README

Askemos or what is freenet good for?

The Global Computer is not an object but a feature.

[Ben Howell Davis]

- an attempt to summarize the notes ahead, which shall become a documentation -

Conceptually the Askemos server is an autonomous, distributed operating system (or agent execution environment) on top of peer to peer networks which significantly raises the level of abstraction in comparison with today's operating systems.

Askemos has some outstanding features: a virtual machine at document level, an access control system modelled after general key systems without a super user to hack, has persistant processes and it works fully ansynchronous implicitly parallel computing as much as possible.

As distributed storage media like freenet mature, we ask what utility could be derived from them. First in mind are cultural values like freedom of information and censorship resistance but these motivation reach only a part of the prospective audience.

Distributed storage media viewed as simply storage we find two pleasant but not strictly required properties: network transparency and anonymity. This means that a) data can be handled regardless of it's "whereabouts" and b) illicit observation is impossible.

Are there any reasons not to store all data principally in such media? What has to be done to make this practical?

Let's assume for now that these question can be solved and ask further, what the utility was. The omnipresence of all files from all computers connected to the net at all other computers seems not straight desirable, not even if they are allways encrypted. But we can imagine that terminal equiments (e. g., personal computers, mobile phones etc.) can receive their own "desktop" (and only that one) after authorization.

That's already a progress, though not a new quality. But what is the own desktop? Files and program state. If those where continuously written into distributed storage (in adequate short intervals, e.g., for desktop applications after each mouse click) than all terminal equipment could be switched to all applications in the state as it was when used last time. In case of a broken device (blue screen) use continues at exactly the point where the device broke. Data integrity strives towards 100%.

Now as all the data is already in the common storage, new applications are possible not only at the terminal equipment but also at the "server side". Those applications range from groupware calendar and will make email a communication media of historical interest because those applications can use the data the same way user equipment can.

All data everywhere - always; restricted only by the keys of the owners.

Sure one wants to treat applications at such kind of servers with a healthy distrust. After all we imagine cheap off the shelf installations or devices, not expensivly certified exclusive installations. Following the principle of distributed storage, we can also redundantly distribute the program execution among several machines. Their program state was already distributed anyway.

With at least three machines voting on each and every change, defective devices can't cause malfunction until their percentage becomes quite high.

That way the network as a whole will function for the users as if it was a huge single computer, at each terminal. You save endless hours of installation and backup. Simply switch on the new machine, install a key, give the password, done. a new freedom.

Now a new kind of "provider networks" can offer capacity from networks of servers, which are mutual certified to run trustworthy. Those networks would run customer applications. Becoming a provider will be just as easy: install the software, generate a key, done.

What does Askemos do for it?

Askemos implements a virtual execution environment as described above.

The current implementation is an application server as much as emacs is a text editor. Like emacs it is a) a LISP programming environment (actually not LISP but DSSSL, a pure functional subset of Scheme, which is a LISP dialect and it's successor XSLT) b) acts like an operating system c) integrates with everything and d) is available under a free license. An alternative understanding is that of a XML object database with stored procedures in XSLT.

Mandatory is a simple rights and capability system, which works without central authority and still can deliver complicted real world situations.

Terminal equipment is currently connected via HTTP and SMTP. More protocols will come.

All data and program state is kept in XML structures (suitable for storing in documents "everywhere"). Those are kept in either an native XML object store (high performace) and/or in ordinary files.

Voted execution (byzantine protocols) works but is not yet well documented.

Askemos provides a scripting environment, which is always kept persistent. Additionally all application code (and most kernel code) ist purely functionally programmed. That's of mediate utility: functional programing works somehow like mathematic and is currently prerequisite for formal verification correctness of program code.

At Mar 2002 the Askemos implementation on a Pentium ii 300 Mhz laptop with 196 Mbyte ram did 625 data changes (data base commits) writing both 1105546 bytes into plain xml files (using usual rename tricks to make changes atomic) and 585728 byte native repository in 82 seconds. (All requests via http, one internal forwarding via xslt - hence somehow two requests in one.) This gives a rate of 7.6 requests per second. With voted computation the rate drops to aproximately 2 commits per sec.

   overview/index.html
   FAQ PrimaryTextLanguage
   mechanism/nu.scm (more comments than source there).
   BUGS TODO
   listing.ps ($ make listing.ps first, odd pages also in l1.ps even
               pages in l2.ps)
   CodingStyle

   TODO: add the web references

    A lot of neural network stuff, also some on cognition.
    http://www.cs.utexas.edu/users/nn/pages/publications/abstracts.html

1. RScheme version 0.7.3.4-b8 or above

   On debian don't forget to install the required -dev packages, e.g., zlib1g-dev for compressed repositories.

   There's a port to Chicken Scheme on the way; but not yet ready to be released.

   A port to the chicken compiler is not yet completed. We need persistent storage for all scheme data except procedures (though they would be nice).

