Hackalong 13: Holo Host Deep Dive

Time Stamps of the Q&A on 24 June 2020: https://www.youtube.com/watch?v=bncCRR-L6hQ


Joel U from the Holochain core team discusses the Holoport’s role in running hApps.

1:08. Q: What is the lifecycle of the request and response from the frontend to the Holoport? And how are the public and private keys maintained?

2:45 Request to assume an audience with minimal knowledge of the subject when responding.

3:14 Joel pleas for people to read more detailed written explainations.

3:52 A: From the Web HDK to the I-Frame Chaperone where the keys are made and managed, then to the resolver (maps your host to an application/app ID or DNA).

4:35 Chaperone identifies who is to host.

4:50 Chaperone is connected to the hostbox.

4:55 Envoy runs in the hostbox and makes the call to the conductor running on the holoport.

5:38 Use Web HDK to make the call to the conductor.

5:55 Q: Re-asked to explain further how pubic and private keys are managed.

6:05 A: Chaperone is the secure I-frame that sits in the UI (Browser). Cross Origin Messaging Bus (COMB) to the HDK. Keys live in the secure chaperone.

6:50 All zome calls go through this same cycle

7 :09 Q: Do Holoports run on CloudFair as service runners?

7:20 Q: Is this the map between the application and the host?What are the CloudFair services doing?

7:30 A: CloudFair is the resolver mentioned earlier. Chaperone and resolver talk to decide which host to use.

7:56 Q: What if the Holoport doesn't have the keys for the zome call?

8:25 A: The chaperone handles keys (magic worm hole)then progresses to the envoy. Request comes signed.

9:35–10:28. Q: Explain data protection and privacy on the Holoport.

10:45 A: Having entry-type-encrypted encrypts all entries to the DHT.

11:45 Entry-type-encrypted is a public key

12:30 Hedayet — So Holoport owners can see but not read data.

12:50 Q: When in the process is the encryption applied?

13:07 A: De-encryption happens when the conductor responds back to the zome call.

13:55 Q: Can we assume the same agent address for the same user? Or different instances will have different address from the same user?

14:36–1507 A: Will have the same agent ID because the way you create an agent ID is through email and password which is your Holo Hosting ID (HHID) or the hApp ID. This ID is used to make the keys; this ID can be used on any device to create the same instance.

15:10 In different apps the same user will have different agent IDs if the hApp IDs are used to generate the private key.

16:00 Q: How does the conductor run on a Holoport?

16:30 A: Runs like a normal conductor, nothing special.

17:25 Q: If a Holoport is running many apps how many conductors are running to support?

17:35 A: One conductor runs per Holoport for all users and all applications.

17:45 Q: Explain Bridging.

17:55 A: Bridging doesn’t work between conductors, it happens between applications. Apps that need to bridge must mention each other in the configuration of the conductors.

20:20 Nothing fancy in bridging because you’re running it locally.

20:33 Q: What about a common hApp like Profiles?

20:48 A: They must mention the bridge in the bundle

21:00 Q: Mentioning rather than installing DNAs is already a feature on the conductor?

21:15 Q: Only the Holoports hosting Personas can run other apps?

21:30 A: A DNA can be running without an instance.

22:23 Reference Personas by mentioning but not installing.

22:45 The conductor already knows if you have the DNA installed.

23:05 Add bridging configuration connecting hApp and new hApp IDs.

23:43 Q: Can we assume the conductor will run all the time? Can notifications be pushed from the conductor?

24:15 A: No, we cannot assume the Holoport will always be online.

25:05 In the future hApps can specify Holoport uptime requirements.

25:50 Art wrote papers about push notifications.

26:37 Q: How to retrieve data if a Holoport goes off-line?

26:55 A: Redundancy on five devices through sharding eliminates need for backups

28:20 Q: Can hApps run on a mix of Holoports and other devices?

28:46 A: Yes, hApps can run on both

29:19 Q: In a mobile Holo scenario can an agent participate without holding any of the DHT?

30:23 A: No, everyone has to participate. Can’t say who holds what.

31:02 Q: How does the admin interface work? Is there a way to clone an app on a Holoport?

32:48 Q: Can we set new properties, then clone the DNA?

33:45 A: No access from directly to the admin port but more research needed.

37:49 Clarification on running Personas on multiple Holoports.

36:26 New agent ID will clarify between Holoports.

38:38 Deep Key binds all together

39:07 Deep Key will be on every Holoport.

39:09 Q: Will Deep Key be public?

39:35 Can see data, cant read data

40:17 Q: Bridging harder on Holoport or Holo?

40:28 A: No difference.

41:25 Q: Need to fork Holofuel if the intent is to run a completely independent local internet?

42:00 A: Yes, Holofuel will need to be forked.

42:45 Not based on geography, based on community membership.

43:15 Q: Is there a way to fork global Holofuel?

43:26 A: Yes, but it creates a new DNA.

43:10 Q: Can such a fork bridge back to Holofuel?

43:25 A: Yes, but the original Holo needs to know the new Holofuel wants to bridge. Both must decide.

44:25 Q: Can you make your own parallel Holo?

45:15 A: Yes, but its still connected to the same DHT.

46:26 Q: Where does the encryption and decryption happen?

46:48 A: Encrypted entries are encrypted in the conductor, signing payroll happens in the chaperone.

47:08 Q: Does the conductor hold user’s private key?

47:10 A: No.

47:17 Q: Which private keys are encrypted?

47:34 A: Conductor sends back a request to envoy for the worm hole that signs and sends back in plain text.

48:10 Q: Explain more how private key is handled.

49:30 A: Chaperone generates keys in the I-frame. Zome calls go through the chaperone which is in your browser, then it goes to the envoy.

50:34 Hedayet clarifies that the chaperone is secure and local in the browser.

51:37 Q: What parameters will be able to set on which Holoports are to be used?

52:30 A: Max Holofuel per invoice.

52:54 Service logger is a small DNA in the conductor that tracks the number of zome calls on the host. Once the number is reached then the invoice is issued. One can also set *the max unpaid threshold *how much to charge per unit.

55:12 Q: Geographic settings offered?

55:18 A: Can be offered, however not at this time.

55:48 Q: What about mobile hosting?

56:28 A: No mobile hosting at this time.

56:45 Users can access hApps on mobile browsers.

56:55 Q: Will Holoscape help support mobile?

57:03 A: No, Holoscape only mimics a local conductor.

57:48 Q: Which components are needed on front end for mobile apps?

58:10 A: Web HDK must be included.

59:40 Q: Can we have a separate host?

59:41 A: Yes.

101.05 Can run parallel but will be connected to the conductor.

104:10 Which Holoport is used is random.

107:10 Q: Are their load limits on a Holoport?

107:13 A: Yes, limits on containors and zome calls.

108:08 Q: Plan on using Sim2H in the Holo Alpha Network? How will the bootstrap work?

108:28 A: The same as other Holo apps. Yes Sim2H will be used in Alpha release.

109:10 Q: How does Holo do backup and restore?

109:20 A: No need for backup and restore because of redundancy.