invite_me: Onboarding to Ethereum chains with keybase.io identity verification and EIP-712

This is not a Blockchain-bullshit-only post. Head to https://github.com/ice09/onboarding-eip712 for a sample implementation of a private Testnet onboarding with Twitter, Reddit or Github Keybase proofs.

The challenge…

Creating a private Ethereum Proof-of-Authority testnet is actually quite easy, just follow the instructions of Parity or, for testing purposes only, cliquebait, and you’re done.

But how do you onboard new users, who want to participate in your testnet, if they don’t have any ETH to start with and you still want to stay as close to your production environment in terms of gas usage as possible and therefore don’t want to enable gasless transactions in your PoA testnet?

…and the public testnet solutions

Kovan PoA

The public (Parity-powered) Kovan PoA solves this problem by providing a “Faucet Service” which is verified by

Rinkeby PoA

The public (Geth-powered) Rinkeby PoA solves this problem by providing a “Faucet Service” which is verified by

However, these methods require trust or establish dependencies on the testnet providers, which you will and can most likely not introduce in your private net. 

Analysing the problem

There are (at least) two different user states which a user can have in your PoA private testnet:

  1. The user has an authorized account in one of the authority node wallets.
  2. The user is connected to the private testnet, but initially has no balance.

In Proof-of-Work (PoW), the non-authorized user could start mining and get ETH for contract development. This is the Ropsten solution. In PoA, mining is not possible, so the user has no possibility to transact on the chain, except for using usd_per_tx=0 or similar for no gas costs on the authority nodes, which is possible, but contradicts the security measures established by having gas usage for transactions to minimize code execution, prevent infinite loops, etc. Even more, the setup on a test stage should always be similar to the production environment.

Recentralizing for “Almost Know Your Customer”

keybase.io does a great job in identifying users without revealing their real life identity if they don’t want to. But they make it quite difficult for attackers to create several identities. So a good enough solution for onboarding otherwise unknown users could be to bind their testnet accounts to their keybase users.

The basic idea and the following approach is inspired by Aragon and one of their great blog posts, which every Ethereum/Solidity dev should take a look at.

In our setup, we changed two crucial factors:

  1. removed dependencies on a product (Aragon) and on the Oracle (oraclize.it) and
  2. introduced a middleware component as a new dependency, but which you control and can (and have to) host on your own server.

keybase allows for publishing files per HTTPS by copying them to KBFS file system. Thereby, someone reading a file from https://KEYBASE_USER.keybase.pub/invite_me.json can be sure that the file invite_me.json was stored by keybase KEYBASE_USER.

But this is just one proof, how can we be sure that the user really has the private key for the address he wants to be registered? We can just sign the message with the private key and ecrecover in a contract. 

Using this mechanism, we can be sure that:

  1. If the URL https://KEYBASE_USER.keybase.pub/invite_me.json gives back the correct JSON, the user is who he pretends to be, since he had to copy invite_me.json to KBFS
  2. The address (private key) belongs to the user, since he signed the message in invite_me.json and the signature is ecrecovered in the invite_me contract.

MetaMask does a great job in helping signing data with your Ethereum’s account private key. However, up to EIP-712 the signed data has been displayed as a non-human-readable Hex string.

This is unacceptable, especially in crypto, a field of very easy and unavoidable fraud attempts. 

Therefore, we are supporting EIP-712 by signing with a MetaMask version supporting the new eth_signTypedData method. EIP-712 is a major step forward and should be the only way users are required to sign data with their Ethereum account’s private key.

The following overview shows the process which let a new user register his keybase user to a new generated address. Afterwards, 10 ETH are sent to this address. The user can only register once. However, the contract owner can manually unregister users if necessary.

For the ETH transfer to happen, the user must

  • have the invite_me.json as generated by the frontend part stored in his KBFS public directory, so that it can be retrieved by the server side process at the keybase.pub domain
  • have at least one of these Keybase proofs: Twitter OR Github OR Reddit

Introducing invite_me

The complete process is implemented in the “DApp” invite_me, which consists of a JavaScript frontend and a web3j-powered Java backend component called verifier.

