Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <jrn@jrn.me.uk>) id 1YMe0M-000819-7u for bitcoin-development@lists.sourceforge.net; Sat, 14 Feb 2015 14:47:34 +0000 X-ACL-Warn: Received: from hapkido.dreamhost.com ([66.33.216.122]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1YMe0K-0004HM-Dp for bitcoin-development@lists.sourceforge.net; Sat, 14 Feb 2015 14:47:34 +0000 Received: from homiemail-a37.g.dreamhost.com (homie.mail.dreamhost.com [208.97.132.208]) by hapkido.dreamhost.com (Postfix) with ESMTP id 1E2B89757D for <bitcoin-development@lists.sourceforge.net>; Sat, 14 Feb 2015 06:47:27 -0800 (PST) Received: from homiemail-a37.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a37.g.dreamhost.com (Postfix) with ESMTP id 7720320806B for <bitcoin-development@lists.sourceforge.net>; Sat, 14 Feb 2015 06:47:21 -0800 (PST) Received: from [10.9.1.130] (unknown [89.238.129.18]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jrn@jrn.me.uk) by homiemail-a37.g.dreamhost.com (Postfix) with ESMTPSA id D27C3208063 for <bitcoin-development@lists.sourceforge.net>; Sat, 14 Feb 2015 06:47:20 -0800 (PST) Message-ID: <54DF5FF6.4010000@jrn.me.uk> Date: Sat, 14 Feb 2015 14:47:18 +0000 From: Ross Nicoll <jrn@jrn.me.uk> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net References: <20150212064719.GA6563@savin.petertodd.org> <CANEZrP2uVT_UqJbzyQcEbiS78T68Jj2cH7OGXv5QtYiCwArDdA@mail.gmail.com> <CAE28kUQ87jWhq1p6RK1eKEuEP1ERxN_P2SS0=YsFEGAqRyMPLA@mail.gmail.com> <CANEZrP2H2T2QFZceCc=YzwwiApJy7kY7FN0LoAZODGbW12SYsw@mail.gmail.com> <CAE28kURa8g3YTPi-GHKAt4v0csxXe=QhGhV3aQcDZGSr=Lb7RQ@mail.gmail.com> <CANEZrP2hAUsRfeXUo-DLiiRmG5uJcwFuP4=o1S6Fb7ts5Ud=bw@mail.gmail.com> <CADJgMztrzMh8=Y6SD-JV1hpTTbGB8Y2u=59bQhGtF6h3+Ei_Ew@mail.gmail.com> <356E7F6E-300A-4127-9885-2183FB1DE447@gmail.com> <54DCECE4.3020802@riseup.net> <CAJfRnm4OBEJPW-6CiY5fQ1kUYppDnTtZfLF_YpBEaB8ovzx9og@mail.gmail.com> <54DCFBB5.3080202@gmail.com> <54DD003E.2060508@riseup.net> <CAJfRnm5d2WcZw3eRjN-cLajwTM0iF_o7OCPc+dkv+s-p3e9nLg@mail.gmail.com> <54DD046B.3070507@riseup.net> <CAJfRnm7GUA8XJEtFhQyJBj54qcdhLXGm+iof=7fr_its3DJZGw@mail.gmail.com> In-Reply-To: <CAJfRnm7GUA8XJEtFhQyJBj54qcdhLXGm+iof=7fr_its3DJZGw@mail.gmail.com> Content-Type: multipart/alternative; boundary="------------050505060006010909060304" X-Spam-Score: 0.9 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [66.33.216.122 listed in list.dnswl.org] 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YMe0K-0004HM-Dp Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Sat, 14 Feb 2015 14:47:34 -0000 This is a multi-part message in MIME format. --------------050505060006010909060304 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arriving slightly late to the discussion, apologies. Personally I wouldn't have written that patch, but I know development of hostile patches happens out of sight, and if it can be written, we have to presume it will be written eventually. I'd have preferred a patch that only replaced non-final txes, which is the use-case I have for transaction replacement, but that's easy to add back in. I'm certainly not terribly convinced of the security of vanilla zero-confirmation transactions myself, for reasons including but not limited to this case. I also think it's important to understand that people do make irrational decisions, and trusting network security on everyone behaving perfectly rationally is not a workable model either. TLDR; me too Ross On 12/02/15 20:36, Allen Piscitello wrote: > You keep making moral judgements. Reality