📅 Original date posted:2013-06-28
📝 Original message:I suspect what you saw is mining nodes restarting and clearing their
mempools out rather than an explicit policy of replace by fee.
On Fri, Jun 28, 2013 at 12:09 PM, John Dillon
<john.dillon892 at googlemail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Fri, Jun 28, 2013 at 9:05 AM, Mike Hearn <mike at plan99.net> wrote:
>>> I see some of the the other things that were concerning for me at the
>>> time are still uncorrected though, e.g. no proxy support (so users
>>> can't follow our recommended best practices of using it with Tor),
>>
>> Yeah. That's not the primary privacy issue with bitcoinj though. I'm
>> much, much more concerned about leaks via the block chain than the
>> network layer. Especially as Tor is basically a giant man in the
>> middle, without any kind of authentication you can easily end up
>> connected to a sybil network without any idea. I'd be surprised if Tor
>> usage was very high amongst Bitcoin users.
>
> Tor does not act as a particularly effective man in the middle for nodes
> that support connections to hidden services because while your
> connections to standard Bitcoin nodes go through your exit node, the
> routing path for each hidden service peer is independent. Having said
> that we should offer modes that send your self-generated transactions
> out via Tor, while still maintaining non-Tor connections.
>
> Anyway Sybil attacks aren't all that interesting if you are the one
> sending the funds, and receivers are reasonably well protected simply
> because generating false confirmations is extremely expensive and very
> difficult to do quickly. After all, you always make the assumption that
> nearly all hashing power in existence is honest when you talk about
> replace-by-fee among other things, and that assumption naturally leads
> to the conclusion that generating false confirmations with a sybil
> attack would take more than long enough that the user would be
> suspicious that something was wrong long before being defrauded.
>
> I'd be surprised if anyone has ever bothered with a false confirmation
> sybil attack. I wouldn't be the slightest bit surprised if the NSA is
> recording all the Bitcoin traffic they can for future analysis to find
> true transaction origins. Which reminds me, again, we need node-to-node
> connections to be encrypted to at least protect against network-wide
> passive sniffiing.
>
> Regarding usage I would be interested to hear from those running Bitcoin
> nodes advertising themselves as hidden services.
>
>> It's not a library limitation anyway, it's a case of how best to
>> present information to a user who is not familiar with how Bitcoin
>> works. "Safe" and "Not safe" is still a rather misleading distinction
>> given the general absence of double spends against mempool
>> transactions, but it's still a lot more meaningful than "2 confirms"
>
> For what it is worth I ran a double-spend generator a month or so ago
> against the replace-by-fee node that Peter setup and I found that a
> small number of the double-spends did in fact appear to be mined under
> replace-by-fee rules.
>
> Specifically the generator would create a transaction from confirmed
> inputs, wait 60-180 seconds (randomized) to allow for full propagation,
> and then create a double-spend if the transaction hadn't already been
> mined. The transactions were randomized to look like normal traffic,
> including occasional bets to Satoshidice and similar for fun. (for the
> record the script had no way of knowing if a bet won and would happily
> attempt to double-spend wins) Fees for the replacement were power-law
> distributed IIRC, with some occasionally set to be quite hefty.
