Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1V24qo-0004ou-2c for bitcoin-development@lists.sourceforge.net; Wed, 24 Jul 2013 19:35:54 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.215.41 as permitted sender) client-ip=209.85.215.41; envelope-from=gmaxwell@gmail.com; helo=mail-la0-f41.google.com; Received: from mail-la0-f41.google.com ([209.85.215.41]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1V24qm-0002sP-AT for bitcoin-development@lists.sourceforge.net; Wed, 24 Jul 2013 19:35:54 +0000 Received: by mail-la0-f41.google.com with SMTP id fn20so666445lab.28 for ; Wed, 24 Jul 2013 12:35:45 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.112.141.202 with SMTP id rq10mr16767800lbb.83.1374694545331; Wed, 24 Jul 2013 12:35:45 -0700 (PDT) Received: by 10.112.160.104 with HTTP; Wed, 24 Jul 2013 12:35:45 -0700 (PDT) In-Reply-To: <20130724153251.GE1009@zooko.com> References: <20130724023526.GD1009@zooko.com> <20130724153251.GE1009@zooko.com> Date: Wed, 24 Jul 2013 12:35:45 -0700 Message-ID: From: Gregory Maxwell To: zooko Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1V24qm-0002sP-AT Cc: Bitcoin Dev , Greg Troxel Subject: Re: [Bitcoin-development] Linux packaging letter X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2013 19:35:54 -0000 On Wed, Jul 24, 2013 at 8:32 AM, zooko wrote: > This makes it sound like if, for example, Debian were to link bitcoind to= the > system leveldb, and then upgrade the system leveldb to fix a bug that aff= ects > bitcoind, that this would spell the end of Bitcoin. Maybe! A widespread consensus failure causes people to lose money even absent malice. How much depends on a bunch of details, including the luck of attackers. The total ramifications are as much social as they are technical so it's hard to reason over the outcomes beyond "at a minimum, it's not good". A really bad splitting event could results in large amounts of Bitcoin being stolen through reversals. Obviously the system itself would keep on ticking once the issue was resolved... but if millions of dollars at recent prices in coins were stolen, would people want to keep using it? The most dire outcomes are (very?) unlikely, but they're not necessary to recognize that risk mitigation is important. It's good to be careful here just to avoid the bad outcomes we are sure will happen (because we've experienced them before): Hundreds of dollars worth of coin income 'lost' per minute to miners on the losing side of a 50/50 fork, hours long disruption of the lives of dozens of people in the Bitcoin technical ecosystem (many of whom are volunteer OSS developers), hours of disruption (no payments processed) to Bitcoin users and businesses. These are the best case outcomes in a substantial non-transient hard forking event. I think one of the challenges in talking about this stuff is correctly framing these risks. Bitcoin is a novel technology that lacks a lot of the recourse that other systems have=E2=80=94 No Bitcoin central bank to create a bit of inflation to paper over a glitch, eliminating those kinds of centralized "fixes" is much of the point, after all=E2=80=94 so w= ith the idea of starry eyed people taking out second mortgages on their kids kidneys to buy up coin clearly in my mind I do think it's important to be clear about the full range of risk: It's _possible_ that due to some amazing sequences of technical screwups that by next week most everyone could consider Bitcoin worthless. I think it's important to be frank about those risks. ... but it's also not good to be chicken little, calling doom on anyone who wants to change the color of the GUI. :P Navigating it is hard, and generally I'd prefer that if there is any misunderstanding people overestimate the risks a little=E2=80=94 so long as things stay in the realm of the possible=E2=80= =94 rather than underestimate them.