sign in sign up
<<
Home , Arena (web browser), Browser synchronization

KnoW-HoW Mozilla Weave

Browser synchronization and more with Mozilla Weave WEAVING THE WEB Twwx, photocase.com

Mozilla Weave for synchronizes your critical browsing informa- ing on the icon brings up the menu. Then select Sign In…. BY NATHAN WILLIS tion between multiple machines. The setup procedure requires you to agree to the Weave terms of service and he Firefox extension site [1] lists Weave is an ongoing project from create an account at services. mozilla. dozens of synchroni- Mozilla’s Mozilla Labs [2] test bed site, com . When you are configuring subse- Tzation tools. Some sync book- and although the current release focuses quent computers, you will skip the ac- marks with a commercial service, like on synchronization, in the future, Weave count creation step and simply sign in the Web bookmarks site Delicious; oth- will be able to do much more. The un- with your existing credentials. To create ers sync with private storage, such as a derlying engine supports machine-read- your account, supply an address WebDAV or FTP server that you main- able microformats, which makes real and choose a username and password – tain. Weave gives you an option – you data mash-ups possible, and developers the setup wizard is polite enough to can set up a free account at the newly can write add-ons with the help of the check automatically for whether the launched services. mozilla. com, or you Weave API. username you select is available as you can run your own server using the open type, so you can quickly and easily pick source Weave server code. Your initial Getting Weave one that is free (Figure 1). choice does not handcuff you, either – The Weave homepage [3] is where you After you have chosen your account migrating between services. mozilla. com will find the “Getting Started” informa- information, you will then be asked to and a private server is as simple as en- tion and a link to the latest release. The choose an encryption passphrase. This tering your new account credentials and current version is numbered 0.3 and is passphrase will be used to encrypt your performing a sync. the first Weave build open to the public, bookmarks, tabs, and other data before Furthermore, your privacy is protected without having to request participation it is relayed to the Weave server. It is a no matter where you store your remote in the beta testers’ trial. separate secret from the password you data. The Weave extension encrypts ev- To use Weave, you must run the latest selected in the account creation step – erything on the client side with public- betas of Firefox 3.5. From Firefox, you that password is only used to sign in to key encryption before it is transmitted, can visit the Weave page and click and the server and, by necessity, is used for and your key is never sent over the net- install the extension just as you would authentication across the network. Your work. You can use Weave between mul- any other Firefox add-on. Once you re- encryption passphrase is never sent. tiple machines, including not just Firefox start the browser, you will see Weave’s Weave also asks you to name each on desktops and laptops, but the mobile Celtic knot icon sitting in the status bar computer on which you install the ex- browser Fennec as well. at the bottom of the screen. Right-click- tension. Currently, you cannot view or

