Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 3E6653EE for ; Mon, 22 May 2017 19:23:26 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f42.google.com (mail-vk0-f42.google.com [209.85.213.42]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id CE6BE17C for ; Mon, 22 May 2017 19:23:24 +0000 (UTC) Received: by mail-vk0-f42.google.com with SMTP id h16so46433962vkd.2 for ; Mon, 22 May 2017 12:23:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=VQ+yRVPSqaIfZE1BVdGwGyhiQkX84M/i2TTxso3mld4=; b=N8/xmm0rolJSM6W63jJTnWD59p485Z5s6WP4dxX6gKCJ3/190vwHaw5w+hIwsSdhgT m+7EmhYzsExFBPZSZ5+5o9YRjFmadr0v7gM4x/1FJrthhk8Al+xD74Oh1KOXWu+b7dtF otnpyz7wlVXqj6b0szWtB3SwhoOsOgJduNqo4plV6QV4bMSk1++d8GAEmb1U7r7Tzsmr UdF3jbudEAdj4fRNiivm7Eom4qYfkLI2AKDmQX82ozzFuAlI7YEGNJ/bQtEV/k8N511S EQGeErdKVQYyVbcIYFSVmmMzEk7zQXBvR9CeC3GdR496IrBEZdxh0EyKBPmBR5oJwryv XdEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=VQ+yRVPSqaIfZE1BVdGwGyhiQkX84M/i2TTxso3mld4=; b=BIafa3LYO1Xgc62Y3dgKQ60KHw6N8GjtTq72KPq3eAXVVCVEXArtrQgPKkXn/2T7xv W4fd1KzZ1ee5bD8XM9dHMFL8DKT7Oo3NsWufUGoxoTWXVkxvWk3/aMOQpkBwgaGRdlal JYCq9yGvGKhJFb7mznOAoWY5dcwGY5i26XvYZv0fL1SQP9zM7y1Jkyi6+HQ5qXoCFev9 kIc5N7Q2al+6peNKFeyO3bc90kwUegggntKzEJGQwtumUbbUsZQKn/gK87MYmh6RzLCH 2fPOvKAjYtXKkNK1AywPfy5POzn7Dixu+yscplUnUObme73xOE8xvEXJXFVl9vNrxvem uYqQ== X-Gm-Message-State: AODbwcD+Um0RQkPV1Nvqsli2/TfypUwYwSI7yMEx4W7t7GyCuasZjCoD bVTjvGNufaLXMzp1EweRhAc+343Fo6D5pTE= X-Received: by 10.31.135.18 with SMTP id j18mr9283168vkd.134.1495481003585; Mon, 22 May 2017 12:23:23 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.45.78 with HTTP; Mon, 22 May 2017 12:23:22 -0700 (PDT) In-Reply-To: References: From: Suhas Daftuar Date: Mon, 22 May 2017 15:23:22 -0400 Message-ID: To: Bitcoin Dev Content-Type: multipart/alternative; boundary="001a11458534fcfedd055021cd7b" X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] I do not support the BIP 148 UASF X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2017 19:23:26 -0000 --001a11458534fcfedd055021cd7b Content-Type: text/plain; charset="UTF-8" I also do not support the BIP 148 UASF, and I'd like to add to the points that Greg has already raised in this thread. BIP 148 would introduce a new consensus rule that softforks out non-segwit signalling blocks in some time period. I reject this consensus rule as both arbitrary and needlessly disruptive. Bitcoin's primary purpose is to reach consensus on the state of a shared ledger, and even though I think the Bitcoin network ought to adopt segwit, I don't think that concern trumps the goal of not splitting the network. Many BIP 148 advocates seem to start with the assumption that segwit already has a lot of support, and suggest that BIP 148 does as well. However I don't think it's fair or correct to separate the activation proposal for segwit from the rest of the segwit proposal. The deployment parameters for segwit are consensus-critical; assuming that some other deployment has consensus because it would result in the rest of the segwit proposal activating is an unjustified leap. Even if there were no feasible alternate segwit deployment method available to us, I would hesitate to recommend that the network adopt a potentially consensus-splitting approach, even though I firmly believe that the ideas behind segwit are fundamentally good ones. But fortunately that is not the situation we are in; we have substantially less disruptive methods available to us to activate it, even if the current BIP 9 deployment were to fail -- such as another BIP 9 deployment in the future, or perhaps a BIP 149 deployment. If we do pursue a "user-activated" deployment of segwit, I'd recommend that we do so in a more careful way than BIP 148 or 149 currently suggest, which as I understand would otherwise make very few changes to the current implementation. However, due to the BIP 9 activation assumption, the Bitcoin Core 0.13.1 - 0.14.0 segwit implementation largely lumps together the idea that miners would both enforce the rules and mine segwit blocks. However, we can separate these concerns, as we started to do in the Bitcoin Core 0.14.1 release, where mining segwit blocks is not required in order to generally mine or signal for segwit in the software. And we can go further still: without too much work, we could make further improvements to accommodate miners who, for whatever reason, don't want to upgrade their systems, such as by improving block relay from pre-segwit peers [1], or optimizing transaction selection for miners who are willing to enforce the segwit rules but haven't upgraded their systems to mine segwit blocks [2]. If we would seek to activate a soft-fork with less clear miner signaling (such as BIP 149), then I think such improvements are warranted to minimize network disruption. In general, we should not seek to censor hashpower on the network unless we have a very important reason for doing so. While the issues here are nuanced, if I were to evaluate the BIP 148 soft-fork proposal on the spectrum of "censorship attack on Bitcoin" to "benign protocol upgrade", BIP 148 strikes me as closer to the former than the latter. There is simply no need here to orphan these non-signalling blocks that could otherwise be used to secure the network. To go further: I think BIP 148 is ill-conceived even for achieving its own presumed goals -- the motivation for adding a consensus rule that applies to the version bits on blocks is surely for the effect such bits have on older software, such as Bitcoin Core releases 0.13.1 and later. Yet in trying to bring those implementations along as segwit-enforcing software, BIP 148 would risk forking from such clients in the short term! If one really cared about maintaining consensus with older, segwit-enabled software, it would make far more sense to seek segwit activation in a way that didn't fork from them (such as BIP 149, or a new BIP 9 deployment after this one times out). And if one doesn't care about such consensus, then it'd be far simpler to just