WEBVTT 00:00.000 --> 00:11.000 Yeah, it was the thing that was trying to understand. 00:11.000 --> 00:13.000 Is it raining? 00:13.000 --> 00:14.000 Can you hear me? 00:14.000 --> 00:15.000 Yes. 00:15.000 --> 00:16.000 Nice. 00:16.000 --> 00:21.000 So, browsing Git repository is good with God with me. 00:21.000 --> 00:23.000 I am Mama Polo. 00:23.000 --> 00:28.000 I did the huge mistake of installing OpenBSD back in 2018. 00:28.000 --> 00:30.000 And here we are. 00:30.000 --> 00:32.000 Life is strange sometimes. 00:32.000 --> 00:39.000 I became a developer a few years later and then I got involved in the Game of 3 project. 00:39.000 --> 00:42.000 And that's why I'm here. 00:42.000 --> 00:43.000 What is the Game of 3 project? 00:43.000 --> 00:46.000 Anyone used God of a herd of it? 00:46.000 --> 00:48.000 Oh, thank you. 00:48.000 --> 00:50.000 As an ecisism, some hands. 00:50.000 --> 00:54.000 Is a distributed version control system. 00:54.000 --> 00:58.000 It was started by Stefan Spurling in 2017. 00:58.000 --> 01:00.000 And it's compatible with Git. 01:00.000 --> 01:05.000 So both in the networking code and in the actual repository on disk. 01:05.000 --> 01:08.000 But it's not a bug for bug implementation. 01:08.000 --> 01:11.000 So we're not just trying to do up a clone of it. 01:11.000 --> 01:14.000 It's a different version control system that is compatible. 01:14.000 --> 01:16.000 And of course, comes from OpenBSD. 01:16.000 --> 01:20.000 So it's designed with privileged separation in mind. 01:20.000 --> 01:21.000 What is inside of it? 01:21.000 --> 01:22.000 Very quickly. 01:22.000 --> 01:24.000 Here, of course, the common line. 01:24.000 --> 01:27.000 I got with a few other helpers in it. 01:27.000 --> 01:30.000 Like God admin, which is unlike Git. 01:30.000 --> 01:32.000 We split the things. 01:32.000 --> 01:34.000 A few of the subcommands. 01:34.000 --> 01:39.000 But if you use SVN, you probably hear something similar with SVN. 01:39.000 --> 01:40.000 And SVN had been. 01:40.000 --> 01:45.000 God is a common line too for committing and running Diff and Blame. 01:45.000 --> 01:47.000 And all the other operation. 01:47.000 --> 01:51.000 God admin is for managing the Git repository on disk. 01:51.000 --> 01:54.000 We have a nice and courses interface, which is stock. 01:54.000 --> 01:59.000 We have our own Git repository server with an on SSH support even. 01:59.000 --> 02:01.000 I mean, it's awesome. 02:01.000 --> 02:02.000 Yeah. 02:02.000 --> 02:04.000 SSH, but it supports that as well. 02:04.000 --> 02:07.000 We have a fairly new thing, which is God's SD. 02:07.000 --> 02:10.000 But Stefan did a talk, I think, two years ago. 02:10.000 --> 02:14.000 And here, Terraforming is probably not as described on the map page, 02:14.000 --> 02:15.000 but give the idea. 02:15.000 --> 02:18.000 And we have today, main character, which is God WebD. 02:18.000 --> 02:24.000 God WebD is a web interface for browsing set of repositories, 02:24.000 --> 02:27.000 looking at the comment log, at the Blame. 02:27.000 --> 02:31.000 If you ever use the forge, you kind of know what it means to browse 02:31.000 --> 02:36.000 a Git repository on a web UI. 02:36.000 --> 02:41.000 And what I would like to try today is do a little bit of a history thing. 02:41.000 --> 02:46.000 So instead of just presenting what it is, I would like to start with the history 02:46.000 --> 02:52.000 how we got merge inside our tree, and how it evolved until today. 02:52.000 --> 02:55.000 So at first, we had God Web. 02:55.000 --> 03:00.000 Notice that there is no D at the end, because it was a CGI script written 03:00.000 --> 03:03.000 by trace summary in back in 2020. 03:03.000 --> 03:07.000 And then sometime later, I started working on the demon version, 03:07.000 --> 03:11.000 so I got WebD in 2022. 03:11.000 --> 03:14.000 And yes, some notes on when the thing were available initially. 