User:Which Linden/Office Hours/2008 Jan 31
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Transcript of Which Linden's office hours:
| [11:04] | Stormbringer Blackflag: | hey |
| [11:04] | Which Linden: | Hey stormbringer |
| [11:04] | Stormbringer Blackflag: | am i late, early or jsut confused? |
| [11:04] | Which Linden: | Early, I guess |
| [11:05] | Which Linden: | People generally are reminded to come to my office hours |
| [11:05] | Which Linden: | Perhaps I should have not started the practice of announcing them, because now people probably rely on the announcement rather than memory |
| [11:05] | Stormbringer Blackflag: | heh |
| [11:06] | Stormbringer Blackflag: | i have them in my iCal :P |
| [11:06] | Stormbringer Blackflag: | so what's on for today? |
| [11:07] | Which Linden: | I'd like to continue the discussion from last time |
| [11:07] | Which Linden: | About how to do light, or untrusted chttp |
| [11:07] | Which Linden: | Hey Zha |
| [11:08] | Zha Ewry: | Hey all. Trippled book, but listening |
| [11:08] | Stormbringer Blackflag: | hey |
| [11:09] | Which Linden: | Ok, so last time we discussed the option of shorter-duration, ah, "leases" |
| [11:09] | Which Linden: | WindowS? |
| [11:09] | Zha Ewry: | Leases |
| [11:09] | Zha Ewry: | This is "how long the server has to keep the tranaaction held?" |
| [11:09] | Which Linden: | Yes |
| [11:09] | Zha Ewry nods | |
| [11:10] | Zha Ewry: | That lowers the cost of being a c-http server? |
| [11:10] | Which Linden: | So in effect the client is leasing storage |
| [11:10] | Which Linden: | Right now chttp assumes that the client has certain properties |
| [11:10] | Which Linden: | Which e.g. the viewer cannot live up to |
| [11:10] | Marty McGettigan: | hello |
| [11:11] | Which Linden: | Hey Marty |
| [11:11] | Which Linden: | For example, it requires that the client send the same request, even after a reboot |
| [11:12] | Which Linden: | And also that the client retry for up to 15 days |
| [11:12] | Which Linden: | :-) |
| [11:12] | Zha Ewry: | Ouch :-) |
| [11:12] | Which Linden: | Work for our current use cases, but obviously of limited wider appeal |
| [11:13] | Which Linden: | So, last week we discussed a way of negotiating that duration |
| [11:14] | Zha Ewry nods | |
| [11:14] | Which Linden: | I.e. the server would declare a range of durations that it would support, the client would specify a duration in its request, and if there was a mismatch, the server would reject with a 403 or 406 |
| [11:14] | Which Linden: | Not so different from content-type negotiation |
| [11:15] | Which Linden: | One thing that was left unresolved was the question of discovery |
| [11:15] | Saijanai Kuhn: | Have you guys discussed caps bundling oris this another issue? |
| [11:15] | Which Linden: | I.e. how does the client figure out a priori what the server's range is? |
| [11:15] | Which Linden: | Sai: different issue |
| [11:15] | Zha Ewry nods | |
| [11:15] | Saijanai Kuhn: | KK sorry to be late |
| [11:15] | Zha Ewry: | That needs to be done |
| [11:16] | Which Linden: | Sorry I didn't see you arrive |
| [11:16] | Zha Ewry: | Is it a get? |
| [11:16] | Zha Ewry: | Just get an attribute? |
| [11:16] | Saijanai Kuhn: | dropoped in from on high a few secs ago |
| [11:16] | Zha Ewry: | or.. an acive negotiation? |
| [11:16] | Zha Ewry: | RESTfully, put, and see if the other end returns what you put? |
| [11:17] | Which Linden: | I was thinking, what if the server returns its range in a header when it 403s |
| [11:17] | Zha Ewry: | Hmm |
| [11:17] | Which Linden: | A nd then if you want to check the range you can just send a request with a patently invalid duration? |
| [11:17] | Zha Ewry is leary of side effects | |
| [11:17] | Zha Ewry: | This isn't quite one |
| [11:18] | Zha Ewry: | But. it is awfully close |
| [11:18] | Which Linden: | IT seems cheesy, I agree |
| [11:18] | Which Linden: | I guess the question is, how often do you really care? |
| [11:18] | Marty McGettigan: | i have to leave again. i will have a closer look at chttp from the web first. always eager to learn. see you later. |
| [11:18] | Which Linden: | Ok, thanks for stopping by Marty |
| [11:18] | Zha Ewry: | The alternative, tho |
| [11:19] | Zha Ewry: | Is what? Put an "atribute" resource out that you can get/set? |
| [11:19] | Which Linden: | Sai, btw, we're talking about shorter-duration chttp so that e.g. the viewer could speak it without undue server load |