set (e.g.) August 1 as the flag day activation of segwit, and not play these contortionist games with block version bits, which carry no useful or intrinsic meaning. Either of these two approaches should have the advantage of reduced fork risk, compared with BIP 148. Of course, everyone is free to run the software of their choosing. I write this to both generally convey my opposition to a careless proposal, which I believe represents a way of thinking that is detrimental to Bitcoin's long run success, and specifically explain why I oppose inclusion of this proposal in the Bitcoin Core implementation [3]. The Bitcoin Core project hasn't been, and shouldn't be, careless in deploying consensus changes. Instead, I think the Bitcoin Core project ought to stand up for the best practices that our community has learned about how to deploy such changes (specifically for minimizing chain-split risk when deploying a soft fork!), and I think we should all avoid adoption or encouragement of practices that would depart from the high standards we are capable of achieving. [1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017 -March/013811.html [2] https://github.com/bitcoin/bitcoin/pull/9955 [3] https://github.com/bitcoin/bitcoin/pull/10428#issuecomment-303098925 --Suhas Daftuar On Fri, Apr 14, 2017 at 3:56 AM, Gregory Maxwell via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I do not support the BIP148 UASF for some of the same reasons that I > do support segwit: Bitcoin is valuable in part because it has high > security and stability, segwit was carefully designed to support and > amplify that engineering integrity that people can count on now and > into the future. > > I do not feel the the approach proposed in BIP148 really measures up > to the standard set by segwit itself, or the existing best practices > in protocol development in this community. > > The primary flaw in BIP148 is that by forcing the activation of the > existing (non-UASF segwit) nodes it almost guarantees at a minor level > of disruption. > > Segwit was carefully engineered so that older unmodified miners could > continue operating _completely_ without interruption after segwit > activates. > > Older nodes will not include segwit spends, and so their blocks will > not be invalid even if they do not have segwit support. They can > upgrade to it on their own schedule. The only risk non-participating > miners take after segwit activation is that if someone else mines an > invalid block they would extend it, a risk many miners already > frequently take with spy-mining. > > I do not think it is a horrible proposal: it is better engineered than > many things that many altcoins do, but just not up to our normal > standards. I respect the motivations of the authors of BIP 148. If > your goal is the fastest possible segwit activation then it is very > useful to exploit the >80% of existing nodes that already support the > original version of segwit. > > But the fastest support should not be our goal, as a community-- there > is always some reckless altcoin or centralized system that can support > something faster than we can-- trying to match that would only erode > our distinguishing value in being well engineered and stable. > > "First do no harm." We should use the least disruptive mechanisms > available, and the BIP148 proposal does not meet that test. To hear > some people-- non-developers on reddit and such-- a few even see the > forced orphaning of 148 as a virtue, that it's punitive for > misbehaving miners. I could not not disagree with that perspective any > more strongly. > > Of course, I do not oppose the general concept of a UASF but > _generally_ a soft-fork (of any kind) does not need to risk disruption > of mining, just as segwit's activation does not. UASF are the > original kind of soft-fork and were the only kind of fork practiced by > Satoshi. P2SH was activated based on a date, and all prior ones were > based on times or heights. We introduced miner based activation as > part of a process of making Bitcoin more stable in the common case > where the ecosystem is all in harmony. It's kind of weird to see UASF > portrayed as something new. > > It's important the users not be at the mercy of any one part of the > ecosystem to the extent that we can avoid it-- be it developers, > exchanges, chat forums, or mining hardware makers. Ultimately the > rules of Bitcoin work because they're enforced by the users > collectively-- that is what makes Bitcoin Bitcoin, it's what makes it > something people can count on: the rules aren't easy to just change. > > There have been some other UASF proposals that avoid the forced > disruption-- by just defining a new witness bit and allowing > non-upgraded-to-uasf miners and nodes to continue as non-upgraded, I > think they are vastly superior. They would be slower to deploy, but I > do not think that is a flaw. > > We should have patience. Bitcoin is a system that should last for all > ages and power mankind for a long time-- ten years from now a couple > years of dispute will seem like nothing. But the reputation we earn > for stability and integrity, for being a system of money people can > count on will mean everything. > > If these discussions come up, they'll come up in the form of reminding > people that Bitcoin isn't easily changed at a whim, even when the > whims are obviously good, and how that protects it from being managed > like all the competing systems of money that the world used to use > were managed. :) > > So have patience, don't take short cuts. Segwit is a good improvement > and we should respect it by knowing that it's good enough to wait for, > and for however its activated to be done the best way we know how. > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --001a11458534fcfedd055021cd7b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I also do not support the BIP 148 UASF, and I'd like t= o add to the points that Greg has already raised in this thread.

