Sunday, January 10, 2016

Notes on the JavaScript Bitcoin wallet by pointbiz

Software is based on language.  The languages have definite meaning which can (normally) be constrained to produce predictable results when interpreted by a machine.  Conscious awareness is not required to use the language of software to turn input into output.  Hats off to Viktor Frankl for identifying conscious awareness (in human beings) as the place where we find freedom.

As anyone who has employed their conscious awareness to understand things knows, you can always go deeper into the meaning of language.  Software engineers necessarily do this in order to ply their trade.  How deep one has gone into the language they are using to program a machine varies greatly.  The notes I present below are intended for someone like me who has the same goal I had when I wrote them, and who had the same understanding I had when I wrote them.

Brett Veinotte of the School Sucks Project inspired me to realize that we are all creating content that has the potential to be everlasting.  The effects of our lives are everlasting and there's nothing we can do about that.  Some of us (me, for example) don't want to do anything about it.  We live honorably and wish our effects on the universe to last.  My future plans for this post are very vague.  I may update it from time to time, or I may leave it as is forever.

I read through this top hit for the Google search javascript array"primary types" to write this blog. In Javascript, there are three primary types from which everything else is built.  Object is not a primary type, but it is a fundamental concept in Javascript.  It is a collection of properties, each having a name (of primitive type String), and a value (of any primitive type, so String, Number, or Boolean, or a non-primitive type, like Object).  Several useful things in Javascript are Objects, and they are all duplicates of the basic Javascript Object, which provides them with some useful properties, like Prototype.

The first thing bitaddress.org's code does is add a property to the Prototype property of the Array Object (the Prototype property is, itself, an Object too).  The Array Object necessarily exists in all implementations of Javascript because that is one of the things that makes it Javascript.  However, some implementers (Microsoft) don't provide that Array Object with all the properties that the Javascript community likes to use.  They have to provide the Prototype property in order to call their language Javascript, but they don't have to give that Prototype a method called map.  And we like map.  It lets us do something to all the elements of an array.

The Prototype property is what gets duplicated into a new Object whenever a new instance is created, as in x = new Array(); or x = []; bitaddress.org's first task is to give all of the Array objects created that way a new function called map if if they won't already get one.  The implementation of map() is published at http://es5.github.com/#x15.4.4.19

The next task accomplished by the code is to ensure that there is a variable named Crypto which has a property named util.  If not, it creates an object named Crypto and assigns it as a property of an object named window which is assumed to exist (reasonable, since this Javascript is expected to run in a browser).

The implementation of SHA256 comes next and is assigned as a property to the Crypto object.  The property is named SHA256 and the function is short and sweet (calling another function which does the dirty work, _sha256).  The return value of that function uses the condition ? ifTrue : ifFalse operator twice in succession without parentheses.  The "Associativity" of this "Conditional operator" is right-to-left which means the last (right-most) one is evaluated before the one preceding it.  If that were not the case, there would be a point in this code at which the programmer was choosing between a byte array and a boolean, which is silly.

The longest line in the file I analyzed is image data at 181,786 characters.  A cursory review of this file will not identify the presence of '; [malicious code]; image +=' in the long lines contained by the templateArtisticHtml function definition.  For this reason I did some regex searches on the file.

I verified that the file contains only one line on which a single-quote follows a semicolon and it is good code.  I also verified that the 9 nine lines containing a double-quoted string of at least 100 characters and which have a semicolon somewhere after that all contain good code.

No comments:

Post a Comment