shrub/pub/docs/user/appliance.md
2015-12-01 17:43:42 -08:00

275 lines
10 KiB
Markdown

---
next: true
sort: 5
title: Appliance handbook
---
# Appliance handbook
You've built and launched your urbit. How do you control it
securely? Three ways: through the Unix console, over the Web,
or via an Urbit moon.
What are you controlling, anyway? A user-level application on
Urbit is called an "appliance." Think of an appliance as like a
Unix process that's also a persistent database.
By default, your urbit is running two appliances, the `:dojo`
shell and the `:talk` messenger. For more advanced information
about your appliance state, see the end of this document.
## Console
The Unix console is the most basic way you talk to apps. You've
already used it a bit, but let's do more.
The Urbit command line is a little like the Unix command line,
but different. It's also a little like a window manager.
Your Unix terminal is separated into two parts: the prompt (the
bottom line) and the record (the rest of your screen).
The record is shared; all the output from all the apps in your
command set appears in it. So you'll see `:talk` messages while
working in the dojo.
The prompt is multiplexed; you switch the prompting app with
`^X`. Pressing return sends the prompt line to the app. Urbit
does not automatically echo your input line into the record,
the way a normal Unix console does.
Also unlike a normal Unix console, the application can process
your input before you hit return. In general, invalid input is
rejected with a beep. Incorrect input may even be corrected!
Yes, this is highly advanced console technology.
Like many but not all Unix command lines, Urbit has built-in
history editing. You've never seen anything like these
innovative key bindings before:
^A cursor to beginning of the line (Home)
^B cursor one character backward (left-arrow)
^E cursor to the end of the line (End)
^F cursor one character forward (right-arrow)
^G beep; cancel reverse-search
^K kill to end of line
^L clear the screen
^N next line in history (down-arrow)
^P previous line in history (up-arrow)
^R reverse-search
^T transpose characters
^U kill to beginning of line
^Y yank from kill buffer
`^C` is processed at the Unix layer, not within Urbit. If
there's an event currently running, ^C interrupts it and prints a
stack trace -- useful for finding infinite loops.
`^D` from `:talk` or `:dojo` stops your Unix process. From any
other app, it removes the prompting app from the command set.
Pressing left-arrow or `^B` at the start of a line is an input
operation with the metaphorical meaning "get me out of here,"
ie, escape. The exact semantics of an escape are application
dependent.
## Web
For now, we'll keep assuming you're at `http://localhost:8080`.
But for planets only, we also proxy web domains through Urbit's
own servers. Any planet `~fintud-macrep` is also at
`fintud-macrep.urbit.org`. Please use this proxy as little as
possible; it's not well-optimized.
There's a web interface to `:talk` at
http://localhost:8080/~~/home/pub/talk/fab
and a dojo interface at
http://localhost:8080/~~/home/pub/dojo/fab
The `:talk` client is beautiful and works quite well. Use it.
The `:dojo` client is a bit more of a work in progress. (For
instance, you can't paste text into it.)
The login flow remains rather a work in progress. It's not at
all secure. But the first time you use an Urbit app (not just a
generated page -- you can tell by the `~~` in the URL), it will
prompt you for a password.
In a righteous world, the password would be (or default to) your
initial ticket. Since the world is lawless and filled with evil,
just hit return and send a empty password. The real password
will be printed on your console.
A URL that starts with `/~~/` authenticates your web page as the
same urbit as the server. If instead of `/~~/` you write
`/~fintud-macrep/` (you're using an app on someone else's urbit,
and want to sign in as yourself), you'll authenticate with a
single-signon flow. Don't worry, only your own urbit ever sees
your password. Once you log in, a cookie is set and you don 't
need to do it again.
Internally, Urbit treats every web page as another urbit; even a
request with no `/~~/` or `/~fintud-macrep/` is an anonymous
comet. Appliances actually can't tell whether they're talking to
an urbit over `%ames`, or a browser over HTTP.
### Enabling HTTPS
Urbit doesn't yet serve HTTPS directly. But when you route
through `urbit.org`, you can also use HTTPS. Our server handles
your HTTP request and proxies it over Urbit. Of course we could
MITM you, but we won't. If you want HTTPS on your own urbit, use
the "secure" port shown on startup:
http: live ("secure") on 8443
Firewall off this port. Get an nginx or other outer server. Put
your SSL certificate in it and reverse-proxy to `8443`.
## An Urbit moon
The fanciest way to control your urbit is through Urbit itself:
a moon, or satellite urbit. Sadly, only planets can have moons.
In this setup, you have a planet running on a box in the cloud,
and a moon on your laptop or other mobile. Changes to the planet
automatically propagate to the moon. Also, the moon's console is
linked to the `:talk` appliance on the planet, so you communicate
as yourself.
