Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <jrn@jrn.me.uk>) id 1YMe0M-000819-7u
	for bitcoin-development@lists.sourceforge.net;
	Sat, 14 Feb 2015 14:47:34 +0000
X-ACL-Warn: 
Received: from hapkido.dreamhost.com ([66.33.216.122])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1YMe0K-0004HM-Dp for bitcoin-development@lists.sourceforge.net;
	Sat, 14 Feb 2015 14:47:34 +0000
Received: from homiemail-a37.g.dreamhost.com (homie.mail.dreamhost.com
	[208.97.132.208])
	by hapkido.dreamhost.com (Postfix) with ESMTP id 1E2B89757D
	for <bitcoin-development@lists.sourceforge.net>;
	Sat, 14 Feb 2015 06:47:27 -0800 (PST)
Received: from homiemail-a37.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a37.g.dreamhost.com (Postfix) with ESMTP id 7720320806B
	for <bitcoin-development@lists.sourceforge.net>;
	Sat, 14 Feb 2015 06:47:21 -0800 (PST)
Received: from [10.9.1.130] (unknown [89.238.129.18])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: jrn@jrn.me.uk)
	by homiemail-a37.g.dreamhost.com (Postfix) with ESMTPSA id D27C3208063
	for <bitcoin-development@lists.sourceforge.net>;
	Sat, 14 Feb 2015 06:47:20 -0800 (PST)
Message-ID: <54DF5FF6.4010000@jrn.me.uk>
Date: Sat, 14 Feb 2015 14:47:18 +0000
From: Ross Nicoll <jrn@jrn.me.uk>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: bitcoin-development@lists.sourceforge.net
References: <20150212064719.GA6563@savin.petertodd.org>	<CANEZrP2uVT_UqJbzyQcEbiS78T68Jj2cH7OGXv5QtYiCwArDdA@mail.gmail.com>	<CAE28kUQ87jWhq1p6RK1eKEuEP1ERxN_P2SS0=YsFEGAqRyMPLA@mail.gmail.com>	<CANEZrP2H2T2QFZceCc=YzwwiApJy7kY7FN0LoAZODGbW12SYsw@mail.gmail.com>	<CAE28kURa8g3YTPi-GHKAt4v0csxXe=QhGhV3aQcDZGSr=Lb7RQ@mail.gmail.com>	<CANEZrP2hAUsRfeXUo-DLiiRmG5uJcwFuP4=o1S6Fb7ts5Ud=bw@mail.gmail.com>	<CADJgMztrzMh8=Y6SD-JV1hpTTbGB8Y2u=59bQhGtF6h3+Ei_Ew@mail.gmail.com>	<356E7F6E-300A-4127-9885-2183FB1DE447@gmail.com>	<54DCECE4.3020802@riseup.net>	<CAJfRnm4OBEJPW-6CiY5fQ1kUYppDnTtZfLF_YpBEaB8ovzx9og@mail.gmail.com>	<54DCFBB5.3080202@gmail.com>
	<54DD003E.2060508@riseup.net>	<CAJfRnm5d2WcZw3eRjN-cLajwTM0iF_o7OCPc+dkv+s-p3e9nLg@mail.gmail.com>	<54DD046B.3070507@riseup.net>
	<CAJfRnm7GUA8XJEtFhQyJBj54qcdhLXGm+iof=7fr_its3DJZGw@mail.gmail.com>
In-Reply-To: <CAJfRnm7GUA8XJEtFhQyJBj54qcdhLXGm+iof=7fr_its3DJZGw@mail.gmail.com>
Content-Type: multipart/alternative;
	boundary="------------050505060006010909060304"
X-Spam-Score: 0.9 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [66.33.216.122 listed in list.dnswl.org]
	1.0 HTML_MESSAGE           BODY: HTML included in message
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YMe0K-0004HM-Dp
Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 14 Feb 2015 14:47:34 -0000

This is a multi-part message in MIME format.
--------------050505060006010909060304
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arriving slightly late to the discussion, apologies.

Personally I wouldn't have written that patch, but I know development of
hostile patches happens out of sight, and if it can be written, we have
to presume it will be written eventually. I'd have preferred a patch
that only replaced non-final txes, which is the use-case I have for
transaction replacement, but that's easy to add back in.

I'm certainly not terribly convinced of the security of vanilla
zero-confirmation transactions myself, for reasons including but not
limited to this case. I also think it's important to understand that
people do make irrational decisions, and trusting network security on
everyone behaving perfectly rationally is not a workable model either.