46 ISSUE 104 JULY 2009 Mozilla Weave KnoW-HoW

control advanced settings on a per-com- check items that you do puter basis, but this type of functionality not want to share. For could be added in the future. example, you might Once your account and encryption want to keep a different passphrase are set up, Weave performs set of bookmarks on an initial sync: itemizing, encrypting, your office desktop, or and uploading your data to your account you might not care to at services. mozilla. com (Figure 2). De- synchronize tabs. pending on how much history you save By default, Weave at- and how many bookmarks you use, this tempts a two-way sync could take several minutes. Subsequent between the local data connections to the sync server only and the data saved on transmit incremental changes, which are the server. When multi- much smaller. ple sets of data are on separate computers, In Sync Weave reconciles them If you use Firefox on just one computer, by combining them into Weave can serve as an off-site backup one set that represents solution, ensuring that you do not irre- the union of all of the trievably lose your bookmarks or saved computers’ data – hope- Figure 1: The account creation wizard helps you seamlessly passwords. To keep multiple Firefox in- fully without dupli- create an account for the services.mozilla.com sync server. stallations in sync, all you need to do is cates, although the sync install Weave on each of them. During engine can occasionally get confused. Additionally, I never found Weave to initial setup, simply choose to enter your In some cases, pooling together all of lose or overwrite a bookmark or saved existing account details (username, pass- the data might not be the behavior you password. It is a bit more difficult to word, and encryption passphrase) rather want. For example, when setting up a track changes mentally in browser histo- than create a new account. new computer, you might want to down- ries between multiple machines, but If you do nothing else, Weave will con- load your existing bookmarks and pass- Weave did successfully sync the distinc- nect to the server once every five min- words, overwriting the defaults installed tive test pages I visited just to observe its utes and exchange encrypted updates to out of the box. Weave lets you do just performance. As an added bonus, I like the data it is tracking for your account. that. On the Data tab of the Weave Pref- that Weave makes tabs from other syn- By exploring the Weave preferences, you erences panel, you can use the Sync chronized computers available as a His- can get more out of it (and better under- Now… button to initiate a sync manu- tory sub-menu; it helps, but without get- stand its inner workings). Open the Pref- ally. The Sync Now tool features a drop- ting in the way of the local browser his- erences panel by right-clicking Weave’s down menu for choosing between two- tory. menu status bar icon (Figure 3) or from way sync, a download-only sync that Firefox’s Tools menu. overwrites locally stored data, and an Weave for the Fennec The Weave Preferences dialog has five upload-only sync that overwrites the tabs: Account, Data, Clients, Add-ons, stored server data. Weave is straightforward to use between and Advanced. Account allows you to In version 0.3, the Sync Now tool also desktops and laptops because you can sign in and out of your connection to the has a non-functional drop-down menu run the same version of Firefox, even on server. Advanced allows you to change for selecting what data types to sync – different operating systems. The Weave the server URL if you are running your although the menu is disabled, you can team wants to bring the same experience own server and use debugging tools, emulate the same behavior by un-check- to mobile devices, beginning with the such as viewing the activity log. Add-ons ing anything you do not want to sync mobile browser Fennec [4]. is currently unused. Clients shows a list from the main Weave Preferences panel So far, official builds of Fennec are of the computers associated with your before initiating the sync. provided only for Nokia’s Maemo-based account (Figure 4). Unless you need to perform a manual tablets. If you have an N800 or The Data tab is where the critical set- sync, you might never know Weave is N810, you can download the latest Fen- tings are (i.e., which data to sync). Al- running. The status bar icon indicates nec package or add the Mozilla though Weave 0.3 syncs only four data whether you are signed in (Figure 6), repository to your tablet’s Application types (bookmarks, browsing history, and the incremental syncs once every Manager. tabs, and saved passwords), you can see five minutes are completely unobtrusive. The same Weave client extension from the grayed-out entries in the Data In my initial tests, performed on Ubuntu works on Fennec as well as Firefox, so tab (Figure 5) that many more are in the 8.10, the only real hiccup was the occa- installation is a snap. Just visit the works, including cookies, saved sional bug in the Firefox beta itself. That Weave homepage on Mozilla Labs and data, search plugins, and extensions. is hardly Weave’s fault, of course, and I click on the download link. Unlike Fire- Before you sync two computers, it is a could detect no discernible slowdowns fox, however, Fennec does not support good idea to visit the Data tab and un- or interference attributable to Weave. the creation of a new services.mozilla.

JULY 2009 ISSUE 104 47 KnoW-HoW Mozilla Weave

erything from ac- The reverse situation is easier to explain. count creation to If you want to share your bookmarks data storage and re- with another Weave user, Weave makes trieval. The data are a duplicate copy of the secret symmetric stored at services. key used to encrypt the bookmark data. mozilla. com in es- Rather than locking the duplicate key sentially a highly with your private key (as with the origi- structured WebDAV nal), the duplicate key is locked with the share. Each data other user’s public key. That ensures type is in its own that only the other user can access it. subdirectory, where The current encryption scheme uses a snapshots and “del- separate secret key for each type of data tas” (changes since – bookmarks, passwords, tabs, and his- the last snapshot) tory. Likely you’ll want to share only a are kept in Java- subset your bookmarks or tabs with oth- Script Object Nota- ers, so the framework is in place in the tion (JSON) files. Weave API to split stored data into sev- The Weave system eral segments, each protected by a dis- is designed so that tinct key – this functionality is not ex- very little of the posed yet in the v.0.3 release. Figure 2: Once your account is verified, Weave performs an initial work is done server- one-way sync, encrypting and uploading all of the sync data from side; this allows the Self-Serve your browser. server to scale up to If you feel daring, you can download the many thousands of Weave server code and set up your own com account, so you must have a work- users. Instead, the client handles most of server. The server is written in PHP, and ing Weave account set up through Fire- the heavy lifting, from encrypting and requires PHP Data Object (PDO) and fox before you begin. decrypting data to deciding how to rec- JSON support. Although Weave is based After you install Weave, restart Fen- oncile changes between the server’s on the same ideas as WebDAV, it is im- nec, then drag the screen to the right to snapshot and local data, depending on portant that you not enable WebDAV reveal the button menu. Now press the the kind of sync to be performed. sharing on the location you plan to use setup button (the one shaped like a Mozilla developer (and early Weave as your Weave server – Weave and Web- gear). From setup, press the slider but- user) Atul Varma took a look around the DAV would interfere with each other. ton to open Fennec’s Preferences. server’s directory structure well before At the Mozilla wiki [5], you will find Weave’s preferences are in the Privacy & the v.0.3 release and shared his insights detailed instructions on setting up a Security section. Press the Details but- on his blog [6]. Unfortunately, for secu- Weave server. At this point in time, the ton, and when prompted, provide your rity reasons, you can no longer log in to installation process is not automated – services.mozilla. com username, pass- services.mozilla. com and peek through you will need to modify the configura- word, and encryption passphrase. Once your user directory as Varma did, but his tion files by hand. A Weave server can Weave successfully authenticates you to is an interesting tour for those curious use a variety of storage back ends, in- the server, it will open up a Preference about the server setup. More details are cluding SQLite and MySQL. The server- page from which you can select the data available as reference material on the side account creation method is not part types to sync, change the client name as- Mozilla wiki, although because the sys- of the basic Weave server, but Perl signed to your tablet, and alter your tem is under development, the docu- scripts are included in the release bun- login credentials. The Sync Now… but- mentation is incomplete. dle, so you can create accounts. When ton is not yet fully implemented in Fen- One of the more interesting aspects of your server is up and running, all you nec, but basic data synchronization is al- Weave’s design is its use of encryption. need to do on the client end is change ready supported. All of your data is stored on the server in encrypted form, but the system actually Behind the Scenes: Client- uses three encryption keys in a clever Server Communication way. A secret, symmetric key is used to Once you have successfully synced your encrypt the data itself. Because it is sym- browsers a few times, you will probably metric, the same key is used to encrypt wonder how the whole process works. and decrypt the data. This secret key is Fortunately, the Mozilla project makes in turn guarded by a public-private key the Weave server publicly pair. You and you alone have access to available and provides documentation the private key, meaning that you can Figure 3: The Weave status bar icon hides a on the API [5]. encrypt the data stored in your account. menu from which you can sign in The Weave client uses requests The public key allows other Weave with your server account, open the exten- to communicate with the server for ev- users to share data securely with you. sion’s preferences, or view the log.