BIP 148 would introduce a new consensus rule that softforks out no= n-segwit signalling blocks in some time period.=C2=A0 I reject this consens= us rule as both arbitrary and needlessly disruptive.=C2=A0 Bitcoin's pr= imary purpose is to reach consensus on the state of a shared ledger, and ev= en though I think the Bitcoin network ought to adopt segwit, I don't th= ink that concern trumps the goal of not splitting the network.
Many BIP 148 advocates seem to start with the assumption that = segwit already has a lot of support, and suggest that BIP 148 does as well.= =C2=A0 However I don't think it's fair or correct to separate the a= ctivation proposal for segwit from the rest of the segwit proposal.=C2=A0 T= he deployment parameters for segwit are consensus-critical; assuming that s= ome other deployment has consensus because it would result in the rest of t= he segwit proposal activating is an unjustified leap.

<= div>Even if there were no feasible alternate segwit deployment method avail= able to us, I would hesitate to recommend that the network adopt a potentia= lly consensus-splitting approach, even though I firmly believe that the ide= as behind segwit are fundamentally good ones.=C2=A0 But fortunately that is= not the situation we are in; we have substantially less disruptive methods= available to us to activate it, even if the current BIP 9 deployment were = to fail -- such as another BIP 9 deployment in the future, or perhaps a BIP= 149 deployment.

