Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z4Rkw-0004hg-Oo for bitcoin-development@lists.sourceforge.net; Mon, 15 Jun 2015 10:36:42 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.169 as permitted sender) client-ip=209.85.212.169; envelope-from=mh.in.england@gmail.com; helo=mail-wi0-f169.google.com; Received: from mail-wi0-f169.google.com ([209.85.212.169]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z4Rkv-0001WQ-IE for bitcoin-development@lists.sourceforge.net; Mon, 15 Jun 2015 10:36:42 +0000 Received: by wiga1 with SMTP id a1so72795697wig.0 for ; Mon, 15 Jun 2015 03:36:35 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.194.59.98 with SMTP id y2mr7657785wjq.42.1434364595542; Mon, 15 Jun 2015 03:36:35 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.28.14.196 with HTTP; Mon, 15 Jun 2015 03:36:35 -0700 (PDT) In-Reply-To: References: Date: Mon, 15 Jun 2015 12:36:35 +0200 X-Google-Sender-Auth: Rxxl3uQtE5Lp83dqTeZQLnTukUI Message-ID: From: Mike Hearn To: Pieter Wuille Content-Type: multipart/alternative; boundary=047d7ba978a032212405188c0851 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Z4Rkv-0001WQ-IE Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] comments on BIP 100 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 10:36:42 -0000 --047d7ba978a032212405188c0851 Content-Type: text/plain; charset=UTF-8 > > Since you keep bringing this up, I'll try to clarify this once again. > I understand the arguments against it. And I think you are agreeing with me - Adam is bemoaning the way developers outsource stuff to third party services, and suggesting it is relevant to the block size debate. And we are saying, no, it's happening because it's easier than doing things in a decentralised way. > If you can't do that, and are just aiming for removing central points of > failure, run a bunch of servers yourself, and let others run their own. > That sounds remarkably close to what you actually did, actually... > Right. There's a deeper issue here. The sort of 'trustless' querying of the UTXO set that was demanded from me is impossible even with commitments, because the answer can change the moment you receive it. All it takes is a new block or new transaction to be broadcast a split second after you download and use the data, and suddenly what you did is incorrect no matter how many proofs you verified! The only way to know this has happened is to be a full node and download all transactions yourself ... and even then, you are trusting your peers to actually relay you all transactions and not a subset. So in the end you can never achieve perfection, only get closer to it. But that situation is *fine* for many use cases, like showing someone a snapshot of their crowdfund in a user interface. We just accept that what we see on the screen may lag behind reality. It happens all the time with all kinds of non-Bitcoin apps. We accept that there may be cases where the answer we get is wrong. The software can nevertheless still be useful. So Lighthouse compromises. It queries multiple peers and cross-references their answers. If their answers don't match it shows an error on the screen and won't show the user any status for their crowdfund at all. This error has never occurred. Maybe one day it will. So the app gets more decentralisation, more robustness, and accepts that the user interface might one day show a wrong answer if the P2P network starts lying (or your internet connection is hacked, but the right fix for that is P2P encryption). Unfortunately this sort of balance-of-risks approach is considered a non-starter in Bitcoin Core. So why would developers even try? The message sent was clear: even if you have an approach you think will work, don't bother. Much easier to just outsource to a trusted service indeed. --047d7ba978a032212405188c0851 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Since you keep bringing this up, I'll try t= o clarify this once again.
I understand the arguments against it. And I think you are agre= eing with me - Adam is bemoaning the way developers outsource stuff to thir= d party services, and suggesting it is relevant to the block size debate. A= nd we are saying, no, it's happening because it's easier than doing= things in a decentralised way.
=C2=A0
If you can't do that, and are just aiming for removing centr= al points of failure, run a bunch of servers yourself, and let others run t= heir own. That sounds remarkably close to what you actually did, actually..= .

Right. There&= #39;s a deeper issue here. The sort of 'trustless' querying of the = UTXO set that was demanded from me is impossible even with commitments, bec= ause the answer can change the moment you receive it. All it takes is a new= block or new transaction to be broadcast a split second after you download= and use the data, and suddenly what you did is incorrect no matter how man= y proofs you verified!

The only way to know this h= as happened is to be a full node and download all transactions yourself ...= and even then, you are trusting your peers to actually relay you all trans= actions and not a subset. So in the end you can never achieve perfection, o= nly get closer to it.

But that situation is=C2=A0<= i>fine=C2=A0for many use cases, like showing someone a snapshot of thei= r crowdfund in a user interface. We just accept that what we see on the scr= een may lag behind reality. It happens all the time with all kinds of non-B= itcoin apps. We accept that there may be cases where the answer we get is w= rong. The software can nevertheless still be useful.

So Lighthouse compromises. It queries multiple peers and cross-reference= s their answers. If their answers don't match it shows an error on the = screen and won't show the user any status for their crowdfund at all. T= his error has never occurred. Maybe one day it will. So the app gets more d= ecentralisation, more robustness, and accepts that the user interface might= one day show a wrong answer if the P2P network starts lying (or your inter= net connection is hacked, but the right fix for that is P2P encryption).

Unfortunately this sort of balance-of-risks approach= is considered a non-starter in Bitcoin Core. So why would developers even = try? The message sent was clear: =C2=A0even if you have an approach you thi= nk will work, don't bother.

Much easier to jus= t outsource to a trusted service indeed.

--047d7ba978a032212405188c0851--