< phantomcircuit>
wait this is probably not actual master
< phantomcircuit>
hmm
< sipa>
but i think gmaxwell's using qt4
< phantomcircuit>
gmaxwell, yeah it's broken
< phantomcircuit>
sipa, yeah i have qt4 also
< luke-jr>
gmaxwell: Gentoo's 0.14.1-r1 seems to work with any configuration I try; can you be more specific on how to get a failure? Do you have the overlay?
< gmaxwell>
luke-jr: the issue is that it puts BITCOIND_OPTS="-disablewallet" in /etc/conf.d even when the wallet useflag is set.
< gmaxwell>
both the overlay and not.
< luke-jr>
gmaxwell: aha, interesting. I wonder if we should tolerate/ignore that in such cases
< luke-jr>
I'll hack the ebuild to get rid of it for now
< luke-jr>
wait, "even when the wallet useflag is set"? that's to be expected?
< gmaxwell>
You are saying that when the wallet useflag is set, it should disable the wallet?
< luke-jr>
(okay, looks like -disablewallet should safely be ignored already too)
< luke-jr>
gmaxwell: it builds with wallet support, but the init script in typical usage wouldn't enable the wallet because it's a system bitcoind
< luke-jr>
at least, that seems to be the typical assumption users have had before; and it can be changed where people want something else
< gmaxwell>
This is insanely confusing and imposible to support, I wasted about a half an hour trying to help someone today with this.
< luke-jr>
ie, when people want bitcoind-with-wallet, they usually run that as a normal user
< luke-jr>
hmm
< luke-jr>
I suppose an unused wallet is harmless
< gmaxwell>
if you don't want to use a wallet you.. exactly!
< luke-jr>
gmaxwell: it's contrib/init/bitcoind.openrcconf in Core itself; do you want to open the PR, or should I?
< gmaxwell>
I'd rather you do so since I'm not in a position to test it myself.
< luke-jr>
k
< bitcoin-git>
[bitcoin] luke-jr opened pull request #10451: contrib/init/bitcoind.openrcconf: Don't disable wallet by default (master...openrc_wallet) https://github.com/bitcoin/bitcoin/pull/10451
< wumpus>
don't be angry, let the people that care about fix it
< jonasschnelli>
Yeah... ideally it would be in our CI
< jonasschnelli>
otherwise this pops up here and there
< jonasschnelli>
but right, I don't care about qt4. If people do, then they must fix it.
< wumpus>
yes, same there, let the people that care about it add it to CI :)
< sipa>
is Qt4 still intended to be supported?
< wumpus>
yes
< wumpus>
but no one of us actually uses it anymore, for a long time
< sipa>
i believe that gmaxwell's setup had both qt4 and qt5, and configure automatically picked qt4?
< jonasschnelli>
even worse, I think BlueMatt's PPA builds against qt4?!
< wumpus>
there's an issue for qt4 eol, but apparently some people are still relying on it, so if they want to spend work on supporting it it's 100% fine by me, just don't expect me to: https://github.com/bitcoin/bitcoin/issues/8263
< wumpus>
if both qt4 and qt5 is installed and detected it should pick qt5
< jonasschnelli>
during runtime? Do they compatible ABIs?
< wumpus>
nono at configure time
< jonasschnelli>
But the PPA is pre-built?
< wumpus>
sipa was asking about configure, my answer was to that
< jonasschnelli>
ah. sry
< jonasschnelli>
Yes. It prefers qt5 since a while.
< wumpus>
yes, because of an issue with ubuntu unity tray icon handling apparently qt4 works better on some ubuntu versions
< wumpus>
it's pretty sad, but nothing really to be done about it, except wait for unity to be history
< wumpus>
this is not a problem with our code, or even qt upstream, but with ubuntu specific plugins
< sipa>
how about we just remove the tray icon support...?
