Re: [Bitcoin-development] Fwd: Bitcoin Core trial balloon: splitting blockchain engine and wallet
Setting aside all security benefits (which the user can obviously choose to implement or ignore), a major benefit here is being able to have multiple wallets use the same blockchain process. I have 3 different bitcoind processes running on the same server to utilize multiple wallets. Using them serially isn't an option in my case. Also, peers can run the cheaper process instead of having the wallet functionality which isn't even used. On the security front, this doesn't seem to be any less secure and it gives the user the flexibility to make it as secure as they feel comfortable. If they want to run them both as the same user with no SELinux or file protections (this isn't stopping or encouraging that) they're already doing that now with bitcoind, albeit with possibly a larger attack surface. Thanks, -- James Hartig Software Engineer @ Grooveshark.com http://twitter.com/jameshartig On Sat, Feb 22, 2014 at 1:53 AM, Wladimir laa...@gmail.com wrote: On Sat, Feb 22, 2014 at 2:09 AM, Dustin D. Trammell dtramm...@dustintrammell.com wrote: On Fri, 2014-02-21 at 07:43 +0100, Wladimir wrote: The most straightforward way would be to run the blockchain daemon as a system service (with its own uid/gid and set of Apparmor/SELinux restrictions) and the wallet daemon as the user. This assumes you as a user have the rights to do so. This would be preferred, but in some cases may not be possible. Perhaps it should be optional? No! I'm proposing that we force everyone to do it. Using all means necessary. There should be regular audits that everyone is running the software exactly in my configuration, and if not, a special task force will take care that spankings are carried out on the spot. Repeated offenders will lose their BitLicense. /s Please stop kicking this dead horse. It was just a random idea. Maybe a way how Linux distributions could structure it, but it may or may not apply in your case. And that's fine, this is free software development, you can do whatever you want! Let's try to bring this discussion back to its original intention: for anyone that wants to concretely help this along, please help reviewing and testing the pull requests that jgarzik mentions. Wladimir BTW: All of those patches are helpful for monolithic-bitcoind as well as they (lay the groundwork for) speeding up block synchronization. -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Fwd: Bitcoin Core trial balloon: splitting blockchain engine and wallet
On Fri, 2014-02-21 at 07:43 +0100, Wladimir wrote: The most straightforward way would be to run the blockchain daemon as a system service (with its own uid/gid and set of Apparmor/SELinux restrictions) and the wallet daemon as the user. This assumes you as a user have the rights to do so. This would be preferred, but in some cases may not be possible. Perhaps it should be optional? This would also allow sharing one blockchain daemon between multiple users and wallet processes (not necessarily on the same machine), something I've wanted to be able to do for a long time. Agreed (: -- Dustin D. Trammell dtramm...@dustintrammell.com http://www.dustintrammell.com signature.asc Description: This is a digitally signed message part -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] Fwd: Bitcoin Core trial balloon: splitting blockchain engine and wallet
On Fri, Feb 21, 2014 at 7:27 AM, Mike Hearn m...@plan99.net wrote: Bear in mind a separate process doesn't buy you anything without a sandbox, and those are expensive (in terms of complexity). Sandboxing in user space is complex, agreed, The most straightforward way would be to run the blockchain daemon as a system service (with its own uid/gid and set of Apparmor/SELinux restrictions) and the wallet daemon as the user. This would also allow sharing one blockchain daemon between multiple users and wallet processes (not necessarily on the same machine), something I've wanted to be able to do for a long time. Wladimir -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Fwd: Bitcoin Core trial balloon: splitting blockchain engine and wallet
Running the network part of the core as a system service might make sense for server implementations, but it’s a pain in the rear for most users. That said, I think segregating the two processes is a great idea. Let’s just try to avoid some complicated scheme that involves necessarily running things under multiple users. Will On Feb 21, 2014, at 0:43, Wladimir laa...@gmail.com wrote: The most straightforward way would be to run the blockchain daemon as a system service (with its own uid/gid and set of Apparmor/SELinux restrictions) and the wallet daemon as the user. signature.asc Description: Message signed with OpenPGP using GPGMail -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Fwd: Bitcoin Core trial balloon: splitting blockchain engine and wallet
On Fri, Feb 21, 2014 at 7:50 AM, William Yager will.ya...@gmail.com wrote: Running the network part of the core as a system service might make sense for server implementations, but it’s a pain in the rear for most users. Come on, making it a possibility doesn't affect other kinds of use cases in any way. Are you just arguing for the sake of arguing? Wladimir -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development