Pages:
Author

Topic: Why is OpenSSL needed in the official client? - page 2. (Read 4115 times)

legendary
Activity: 1064
Merit: 1001
September 29, 2012, 02:41:48 PM
#46
I do not know if this was mentioned already but it is important. Any bitcoin implementation that does not use OpenSSL must be compatible with OpenSSL if it is doing full validation of the block chain. The reason is because OpenSSL has a broken version of ECDSA, ie. it doesn't follow the ECDSA standards and does it own thing.

HOLY!!!!!

Thanks for this heads up!!!!
legendary
Activity: 1190
Merit: 1004
September 29, 2012, 02:09:27 PM
#45
I do not know if this was mentioned already but it is important. Any bitcoin implementation that does not use OpenSSL must be compatible with OpenSSL if it is doing full validation of the block chain. The reason is because OpenSSL has a broken version of ECDSA, ie. it doesn't follow the ECDSA standards and does it own thing. Other ECDSA implementations may not take the OpenSSL differences into account and if a bitcoin implementation does not successfully implement ECDSA as OpenSSL does, then it could allow someone to create a fork between the two implementations.
legendary
Activity: 1064
Merit: 1001
September 29, 2012, 01:40:55 PM
#44
The only thing being written would be byte sequences.

I've done that myself. I have a few projects where all I have are a handful of blobs, without any structure to the data. I still use SQLite because it is transactional and preserves the integrity of the writes, without me having to roll my own solution. LevelDB is a good alternative for that as well but if you ever want to start using relational database features then you'd either need two DBs or migrate code (both of which are acceptible, if you absolutely need relational features).
legendary
Activity: 1072
Merit: 1181
September 29, 2012, 01:36:55 PM
#43
In my opinion, even sqlite is overkill for the wallet. It's yet another dependency (something you don't like, right?)

I use SQLite for all document formats, no matter how simple. Because it is transactional, robust, and performs well. I have taken the soci C++ wrapper and remodeled it to provide a very nice system of binding to C++ that takes advantage of all the object oriented metaphors. So it is simple to map primitive data types and object types to and from database entries.

Good for you, but it certainly doesn't convince me for the wallet use case. The data being stored in there consists of complex data structures (keys, transactions), for which a serialization framework already exists. The only thing being written would be byte sequences. The advantage of SQL-based systems is easier aggregation of data from the database, but if the database layer can't inspect the data, that doesn't make much sense.

You could write an SQL-based wallet implementation that splits out wallet information over several SQL tables (I believe genjix' libbitcoin does that), and take advantage of what SQL adds, but at that point I think you need to rewrite the wallet implementation pretty much from scratch.

Quote
As for integration and dependencies, SQLite is quite easy to integrate it comes as a single .c / .h file pair that you just add to your existing project. No Makefile, no build settings, nothing.

I still prefer not needing to integrate anything at all.

Quote
Let me point out that I don't like external dependencies. My opinion is that a repository should stand on its own. This is done by bringing in the sources for external dependencies directly into the source tree for the repo (I use "git-subtree" for that). I'm not a fan of using dynamic libraries at all.

Yes, this is what we're going to do for LevelDB, as it doesn't even come as a dynamic library. Dependencies certainly complicate development - especially for portable applications - but in some cases there is just no better solution.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 29, 2012, 01:27:41 PM
#42
In my opinion, even sqlite is overkill for the wallet. It's yet another dependency (something you don't like, right?), and all we need is a simple key-value store that is read at startup and loaded into memory. Probably we'll move to a very simple custom append-only format with checksums.

For the blockchain: performance. LevelDB is exactly what we need: not more than a key-value store with atomic writes, with very good performance and consistency.

Agreed - the simpler the better IMO (have developed my own object DB but have yet to make it ACID).

I use SQLite for all document formats, no matter how simple. Because it is transactional, robust, and performs well. I have taken the soci C++ wrapper and remodeled it to provide a very nice system of binding to C++ that takes advantage of all the object oriented metaphors. So it is simple to map primitive data types and object types to and from database entries.

