< GitHub104> [bitcoin] jtimon opened pull request #8498: Optimization: Minimize the number of times it is checked that no money... (master...0.13-consensus-inputs) https://github.com/bitcoin/bitcoin/pull/8498
< dcousens> If I submit an incorrectly formed CLTV transaction, I get a Error 64: non-mandatory-script-flags error... is that odd considering CLTV is active?
< dcousens> I know it comes down to Mandatory script verification flags that all new blocks must comply with for
< dcousens> I know it comes down MANDATORY_SCRIPT_VERIFY_FLAGS* being const and only has P2SH
< dcousens> Sorry, mis-type
< sipa> right, the message is confusing
< dcousens> My point being, CheckInputs does that double check to recognize you as just a non-standard tx, but in this case the tx is actually invalid
< sipa> we have basically three 3 classes of flags:
< sipa> mandatory <= consensus <= standardness
< sipa> the reason why consensus != mandatory is because pre-CLTV nodes may relay you violating transactions, and if they do so, you should not ban them for it
< dcousens> sure, OK so its purely just an error message issue
< sipa> but mandatory doesn't even include BIP66
< sipa> i think we should change that
< dcousens> indeed
< dcousens> sipa: perhaps MANDATORY_SCRIPT_FLAGS shouldn't be const, but instead based on the soft-fork status?
< dcousens> and STANDARD_NOT_MANDATORY_VERIFY_FLAGS derived, that way it maintains the non banning nature
< sipa> well MANDATORY flags aren't based on current softfork status, but on what we expect our peers to enforce
< sipa> s/expect/require/
< dcousens> sipa: which you would expect to correlate to what soft forks have activated no?
< sipa> i don't think so
< sipa> there is no need to break compatibility with old clients
< sipa> unless there is an attack that can't be fixed without it
< dcousens> right
< sipa> but if we ever go as far as breaking such compatibility below 0.10, we can at once include CSV, CLTV and segwit
< sipa> in mandatory
< sipa> even before segwit activates
< sipa> because all those rules only apply to transactions that have been nonstandard for a long time
< sipa> wumpus: just so i don't forget, a few topics for the meeting 1) segwit policy limits 2) can we propose a softfork to make low-s required simultaneously with segwit? 3) raising mandatory script flags to include bip66?
< wumpus> sipa: I'll try to remember too
< dcousens> +1 2)
< dcousens> anyway, no worries cheers for the help sipa
< jl2012> sipa: why would you like to have a low-s softfork? And is it for segwit scripts only, or for all scripts?
< sipa> jl2012: it's already nonstandard for a long time, it doesn't hurt anyone, and removes a source of malleability
< jl2012> so you want it for non-segwit scripts too?
< sipa> well to be discussed
< jl2012> with low-s rule, even the wtxid of a p2wpkh tx is not malleable
< gmaxwell> sipa: jl2012 won't be around during the metting so if you're still awake you might want to discuss with him in PM.
< sipa> i'm about to go sleep
< jl2012> ok no hurry. I'll leave my thought here
< jl2012> I don't see a compelling reason to have a low-s soft fork with segwit (in 0.13.1). Non-segwit txs are hopeless and we should not spend any energy to fix them. For segwit txs, why would we need immallable wtxid?
< sipa> one reason would be avoid 3rd party relayers messing with compact block relay
< jl2012> Immallable wtxid might be desirable for cmpblock and weak block, but enforcing lowS with policy is enough (since miners could always be anti-social)
< jl2012> high-S txs are non-standard already? So it won't happen unless a miner is anti-social
< gmaxwell> jl2012: non-segwit low-s is already standardness required for a long time now.
< jl2012> i don't see how a non-mining malicious relayer could exploit this
< gmaxwell> for compact blocks? not if its a standardness rule, but we have (>=) _100%_ of the code complexity for having it as a consensus rule just by having it as a standardness rule.
< gmaxwell> It provably doesnot usefully expand the utility of the system to permit it, so it's just excess malleability.
< gmaxwell> Standardness rules are also not guarenteed, miners in the past have simply flipped them off.
< jl2012> but it's already a standardness rule?
< gmaxwell> For non-segwit.
< sipa> for segwit too
< jl2012> for segwit too, I believe
< gmaxwell> For non-segwit it leaves open malleability attacks for a greater set of transactions.
< gmaxwell> so there is more reason to preclude it there.
< gmaxwell> (and it has been exploited even since non-standard)
< jl2012> and now you also need the nulldummy softfork too.....
< * sipa> zZzZ
< jl2012> good night
< gmaxwell> no you don't-- something can only improve things for many transactions, it doesn't have to (and can't) fix everything.
< gmaxwell> and having more vectors for miners to intentionally play with propagation isn't very interesting.
< jl2012> my point is, if a miner wants to be anti-social, they have many different ways. For example, they could mine txs that is never seen on the network.
< gmaxwell> Having more "mandatory standardness rules" doesn't reduce the complexity of the system, it increases it.
< jl2012> and that's less obvious than mining high-S
< gmaxwell> Yes they can, I agree. But that it's a reason that an additional way is desirable.
< gmaxwell> I think both are pretty obvious if done extensively. :)
< gmaxwell> I don't think we should have standardness rules for anything except forward compatibility and things moving towards being softforked out. Otherwise people get a false expectation of what properties the system provides.
