Development

Is it FileTea time?

File transfer may have been one of the original purposes of the Internet (along with remote login), but all these years later it still isn't simple. There are a wealth of no-cost file-sharing services built on top of Amazon's cloud computing and storage services, but as with most "freemium" business models, they impose usage restrictions — as well as not being free software. GNOME's Eduardo Lima unveiled a clever alternative on September 1, an AGPL-licensed project called FileTea that permits direct peer-to-peer file transfers through an HTTP gateway.

Apart from the the obvious licensing distinctions, FileTea differs from other web file-sharing services in one important respect. The FileTea server process does not store the transferred file at all. Rather, it links together an HTTP upload of the file from the sender's PC or device and an HTTP download of the file to the recipient. When user A adds a file to the service, the server generates a temporary short URL link that the user can send to his or her friends. Anyone with the URL can start downloading the file, and it will be transferred from user A's computer.

This means that user A must keep the FileTea page open, of course, or else the connection will be broken and any partial transfers aborted. The uploading (or "seeding") user also uses bandwidth for every transfer, unlike with remote-upload services, and the server itself racks up twice the bandwidth charges by virtue of funneling both the incoming and outgoing connection.

On the other hand, no storage is required on the server, and the short URLs do not need to be persistent. Any file type is equally supported, and there is no inherent limit on the size of the individual files that can be exchanged. A standard web browser is the only client-side tool required, and no special plugins are necessary. Right now only HTTP connections are supported, but HTTPS support is in development. Similarly, although at the moment only "one-hop" connections are permitted, the technique can be extended to relay connections between FileTea peers.

The transient nature of file sharing with FileTea can be a big plus. The simple use case is one user slapping up the file, pinging a colleague over email or IM with the URL, and then taking the file down immediately after the download is complete. The process is simpler than sharing a file over Bittorrent, which requires Bittorrent client software and publishing or announcing a URL that third parties could see. Especially in a one-to-one file transfer scenario, FileTea has less overhead.

Makin' tea

The FileTea source code is hosted at Gitorious, but to get a feel for how the system operates there is a demo server running at FileTea.me. The bandwidth is provided gratis by Lima's employer, Igalia, however, so it would be impolite for the community to run up their bill by using it as if it were a full-fledged product.

The FileTea process itself is a small web server, although you can configure it to use another, external web server to host the HTML, CSS, and JavaScript interface. The front-end allows you to "add" multiple files, each of which gets assigned its own short URL. It would be inaccurate to call it "uploading" each file, since there is no transfer until someone attempts a download. The original file name, size, and MIME type are displayed next to the URL for easy reference. You can also remove files from the currently-shared-file list, and if you navigate away from the page while you have files shared, a friendly pop-up warns you they will disappear if you do so.

The front-end is essentially the same for users downloading a file through one of the short URLs. A second tab labeled "Download" shows the files being transferred, but the "Share files" tab used to add files is there, too. Since all users are anonymous, every visitor can both upload and download.

The web interface is built with jQuery, but the FileTea server is a different beast. It is a compiled executable that depends on EventDance, a peer-to-peer communication C library also written by Lima. EventDance itself uses GLib and GObject. It is designed to provide a transport mechanism for remote "peer" nodes — in FileTea's case, between the client-side page and the server.

But because EventDance treats all peers as equals, it is relatively easy to extend FileTea's file transport to relay connections between FileTea servers and federate file-sharing. EventDance's abstraction layer also makes it easy to add HTTPS support in addition to HTTP. Lima said he is working on both features. Federation is working in a private branch, but the emphasis is on HTTPS.

On the other hand, GLib may not be a common package on web hosting plans, and many hosting providers have restrictions on what custom code they allow. As a result, testing a publicly-accessible FileTea service is out of the reach of some users.

Security

Without persistent storage and permanent links, there is no need to maintain a database of user accounts. This allows a FileTea server to offer an essentially anonymous file-sharing service: the recipients of a file can observe only the connection between their machine and the server, not the origin of the file. So if the short URL is distributed anonymously, determining the source of the file would require compromising the server or sniffing its connections.

The short URL codes are generated by a hash function. On an extremely busy FileTea server, an attacker could brute-force guess some URLs of shared files, but the server can be configured to generate longer hash strings to make this more difficult (currently between 5 and 40 characters long, defaulting to 8).

Due to the anonymizing effects of the FileTea server, passively collecting data on a remote file provider or downloader is virtually impossible. However, because file seeders can observe when their local shared file starts an outgoing transfer, the seeder does have some information about when and how many times a file is accessed. File leechers, for their part, must remain vigilant to disguised malware in the file payload — the FileTea server does not authenticate the contents of transferred files.

Although FileTea does not require user accounts, it does obviously make connections to both the uploader's and downloader's machines, and a server could collect all sorts of data about visitors. On top of that, a server could save the actual file contents — it is up to the user to determine if a particular site is trustworthy.

