π
Original date posted:2013-07-26
π Original message:Gregory Maxwell <gmaxwell at gmail.com> writes:
> It's "portable" to anything that can run the relevant VMs. Uh
> provided you don't mind cross compiling everything from an unbuntu VM.
> It certainly would be nice if the trusted-computing-base for gitian
> were a bit smaller, thats an area for long term improvement for sure.
Thanks - I'll look forward to this being portable someday. Right now it
sounds similar to "a windows binary but you can use wine" with
substitution of variables :-) People may want to look at the NetBSD
build system, which I think achieves bit-identical builds from different
hosts (but I haven't really checked), by having the toolchain be part of
the source and building cross-compilers from host to target and then
using those to build the system.
> Say Bitcoin used a backing database which had an unknown a bug where
> any item with a key that begins with 0xDEADBEEF returns not found when
> queried, even if its in the DB. Once discovered, any database library
> would want to fix that quickly and they'd fix it in a point release
> without reservation. They might not even release note that particular
> fix it if went along with some others, it could even be fixed
> accidentally.
>
> Now say that we have a state where half the Bitcoin network is running
> the old buggy version, and half is running the fixed version. Someone
> creates a transaction with ID 0xDEADBEEF... and then subsequently
> spends the output of that transaction. This could be by pure chance or
> it could be a malicious act.
>
> To half the network that spending transaction looks like someone
> spending coin from nowhere, a violation of the rules. The consensus
> would then fork, effectively partitioning the network. On each fork
> any coin could be spent twice, and the fork will only be resolvable by
> one side or the other abandoning their state (generally the more
> permissive side would need to be abandoned because the permissive one
> is tolerant of the restrictive one's behavior) by manually downgrading
> or patching software. As a result of this parties who believed some
> of their transactions were safely settled would find them reversed by
> people who exploited the inconsistent consensus.
Thanks for the explanation - that indeed makes sense.
>> multiple packages is difficult, and runs into A wants only n of C, while
>> B wants only m.
>
> My understanding is that gentoo is actually able to handle this (and
> does, for Bitcoin)β and really I presume just about everything else
> could with enough effort. I certainly wouldn't ask anyone else to do
> that. If you're really getting into the rathole of building separate
> libraries just for Bitcoin the value of packaging it goes away.
Well, if you insist on not having updates and bugfixes, then either it's
the included version or there's a special package just for you.
Typically packaging systems don't like included versions because often a
package will have a security bug fixed long before there are updates of
packages that bundle that fixed version. But given bitcoin's special
needs, that means you have to stay on top of these dependent included
packages and re-release if there are security fixes (that don't break
consensus).
> Running a complete set of tests is a startβ though the unit tests are
> not and cannot be adequate. There is a full systems testing harnesses
> which should be used on new platforms. Even that though isn't really
> adequate, as it is currently infeasible to even achieve complete test
> coverage in things like cryptographic libraries and database
> environments.
It would be nice if the regression tests were installed and it were
normal culturallly for end-users to run them.
Thanks again for the explanation; I understand where you are coming from
now.