is, if you live in a world with > arsonists, you need to have a building that won't catch on fire, or has > fire extinguishers in place. Do not depend on arsonists ignoring you > forever as your security model. Penetration testing to know what > weaknesses exist, what limitations exist, and what can be improved is > essential. Keeping your head in the sand and hoping people choose to do > the right thing only ends one way. > > On Thu, Feb 12, 2015 at 1:52 PM, Justus Ranvier <justusranvier@riseup.net> > wrote: > > On 02/12/2015 07:47 PM, Allen Piscitello wrote: > >>> Nothing will stop that. Bitcoin needs to deal with those issues, > >>> not stick our heads in the sand and pretend they don't exist out of > >>> benevolence. This isn't a pet solution, but the rules of the > >>> protocol and what is realistically possible given the nature of > >>> distributed consensus. Relying on altruism is a recipe for > >>> failure. > > If there's a risk of fire burning down wooden buildings, pass out fire > extinguishers and smoke detectors, not matches. > > The latter makes one an arsonist. > >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming. The Go Parallel Website, >> sponsored by Intel and developed in partnership with Slashdot Media, is >> your >> hub for all things parallel software development, from weekly thought >> leadership blogs to news, videos, case studies, tutorials and more. Take a >> look and join the conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJU31/yAAoJEJFC5fflM8475YIIAI7nxgxUdkKiMePMqtvPOi25 U+WCxjvIK0ZRTAV30POC7fKLT2mK0gPusSS7LtNJpPKvpC98VcSD5HWE49K80Yo9 9+QI7X7xBau1jjLo+27uOex0bJ6JwP1DSMpC12AQbMmi4FnyG+M5FMkr5/OnSxeF cd4lT2UF7yTJPRy0+A9LwertL5Sv1yeOJJ9jtWuXgixapmHN+1Zm2VkGnur55V64 vnonlixlUMwnZNxDVoRhjTWm1P/lmCejvmvTRvcBomUlAEgRQF4TtF4YMBYXS97S 5WYrxOHLgTfTWr3FJuOnd+CVBRgZGw3u30ktaSErelyMG19lJOusBPdHTQFkV30= =eWPj -----END PGP SIGNATURE----- --------------050505060006010909060304 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable <html> <head> <meta content=3D"text/html; charset=3Dwindows-1252" http-equiv=3D"Content-Type"> </head> <body text=3D"#000000" bgcolor=3D"#FFFFFF"> <br> -----BEGIN PGP SIGNED MESSAGE-----<br> Hash: SHA1<br> <br> Arriving slightly late to the discussion, apologies.<br> <br> Personally I wouldn't have written that patch, but I know development of hostile patches happens out of sight, and if it can be written, we have to presume it will be written eventually. I'd have preferred a patch that only replaced non-final txes, which is the use-case I have for transaction replacement, but that's easy to add back in.<br> <br> I'm certainly not terribly convinced of the security of vanilla zero-confirmation transactions myself, for reasons including but not limited to this case. I also think it's important to understand that people do make irrational decisions, and trusting network security on everyone behaving perfectly rationally is not a workable model either.<br> <br> TLDR; me too<br> <br> Ross<br> <br> On 12/02/15 20:36, Allen Piscitello wrote:<br> <span style=3D"white-space: pre;">> You keep making moral judgements.=A0 Reality is, if you live in a world with<br> > arsonists, you need to have a building that won't catch on fire, or has<br> > fire extinguishers in place.=A0 Do not depend on arsonists ignoring you<br> > forever as your security model.=A0 Penetration testing to know what<br> > weaknesses exist, what limitations exist, and what can be improved is<br> > essential.=A0 Keeping your head in the sand and hoping people choose to do<br> > the right thing only ends one way.