>
> Though possibly just an artifact of unusually slow transaction
> propagation it appeared that about 0.25% of hashing power was following
> replace-by-fee rules. (not including transactions involving gambling, I
> know Eligius and perhaps others block such transactions from their
> mempools making double-spends easy to accomplish by including
> Satoshidice outputs)
>
> I'm actually surprised by that figure myself given Peter Todd and I
> haven't made a serious attempt yet to get miners to use replace-by-fee
> rules. An interesting experiment would be to advertise that money is
> being given away by such a tx generator in the mining forum, although I
> would prefer to see solid mempool support for the "scorched-earth"
> double-spend countermeasure first; Peter sounds like he has some great
> ideas there, although as usual I am seeing very little in the way of
> code. :)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQEcBAEBCAAGBQJRzWCOAAoJEEWCsU4mNhiPwhgH/ic/OJMCYwdIuEM2ArSAEQRY
> l5bqafMYMcC/KE9xqZ1HVkLJ9Zg57MQ8VZw95WOsmRgNA0v1xIoCyREjI84QkCIq
> R/hOgS97eJc+XXnPBVoB4Jadq5LQ6jNpJo7cmiLJjCEmE6rTxLZBBT4P3eQw8oIn
> WAd7X7utP7/QAkjhaWB9FsfWT8QZseqpSPv8WucRftsRCABurzuD+eSfpRqYwk2z
> XBD0zO+EyAtu6hB3dRAFhqnhVfEcOLJCtXpm76WO574H4AZ/8EN+HozLJSUtylCq
> j1NZnpj/6pdFh2v5Pid4HEMEvuNNX60u6iXGJ560PUsdKmOh+LEhUBLKd9acJTw=
> =QtjI
> -----END PGP SIGNATURE-----
Mike Hearn [ARCHIVE] /
npub17t…4qgyd
2023-06-07 15:04:06
in reply to nevent1q…aqy3
Author Public Key
npub17ty4mumkv43w8wtt0xsz2jypck0gvw0j8xrcg6tpea25z2nh7meqf4qgydSeen on
wss://relay.noswhere.comPublished at
2023-06-07 15:04:06Event JSON
{
"id": "ee6fee3ccdb80db94cd6298d4bfa0efa13b1d2a2b7bac512fc896e205f7e0431",
"pubkey": "f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2",
"created_at": 1686150246,
"kind": 1,
"tags": [
[
"e",
"5ec662796ac6f7c2f8d4618ee0bafe23cd8003de44ad7e1121634fb73b588358",
"",
"root"
],
[
"e",
"5b8919f5ae079eef981d3fc61554331cc0e9e8b738126037fef98bc99c13b76a",
"",
"reply"
],
[
"p",
"a0b592adfee20cad7bb28c238a9fc1fccf4511a458be8e3d96b00c914c8c3564"
]
],
"content": "📅 Original date posted:2013-06-28\n📝 Original message:I suspect what you saw is mining nodes restarting and clearing their\nmempools out rather than an explicit policy of replace by fee.\n\nOn Fri, Jun 28, 2013 at 12:09 PM, John Dillon\n\u003cjohn.dillon892 at googlemail.com\u003e wrote:\n\u003e -----BEGIN PGP SIGNED MESSAGE-----\n\u003e Hash: SHA256\n\u003e\n\u003e On Fri, Jun 28, 2013 at 9:05 AM, Mike Hearn \u003cmike at plan99.net\u003e wrote:\n\u003e\u003e\u003e I see some of the the other things that were concerning for me at the\n\u003e\u003e\u003e time are still uncorrected though, e.g. no proxy support (so users\n\u003e\u003e\u003e can't follow our recommended best practices of using it with Tor),\n\u003e\u003e\n\u003e\u003e Yeah. That's not the primary privacy issue with bitcoinj though. I'm\n\u003e\u003e much, much more concerned about leaks via the block chain than the\n\u003e\u003e network layer. Especially as Tor is basically a giant man in the\n\u003e\u003e middle, without any kind of authentication you can easily end up\n\u003e\u003e connected to a sybil network without any idea. I'd be surprised if Tor\n\u003e\u003e usage was very high amongst Bitcoin users.\n\u003e\n\u003e Tor does not act as a particularly effective man in the middle for nodes\n\u003e that support connections to hidden services because while your\n\u003e connections to standard Bitcoin nodes go through your exit node, the\n\u003e routing path for each hidden service peer is independent. Having said\n\u003e that we should offer modes that send your self-generated transactions\n\u003e out via Tor, while still maintaining non-Tor connections.