< wumpus>
it's possible, but it works fine for other OSes and other linux distros
< wumpus>
I wouldn't mind removing tray icon support, but this in itself is a lousy reason
< wumpus>
sure - disabling it specifically for the ppa would work, including a custom patch
< sipa>
i was about to say that one distro with lousy trayicon support is a bad reason to stick with qt4... except we only stick to qt4 on ubuntu
< wumpus>
that's up to BlueMatt
< wumpus>
exactly!
< gmaxwell>
I don't care about QT4 but I thought we still supported it.
< gmaxwell>
And as sipa mentioned, I have both installed and it's building against 4.
< gmaxwell>
(on debian testing)
< wumpus>
(last time I tried tray icon support on ubuntu 16.04, with self-compiled bitcoin-qt on qt5 it seemed to work fine for me, btw, maybe they've fixed it, at least on some versions... or it's somehow dependent on a combination of circumstances)
< jonasschnelli>
gmaxwell: hmm... bitcoin.m4 should prefere qt5 though... strange
< gmaxwell>
I suppose it's possible something is screwed up, but it seems to be useful that it is since I keep catching build failures.
< sipa>
gmaxwell: perhaps you have some tiny dependency missing for qt5?
< jonasschnelli>
Maybe one of the qt5 libs is missin?
< jonasschnelli>
+g
< jonasschnelli>
config.log should probably tell you why...
< wumpus>
my guess is that the qt5 detection is either broken on your distro, or a required component is missing
< wumpus>
yeah that'd help
< sipa>
well there are two independent issues here... building for qt4 should work if it's intended to be supported
< sipa>
and qt5 should be detected properly for gmaxwell
< luke-jr>
wumpus: I already tried to add it to CI, and then it was supposed to be part of the daily CI..
< wumpus>
luke-jr: ok, but it isn't?
< luke-jr>
I guess someone removed it? Daily CI thing seems to be closed/dead?
< wumpus>
it's run from a crontab now
< wumpus>
(a new travis CI feature)
< luke-jr>
so what happened to the qt4 part?
< wumpus>
I don't know
< jonasschnelli>
But I guess cron is not sufficient for qt4 support. We want to know before a merge
< luke-jr>
I wonder if .. yeah, maybe it should be a primary QA
< wumpus>
I think the problem back then was that we don't really want to add a new configuration/build for it,and it couldn't be fit into one of the current ones
< gmaxwell>
wumpus: thanks. I think we need it in build CI or we need to drop support for it.
< wumpus>
gmaxwell: I'm fine with either
< wumpus>
I really don't have an opinion on qt4, just refuse to spend time in it myself
< wumpus>
but I guess it's the same in linux, I doubt e.g. Linus cares personally about all the drivers for ancient devices still in there, but as long as someone is willing to put in the time to keep it working it's better to keep including it instead of nuke it just because, after all it's a community effort
< gmaxwell>
I don't know if I should care about QT4 or not. (don't know what the deployment rate of QT5 is)
< wumpus>
never was able to find a real EOL announcement, but it's been dead in the water for a long time
< wumpus>
not that it says much, I know for fact that some industrial systems are still using qt4, even qt3 probably (was the case a few years ago)
< luke-jr>
FWIW, I looked into adding Qt3 support briefly and decided it would be a pain :p
< wumpus>
qt5 is much better for multimedia/modern app kind of interfaces, but for simple boring widget interfaces there's only a small difference between qt3 and qt4 and the difference between qt4 and qt5 is negible
< gmaxwell>
If QT5 is shipping by default on the common linux distributions, perhaps we should stop QT4 support. Even though the difference is small, the effort to keep supporting it is non-trivial.
< wumpus>
luke-jr: yes the API is quite different, I mean the user experience isn't that different
< wumpus>
gmaxwell: yup qt5 has been the default on linux distros for a few years (don't know exactly how long / since which versions of particular distros though)
< luke-jr>
gmaxwell: Qt5 doesn't have native look/feel on Qt4-based DEs.. but even that seems dead now
< instagibbs>
meeting time?