After completing the steps, you can see the 10 ETH loaded into your account in MetaMask.

Let me try this!

First, checkout this. Then, make sure that you have an understanding how the authorization and verification works and what the Java component verifier does and how they depend on each other.

Last, install it locally and try it out. And, most importantly, please comment here or in the reddit post if it doesn’t work for you or if you have remarks about the approach, obviously this is work in progress.

What comes next?

We’d like to try two different approaches:

  • Using 3box as a more decentralized (but not as mature) keybase alternative
  • Realizing a different use case: “Almost KYC Airdrops” 

A generic “Claim and Endorse” Contract

Did you already endorse someone at LinkedIn? For instance, someone claims that he knows C++ and you endorse this claim because you know it’s true.

A large number of processes can be modelled in this way:

A simple Solidity contract for managing claims and endorsements could look like below.

contract ClaimAndEndorse {
struct ENDORSEMENT {
uint creationTime;
}

struct CLAIM {
uint creationTime;
uint claimHash;
mapping (address => ENDORSEMENT) endorsements;
}

mapping (address =>
mapping (uint /* CLAIM GUID */ => CLAIM)) claims;

function setClaim(uint claimGuid, uint claimHash) {
CLAIM c = claims[msg.sender][claimGuid];
if(c.claimHash > 0) throw; // unset first!
c.creationTime = now;
c.claimHash = claimHash;
}

function unsetClaim(uint claimGuid) {
delete claims[msg.sender][claimGuid];
}

function setEndorsement(
address claimer, uint claimGuid, uint expectedClaimHash
) {
CLAIM c = claims[claimer][claimGuid];
if(c.claimHash != expectedClaimHash) throw;
ENDORSEMENT e = c.endorsements[msg.sender];
e.creationTime = now;
}

function unsetEndorsement(address claimer, uint claimGuid) {
delete claims[claimer][claimGuid]
.endorsements[msg.sender];
}

function checkClaim(
address claimer, uint claimGuid, uint expectedClaimHash
) constant returns (bool) {
return claims[claimer][claimGuid].claimHash
== expectedClaimHash;
}

function checkEndorsement(
address claimer, uint claimGuid, address endorsedBy
) constant returns (bool) {
return claims[claimer][claimGuid]
.endorsements[endorsedBy].creationTime > 0;
}
}

The fantastic thing about this very simple contract is that we now can answer the following question:

Who claims what and who endorses it?

Usecase – Skill/Degree Endorsements

John claims that he holds a PhD in computer science at the Stanford university.

contract.setClaim(
3000010 /* GUID for PhD in CS */,
HASH("PhD in Computer Science at Stanford University"))

The Stanford university confirms this fact.

contract.setEndorsement(JOHN, 3000010)
Usecase – Identity Verification

Step 1. John claims facts about his personal data by binding hashes to his ethereum address. The corresponding pseudo code is:

// RND is a random sequence introduced for making it impossible to restore the initial data from the hash by brute force lookups.

contract.setClaim(1000010 /*guid firstname*/,
HASH("John"+RND))

contract.setClaim(1000011 /*guid surename */,
HASH("Smith"+RND))

contract.setClaim(1000012 /*guid bday */,
HASH("1965-01-01"+RND))

contract.setClaim(1000013 /*gender */,
HASH("m"+RND"))

Step 2. John visits his bank, which endorses these facts about his identity:

contract.setEndorsement(JOHN, 1000010 /*guid firstname*/);
contract.setEndorsement(JOHN, 1000011 /*guid surename */);
contract.setEndorsement(JOHN, 1000012 /*guid bday */);
contract.setEndorsement(JOHN, 1000013 /*guid gender */);

Now consider that JOHN wants to open A) an  account at ACME Inc, B) buy alcohol in the bar and C) register at a dating site. If all three trust John’s bank, he’ll be able to digitally prove his claims on his personal data. Moreover, he only needs to present the relevant pieces of data. For instance at the bar, he only has to prove the claim that he’s older than 18.