As for integration and dependencies, SQLite is quite easy to integrate it comes as a single .c / .h file pair that you just add to your existing project. No Makefile, no build settings, nothing.


Also agreed - you might be interested to take a look at the DB I developed as it works with streaming operators and fits very nicely with C++.
legendary
Activity: 1064
Merit: 1001
September 29, 2012, 01:23:56 PM
#41
In my opinion, even sqlite is overkill for the wallet. It's yet another dependency (something you don't like, right?)

I use SQLite for all document formats, no matter how simple. Because it is transactional, robust, and performs well. I have taken the soci C++ wrapper and remodeled it to provide a very nice system of binding to C++ that takes advantage of all the object oriented metaphors. So it is simple to map primitive data types and object types to and from database entries.

As for integration and dependencies, SQLite is quite easy to integrate it comes as a single .c / .h file pair that you just add to your existing project. No Makefile, no build settings, nothing.

Let me point out that I don't like external dependencies. My opinion is that a repository should stand on its own. This is done by bringing in the sources for external dependencies directly into the source tree for the repo (I use "git-subtree" for that). I'm not a fan of using dynamic libraries at all. For desktop applications I much prefer to have everything "baked in" to a single .exe. Then there is no question about what people are running. Yes it is true that if there is a security vulnerability the software needs to be updated (you can't just update some shared .DLL) but I prefer this over the alternative.

To build an application it should be possible to clone the repository, open the associated IDE project file (Xcode or Visual Studio), press "Build", and get a correct result. Nothing more. No extra tools (no Python, no CMake, no Perl, nothing).
legendary
Activity: 1072
Merit: 1181
September 29, 2012, 01:21:33 PM
#40
Why not sqlite for the wallet (and maybe the blockchain) ?

In my opinion, even sqlite is overkill for the wallet. It's yet another dependency (something you don't like, right?), and all we need is a simple key-value store that is read at startup and loaded into memory. Probably we'll move to a very simple custom append-only format with checksums.

For the blockchain: performance. LevelDB is exactly what we need: not more than a key-value store with atomic writes, with very good performance and consistency.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 29, 2012, 01:14:16 PM
#39
SQLite works great with multithreaded apps you just need to set the appropriate locking model option. If you mean concurrency in the sense of different processes accessing the same database then yeah I agree (but that's not SQLite's target audience).

Interesting - my problem was actually with multi-threading not different processes - will have to look into that again if they have improved the locking (I last looked at that a few years back).
legendary
Activity: 1064
Merit: 1001
September 29, 2012, 01:09:26 PM
#38
I was quite impressed with SQLite (used to use it for my own project although unfortunately it's not designed for concurrency due to its rather global locking approach).

SQLite works great with multithreaded apps you just need to set the appropriate locking model option. If you mean concurrency in the sense of different processes accessing the same database then yeah I agree (but that's not SQLite's target audience).
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 29, 2012, 01:04:43 PM
#37
Why not sqlite for the wallet (and maybe the blockchain) ?

Although not familiar with LevelDB I can say I was quite impressed with SQLite (used to use it for my own project although unfortunately it's not designed for concurrency due to its rather global locking approach).
legendary
Activity: 1064
Merit: 1001
September 29, 2012, 01:02:33 PM
#36
Why not sqlite for the wallet (and maybe the blockchain) ?
legendary
Activity: 1072
Merit: 1181
September 29, 2012, 12:58:18 PM
#35
What are the advantages of LevelDB vs BDB?

Faster, less prone to corruption (in our setting), better compatibility between versions. At least, hopefully.

Also see this SE question.
hero member
Activity: 900
Merit: 1014
advocate of a cryptographic attack on the globe
September 29, 2012, 12:49:16 PM
#34
What are the advantages of LevelDB vs BDB?
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 29, 2012, 12:48:59 PM
#33
The tool for VC++ that I am using just scans all the quoted #include's from the source files to work out the dependencies.