03:14.000 --> 03:19.000 At some point, we removed God Web, the CGI one, just to keep God WebD. 03:19.000 --> 03:23.000 And yeah, since then, a few things happened. 03:23.000 --> 03:28.000 Some code changed, and let's start with the beginning, though. 03:28.000 --> 03:36.000 So in the beginning, God WebD was the kind of usual OpenDSD demon. 03:36.000 --> 03:41.000 So I mean, usually start by transmogrifying all the demons, 03:41.000 --> 03:45.000 and then you repout the logic, and you make your own. 03:45.000 --> 03:46.000 But it was very simple. 03:46.000 --> 03:49.000 It had just a power in process, and it split. 03:49.000 --> 03:53.000 And I was called sockets back in a day, and then it got renamed to serve 03:53.000 --> 03:56.000 because it made much more sense to handle the request. 03:56.000 --> 04:00.000 So you read the fast CGI, because it based on fast CGI. 04:00.000 --> 04:05.000 So it runs behind HDPD. 04:05.000 --> 04:09.000 And it passes the request and generates the view, like nothing incredibly fancy. 04:09.000 --> 04:14.000 But, oh, first of all, a parenthesis in the LibEx Act, 04:14.000 --> 04:17.000 because this is something that I think is quite interesting. 04:17.000 --> 04:22.000 It's not directly tied to how God WebD works and how the web application is, 04:22.000 --> 04:28.000 but it's a nice, I think, design from the Game of 3 project. 04:28.000 --> 04:35.000 So I talk about privilege separation before, and this is a way to achieve it. 04:35.000 --> 04:39.000 So basically, we have our own internal library to handle all the, 04:39.000 --> 04:42.000 I mean, to interact with a GitHub repository, because, 04:42.000 --> 04:48.000 I don't know, to, we have API, internal APIs to make commits, 04:48.000 --> 04:54.000 to run rebays, to blame files, to interact with the devs and whatnot. 04:54.000 --> 05:00.000 And all the parts in our library that are touching the files on disk 05:00.000 --> 05:04.000 or are talking with external servers are properly 05:04.000 --> 05:07.000 sandboxed on OpenVSD. So each one of them, I have some example. 05:07.000 --> 05:10.000 I got GridBlob, got GridCommate, got GridObjects. 05:10.000 --> 05:14.000 Those are standalone programs, which are not available in the path. 05:14.000 --> 05:17.000 They are installed on the LibEx Act, of course. 05:17.000 --> 05:20.000 And they are running a very, very strict pledge. 05:20.000 --> 05:26.000 I'm assuming you have a fairly quick idea of rough ideas, or what pledges. 05:26.000 --> 05:32.000 I think it's a mechanism from OpenVSD to sandbox the programs. 05:32.000 --> 05:39.000 So basically, pledge SDDIO, RECFSD means that this programs that have that pledge, 05:39.000 --> 05:43.000 at the start of main, can only talk over file descriptors are already open. 05:43.000 --> 05:46.000 So standard input, standard output, that is, standard error. 05:46.000 --> 05:48.000 And can receive file descriptors. 05:48.000 --> 05:53.000 And so it means that all the parsing code from object that you fetch from the internet, 05:53.000 --> 05:59.000 from whoever server, for whatever, they are parsing a very strict and sanitized environment. 05:59.000 --> 06:04.000 I mean, it's one of the steps to improve the overall security, 06:04.000 --> 06:07.000 you start to make boundaries at different levels. 06:07.000 --> 06:10.000 So we have this LibEx Act, they are parsing the data, 06:10.000 --> 06:13.000 and then they give back the parsed data to the main process. 06:13.000 --> 06:18.000 Yeah, this is what I've already said. 06:18.000 --> 06:23.000 The whole, I started to talk about different processes initially. 06:23.000 --> 06:27.000 And I should have made a note that we're using IMSG, which is, 06:27.000 --> 06:30.000 I think it originated in BGPD. 06:30.000 --> 06:34.000 I think if I don't remember, if I remember correctly, which is a simple, 06:34.000 --> 06:41.000 more or less way of doing internal process communication with some bells and whistles across different processes. 