From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D22A2268 for ; Fri, 31 Jul 2015 13:12:40 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ob0-f170.google.com (mail-ob0-f170.google.com [209.85.214.170]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 44D3C1C3 for ; Fri, 31 Jul 2015 13:12:39 +0000 (UTC) Received: by obdeg2 with SMTP id eg2so53361083obd.0 for ; Fri, 31 Jul 2015 06:12:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CtDg2cttIm3V6+37KcaQ6OKl3gxeCMtsWGd2y4nntlI=; b=ehVfVKcUcE42pKs2eEw+gM6Ux80gcDepEUcuUhl+p0zmR0I+/gf1mKNmUKP9oOAT8i fkTjQClPG0udjaZyl+nnqUdMmW0rAsB4c3eL6GdKYumcgv4reS5fV3TTMxcTEzex/jA+ zqNiNxlWZ/wgplwafBGCGMsbeWMUDyBjoWguucxGMwXs6YbsQOfvQ86Zh4U7Fw5fJLfd I6VVkvBS88wvQs4uEPfuXvrDQuB9myxeUOqIyZkCgJrYop9iViG7VyBlRpkimBVxEKA0 FObpEx+a6n9ZP8UXg9mTMUfY3wfxY/7FWSuNgHYsGoBX09tWRcsEFDL+oN+nL2uIUWkJ ibbA== MIME-Version: 1.0 X-Received: by 10.60.69.200 with SMTP id g8mr2825793oeu.40.1438348358566; Fri, 31 Jul 2015 06:12:38 -0700 (PDT) Received: by 10.76.177.164 with HTTP; Fri, 31 Jul 2015 06:12:38 -0700 (PDT) In-Reply-To: References: <20150731083943.Horde.68uT9J78H_PdIgIwQP5frA1@server47.web-hosting.com> Date: Fri, 31 Jul 2015 09:12:38 -0400 Message-ID: From: Ivan Brightly To: Adam Back Content-Type: multipart/alternative; boundary=001a11333a36f9c8ca051c2b9246 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] A compromise between BIP101 and Pieter's proposal X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jul 2015 13:12:40 -0000 --001a11333a36f9c8ca051c2b9246 Content-Type: text/plain; charset=UTF-8 1. Data centers are not some uniform group of businesses with identical policies nor firms with identical laws applied. The ability to get a search warrant at a Swedish hosting provider will be dramatically different than a Singaporean business. Similar to the decentralized nature of bitcoin, these businesses are independent and varied - it would be difficult for authorities to conduct a widescale attack on nodes worldwide, especially given current laws. It would also be ineffective since any hacked/seized host can be replaced quickly with a competitor service in a different jurisdiction. 2. Personal residences and non-data center businesses are not immune to theft, blackmail, seizure, hacking, etc. Depending upon the adversary and method of attack, many users would be no worse off with their nodes not located on premise. As alluded to above, it's a lot easier and less costly to spin up a new 3rd party host than it is to replace a stolen laptop. There is nothing inherently wrong with data centers/hosting providers playing a significant (but not central) role in decentralized services. Users who choose to use a VPS are not contributing to bitcoin in some sort of inferior capacity. I'll posit that 3rd party providers are not an ideal place to hold private keys, but that is off topic. On Fri, Jul 31, 2015 at 6:16 AM, Adam Back via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I think trust the data-center logic obviously fails, and I was talking > about this scenario in the post you are replying to. You are trusting the > data-center operator period. If one could trust data-centers to run > verified code, to not get hacked, filter traffic, respond to court orders > without notifying you etc that would be great but that's unfortunately not > what happens. > > Data-center operators are bound to follow laws, including NSLs and gag > orders. They also get hacked, employ humans who can be corrupt, > blackmailed, and themselves centralisation points for policy attack. > Snowden related disclosures and keeping aware of security show this is very > real. > > This isn't much about bitcoin even, its just security reality for hosting > anything intended to be secure via decentralisation, or just hosting in > general while at risk of political or policy attack. > > Adam > On Jul 31, 2015 10:39, "jl2012 via bitcoin-dev" < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> There is a summary of the proposals in my previous mail at >> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009808.html >> >> I think there could be a compromise between Gavin's BIP101 and Pieter's >> proposal (called "BIP103" here). Below I'm trying to play with the >> parameters, which reasons: >> >> 1. Initiation: BIP34 style voting, with support of 750 out of the last >> 1000 blocks. The "hardfork bit" mechanism might be used: >> http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009576.html >> >> Rationale: This follows BIP101, to make sure the new chain is secure. >> Also, no miner would like to be the first one to mine a large block if they >> don't know how many others would accept it. >> >> 2. Starting date: 30 days after 75% miner support, but not before >> 2016-01-12 00:00 UTC >> >> Rationale: A 30-day grace period is given to make sure everyone has >> enough time to follow. This is a compromise between 14 day in BIP101 and 1 >> year in BIP103. I tend to agree with BIP101. Even 1 year is given, people >> will just do it on the 364th day if they opt to procrastinate. >> >> 2016-01-12 00:00 UTC is Monday evening in US and Tuesday morning in >> China. Most pool operators and devs should be back from new year holiday >> and not sleeping. (If the initiation is delayed, we may require that it >> must be UTC Tuesday midnight) >> >> 3. The block size at 2016-01-12 will be 1,414,213 bytes, and multiplied >> by 1.414213 by every 2^23 seconds (97 days) until exactly 8MB is reached on >> 2017-05-11. >> >> Rationale: Instead of jumping to 8MB, I suggest to increase it gradually >> to 8MB in 16 months. 