< wumpus>
but at least in ubuntu 14.04 it already was
< wumpus>
#startmeeting
< lightningbot>
Meeting started Thu May 25 19:00:52 2017 UTC. The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot.
< jonasschnelli>
We should think about if we want run-time wallet creation/loading/unloading or per startup -wallet argument.
< luke-jr>
jonasschnelli: IMO both eventually, but the latter is a good first stpe
< jonasschnelli>
Also,.. what should we do with rescan/zapwallet/salvage/upgrade
< wumpus>
yes, in the long term we want both
< wumpus>
in the short term just do what is realistic for the (not too long!) timespan until 0.15
< sipa>
i would disable rescan if you have more than one wallet configured
< jonasschnelli>
the -wallet= approach seems very confusing. You either -usehd on all wallte, -rescan all wallets, etc.
< sipa>
and use the RPC instead
< sipa>
or better, remove it
< jonasschnelli>
We can start with the all or nothing -wallet configuration. But ideally we move it to runtime over RPC
< jonasschnelli>
also,... creation-flags can then be passed in.
< wumpus>
yes
< sipa>
right, all those options that affect the creation of new wallets ideally go into a new-wallet-creation RPC
< jonasschnelli>
yes
< luke-jr>
/GUI
< sipa>
and rescan and upgrade become wallet-specific RPCs
< wumpus>
so the command line options only work for the default wallet
< jonasschnelli>
The GUI can be done later
< wumpus>
that's fine
< wumpus>
yes
< luke-jr>
sipa: they already are?
< sipa>
luke-jr: they're not RPCs
< sipa>
?
< luke-jr>
sipa: rescan is, although maybe not merged in Core yet?
< jonasschnelli>
I ack luke-jr current PR but deploying that may cause confusion (because of lack of a concept)=
< sipa>
luke-jr: #7061
< gribble>
https://github.com/bitcoin/bitcoin/issues/7061 | [Wallet] Replace -rescan with a new RPC call "rescanblockchain" by jonasschnelli · Pull Request #7061 · bitcoin/bitcoin · GitHub
< * sipa>
really really really wants to see rescan go away entirely, but fears he cannot win this fight
< luke-jr>
actually, -rescan might be better with multiwallet
< jonasschnelli>
Heh. Its just to handy to remove rescan
< luke-jr>
since you'd want to rescan all the wallets concurrently
< sipa>
fair point
< luke-jr>
the overhead for rescanning N wallets vs 1 is minimal IMO
< jonasschnelli>
Another point is that we should consider wallet flags combined with the new wallet db format we have introduced with the HD chain split.
< jonasschnelli>
wallet flags would probably better allow to store "creation flags"
< jonasschnelli>
But maybe it's not required for the current feature set. But think like: "is the wallet using HD", "is it using chain split", .. "are pkeys diables"?
< sipa>
yup
< luke-jr>
eh, the wallet already supports that?
< sipa>
but i think that's orthogonal to the new database format
< jonasschnelli>
Yes. But we already do a new wallet-format type in 0.15. Ideally we push in everything that usefull for 0.15+
< sipa>
a new wallet format in 0.15?
< sipa>
what?
< jtimon>
sounds too optimistic
< jonasschnelli>
the HD chain-split is not backward compatible
< sipa>
oh!
< jonasschnelli>
Not a new database format.
< sipa>
ok
< wumpus>
let's not make multiwallet dependent on a new wallet format
< sipa>
nvm
< wumpus>
okay, makes sense
< sipa>
i thought you were talking about logdb
< jonasschnelli>
nono...
< jonasschnelli>
Just saying that the 0.15er wallet.dat files will not be backward comp.
< sipa>
yeah, sure
< jonasschnelli>
ideally we push in as much as we can... to avoid the same non -back com. in 0.16
< luke-jr>
0.15-created*?
