From 1e4dbb9732287d7bc2aa68a2f41ed21b6f38ccd1 Mon Sep 17 00:00:00 2001 From: "reaction.la" Date: Thu, 12 May 2022 19:40:37 +1000 Subject: [PATCH] added a note about recent libray developments modified: libraries.md --- docs/libraries.md | 70 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 3 deletions(-) diff --git a/docs/libraries.md b/docs/libraries.md index e65ef25..fddcfaf 100644 --- a/docs/libraries.md +++ b/docs/libraries.md @@ -278,6 +278,42 @@ hidden in the [documentation](http://www.mpir.org/mpir-3.0.0.pdf). # [wxWidgets](./libraries/building_and_using_libraries.html#instructions-for-wxwidgets) +# Secure compilation + +I am currently using Visual Studio, the most powerful, convenient, +and useful code development system around. But increasingly owned +by enemies of increasing wickedness and diminishing competence. +Also, completely different, and not altogether compatible with, what +is needed to build code on linux. + +I attempted to build wxWidgets using MingGW which is open source, +and failed. + +Git is open source, and operated by good people, but its hash function +is insecure, and its signing system relies on Gpg, which is designed +to be part of the Web of Trust, which no longer exists and never was +entirely working, and never designed for the use to which Git uses it. + +After we get a signing and security system, which will not be for a +while, we should create a fork of Git that actually is secure. + +[Build environment for Git for Windows](https://github.com/git-for-windows/build-extra){target="_blank"} is a complete package +that can compile Git on Windows *and* compile itself. + +I suspect it can *only* compile Git for Windows and itself, but it does +so by building a pile of more generally useful tools. If I can get my +software building in that toolset, I have complete open source software +on windows to build my software, complete source code, including the +source code for the repository of the source code. + +This recursive capability would shield my software from a broad range +of enemy attacks, particularly if we eventually make Git secure. + +Building Git is a linux compatibility stress test. If you have +software that compiles in an environment designed to pass a linux +compatibility stress test, then you have maximum compatibility +between windows and linux. + # Networking ## notbit client @@ -394,6 +430,28 @@ messages, typically a payment request, to the wallet. # zk-snarks +The most advanced, and most useful for blockchains, zk-snark technology +is polygon, which claims to have finally found the holy grail: the +actually useful generation and verification of proofs of verification. + +So that Bob can not only verify that Ann's information is what she says +it is without knowing that information, Carol can verify that Bob +verified, and Dave can verify that Carol verified it. + +Which gives us scaling. Bob can verify that several people's +transactions are valid, Carol can verify several Bobs, and Dave +can verify several Carols. + +I have seen no end of claims that zk-snark system can do so and so, when, +though it can in principle do so and so, actually getting it to do +so and so is very hard and they have not quite managed to get it quite +working, or they have actually gotten it to work but there are a bunch of complicated gotchas that make it impractical, or unwise, or not very +useful to do so and so. + +But I have also seen a great deal of real progress in solving these +problems, albeit the progress tends to be overpromised and underdelivered, +but the for all that, the progress is real and substantial. + [Aurora]:https://eprint.iacr.org/2018/828.pdf {target="_blank"} @@ -918,7 +976,13 @@ Moral is, we should use the sockets that wrap WSA. Tcl is a really great language, and I wish it would become the language of my new web, as JavaScript is the language of the existing web. -But it has been semi abandoned for twenty years. +When I search for Tcl, I am apt to find a long out of date repository +preserved for historical reasons, but there is an active repository +obscured by the existence of the out of date repository. + +Javascript is a great language, and has a vast ecosystem of tools, but +it is controlled from top to bottom by our enemies, and using it is +inherently insecure. It consists of a string (which is implemented under the hood as a copy on write rope, with some substrings of the rope actually being run time typed @@ -979,8 +1043,8 @@ incompatible ways. Boost has numerous different and not altogether compatible time libraries, all of them overly clever and all of them overly complicated. -wxWidgets has OS independent time based on milliseconds past the epoch, which - however fails to compress under Cap\'n Proto. +wxWidgets has OS independent time based on milliseconds past the epoch +which however fails to compress under Cap\'n Proto. I was favourably impressed by the approach to time taken in tcp packets, that the time had to be approximately linear, and in milliseconds or larger,