Related: ShoCard, uPort 

Usecase – Approving existence of documents

ACME Inc. wants to publish a new financial product. The hashes of the required documents are stored on the blockchain. The authorities and the exchanges are confirming the existence and the correctness of these documents.

Related: Luxembourg Stock Exchange OAM

Usecase – Managing Memberships

John wants to become a member in his local bowling club. He stores this fact on the blockchain and the club confirms this fact. With the first step, John manifests his will to enter the club. In the second step, the club confirms that they are accepting John as a member.

Try it yourself on Ropsten Testnet

https://testnet.etherscan.io/address/0x65ec6e00e336a96972987ee25386a3090f38a27d#code

 

Static Type Safety for DApps without JavaScript

DApps, starting professionally…

You might not be aware, but despite its similarities to JavaScript, Solidity is actually a statically, strongly typed language, more similar to Java than to JavaScript.

solidity
static type check in browsersolidity

…and ending in frontend-chaos

Sadly, for a long time, there has only be one interface to Ethereum nodes, web3.js (besides JSON/RPC), which is, as its name implies, written in JavaScript.

Though providing this API in a web-native language is really a brilliant idea in terms of fast development, seperation of concerns and ease of use, it is a nightmare for professional, multi-developer, multi-year, enterprise products.

You may not agree with me here, but as there are currently no 10 year old 1.000.000 LoC enterprise projects in node.js/JavaScript out there, you should at least consider that such projects are nearly impossible to maintain with a dynamically, weakly typed language like JavaScript (JS).

So, we have this situation, where JS defines the lowest common denominator (dynamically, weakly typed

JavaScript_1 (2)

when we really would like to have this situation, where Java (C#, Haskell) defines the lowest common denominator (statically, strongly typed)

JavaScript_2 (2)

Removing chaos

The problem is was, that up to now only web3.js existed. However, today there is also a web3.py (which is Python and therefore at least strongly typed, but still dynamically) and, brandnew, web3j.

With the latter, we can easily model the call chain above, where we only use statically, strongly typed Java and omit JavaScript altogether. Welcome to hassle-free integration into existing Java/JEE-environments without workarounds. Finally: using the Ethereum Blockchain with Java.

If you want to actually get deeper and use Java with no RPC at all, you can also switch to EthereumJ, which is a Ethereum Node implemented in Java, like Eth (C++), Geth (Go), PyEthApp (Python) or Parity (Rust). It is crucial to understand the difference between web3j and EthereumJ. If you just want to use some Ethereum Node from a Java application, web3j is your choice, you are limited to the Web DApp API then, which should be enough for all “Ethereum user” use cases.

We will not explain in detail how to use web3j, it should be familiar to any Java developer how this library can be used just by adding Maven-dependencies to your project.

Fixing the front-end

We could stop here, since using JavaScript for the frontend is not really problematic and a common use today.

However, if you use JavaScript in your frontend, it might really make more sense to stay with web3.js. So, we want to go further: how are we going to create the GUI if we want to have no JavaScript at all?

This is just a PoC, but if you think of any other client to the Ethereum Blockchain other than a web site (let’s say: Batchjobs, Web Services, Message Queues, Databases, other proprietary software with Java adapters (there are some!)), this should make sense to you – you really wouldn’t want to use them from web3.js (hopefully).

Using templates: Thymeleaf and Spring Boot for slim enterprisy software

We will do a step-by-step guide for creating a No-JS-Dapp. Even without any Java experience, you will be able to follow without problems. Java is not that complicated anymore!

