1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
|
Return-Path: <criley@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id F37D8932
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 18 Dec 2016 20:50:57 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wj0-f176.google.com (mail-wj0-f176.google.com
[209.85.210.176])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 73B641FD
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 18 Dec 2016 20:50:56 +0000 (UTC)
Received: by mail-wj0-f176.google.com with SMTP id tk12so135051642wjb.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 18 Dec 2016 12:50:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
bh=hRjBG7hyUZgc/t3+WuHpFbvK08n1AGa2ChQwCdQMPjk=;
b=PxkqvoKnVl38zYXNoDjKxFEb9nYWsV+l8crge9+MPglNsdrdBD9OJP5lkCsPN31gGN
+SYHjV5zmypw9HkCATnDi+a9QhnBsGTOGQEHlF4GM6p2hrV71OigBcVEhkUQZRAZM1Vf
tuN0OeNz3x8Mgt3xCdSkltRwAeJ/nt9QeqqkaC310VYGNd9HStYrD3iqKfELosO853Sp
DzPKaXhN9yaXttPFBJFzf4uR4AgK+GOAzHBurNxJBLv6jrn2qnMGyoC/JDz8oPMxMJeQ
rTZbZwgK5nWtPxV03jhADfskNZjRK2EM13PjjWB/a08twTQLotVevcR4DmPL0Lv5gYNA
uAwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to;
bh=hRjBG7hyUZgc/t3+WuHpFbvK08n1AGa2ChQwCdQMPjk=;
b=GuZcagLj9Ooa5nzm5d0B/Pg1s3k9eNsr0Gsn9PZvkA+1vSqMwcF+XCMCQCAgUt3TmL
EI82YrcJHzv9zGIj1dRqHWMl3l9hfFli4hGGyQ2X2veG5dhQiqhx0Q9J3gQKZsn8Ixjr
P8/EPMVgQa1MLj8Y9JQArqA21JrDGni8wa2WlHu1SstbW6QFgRf+W3udlefVJiNxmFEA
j0ONN96xRJszjj1Uxi01jz/Y1bio0qdf0IWADIZMo5OWXFfHenvkEcKQxA3Yp7Hydapt
eSntOS0X6mtDvmCACQZxBVBNr6KhuYrAHzBZtpLhHsKBQRjXpfwDM6kFAyARmw0DiliO
jRFQ==
X-Gm-Message-State: AIkVDXLBVbW9tIaqWerQn1gPQwmiRHaSo7w7S7o/tzzMrKyOhsbzd0d6iyLCXZjBnZmF2ppeaYKoK1emTdU26w==
X-Received: by 10.194.88.201 with SMTP id bi9mr10699338wjb.71.1482094254976;
Sun, 18 Dec 2016 12:50:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.153.2 with HTTP; Sun, 18 Dec 2016 12:50:53 -0800 (PST)
In-Reply-To: <10231F2A-32C3-4E19-934B-C83E595DDBEB@mattcorallo.com>
References: <f27bd300c20d1b48cddc7e1d1dc1a96c@112bit.com>
<615c88d2a1263810923705c170b25d33@112bit.com>
<CABm2gDo8DR9M9qKqhGfnRHNVrMVFGqsC-gJy4xtxT9=CQOBhgw@mail.gmail.com>
<CAEM=y+Ws-2_mpZQfE1BD8dnmkcBFsXK8Pd3ZvX=e9R_4bj4qng@mail.gmail.com>
<10231F2A-32C3-4E19-934B-C83E595DDBEB@mattcorallo.com>
From: Chris Riley <criley@gmail.com>
Date: Sun, 18 Dec 2016 15:50:53 -0500
Message-ID: <CAL5BAw3R_Kd_KSk4j5WeF09s7KTAc5-O1b4i+ZvygMpuqJaMuw@mail.gmail.com>
To: Matt Corallo <lf-lists@mattcorallo.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=047d7bf198689776350543f4f5ac
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sun, 18 Dec 2016 21:35:39 +0000
Subject: Re: [bitcoin-dev] Planned Obsolescence
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2016 20:50:58 -0000
--047d7bf198689776350543f4f5ac
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
I agree that finding the right line is difficult and purposefully crippling
(too strong a term?) the software is not necessarily the best way to
encourage long term adoption.
For example, I ran version 0.3.x from July/August 2010 for several years on
a miner without upgrading to anything higher than the 0.3.24 release since
the usage pattern on that machine didn't require it. It might have been to
the ~0.7.0 release, I am not sure when I finally upgraded it. On a machine
that had my wallet, I kept it updated, but forcing upgrades may not be the
best plan given that hard forks should be few and far between. Security
updates, are important, but leaving it up to the operator of the node to
determine when to upgrade is an important feature.
Chris
On Sun, Dec 18, 2016 at 5:34 AM, Matt Corallo via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> One thing which hasn't been addressed yet in this thread is developer
> centralization. Unlike other applications we want to ensure that it's not
> only possible for users to refuse an upgrade, but easy. While this by no
> means lessens the retirement that users run up to date software for
> security reasons, finding the right line to draw is difficult.