If we do pursue a "user-acti= vated" deployment of segwit, I'd recommend that we do so in a more= careful way than BIP 148 or 149 currently suggest, which as I understand w= ould otherwise make very few changes to the current implementation.=C2=A0 H= owever, due to the BIP 9 activation assumption, the Bitcoin Core 0.13.1 - 0= .14.0 segwit implementation largely lumps together the idea that miners wou= ld both enforce the rules and mine segwit blocks.=C2=A0 However, we can sep= arate these concerns, as we started to do in the Bitcoin Core 0.14.1 releas= e, where mining segwit blocks is not required in order to generally mine or= signal for segwit in the software.=C2=A0 And we can go further still: with= out too much work, we could make further improvements to accommodate miners= who, for whatever reason, don't want to upgrade their systems, such as= by improving block relay from pre-segwit peers [1], or optimizing transact= ion selection for miners who are willing to enforce the segwit rules but ha= ven't upgraded their systems to mine segwit blocks [2].

<= /div>
If we would seek to activate a soft-fork with less clear miner si= gnaling (such as BIP 149), then I think such improvements are warranted to = minimize network disruption.=C2=A0 In general, we should not seek to censor= hashpower on the network unless we have a very important reason for doing = so.=C2=A0 While the issues here are nuanced, if I were to evaluate the BIP = 148 soft-fork proposal on the spectrum of "censorship attack on Bitcoi= n" to "benign protocol upgrade", BIP 148 strikes me as close= r to the former than the latter.=C2=A0 There is simply no need here to orph= an these non-signalling blocks that could otherwise be used to secure the n= etwork.

To go further: I think BIP 148 is ill-conc= eived even for achieving its own presumed goals -- the motivation for addin= g a consensus rule that applies to the version bits on blocks is surely for= the effect such bits have on older software, such as Bitcoin Core releases= 0.13.1 and later.=C2=A0 Yet in trying to bring those implementations along= as segwit-enforcing software, BIP 148 would risk forking from such clients= in the short term!=C2=A0 If one really cared about maintaining consensus w= ith older, segwit-enabled software, it would make far more sense to seek se= gwit activation in a way that didn't fork from them (such as BIP 149, o= r a new BIP 9 deployment after this one times out).=C2=A0 And if one doesn&= #39;t care about such consensus, then it'd be far simpler to just set (= e.g.) August 1 as the flag day activation of segwit, and not play these con= tortionist games with block version bits, which carry no useful or intrinsi= c meaning.=C2=A0 Either of these two approaches should have the advantage o= f reduced fork risk, compared with BIP 148.

Of cou= rse, everyone is free to run the software of their choosing.=C2=A0 I write = this to both generally convey my opposition to a careless proposal, which I= believe represents a way of thinking that is detrimental to Bitcoin's = long run success, and specifically explain why I oppose inclusion of this p= roposal in the Bitcoin Core implementation [3].=C2=A0 The Bitcoin Core proj= ect hasn't been, and shouldn't be, careless in deploying consensus = changes.=C2=A0 Instead, I think the Bitcoin Core project ought to stand up = for the best practices that our community has learned about how to deploy s= uch changes (specifically for minimizing chain-split risk when deploying a = soft fork!), and I think we should all avoid adoption or encouragement of p= ractices that would depart from the high standards we are capable of achiev= ing.