<br> ><br> > On Thu, Feb 12, 2015 at 1:52 PM, Justus Ranvier <a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:justusranvier@ris= eup.net"><justusranvier@riseup.net></a><br> > wrote:<br> ><br> > On 02/12/2015 07:47 PM, Allen Piscitello wrote:<br> > >>> Nothing will stop that.=A0 Bitcoin needs to deal with those issues,<br> > >>> not stick our heads in the sand and pretend they don't exist out of<br> > >>> benevolence. This isn't a pet solution, but the rules of the<br> > >>> protocol and what is realistically possible given the nature of<br> > >>> distributed consensus.=A0 Relying on altruism is = a recipe for<br> > >>> failure.<br> ><br> > If there's a risk of fire burning down wooden buildings, pass out fire<br> > extinguishers and smoke detectors, not matches.<br> ><br> > The latter makes one an arsonist.<br> ><br> >><br> >><br> >> -------------------------------------------------------------------------= -----<br> >> Dive into the World of Parallel Programming. The Go Parallel Website,<br> >> sponsored by Intel and developed in partnership with Slashdot Media, is<br> >> your<br> >> hub for all things parallel software development, from weekly thought<br> >> leadership blogs to news, videos, case studies, tutorials and more. Take a<br> >> look and join the conversation now. <a class=3D"moz-txt-link-freetext" href=3D"http://goparallel.source= forge.net/">http://goparallel.sourceforge.net/</a><br> >> _______________________________________________<br> >> Bitcoin-development mailing list<br> >> <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:Bitco= in-development@lists.sourceforge.net">Bitcoin-development@lists.sourcefor= ge.net</a><br> >> <a class=3D"moz-txt-link-freetext" href=3D"https://lists.sourceforg= e.net/lists/listinfo/bitcoin-development">https://lists.sourceforge.net/l= ists/listinfo/bitcoin-development</a><br> >><br> >><br> ><br> ><br> ><br> > -------------------------------------------------------------------------= -----<br> > Dive into the World of Parallel Programming. The Go Parallel Website,<br> > sponsored by Intel and developed in partnership with Slashdot Media, is your<br> > hub for all things parallel software development, from weekly thought<br> > leadership blogs to news, videos, case studies, tutorials and more. Take a<br> > look and join the conversation now. <a class=3D"moz-txt-link-freetext" href=3D"http://goparallel.source= forge.net/">http://goparallel.sourceforge.net/</a><br> ><br> ><br> > _______________________________________________<br> > Bitcoin-development mailing list<br> > <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:Bitcoin-d= evelopment@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.n= et</a><br> > <a class=3D"moz-txt-link-freetext" href=3D"https://lists.sourceforg= e.net/lists/listinfo/bitcoin-development">https://lists.sourceforge.net/l= ists/listinfo/bitcoin-development</a></span><br> <br> -----BEGIN PGP SIGNATURE-----<br> Version: GnuPG v1<br> <br> iQEcBAEBAgAGBQJU31/yAAoJEJFC5fflM8475YIIAI7nxgxUdkKiMePMqtvPOi25<br> U+WCxjvIK0ZRTAV30POC7fKLT2mK0gPusSS7LtNJpPKvpC98VcSD5HWE49K80Yo9<br> 9+QI7X7xBau1jjLo+27uOex0bJ6JwP1DSMpC12AQbMmi4FnyG+M5FMkr5/OnSxeF<br> cd4lT2UF7yTJPRy0+A9LwertL5Sv1yeOJJ9jtWuXgixapmHN+1Zm2VkGnur55V64<br> vnonlixlUMwnZNxDVoRhjTWm1P/lmCejvmvTRvcBomUlAEgRQF4TtF4YMBYXS97S<br> 5WYrxOHLgTfTWr3FJuOnd+CVBRgZGw3u30ktaSErelyMG19lJOusBPdHTQFkV30=3D<br= > =3DeWPj<br> -----END PGP SIGNATURE-----<br> <br> </body> </html> --------------050505060006010909060304--