📅 Original date posted:2022-04-26
📝 Original message:On Mon, Apr 25, 2022 at 10:48:20PM -0700, Jeremy Rubin via bitcoin-dev wrote:
> Further, you're representing the state of affairs as if there's a great
> need to scramble to generate software for this, whereas there already are
> scripts to support a URSF that work with the source code I pointed to from
> my blog. This approach is a decent one, even though it requires two things,
> because it is simple. I think it's important that people keep this in mind
> because that is not a joke, the intention was that the correct set of check
> and balance tools were made available. I'd be eager to learn what,
> specifically, you think the advantages are of a separate binary release
> rather than a binary + script that can handle both cases?
The point of running a client with a validation requirement of "blocks
must (not) signal" is to handle the possiblity of there being a chain
split, where your preferred ruleset ends up on the less-work side.
Ideally that will be a temporary situation and other people will come to
your side, switch their miners over etc, and your chain will go back to
having the most work, and anyone who wasn't running a client with the
opposite signalling requirement will reorg to your chain and ruleset.
But forkd isn't quite enough to do that reliably -- instead, you'll
start disconnecting nodes who forward blocks to you that were built on
the block you disconnected, and you'll risk ending up isolated: that's
why bip8 recommends clients "should either use parameters that do not
risk there being a higher work alternative chain, or specify a mechanism
for implementations that support the deployment to preferentially peer
with each other".
Also, in order to have other nodes reorg to your chain when it has
more work, you don't want to exclusively connect to likeminded peers.
That's less of a big deal though, since you only need one peer to
forward the new chain to the compatible network to trigger all of them
to reorg.
Being able to see the other chain has more work might be valuable in
order to add some sort of user warning signal though: "the other chain
appears to have maintained 3x as much hash power as the chain your are
following".
In theory, using the `BLOCK_RECENT_CONSENSUS_CHANGE` flag to indicate
unwanted signalling might make sense; then you could theoretically
trigger on that to avoid disconnecting inbound peers that are following
the wrong chain. There's already some code along those lines; but while I
haven't checked recently, I think it ends up failing relatively quickly
once an invalid chain has been extended by a few blocks, since they'll
result in `BLOCK_INVALID_PREV` errors instead. The segwit UASF client
took some care to try to make this work, fwiw.
(As it stands, I think RECENT_CONSENSUS_CHANGE only really helps with
avoiding disconnections if there's one or maybe two invalid blocks in
a row from a random miner that's doing strange things, rather than if
there's an active conflict resulting in a deliberate chain split).
On the other hand, if there is a non-trivial chain split, then everyone
has to deal with splitting their coins across the different chains,
presuming they don't want to just consider one or the other a complete
write-off. That's already annoying; but for lightning funds I think it
means the automation breaks down, and every channel in the network would
need to be immediately closed on chain, as otherwise accepting state
updates risks losing the value of your channel balance on whichever
chain you're lightning node is not following.
So to your original question: I think it's pretty hard to do all that
stuff in a separate script, without updating the node software itself.
More generally, while I think forkd *is* pretty much state of the art;
I don't think it comes close to addressing all the problems that a chain
split would create. Maybe it's still worthwhile despite those problems
if there's some existential threat to bitcoin, but (not) activating CTV
doesn't seem to rise to that level to me.
Just my opinion, but: without some sort of existential threat, it
seems better to take things slowly and hold off on changes until either
pretty much everyone who cares is convinced that the change is a good
idea and ready to go; or until someone has done the rest of the work to
smooth over all the disruption a non-trivial chain split could cause.
Of course, the latter option is a _lot_ of work, and probably requires
consensus changes itself...
