Browser synchronization and more with Mozilla Weave
Behind the Scenes: Client-Server Communication
Once you have successfully synced your browsers a few times, you will probably wonder how the whole process works. Fortunately, the Mozilla project makes the Weave server source code publicly available and provides documentation on the API [5].
The Weave client uses https requests to communicate with the server for everything from account creation to data storage and retrieval. The data are stored at services.mozilla.com in essentially a highly structured WebDAV share. Each data type is in its own subdirectory, where snapshots and "deltas" (changes since the last snapshot) are kept in JavaScript Object Notation (JSON) files.
The Weave system is designed so that very little of the work is done server-side; this allows the server to scale up to many thousands of users. Instead, the client handles most of the heavy lifting, from encrypting and decrypting data to deciding how to reconcile changes between the server's snapshot and local data, depending on the kind of sync to be performed.
Mozilla developer (and early Weave user) Atul Varma took a look around the server's directory structure well before the v.0.3 release and shared his insights on his blog [6]. Unfortunately, for security reasons, you can no longer log in to services.mozilla.com and peek through your user directory as Varma did, but his is an interesting tour for those curious about the server setup. More details are available as reference material on the Mozilla wiki, although because the system is under development, the documentation is incomplete.
One of the more interesting aspects of Weave's design is its use of encryption. All of your data is stored on the server in encrypted form, but the system actually uses three encryption keys in a clever way. A secret, symmetric key is used to encrypt the data itself. Because it is symmetric, the same key is used to encrypt and decrypt the data. This secret key is in turn guarded by a public-private key pair. You and you alone have access to the private key, meaning that you can encrypt the data stored in your account.
The public key allows other Weave users to share data securely with you. The reverse situation is easier to explain. If you want to share your bookmarks with another Weave user, Weave makes a duplicate copy of the secret symmetric key used to encrypt the bookmark data. Rather than locking the duplicate key with your private key (as with the original), the duplicate key is locked with the other user's public key. That ensures that only the other user can access it.
The current encryption scheme uses a separate secret key for each type of data – bookmarks, passwords, tabs, and history. Likely you'll want to share only a subset your bookmarks or tabs with others, so the framework is in place in the Weave API to split stored data into several segments, each protected by a distinct key – this functionality is not exposed yet in the v.0.3 release.
Self-Serve
If you feel daring, you can download the Weave server code and set up your own server. The server is written in PHP, and requires PHP Data Object (PDO) and JSON support. Although Weave is based on the same ideas as WebDAV, it is important that you not enable WebDAV sharing on the location you plan to use as your Weave server – Weave and WebDAV would interfere with each other.
At the Mozilla wiki [5], you will find detailed instructions on setting up a Weave server. At this point in time, the installation process is not automated – you will need to modify the configuration files by hand. A Weave server can use a variety of storage back ends, including SQLite and MySQL. The server-side account creation method is not part of the basic Weave server, but Perl scripts are included in the release bundle, so you can create accounts. When your server is up and running, all you need to do on the client end is change the account credentials and server URL in each Weave client's preferences.
What's Next? Sharing and More
If you don't mind running the latest Firefox betas, Weave is already a winning addition to the daily browsing experience. Browser synchronization tools come and go. Over the years, I have used Firefox add-ons from at least three sources, and all either ceased to receive updates, didn't work across operating systems, or slowly broke for undiagnosed reasons. In a sense, Weave is merely the latest entrant into the browser sync contest, but it is special. First, it is a Mozilla-sponsored project, and second, it is extensible and has the potential to do more than preserve bookmarks and browser info.
As mentioned, Weave's server-side encryption scheme anticipates the addition of another major feature: sharing data between accounts. The simplest case is bookmark sharing, but considering the list of data types sketched out in the Weave roadmap, several are ripe for sharing as well – dictionaries, themes, and extensions, for example.
The same infrastructure that permits secure sharing between users could be used to share information with online services, just one way that Weave can integrate services into the browser. For example, you could sync bookmarks with a social networking site, said Weave's lead developer, Dan Mills, or notify your Dopplr friends automatically when you make travel arrangements that will bring you nearby. "Right now, you basically have to do that by hand," Mills said. "The ticket issuing companies and Dopplr are two separate silos that don't cooperate with each other. Part of what we are trying to do is raise the level of innovation on the services arena by making it so that when a brilliant entrepreneur has an idea for a service that ties in to the browser, they can execute on the area they know best."
"Creating an add-on is a sizable expense and effort from these organizations," Mills added. By building the synchronization and communication infrastructure into Weave, the service provider has less to do. Weave supports machine-readable microformats, and Mills says upcoming builds will integrate with Firefox's built-in microformat parser.
In the short term, the emphasis is on maintaining the simple and useful user experience. The broader Weave services, including third-party service integration, are still being fleshed out. In the meantime, you can take advantage of the sync platform – across machines, across operating systems, and on mobile devices.
Infos
- Firefox extensions: https://addons.mozilla.org
- Mozilla Labs: http://labs.mozilla.com
- Weave homepage: http://labs.mozilla.com/projects/weave/
- Fennec on the Weave wiki: https://wiki.mozilla.org/Labs/Weave/InstallWeaveFennec
- Weave Server code and documentation: https://wiki.mozilla.org/Labs/Weave/0.3/Setup/Server
- Atul Varma's blog entry about Weave data storage: http://www.toolness.com/wp/?p=41
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
News
-
System76 Teams up with HP to Create the Dev One Laptop
HP and System76 have come together to develop a new laptop, powered by Pop!_OS and aimed toward developers.
-
Titan Linux is a New KDE Linux Based on Debian Stable
Titan Linux is a new Debian-based Linux distribution that features the KDE Plasma desktop with a focus on usability and performance.
-
Danielle Foré Has an Update for elementary OS 7
Now that Ubuntu 22.04 has been released, the team behind elementary OS is preparing for the upcoming 7.0 release.
-
Linux New Media Launches Open Source JobHub
New job website focuses on connecting technical and non-technical professionals with organizations in open source.
-
Ubuntu Cinnamon 22.04 Now Available
Ubuntu Cinnamon 22.04 has been released with all the additions from upstream as well as other features and improvements.
-
Pop!_OS 22.04 Has Officially Been Released
From the makers of some of the finest Linux-powered desktop and laptop computers on the market comes the latest version of their Ubuntu-based distribution, Pop!_OS 22.04.
-
Star Labs Unveils a New Small Format Linux PC
The Byte Mk I is an AMD-powered mini Linux PC with Coreboot support and plenty of power.
-
MX Linux Verison 21.1 “Wildflower” Now Available
The latest release of the systemd-less MX Linux is now ready for public consumption.
-
Microsoft Expands Their Windows Subsystem for Linux Offerings With AlmaLinux
Anyone who works with Windows Subsystem for Linux (WSL) will now find a new addition to the available distributions, one that’s become the front-runner replacement for CentOS.
-
Debian 11.3 Released wIth Numerous Bug and Security Fixes
The latest point release for Debian Bullseye is now available with some very important updates.