| [11:19] | Which Linden: | Zha: Yeah, or use OPTIONS |
| [11:19] | Zha Ewry: | REST gets a little wonky. (And, yes, I know, the SOAPy solution is to put i on th port) |
| [11:20] | Zha Ewry: | Can you lay out the options approach. (not one I've looked at to be honest) |
| [11:20] | Which Linden: | Basically, you make a request to the target url with the http method OPTIONS |
| [11:20] | Zha Ewry nods | |
| [11:20] | Which Linden: | and it would return some metadata about the chttp node there, including the range |
| [11:21] | Which Linden: | I'm leery of overloading a whole method like that though |
| [11:21] | Zha Ewry: | Thats a standard 1.1 method, but |
| [11:21] | Zha Ewry: | Not for this use |
| [11:21] | Which Linden: | OK, yeah, I actually am not that familiar with it |
| [11:22] | Which Linden: | "The OPTIONS method represents a request for information about the communication options available on the request/response chain identified by the Request-URI. " |
| [11:22] | Which Linden: | Dunno, seems like it would cover this case, but then again it's painfully vague |
| [11:23] | Zha Ewry: | right. One also wonders how much support there is for it in the standard packages |
| [11:23] | Zha Ewry: | I mean one can always stuff a request onto an HTTP port |
| [11:23] | Zha Ewry: | but.. It's relevent |
| [11:23] | Zha Ewry: | (The mroe we make people hand code stuff to use it, the less popular, this gets) |
| [11:23] | Which Linden: | Mmmm.... good call |
| [11:23] | Saijanai Kuhn: | not sure I recall seeing it in the standard python module... |
| [11:24] | Which Linden: | I think most http modules I've seen lately accept any arbitrary http method |
| [11:24] | Zha Ewry nods | |
| [11:24] | Zha Ewry: | True |
| [11:24] | Saijanai Kuhn loves grabbing single lines from other modlues and adding stuff to the basehttp class | |
| [11:24] | Zha Ewry: | The web 2.0 world pushes us that way |
| [11:25] | Which Linden: | Which is ironic in some ways since the whole point of REST is that you're limited to 6 |
| [11:25] | Zha Ewry: | Soo. Lets assume we deinfe, a way of saying "from 1 to 2,000 minutes" |
| [11:25] | Zha Ewry: | Does that happen "per client" or "per service endpoint?" |
| [11:26] | Which Linden: | The service endpoint has a range like that |
| [11:26] | Which Linden: | (per url, I'd say) |
| [11:26] | Which Linden: | And the client sends a header x-cttp-duration: 200 minutes |
| [11:26] | Which Linden: | or something like that |
| [11:26] | Which Linden: | and then the idea is that the client retries for 200 minutes and the server has to guarantee idempotency for that duration |
| [11:27] | Zha Ewry nods | |
| [11:27] | Which Linden: | So, if you were talking to clients that you knew were unreliable you would set your server to have a range of 0-1 minute |
| [11:28] | Which Linden: | I guess the question is, if the duration is so short, does anything even need to per persisted to disk? |
| [11:29] | Which Linden: | I'd say, no |
| [11:29] | Which Linden: | But in the general case how can you decide? |
| [11:29] | Which Linden: | I.e. if the server has a range of 0-30 minutes, clearly it must persist the 30-minute ones |
| [11:29] | Which Linden: | But if it gets a request that's 5 minutes.... is that short enough that it doesn't have to persist? |
| [11:30] | Zha Ewry: | How much book keeping are we adding to the server to handle a larger range? |
| [11:30] | Which Linden: | It's not a huge amount |
| [11:30] | Zha Ewry: | And.. even five minutes, if you're assuming its your source of a log, or lock |
| [11:30] | Zha Ewry: | You need to persist it, because, you may be locking a big transaction |
| [11:30] | Which Linden: | Rigt |
| [11:31] | Which Linden: | But if you know that your crash/restore time exceeds the duration, yuo don't have to persist |
| [11:32] | Which Linden: | I guess what I'm getting at is that it |
| [11:32] | Which Linden: | it is far better to not have to persist at all |
| [11:32] | Which Linden: | persisting for a minute doesn't reduce your load very much below persisting for 30 days |
| [11:33] | Which Linden: | in fact it might increase your load cause you're deleting things from disk so frequently, whereas with a 30-day window you can clean hourse during a downtime |
| [11:33] | Which Linden: | I guess there's nothing preventing the 1-minute server from cleaning house as infrequently as it wants |
| [11:33] | Which Linden: | the duration is just a lower bound |