8MB should not be particularly painful to run even >> with current equipment (you may see my earlier post on bitctointalk: >> https://bitcointalk.org/index.php?topic=1054482.0). 8MB is also agreed >> by Chinese miners, who control >60% of the network. >> >> 4. After 8MB is reached, the block size will be increased by 6.714% every >> 97 days, which is equivalent to exactly octuple (8x) every 8.5 years, or >> double every 2.9 years, or +27.67% per year. Stop growth at 4096MB on >> 2042-11-17. >> >> Rationale: This is a compromise between 17.7% p.a. of BIP103 and 41.4% >> p.a. of BIP101. This will take us almost 8 years from now just to go back >> to the original 32MB size (4 years for BIP101 and 22 years for BIP103) >> >> SSD price is expected to drop by >50%/year in the coming years. In 2020, >> we will only need to pay 2% of current price for SSD. 98% price reduction >> is enough for 40 years of 27.67% growth. >> Source: >> http://wikibon.org/wiki/v/Evolution_of_All-Flash_Array_Architectures >> >> Global bandwidth is expected to grow by 37%/year until 2021 so 27.67% >> should be safe at least for the coming 10 years. >> Source: >> https://www.telegeography.com/research-services/global-bandwidth-forecast-service/ >> >> The final cap is a compromise between 8192MB@2036 of BIP101 and >> 2048MB@2063 of BIP103 >> >> >> ----------------------------------- >> >> Generally speaking, I think we need to have a faster growth in the >> beginning, just to normalize the block size to a more reasonable one. After >> all, the 1MB cap was introduced when Bitcoin was practically worthless and >> with inefficient design. We need to decide a new "optimal" size based on >> current adoption and technology. >> >> About "fee market": I do agree we need a fee market, but the fee pressure >> must not be too high at this moment when block reward is still miner's main >> income source. We already have a fee market: miners will avoid building big >> blocks with low fee because that will increase the orphan risk for nothing. >> >> About "secondary layer": I respect everyone building secondary layer over >> the blockchain. However, while the SWIFT settlement network is processing >> 300tps, Bitcoin's current 7tps is just nothing more than an experiment. If >> the underlying settlement system does not have enough capacity, any >> secondary layer built on it will also fall apart. For example, people may >> DoS attack a Lightening network by provoking a huge amount of settlement >> request which some may not be confirmed on time. Ultimately, this will >> increase the risk of running a LN service and increase the tx fee inside >> LN. After all, the value of secondary layer primarily comes from instant >> confirmation, not scarcity of the block space. >> >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --001a11333a36f9c8ca051c2b9246 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
  1. Data centers are not some uniform group of busines= ses with identical policies nor firms with identical laws applied. The abil= ity to get a search warrant at a Swedish hosting provider will be dramatica= lly different than a Singaporean business. Similar to the decentralized nat= ure of bitcoin, these businesses are independent and varied - it would be d= ifficult for authorities to conduct a widescale attack on nodes worldwide, = especially given current laws. It would also be ineffective since any hacke= d/seized host can be replaced quickly with a competitor service in a differ= ent jurisdiction.
  2. Personal residences and non-data center busin= esses are not immune to theft, blackmail, seizure, hacking, etc. Depending = upon the adversary and method of attack, many users would be no worse off w= ith their nodes not located on premise. As alluded to above, it's a lot= easier and less costly to spin up a new 3rd party host than it is to repla= ce a stolen laptop.
There is nothing inherently wrong with da= ta centers/hosting providers playing a significant (but not central) role i= n decentralized services. Users who choose to use a VPS are not contributin= g to bitcoin in some sort of inferior capacity. I'll posit that 3rd par= ty providers are not an ideal place to hold private keys, but that is off t= opic.