< gmaxwell> I was hearing from someone a day ago that wanted to use a cryptographic protocol where the hash of a signature was used as a key. They could have worked around low/high-S but it surely would have been an unwelcome surprise.
< gmaxwell> so since low-S is already required defacto, it may make sense to require it de jure-- because "not allowed" is fundimentally simpler than "usually not allowed but maybe happens" :)
< jl2012> maybe in the next softfork after segwit? It seems not a strong reason to delay segwit. (I know that's only a one-line change in consensus code but we still need more tests)
< gmaxwell> another way to look at it is that since it is non-standard it is likely completely untested. (not that I'd expect it to have issues)
< gmaxwell> I don't think it would make sense to delay anything for it. (And indeed, I suggested earlier to pieter that segwit really should require compressed pubkeys and absolutely prohbit hybrid pubkeys (which are the worst of all worlds)-- but he pointed out this would require acutal code additions)
< jl2012> What is hybrid monkey?
< jl2012> pubkey...
< jl2012> Autocorrect
< gmaxwell> I'm glad I didn't actually say monkey, but I was worried for a moment. It's an uncompressed pubkey, but with a sign flag at the front like compressed.
< gmaxwell> This takes all the space of an uncompressed pubkey, but it is as slow to use as a compressed pubkey. (actually very slightly slower).
< gmaxwell> As far as anyone can tell there is no reason for them to exist, other than some standards person got too excited about specifying every combination of options. At least at one point that I looked, there weren't any in the blockchain at all.
< gmaxwell> (at least that we can detect, we can't tell for hash160s we don't know the preimage for)
< gmaxwell> We didn't move to block them in the past because we couldn't be sure that we wouldn't invalidate some txout. But for segwit that problem doesn't exist.
< gmaxwell> but it would be more than a one line change, alas.
< jl2012> Just one line to check the size of key
< gmaxwell> true, if uncompressed and hybrid are limited at the same time... but more than one line to pass the flags through to the right place. :)
< jl2012> There is no reason to support uncompressed key in segwit
< gmaxwell> Agreed.
< gmaxwell> (well I could be contrary and argue that someone somewhere might have an easier time migrating to segwit if it did... but, I don't think thats a good argument at all)
< jl2012> If someone assumes any existing key hashes are valid in segwit, he may lost money
< jl2012> Bad assumption, but I'm not surprised if someone really do that
< gmaxwell> same kind of error might try to reuse a p2pkh hash or a p2sh hash as a segwit script.
< gmaxwell> People have confused p2sh/p2pkh values in the past.
< gmaxwell> though it wasn't a super frequent error. (e.g. two distinct pieces of software made the error, that I'm aware of.. but only two)
< jl2012> I'd like to at least make uncompressed keys non std. It helps to prevent some type of garbage witness attack
< jonasschnelli> I think this would work, although not sure if we want to support that
< jonasschnelli> (importing keys with no rescan option could at least use the UTXO set to get the keys current balance)
< jonasschnelli> But I guess it would be complicated for the current data model implementation
< wumpus> yes it's quite an interesting possibility, if you're not interested in history then rescanning over the utxo set is enough
< wumpus> this is fast and will work with pruned block chain
< wumpus> so no, no categorical objections from me, I've thought of the idea in the past too but yes it requires some deeper changes to handle
< wumpus> I don't think we should call it 'pruned wallet' tho :-)
< wumpus> that word is already overused. Bt that's a nit
< jonasschnelli> wumpus: yes. Pruned wallet is confusing. But yes, the feature could be neat...
< jonasschnelli> I just feat the UX implications..
< jonasschnelli> The datamodel needs something like an "initial" balance... atm, everything is calculated with SUM()
< wumpus> yes, you'd need to summarize the non-existent history in an "initial" balance, that seems like just a bit of bookkeeping
< wumpus> agree that with the complicated wallet code it's probably more work than it seems
< wumpus> eh, no, you don't need that
< wumpus> you're not going to throw away transactions that count toward your balance
< wumpus> the completely reduced wallet would contain only transactions with unspent outputs
< wumpus> there may be some changed needed to balance computation, but you should never have to store a balance delta
< jonasschnelli> wumpus: hmm... I guess your right
< jonasschnelli> What about p2sh/multisig?
< wumpus> the wallet utxo index may be helpful here, https://github.com/bitcoin/bitcoin/pull/7823
< wumpus> p2sh/multisig doesn't really change, I think
< wumpus> in any case you are right that the implications should be thought through carefully
< GitHub65> [bitcoin] laanwj pushed 2 new commits to master: https://github.com/bitcoin/bitcoin/compare/edebf425a2df...0d0abcac1efe
< GitHub65> bitcoin/master 05242e9 adlawren: Fix minimize and close bugs...
< GitHub65> bitcoin/master 0d0abca Wladimir J. van der Laan: Merge #8481: Qt: Fix minimize and close bugs...
< GitHub196> [bitcoin] laanwj closed pull request #8481: Qt: Fix minimize and close bugs (master...fix-minimize-and-close-bugs) https://github.com/bitcoin/bitcoin/pull/8481
< GitHub118> [bitcoin] jl2012 opened pull request #8499: [Untested] Check bad witness (master...badwitnesscheck) https://github.com/bitcoin/bitcoin/pull/8499
< cfields> meeting?
< jonasschnelli> yes
< wumpus> yes
< wumpus> #startmeeting
< lightningbot> Meeting started Thu Aug 11 18:59:45 2016 UTC. The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot.
< lightningbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
< sipa> present
< wumpus> sipa proposed some topics earlier today: 1) segwit policy limits 2) can we propose a softfork to make low-s required simultaneously with segwit? 3) 3) raising mandatory script flags to include bip66 4)
< wumpus> eh no 4
< wumpus> can anyone do the giant highlight list?
< jonasschnelli> ping gmaxwell
< cfields> gmaxwell: paging bot
< gmaxwell> #bitcoin-core-dev Meeting: wumpus sipa gmaxwell jonasschnelli morcos luke-jr btcdrak sdaftuar jtimon cfields petertodd kanzure bluematt instagibbs phantomcircuit codeshark michagogo marcofalke paveljanik NicolasDorier
< kanzure> hi.
< instagibbs> oops, it's not wednesday, how about that
< wumpus> thanks
< luke-jr> heh
< wumpus> another topic would be rc3 go-ahead
< kanzure> not sure about priority but jtimon was asking for code review eyeballs on #8493
< wumpus> but let's start with sipa's topics
< btcdrak> hi
< wumpus> #topic segwit policy limits
< michagogo> cfields: I think last time he said it's not a bot...
< cfields> michagogo: was a joke :)
< gmaxwell> it's just an alias.
< wumpus> michagogo: all bots say that!
< sipa> jl2012 has suggested some changes to prevent DoS attacks with segwit
< michagogo> Also, if anyone's interested I think the KSK ceremony is starting soon
< sipa> do we in addition want per txin witness size limits or so
< wumpus> may make sense to add some initial limits, they can always be removed later
< wumpus> adding limits later is more controversial
< sipa> agree
< instagibbs> is this merely to offset people stuffing data for 25% the price
< sipa> but i'd like to know what opinions people have about this
< instagibbs> could you elaborate additional motivations if any
< jl2012> this is a conceptual PR: https://github.com/bitcoin/bitcoin/pull/8499
< wumpus> ofc
< luke-jr> a policy limit matching p2sh's consensus limit sounds uncontroversial
< luke-jr> but this is too small for N-of->15, so maybe slightly larger is desirable
< luke-jr> someone involved with Lightning probably should comment as well
< wumpus> yes, it would be important not to sabotage that
< btcdrak> ping roasbeef GreenIsMyPepper rusty ^
< instagibbs> could someone tell me what we're protecting against first? I can't really form an opinion
< jtimon> is this a new consensus rule or just policy? (looking at 8499 seems policy only, just want to confirm)
< sipa> jl2012: policy
< kanzure> instagibbs: txin witness size bloating
< sipa> eh, jtimon ^
< jtimon> thanks
< sipa> jl2012: 8499 does not set a size limit, right?
< instagibbs> 8499 I think just bans peers for bad witnesses
< sipa> instagibbs: also protection against the problems discussed in #8279
< jl2012> sipa: it's per input size limit
< instagibbs> sipa, yes, makes sense
< sipa> ok
< sipa> jl2012: but no limits for p2wsh
< sipa> (sorry, i haven't looked in detail; correct me if i'm wrong)
< sipa> seems there are not too many opinions; i'll propose some thing for next meeting
< sipa> next topic?
< wumpus> #topic softfork to make low-s required simultaneously with segwit
< wumpus> there was some discussion about this earliet today between sipa and jl2012
< luke-jr> IIRC, this just blocks transactions that can be fixed with malleation anyway. might as well.
< wumpus> <jl2012> sipa: why would you like to have a low-s softfork? And is it for segwit scripts only, or for all scripts?
< wumpus> <sipa> jl2012: it's already nonstandard for a long time, it doesn't hurt anyone, and removes a source of malleability
< wumpus> <jl2012> so you want it for non-segwit scripts too?
< wumpus> <sipa> well to be discussed
< murch> Are there any downsides to that?
< sipa> so it was recently suggested that since low-s has been non-standard and not present on the network for over a year now, we could propose to turn it into a consensus rules
< wumpus> <jl2012> with low-s rule, even the wtxid of a p2wpkh tx is not malleable
< wumpus> <jl2012> I don't see a compelling reason to have a low-s soft fork with segwit (in 0.13.1). Non-segwit txs are hopeless and we should not spend any energy to fix them. For segwit txs, why would we need immallable wtxid?
< wumpus> <sipa> one reason would be avoid 3rd party relayers messing with compact block relay
< jl2012> sipa: limiting p2wsh is more difficult, I think it could only be done case-by-case
< wumpus> sipa: agreed; the thing for discussion is mostly why to combine it with segwit
< wumpus> a low-s softfork itself at some point is uncontroversial imo
< sipa> pro combining it with segwit: it may be hard to do this as a separate softfork
< jonasschnelli> why is it hard?
< luke-jr> ^
< sipa> miners need to upgrade software
< jonasschnelli> Combine it with another, later software?
< jonasschnelli> softfork
< sipa> a low-s softfork would be uncontroversial, but also very low benefit
< luke-jr> no reason to make it urgent; just roll it out and let miners deploy on their own time?
< sipa> that's possible, but i thought it would be neat to just never have anything but low-s in segwit
< wumpus> but rolling everything into one giant softfork is more risky
< GreenIsMyPepper> reading scrollback...