TLDR; me too

Ross

On 12/02/15 20:36, Allen Piscitello wrote:
> You keep making moral judgements.  Reality is, if you live in a world with
> arsonists, you need to have a building that won't catch on fire, or has
> fire extinguishers in place.  Do not depend on arsonists ignoring you
> forever as your security model.  Penetration testing to know what
> weaknesses exist, what limitations exist, and what can be improved is
> essential.  Keeping your head in the sand and hoping people choose to do
> the right thing only ends one way.
>
> On Thu, Feb 12, 2015 at 1:52 PM, Justus Ranvier <justusranvier@riseup.net>
> wrote:
>
> On 02/12/2015 07:47 PM, Allen Piscitello wrote:
> >>> Nothing will stop that.  Bitcoin needs to deal with those issues,
> >>> not stick our heads in the sand and pretend they don't exist out of
> >>> benevolence. This isn't a pet solution, but the rules of the
> >>> protocol and what is realistically possible given the nature of
> >>> distributed consensus.  Relying on altruism is a recipe for
> >>> failure.
>
> If there's a risk of fire burning down wooden buildings, pass out fire
> extinguishers and smoke detectors, not matches.
>
> The latter makes one an arsonist.
>
>>
>>
>>
------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more.
Take a
>> look and join the conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>
>
>
>
------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media,
is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJU31/yAAoJEJFC5fflM8475YIIAI7nxgxUdkKiMePMqtvPOi25
U+WCxjvIK0ZRTAV30POC7fKLT2mK0gPusSS7LtNJpPKvpC98VcSD5HWE49K80Yo9
9+QI7X7xBau1jjLo+27uOex0bJ6JwP1DSMpC12AQbMmi4FnyG+M5FMkr5/OnSxeF
cd4lT2UF7yTJPRy0+A9LwertL5Sv1yeOJJ9jtWuXgixapmHN+1Zm2VkGnur55V64
vnonlixlUMwnZNxDVoRhjTWm1P/lmCejvmvTRvcBomUlAEgRQF4TtF4YMBYXS97S
5WYrxOHLgTfTWr3FJuOnd+CVBRgZGw3u30ktaSErelyMG19lJOusBPdHTQFkV30=
=eWPj
-----END PGP SIGNATURE-----