| [11:34] | Which Linden: | So, what other ways can the client behave badly? |
| [11:35] | Which Linden: | One thing is that the client could reuse the same message-id for various distinct requests |
| [11:35] | Saijanai Kuhn: | in the context of this discussion? or in general... |
| [11:35] | Which Linden: | A chttp client, Sai, so I guess in the context of this discussion |
| [11:35] | Saijanai Kuhn: | sorry having constant crashes on aditi right now |
| [11:35] | Zha Ewry: | Whoops. Zero Calling. |
| [11:35] | Zha Ewry: | Yea |
| [11:35] | Zha Ewry: | I htink, the question is whether you can trust that window, or not |
| [11:36] | Zha Ewry: | If you're asking this to be "reliabel" that's sort of the base |
| [11:36] | Zha Ewry: | and. Yeah, the 1 minute vs 30 is interesting |
| [11:36] | Zha Ewry: | Tho |
| [11:36] | Zha Ewry: | You can talways hold longer |
| [11:36] | Zha Ewry: | No penalty for that, is there? |
| [11:36] | Which Linden: | Yeah, seems legit |
| [11:37] | Zha Ewry: | Ok. Interesting. |
| [11:37] | Zha Ewry: | Thinka botu that,f or a oment. |
| [11:37] | Zha Ewry: | I need to hop here |
| [11:37] | Which Linden: | Cool, thanks for coming! |
| [11:37] | Zha Ewry: | Pleasure |
| [11:37] | Zha Ewry: | Ths is important stuff |
| [11:37] | Which Linden: | I appreciate your input |
| [11:37] | Saijanai Kuhn: | later Zha |
| [11:38] | Which Linden: | I think we're covered in the case of the client making multiple distinct requests with the same message-id, cause we currently hash the request and reject if the hash doesn't match |
| [11:39] | Which Linden: | (which implies that hashing the body is a legit message-id-generation strategy, actually) |
| [11:39] | Saijanai Kuhn: | interesting so all proper possible messages are covered? IOW, you only have a very lmited number that you have to worry about? |
| [11:41] | Which Linden: | When I say "covered" I mean "protected to some degree from abuse" |
| [11:41] | Which Linden: | But actually now that I think about it, just checking the hash is not a completely trivial operation since it has to look it up on disk |
| [11:41] | Saijanai Kuhn: | not sure what you mean... |
| [11:42] | Saijanai Kuhn: | the message comes in in xml-LLSD format right? |
| [11:42] | Which Linden: | Lemme back up |
| [11:42] | Which Linden: | So the client sets a message id on each request |
| [11:42] | Which Linden: | And the client is required to retry with exactly the same request |
| [11:43] | Saijanai Kuhn: | ah ok |
| [11:43] | Which Linden: | So, if we were relying on that behavior the client could cause problems by keeping the message id constant andsending a buncha different bodies/headers |
| [11:43] | Which Linden: | But we decided to double-check the client in that case, so when a message comes in we store the message id, and also the hash |
| [11:44] | Which Linden: | (the hash is computed over all the headers and the body) |
| [11:44] | Which Linden: | So if the client tries this little trick the server is all "nuh-uh!" |
| [11:44] | Saijanai Kuhn: | ok, so the hash is a temporary thing computed on-the-fly for agiven client's mess[s] |
| [11:44] | Saijanai Kuhn: | message[s] |
| [11:44] | Stormbringer Blackflag: | you could also cache the hashes so you don't haev to go back to the disk each time a duplicate request comes in |
| [11:45] | Saijanai Kuhn: | no some giant dictionary for all possible propermesages |
| [11:45] | Which Linden: | It's computed for each message received, but the hash of the first message is stored for as long as the rest of the data pertaining to that message is stored |
| [11:45] | Which Linden: | Storm: true |
| [11:45] | Saijanai Kuhn: | KK its asneeded |
| [11:45] | Which Linden: | Oh, yeah, so after 30 days or 30 minutes or whatever, the hash is discarded |
| [11:46] | Which Linden: | along with the rest of the info about the request |
| [11:46] | Which Linden: | Hey Taja |
| [11:46] | Taja Beatty: | Hello Which....hope you do not mind me dropping in |
| [11:46] | Which Linden: | No problem! The morethe merrier! |
| [11:46] | Saijanai Kuhn: | Which is explaining things to ME, I'm sure he wont mind someone else asking questions. (ie a little more knowledgeable) |
| [11:47] | Taja Beatty: | think though I will be quiet and listen and not interrupt until I understand what the chat is about ha ha |
| [11:47] | Taja Beatty: | me more knowledgable? |
| [11:47] | Taja Beatty: | doubt that |