\n\u003e\n\u003e Anyway Sybil attacks aren't all that interesting if you are the one\n\u003e sending the funds, and receivers are reasonably well protected simply\n\u003e because generating false confirmations is extremely expensive and very\n\u003e difficult to do quickly. After all, you always make the assumption that\n\u003e nearly all hashing power in existence is honest when you talk about\n\u003e replace-by-fee among other things, and that assumption naturally leads\n\u003e to the conclusion that generating false confirmations with a sybil\n\u003e attack would take more than long enough that the user would be\n\u003e suspicious that something was wrong long before being defrauded.\n\u003e\n\u003e I'd be surprised if anyone has ever bothered with a false confirmation\n\u003e sybil attack. I wouldn't be the slightest bit surprised if the NSA is\n\u003e recording all the Bitcoin traffic they can for future analysis to find\n\u003e true transaction origins. Which reminds me, again, we need node-to-node\n\u003e connections to be encrypted to at least protect against network-wide\n\u003e passive sniffiing.\n\u003e\n\u003e Regarding usage I would be interested to hear from those running Bitcoin\n\u003e nodes advertising themselves as hidden services.\n\u003e\n\u003e\u003e It's not a library limitation anyway, it's a case of how best to\n\u003e\u003e present information to a user who is not familiar with how Bitcoin\n\u003e\u003e works. \"Safe\" and \"Not safe\" is still a rather misleading distinction\n\u003e\u003e given the general absence of double spends against mempool\n\u003e\u003e transactions, but it's still a lot more meaningful than \"2 confirms\"\n\u003e\n\u003e For what it is worth I ran a double-spend generator a month or so ago\n\u003e against the replace-by-fee node that Peter setup and I found that a\n\u003e small number of the double-spends did in fact appear to be mined under\n\u003e replace-by-fee rules.\n\u003e\n\u003e Specifically the generator would create a transaction from confirmed\n\u003e inputs, wait 60-180 seconds (randomized) to allow for full propagation,\n\u003e and then create a double-spend if the transaction hadn't already been\n\u003e mined. The transactions were randomized to look like normal traffic,\n\u003e including occasional bets to Satoshidice and similar for fun. (for the\n\u003e record the script had no way of knowing if a bet won and would happily\n\u003e attempt to double-spend wins) Fees for the replacement were power-law\n\u003e distributed IIRC, with some occasionally set to be quite hefty.\n\u003e\n\u003e Though possibly just an artifact of unusually slow transaction\n\u003e propagation it appeared that about 0.25% of hashing power was following\n\u003e replace-by-fee rules. (not including transactions involving gambling, I\n\u003e know Eligius and perhaps others block such transactions from their\n\u003e mempools making double-spends easy to accomplish by including\n\u003e Satoshidice outputs)\n\u003e\n\u003e I'm actually surprised by that figure myself given Peter Todd and I\n\u003e haven't made a serious attempt yet to get miners to use replace-by-fee\n\u003e rules. An interesting experiment would be to advertise that money is\n\u003e being given away by such a tx generator in the mining forum, although I\n\u003e would prefer to see solid mempool support for the \"scorched-earth\"\n\u003e double-spend countermeasure first; Peter sounds like he has some great\n\u003e ideas there, although as usual I am seeing very little in the way of\n\u003e code. :)\n\u003e -----BEGIN PGP SIGNATURE-----\n\u003e Version: GnuPG v1.4.11 (GNU/Linux)\n\u003e\n\u003e iQEcBAEBCAAGBQJRzWCOAAoJEEWCsU4mNhiPwhgH/ic/OJMCYwdIuEM2ArSAEQRY\n\u003e l5bqafMYMcC/KE9xqZ1HVkLJ9Zg57MQ8VZw95WOsmRgNA0v1xIoCyREjI84QkCIq\n\u003e R/hOgS97eJc+XXnPBVoB4Jadq5LQ6jNpJo7cmiLJjCEmE6rTxLZBBT4P3eQw8oIn\n\u003e WAd7X7utP7/QAkjhaWB9FsfWT8QZseqpSPv8WucRftsRCABurzuD+eSfpRqYwk2z\n\u003e XBD0zO+EyAtu6hB3dRAFhqnhVfEcOLJCtXpm76WO574H4AZ/8EN+HozLJSUtylCq\n\u003e j1NZnpj/6pdFh2v5Pid4HEMEvuNNX60u6iXGJ560PUsdKmOh+LEhUBLKd9acJTw=\n\u003e =QtjI\n\u003e -----END PGP SIGNATURE-----",
"sig": "3c70b7b9d19e24be118362ae2777f6c7564886db2206cbc68b12b67dfce6e6dac4b45925b6eca9de459b8065c7b54b1b85788fa25da08de41cecfa460915cef6"
}