< wumpus> that is true
< jonasschnelli> I think it's useful to combine to low-s restriction with the SW software in 0.13.1
< sipa> it's literally, VersionBitsActive(pindexPrev, DEPLOYMENT_LOW_S) == ACTIVE { flags |= SCRIPT_VERIFY_LOW_S; }
< wumpus> well yes that would be 0.13.1
< GreenIsMyPepper> is the policy limit for number of sigs? (sorry for the noise)
< kanzure> size
< jtimon> a low s softfork should be also quite easy, no? it's already implemented, just make a flag mandatory for consensus
< luke-jr> oh, right. speaking of 0.13.1, it seems quite uncontroversial
< instagibbs> Oh, if the two bip9 aren't packaged, I think we should
< wumpus> jtimon: yes, sipa just quoted the code change :)
< instagibbs> (duh, bip9)
< sipa> jl2012 sounded like he thought this would require more testing; and i agree that if due to extra testing this would delay the segwit softfork, we should not
< wumpus> I like coupling an uncontroversial change to a more risky one more than the other way around at least
< kanzure> s/we should not/we should not bundle
< luke-jr> (huh, it occurs to me - not a real suggestion - that we *could* have de-bundled the block size increase from segwit into a separate BIP9 bit, so long as all deployment of segwit included support for the separate blocksize-increase bit; IMO interesting)
< jtimon> no strong opinion about doing the low-s sf with segwit or later
< jtimon> but yeah, the sf itself seems uncontroversial
< sipa> gmaxwell countered that if low_s requires testing, that's testing we should be doing already, as it's being enforced on every transaction on the network already, so making it consensus likely just removes the possibility for untested cases
< GreenIsMyPepper> seems cleaner to have low-S from the start, no?
< luke-jr> wumpus: coupling an uncontroversial change to a more controversial one, could be taken as pressure to activate the controversial one; so for that reason, it may be best to keep them separate (like how we don't do softforks in .0 releases)
< luke-jr> (separate in the BIP9 sense, not necessarily a different release)
< instagibbs> luke-jr, my assumption would be a different bit
< btcdrak> I think lowS softfork is a nobrainer, it's also easy and uncomplicated since it's already policy.
< wumpus> luke-jr:that would be if it is uncontroverial *and* attractive, but there's no one really waiting for low-s enforcement, it's just a cleanup
< jtimon> I mean, we can also deploy low-s in, say 0.12.2 before segwit (oh, wait, backport bip9)
< jtimon> if they go in the same release, why separate them in the bip9 sense?
< kanzure> luke-jr: that's at best an argument for your segwit bip9 activation decoupling idea.
< wumpus> I don't think we should deploy anything before segwit
< sipa> wumpus: agree
< jonasschnelli> agree
< wumpus> it's time for segwit now, we should try to move ahead with things instead of introducing more things in between
< luke-jr> kanzure: well, it's almost certainly too late for that (it definitely would add to testing required)
< jtimon> wumpus: just saying that together is not the only option for having low-s from the start of segwit, no strong opinion
< wumpus> so, yeah, let's get 0.13.0 out asap then decide on a timeframe etc for segwit and do 0.13.1
< sipa> ok
< GreenIsMyPepper> luke-jr: to follow up with the above ping, we're presuming a policy limit to be the same as P2SH constraints with the redeemScript size
< luke-jr> GreenIsMyPepper: thanks
< wumpus> adding LOW_S is fine with me, it's simple to do and not risky and not controversial, indeed is a lot of overhead to do a seperate softfork for it
< instagibbs> also segwit could activate first, in some universe
< sipa> GreenIsMyPepper: oh sure - no reason why segwit would be able to do less than what is currently possible with P2SH
< wumpus> next topic?
< wumpus> #topic raising mandatory script flags to include bip66
< btcdrak> I would prefer we combine lowS with segwit.
< jtimon> regarding luke-jr's argument, I don't think segwit is controversial either, but if segwit+low-s deployment fails, you can always try again with them separated
< sipa> so, we have 3 sets of flags currently
< luke-jr> what node versions does this result in cutting off from the network? pre-0.8, I think?
< sipa> 1) mandatory flags 2) consensus flags 3) standardness
< wumpus> luke-jr: no one is 'cut off' from the network?
< luke-jr> then I am misunderstanding
< jtimon> sipa: how are mandatory flags different from consensus flags?
< sipa> luke-jr is not misunderstanding
< wumpus> luke-jr: it's a softfork so 0.8 nodes should still be able to verify?
< sipa> wumpus: i'm explaining
< instagibbs> Mandatory script verification flags that all new blocks must comply with for
< instagibbs> * them to be valid. (but old blocks may not comply with) Currently just P2SH,
< sipa> the reason why mandatory flags are different from consensus is because old nodes are not guaranteed to not send us currently-invalid transactions
< sipa> and we would ban them if they send a BIP66-invalid transaction, for example
< instagibbs> "Failing one of these tests may trigger a DoS ban" I see
< sipa> so that's why BIP66 is not part of mandatory flags
< sipa> i just wanted to bring up the topic, not necessarily for anytime soon
< wumpus> right, so they would not be cut off the network, but only if they actually generate or relay something invalid by new rules
< luke-jr> note we have a fork of 0.5.3 that is actively "maintained" and used
< jtimon> instagibbs: also bip66, bip65 and bip112, no?
< sipa> wumpus: it could partition the network, though
< luke-jr> s/we/someone else on the network/
< wumpus> sipa: ok, let's look at it from the other side then
< instagibbs> jtimon, oh, the comment is straight from master
< wumpus> sipa: what would be the advantage?
< sipa> wumpus: if there is a large group of pre-0.8 nodes connected to eachother, and they get an invalid transactions relayed to eachother
< jtimon> but all new blocks must comply with those too
< wumpus> does it cost a node a lot of resources to verify BIP66 compliance? if not, why does it warrant DoS banning?
< sipa> wumpus: good point
< sipa> perhaps the policy should just be to never extend mandatory flags
< sipa> unless there is a DoS attack that needs it to be fixed
< wumpus> I remember a previous discussion about being less trigger happy regarding DoS banning
< wumpus> right, if there is DoS risk it is the appropriate measure
< sipa> i just noticed that this is something we've been ignoring the value of mandatory flags
< wumpus> yes, sure, it's confusing
< sipa> yes, indeed, i remember reducing dos banning flags
< wumpus> but adding a comment explaining this rationale would do just as well as extending the mandatory flags
< sipa> fair enough
< sipa> jtimon: because pre-0.11.2 nodes could get banned by us if they'd send a CSV-violating transaction
< wumpus> jtimon: for the same reason, probably, it would be harmful to DoS ban on them
< luke-jr> jtimon: if a 0.5.3 node sends you a transaction violating those rules, you don't want to ban them, just reject it; if you banned them, you partition such nodes off the network and they stop getting blocks
< wumpus> (to not accidentally partition the network)
< jtimon> ok, so it's all about the DoS score
< wumpus> yes
< instagibbs> so why is it ok to ban a misbehaving p2sh transaction (probably veering off the path here)
< jtimon> why SCRIPT_VERIFY_P2SH is different from other softforks for this again?
< wumpus> validation overhead?
< sipa> jtimon: it was very old at the time mandatory flags was introduced, so nobody cared, i guess
< gmaxwell> We can't reasonably support old versions forever; We're not testing them, and certantly not testing weirdo transactions with them. perhaps we should have a program of making links to sufficiently old versions blocks-only after some point.
< wumpus> well people run them on their own risk
< jtimon> wumpus: well they risk being banned, no?
< gmaxwell> yes, though if we blocks only them we won't risk partitioning them do to weirdness with txn handling. Much more likely to be reliable.
< sipa> i think it's more a philosophical issue... another implementation may have different policy, and it's not our place to trigger happy ban them
< sipa> i like the idea of reducing dos banning where possible
< wumpus> sure, but would be best to not DoS ban in the first place for non DoS offenses
< jtimon> sipa: for SCRIPT_VERIFY_P2SH too?
< luke-jr> gmaxwell: would blocks-only treatment break their wallet broadcasts, though?
< gmaxwell> Sending a consensus invalid transaction is a prefectly reasonable thing to ban for ... ignoring that the consensus rules change over time.
< wumpus> I don't think we should make the one-sided decision to make lower version nodes blocks-only
< gmaxwell> luke-jr: yes but nodes that old already have wallet broadcast problems because of high-S enforcement as standardness.
< wumpus> e.g. something may report a low network version but be perfectly able to handle new transactions
< wumpus> they're not really coupled the same way in other software than bitcoin core
< gmaxwell> probablity of their txn not relaying already is exponential in the number of signatures.
< luke-jr> gmaxwell: consider that there's a crowd who insist on using 0.5.3 :/
< wumpus> in any case I don't think this is a very urgent topic
< luke-jr> I guess they must have patched that
< jtimon> luke-jr: who insists in using 0.5.3 ?
< luke-jr> jtimon: therealbitcoin.org people
< gmaxwell> luke-jr: they have to apply a small pile of fixes in any case.
< gmaxwell> presumably they're fixed to produce high-S signatures (or not transacting at all... :P )
< luke-jr> I suppose the BIP 66 patch is fairly trivial to add to that pile if they care; but sipa is right about the principle of not cutting them off IMO
< wumpus> they probably write raw transactions in their head instead of using the bitcoin core wallet
< jtimon> I guess I can ask after the meeting, but why don't they want to upgrade?
< sipa> jtimon: yes, let's discuss that after the meeting
< luke-jr> ^+1
< jtimon> sipa: sure, np
< sipa> i think this is getting too abstract
< sipa> i just wanted to raise attention to the neglected mandatory flags :)
< wumpus> in any case, not our problem, we should not do anything to sabotage use of old clients, but we're also not responsible for making sure all old versions still work, they'll have to do with a pile of patches on top
< wumpus> yes, next topic?
< btcdrak> I dont see any 0.5.3 useragents
< sipa> wumpus: you had rc3 as topic?
< wumpus> #topic rc3 go-ahead
< btcdrak> luke-jr: are you sure there are 0.5.3 nodes on the network? https://bitnodes.21.co/nodes/?q=0.5.3
< wumpus> yes, quick question, anything that still needs to be merged/backported for 0.13.0 apart from release notes?
< wumpus> not seeing anything here https://github.com/bitcoin/bitcoin/milestone/20
< luke-jr> on the off-chance there's no objection, I'd like to PR https://github.com/bitcoin/bitcoin/commit/5a716a3bc6621e4d2e2c1de5b6b5596d6877d589 for 0.13.0 mostly just to make #8459 uncontroversial
< wumpus> so I'm going to tag rc3 in a very short while, after the usual translation updates and such
< luke-jr> btcdrak: 1) those are just listening nodes, 2) 7 nodes show as 99999 "/therealbitcoin.org:"
< wumpus> yes they don't report as 0.5.3
< jtimon> sipa: so should we get SCRIPT_VERIFY_P2SH out of mandatory too?
< btcdrak> luke-jr: ok so there are 5 nodes out of 5000, I really dont think we have to be concerned.
< sipa> jtimon: out of topic :)
< jtimon> sipa: ok, later too, whatever
< wumpus> btcdrak: it's not a concern
< btcdrak> wumpus: rc3 looks good to go.
< wumpus> foss gives that freedom to run your own stack of weird hacks if you want for whatever reason
< wumpus> btcdrak: ok!
< sipa> ack rc3
< jonasschnelli> ready to build
< cfields> sipa: as discussed yesterday, any need to try to get default_witness_commitment added to gbt with no witness data for 0.13.0? So miners can start easily adding commitments even before activation?
< btcdrak> There's also a blog post being written about 0.13.0 if some eyes could review and comment https://github.com/bitcoin-core/bitcoincore.org/pull/199
< sipa> cfields: fine be me
< sipa> btcdrak: great
< wumpus> cfields: eh, so that means holding up rc3?
< cfields> wumpus: opinion ^^? Not critical, we have testnet.
< wumpus> if it's not critical I'd say not do it, at this point
< sipa> cfields: 0.13.0 has no activation, so it would not produce a default_witness_commitment?
< wumpus> unless you want to be that person holding up the release :)
< sipa> i think there is no need for that in 0.13.0
< luke-jr> sipa: the subject was commitments pre-activation
< sipa> i'm confused about that
< sipa> i think a miner on 0.13.0 should never produce a segwit commitment, and a 0.13.1 one (assuming it has a defined start date) should always (regardless of whether it is before or after the start time)
< gmaxwell> ^ thats my expectation
< sipa> there is no problem if people choose to diverge from that
< wumpus> cfields: to be honest I'm not sure what the advantage or disadvantage of that is
< gmaxwell> The reason I believe we should do that is so that we don't hae sudden behavior changes at times which are far away from updating the software which might break downstream mining infrastructure.
< cfields> works for me. i was only considering it as a way to see that pools had begun adding valid structures. obviously it wouldn't be actually checked/used
< gmaxwell> e.g. if you update your bitcoin node and then days/weeks later it starts doing thing with segwit commitments that breaks your miners or pooling software, that is preferable. You would prefer the break to happen at upgrade time.
< sipa> cfields: 0.13.0 for all intents and purposes behaves identical to older nodes wrt segwit behaviour
< sipa> cfields: so i think there is no point in using witness commitments as a signalling mechanism for anything in 0.13.0 already
< cfields> sipa: understood
< sipa> so, ack rc3?
< gmaxwell> as far as 0.13 vs 0.13.1 I think 0.13 should not change behavior, because it won't ever activate. so there is no problem of behavior suddenly changing with it.
< gmaxwell> rc3 sounds good to me.
< cfields> works for me
< jtimon> yay 0.13.0!
< gmaxwell> jtimon: careful, you're going to trigger some confused reddit posts.
< wumpus> roughly one minute to go
< jtimon> oops, sorry, yay ack rc3
< gmaxwell> I think someone's clock is off.
< gmaxwell> Time to die.
< wumpus> jtimon: yes, let's not get ahead of ourselves
< wumpus> #endmeeting
< lightningbot> Meeting ended Thu Aug 11 20:00:39 2016 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)
< sipa> #killtime
< gmaxwell> and it ended on time. hurrah.
< * gmaxwell> bbl
< * btcdrak> flies off
< wumpus> no, clock is not off, the server is just travelling at relativistic speeds...
< jtimon> sipa: so should we get SCRIPT_VERIFY_P2SH out of mandatory too?
< wumpus> or completely drop mandatory?
< luke-jr> jtimon: to answer your earlier question best I can: I think they perceive 0.5.3 as the last release before the Bitcoin Foundation "got involved" (I know the BCF was never involved, but they're conspiracy nuts)
< jtimon> wumpus: well, at that point mandatory would be only SCRIPT_VERIFY_NONE so it's kind of the same
< murch> luke-jr: Are they the people around Mircea Popescu?
< luke-jr> murch: right
< sipa> murch: yes
< pigeons> i asked before too, got answers about gavin making changes for CIA, "only real bitcoin address starts with a 1", etc
< wumpus> jtimon: so after that the logic can be removed, cleanups, yay
< instagibbs> pigeons, how do they feel about base32...
< murch> well, in that case… Why bother putting in the extra work of maintaining special cases for them?
< wumpus> murch: we don't
< sipa> murch: we shouldn't
< sipa> murch: but we should also find practices that don't gratuiously kick certain types of software off the network, regardless of what that software is
< cfields> wumpus: so, it was a bit too in-detailed for the meeting, so i didn't bother... I'm considering switching approaches on the boost::thread conversion, curious to get your opinion
< pigeons> lol instagibbs i don't know you can ask in #trilema if yu want entertinment
< instagibbs> pigeons, i like not being DoS'd thank you
< * instagibbs> back on topic
< luke-jr> lol
< jtimon> wumpus: sounds good to me
< wumpus> cfields: what approach do you consider switching to?
< * sipa> afk
< jtimon> luke-jr: I see, thanks
< murch> okay, I must have missed something, because it sounded like someone was thinking about putting extra code and special rules to maintain compatibility to 0.5.3 with the flags thing
< cfields> wumpus: turns out, osx's clang doesn't support thread_local (ugh). And I doubt it's the only one. So I ended up re-implementing a clone of boost::thread_specific_ptr...
< cfields> wumpus: then a few more little things like that. It keeps growing and growing...
< luke-jr> murch: we currently already have this code; the topic was adjusting it (which would have a side effect of effectively kicking off older nodes from the network)
< wumpus> cfields: what do we use thread local for?
< jtimon> but sipa didn't answer if that would be ok with him
< cfields> wumpus: I've started to think it would make more sense to just fix up our code one place at a time to not require interruptions
< luke-jr> murch: we cannot remove the code, since it is required for every softfork to prevent forking off pre-softfork nodes
< wumpus> cfields: so the interruptions require the spottily-supported functionality?
< murch> By the way, while there are still lots of well-informed people reading this. Does anyone else have another list of realistic spending values for Bitcoin Nodes? I'd love to have a second scenario to test my coin selection simulation on.
< cfields> wumpus: it's necessary for this::thread stuff. So, this_thread::interrupt, this_thread::sleep (interruptible), etc
< cfields> er, this_thread::interruption_point
< murch> luke-jr: Thanks for clarifying
< luke-jr> murch: realistic daily spending values seem to be anything from 0.01 to 1 BTC. :p
< wumpus> there are two uses of boost::thread_specific_ptr at the moment, one in lock debugging, one in util, also for debugging purposes. I think we could switch away from using them
< wumpus> cfields: right
< wumpus> cfields: it's easy enough to switch interruption points to just a flag
< cfields> wumpus: sorry, i was unclear. thread_local or thread_specific_ptr are necessary for implementing the interruptible threads
< wumpus> cfields: after all we always interrupt all threads at once anyway, we don't do it on a per-thread basis
< murch> luke-jr: Sorry, I mean a list of subsequent amounts that were sent by one node, as in a model for simulating wallet behavior.
< wumpus> cfields: e.g. we stuff everything into one thread group
< cfields> wumpus: right, now that we have atomics, we can just throw those checks around instead
< wumpus> right
< cfields> wumpus: i'd be more comfortable with that. I'm growing less and less confident in the correctness of the wrapper.
< wumpus> I agree onthe longer term it'd be nice to have each module handle its own interruption/shutdown, but we could first replace our use of boost::interruption_poiint with a global flag easily enough and do that leater
< wumpus> cfields: sure; we should try to reimplement as little as possible boost functionality, only what we realy need for our current usage
< wumpus> if we can do without thread local data, let's do that
< cfields> wumpus: ok thanks, i'll give that approach a shot
< wumpus> I do like how httpserver was switched to c++11 threads without any issues
< cfields> yea, i think it works out to be easier that way. It means evaluating some of the threads individually, but we were going to have to do that eventually anyway
< wumpus> good work
< cfields> thanks. ok, I'll start pr'ing those changes then.
< luke-jr> I think we won't know if there are issues until 0.13.0 is out the door. :x
< cfields> shame to throw away all of that wrapper code, but it was a good learning experience :)
< luke-jr> cfields: well, hopefully Apple will get TLS by 0.14? :P
< cfields> luke-jr: yea, it's available in the current xcode beta. funny thing is, they actually ripped it out of upstream clang
< luke-jr> yeah, so just save it until post-0.13 rather than throw away?
< wumpus> cfields: yes it's a pity, but I don't think we could have forseen this
< cfields> but based on that, i'm assuming they're probably not the only ones
< wumpus> cfields: though I think the wrapper was always meant to be temporary?
< wumpus> just a self-contained step in moving away from boost
< cfields> wumpus: right
< wumpus> luke-jr: correction: until 0.14 is out of the door :)
< luke-jr> wumpus: oh, that missed the 0.13 merge window? in any case, we don't know that any C++11 is actually safe yet. (in the sense that we may have users who can no longer build)
< wumpus> many open source projects are switching to requiring c++11
< luke-jr> yes, I'm not arguing against it.
< jtimon> btcdrak: it seems I am the only one that considers moving consensus code a good thing by itself, should I close #8337 and #8329 or rebase them?
< btcdrak> jtimon: sorry I am way behind this week.
< jtimon> no worries, I don't need an urgent answer
< btcdrak> please dont close the PRs.
< jtimon> ok
< jtimon> that means rebase I guess
< jtimon> thanks
< * luke-jr> wonders how compact block code reacts to such thinblock nodes
< wumpus> gah
< murch> lol
< murch> it's kinda funny that nobody saw that until now. ^^
< Lightsword> are enough people using thinblocks for it to even matter?
< wumpus> well it's not nice to conflict with something in use, but on the other hand, it's telling enough that it's only discovered now
< Lightsword> I mean, compact blocks is already in use…
< murch> Lightsword: 500 Classic nodes or so
< Lightsword> murch, what’s first classic version that had thinblocks?