  • Get an infura.io account and key, so you don’t have to mess around with starting your own Ethereum node
  • Clone this repo: https://hellokoding.com/spring-boot-hello-world-example-with-thymeleaf/
  • Install Maven
  • Edit these files:

    pom.xml (add these dependency to section dependencies and add the repo, beware that web3j is a fast moving target, check for new versions)

    <dependency>
    <groupId>org.web3j</groupId>
    <artifactId>core</artifactId>
    <version>0.2.0</version>
    </dependency>

 

<repositories>
<repository>
<id>oss.jfrog.org</id>
<url>http://dl.bintray.com/web3j/maven</url>
</repository>
</repositories>

src/main/resources/templates/hello.html (change name to balance.html)

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8"/>
<title>Your Static Strongly Typed Wallet</title>
</head>
<body>
<p th:text="'The balance of account ' + ${address} + ' is ' + ${balance}" />
</body>
</html>

src/main/java/com/hellokoding/springboot/HelloController.java (change name to EthereumController.java)

@Controller
public class EthereumController {

@RequestMapping("/balance")
public String balance(Model model, @RequestParam(value="address", required=false, defaultValue="0xe1f0a3D696031E1F8ae7823581BB38C600aFF2BE") String address) throws IOException {
Web3j web3 = Web3j.build(new HttpService("https://consensysnet.infura.io/{YOUR_INFURA_KEY}"));
EthGetBalance web3ClientVersion = web3.ethGetBalance(address, DefaultBlockParameter.valueOf("latest")).send();
String balance = web3ClientVersion.getBalance().toString();
model.addAttribute("address", address);
model.addAttribute("balance", balance);
return "balance";
}

}

…that’s it. Start with mvn spring-boot:run

If you encounter an connection/handshake error, you may have to import the infura certificate into your local Java keystore (I didn’t have to)

$JAVA_HOME/Contents/Home/jre/bin/keytool -import -noprompt -trustcacerts -alias morden.infura.io -file ~/Downloads/morden.infura.io -keystore $JAVA_HOME/Contents/Home/jre/lib/security/cacerts -storepass changeit

Look Ma! Displaying the wallet balance with no JavaScript!

You can call the spring-boot web application with http://localhost:8080/balance (then the defined default argument is used) or with your address (in the consensys testnet) as parameter address= 

walletOf course, you can change the Ethereum net like you want in file EthereumController to morden or mainnet, just read the welcome mail from infura.io. Or you can just use a local Ethereum node like geth with RPC enabled (geth –rpc) and http://localhost:8545 as the constructor for HttpService of the Web3j-Factory in EthereumController.

Have fun, with or without JavaScript!

Distributing Business Processes using Finite State Machines in the Blockchain

Having disctinct, even competing organisations with a common goal and no shared technical infrastructure represent a perfect use case pattern for blockchain usage.

The quest for the holy business use case

As many blockchain enthusiasts we are constantly searching for use cases for establishing Distributed Ledger Technology (DLT) or even real blockchain technology in enterprises as solutions for common business problems.

21666276190_40647d8327_z
[Business *]

This turns out to be difficult, since each single aspect of this technology is already solved by several – established and well known – products. 

In this post we will present a use case, or even a use case pattern, which we think is ubiquitous and can best be solved by blockchain technology.

For these type of use cases the other technologies, even though being more mature, seem themselves like workarounds for the natural technological solution, which is blockchain-based.

Our definition is the use case pattern is:

Several distinct, competing organisations have a common goal and don't share technical infrastructure.

distinct, even competing organisations

Distinct organisations are not related to each other and therefore have no existing technical or organisational processes. To pursue a common goal, these processes would have to be established first, which is costly and time-consuming.

5882566863_ce0ccf745d_z
[Competing teams *]

The second aspect, competition, implies that there is no mutual trust. Obviously, this aspect is a crucial one. Blockchain technology might even make sense if just the other aspects of the pattern match, but it only is a perfect fit if this aspect is important, since the blockchain itself is inherently trust-less.

common goal

This is the fundamental requirement, if there is no common goal, there is no need to establish any collaboration. It is important to note, that the common goal is most likely not related to the core competence of the organisations, but to some crosscutting concerns, which have to be addressed by all organisations, but are just cost factors.

no existing shared technical infrastructure

To put it contrary: if there already exists a shared technical infrastructure, also organisational processes exist to establish new technology. Given this, there are several great technology products which implement each aspect of the blockchain technology (namely distributed data storage, immutability, security), and most likely even more performant, more mature, with less maintenance and evident responsibilities.