>
> Matt
>
> On December 15, 2016 2:44:55 PM PST, Ethan Heilman via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
> >I assume this has been well discussed in at some point in the Bitcoin
> >community, so I apologize if I'm repeating old ideas.
> >
> >Problem exploitable nodes:
> >It is plausible that people running these versions of bitcoind may not
> >be applying patches. Thus, these nodes may be vulnerable to known
> >exploits. I would hope none of these nodes are gateway nodes for
> >miners, web wallets or exchanges. How difficult would it be to crawl
> >the network to find vulnerable nodes and exploit them? What percentage
> >of the network is running vulnerable versions of bitcoind?
> >
> >Problem eclipsable nodes:
> >Currently a bitcoind node disconnects from any node with a version
> >below MIN_PEER_PROTO_VERSION. Such nodes become be ripe for an eclipse
> >attack because they are partitioned from the newer nodes, especially
> >when they are "freshly obsolete". I have not examined how protocol
> >versioning works in detail so I could be missing something.
> >
> >One option could be that after a grace period:
> >1. to still connect to obsolete nodes and even to transmit
> >blockheaders,
> >2. but to stop sending the full-blocks and transactions to these
> >nodes, thereby alerting the operator that something is wrong and
> >causing them to upgrade.
> >It may make sense to create this as a rule, if your longest chain
> >consists of only blockheaders and no one will tell you the
> >transactions for over 1000 blocks you are obsolete, spit out an error
> >message and shutdown.
> >
> >This would not address the issue of alt-coins which are forked from
> >old vulnerable versions of bitcoind, but that is probably out of
> >scope.
> >
> >On Thu, Dec 15, 2016 at 1:48 PM, Jorge Tim=C3=B3n via bitcoin-dev
> ><bitcoin-dev@lists.linuxfoundation.org> wrote:
> >> On Thu, Dec 15, 2016 at 4:38 AM, Juan Garavaglia via bitcoin-dev
> >> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> >>> Older node versions may generate issues because some upgrades will
> >make
> >>> several of the nodes running older protocol versions obsolete and or
> >>> incompatible. There may be other hard to predict behaviors on older
> >versions
> >>> of the client.
> >>
> >> Hard to predict or not, you can't force people to run newer software.
> >>
> >>> In order to avoid such wide fragmentation of "Bitcoin Core=E2=80=9D n=
ode
> >versions
> >>> and to help there be a more predictable protocol improvement
> >process, I
> >>> consider it worth it to analyze introducing some planned
> >obsolescence in
> >>> each new version. In the last year we had 4 new versions so if each
> >version
> >>> is valid for about 1 year (52560 blocks) this may be a reasonable
> >time frame
> >>> for node operators to upgrade. If a node does not upgrade it will
> >stop
> >>> working instead of participating in the network with an outdated
> >protocol
> >>> version.
> >>
> >> When you introduce anti-features like this in free software they can
> >> be trivially removed and they likely will.
> >>
> >>> These changes may also simplify the developer's jobs in some cases
> >by
> >>> avoiding them having to deal with ancient versions of the client.
> >>
> >> There's a simpler solution for this which is what is being done now:
> >> stop maintaining and giving support for older versions.
> >> There's limited resources and developers are rarely interested in
> >> fixing bugs for very old versions. Users shouldn't expect things to
> >be
> >> backported to old versions (if developers do it and there's enough
> >> testing, there's no reason not to do more releases of old versions,
> >it
> >> is just rarely the case).
> >> _______________________________________________
> >> bitcoin-dev mailing list
> >> bitcoin-dev@lists.linuxfoundation.org
> >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> >_______________________________________________
> >bitcoin-dev mailing list
> >bitcoin-dev@lists.linuxfoundation.org
> >https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--047d7bf198689776350543f4f5ac
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I agree that finding the right line is difficult and purpo=
sefully crippling (too strong a term?) the software is not necessarily the =
best way to encourage long term adoption. =C2=A0<div><br></div><div>For exa=
mple, I ran version 0.3.x from July/August 2010 for several years on a mine=
r without upgrading to anything higher than the 0.3.24 release since the us=
age pattern on that machine didn't require it.=C2=A0 It might have been=
to the ~0.7.0 release, I am not sure when I finally upgraded it.=C2=A0 On =
a machine that had my wallet, I kept it updated, but forcing upgrades may n=
ot be the best plan given that hard forks should be few and far between.=C2=
=A0 Security updates, are important, but leaving it up to the operator of t=
he node to determine when to upgrade is an important feature.</div><div><br=
></div><div>Chris</div><div><br></div></div><div class=3D"gmail_extra"><br>=
<div class=3D"gmail_quote">On Sun, Dec 18, 2016 at 5:34 AM, Matt Corallo vi=
a bitcoin-dev <span dir=3D"ltr"><<a href=3D"mailto:bitcoin-dev@lists.lin=
uxfoundation.org" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</=
a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0=
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">One thing which hasn=