To build your moon, just run
~fintud-macrep:dojo> +moon
This will generate a plot and a ticket. The plot will be a
64-bit plot within your planet, like `~mignel-fotrym-fintud-macrep`.
On your laptop, install Urbit:
urbit -w $plot -t $ticket
You'll get an urbit where ^x will switch you back and forth
between the two prompts:
~mignel-fotrym-fintud-macrep:dojo>
~fintud-macrep:talk()
Your moon's `%home` desk is already synced to the `%kids` desk on
your planet. If you want changes on your moon's `%home` to sync
back into your planet's `%home`,
~fintud-macrep:dojo> |sync %home ~mignel-fotrym-fintud-macrep
## Urbit internals
As a user of any machine, you can't help understanding the
machine on more or less the same terms as its engineers. You
should at least know what the major components are.
### Source code
Urbit is a "run-from-repository" OS; all code ships as source on
your own urbit, in the revision-control vane `%clay`. Better
yet, live code in every layer updates itself when the source
changes. If the local source is subscribed to a remote
publisher, the update process is "evergreen" and automatic.
There are five major layers of code in Urbit. Layer 1 is the
kernel (`arvo/hoon.hoon`), which includes both the Hoon compiler
and the Arvo event loop. Layer 2 is the main library
(`arvo/zuse.hoon`), Layer 3 is the kernel modules or "vanes"
(`arvo/*.hoon`). Layer 4 is appliances, marks, and fabricators
(`ape/*.hoon`, `mar/*.hoon`, `fab/*.hoon`), run from the `%gall`
and `%ford` vanes. Layer 5 is generators (`gen/*.hoon`), run
from the `:dojo` appliance.
The kernel (layer 1), the vanes (layer 3) and the apps (layer 4)
are stateful; their state is typed, and of course needs to be
preserved across code updates. If the new state type differs,
the developer must provide a state adaptor. If compilation fails,
the new code is disregarded and retried again on the next change.
Appliances are like Unix daemons, except persistent and permanent.
But they are the only process-like constructs in Urbit. While
Unix uses many short-lived processes that are not daemons, Urbit
invokes simple tasks in simple contexts. In Unix terms: since
the `ls` process is not meant to run forever and/or have side
effects, giving it the power to do so is asking for trouble. In
Urbit, the layer 5 dojo generator `+ls` is a pure function which
simply produces some typed output.
You should never have to worry about any of this stuff; we're
just describing it here so it's not a mystery.
### Appliances
Your main configuration task is choosing (a) what appliances
on your urbit should be running (the *active set*), and (b) what
appliances your console should be linked to (the *command set*).
Again, ^X switches the console prompt between appliances in (b).
Why are these different sets? First, some apps don't need a
command prompt. Your urbit runs three default apps: `:talk`,
`:dojo`, and `:hood`. The hood is a system appliance and has no
direct UI (you control it through the dojo).
Second, you can also link your console to apps on other urbits,
and put those connections in the command set. Essentially, the
console is also `ssh` or `rlogin`. The console is just another
appliance (it's actually the `drum` library within `:hood`),
and Arvo is good at routing events over the network.
What is an appliance or "app," anyway? An app, basically. Think
of a Unix daemon, except that (1) it only responds to events and
can't run continuously ("nonpreemptive"); and (2) it's
"permanent" (never exits, dies, or is even reset).
Why do appliances live forever? They have to. An appliance name
is also a sort of port in the Internet sense. A conversation
with appliance X on urbit Y is one conversation, not a sequence
of disconnected activations.
An appliance is always sourced from a path which is a function of
its name, from `%foo` to `/===/ape/foo/hoon`. In this path, the
urbit is self; the version is now. The desk defaults to `%home`;
changing it will adapt the appliance state.
The normal way to run code written by some external developer is
to merge (one time) or sync (for continuous upgrades), the
publisher's distribution desk, to a desk on your own urbit.
Obviously a desk per vendor is ideal, which also lets you
"sidegrade" an app to a different vendor by switching desks.
### Configuration commands
Initially, your command set is `:talk` and `:dojo`; your active
set is `:talk`, `:dojo` and `:hood`. It's completely fine to
never even think about changing this, but...
#### `|link $?([app=term ~] [who=plot app=term ~])`
Link your console to an existing appliance, putting it in the
command set. If no plot is specified, it's an appliance on your
own urbit.
|link %dojo
|link ~tasfyn-partyv %dojo
Permission is up to the appliance, of course.
#### `|unlink $?([app=term ~] [who=plot app=term ~])`
The opposite of `|link`. Same interface.
#### `|start [app=term $|(~ [syd=desk ~])]`
Start an appliance, adding it to the active set. If `syd` is not
specified, the desk is `%home`:
|start %foo
|start %foo %away
If the appliance is running, `|start` sets its desk instead.