< jonasschnelli>
0.15 created.. yes
< sipa>
i think breaking backward compatibility in major releases is fine
< jonasschnelli>
Yes. But if we can avoid it with little effort we may want to do it.
< jonasschnelli>
But lets park this problem for now.
< jtimon>
but his point is the more we get in now the less we have to break the next time
< gmaxwell>
luke-jr: if you what to preserve rescan you need to make it faster. I think rescan is already functionally dead for many users: It takes something like 8 hours on my laptop.
< jonasschnelli>
Way more important is what we do with -zap/-salvage/-upgrade in multiwallet
< luke-jr>
jonasschnelli: forbid them with >1 -wallet?
< jonasschnelli>
luke-jr: yes. why not.
< gmaxwell>
jonasschnelli: I replied to your comment on that PR: I think zap and salvage should ultimately go away or move to another tool. Upgrade, I dunno.
< jonasschnelli>
How would you run a non-hd and a hd-wallet (seems to be a reasonable use case)
< jonasschnelli>
gmaxwell: agree with you
< * sipa>
suggest removing zap in favor of abandontransaction, replacing salvage with a standalone tool, and leaving ugprade to apply to all wallets
< luke-jr>
jonasschnelli: it just works right now..
< jonasschnelli>
luke-jr: Can it work? If you call -usehd on a non-hd wallet is stops during init
< luke-jr>
jonasschnelli: don't set -usehd
< jonasschnelli>
The its 1 by default
< luke-jr>
no, it's <whatever> by default, for existing wallets
< jonasschnelli>
I guess you can't mix right now
< luke-jr>
I test multiwallet with a combo of HD and non-HD
< jonasschnelli>
Okay. Sorry then.
< sipa>
-usehd should go away and become a parameter of the createnewwallet RPC
< jonasschnelli>
Starting with luke-jr's current PR is fine..
< kanzure>
is there interaction between multiwallet and accounts?
< sipa>
kanzure: no
< cfields>
jonasschnelli: i'm sure we could get that worked out
< jonasschnelli>
cfields: okay. Great
< sipa>
for the time being, i think that -usehd (if specified) should apply to all wallets, if not specified, every wallet can be whatever it already is
< wumpus>
yes, that's fine, let's aim to get at least basic multiwallet support in 0.15 though
< jonasschnelli>
agree
< wumpus>
not let it slip another release because we want too much from it, or make it conditional on other changes which haven't been done yet
< sipa>
short topic suggestion: variable naming style
< gmaxwell>
sha256 hashes for all variables!
< jonasschnelli>
I just think we should have a (the same) concept in the backhead to avoid extra loops
< jonasschnelli>
lol
< morcos>
if this is better offline, fine, but sipa, how would we remove rescan?
< kanzure>
no abbreviated variable names plzkthx. actually i would take sha256 hashes over abbreviations.
< sipa>
morcos: let's discuss after the meeting
< wumpus>
gmaxwell: I was about to suggest xxd on /dev/urandom, but that works for me too :p
< morcos>
k
< wumpus>
#topic variable naming style
< * cfields>
would kill for m_ == member
< luke-jr>
pls don't kill
< sipa>
i've recently seen several people write patches with variable names that look like they're hungarian, but aren't
< sipa>
i don't care personally for that particular style, but i like consistency
< wumpus>
the hungerian onvention should die
< sipa>
but what to replace it with?
< luke-jr>
I particularly dislike hungarian-looking names that don't have the hungarian meaning :p
< gmaxwell>
Greek characters.
< sipa>
i guess the first question is, do we want any convention specified (in developer-notes) at all, and enforce it in new code?
< wumpus>
luke-jr: exactly - and that's what happens, because we have abandoned the style a long time ago and don't describe it in the style doc
< cfields>
any convention that ties a variable to a type is broken imo
< luke-jr>
Unicode var names?
< wumpus>
cfields: RIGHT
< jtimon>
is this about gArgs ?