06:41.000 --> 06:48.000 And that's how, and that's how, for instance, the LibEx Act processes are 06:48.000 --> 06:52.000 talked with the main process using this. 06:52.000 --> 06:54.000 So a bit of a devolution after that. 06:54.000 --> 06:59.000 So the first version, it was like a very, very simple, was basically a CGI script. 06:59.000 --> 07:06.000 Just transform it enough that you could handle more than one request and speak some fast CGI. 07:06.000 --> 07:07.000 So it works. 07:07.000 --> 07:12.000 One of the first things that we did was to implement a small templating system. 07:12.000 --> 07:18.000 Most of it, because print preparation is not a very good way of building web views. 07:18.000 --> 07:22.000 Basically, if you ever try, it doesn't go fast. 07:22.000 --> 07:29.000 It doesn't go on a lot due to all the possible way you have to inject things inside the HTML and whatnot. 07:29.000 --> 07:35.000 Back at the time, I was just playing with the idea of writing a very simple template engine. 07:35.000 --> 07:39.000 And, well, Tracy liked it enough, she didn't like it enough. 07:39.000 --> 07:42.000 And so we got into the tree. 07:42.000 --> 07:49.000 But just showing a stupid example that I copy-pasted from one of the functions that we used to render things. 07:49.000 --> 07:51.000 This is a fairly silly forward. 07:51.000 --> 07:55.000 Slightly, slightly inspired by go templates, but it's fairly small. 07:55.000 --> 08:02.000 One interesting thing of the template library that we're using is that it's completely a compile time. 08:02.000 --> 08:09.000 So you write these fragments in these, they get compiled back to C code. 08:09.000 --> 08:18.000 And then you don't have things around time, like parsing the templates around time and trying to insert things around time. 08:18.000 --> 08:22.000 Then the big split. 08:22.000 --> 08:24.000 This was the first big split that we had. 08:24.000 --> 08:34.000 So we started again with a very simple interface, internal interface, main process and a few copy of the same process handling the request. 08:34.000 --> 08:42.000 And we started to rethink the internal interface of it and try to improve the precept nest. 08:42.000 --> 08:46.000 I hope it's a word of it. 08:46.000 --> 08:55.000 To send box better, the various parts of this web application. 08:55.000 --> 08:58.000 Because at the end of the day, you're running a piece of software, 08:58.000 --> 09:04.000 talking all the day, 24-7, to string it on the internet, and anything can happen. 09:04.000 --> 09:19.000 So we wanted to really try to, as many boundaries and try to reduce the number of pledges or reduces the number of capabilities that the various parts needed down to the, 09:19.000 --> 09:25.000 I mean, hopefully this is the smallest possible set. 09:26.000 --> 09:31.000 And we, this was the first split that we did. 09:31.000 --> 09:41.000 So we had a process that was listening on the fast CGI socket, parsing the fast CGI protocol, having some kind of internal logic like to dispatch, 09:41.000 --> 09:48.000 you ask it for this page and doing some dispatching on the right page and then producing the output code. 09:48.000 --> 09:51.000 That is the output page of the HTML code. 09:51.000 --> 09:58.000 So that is more or less the pipeline itself. 09:58.000 --> 10:02.000 We shouldn't have happened. 10:02.000 --> 10:09.000 And the first split was to try to get the fast CGI parsing code away from the rest. 10:09.000 --> 10:13.000 So we did this split. 10:13.000 --> 10:20.000 So we had the first, now the server process was just handling the fast CGI parsing it. 10:20.000 --> 10:26.000 And the actual process handling of the request of the HTML generation was splitting in and all the process. 