Ok, this is quite abstract and complex, let’s find an easy example.

…want a securities account with your new account?

There is one universal retail bank, FriendlyBank, which wants people to open accounts. And there are three deposit banks, FriendlyDeposit, EasyDeposit and NiceDeposit. There is also the Regulator, who must be able to audit all transactions between the parties.

Requirement

common goal: make money

The common goal of universal and deposit banks is to open accounts. The universal bank can be intermediary to deposit account opening, so you can open a securities account at one of the three deposit banks with your new account at FriendlyBank. This way, it is a win-win-situation for both parties, the intermediary gets commissions, the deposit banks get new customers.

FriendlyBank and FriendlyDeposit are related to each other, they have the same ownership structure, but are separated entities. Since the deposit banks are in competition with each other, the other deposit banks besides FriendlyBank want to be sure that not very valuable customers are transferred to FriendlyDeposit or the deposit account opening is “accidentally forgotten”, if not FriendlyDeposit is chosen.
Since the parties do not really trust each other, a trust-less (ie. no trust necessary) solution is needed.

the wonderful world of finance IT today

As we said, the depicted scenario exists quite often. Also, technical “solutions” for these scenarios exist.

They look similar to this one:

Flatfilesolution_crop

We wan’t go in detail what all this means, but to become trust-less, as well as assure that the data is in sync in each organisation, a lot has to be implemented and still, shortcomings of these solutions are quite common:

  • reconciliation processes are always necessary, but still, due to missing transaction support in flat file exchange, which is almost always chosen as the “simplest” integration pattern, errors occur.
  • adapters have to be built for each party, so there will soon exist a many-to-many problem.
  • special adapters have to be built for regulators.
  • crosscutting concerns have to be implemented: security, authentication, auditing, transaction support

Compared to a natural solution in the blockchain

Below is the blockchain solution, it fits naturally and implements all requirements.bcsample

Abstracting from the use case

Why is this solution matching so well, what is the pattern “behind”?

Different actors change the state of a business process on some event in a transactional way.

2645030_8e2b2269
[Old cigarette machine *]

You certainly know this pattern, it is describing a finite state machine, more exactly a distributed, secured by cryptoeconomics finite state machine, which events are transactions.

After all, the blockchain itself is a state transition system, it somes quite naturally to implement a simple state machine on the Ethereum EVM, it even is mentioned as a common pattern in the Solidity docs.

 

Approaching the finite state machine

How would the organisations collaborate? This could look like this informally:

 

process_v1

or like this (more) formally:

Blockchainsolution_FSM

so we actually can built this state machine and its transitions really easy using the blockchain, here in pseudo-Solidity, derived from the common pattern in the Solidity docs:

contract AccountDepositStateMachine {
enum Stages { Init, AccountOpened, DepositOpened, DepositConfirmed, AccountConfirmed } Stages public stage = Stages.Init; modifier atStage(Stages _stage) { if (stage != _stage) throw; _ } function nextStage() internal { stage = Stages(uint(stage) + 1); } // Order of the modifiers matters here! function openAccount() atStage(Stages.Init)
transitionNext
{ if (msg.sender != FRIENDLY_BANK) throw; } function openDeposit() atStage(Stages.AccountOpened)
transitionNext
{
if (msg.sender != FRIENDLY_BANK) throw;
}
function confirmDeposit()
atStage(Stages.DepositOpened)
transitionNext
{
if (msg.sender != DEPOSIT_BANK) throw;
}
modifier transitionNext() { _ nextStage(); } }

Great, so that’s it, we can build any business process using the blockchain, QED.