<= br>
On Fri, Jul 31, 2015 at 6:16 AM, Adam Back vi= a bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

I thi= nk trust the data-center logic obviously fails, and I was talking about thi= s scenario in the post you are replying to.=C2=A0 You are trusting the data= -center operator period.=C2=A0 If one could trust data-centers to run verif= ied code, to not get hacked, filter traffic, respond to court orders withou= t notifying you etc that would be great but that's unfortunately not wh= at happens.

Data-center operators are bound to follow laws, including NS= Ls and gag orders.=C2=A0 They also get hacked, employ humans who can be cor= rupt, blackmailed, and themselves centralisation points for policy attack.= =C2=A0 Snowden related disclosures and keeping aware of security show this = is very real.

This isn't much about bitcoin even, its just security re= ality for hosting anything intended to be secure via decentralisation, or j= ust hosting in general while at risk of political or policy attack.

Adam

On Jul 31, 2015 10:39, "jl2012 via bitcoin-= dev" <bitcoin-dev@lists.linuxfoundation.org> wrote:
There is a summary of the p= roposals in my previous mail at https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/= 009808.html

I think there could be a compromise between Gavin's BIP101 and Pieter&#= 39;s proposal (called "BIP103" here). Below I'm trying to pla= y with the parameters, which reasons:

1. Initiation: BIP34 style voting, with support of 750 out of the last 1000= blocks. The "hardfork bit" mechanism might be used: http://lists.linuxfoundation.org/pip= ermail/bitcoin-dev/2015-July/009576.html

Rationale: This follows BIP101, to make sure the new chain is secure. Also,= no miner would like to be the first one to mine a large block if they don&= #39;t know how many others would accept it.

2. Starting date: 30 days after 75% miner support, but not before 2016-01-1= 2 00:00 UTC

Rationale: A 30-day grace period is given to make sure everyone has enough = time to follow. This is a compromise between 14 day in BIP101 and 1 year in= BIP103. I tend to agree with BIP101. Even 1 year is given, people will jus= t do it on the 364th day if they opt to procrastinate.

2016-01-12 00:00 UTC is Monday evening in US and Tuesday morning in China. = Most pool operators and devs should be back from new year holiday and not s= leeping. (If the initiation is delayed, we may require that it must be UTC = Tuesday midnight)

3. The block size at 2016-01-12 will be 1,414,213 bytes, and multiplied by = 1.414213 by every 2^23 seconds (97 days) until exactly 8MB is reached on 20= 17-05-11.

Rationale: Instead of jumping to 8MB, I suggest to increase it gradually to= 8MB in 16 months. 8MB should not be particularly painful to run even with = current equipment (you may see my earlier post on bitctointalk: https://bitcointalk.org/index.php?topic=3D1054482.0). 8M= B is also agreed by Chinese miners, who control >60% of the network.

4. After 8MB is reached, the block size will be increased by 6.714% every 9= 7 days, which is equivalent to exactly octuple (8x) every 8.5 years, or dou= ble every 2.9 years, or +27.67% per year. Stop growth at 4096MB on 2042-11-= 17.

Rationale: This is a compromise between 17.7% p.a. of BIP103 and 41.4% p.a.= of BIP101. This will take us almost 8 years from now just to go back to th= e original 32MB size (4 years for BIP101 and 22 years for BIP103)

SSD price is expected to drop by >50%/year in the coming years. In 2020,= we will only need to pay 2% of current price for SSD. 98% price reduction = is enough for 40 years of 27.67% growth.
Source: http://wikibon.org/wiki/= v/Evolution_of_All-Flash_Array_Architectures

Global bandwidth is expected to grow by 37%/year until 2021 so 27.67% shoul= d be safe at least for the coming 10 years.
Source: https://ww= w.telegeography.com/research-services/global-bandwidth-forecast-service/

The final cap is a compromise between 8192MB@2036 of BIP101 and 2048MB@2063= of BIP103


-----------------------------------

Generally speaking, I think we need to have a faster growth in the beginnin= g, just to normalize the block size to a more reasonable one. After all, th= e 1MB cap was introduced when Bitcoin was practically worthless and with in= efficient design. We need to decide a new "optimal" size based on= current adoption and technology.

About "fee market": I do agree we need a fee market, but the fee = pressure must not be too high at this moment when block reward is still min= er's main income source. We already have a fee market: miners will avoi= d building big blocks with low fee because that will increase the orphan ri= sk for nothing.

About "secondary layer": I respect everyone building secondary la= yer over the blockchain. However, while the SWIFT settlement network is pro= cessing 300tps, Bitcoin's current 7tps is just nothing more than an exp= eriment. If the underlying settlement system does not have enough capacity,= any secondary layer built on it will also fall apart. For example, people = may DoS attack a Lightening network by provoking a huge amount of settlemen= t request which some may not be confirmed on time. Ultimately, this will in= crease the risk of running a LN service and increase the tx fee inside LN. = After all, the value of secondary layer primarily comes from instant confir= mation, not scarcity of the block space.

_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev


--001a11333a36f9c8ca051c2b9246--