< luke-jr>
no
< wumpus>
people mimic the style but don't know what it means
< wumpus>
they should stop mimicing the style too
< sipa>
wumpus: the only way that's going to happen is by prescribing a style to use in new code
< cfields>
wumpus: well, it's been common practice to mimic the code around your changes
< gmaxwell>
cfields: yes but mimiking the style of hungarin notation and getting it wrong misses the point of it. :P
< sipa>
i've come to dislike the "mimick the code around you" suggestion - it does not lead to consistency
< wumpus>
gmaxwell: haha exactly... something with cargo cults
< luke-jr>
sipa: okay, let's switch to tabs instead of spaces then
< luke-jr>
:P
< gmaxwell>
I'm not aware of any evidence supporting any of these highly structured variable name recommendations as actually providing benefits.
< jtimon>
sipa: right, people do it naturally, but I don't think it should be a convention
< wumpus>
gmaxwell: +1
< paveljanik>
nah, these TAB/spaces wars: delete all indentation and let editor choose the right indentation! ;-)
< cfields>
gmaxwell: m_foo and g_foo are extremely helpful imo
< cfields>
but not much else
< luke-jr>
paveljanik: that's what tabs do
< gmaxwell>
(esp since pretty much no one is sadistic to encode the full type into the name.)
< paveljanik>
nono, tabsonly compress. No TABs/spaces...
< wumpus>
sure, including the scope might be reasonably useful, unlike encoding the type
< luke-jr>
maybe we should use C++ mangled names
< wumpus>
but I'm not looking forward to sweeping code style changes
< sipa>
sigh, nobody is talking about encouraging structured variable name recommendations
< wumpus>
before you know it there are 10 PRs open for renaming variables (again, after the shadow fiasco)
< jtimon>
gmaxwell: I've seen some sadistic java code that was close
< luke-jr>
I like the "style changes only affect new code" policy
< sipa>
luke-jr: me too
< cfields>
sipa: maybe suggest the kind of style policy you have in mind? you mean simple things like camelCase vs under_score?
< sipa>
and even exclude purely moved code
< wumpus>
yes - feel free to write up a style recommendation for new code
< kanzure>
would be nice to have style preference mentioned in docs
< sipa>
cfields: either of those is fine
< sipa>
cfields: but one, not both
< wumpus>
and consistency is good, but please don't be a jerk about it, especially not to new contributors
< jtimon>
ack only one not both
< jcorgan>
my experience is that code is read far more often than it is written, and especially so if it serves as documentation
< sipa>
if i had to choose, i'd say under_score - that's what STL uses
< jcorgan>
when code has disjoint styles, people reading it might wonder if it is different for a reason, or just an accident
< jtimon>
or maybe camelCaseForVariables, UNDER_SCORE_FOR_CONSTANTS
< sipa>
and i'm also fine m_X and g_X if that considered useful
< morcos>
My only real contribution to this discussion is whatever we decide on should be clearly spelled out in developer documentation, so we can just point to it over and over gain. Otherwise we'll come away with an agreement that means somethign different to each party.
< jtimon>
since I believe that's closer to what we have
< wumpus>
morcos: yes yes yes
< gmaxwell>
I'm not a fan of the camelcase, because then you get things wrong based just on the case. seems weird.
< jcorgan>
morcos: now when did that happen recently?
< luke-jr>
camel case isn't bad, but it creates the hungarian confuson
< gmaxwell>
luke-jr: that too
< sipa>
camelcase also is easily confused with hungarian
< sipa>
what luke-jr said
< wumpus>
morcos: most important to get it into a document in the repository, as to make clear reviewrs aren't forcing their personal style preferences
< jtimon>
super ack to morcos suggestion, if it's not documented, it is simply not a convention
< cfields>
morcos: ok, so camelCase today, and hard-fork in a month?
< cfields>
:p
< jcorgan>
my heuristic is, if you can't tell that a body of code was written my multiple authors over time, that's a win
< luke-jr>
let's simply agree for variable names on bit 4. the rest can be subjective.
< sipa>
so, if i would create a PR that added to the dev documentation "For new code, the following style for variables is encouraged: local_variable for local variables, m_variable for members, g_variable for globals"
< luke-jr>
local_* seems annoying
< sipa>
luke-jr: oops, i didn't mean that as a prefix
< luke-jr>
k
< gmaxwell>
I still don't know when to ask someone touching code to fix things per documented style or not. E.g. 10441 cfields introduces both new braced and unbraced iffs in a function that contains both.
< sipa>
variable, a_variable, j, var, bla, foo, ... all good
< morcos>
gmaxwell: he should fix that
< gmaxwell>
okay. I'll nitpick then.
< wumpus>
gmaxwell: if it's cfields you should certainly make him aware of it, he's supposed to know better :)
< cfields>
heh, yes. I think that was a mix of matching nearby code and copy/paste
< * wumpus>
ducks
< jtimon>
I think moving away from camel case it's the most disruptive option for local variables
< jtimon>
but no strong opinion
< cfields>
i'd certainly never make that mistake again if we added "don't attempt to match nearby code" to the style doc
< sipa>
it's already often used for loop variables etc
< luke-jr>
variables were never camel-case..?
< jtimon>
just saying that it would be nicer if the style was as close as possible to what we have now
< cfields>
without that, i'd never add another unbraced if :)
< wumpus>
abandoning the camels for the snakes
< sipa>
luke-jr: sure some where, CBlockIndex* pindexBlock = ...
< luke-jr>
sipa: that's just hungarian
< sipa>
luke-jr: hungarian is just a more constrained camelcase
< luke-jr>
camelcase is where you use it as a word separater..
< sipa>
cfields: ack on adding "Do not attempt to match nearby code, unless you're creating a move-only commit"
< morcos>
sipa: +!
< morcos>
1
< jtimon>
luke-jr: well if camel case it's less common than underscore for variables then my argument goes away
< jtimon>
I really don't know for sure, was just guessing
< sipa>
luke-jr: and hungarian is using case as word separator, plus the requirement that the first word is the type :)
< morcos>
i'll defer to group, but i prefer camel to underscores, but do like at least identifying global variables with g_ or :: or something
< luke-jr>
gCamel/mCamel wouldn't be terrible
< gmaxwell>
I would ACK doing something consistent for globals.
< sipa>
anyway, any comments on those suggestions? encouraging lowercase + underscore for local variables, and m_ for members, g_ for globals, and a mention to not mimick surrounding code?
< wumpus>
I prefer snakecase like sipa
< gmaxwell>
One thing I don't like about C++ is that when there is a variable that isn't local I dunno if its coming from the class or if it's a global... without going and digging in other files.
< cfields>
gmaxwell: hence m_ :)
< gmaxwell>
so if naming helps disambiguate that I would not be unhappy.
< wumpus>
for variable names, for method names we should obviously keep sticking to camelcase
< morcos>
are we ok with combining small words without the udnerscore like feerate or blocksize or something?
< sipa>
wumpus: agree, and class names as well
< wumpus>
sipa: yes
< sdaftuar>
bit_coin right?
< sipa>
morcos: ack from me
< wumpus>
sdaftuar: it's better than BitCoin
< sipa>
one lowercase word is totally fine for local variables
< wumpus>
yes
< cfields>
sipa: ack all of the above
< luke-jr>
I prefer camelcase, except for the annoying conflict w/ hungarian
< luke-jr>
I don't care strongly tho
< sipa>
oh, what to do with the cs_* variables we have now?
< sipa>
do we want an exception for that?
< morcos>
oh ok, so we're keeping camel for class and method names and snake for variables.. ok someone write it up
< gmaxwell>
I would be fine with an exception for cs_.
< wumpus>
cs_ for locks? it's fine with me
< sipa>
so... g_blockindex g_cs_blockindex?
< wumpus>
though I still thing the scope is more useful
< morcos>
but no exception for pblockindex ?
