1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
Return-Path: <rryananizer@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id D281CC0D
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 9 Dec 2015 06:36:27 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f180.google.com (mail-io0-f180.google.com
[209.85.223.180])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9503F107
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 9 Dec 2015 06:36:23 +0000 (UTC)
Received: by iofh3 with SMTP id h3so49344087iof.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 08 Dec 2015 22:36:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=KjntKa94AFzQaXw9/NOynwpqP9pbEidQw8e6n3mXng4=;
b=qweWKikYu7SMVWHmDEmmB6cnXB0/bnkSyQaTDJUgTXhcPyPDw/meOynTBez77C74vh
RqckCSQWyrhaLso1VQmp7snGYMwfZQ3cqNGvRTypv8Xkj6Ah61QIhcFC+Pjoxdv9aRpb
cOQgxxST3P/e2aAZ5F6AQxBpgjwpBTDgjejJ5gBAioPxhZF0DcpJEXH6B5KlX0Nfa8fh
/QthmifaUs/yKHuavzRsr/VyhlFjplfPPOMlz/uT4ls7cbwlFvX6Zppm1XDhbndzFvRv
2v+3JnTI6yvlnosxM4dcPwyxQcnvPJU0EybdyrchvF32fgibLQqlqbEvrtF0c0VQDrNO
r1Xw==
MIME-Version: 1.0
X-Received: by 10.107.14.137 with SMTP id 131mr3607442ioo.69.1449642983023;
Tue, 08 Dec 2015 22:36:23 -0800 (PST)
Received: by 10.107.137.226 with HTTP; Tue, 8 Dec 2015 22:36:22 -0800 (PST)
In-Reply-To: <CAAS2fgS-jjEVeHf_LErppTadtAaSeBum+KiGHpoo=Jz5BZArsQ@mail.gmail.com>
References: <CAAS2fgQyVs1fAEj+vqp8E2=FRnqsgs7VUKqALNBHNxRMDsHdVg@mail.gmail.com>
<20151208110752.GA31180@amethyst.visucore.com>
<CABm2gDpcek=u=Rpe68EMOq6M7Bji9J=s5VvoQWKRqaQDAP5kTw@mail.gmail.com>
<CABsx9T1wga3Tandoe2mVGSKdHJytHoc9Ko7HRm2SvJXABEFk9w@mail.gmail.com>
<CAAS2fgTGYSiAJHZq80rD4UieV8XetS=W0b45b5onWAS9gF-F7g@mail.gmail.com>
<CABsx9T1i50Gvxj18W=n2mYGNpsMrSkDT26CdA3aQqT5FFN86yw@mail.gmail.com>
<CAAS2fgSxpSat3VOje3-C4zgaRUVJVx-eRJbSYJqhvfR5SvCDwA@mail.gmail.com>
<CAF_2MyUJMdJyh7FKq6UYCtwJZQ59i-pnWT_tFEK5EQx65iwHDQ@mail.gmail.com>
<CAAS2fgS-jjEVeHf_LErppTadtAaSeBum+KiGHpoo=Jz5BZArsQ@mail.gmail.com>
Date: Wed, 9 Dec 2015 00:36:22 -0600
Message-ID: <CAF_2MyWd7a5_yJt8D1uY7V-QqWYCcigR0ubuJwoyxz=yAyMpVw@mail.gmail.com>
From: Ryan Butler <rryananizer@gmail.com>
To: Gregory Maxwell <greg@xiph.org>
Content-Type: multipart/alternative; boundary=001a113fdfd20e11cd0526714fff
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 09 Dec 2015 06:37:54 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Capacity increases for the Bitcoin system.
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2015 06:36:27 -0000
--001a113fdfd20e11cd0526714fff
Content-Type: text/plain; charset=UTF-8
I see, thanks for clearing that up, I misread what Gavin stated.
On Wed, Dec 9, 2015 at 12:29 AM, Gregory Maxwell <greg@xiph.org> wrote:
> On Wed, Dec 9, 2015 at 4:44 AM, Ryan Butler <rryananizer@gmail.com> wrote:
> >>I agree, but nothing I have advocated creates significant technical
> >>debt. It is also a bad engineering practice to combine functional
> >>changes (especially ones with poorly understood system wide
> >>consequences and low user autonomy) with structural tidying.
> >
> > I don't think I would classify placing things in consensus critical code
> > when it doesn't need to be as "structural tidying". Gavin said "pile on"
> > which you took as implying "a lot", he can correct me, but I believe he
> > meant "add to".
>
> Nothing being discussed would move something from consensus critical
> code to not consensus critical.
>
> What was being discussed was the location of the witness commitment;
> which is consensus critical regardless of where it is placed. Should
> it be placed in an available location which is compatible with the
> existing network, or should the block hashing data structure
> immediately be changed in an incompatible way to accommodate it in
> order to satisfy an ascetic sense of purity and to make fraud proofs
> somewhat smaller?
