Comments (14)
As some background information, in case the reason why this is a critical bugfix is not directly obvious, is because recently we are seeing support cases from users with either invalid / corrupted payout TX, or more recently, the payout TX being deleted or lost by bisq internally somehow. We believe it is due to the datastore issues
from projects.
well, new to me, but bring it on. the more bugs we can fight off with this the better.
from projects.
@cbeams, @ripcurlx: Its been 3 weeks and we have 3 👍 and I believe a decision is due. What is there to wait for?
Additionally, just to make it clearer, I would aim to allow for different SQL-compatible backends. Especially,
- file-based, low performance but easy-to-deploy backend for Bisq clients (H2 for example)
- full-fledged, high performance but harder-to-setup database services for our servers (mariadb for example)
from projects.
@freimair Do you see any additional security risk if we are using a DB based storage?
from projects.
@freimair Do you see any additional security risk if we are using a DB based storage?
- for the client Bisq app: absolutely not, there is no change in the security model. It is files now, it will be files then. Protobuf is no encryption, neither is H2.
- for server environments: no, again, it is files now, it will be files then. If done right, it might be more secure even - given a proper setup (access restrictions at user level, authentication, ...). But even if the database is wide open to everyone, the data is shared throughout the network anyways.
from projects.
@freimair Do you see any additional security risk if we are using a DB based storage?
Any DB solution will add a huge dependency tree to bisq. So that is definitely a security risk. We should look which DB solutions are used in other Bitcoin projects (like Bitcoin Core, LN,....) - though they might have very different requirements.
from projects.
It is being claimed that using a database will fix 6 critical bugs to do with high memory usage/exhaustion. From the little experimentation I and others have done it seems that JavaFX is the culprit when it comes to the memory use/leak issues. I don't see how using a database will solve those issues.
from projects.
It is being claimed that using a database will fix 6 critical bugs to do with high memory usage/exhaustion.
That is not entirely correct. The claim is "will address the following issues in one way or the other". It will not fix these issues once and for all, however, it will contribute to lower resource requirements.
And yes, JavaFX is a major player when it comes to memory - needs fixing as well.
@chimp1984 agreed. However, if we do not use Hibernate or alike, we might just keep the dependencies to a minimum. Needs to be thoroughly evaluated of course.
from projects.
I agree that we should avoid new deps for the security risk. Bitcoin uses BDB and it would be perfect for us too if there is a Java equivalent.
from projects.
Migrating to any DB solution will be a pretty large task. I recommend to take the more low hanging fruits first, specially as those might remove many of the main reasons for the need of a DB.
E.g. We don't need to keep 15 MB of trade statistics (goes back to 4 years old data). Loading historical data only on demand would reduce that issue by 95%.
DB will not solve magically all problems. If you do not keep tyhe data in RAM you will move to a async model which can become very complex when it comes to the DAO handling of the DaoState, which will become a major issue as it is alreayd 75 MB. But solving that is a pretty difficult and high risk task. Maybe a DB will help but maybe it will require a asynchronous (multithreaded) setup which adds a lot of risks and complexity....
Just rough thoughts, I am not against it, just want to keep expectations in reasonable limits and point out possible problems.
Also what was discussed above regarding lost payout tx data: That is very likely not related at all, as pending trades data are small. It might be that we do not update/write the data at the moment when the payout tx is set, and if the user shut down quickly or has a crash the data might be lost. Is likely a one-liner to fix if one investigate (maybe I will do if I find time).
from projects.
Just looked at trade persistence: it is persisted with a 50 ms delay. Does not sound like the issue but as the write is happing in a new thread the real delay can be significantly longer if high CPU load happens.
from projects.
@chimp1984 please keep in mind that not everyone has a powerful dev machine to use and trade on. The current storage solution reaches is limits now and our requirements grow faster as technology can keep up.
This project is a massive one, that I agree on. High risk and everything. However, it also addresses a lot of issue we see regularly nowadays. We should at least get started. One step at a time.
from projects.
@ripcurlx @cbeams Can we close that project? We have rewritten and improved persistence and as we only read once at startup there is no use for a database solution. Also it would add a huge dependeny tail and with it increase the security attack surface.
from projects.
I did not track this project, but given the inactivity and your comment above, I'll err on the side of closing it as rejected.
from projects.
Related Issues (20)
- Improve support and mediation HOT 6
- Implement new-user-onboarding and new user interface design HOT 3
- Add Monero to fiat trading pairs using BTC as the security deposit (multi-sig) HOT 9
- Message board for multi-protocol project (working title Misq) HOT 53
- Specify interface and architecture for wallet and blockchain data modules HOT 9
- Research a solution for dynamically loading remote modules HOT 2
- Define architecture and interfaces for the protocol layer HOT 2
- Research on solutions for DIDs (decentralized IDs) in Bisq HOT 2
- Add Buy-Monero Keybase channel on Bisq for fiat trading pairs using BSQ bonds as the security deposit HOT 4
- Prototype for offer book and create offer UX for Bisq 2.0 (Misq) HOT 23
- Integrate wallet and blockchain data modules in Misq HOT 1
- bgmi bejjsjsj HOT 1
- Dev Call - Priorities HOT 20
- Investigate XMR-BTC atomic cross chain swap protocol options
- Integrate Bitcoind as a wallet backend into Misq
- Bisq2: Create Wallet Prototype UI To Test Wallet Functionalities HOT 5
- Bisq2: Liquid Wallet Integration (Elements) HOT 1
- Payment Methods - Plans for 2022
- Lightning node implementation for LN trades HOT 2
- Improve dispute resolution HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from projects.