You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by Antony Blakey <an...@gmail.com> on 2009/03/02 22:41:32 UTC

Re: Why sequential document ids? [was: Re: What's the speed(performance) of couchdb?]

On 03/03/2009, at 5:20 AM, Chris Anderson wrote:

> On Sat, Feb 28, 2009 at 5:42 AM, Antony Blakey <antony.blakey@gmail.com 
> > wrote:
>>
>> What security issues are you thinking of?
>
> The one where you can tell by looking at a doc, which node it was
> inserted on. I suppose that's not strictly security - more like
> anonymity.

If you want to a feature such as replication tracking i.e. who have I  
replicated from, and how up-to-date am I, the ability to track the  
replication source chould would be a good thing. It would allow a  
computed version-vector form of staleness-tracking.

More would be required than just having a source identifier, because  
you would need to map that identifier to a domain useful to the user,  
but it would be a start.

I wonder if anonymity, even transitive anonymity, is that useful?

Antony Blakey
-------------
CTO, Linkuistics Pty Ltd
Ph: 0438 840 787

It is no measure of health to be well adjusted to a profoundly sick  
society.
   -- Jiddu Krishnamurti

Re: Why sequential document ids? [was: Re: What's the speed(performance) of couchdb?]

Posted by Antony Blakey <an...@gmail.com>.

On 03/03/2009, at 9:49 AM, Chris Anderson wrote:

> It's an information leak if you can tell the originating node because
> of the uuid. If we want an option to flag docs with information about
> the originating node, we should add that. Also, the doc.id isn't the
> right place for this, as what you want to know is the origination of
> updates, not documents.

Yes, sorry, I was confused - I thought we were talking about  
update_seqs.

Antony Blakey
-------------
CTO, Linkuistics Pty Ltd
Ph: 0438 840 787

One should respect public opinion insofar as is necessary to avoid  
starvation and keep out of prison, but anything that goes beyond this  
is voluntary submission to an unnecessary tyranny.
   -- Bertrand Russell

Re: Why sequential document ids? [was: Re: What's the speed(performance) of couchdb?]

Posted by Chris Anderson <jc...@apache.org>.

On Mon, Mar 2, 2009 at 3:13 PM, Antony Blakey <an...@gmail.com> wrote:
> I guess it's a tradeoff between wanting a distributed overview and wanting
> global anonymity. Maybe that's a valid configuration option, rather than
> being policy.

It's an information leak if you can tell the originating node because
of the uuid. If we want an option to flag docs with information about
the originating node, we should add that. Also, the doc.id isn't the
right place for this, as what you want to know is the origination of
updates, not documents.

UUIDs that are consistent per-node are bad not just because you could
trace the node. There is even information leakage if you can tell that
a set of documents originated on the same node.

"Oh, the person who's participating in opposition-party discussions is
the person who filed these taxes."

-- 
Chris Anderson
http://jchris.mfdz.com

Re: Why sequential document ids? [was: Re: What's the speed(performance) of couchdb?]

Posted by Antony Blakey <an...@gmail.com>.

On 03/03/2009, at 9:26 AM, Dean Landolt wrote:

> I can see the point of replication source, but document origination  
> source
> is different than replication source, isn't it?

You are right. However the document origination source is required for  
a useful version vector, because you can then track which peer has how  
much of a source's writes. Which is useful if the source disappears.  
You can then build a distributed picture of the eventual consistency  
status.

> Yes.

I guess it's a tradeoff between wanting a distributed overview and  
wanting global anonymity. Maybe that's a valid configuration option,  
rather than being policy.

Unless a node makes it's identity available in some way other than  
replication, the source is still anonymous because there's no mapping  
of node id to source URL (which might change in any case). To identify  
the node you'd have to find the node, try to replicate from it, and  
get lucky that the id it provides is the one you're looking for.

Antony Blakey
--------------------------
CTO, Linkuistics Pty Ltd
Ph: 0438 840 787

Success is not the key to happiness. Happiness is the key to success.
  -- Albert Schweitzer

Re: Why sequential document ids? [was: Re: What's the speed(performance) of couchdb?]

Posted by Dean Landolt <de...@deanlandolt.com>.

On Mon, Mar 2, 2009 at 4:41 PM, Antony Blakey <an...@gmail.com>wrote:

>
> On 03/03/2009, at 5:20 AM, Chris Anderson wrote:
>
>  On Sat, Feb 28, 2009 at 5:42 AM, Antony Blakey <an...@gmail.com>
>> wrote:
>>
>>>
>>> What security issues are you thinking of?
>>>
>>
>> The one where you can tell by looking at a doc, which node it was
>> inserted on. I suppose that's not strictly security - more like
>> anonymity.
>>
>
> If you want to a feature such as replication tracking i.e. who have I
> replicated from, and how up-to-date am I, the ability to track the
> replication source chould would be a good thing. It would allow a computed
> version-vector form of staleness-tracking.


I can see the point of replication source, but document origination source
is different than replication source, isn't it?

>
>
> More would be required than just having a source identifier, because you
> would need to map that identifier to a domain useful to the user, but it
> would be a start.
>
> I wonder if anonymity, even transitive anonymity, is that useful?


Yes. And not just for copyright infringement apps.