Leaving the ivory tower

As you might guess, it is not that simple. Let’s review the actual process:

  1. Account is opened 
  2. Deposit Account is opened
  3. Deposit Confirmed
  4. Account Confirmed

Ever saw an IT-process in real life? Exactly, it’s not like this, not even close. Let’s see a more real life example:

  1. Account is opened
  2. An Email is send to whoever feels responsible
  3. The Product Owner’s Excel has to be updated
  4. The new reporting engine must have its data updated, it is runnig with MongoDB, which has to be updated
  5. Revision wants to have it’s auditing data in their Oracle DB (must use 2PC)
  6. … (ok, you got it already…)

None of the tasks in bold red can be accomplished from the Ethereum blockchain, since calls from “inside” to “outside” are prohibited. Let’s hope this will never change, the separation of “inside” and “outside” is essential for the stability and security of the Ethereum blockchain

We could use Oracles for this, but it would be a kind of usage which is highly inappropriate for this type of external information retrieval.

Teaser: “Mastering the Flow: Blending Reality with the Blockchain”

This post is way too long already, so here comes a teaser for two posts next to come: “Mastering the Flow: Blending Reality with the Blockchain”

The idea is really simple: let’s just recentralize the business process (we are in eager anticipation for the comments to come…)

But we think this can make sense. Look at the sample above, illustrated as a flow:

nodered

The flow was created with Node-RED, an excellent and highly undervalued tool of IBM Emerging Technologies for flows in IoT. It could be very easily adapted to Ethereum with smart contract access by usage of web3.js, which itself can be integrated in node.js, which is the basis of Node-RED, hence the name.

We make the following assertion:

More than 80% of all use cases can be realized by a centralized business process engine as a first layer, eg. implemented in Node-RED, and a state machine implemented in the blockchain as a second layer

The business process engine is the glue between the transactional blockchain state transitions and the secondary business processes.

What do you think of it? Please let us know in the comments, we really appreciate feedback, positive or negative.

And stay tuned for the next episode, we will get to the nitty-gritty there.

images:
[Business] Business by Christophe BENOIT under CC
[Competing teams] Competing teams by Denis De Mesmaeker under CC
[Old cigarette machine] Old cigarette machine by Walter Baxter under CC

Gambling with Oracles

[casino kurhaus*]
[casino kurhaus*]

 

How to create a provably-fair high risk financial product with live data feeds provided by oracles.

Introducing Binary Options

This time, we gonna gamble. We will construct a financial product, more specifcally: a binary option, European style, cash-or-nothing.

[binary*]

Binary options are “a type of option in which the payoff is structured to be either a fixed amount of compensation if the option expires in the money, or nothing at all if the option expires out of the money” [1], therefore cash-or-nothing. European style means the option “can only be exercised at the end of its life, at its maturity” [2].

This is a high risk product which is “most likely traded over the Internet on platforms existing outside of regulations” [1], so “the customer is betting against the broker, who is acting as a bucket shop.” [3]

In general, this means that “because these platforms operate outside of regulations, investors are at greater risk of fraud” [1] and “manipulation of price data to cause customers to lose is common” [1].

BinaryOption (3)So, in contrast to common regulated financial products we have a really comprehensible option, which is mostly valued as high-risk, because there is a real clash of interests if the broker also evaluates the stock against the strike price and thus is highly motivated to manipulate this evaluation.

Smart Contracts to the Rescue

So, can smart contracts help here? You bet! The blockchain is trust-less, so you just don’t have to trust anyone, be it broker or bucket shop or both, but you can just prove if everything’s ok.

If a smart contract guarantees you that you will get 195% if you predict correctly and 0% if not, this rule has to be implemented in the contract.

Meeting the Oracle

Given that we can trust the contract, it should be easy to implement a binary option like this:

After deploying the contract, you have 1 hour to invest Ether on calls or puts on the contracts conditions (eg. DAX is above the strike price in 1 hour). After the 1 hour offering period, it's rien ne va plus, no purchase of calls or puts are possible. At this point of time, the current value of the DAX is stored. After exactly 1 hour the DAX is evaluated against the stored DAX value.
  • if the value is above or equal to the stored value, all calls are returned 195% of their investment, all puts lose all invested money
  • if the value is below the stored value, all puts are returned 195% of their investment, all calls lose all invested money

Sounds simple? It is!