Greg Troxel [ARCHIVE] /
npub15sβ¦3j6kr
2023-06-07 15:05:13
in reply to nevent1qβ¦ldtp
Author Public Key
npub15s4xdl0p3nlmz2slgue3lt57rem5h0w6t8l3r2dmwrxc4zs2adssg3j6krPublished at
2023-06-07 15:05:13Event JSON
{
"id": "e4513f7a32a265b9b8b8fcab8899789ea013a6078630d44cdf7201bbaf7ca7b0",
"pubkey": "a42a66fde18cffb12a1f47331fae9e1e774bbdda59ff11a9bb70cd8a8a0aeb61",
"created_at": 1686150313,
"kind": 1,
"tags": [
[
"e",
"02fd0cb2c5efae90b48da3cd958f29d02ad6c1875057a9aab52fcb5414be5b89",
"",
"root"
],
[
"e",
"6b90b9853d3623c43598fe87b0e3e4113468cd2c6b1c5923e6fb774707a387d9",
"",
"reply"
],
[
"p",
"a42a66fde18cffb12a1f47331fae9e1e774bbdda59ff11a9bb70cd8a8a0aeb61"
]
],
"content": "π
Original date posted:2013-07-26\nπ Original message:Gregory Maxwell \u003cgmaxwell at gmail.com\u003e writes:\n\n\u003e It's \"portable\" to anything that can run the relevant VMs. Uh\n\u003e provided you don't mind cross compiling everything from an unbuntu VM.\n\u003e It certainly would be nice if the trusted-computing-base for gitian\n\u003e were a bit smaller, thats an area for long term improvement for sure.\n\nThanks - I'll look forward to this being portable someday. Right now it\nsounds similar to \"a windows binary but you can use wine\" with\nsubstitution of variables :-) People may want to look at the NetBSD\nbuild system, which I think achieves bit-identical builds from different\nhosts (but I haven't really checked), by having the toolchain be part of\nthe source and building cross-compilers from host to target and then\nusing those to build the system.\n\n\u003e Say Bitcoin used a backing database which had an unknown a bug where\n\u003e any item with a key that begins with 0xDEADBEEF returns not found when\n\u003e queried, even if its in the DB. Once discovered, any database library\n\u003e would want to fix that quickly and they'd fix it in a point release\n\u003e without reservation. They might not even release note that particular\n\u003e fix it if went along with some others, it could even be fixed\n\u003e accidentally.\n\u003e\n\u003e Now say that we have a state where half the Bitcoin network is running\n\u003e the old buggy version, and half is running the fixed version. Someone\n\u003e creates a transaction with ID 0xDEADBEEF... and then subsequently\n\u003e spends the output of that transaction. This could be by pure chance or\n\u003e it could be a malicious act.\n\u003e\n\u003e To half the network that spending transaction looks like someone\n\u003e spending coin from nowhere, a violation of the rules. The consensus\n\u003e would then fork, effectively partitioning the network. On each fork\n\u003e any coin could be spent twice, and the fork will only be resolvable by\n\u003e one side or the other abandoning their state (generally the more\n\u003e permissive side would need to be abandoned because the permissive one\n\u003e is tolerant of the restrictive one's behavior) by manually downgrading\n\u003e or patching software. As a result of this parties who believed some\n\u003e of their transactions were safely settled would find them reversed by\n\u003e people who exploited the inconsistent consensus.\n\nThanks for the explanation - that indeed makes sense.\n\n\u003e\u003e multiple packages is difficult, and runs into A wants only n of C, while\n\u003e\u003e B wants only m.\n\u003e\n\u003e My understanding is that gentoo is actually able to handle this (and\n\u003e does, for Bitcoin)β and really I presume just about everything else\n\u003e could with enough effort. I certainly wouldn't ask anyone else to do\n\u003e that. If you're really getting into the rathole of building separate\n\u003e libraries just for Bitcoin the value of packaging it goes away.\n\nWell, if you insist on not having updates and bugfixes, then either it's\nthe included version or there's a special package just for you.\nTypically packaging systems don't like included versions because often a\npackage will have a security bug fixed long before there are updates of\npackages that bundle that fixed version. But given bitcoin's special\nneeds, that means you have to stay on top of these dependent included\npackages and re-release if there are security fixes (that don't break\nconsensus).\n\n\u003e Running a complete set of tests is a startβ though the unit tests are\n\u003e not and cannot be adequate. There is a full systems testing harnesses\n\u003e which should be used on new platforms. Even that though isn't really\n\u003e adequate, as it is currently infeasible to even achieve complete test\n\u003e coverage in things like cryptographic libraries and database\n\u003e environments.\n\nIt would be nice if the regression tests were installed and it were\nnormal culturallly for end-users to run them.\n\n\nThanks again for the explanation; I understand where you are coming from\nnow.",
"sig": "6aa43c7b47c16ff4285d4891635cc133139a8fc1affcd5fd6a34ca1d8681188c077dd6273244b1ebee6ee5ee51a5a509fdee5321bb745d44cac904a72168bd1f"
}