't been addressed yet in this thread is developer centralization. Unlik=
e other applications we want to ensure that it's not only possible for =
users to refuse an upgrade, but easy. While this by no means lessens the re=
tirement that users run up to date software for security reasons, finding t=
he right line to draw is difficult.<br>
<br>
Matt<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On December 15, 2016 2:44:55 PM PST, Ethan Heilman via bitcoin-dev <<a h=
ref=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.<wbr=
>linuxfoundation.org</a>> wrote:<br>
>I assume this has been well discussed in at some point in the Bitcoin<b=
r>
>community, so I apologize if I'm repeating old ideas.<br>
><br>
>Problem exploitable nodes:<br>
>It is plausible that people running these versions of bitcoind may not<=
br>
>be applying patches. Thus, these nodes may be vulnerable to known<br>
>exploits. I would hope none of these nodes are gateway nodes for<br>
>miners, web wallets or exchanges. How difficult would it be to crawl<br=
>
>the network to find vulnerable nodes and exploit them? What percentage<=
br>
>of the network is running vulnerable versions of bitcoind?<br>
><br>
>Problem eclipsable nodes:<br>
>Currently a bitcoind node disconnects from any node with a version<br>
>below MIN_PEER_PROTO_VERSION. Such nodes become be ripe for an eclipse<=
br>
>attack because they are partitioned from the newer nodes, especially<br=
>
>when they are "freshly obsolete". I have not examined how pro=
tocol<br>
>versioning works in detail so I could be missing something.<br>
><br>
>One option could be that after a grace period:<br>
>1. to still connect to obsolete nodes and even to transmit<br>
>blockheaders,<br>
>2. but to stop sending the full-blocks and transactions to these<br>
>nodes, thereby alerting the operator that something is wrong and<br>
>causing them to upgrade.<br>
>It may make sense to create this as a rule, if your longest chain<br>
>consists of only blockheaders and no one will tell you the<br>
>transactions for over 1000 blocks you are obsolete, spit out an error<b=
r>
>message and shutdown.<br>
><br>
>This would not address the issue of alt-coins which are forked from<br>
>old vulnerable versions of bitcoind, but that is probably out of<br>
>scope.<br>
><br>
>On Thu, Dec 15, 2016 at 1:48 PM, Jorge Tim=C3=B3n via bitcoin-dev<br>
><<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-de=
v@lists.<wbr>linuxfoundation.org</a>> wrote:<br>
>> On Thu, Dec 15, 2016 at 4:38 AM, Juan Garavaglia via bitcoin-dev<b=
r>
>> <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitco=
in-dev@lists.<wbr>linuxfoundation.org</a>> wrote:<br>
>>> Older node versions may generate issues because some upgrades =
will<br>
>make<br>
>>> several of the nodes running older protocol versions obsolete =
and or<br>
>>> incompatible. There may be other hard to predict behaviors on =
older<br>
>versions<br>
>>> of the client.<br>
>><br>
>> Hard to predict or not, you can't force people to run newer so=
ftware.<br>
>><br>
>>> In order to avoid such wide fragmentation of "Bitcoin Cor=
e=E2=80=9D node<br>
>versions<br>
>>> and to help there be a more predictable protocol improvement<b=
r>
>process, I<br>
>>> consider it worth it to analyze introducing some planned<br>
>obsolescence in<br>
>>> each new version. In the last year we had 4 new versions so if=
each<br>
>version<br>
>>> is valid for about 1 year (52560 blocks) this may be a reasona=
ble<br>
>time frame<br>
>>> for node operators to upgrade. If a node does not upgrade it w=
ill<br>
>stop<br>
>>> working instead of participating in the network with an outdat=
ed<br>
>protocol<br>
>>> version.<br>
>><br>
>> When you introduce anti-features like this in free software they c=
an<br>
>> be trivially removed and they likely will.<br>
>><br>
>>> These changes may also simplify the developer's jobs in so=
me cases<br>
>by<br>
>>> avoiding them having to deal with ancient versions of the clie=
nt.<br>
>><br>
>> There's a simpler solution for this which is what is being don=
e now:<br>
>> stop maintaining and giving support for older versions.<br>
>> There's limited resources and developers are rarely interested=
in<br>
>> fixing bugs for very old versions. Users shouldn't expect thin=
gs to<br>
>be<br>
>> backported to old versions (if developers do it and there's en=
ough<br>
>> testing, there's no reason not to do more releases of old vers=
ions,<br>
>it<br>
>> is just rarely the case).<br>
>> ______________________________<wbr>_________________<br>
>> bitcoin-dev mailing list<br>
>> <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-d=
ev@lists.<wbr>linuxfoundation.org</a><br>
>> <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitc=
oin-dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation=
.<wbr>org/mailman/listinfo/bitcoin-<wbr>dev</a><br>
>_____________________________<wbr>__________________<br>
>bitcoin-dev mailing list<br>
><a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@li=
sts.<wbr>linuxfoundation.org</a><br>
><a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-d=
ev" rel=3D"noreferrer" target=3D"_blank">https://lists.<wbr>linuxfoundation=
.org/mailman/<wbr>listinfo/bitcoin-dev</a><br>
<br>
______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
</div></div></blockquote></div><br></div>
--047d7bf198689776350543f4f5ac--
|