Stirring up more

Lima described HTTPS support as the next "urgent" feature occupying his time, but there are a few others still to come before FileTea would be advisable for general usage. The first is a way for users to set upload bandwidth limits. Lima said that the server-side bandwidth controls are already in place. "It is a built-in feature of all EventDance connections and services. But I want to add UI controls to allow users ([especially] seeders) to limit their bandwidth, because one could easily run out of outbound bandwidth while someone is sucking files from you".

For now it is also not possible to combine multiple files into a single download link. Of course, you can always tar or zip them together and share the archive file, but it is possible to select and upload multiple files separately with HTTP — the trick would just be to implement it in FileTea without overly complicating the workflow. One might speculate that the FileTea HTTP server could employ gzip compression on file transfers (which it does not currently) to save bandwidth, but that might not be of much practical value. Gzip performs best on uncompressed data like HTML and other text-based formats. Files large enough to warrant direct transfer are more likely to be in an already-optimized format (e.g. TIFF images or Vorbis audio), where gzip compression is likely to add bandwidth — not to mention processor — overhead.

Even today without HTTPS support, running your own FileTea server is a compelling alternative to the commercial file sharing services. Your files are not stored "in the cloud" or anywhere else, you can observe when they are downloaded, and you can take them down as soon as they are no longer necessary. You also do not have to register with a third-party to get started, and your transfer speed is as fast as your upload connection allows.

In my estimation, HTTPS is a necessary bullet point for many users, but the real moment of truth will be when peer-to-peer relaying hits. That feature has the potential to open up entirely new uses for web-application-based file sharing. With multiple hops, a popular FileTea service could implement load balancing, or a privacy "cloud" akin to Tor. Lima said he is continually getting suggestions from users for "cool features", including end-to-end encryption done in JavaScript. But the core functionality is already useful, provided that you are aware of the security implications, and everyone on the Internet does not hit the Igalia-provided demo server all at once.

Comments (3 posted)

Quote of the week

-- Adam Williamson

Comments (none posted)

Apache HTTP server 2.2.21

There is a new release of Apache httpd out there. This one corrects another denial of service vulnerability (it requires both mod_proxy_ajp and mod_proxy_balancer, so it will affect fewer sites) and adds further fixes for the range-request denial of service vulnerability.

Full Story (comments: 2)

BlackHole 2.0

BlackHole is a block device for the NBD protocol that performs data de-duplication. The 2.0 release has been announced; new features include support for multiple LUNs, compression, and encryption.

Comments (none posted)

MongoDB 2.0 released

The MongoDB 2.0 release is out. There are a lot of performance improvements; this release also offers authentication in sharded clusters, journaling enabled by default, improved geospatial support, and more. See the release notes for details.

Comments (none posted)

Nemiver 0.9.0

Version 0.9.0 of the Nemiver graphical debugger is out. "Not only has the code base been completely ported to GNOME 3, but it comes packed with new features like the ability to dynamically position the main elements of the user interface depending on your taste (or screen layout), support of GDB pretty printers, updated translations, and many other incremental improvements and bug fixes."

Full Story (comments: none)

Vincent: Perl 5.16 and Beyond

Perl 5 maintainer Jesse Vincent has posted a lengthy description of where he sees the language going in the future. "Perl 5 is not Latin. It is a living language, still borrowing liberally from...just about everything. Sometimes we borrow the wrong things. Sometimes we borrow things and use them wrong. Sometimes we invent things and later wish we hadn't. Perl has always been something of a packrat, but we're in danger of hitting the point of being diagnosed with a pathological hoarding problem. We need to get better at fixing problems and moving forward without hurting old code." Anybody with an interest in Perl 5 will likely want to read the whole thing.

Full Story (comments: 50)

PostgreSQL 9.1 released

The PostgreSQL 9.1 release is out. New features include synchronous replication, per-column collations, unlogged tables for temporary data, security-enhanced PostgreSQL, and more; see this LWN article for an overview of the 9.1 release and the release notes for details.

Full Story (comments: 54)

Tahoe-LAFS v1.8.3

Version 1.8.3 of the Tahoe LAFS filesystem has been released fixing a vulnerability that might allow an attacker to delete arbitrary files. "This vulnerability does not enable anyone to read file contents without authorization (confidentiality), nor to change the contents of a file (integrity). How exploitable this vulnerability is depends upon some details of how you use Tahoe-LAFS."

Full Story (comments: none)

Veil 9.1.0

Veil is a PostgreSQL add-on meant to provide greater control over access to data. "It provides an API allowing you to control access to data at the row, or even column, level. Different users will be able to run the same query and see different results. Other database vendors describe this as a Virtual Private Database." The 9.1.0 release, described as the first one that is production-ready, is now available.

Comments (none posted)

Development newsletters from the last week

• Caml Weekly News (September 13)
• GCC 4.7.0 status report (September 9)
• PostgreSQL Weekly News (September 11)

Comments (none posted)