speech / speech.js Goto Github PK

this.self = this trick stopped working when I switched over to the new build system and I just patched it without looking into why.

We need to get below perceivable load-times.

See Also
#25 Support Google Closure
#26 Include top 20% of non-controversial sites in initial download
#27 Create spec to foster competing implementations

Sites relying on nameservers instead of dedicated IPs or translate URLs require asking the nameserver using headers w/ the .bit address but since the client obviously doesn't have a DNS server which resolves the .bit domain name space we have to forge the headers. This is doable with XHTTP but not with iFrames HOWEVER the destination site will require CORS which would be easier than a full website port.

Breakdow into distinct tickets:

• WebRTC P2P for DNS
• WebRTC P2P for Content
• Add custom publishers
• -> PHP install for CouchDB?
• -> Cloudant integration?
• -> Namecoin miners?
• Additional publishing sources
• -> RSS/SubPubHub feed for webhook URL for per-site overrides?
• -> 'Authenticated' feeds (http:* username:password@url)??

The idea of a more formal Namecoin Enhancement Proposal process (similar to Bitcoin, Python, et. al) has been kicked around for a while but no action taken on it.

Usually, these documents are static, with the commenting mostly happening in a mailing list somewhere. This way of doing things misses out on an important opportunity to capture institutional knowledge along with the proposal.

So, instead of a separate website, what if we just create a label (like NEP) for Github issue/ticket system and put them there? We can label it as draft/rejected/accepted as well and when an idea is implemented it can be attached to the correct milestone.

Web workers disregard the CSP set by the parent context. This means you must set a CSP for the web worker via a header.

Get ACE working?
Validate JSON?
Form/wizard full domain name spec: http://dot-bit.org/Namespace:Domain_names_v2.0?

Lists should be opportunistically encrypted such that basic plain text searches do not work. The goal is not to make it more difficult for large-scale analysis, think more along the lines of computationally expensive obfuscation rather than secure encryption.

While there are no security guarantees for this feature, it would be nice if it was the base of a secure encryption feature. One possible method would be to use PGP and "hide" the private keys in the users account. Users can publish lists publicly that only his/her friends can seamlessly decrypt. Unless there is a warrant, the service won't turn over the private key. This would meet causal-use requirements for countries with minimal internet censorship.

Posting will probably have to be manual for many services (such as Facebook/LinkedIn/Twitter) as any kind of automated posting could violate the TOS and get the app and login API keys revoked. This entails a generic text->pgp encryption UI.

This is primarily a problem with the standards committees. It breaks down into two related but non-blocking issues:

1. Enable the child site to enable specific parent websites to access content directly. This is good enough for the 99% of websites which can trust the SSL infrastructure).
2. Enable the iframe's child site to access a read-only version/hash of iframe's parent site and monitor for changes or network communication. After initial DNS lookup, the iframe's parent site should not require any changes. This is for the 1% of sites that have to worry about higher-level adversaries capable of forging SSL certs.

The first option would allow us to push ALL of the logic to Speech.js and reduce the work required of the child site down to a CORS setting. We could offer plugins for all of the major Content Management Systems as well as a browser-based "installer" which adds the correct config to a server's settings file (such as .htaccess).

Neither of these are difficult to accomplish on the browser end, it's more of an oversight that this hasn't happened.

This ticket is inspired by my personal experiences with Mozilla's crappy roll-out of Personas, which relied heavily on community contributions. However, their Wordpress plugin was very poor-quality despite some 17% of all websites being run on Wordpress!

Seamless compatibility with Speech.is requires adding babel.js on the server-side. There are several ways to accomplish this:

• Manually: CDNJS, jsDelivr, Bower, NPM, etc.
• Content Management Systems: Wordpress, Drupal, MediaWiki, etc.
• Content Management Frameworks/Languages: Zend/PHP, Ruby on Rails, Symphony, etc.
• At the hosting level: CPanel, ZPanel, OpenPanel, Dreamhost, HostGator, etc.
• At the server level (via modules?): Apache, NGNX, Microsoft, etc.
• At the DNS level: CloudFlare apps, others?

The idea is to create three metrics for each option:

1. Usability: layman (i.e. hosted Wordpress user), techie (shared hosting/programmer), sysadmin (access to VM).
2. Coverage: 17% of websites run on Wordpress, 50%+ of all sites run on an Apache server, etc. These have to be balanced against actual usage: just because a site runs apache doesn't mean the website owner can add an Apache module.
3. Maintenance difficulty: How hard is it to maintain this solution?

While these metrics will be VERY rough, folding these three metrics into each other should help us maximize our resources to reach the largest possible audience.

Compliance with TTL's at the application level seriously degrades performance, adding (at best) a full round-trip connection.

This should be replaced with updatable bloom filter that can be used to check for updates on demand. (Golomb Compressed Sets are smaller but there are no existing .js libs).

Logic

Storing cache time-outs for TTLs longer than 1 hour is crazily inefficient compared to just streaming updates using a bloom filter. As a rule of thumb for DNS changeovers used to be ~1 day, which is kinda the maximum now.