10:26.000 --> 10:34.000 This was for us to work around of a small limitation that we had, because by default we were CH routing under WWW. 10:34.000 --> 10:41.000 So that means that you should have had enough free space in there to copy or get repository. 10:41.000 --> 10:45.000 So the thing could actually render them. 10:45.000 --> 10:57.000 And at this point we could lift the CH routing limitation from the second case and still have all the handling of the untrusted clients that are connecting to you. 10:57.000 --> 11:04.000 In a strict down process it does very little, very little code is running there and have the actual code process handling. 11:04.000 --> 11:07.000 In another process it is not CH routing, so you can point it. 11:07.000 --> 11:10.000 I mean you can have your get repository in different place. 11:10.000 --> 11:22.000 Then continue on this kind of trying to reshape the interface to isolate various parts and move them to dedicated processes to sandbox them better. 11:22.000 --> 11:31.000 We did another split recently for the introduction of the authentication feature. 11:31.000 --> 11:40.000 So on the side, first I have another question, who has ever heard of gotub, not getub gotub. 11:40.000 --> 11:44.000 Oh nice. 11:44.000 --> 11:51.000 One other thing that we wanted to do for that was to allow, of course, authentication. 11:51.000 --> 12:00.000 Because you wanted to have your repository in there, but maybe some are private and not intended for other. 12:00.000 --> 12:06.000 People to see them or one not, so we wanted to have an authentication mechanism working in. 12:06.000 --> 12:18.000 And what we came on, what we realized in the end, what make is a way to authenticate the SSH, which is a fairly interesting thing. 12:18.000 --> 12:21.000 I don't think that many people did that. 12:21.000 --> 12:22.000 It's quite cool. 12:23.000 --> 12:27.000 And also doubles as a bought production. 12:27.000 --> 12:34.000 And if I have enough time, I would like to try to do, erase my mouse. 12:34.000 --> 12:37.000 Can I open Firefox in here? 12:37.000 --> 12:44.000 I wanted to do a very, very quick live demonstration of that. 12:44.000 --> 12:48.000 If it's working, it's working. 12:49.000 --> 12:55.000 So, but I don't know if I have internet working here. 12:55.000 --> 12:59.000 I think that's a very effective thought production. 12:59.000 --> 13:00.000 Sorry? 13:00.000 --> 13:02.000 It's a very effective perspective. 13:02.000 --> 13:03.000 Yeah, yeah. 13:03.000 --> 13:06.000 One of the reasons was that because, oh, it's working. 13:06.000 --> 13:07.000 Yes. 13:07.000 --> 13:09.000 And I'm authenticated already. 13:09.000 --> 13:13.000 That's a bummer. 13:13.000 --> 13:17.000 So let's go here for instance. 13:17.000 --> 13:19.000 So, yes. 13:19.000 --> 13:23.000 So this is the main instance, let's say, of the air. 13:23.000 --> 13:28.000 Yeah, I've got the idea we used to, I mean, to show to the people the thing. 13:28.000 --> 13:31.000 And it's by default blocked. 13:31.000 --> 13:35.000 And the thing interesting is that I was talking about authentication. 13:35.000 --> 13:40.000 But one of the things that is very nice about this is, if you see one anonymous, 13:41.000 --> 13:47.000 it means that this actually, let's try it again. 13:59.000 --> 14:00.000 And boom. 14:00.000 --> 14:03.000 I'm authenticated and I can, oops. 14:03.000 --> 14:05.000 Brows this. 14:06.000 --> 14:08.000 I can, I don't know. 14:08.000 --> 14:11.000 Let's see our difficult, for instance. 14:11.000 --> 14:19.000 Papa, I have my logs, I have my trees, I have my fires, I can. 14:19.000 --> 14:21.000 It's very difficult. 14:21.000 --> 14:24.000 It's a projector here. 14:24.000 --> 14:30.000 So, this thing, as was noticed, is also doubles as about protection. 14:30.000 --> 14:34.000 Because, unfortunately, you probably have realized, if you try to host anything on the web, 14:34.000 --> 14:36.000 I don't know the last few years. 