relnotes.txt: v0.5.1

[tahoe-lafs/tahoe-lafs.git] / relnotes.txt

NEW VERSION RELEASED -- Allmydata-Tahoe version 0.5.1

We are pleased to announce the release of version 0.5.1 of
allmydata.org "Tahoe", a secure, decentralized storage grid under a
free-software licence.  This is a security patch to v0.5.0, which was
the follow-up to v0.4, which was released June 29, 2007 (see [1]).

Since v0.5.0 we've made the following changes:

 * fixed security flaw in which XSS/XSRF attacks could disclose
   private files or delete files (ticket #98)

 * updated the webapi and the webapi.txt document for clarity and
   easier access to read/write permission metadata (ticket #118)

 * removed the --vdrive option from the command-line tools, since the
   security fix makes the private vdrive unavailable to the
   command-line tools; We will make it available again in a secure way
   in a future release -- see ticket #120.

Since v0.4 we've made several improvements, including:

 * a RESTful API for programming your Tahoe node in the language of
   your choice [2]

 * a command-line interface in the Unix style for uploading and
   downloading files (ticket #53)

 * ported to Solaris

 * reduced the memory used when uploading large files (ticket #29)

 * reduced the bandwidth and disk space used when uploading many small
   files (tickets #80, 81, #85)

 * added configurable erasure-coding parameters: how many total shares
   to produce, and how many shares are required to reconstruct the
   file (ticket #84)

 * added configurable limits on how much disk space your node will
   allocate for storing data on behalf of other peers (ticket #34)

 * many bugs fixed and enhancements implemented

For complete details, see this web page which shows all ticket
changes, repository checkins, and wiki changes from June 29 to today,
August 23: [3].

Allmydata.org Tahoe v0.5.1 is compatible with Allmydata.org Tahoe
v0.5.0.  It is incompatible with v0.4 due to a change in the
formatting of URIs to make them more human-friendly.


WHAT IS IT GOOD FOR?

With Tahoe, you can store your files in a distributed way across a set
of computers, such that if some of the computers fail or become
unavailable, you can still retrieve your data from the remaining
computers.  You can also securely share your files with other users.

This release is targeted at hackers and users who are willing to use a
text-oriented web user interface, or a command-line user interface.
(Or a RESTful API.  Just telnet to localhost and type HTTP requests to
get started.)

Because this software is new, it is not yet recommended for storage of
highly confidential data nor for important data which is not otherwise
backed up. Given that caveat, this software works and there are no
known security flaws which would compromise confidentiality or data
integrity.

This release of Tahoe is suitable for the "friendnet" use case [4].
It is easy to set up a private grid which is securely shared among a
specific, limited set of friends.  Files uploaded to this shared grid
will be available to all friends, even when some of the computers are
unavailable.  It is also easy to encrypt individual files and
directories so that only designated recipients can read them.


LICENCE

Tahoe is offered under the GNU General Public License (v2 or later),
with the added permission that, if you become obligated to release a
derived work under this licence (as per section 2.b), you may delay
the fulfillment of this obligation for up to 12 months.  If you are
obligated to release code under section 2.b of this licence, you are
obligated to release it under these same terms, including the 12-month
grace period clause.


INSTALLATION

This release of Tahoe works on Linux, Mac OS X, Windows, Cygwin, and
Solaris.

To install, download the tarball [5], untar it, go into the resulting
directory, and follow the directions in the README [6].


USAGE - web interface

Once installed, create a "client node".  Instruct this client node to
connect to a specific "introducer node" by means of config files in
the client node's working directory.  To join a grid, copy in the
.furl files for that grid.  To create a private grid, run your own
introducer, and copy its .furl files.  See the README for step-by-step
instructions.

Each client node runs a local webserver (enabled by writing the
desired port number into a file called 'webport').  The welcome page
of this webserver shows the node's status, including which introducer
is being used and which other nodes are connected.  Links from the

Links from the welcome page lead to other pages that give access to a
virtual filesystem, in which each directory is represented by a
separate page.  Each directory page shows a list of the files
available there, with download links, and forms to upload new files.

USAGE - command-line interface

Run "allmydata-tahoe ls [VIRTUAL PATH NAME]" to list the contents of a
virtual directory.  Run "allmydata-tahoe get [VIRTUAL FILE NAME] [LOCAL FILE
NAME]" to download a file.  Run "allmydata-tahoe put [LOCAL FILE NAME]
[VIRTUAL FILE NAME]" to upload a file.  Run "allmydata-tahoe rm [VIRTUAL PATH
NAME]" to unlink a file or directory in the virtual drive.