2. OpenSSL. (Used to be semioptional; Askemos works with degraded security for humans who are not allowed, to use cryptography and signatures. However the current build depends on it. Will become optional again.)
3. PostgreSQL client library.

4. MySQL client library from http://www.mysql.com/ . Tested with version 3.23.43-3 to 5.0.18 (TODO make this a configure time option).

5. sqlite3 library version 3.3.8 or above
6. The pcre library from http://www.pcre.org/ with utf-8 support enabled (TODO make this a configure time option).
7. libmagic
8. A ntp server http://www.ntp.org (nodes need resonable synchronized time). optional recommended
9. on FreeBSD cups-base package (for /usr/local/etc/cups/mime.types)
10. optional: htmldoc http://www.htmldoc.org/
11. optional: zip/unzip
12. optional: fusedav; bus use our fixed version for now
13. optional: Jeff Kingston's Lout as formatting engine

app - user applications to test, teach and explore features; all
   taste no principles
     + xslt-latch     - keeps the data of last write message
     + xslt-user      - entry point, sees some http
     + xslt-addrdb[2] - simple address data base demo
     + xslt-edit[2]   - Web-Editor
     + stylelib       - Wiki content with code samples

 policy - "common code"; code of stuff users usually agree upon because
   "it's normal"; social mechanism for communication; that's what's
   all about; Yang; still looking for better description;
     + nu                 - text, draft and name space handling, a
                            cross between wikiweb and wrapbit.
                            Parts: nu.*, NuNu*and nunu-edit.scm
     + bopcntrl           - ball operation control (web) interface
     + trstctrl           - X509 certificate management
     + metaview/metactrl  - "standard debug support"
     + jerry-notes        - askemos.org wiki content
     + create-entry       - create new local user entry point

 mechanism - "low level" source code; not "point of view" specific; no
   social, philosophical ideas here; Yin.
     + util (stuff, which did not fit elsewhere)
     + timeout (application level restrictions)
     + srfi (srfi implementations if not provided by uderlying scheme)
     + notation - parsers and formatters
                + lalr parser generator
                + xml -
                      + render
                      + parse (fast, sloppy, non-validating, html)
                + htmlprag http://www.neilvandyke.org/htmlprag/ .
                + sgml (using nsgmls)
                + lout (TextFormattingSystem)
                + mime (including htmldoc support)
                + xpath
                + rfc822
     + function - interpreters/ transformers, functions
                + scheme  - quasi-DSSSL environment
                + interp  - general, language independant intepreter core
                + xslt    - XSLT and quasi-DSSSL implementation
                + xsql
                + memoize - caching of computations
     + protocol - network etc. protocols
                + http + webdav
                + smtp
     + storage - data storage adaptors
               + pstore   - rschemes persistent store
               + fsm      - FileSystemMirror
               + freenet  - FreeNet FCP adaptor (comming)
     + tree               - build and walk tree data DSSSL alike, SXPath
     + place              - The place abstraction, messaging and transactions
     + nunu               - meta data at work most of the CoreAPI
     + methods            - find actions action.dtd conform documents
     + step               - voted computation ByzantineAgreement
     + main.scm           - high level utilities,
                            operation control thread,
                            debug access (evaluate expressions
                            inside the running program)

 rscheme - rscheme specific code
     + askemos-boot - rscheme system image source
     + heartbeat.c  - driver wraper and watchdog
     + dns          - asynchronous dns resolution
     + match-*      - rscheme port of A. Wrights match syntactic extension
     + lalr*        - parser generator (bison port)
     + library      - required parts from the rscheme/library source

 chicken - chicken specific code (separate distribution)
     + extend       - macros to be loaded via "-extend extend.scm"
     + cndtnhndlng  - SRFI34, SRFI35
     + environments - envt's for evalutors
     + sslsocket    - ssl client/server via separate sslmgr binary
     + timeout      - time restricted execution

  $ make start

  $ make start-production

Access http://localhost:7080/ (or whatever you configured) anonymous or http://localhost:7081/ with user name "gonzo" password "oznog".

• Better keep it on a terminal to watch log output for now.
• Start with understanding the applications in the "app" directory.
• Exploring the system inside (only recommended if you need to debug the server, not you applications - but "sparse" error messages might still force app developers to know how to do it):

       $ telnet <host> 7070

  (The number 7070 is the eval-server-port as defined in mechanism/debug-access.scm)

  See the prompt ";; Nu". Type valid scheme expressions at the next line. Be careful, doing so might corrupt your data base if you accidentally keep references to objects in the data base over garbage collection time in the persistent store. If you don't understand what I'm talking about: just explore it but refrain from modifying the data base and you're safe.

  You M U S T N O T run the debug access at any production system! you definitely don't want to do that, it breaks each and every safety measurement.

• (X)Emacs uses want to customize wiki-remote (see SystemRequirements) it really eases the edit/test cycle. xemacs+wiki-remote are not SSL aware. As a work around it is recommented to use ssh port forwarding with plain http.