48 ISSUE 104 JULY 2009 Mozilla Weave KnoW-HoW

Figure 4: Weave’s Clients tab in the Firefox Preferences dialog allows Figure 5: The Data tab of the Preferences panel shows not only you to keep track of how many browser instances you have set up in which data types you have selected to synchronize but provides a conjunction with your account. Because you assign the client names window into what data types could be supported in future versions of yourself, choose them carefully. Weave. the account credentials and server URL used to share information with online tions,” Mills added. By building the syn- in each Weave client’s preferences. services, just one way that Weave can chronization and communication infra- integrate services into the browser. For structure into Weave, the service pro- What’s ? Sharing and example, you could sync bookmarks vider has less to do. Weave supports ma- More with a social networking site, said chine-readable microformats, and Mills If you don’t mind running the latest Fire- Weave’s lead developer, Dan Mills, or says upcoming builds will integrate with fox betas, Weave is already a winning notify your Dopplr friends automatically Firefox’s built-in microformat parser. addition to the daily browsing experi- when you make travel arrangements that In the short term, the emphasis is on ence. tools will bring you nearby. “Right now, you maintaining the simple and useful user come and go. Over the years, I have used basically have to do that by hand,” Mills experience. The broader Weave services, Firefox add-ons from at least three said. “The ticket issuing companies and including third-party service integration, sources, and all either ceased to receive Dopplr are two separate silos that don’t are still being fleshed out. In the mean- updates, didn’t work across operating cooperate with each other. Part of what time, you can take advantage of the sync systems, or slowly broke for undiag- we are trying to do is raise the level of platform – across machines, across oper- nosed reasons. In a sense, Weave is innovation on the services by ating systems, and on mobile devices. n merely the latest entrant into the making it so that when a brilliant entre- browser sync contest, but it is special. preneur has an idea for a service that INFO First, it is a Mozilla-sponsored project, ties in to the browser, they can execute [1] Firefox extensions: and second, it is extensible and has the on the area they know best.” https:// addons. mozilla. org potential to do more than preserve book- “Creating an add-on is a sizable ex- [2] Mozilla Labs: http:// labs. mozilla.com marks and browser info. pense and effort from these organiza- As mentioned, Weave’s server-side en- [3] Weave homepage: http:// labs. mozilla. com/ projects/ weave/ cryption scheme anticipates the addition of another major feature: sharing data [4] Fennec on the Weave wiki: between accounts. The simplest case is https:// wiki. mozilla. org/ Labs/Weave/ InstallWeaveFennec bookmark sharing, but considering the Figure 6: Weave’s status bar icon indicates list of data types sketched out in the its status. “Sign in” is displayed when you [5] Weave Server code and documenta- tion: https:// wiki. mozilla. org/ Labs/ Weave roadmap, several are ripe for are not logged in to the Weave synchroniza- Weave/ 0. 3/ Setup/ Server sharing as well – dictionaries, themes, tion server, your username is displayed when and extensions, for example. you are logged in, and the icon changes from [6] Atul Varma’s blog entry about Weave data storage: The same infrastructure that permits the Weave logo to a spinning sync symbol http:// www. toolness. com/ wp/ ? p=41 secure sharing between users could be whenever a sync is in progress.

JULY 2009 ISSUE 104 49