Provided you stick to a consistent coding style it solves this problem easily and without anything weird (just requires a couple of tools and the makefile template).
legendary
Activity: 1064
Merit: 1001
September 29, 2012, 12:44:52 PM
#32
To be more specific lets look at the official client sources. The qt/ directory contains all of the source files for the associated user interface classes:

https://github.com/bitcoin/bitcoin/tree/master/src/qt

We have

aboutdialog.cpp
aboutdialog.h
addressbookpage.cpp
...
walletmodel.h

Right now each of these is individually mentioned in the Makefile. What we could do instead is create a new "unity" .cpp / .h pair of files and manually #include these sources:

qt_ui.h
Code:
#include "aboutdialog.h"
#include "addressbookpage.h"
...
#include "walletmodel.h"

qt_ui.cpp
Code:
#include "aboutdialog.cpp"
#include "addressbookpage.cpp"
...
#include "walletmodel.cpp"

Given, it looks a little strange with .cpp files as includes, but the results are quite impressive. You can remove all of the #include lines from every associated .cpp and .h and just merge them into one non-repeated group of includes at the top of qt_ui.h and qt_ui.cpp. Preferably the bulk of includes would go into qt_ui.cpp (so they have a smaller scope).

It is instantly possible to see what the group of classes external include dependencies are (they are all in one place).

Adding, renaming, or removing individual UI component source files is done by editing the .h and .cpp, no changes to the Makefile are required. All of the individual .cpp / .h in the Makefile are replaced with the one qt_ui.h and qt_ui.cpp pair.

It is true that the granularity of compilation now becomes this larger set of classes, but the trade-off is well worth it.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 29, 2012, 12:44:40 PM
#31
http://buffered.io/posts/the-magic-of-unity-builds

If you have Visual Studio or Xcode you can open up my "SimpleDJ" application (in my sig) and see how this all works.

Link not working in China (perhaps blocked?) - will try and have a look at that tomorrow though.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 29, 2012, 12:43:00 PM
#30
I fully agree, and I think the other developers do as well.

It's just that all experiments with more automated build systems failed - either they didn't work for all currently supported platforms, or weren't maintained after being written.

Again, help is welcome.

Okay - the system I have developed works with an XML like "makefile" that is minimal (only source files and required libraries for each dependency).

It then uses OS specific "templates" that take it's structure and turn it into an actual platform specific makefile (my system can do VC++, BCB and g++ makefiles currently).

Maintenance of the system is actually very minimal (don't think I've had to change it much in the last few years actually). Header dependencies (only for VC++ in my system as both BCB and g++ handle these automatically) are handled via a specific tool (also not that complicated).
legendary
Activity: 1064
Merit: 1001
September 29, 2012, 12:31:59 PM
#29
I'm sure there are probably several good build systems out there - am comfortable with my own as it works perfectly for Windows and Linux - but manually putting together a large makefile is definitely a huge PITA (especially if it needs to be specifically told about headers).

Unity build is a system for organizing source files, it is not a separate tool and doesn't affect your Makefile or project file, except to make it orders of magnitude smaller. You can read about it here:

http://buffered.io/posts/the-magic-of-unity-builds

If you have Visual Studio or Xcode you can open up my "SimpleDJ" application (in my sig) and see how this all works.
legendary
Activity: 1072
Merit: 1181
September 29, 2012, 12:31:47 PM
#28
I'm sure there are probably several good build systems out there - am comfortable with my own as it works perfectly for Windows and Linux - but manually putting together a large makefile is definitely a huge PITA (especially if it needs to be specifically told about headers).

I fully agree, and I think the other developers do as well.

It's just that all experiments with more automated build systems failed - either they didn't work for all currently supported platforms, or weren't maintained after being written.

Again, help is welcome.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 29, 2012, 12:26:52 PM
#27
You should give unity builds a try. "SimpleDJ" in my signature uses that style.

I'm sure there are probably several good build systems out there - am comfortable with my own as it works perfectly for Windows and Linux - but manually putting together a large makefile is definitely a huge PITA (especially if it needs to be specifically told about headers).
Pages:
Jump to: