📅 Original date posted:2015-12-09
📝 Original message:On Wed, Dec 9, 2015 at 4:44 AM, Ryan Butler <rryananizer at gmail.com> wrote:
>>I agree, but nothing I have advocated creates significant technical
>>debt. It is also a bad engineering practice to combine functional
>>changes (especially ones with poorly understood system wide
>>consequences and low user autonomy) with structural tidying.
>
> I don't think I would classify placing things in consensus critical code
> when it doesn't need to be as "structural tidying". Gavin said "pile on"
> which you took as implying "a lot", he can correct me, but I believe he
> meant "add to".
Nothing being discussed would move something from consensus critical
code to not consensus critical.
What was being discussed was the location of the witness commitment;
which is consensus critical regardless of where it is placed. Should
it be placed in an available location which is compatible with the
existing network, or should the block hashing data structure
immediately be changed in an incompatible way to accommodate it in
order to satisfy an ascetic sense of purity and to make fraud proofs
somewhat smaller?
I argue that the size difference in the fraud proofs is not
interesting, the disruption to the network in an incompatible upgrade
is interesting; and that if it really were desirable reorganization to
move the commitment point could be done as part of a separate change
that changes only the location of things (and/or other trivial
adjustments); and that proceeding int this fashion would minimize
disruption and risk... by making the incompatible changes that will
force network wide software updates be as small and as simple as
possible.
>> (especially ones with poorly understood system wide consequences and low
>> user autonomy)
>
> This implies there you have no confidence in the unit tests and functional
> testing around Bitcoin and should not be a reason to avoid refactoring.
> It's more a reason to increase testing so that you will have confidence when
> you refactor.
I am speaking from our engineering experience in a public,
world-wide, multi-vendor, multi-version, inter-operable, distributed
system which is constantly changing and in production contains private
code, unknown and assorted hardware, mixtures of versions, unreliable
networks, undisclosed usage patterns, and more sources of complex
behavior than can be counted-- including complex economic incentives
and malicious participants.
Even if we knew the complete spectrum of possible states for the
system the combinatioric explosion makes complete testing infeasible.
Though testing is essential one cannot "unit test" away all the risks
related to deploying a new behavior in the network.
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 17:45:42
in reply to nevent1q…pt48
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetPublished at
2023-06-07 17:45:42Event JSON
{
"id": "675eed8d9b6f309083f7eb6388b499b5c35a420204c45ced01aaf48dde16d142",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686159942,
"kind": 1,
"tags": [
[
"e",
"558b0da1f3869961bbef0556878e1dd6b9ae37e86128bc130bab17f5332c918d",
"",
"root"
],
[
"e",
"61e857dee963fd8760463a90211555e402034bc404158fcbad4d97093455e2c5",
"",
"reply"
],
[
"p",
"2c8da20289231989c45f4bd3a7d87e383ce05124a01a5203e07737f00309c1c7"
]
],
"content": "📅 Original date posted:2015-12-09\n📝 Original message:On Wed, Dec 9, 2015 at 4:44 AM, Ryan Butler \u003crryananizer at gmail.com\u003e wrote:\n\u003e\u003eI agree, but nothing I have advocated creates significant technical\n\u003e\u003edebt. It is also a bad engineering practice to combine functional\n\u003e\u003echanges (especially ones with poorly understood system wide\n\u003e\u003econsequences and low user autonomy) with structural tidying.\n\u003e\n\u003e I don't think I would classify placing things in consensus critical code\n\u003e when it doesn't need to be as \"structural tidying\". Gavin said \"pile on\"\n\u003e which you took as implying \"a lot\", he can correct me, but I believe he\n\u003e meant \"add to\".\n\nNothing being discussed would move something from consensus critical\ncode to not consensus critical.\n\nWhat was being discussed was the location of the witness commitment;\nwhich is consensus critical regardless of where it is placed. Should\nit be placed in an available location which is compatible with the\nexisting network, or should the block hashing data structure\nimmediately be changed in an incompatible way to accommodate it in\norder to satisfy an ascetic sense of purity and to make fraud proofs\nsomewhat smaller?\n\nI argue that the size difference in the fraud proofs is not\ninteresting, the disruption to the network in an incompatible upgrade\nis interesting; and that if it really were desirable reorganization to\nmove the commitment point could be done as part of a separate change\nthat changes only the location of things (and/or other trivial\nadjustments); and that proceeding int this fashion would minimize\ndisruption and risk... by making the incompatible changes that will\nforce network wide software updates be as small and as simple as\npossible.\n\n\u003e\u003e (especially ones with poorly understood system wide consequences and low\n\u003e\u003e user autonomy)\n\u003e\n\u003e This implies there you have no confidence in the unit tests and functional\n\u003e testing around Bitcoin and should not be a reason to avoid refactoring.\n\u003e It's more a reason to increase testing so that you will have confidence when\n\u003e you refactor.\n\nI am speaking from our engineering experience in a public,\nworld-wide, multi-vendor, multi-version, inter-operable, distributed\nsystem which is constantly changing and in production contains private\ncode, unknown and assorted hardware, mixtures of versions, unreliable\nnetworks, undisclosed usage patterns, and more sources of complex\nbehavior than can be counted-- including complex economic incentives\nand malicious participants.\n\nEven if we knew the complete spectrum of possible states for the\nsystem the combinatioric explosion makes complete testing infeasible.\n\nThough testing is essential one cannot \"unit test\" away all the risks\nrelated to deploying a new behavior in the network.",
"sig": "ffcd5c7ed393cdefa0aa0e578e97fb3b6e942a202c7e0211453954cfca0a7e829d6ccdb6d49707744224ef0732eb164696380692d9cb59517f08e82695590c6c"
}