>
> I argue that the size difference in the fraud proofs is not
> interesting, the disruption to the network in an incompatible upgrade
> is interesting; and that if it really were desirable reorganization to
> move the commitment point could be done as part of a separate change
> that changes only the location of things (and/or other trivial
> adjustments); and that proceeding int this fashion would minimize
> disruption and risk... by making the incompatible changes that will
> force network wide software updates be as small and as simple as
> possible.
>
> >> (especially ones with poorly understood system wide consequences and low
> >> user autonomy)
> >
> > This implies there you have no confidence in the unit tests and
> functional
> > testing around Bitcoin and should not be a reason to avoid refactoring.
> > It's more a reason to increase testing so that you will have confidence
> when
> > you refactor.
>
> I am speaking from our engineering experience in a public,
> world-wide, multi-vendor, multi-version, inter-operable, distributed
> system which is constantly changing and in production contains private
> code, unknown and assorted hardware, mixtures of versions, unreliable
> networks, undisclosed usage patterns, and more sources of complex
> behavior than can be counted-- including complex economic incentives
> and malicious participants.
>
> Even if we knew the complete spectrum of possible states for the
> system the combinatioric explosion makes complete testing infeasible.
>
> Though testing is essential one cannot "unit test" away all the risks
> related to deploying a new behavior in the network.
>
--001a113fdfd20e11cd0526714fff
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I see, thanks for clearing that up, I misread what Gavin s=
tated.</div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On We=
d, Dec 9, 2015 at 12:29 AM, Gregory Maxwell <span dir=3D"ltr"><<a href=
=3D"mailto:greg@xiph.org" target=3D"_blank">greg@xiph.org</a>></span> wr=
ote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border=
-left:1px #ccc solid;padding-left:1ex"><span class=3D"">On Wed, Dec 9, 2015=
at 4:44 AM, Ryan Butler <<a href=3D"mailto:rryananizer@gmail.com">rryan=
anizer@gmail.com</a>> wrote:<br>
>>I agree, but nothing I have advocated creates significant technical=
<br>
>>debt. It is also a bad engineering practice to combine functional<b=
r>
>>changes (especially ones with poorly understood system wide<br>
>>consequences and low user autonomy) with structural tidying.<br>
><br>
> I don't think I would classify placing things in consensus critica=
l code<br>
> when it doesn't need to be as "structural tidying".=C2=
=A0 Gavin said "pile on"<br>
> which you took as implying "a lot", he can correct me, but I=
believe he<br>
> meant "add to".<br>
<br>
</span>Nothing being discussed would move something from consensus critical=
<br>
code to not consensus critical.<br>
<br>
What was being discussed was the location of the witness commitment;<br>
which is consensus critical regardless of where it is placed. Should<br>
it be placed in an available location which is compatible with the<br>
existing network, or should the block hashing data structure<br>
immediately be changed in an incompatible way to accommodate it in<br>
order to satisfy an ascetic sense of purity and to make fraud proofs<br>
somewhat smaller?<br>
<br>
I argue that the size difference in the fraud proofs is not<br>
interesting, the disruption to the network in an incompatible upgrade<br>
is interesting; and that if it really were desirable reorganization to<br>
move the commitment point could be done as part of a separate change<br>
that changes only the location of things (and/or other trivial<br>
adjustments); and that proceeding int this fashion would minimize<br>
disruption and risk... by making the incompatible changes that will<br>
force network wide software updates be as small and as simple as<br>
possible.<br>
<span class=3D""><br>
>> (especially ones with poorly understood system wide consequences a=
nd low<br>
>> user autonomy)<br>
><br>
> This implies there you have no confidence in the unit tests and functi=
onal<br>
> testing around Bitcoin and should not be a reason to avoid refactoring=
.<br>
> It's more a reason to increase testing so that you will have confi=
dence when<br>
> you refactor.<br>
<br>
</span>I am speaking from our engineering experience in a=C2=A0 public,<br>
world-wide, multi-vendor, multi-version, inter-operable, distributed<br>
system which is constantly changing and in production contains private<br>
code, unknown and assorted hardware, mixtures of versions, unreliable<br>
networks, undisclosed usage patterns, and more sources of complex<br>
behavior than can be counted-- including complex economic incentives<br>
and malicious participants.<br>
<br>
Even if we knew the complete spectrum of possible states for the<br>
system the combinatioric explosion makes complete testing infeasible.<br>
<br>
Though testing is essential one cannot "unit test" away all the r=
isks<br>
related to deploying a new behavior in the network.<br>
</blockquote></div><br></div>
--001a113fdfd20e11cd0526714fff--
|