USAGE - other

You can control the filesystem through the RESTful web API [2].  Other
ways to access the filesystem are planned: please see the roadmap.txt
[7] for some plans.


HACKING AND COMMUNITY

Please join the mailing list [8] to discuss the ideas behind Tahoe and
extensions of and uses of Tahoe.  Patches that extend and improve
Tahoe are gratefully accepted -- roadmap.txt shows the next
improvements that we plan to make and CREDITS lists the names of
people who've contributed to the project.  You can browse the revision
control history, source code, and issue tracking at the Trac instance
[9].  Please see the buildbot [10], which shows how Tahoe builds and
passes unit tests on each checkin, and the code coverage results [11]
and percentage-covered graph [12], which show how much of the Tahoe
source code is currently exercised by the test suite.


NETWORK ARCHITECTURE

Each peer maintains a connection to each other peer.  A single
distinct server called an "introducer" is used to discover other peers
with which to connect.

To store a file, the file is encrypted and erasure coded, and each
resulting share is uploaded to a different peer.  The secure hash of
the encrypted file and the encryption key are packed into a URI,
knowledge of which is necessary and sufficient to recover the file.

To fetch a file, starting with the URI, a subset of shares is
downloaded from peers, the file is reconstructed from the shares, and
then decrypted.

A single distinct server called a "vdrive server" maintains a global
mapping from pathnames/filenames to URIs.

We are acutely aware of the limitations of decentralization and
scalability inherent in this version.  In particular, the
completely-connected property of the grid and the requirement of a
single distinct introducer and vdrive server limits the possible size
of the grid.  We have plans to loosen these limitations (see
roadmap.txt).  Currently it should be noted that the grid already
depends as little as possible on the accessibility and correctness of
the introduction server and the vdrive server.  Also note that the
choice of which servers to use is easily configured -- you should be
able to set up a private grid for you and your friends almost as
easily as to connect to our public test grid.


SOFTWARE ARCHITECTURE

Tahoe is a "from the ground-up" rewrite, inspired by Allmydata's
existing consumer backup service.  It is primarily written in the
Python programming language.

Tahoe is based on the Foolscap library [13] which provides a remote
object protocol inspired by the capability-secure "E" programming
language [14].  Foolscap allows us to express the intended behavior of
the distributed grid directly in object-oriented terms while relying
on a well-engineered, secure transport layer.

The network layer is provided by the Twisted library [15].
Computationally intensive operations are performed in native compiled
code, such as the "zfec" library for fast erasure coding (also
available separately: [16]).

Tahoe is sponsored by Allmydata, Inc. [17], a provider of consumer
backup services.  Allmydata, Inc. contributes hardware, software,
ideas, bug reports, suggestions, demands, and money (employing several
allmydata.org Tahoe hackers and allowing them to spend part of their
work time on the next-generation, free-software project).  We are
eternally grateful!


Zooko O'Whielacronx
on behalf of the allmydata.org Tahoe team
August 23, 2007
Boulder, Colorado


[1]  http://allmydata.org/trac/tahoe/browser/relnotes.txt?rev=849
[2]  http://allmydata.org/trac/tahoe/browser/docs/webapi.txt
[3]  http://allmydata.org/trac/tahoe/timeline?from=2007-08-23&daysback=57&changeset=on&ticket=on&wiki=on&update=Update
[4]  http://allmydata.org/trac/tahoe/wiki/UseCases
[5]  http://allmydata.org/source/tahoe/tahoe-0.5.1.tar.gz
[6]  http://allmydata.org/trac/tahoe/browser/README?rev=1141
[7]  http://allmydata.org/trac/tahoe/browser/roadmap.txt
[8]  http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
[9]  http://allmydata.org/trac/tahoe
[10] http://allmydata.org/buildbot
[11] http://allmydata.org/tahoe-figleaf/figleaf/
[12] http://allmydata.org/tahoe-figleaf-graph/hanford.allmydata.com-tahoe_figleaf.html
[13] http://twistedmatrix.com/trac/wiki/FoolsCap
[14] http://erights.org/
[15] http://twistedmatrix.com/
[16] http://allmydata.org/trac/tahoe/browser/src/zfec
[17] http://allmydata.com