Hacker News new | ask | show | jobs
by nl 4626 days ago
Bitcoin is at least one order of magnitude more complex than Tarsnap, or the crypto used in v1 of the Amazon AWS API. We should have seen far more bugs of varying severities if it was a one man band.

Is there any actual analysis to support the claim that it is an order of magnitude more complex than AWS crypto or Tarsnap?

There have been numerous vulnerabilities in the software implementation[1], and there has been (arguably) at least two bug in the algorithm[2][3].

I'd note that both the AWS & Tarsnap problems were implementation bugs, not algorithmic problems. That is a much better record than both the Bittorrent implementation and algorithmic record.

That's impressive, but doesn't seem superhuman.

Bittorrent (which was the work of one person AFAIK), for example has had no real algorithmic changes to the core protocol since it was released[4], and it is much more widely used than Bitcoin. (Yes, I know about trackerless .torrents, but that's more the discovery mechanism than the core transport algorithm).

[1] https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposu...

[2] http://sourceforge.net/p/bitcoin/mailman/message/25954806/, https://bitcointalk.org/index.php?topic=822.msg9503#msg9503

[3] http://en.wikipedia.org/wiki/Bitcoin#The_fork_of_March_2013

[4] http://bittorrent.org/beps/bep_0003.html (note the change history are all clarifications)
2 comments
mrb 4626 days ago
"Is there any actual analysis to support the claim that it is an order of magnitude more complex than AWS crypto or Tarsnap?"

I don't think so, and I personally disagree with this statement.

As a developer, I find bitcoin 0.1.0's code easy to read and understand (I had requested a tarball of it about 2 years ago from one of the developers, as it was not in source control). And even the number of lines of code is not particularly impressive. Version 0.1.0 has only 13k lines of C++ code (excluding GUI code):

     7 ./irc.h
    71 ./headers.h
   156 ./key.h
   177 ./sha.h
   182 ./market.h
   201 ./base58.h
   264 ./market.cpp
   265 ./irc.cpp
   373 ./util.cpp
   399 ./util.h
   420 ./db.h
   498 ./bignum.h
   554 ./sha.cpp
   597 ./script.h
   604 ./db.cpp
   750 ./uint256.h
   856 ./net.h
  1020 ./net.cpp
  1127 ./script.cpp
  1151 ./serialize.h
  1317 ./main.h
  2660 ./main.cpp
 13649 total
Plus 6k lines of (boilerplate) GUI code:

   417 ./ui.h
   720 ./uibase.h
  1806 ./uibase.cpp
  3228 ./ui.cpp
  6171 total
For comparison, many HN readers who are talented developers would consider 5k LoC of C++ relatively easy to write in a span of 3-5 weeks, as a day job, for a small project that they have a precise idea how to implement. So 13k lines for a project that apparently spanned a few months of Satoshi's time is absolutely plausible.

I believe Bitcoin was written by one man.

Source: http://www.zorinaq.com/pub/bitcoin-0.1.0.tgz

link
ianso 4626 days ago
Hum, I think between you, nl, and nwg, point 1 is looking very shabby... I think I'll revise it shortly.
link
josephagoss 4625 days ago
I may be wrong, but I thought Satoshi had been working on Bitcoin for 2 years before releasing anything. Granted he worked on the concepts and the white paper alongside the code.
link
dvogel 4626 days ago
DJB still claims that qmail is exploit-free[1] as well as djbdns[2] and I think those are both 1-man shows.

[1] http://cr.yp.to/qmail/guarantee.html

[2] http://cr.yp.to/djbdns/guarantee.html

link