Cheers,
aj
Anthony Towns [ARCHIVE] /
npub17r…x9l2h
2023-06-07 23:08:10
in reply to nevent1q…n04e
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-07 23:08:10Event JSON
{
"id": "513a691aa3d68769140f8e2b3bf28407e527cf9a633e7dd4de8170ed2c58c521",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686179290,
"kind": 1,
"tags": [
[
"e",
"3dffc8c13f3b9b12f1185a7d930397986c136e11bc8baf2ee43157edc17ffd82",
"",
"root"
],
[
"e",
"f49c101f32ff7c44334d863a396a8ef96fa3593f51f419b3e017d8741283b364",
"",
"reply"
],
[
"p",
"372c316761360b4ea20f2d7e81a59363b7e45b8e945a5381c3122049c2c4b84a"
]
],
"content": "📅 Original date posted:2022-04-26\n📝 Original message:On Mon, Apr 25, 2022 at 10:48:20PM -0700, Jeremy Rubin via bitcoin-dev wrote:\n\u003e Further, you're representing the state of affairs as if there's a great\n\u003e need to scramble to generate software for this, whereas there already are\n\u003e scripts to support a URSF that work with the source code I pointed to from\n\u003e my blog. This approach is a decent one, even though it requires two things,\n\u003e because it is simple. I think it's important that people keep this in mind\n\u003e because that is not a joke, the intention was that the correct set of check\n\u003e and balance tools were made available. I'd be eager to learn what,\n\u003e specifically, you think the advantages are of a separate binary release\n\u003e rather than a binary + script that can handle both cases?\n\nThe point of running a client with a validation requirement of \"blocks\nmust (not) signal\" is to handle the possiblity of there being a chain\nsplit, where your preferred ruleset ends up on the less-work side.\n\nIdeally that will be a temporary situation and other people will come to\nyour side, switch their miners over etc, and your chain will go back to\nhaving the most work, and anyone who wasn't running a client with the\nopposite signalling requirement will reorg to your chain and ruleset.\n\nBut forkd isn't quite enough to do that reliably -- instead, you'll\nstart disconnecting nodes who forward blocks to you that were built on\nthe block you disconnected, and you'll risk ending up isolated: that's\nwhy bip8 recommends clients \"should either use parameters that do not\nrisk there being a higher work alternative chain, or specify a mechanism\nfor implementations that support the deployment to preferentially peer\nwith each other\".\n\nAlso, in order to have other nodes reorg to your chain when it has\nmore work, you don't want to exclusively connect to likeminded peers.\nThat's less of a big deal though, since you only need one peer to\nforward the new chain to the compatible network to trigger all of them\nto reorg.\n\nBeing able to see the other chain has more work might be valuable in\norder to add some sort of user warning signal though: \"the other chain\nappears to have maintained 3x as much hash power as the chain your are\nfollowing\".\n\nIn theory, using the `BLOCK_RECENT_CONSENSUS_CHANGE` flag to indicate\nunwanted signalling might make sense; then you could theoretically\ntrigger on that to avoid disconnecting inbound peers that are following\nthe wrong chain. There's already some code along those lines; but while I\nhaven't checked recently, I think it ends up failing relatively quickly\nonce an invalid chain has been extended by a few blocks, since they'll\nresult in `BLOCK_INVALID_PREV` errors instead. The segwit UASF client\ntook some care to try to make this work, fwiw.\n\n(As it stands, I think RECENT_CONSENSUS_CHANGE only really helps with\navoiding disconnections if there's one or maybe two invalid blocks in\na row from a random miner that's doing strange things, rather than if\nthere's an active conflict resulting in a deliberate chain split).\n\nOn the other hand, if there is a non-trivial chain split, then everyone\nhas to deal with splitting their coins across the different chains,\npresuming they don't want to just consider one or the other a complete\nwrite-off. That's already annoying; but for lightning funds I think it\nmeans the automation breaks down, and every channel in the network would\nneed to be immediately closed on chain, as otherwise accepting state\nupdates risks losing the value of your channel balance on whichever\nchain you're lightning node is not following.\n\nSo to your original question: I think it's pretty hard to do all that\nstuff in a separate script, without updating the node software itself.\n\nMore generally, while I think forkd *is* pretty much state of the art;\nI don't think it comes close to addressing all the problems that a chain\nsplit would create. Maybe it's still worthwhile despite those problems\nif there's some existential threat to bitcoin, but (not) activating CTV\ndoesn't seem to rise to that level to me.\n\nJust my opinion, but: without some sort of existential threat, it\nseems better to take things slowly and hold off on changes until either\npretty much everyone who cares is convinced that the change is a good\nidea and ready to go; or until someone has done the rest of the work to\nsmooth over all the disruption a non-trivial chain split could cause.\nOf course, the latter option is a _lot_ of work, and probably requires\nconsensus changes itself...\n\nCheers,\naj",
"sig": "4f565741f4ee49cb456b96a60791ccf72aa82aace5b75e1141f20c310c9ee45d8a8cdf99601eba48b94cc9a2c64c46fcdbf5ebf8e324d32552247112d5394481"
}