[oracle*]
[oracle*]

You can easily prove that the contract actually implements the described rules, but there are two problems: how does the contract know the DAX spot? Contracts in Ethereum intentionally cannot connect to the outside world, therefore the outside world has to call the contract and provide the necessary data. Who tells the contract the exact time it has to retrieve the DAX spot? There must be some callback mechanism, since Ethereum smart contracts are not able to call themselves, have a Daemon, Threading etc.

Let’s gonna oraclize.it

There is a startup solving this problems in a elegant way: oraclize.it

You should look up and understand how oraclize.it works and helps us to solve our problems. In short, callbacks are used by oraclize.it and you can determine the exact data feed of the data which oraclize.it will provide at a certain point of time to our contract.BinaryOptionOrale (1)Here the two problems are addressed:

  1. The contract has to provide a callback for the oracle to call. The data feed is configured when the callback is provided, as well as the time interval.
  2. The oracle facilitates a scheduling to call the provided smart contract callback at the configured time interval.

Both solutions require the user and the contract owner to actually trust the “trusted datasource” (the contract’s user can decide if he trusts this datasource) and the oracle itself to have a working scheduling and not to manipulate the data. In contrast to the “broker” above, the oracle has no interest in manipulating the data.

However, oraclize.it not only offers a service, but even more defines a protocol, so there will most likely be more than one oracle to choose from to offer redundancy in the future.

Building Binary Options in Ethereum Studio

…in the next post.

Realizing how long this post already is, we decided to split the tutorial and the theoretical part. The tutorial will follow soon! Please let us know in the comments if you’d like to have this tutorial and what you expect of it.

Meanwhile, try out this ether.camp tutorial which describes the integration of oraclize.it into Ethereum Studio.

images:
[casino kurhaus] Kurhaus Casino by fr4dd under CC
[binary] binary by christine592 under CC
[
oracle] Oracle by Bob Doran under CC

icons:
icons made by Freepik from www.flaticon.com 

Ethereum Development Tools – an Evaluation Matrix

Developing for the Ethereum World Computer – Revisited

When comparing development methods for and in the Ethereum space, it becomes obvious how brilliant the people involved actually are: as a developer, you have several choices of great development tools and environments, even though the development process for Dapps is quite difficult: it involves different “layers” (frontend with HTML/CSS/JavaScript and backend with the Ethereum blockchain), different languages (JavaScript for frontend dev, Solidity for backend dev), different contexts (public/private/proprietary blockchains).

Taking these different contexts into account, evaluating the different development environments is only possible by identifying the different aspects and value them according to the own preferred usage.

Aspects of Dapp Development

Ethereum-docs-intro (1)

  • Solidity Development / Solidity Environment
    User can edit Solidity content in a text editor, there should be at least syntax highlighting.
  • JavaScript/Web Environment
    User can edit JavaScript, HTML and CSS in a text editor and gets different levels of support like syntax highlighting, code completion, etc.
  • IDE
    User can not only edit code (Solidity and JavaScript), but can also compile, check into a versioning system, debug and deploy to some operating environment.
  • Versioning
    Versioning is supported, eg. by enabling the user to check edited content into a versioning system, show diffs, apply patches, etc.
  • Collaboration
    Modification of code by multiple users is supported, at minimum support of different versions of the code is possible to avoid conflicts.
  • Deployment
    Working code can be deployed to some environment which enables the user and other users to use the working program (a sandbox or real blockchain and a web application server for JavaScript like node.js and static content like HTML and CSS files)

A first Categorization and a Teaser

We will summarize in short the different aspects which are supported in these development environment: Solidity Browser / Ethereum Wallet, Truffle and Ethereum Studio.

This is also a teaser for the upcoming blog posts, which will explain the environments in detail.

Solidity Browser / Ethereum Wallet

In terms of architectural styles, both environments represent minimalism. They are slim and handy, easy to use and fast to learn, but lack some functionality if real development “in the large” is necessary.