Hypothetically speaking, if 1% of all 250 million domains names changed every hour, we would need a bloom filter capable of categorizing 2,500,000 domains. Assuming we are comfortable with a 1% false positive rate we would need to transmit ~3MB every hour. If we cut this down to the 20% of sites that matter, the total size goes down to 585kb.

I have access to the nightly root zone files, if anyone wants to help me parse the data to figure out the "real" churn rate :p

I got this error while trying to visithttp://localhost:3333/#asdfasdf`:` should be followed by the e.message text, name, etc.

Meta-ticket for Facebook integration. ATM, "integration" means being able to login via Facebook and subscribe to lists from friends.

The top priority is to break this down into meaningful tasks!

Blocking

1. A coherent architecture for social-networking integration
2. Can DNS providers use Facebook as a distribution platform or is it just useful for sharing bootstrap URLS?
3. Code for #2!

This will allow the web worker to run in the background and continually update the local storage.

Method for the server to declare a .bit website using headers.

• https://lists.torproject.org/pipermail/tor-talk/2014-May/032907.html
• https://www.reddit.com/r/Namecoin/comments/2j9fq3/transfer_from_icanndotcom_to_namecoin/clbtxof
• https://code.google.com/p/https-finder/

Some sort of system of tracking social network modules (facebook, twitter, etc) and solutions for interop between .bit sites and the speech.js iframe navigation.

Perhaps we can have a 3-tiered solution:

1. In-house implementations
2. Community implementations that meet whatever QA checks (unit testing setup) we perform on the in-house implementations .
3. Community implementations that are unverified.

Tiers 1 and 2 should be distinguishable only on a management level: we HAVE to eat our own dogfood, but we can ensure that we only eat other people's dogfood if they taste at least as good as our own. Hopefully, they will be much better!

The idea is to ensure high-quality add-ons for the most important sites. Mozilla's Add-ons and Wordpress' plugin directories suck because there is only basic voting which disappears for the interop between firefox/wordpress revisions. Tiers #1 and #2 should allow us to upgrade with a high-degree of confidence that everything will work smoothly and a development test rig that will allow us to quickly figure out whatever bugs the unit tests miss.

JavaScript based detection of .bit support and forwarding.

Querying DNS must ALWAYS occur over SSL. However, Firefox will block some HTTP content from loading in a page with HTTPS enabled.

Thus, in order to isolates DNS from possible malicious MTM attacks

1. https://speech.is -> webWorker : {lookup:urn}
2. https://speech.is <- webWorker : {name:urn, value:{http:FQDN}}
3. https://speech.is: load(record.value.http)
   ...

function load(FQDN){
    if (isHttps(FQDN)){
        iframeLoad(FQDN);
    } else {
        forward self to "http://speech.is#!destination=" + FQDN;
    }
}

4. http://speech.is#!destination=example.com:

if(location.hash.beginsWith('!destination='){
   //load http://example.com
} else {
  //load  https://speech.is + window.location.hash
}

• Prevent framing of root.
• Restrict framing of subdomains to root.

Following the 80/20 rule, including the top 20% of sites in the initial download would enable us to reduce load-times to very low levels.

This should only include sites which transclude another domain so that updates to the underlying DNS information can propagate without updating the primary script.

var 404
var fails
Success = urls.some( try (test())
catch(fail){
if(fail == 404) 404s.push(fail)
finally(if (debug) log fail; return false);
if(no success){ if (404) success = 404 uri
elseif (fails) throw fails
else throw new fail

JavaScript does not have access to the basic authentication information included in URLs, see #28.

This will require server side processing : (

Include in header?

To enable a native experience, websites loaded in the child iFrame need to pass navigation changes to the parent frame using postMessage(). This should be fairly straightforward and not require any understanding of the rest of Speech.js's code.

I was planning on wrapping the location with Object.prototype.watch() and passing location.href on every change. In the parent window, it would simply examine the URL for changes and trigger a navigation event However, this doesn't handle back/forward correctly and I haven't worked with the history API previously.

I need to focus on other items for the Dec 24th Alpha launch and this should be a snap for anyone familiar with the History API.

Puton is a UI for PouchDB. It is based on a JS bookmark so as to get around the same-origin policy, but we don't need to get around that here. We just need a simple port which handles the 'speech' database created by api.www.speech.is.

PGP style encryption that has been reviewed by some grey-hats.

Meta-ticket for figuring out how the hell are we going to handle social network integration.

Obviously, some sort of modular system/specification for:

• Log-in
• Plain-text messaging
• App subscriptions

Start with Git/hub and then generalize to ... everything.

Not sure if this is possible : (

Templates were mangled in switch to new build system. Currently relying on 4 hand-edited HTML built from those templates.

localStorage entries are delicate while PouchDB has sync/diff capabilities, can talk directly to LevelDB (the internal DB for Bitcoin .8+), and distributed caching for insane caching.

We need to access raw.github/dns.json URLs.

Google Closure will speed up execution. Should be fairly easy as most of the functions have the required JSDoc markup. Not included initially because of of care and feeding required.

It's much easier to build a Speech.js implementation than a full-blown browser : )

Possible TODOS:

• Benchmarking?
• Cash prizes?