forked from cheng/wallet
added a note about recent libray developments
modified: libraries.md
This commit is contained in:
reaction.la
parent
601c3b1c6b
commit
1e4dbb9732
@ -278,6 +278,42 @@ hidden in the [documentation](http://www.mpir.org/mpir-3.0.0.pdf).
|
||||
|
||||
# [wxWidgets](./libraries/building_and_using_libraries.html#instructions-for-wxwidgets)
|
||||
|
||||
# Secure compilation
|
||||
|
||||
I am currently using Visual Studio, the most powerful, convenient,
|
||||
and useful code development system around. But increasingly owned
|
||||
by enemies of increasing wickedness and diminishing competence.
|
||||
Also, completely different, and not altogether compatible with, what
|
||||
is needed to build code on linux.
|
||||
|
||||
I attempted to build wxWidgets using MingGW which is open source,
|
||||
and failed.
|
||||
|
||||
Git is open source, and operated by good people, but its hash function
|
||||
is insecure, and its signing system relies on Gpg, which is designed
|
||||
to be part of the Web of Trust, which no longer exists and never was
|
||||
entirely working, and never designed for the use to which Git uses it.
|
||||
|
||||
After we get a signing and security system, which will not be for a
|
||||
while, we should create a fork of Git that actually is secure.
|
||||
|
||||
[Build environment for Git for Windows](https://github.com/git-for-windows/build-extra){target="_blank"} is a complete package
|
||||
that can compile Git on Windows *and* compile itself.
|
||||
|
||||
I suspect it can *only* compile Git for Windows and itself, but it does
|
||||
so by building a pile of more generally useful tools. If I can get my
|
||||
software building in that toolset, I have complete open source software
|
||||
on windows to build my software, complete source code, including the
|
||||
source code for the repository of the source code.
|
||||
|
||||
This recursive capability would shield my software from a broad range
|
||||
of enemy attacks, particularly if we eventually make Git secure.
|
||||
|
||||
Building Git is a linux compatibility stress test. If you have
|
||||
software that compiles in an environment designed to pass a linux
|
||||
compatibility stress test, then you have maximum compatibility
|
||||
between windows and linux.
|
||||
|
||||
# Networking
|
||||
|
||||
## notbit client
|
||||
@ -394,6 +430,28 @@ messages, typically a payment request, to the wallet.
|
||||
|
||||
# zk-snarks
|
||||
|
||||
The most advanced, and most useful for blockchains, zk-snark technology
|
||||
is polygon, which claims to have finally found the holy grail: the
|
||||
actually useful generation and verification of proofs of verification.
|
||||
|
||||
So that Bob can not only verify that Ann's information is what she says
|
||||
it is without knowing that information, Carol can verify that Bob
|
||||
verified, and Dave can verify that Carol verified it.
|
||||
|
||||
Which gives us scaling. Bob can verify that several people's
|
||||
transactions are valid, Carol can verify several Bobs, and Dave
|
||||
can verify several Carols.
|
||||
|
||||
I have seen no end of claims that zk-snark system can do so and so, when,
|
||||
though it can in principle do so and so, actually getting it to do
|
||||
so and so is very hard and they have not quite managed to get it quite
|
||||
working, or they have actually gotten it to work but there are a bunch of complicated gotchas that make it impractical, or unwise, or not very
|
||||
useful to do so and so.
|
||||
|
||||
But I have also seen a great deal of real progress in solving these
|
||||
problems, albeit the progress tends to be overpromised and underdelivered,
|
||||
but the for all that, the progress is real and substantial.
|
||||
|
||||
[Aurora]:https://eprint.iacr.org/2018/828.pdf
|
||||
{target="_blank"}
|
||||
|
||||
@ -918,7 +976,13 @@ Moral is, we should use the sockets that wrap WSA.
|
||||
|
||||
Tcl is a really great language, and I wish it would become the language of my new web, as JavaScript is the language of the existing web.
|
||||
|
||||
But it has been semi abandoned for twenty years.
|
||||
When I search for Tcl, I am apt to find a long out of date repository
|
||||
preserved for historical reasons, but there is an active repository
|
||||
obscured by the existence of the out of date repository.
|
||||
|
||||
Javascript is a great language, and has a vast ecosystem of tools, but
|
||||
it is controlled from top to bottom by our enemies, and using it is
|
||||
inherently insecure.
|
||||
|
||||
It consists of a string (which is implemented under the hood as a copy on
|
||||
write rope, with some substrings of the rope actually being run time typed
|
||||
@ -979,8 +1043,8 @@ incompatible ways.
|
||||
Boost has numerous different and not altogether compatible time libraries,
|
||||
all of them overly clever and all of them overly complicated.
|
||||
|
||||
wxWidgets has OS independent time based on milliseconds past the epoch, which
|
||||
however fails to compress under Cap\'n Proto.
|
||||
wxWidgets has OS independent time based on milliseconds past the epoch
|
||||
which however fails to compress under Cap\'n Proto.
|
||||
|
||||
I was favourably impressed by the approach to time taken in tcp packets,
|
||||
that the time had to be approximately linear, and in milliseconds or larger,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user