--------------050505060006010909060304
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta content=3D"text/html; charset=3Dwindows-1252"
      http-equiv=3D"Content-Type">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <br>
    -----BEGIN PGP SIGNED MESSAGE-----<br>
    Hash: SHA1<br>
    <br>
    Arriving slightly late to the discussion, apologies.<br>
    <br>
    Personally I wouldn't have written that patch, but I know
    development of hostile patches happens out of sight, and if it can
    be written, we have to presume it will be written eventually. I'd
    have preferred a patch that only replaced non-final txes, which is
    the use-case I have for transaction replacement, but that's easy to
    add back in.<br>
    <br>
    I'm certainly not terribly convinced of the security of vanilla
    zero-confirmation transactions myself, for reasons including but not
    limited to this case. I also think it's important to understand that
    people do make irrational decisions, and trusting network security
    on everyone behaving perfectly rationally is not a workable model
    either.<br>
    <br>
    TLDR; me too<br>
    <br>
    Ross<br>
    <br>
    On 12/02/15 20:36, Allen Piscitello wrote:<br>
    <span style=3D"white-space: pre;">&gt; You keep making moral
      judgements.=A0 Reality is, if you live in a world with<br>
      &gt; arsonists, you need to have a building that won't catch on
      fire, or has<br>
      &gt; fire extinguishers in place.=A0 Do not depend on arsonists
      ignoring you<br>
      &gt; forever as your security model.=A0 Penetration testing to know
      what<br>
      &gt; weaknesses exist, what limitations exist, and what can be
      improved is<br>
      &gt; essential.=A0 Keeping your head in the sand and hoping people
      choose to do<br>
      &gt; the right thing only ends one way.<br>
      &gt;<br>
      &gt; On Thu, Feb 12, 2015 at 1:52 PM, Justus Ranvier
      <a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:justusranvier@ris=
eup.net">&lt;justusranvier@riseup.net&gt;</a><br>
      &gt; wrote:<br>
      &gt;<br>
      &gt; On 02/12/2015 07:47 PM, Allen Piscitello wrote:<br>
      &gt; &gt;&gt;&gt; Nothing will stop that.=A0 Bitcoin needs to deal
      with those issues,<br>
      &gt; &gt;&gt;&gt; not stick our heads in the sand and pretend they
      don't exist out of<br>
      &gt; &gt;&gt;&gt; benevolence. This isn't a pet solution, but the
      rules of the<br>
      &gt; &gt;&gt;&gt; protocol and what is realistically possible
      given the nature of<br>
      &gt; &gt;&gt;&gt; distributed consensus.=A0 Relying on altruism is =
a
      recipe for<br>
      &gt; &gt;&gt;&gt; failure.<br>
      &gt;<br>
      &gt; If there's a risk of fire burning down wooden buildings, pass
      out fire<br>
      &gt; extinguishers and smoke detectors, not matches.<br>
      &gt;<br>
      &gt; The latter makes one an arsonist.<br>
      &gt;<br>
      &gt;&gt;<br>
      &gt;&gt;<br>
      &gt;&gt;
-------------------------------------------------------------------------=
-----<br>
      &gt;&gt; Dive into the World of Parallel Programming. The Go
      Parallel Website,<br>
      &gt;&gt; sponsored by Intel and developed in partnership with
      Slashdot Media, is<br>
      &gt;&gt; your<br>
      &gt;&gt; hub for all things parallel software development, from
      weekly thought<br>
      &gt;&gt; leadership blogs to news, videos, case studies, tutorials
      and more. Take a<br>
      &gt;&gt; look and join the conversation now.
      <a class=3D"moz-txt-link-freetext" href=3D"http://goparallel.source=
forge.net/">http://goparallel.sourceforge.net/</a><br>
      &gt;&gt; _______________________________________________<br>
      &gt;&gt; Bitcoin-development mailing list<br>
      &gt;&gt; <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:Bitco=
in-development@lists.sourceforge.net">Bitcoin-development@lists.sourcefor=
ge.net</a><br>
      &gt;&gt;
      <a class=3D"moz-txt-link-freetext" href=3D"https://lists.sourceforg=
e.net/lists/listinfo/bitcoin-development">https://lists.sourceforge.net/l=
ists/listinfo/bitcoin-development</a><br>
      &gt;&gt;<br>
      &gt;&gt;<br>
      &gt;<br>
      &gt;<br>
      &gt;<br>
      &gt;
-------------------------------------------------------------------------=
-----<br>
      &gt; Dive into the World of Parallel Programming. The Go Parallel
      Website,<br>
      &gt; sponsored by Intel and developed in partnership with Slashdot
      Media, is your<br>
      &gt; hub for all things parallel software development, from weekly
      thought<br>
      &gt; leadership blogs to news, videos, case studies, tutorials and
      more. Take a<br>
      &gt; look and join the conversation now.
      <a class=3D"moz-txt-link-freetext" href=3D"http://goparallel.source=
forge.net/">http://goparallel.sourceforge.net/</a><br>
      &gt;<br>
      &gt;<br>
      &gt; _______________________________________________<br>
      &gt; Bitcoin-development mailing list<br>
      &gt; <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:Bitcoin-d=
evelopment@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.n=
et</a><br>
      &gt;
      <a class=3D"moz-txt-link-freetext" href=3D"https://lists.sourceforg=
e.net/lists/listinfo/bitcoin-development">https://lists.sourceforge.net/l=
ists/listinfo/bitcoin-development</a></span><br>
    <br>
    -----BEGIN PGP SIGNATURE-----<br>
    Version: GnuPG v1<br>
    <br>
    iQEcBAEBAgAGBQJU31/yAAoJEJFC5fflM8475YIIAI7nxgxUdkKiMePMqtvPOi25<br>
    U+WCxjvIK0ZRTAV30POC7fKLT2mK0gPusSS7LtNJpPKvpC98VcSD5HWE49K80Yo9<br>
    9+QI7X7xBau1jjLo+27uOex0bJ6JwP1DSMpC12AQbMmi4FnyG+M5FMkr5/OnSxeF<br>
    cd4lT2UF7yTJPRy0+A9LwertL5Sv1yeOJJ9jtWuXgixapmHN+1Zm2VkGnur55V64<br>
    vnonlixlUMwnZNxDVoRhjTWm1P/lmCejvmvTRvcBomUlAEgRQF4TtF4YMBYXS97S<br>
    5WYrxOHLgTfTWr3FJuOnd+CVBRgZGw3u30ktaSErelyMG19lJOusBPdHTQFkV30=3D<br=
>
    =3DeWPj<br>
    -----END PGP SIGNATURE-----<br>
    <br>
  </body>
</html>

--------------050505060006010909060304--