| [11:48] | Taja Beatty: | but I am always willing to learn |
| [11:48] | Which Linden: | I'm just looking over the chttp spec's Requirements section, to see if the client has any onerous requirements |
| [11:48] | Which Linden: | Oh, yeah, the clck skew thing |
| [11:48] | Which Linden: | clock skew |
| [11:49] | Which Linden: | We're assuming that the client and server don't have too much skew |
| [11:49] | Which Linden: | But, I can't recall why that's so |
| [11:49] | Which Linden: | Ah, ah, I remember |
| [11:50] | Which Linden: | We're assuming that the client doesn't change its clock so much that it retries expired messages |
| [11:51] | Which Linden: | I.e. it says to itself, "I'll retry this message until 12:15" then it gets hit by a DeLorean and it's 10 am as far as it's concerned |
| [11:51] | Stormbringer Blackflag: | well, once a message is expored, the server doesn't have to guarantee idempotency any more, so it can just reject it |
| [11:51] | Which Linden: | But then it has to remember that it saw that message before |
| [11:51] | Stormbringer Blackflag: | oh, right. hmm. |
| [11:51] | Which Linden: | I.e., I've been assuming that after the time expires the server forgets that it ever heard about the message |
| [11:52] | Which Linden: | We could require that the server not forget |
| [11:52] | Which Linden: | Specifically to deal with this problem |
| [11:52] | Which Linden: | Forever |
| [11:53] | Which Linden: | We do state in the spec that it's not unreasonable to store small data like this |
| [11:53] | Which Linden: | Hah, out-of-order chat. |
| [11:53] | Stormbringer Blackflag: | or it could just immediately reject clock-skewed messages, but that might acuse other problems that i haven't thought of yet. |
| [11:53] | Which Linden: | We actually do that already |
| [11:53] | Stormbringer Blackflag: | oh |
| [11:53] | Which Linden: | Well, wait, no |
| [11:53] | Which Linden: | Two different skews |
| [11:54] | Which Linden: | We currently reject messages wherein the client's idea of the current date differs too much from the server's idea of the current date |
| [11:54] | Which Linden: | I don't think there's a good way of detecting when the client has "gone back in time" so to speak |
| [11:54] | Saijanai Kuhn: | unlessyou timetsamp every message |
| [11:54] | Which Linden: | I guess you could do that |
| [11:55] | Which Linden: | And say, "the client thought it was 2pm last time, now it thinks it's 1am" |
| [11:55] | Stormbringer Blackflag: | i thnik if you keep taht rejection policy, it solves the problem |
| [11:56] | Stormbringer Blackflag: | because if the client sends a request when the clock is off, it gets rejhected. the nif the clock is fixed and they resend it, it gets accepted |
| [11:56] | Which Linden: | Yeah, I guess so, if we keep the client-server skew below the duration of the message |
| [11:56] | Stormbringer Blackflag: | yeah |
| [11:56] | Saijanai Kuhn: | of course a simple increasing ID number would do the same |
| [11:56] | Which Linden: | That is a good point |
| [11:56] | Which Linden: | Sai: ? |
| [11:56] | Saijanai Kuhn: | yo? |
| [11:56] | Saijanai Kuhn: | hmm? |
| [11:57] | Saijanai Kuhn: | whats up? |
| [11:58] | Which Linden: | Why's the increasing id number the same? |
| [11:58] | Which Linden: | (sorr,y got distracted irl) |
| [11:59] | Saijanai Kuhn: | if you don't use a higher ID number, then you've lost track of where you are in the process |
| [11:59] | Which Linden: | Oh I see |
| [11:59] | Saijanai Kuhn: | if you DO, it seems one could assume that the client is ware that time has passed... |
| [12:01] | Which Linden: | Hmm... but one could envision the client storing the increasing id number somewhere on disk, rebooting with a bad bios battery (and thus getting its clock reset to 1970) and therefore retrying with correcty-increasing ids for 38 years. :-) |
| [12:01] | Saijanai Kuhn: | true |
| [12:01] | Which Linden: | Ah, shit, the client doesn't even send down its current date |
| [12:02] | Which Linden: | It only ever sends down the inception date |
| [12:02] | Which Linden: | So we can't even store the client's last date |
| [12:03] | Which Linden: | OK, well, this is something that we can probably solve given enough brainpower :-) |
| [12:03] | Which Linden: | I have to go right now though |
| [12:03] | Which Linden: | So, thanks so much for coming, Sai and Storm |
| [12:04] | Which Linden: | This was a fruitful discussion |