From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 194FAC002D for ; Tue, 26 Apr 2022 10:48:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id E558A4018D for ; Tue, 26 Apr 2022 10:48:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86P7bQwJj_5J for ; Tue, 26 Apr 2022 10:48:00 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from azure.erisian.com.au (azure.erisian.com.au [172.104.61.193]) by smtp2.osuosl.org (Postfix) with ESMTPS id D46FE400E5 for ; Tue, 26 Apr 2022 10:47:59 +0000 (UTC) Received: from aj@azure.erisian.com.au (helo=sapphire.erisian.com.au) by azure.erisian.com.au with esmtpsa (Exim 4.92 #3 (Debian)) id 1njIja-0000Nl-SI; Tue, 26 Apr 2022 20:47:56 +1000 Received: by sapphire.erisian.com.au (sSMTP sendmail emulation); Tue, 26 Apr 2022 20:47:51 +1000 Date: Tue, 26 Apr 2022 20:47:51 +1000 From: Anthony Towns To: Jeremy Rubin , Bitcoin Protocol Discussion Message-ID: <20220426104751.GA7996@erisian.com.au> References: <9xz3fyWghx-hWNovENgiaU_FvTKLvGAWq9ooCoeGMsaXT1UV6k9zV9fzjVXj346GNqOPV0UQvlE4YRvOpbnkwk5xUiugraaNK4V2iALskGo=@protonmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score-int: -18 X-Spam-Bar: - Subject: Re: [bitcoin-dev] What to expect in the next few weeks X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2022 10:48:01 -0000 On Mon, Apr 25, 2022 at 10:48:20PM -0700, Jeremy Rubin via bitcoin-dev wrote: > Further, you're representing the state of affairs as if there's a great > need to scramble to generate software for this, whereas there already are > scripts to support a URSF that work with the source code I pointed to from > my blog. This approach is a decent one, even though it requires two things, > because it is simple. I think it's important that people keep this in mind > because that is not a joke, the intention was that the correct set of check > and balance tools were made available. I'd be eager to learn what, > specifically, you think the advantages are of a separate binary release > rather than a binary + script that can handle both cases? The point of running a client with a validation requirement of "blocks must (not) signal" is to handle the possiblity of there being a chain split, where your preferred ruleset ends up on the less-work side. Ideally that will be a temporary situation and other people will come to your side, switch their miners over etc, and your chain will go back to having the most work, and anyone who wasn't running a client with the opposite signalling requirement will reorg to your chain and ruleset. But forkd isn't quite enough to do that reliably -- instead, you'll start disconnecting nodes who forward blocks to you that were built on the block you disconnected, and you'll risk ending up isolated: that's why bip8 recommends clients "should either use parameters that do not risk there being a higher work alternative chain, or specify a mechanism for implementations that support the deployment to preferentially peer with each other". Also, in order to have other nodes reorg to your chain when it has more work, you don't want to exclusively connect to likeminded peers. That's less of a big deal though, since you only need one peer to forward the new chain to the compatible network to trigger all of them to reorg. Being able to see the other chain has more work might be valuable in order to add some sort of user warning signal though: "the other chain appears to have maintained 3x as much hash power as the chain your are following". In theory, using the `BLOCK_RECENT_CONSENSUS_CHANGE` flag to indicate unwanted signalling might make sense; then you could theoretically trigger on that to avoid disconnecting inbound peers that are following the wrong chain. There's already some code along those lines; but while I haven't checked recently, I think it ends up failing relatively quickly once an invalid chain has been extended by a few blocks, since they'll result in `BLOCK_INVALID_PREV` errors instead. The segwit UASF client took some care to try to make this work, fwiw. (As it stands, I think RECENT_CONSENSUS_CHANGE only really helps with avoiding disconnections if there's one or maybe two invalid blocks in a row from a random miner that's doing strange things, rather than if there's an active conflict resulting in a deliberate chain split). On the other hand, if there is a non-trivial chain split, then everyone has to deal with splitting their coins across the different chains, presuming they don't want to just consider one or the other a complete write-off. That's already annoying; but for lightning funds I think it means the automation breaks down, and every channel in the network would need to be immediately closed on chain, as otherwise accepting state updates risks losing the value of your channel balance on whichever chain you're lightning node is not following. So to your original question: I think it's pretty hard to do all that stuff in a separate script, without updating the node software itself. More generally, while I think forkd *is* pretty much state of the art; I don't think it comes close to addressing all the problems that a chain split would create. Maybe it's still worthwhile despite those problems if there's some existential threat to bitcoin, but (not) activating CTV doesn't seem to rise to that level to me. Just my opinion, but: without some sort of existential threat, it seems better to take things slowly and hold off on changes until either pretty much everyone who cares is convinced that the change is a good idea and ready to go; or until someone has done the rest of the work to smooth over all the disruption a non-trivial chain split could cause. Of course, the latter option is a _lot_ of work, and probably requires consensus changes itself... Cheers, aj