14:36.000 --> 14:44.000 The cost and spam from AI scrapers and whatnot is not very nice to say. 14:44.000 --> 14:49.000 And since we're also trying to run this on various more machines with, I mean, 14:49.000 --> 14:51.000 not lots of resources. 14:51.000 --> 14:57.000 It was very, very not nice for the lack of a better adjective. 14:57.000 --> 15:01.000 This is the machine dying from AI scraping. 15:01.000 --> 15:05.000 And that's it. 15:05.000 --> 15:08.000 So, we did the live demo about to end. 15:08.000 --> 15:10.000 Last few slides. 15:10.000 --> 15:12.000 God, God of pages. 15:12.000 --> 15:13.000 It's not a thing. 15:13.000 --> 15:14.000 It's not a name. 15:14.000 --> 15:17.000 It was just the funniest thing I could think for a title. 15:17.000 --> 15:20.000 Another new feature that we introduced. 15:20.000 --> 15:26.000 And it's available from today, because Stefan did the release just a couple of hours ago. 15:27.000 --> 15:34.000 Is the fact that God would be now is also able to serve files from branches and get. 15:34.000 --> 15:36.000 So, if you have a user, you know, get up pages. 15:36.000 --> 15:42.000 You know that you can commit or your HTML and generate the pages on a certain branch. 15:42.000 --> 15:45.000 And then automatically works. 15:45.000 --> 15:49.000 And God would be, you can do more or less the same. 15:49.000 --> 15:53.000 We have more knobs that you can use, for instance. 15:53.000 --> 16:00.000 You can just serve the, your static content under a specific prefix. 16:00.000 --> 16:06.000 So, you can have both your God would be and the preview of a website running on the same. 16:06.000 --> 16:08.000 Beautiful, for instance. 16:08.000 --> 16:10.000 And it respect the authentication. 16:10.000 --> 16:14.000 Now, I show you the authentication only with the, only with the anonymization. 16:14.000 --> 16:16.000 So, like everyone can do that. 16:16.000 --> 16:19.000 But we have some ACL in there. 16:19.000 --> 16:23.000 You can say, this user can only see this, this and that repository. 16:23.000 --> 16:27.000 And it's only allowed to read or it's also allowed to write. 16:27.000 --> 16:29.000 And that kind of thing. 16:29.000 --> 16:31.000 Then closing. 16:31.000 --> 16:32.000 Future work. 16:32.000 --> 16:37.000 Well, this is a wish list, basically, because it's a usual thing. 16:37.000 --> 16:40.000 You know, a lot of things you want to do. 16:40.000 --> 16:42.000 And then sometimes you manage to do them. 16:42.000 --> 16:45.000 Sometimes they just stay there until until you manage to do them. 16:45.000 --> 16:51.000 So, one other thing that we probably will spend some time in the future in God with these in 16:51.000 --> 16:52.000 Proof Caching. 16:52.000 --> 16:58.000 Because we have caching inside the library, inside the internal library that we use. 16:58.000 --> 17:02.000 We have a lot of caching in different places for objects and whatnot. 17:02.000 --> 17:06.000 But the problem is that God with these always closing and re-opening your repository. 17:06.000 --> 17:11.000 So, every time it throws away the cache and that's kind of a bummer. 17:11.000 --> 17:20.000 And then, well, if you've seen the web page, we have a lot, a lot to improve in the overall UI of it. 17:20.000 --> 17:27.000 And I don't know, more nice thing like an outside-by-side-ive, so some kind of integrations. 17:27.000 --> 17:30.000 And yeah, a bit of a rush, but there was all. 17:30.000 --> 17:34.000 If you have any question, I would be very happy to answer them. 17:34.000 --> 17:40.000 Otherwise, I put some links for, I mean, my come on Macedon. 17:40.000 --> 17:41.000 Macedon. 17:41.000 --> 17:42.000 They got our back out of Macedon. 17:42.000 --> 17:44.000 The web page of the project. 17:44.000 --> 17:47.000 They got our homepage. 17:47.000 --> 17:52.000 And the main list in case you're interested to join and see. 17:52.000 --> 17:53.000 Hi. 17:53.000 --> 17:56.000 Thank you.