--Suhas Daftuar


On Fri, Apr 14, 2017 at 3:56 AM, Gregory Maxwell via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wr= ote:
I do not support the BIP148 UASF for= some of the same reasons that I
do support segwit:=C2=A0 Bitcoin is valuable in part because it has high security and stability, segwit was carefully designed to support and
amplify that engineering integrity that people can count on now and
into the future.

I do not feel the the approach proposed in BIP148 really measures up
to the standard set by segwit itself, or the existing best practices
in protocol development in this community.

The primary flaw in BIP148 is that by forcing the activation of the
existing (non-UASF segwit) nodes it almost guarantees at a minor level
of disruption.

Segwit was carefully engineered so that older unmodified miners could
continue operating _completely_ without interruption after segwit
activates.

Older nodes will not include segwit spends, and so their blocks will
not be invalid even if they do not have segwit support. They can
upgrade to it on their own schedule. The only risk non-participating
miners take after segwit activation is that if someone else mines an
invalid block they would extend it, a risk many miners already
frequently take with spy-mining.

I do not think it is a horrible proposal: it is better engineered than
many things that many altcoins do, but just not up to our normal
standards. I respect the motivations of the authors of BIP 148.=C2=A0 If your goal is the fastest possible segwit activation then it is very
useful to exploit the >80% of existing nodes that already support the original version of segwit.

But the fastest support should not be our goal, as a community-- there
is always some reckless altcoin or centralized system that can support
something faster than we can-- trying to match that would only erode
our distinguishing value in being well engineered and stable.

"First do no harm." We should use the least disruptive mechanisms=
available, and the BIP148 proposal does not meet that test.=C2=A0 To hear some people-- non-developers on reddit and such-- a few even see the
forced orphaning of 148 as a virtue, that it's punitive for
misbehaving miners. I could not not disagree with that perspective any
more strongly.

Of course, I do not oppose the general concept of a UASF but
_generally_ a soft-fork (of any kind) does not need to risk disruption
of mining, just as segwit's activation does not.=C2=A0 UASF are the
original kind of soft-fork and were the only kind of fork practiced by
Satoshi. P2SH was activated based on a date, and all prior ones were
based on times or heights.=C2=A0 We introduced miner based activation as part of a process of making Bitcoin more stable in the common case
where the ecosystem is all in harmony.=C2=A0 It's kind of weird to see = UASF
portrayed as something new.

It's important the users not be at the mercy of any one part of the
ecosystem to the extent that we can avoid it-- be it developers,
exchanges, chat forums, or mining hardware makers.=C2=A0 Ultimately the
rules of Bitcoin work because they're enforced by the users
collectively-- that is what makes Bitcoin Bitcoin, it's what makes it something people can count on: the rules aren't easy to just change.
There have been some other UASF proposals that avoid the forced
disruption-- by just defining a new witness bit and allowing
non-upgraded-to-uasf miners and nodes to continue as non-upgraded, I
think they are vastly superior. They would be slower to deploy, but I
do not think that is a flaw.

We should have patience. Bitcoin is a system that should last for all
ages and power mankind for a long time-- ten years from now a couple
years of dispute will seem like nothing. But the reputation we earn
for stability and integrity, for being a system of money people can
count on will mean everything.

If these discussions come up, they'll come up in the form of reminding<= br> people that Bitcoin isn't easily changed at a whim, even when the
whims are obviously good, and how that protects it from being managed
like all the competing systems of money that the world used to use
were managed. :)

So have patience, don't take short cuts.=C2=A0 Segwit is a good improve= ment
and we should respect it by knowing that it's good enough to wait for,<= br> and for however its activated to be done the best way we know how.
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev

--001a11458534fcfedd055021cd7b--