Bridging and Laying the Groundwork for Fine-Grained Personal Security
Holochain Dev Pulse 08
Summary
We’re laying the groundwork for some important features, including CRUD (update/delete entries), capabilities for security, and app-to-app bridging. We continue to make improvements to our automated build pipeline.
Highlights
- Preparation Work for Capabilities: Robust, Configurable Personal Security
- CRUD: How to Change an Unchangeable Database
- Better Debugging Output for Developers
- Bridging: Getting hApps to Talk to Each Other
- Continuous Integration (CI): Automated Testing Keeps Getting Better!
Details
1. Preparation Work for Capabilities: Robust, Configurable Personal Security
A Holochain app is meant to be run on your own device — it is, after all, a way of recording your own interactions and sharing them with the world. While we would like to be able to trust in our personal ability and believe we know what’s going on, not everything that goes on in your device is under your control. Browser plugins, third-party software, OS services, and even other hApps are doing things in the background that you probably aren’t aware of.
So how do you get to choose what parts of your hApps are accessed by clients? Our answer to that is capability-based security.
You will have the power through your hApp to grant or deny outside agents on your machine (other hApps, GUIs, or any other local client) permission to use the hApp’s functions. First, Holochain asks you to authorize the request; then the hApp itself can automatically choose to deny the request based on its own internal rules.
Right now we’re laying the groundwork; this will be available as a feature to hApp developers first and to end-users later.
2. CRUD: How to Change an Unchangeable Database
If you develop traditional applications that use a database for storage, you’re probably familiar with the acronym CRUD — create, read, update, delete. These are basic operations that people using your app would expect to be able to do: edit a post, delete a picture, etc. Because the two storage mechanisms on Holochain (your source chain and the DHT) are immutable, the question arises — how can you delete or update anything?
It’s actually fairly simple. When a piece of data gets updated or deleted, a piece of metadata is tagged onto it, marking it ‘obsolete.’ In the case of an update, there is a second piece of metadata that is a link to the new record. So nothing public is ever really forgotten in an hApp; it’s just retired. This is something an app creator should consider in their design, especially where privacy is concerned.
You could do this yourself using out-of-the-box tools like links, which can be added or removed. We believe CRUD to be such a common pattern that we decided to put it into the core toolset, so you don’t have to worry about implementing it yourself.
When you ask for an entry that’s been deleted, you’ll get an empty result, and when you ask it for an entry that’s been updated, you’ll get the most recent version. (You can also ask for a specific version, or ask for the entire revision history.)
3. Better Debugging Output for Developers
We’ve received feedback that the debugging output from Holochain could be a bit more detailed. So now we’re outputting all sorts of messages to keep developers informed. By installing `hc` cli tools off the ‘develop’ branch and running commands as usual, you’ll see detailed output showing all the events that are happening deep in core as your app runs. This is enabled partly by some foundational work on signals, which we’ll get into next.
4. Bridging: Getting hApps to Talk to Each Other
Back in March, Nicolas Luck, one of our Holochain core developers, wrote an article that captures Holochain’s vision of many small, interconnected apps. This requires a paradigm shift in the way we build software, similar to the way houses shifted from small, isolated rooms to open floor plans.
In order to realize this vision, it’s crucial that hApps can talk directly to each other without friction. Our tool for that is ‘bridging’, which sets up a communications channel from one app to another.
Your hApps tell you what components of your other hApps they want to access, and you grant or deny permission. This would be used, for example, to connect a subscription-based video service to a currency app for payments.
Basic bridging is now available for developers’ use. They can specify their DNA needs to other DNAs, either by providing a specific DNA hash or by general functionality they provide, and the container handles the rest. There are no security checks yet; they will come in a later release when we implement capability-based security.
5. Continuous Integration (CI): Automated Testing Keeps Getting Better!
In the last couple Dev Pulses, we reported that we were making great progress on our Continuous Integration pipeline, which runs automated tests so we can get back to writing code. We’re happy to say things have now gotten even faster! Linux builds are down to five minutes (from 45 minutes a few weeks ago) and Windows builds are down to 15 minutes. We should be able to shave another eight minutes off the Windows time soon.
To reiterate from last week, devs being able to incorporate new features quickly makes our core dev team much happier!
We want your feedback!
Please take 3.5 minutes to take our Dev Pulse Survey, and help us name a crucial piece of Holochain!
Connect with the developer community
- Join Developer discussions on Mattermost
- Resources: Developer Portal
- Hiring: We’re Looking for Rust Devs!
- Connect on Twitter
