get-cast's +grow flow, improves performance by
over 80%.
If the Forwarded header specifies the original connection is secure,
update the flag to reflect that, regardless of whether the connection
directly to the urbit was made securely.
When an application would send multiple facts during a single event, it
was possible for the first fact to trigger a clog, removing the
subscription and sending a quit, but then the second fact still getting
sent out at normal.
Here, we drop any facts for subscriptions we don't have registered in
state, which should only happen in the described case.
Because storing in reverse order means producing in reverse reverse
order.
The tests didn't catch this because they, too, were infected with the
"reverse moves" meme.
This commit adds 24bit true color capabilities to `sole-effect` for
those terminal supporting it (which most modern terminal does). It adds
a RGB type squashed into `$tint`, which will get converted to escape
sequences in `dill` for the moment.
As Urbit does not do `termcap` detection, this also does not attempt
that. But on terminals that doesn't support true color (e.g. linux
console), the color would be truncated to the nearest achievable
approximate.
In order to curb event queue growth when a client for whatever reason
isn't acking the events we send out, we implement a mechanism for
detecting such "clogging", and proactively kick subscriptions which are
adding too many events to the queue.
If the client hasn't sent an ack for ~s30, any subscription that accrues
more than 50 unacked %facts gets closed to prevent further buildup.
Upon reconnecting, the client will see %kick for the relevant
subscriptions and can open a new subscription as appropriate.
Includes a simple test for this behavior, and updates /app/dbug to be
able to display the newly tracked statistics.