< murch> Lightsword: and roughly 90 BU and XT perhaps
< wumpus> would have been useful for finding conflicts if the enumeration actually had the numbers, instead of relying on c++ for counting
< murch> Lightsword: No clue, I just was aware that r/btc had their panties in a twist over the whole Thinblocks/CompactBlocks thing
< luke-jr> I suppose it's important for both protocols to handle malicious nodes, and conflicts are not any worse than malice (technically speaking)
< luke-jr> but it'd be nice to let people implement both
< wumpus> in any case BIP152 has the number: A new inv type (MSG_CMPCT_BLOCK == 4) and several new protocol messages are added: sendcmpct, cmpctblock, getblocktxn, and blocktxn.
< luke-jr> yes, this is a failure of thin blocks to use the BIP process :/
< wumpus> changing that enumeration would mean changing the BIP too
< wumpus> indeed
< Lightsword> yeah…I think core node count with compact block support is roughly the same
< Lightsword> the most common classic node is one that doesn’t seem to support it anyways
< luke-jr> even their own BUIP doesn't seem to mention this
< Lightsword> I don’t think people actually use classic in any meaningful sense
< wumpus> yes, clearly a process failure
< murch> Lightsword: Don't let yourself quote like that. You'll face endless harrassment on Reddit. :p I'm having a hard time finding the Bitcoin Classic release notes.
< wumpus> if you grab a number in the protocol you should publish a BIP
< Lightsword> murch, I’m not sure I care
< achow101> so it comes down to who defined that enum first
< wumpus> otherwise how are people supposed to know?
< sipa> wumpus: they published a buip, i think :)
< wumpus> it's clearly too late now anyhow
< wumpus> sipa: well that doesn't do it
< Lightsword> wait, is it conflicting with MSG_THINBLOCK or MSG_XTHINBLOCK?
< achow101> MSG_THINBLOCK
< sipa> ah
< wumpus> if we're no longer going to follow the BIP process, could as well abandon it
< Lightsword> so it doesn’t conflict with XT at least since “BUIP010 thin block. We don't support these.”
< Lightsword> for MSG_THINBLOCK
< TD-Linux> they submitted a BIP draft to bitcoin-dev which only reserved the bit with no documentation of what it did
< wumpus> TD-Linux: link?
< TD-Linux> one sec
< luke-jr> sipa: a BUIP that doesn't mention either the inv enum nor the service bit.. :/
< wumpus> it should mention the enum value (4)
< murch> Lightsword: Not sure whether that's what you were saying, but bitcoinxt merged XThin blocks in 0.11F on 24th of June.
< luke-jr> TD-Linux: this doesn't mention the enum
< TD-Linux> yes it does
< wumpus> that's about the services bit
< TD-Linux> oh okay I see.
< Lightsword> murch, that issue states the issue isn’t with xthin enum but normal thin enum
< wumpus> not MSG_THINBLOCK inv type
< GitHub73> [bitcoin] laanwj pushed 1 new commit to 0.13: https://github.com/bitcoin/bitcoin/commit/9058617afb24594f09848d2a53403760bd64470a
< GitHub73> bitcoin/0.13 9058617 Wladimir J. van der Laan: qt: translations update pre-rc3
< achow101> The earliest mention of MSG_THINBLOCK that I could find is in their reference implementation here: https://github.com/ptschip/bitcoinxt/commit/7ea5854a3599851beffb1323544173f03d45373b#diff-1df47808b82268c616535e7b20216dfbR157
< achow101> It isn't in any documentation though
< sipa> i also don't see the problem; an implementation that wants to support both can just look at the service bits
< sipa> ah, right, if you want to set both service bits...
< luke-jr> yeah ☺
< GitHub177> [bitcoin] laanwj pushed 1 new commit to 0.13: https://github.com/bitcoin/bitcoin/commit/b52c67c4b188c274de60fbd5e26441e9a644dba6
< GitHub177> bitcoin/0.13 b52c67c Wladimir J. van der Laan: doc: Update changelog for rc3
< wumpus> * [new tag] v0.13.0rc3 -> v0.13.0rc3
< achow101> woo building time
< * sipa> fires up the gitian
< cfields> tested a good bit on testnet. getting ready to push upstream, if anyone's interested in taking a look first
< cfields> luke-jr: ^^
< cfields> oh
< * cfields> fires up gitian too
< luke-jr> cfields: trade? :P (I should probably merge tests into libblkmaker segwit first though)
< luke-jr> actually, tests could use review independently: https://github.com/bitcoin/libblkmaker/pull/7
< cfields> luke-jr: trade for libblkmaker review?
< luke-jr> right
< cfields> sure
< cfields> luke-jr: looking now.
< * michagogo> runs his all-in-one gitian script
< luke-jr> cfields: ok, I think the rest looks good
< cfields> luke-jr: thanks. Still going through yours. the commitment insertion stuff looks fine so far (though i've already looked over that a good bit)
< luke-jr> cfields: eh, the commitment insertion stuff isn't in that PR <.<
< cfields> luke-jr: eh? I'm not looking at the tests, I'm looking at #6
< luke-jr> ok I guess
< luke-jr> IMO the tests should go first though XD
< cfields> need to be familiar with what it's testing first :)
< cfields> luke-jr: i don't see anything to complain about in #6. I'll grab/run the tests and go through them.
< luke-jr> cfields: FWIW, I found two things to complain about in #6 >_< (weightlimit was being enforced even when unset (internally zero), and when transaction weights were unknown)
< luke-jr> oh, maybe I pushed those before you looked XD
< michagogo> cfields: my sigs are up