Ethereum-docs-browser
Solidity Browser, only Solidity Development, no Environment, ie. not even save of file is possible

Ethereum-docs-wallet
Ethereum Wallet (Mist), only Solidity Environment, no save of file possible, but integrated compiler

Truffle (also: Embark, Dapple)

Truffle satisfies all aspects which a usual client application can offer, therefore you can think of Gothik, it is mighty, almost lavish, and well structured. If you come from web development in JavaScript with node.js, who should look no further, this environment is for you (at least if you don’t need support for online development, versioning and multi user directly in your environment, but use external tools like Git and testrpc for these aspects).

Ethereum-docs-truffle
Truffle, also Embark and Dapple: web development environments, usefully extended with Solidity support

Ethereum Studio, the all-in-one-solution

The Ethereum Studio, in our opinion, resembles Deconstructivism. Why’s that? Because here all aforementioned aspects of software development are taken apart and are reconstructed to fit perfectly to Dapp development. This is an all-in-one-solution which we can really recommend, with two limitation: you have to agree to a uncertain pricing model (it just doesn’t exist right now, you can still test the product) and a “closed” environment, which works seemless and smooth, but expects you to let in to this tool and the development process.

But no other tool lets you test your code this easy with manual and even unit testing built into the environment.

Ethereum-docs-studio
The all-in-one-solution, steep learning curve, but all you will ever need in multi user, versionized, unit tested Dapp development

Stay tuned for the detailed explanations of these great development tools.

Wir machen uns die Welt … wie sie uns gefällt

Nach der Entdeckung der neuen Welt und dem Überwinden der ersten Hindernisse wollen wir uns nun sesshaft machen und anfangen, Applikationen und Smart Contracts jenseits von “Hello World” zu entwickeln.

Aber wie fangen wir an? Die ersten Erfahrungen mit dem fantastischen Tool cosmo.to waren viel versprechend, leider ist das Tool mittlerweile online nicht mehr verfügbar. Der wahrscheinliche Grund ist die Tatsache, dass das Standard-Ethereum-Wallet von ethereum.org die gleiche Funktionalität und noch viel mehr bietet. Allerdings zu Lasten der Übersichtlichkeit.

Wir wollen deshalb hier einen Überblick der bekanntesten Entwicklungsumgebungen geben, mit einer subjektiven Einordnung in Architekturstile:

  • Minimalismus: minimal, übersichtlich, aber auch schlicht: der Solidity Browser. Super zum Erlernen der Sprache Solidity, aber das war’s dann auch schon. Persistierung? Versionierung? Alles nicht vorgesehen. Super für den Einstieg.
  • Bauhaus: funktional und praktisch: das Ethereum Wallet dient nicht nur als Wallet selbst, sondern ermöglicht die Erstellung und das Deployment von Smart Contracts und die Verwaltung von eigenen Tokens.
  • Gotik: opulent, gut strukturiert, mächtig: Truffle ist ein reines Javascript-Framework und verwendet alle Komponenten, die moderne Javascript-Entwicklung bietet: Gulp, Mocha, Chai, etc. Sehr gut dokumentiert, ebenfalls gut für den Einstieg geeignet, bietet darüber hinaus aber auch viel mehr.
  • Kubismus: ganz anders, aber erfolg- und einflussreich: die Entwicklungsumgebung von Microsoft, Visual Studio (Community) oder der neue Open Source Editor Visual Studio Code zusammen mit BlockApps STRATO, einer zentralisierten Blockchain. Leicht zu nutzen, mit automatischer Frontenderstellung. Etwas für den anderen, schnellen Einstieg in private Chains mit Microsoft Azure.
  • Dekonstruktivismus: das “new kid on the block”, das Ethereum Studio von <ether.camp> macht alles etwas anders, nach unserer Meinung auch besser: eine verteilte Entwicklungsumgebung auf Basis von cloud9, ein integrierter Sandbox-Ethereum-Node, eine Deploymentmöglichkeit in alle möglichen Umgebungen (die JSON-RPC verstehen). Leider auf Dauer nicht kostenlos, Preise sind noch nicht bekannt.

In den nächsten Wochen werden wir die hier erwähnten (es gibt noch zahlreiche andere!) Entwicklungsumgebungen genauer testen, immer mit dem gleichen Tokenbeispiel. Stay tuned!