< sipa>
that's hungarian - dia
< sipa>
die
< sipa>
;)
< wumpus>
pblockindex could just be block_index
< sipa>
indeed
< wumpus>
though we aren't actrually going to rename variables en-messe
< cfields>
[11:17:50] -*- cfields would kill for m_ == member
< cfields>
[11:18:13] <luke-jr> pls don't kill
< sipa>
wumpus: indeed
< gmaxwell>
cfields: thou shall not kill
< sipa>
i'll write up a PR, and we discuss there further?
< gmaxwell>
is all I think luke was saying.
< luke-jr>
yes
< morcos>
sounds good
< sipa>
ok, topic closed
< gmaxwell>
sipa to do all the work, agreed.
< wumpus>
I don't want to see any more variable renaming PRs, the Wshadow war made me so tired of that
< wumpus>
other topics?
< luke-jr>
BIP148
< morcos>
next topic
< wumpus>
I have nothing to say about that, at least
< wumpus>
but i f you insist
< wumpus>
#topic BIP148
< jonasschnelli>
I guess we have already enough comments on the PRs..
< sipa>
my opinion is that it would go against our principles to merge BIP148 into core
< luke-jr>
sipa: how so?
< BlueMatt>
sipa: +100
< sipa>
i've given my opinion more than enough on existing PRs
< sipa>
i strongly disagree with the "less safe" argument
< wumpus>
right, I think everyone already had their say on this
< sipa>
and we shouldn't encourage forks in the network
< sipa>
nor is it out place to push for consensus changes
< luke-jr>
so we should put users at risk by refusing to enforce the new rule?
< wumpus>
let's merge BIP149 instead
< luke-jr>
sipa: refusing to merge is what encourages the fork in this case
< sipa>
luke-jr: i strongly disagree that it puts users more at risk
< gmaxwell>
wumpus: I brought up 149's timeout on the list, but its author hasn't replied, I think it is needlessly long.
< luke-jr>
not only does not-merging it encourage a chain split, it also puts users on the side vulnerable to reorg wipeout
< luke-jr>
gmaxwell: I think it's too early
< morcos>
I'd be in favor of 149, but I think we should start by being a bit more public about the idea and building consensus for it before actually merging
< BlueMatt>
gmaxwell: ack, your proposal of 6 months seemed reasonable to me
< morcos>
And eys I agree we could tweak it a bit
< BlueMatt>
morcos: +1
< wumpus>
gmaxwell: yes we need to agree on the timeout at lesat
< sipa>
luke-jr: the only condition under which it helps users avoid a huge reorg is one under which those who didn't upgrade already experienced a (temporary, but long) fork
< jtimon>
as said on the mailing list I think bip148 is rushed and that makes it risky, bip8 on the other hand...(although I'm writing suggestions for changing bip8)
< luke-jr>
sipa: this seems tautological?
< jtimon>
we can merge bip8 without merging bip149 yet, although the sooner it is released the more secure it will be
< sipa>
luke-jr: then how is merging it less risky?
< sipa>
luke-jr: it only helps in case a fork already happened!
< sipa>
while at the same time encouraging said fork
< gmaxwell>
luke-jr: I haven't seen the kind of support required to justify your position on that; afaict so far no exchange or payment processor of note has said they would stick with 148. I think you'd have an argument if there was any of that, but right now I think it's hard to distinguish a subsanstive level of support. (And I've seen some clearly malicious parties pumping support for it too.)
< luke-jr>
sipa: if a fork happens, it puts them on the side that isn't vulnerable to a reorg, and it helps avoid the fork in the first place
< sipa>
not encouraging it seems far safer than slightly reducing the risk in case it does
< sipa>
luke-jr: under the assumption a hashrate majority adopts it
< sipa>
luke-jr: which i think is crazy
< gmaxwell>
My discussions on reddit with people promoting BIP148 seemed to be because they earniestly believed it was the only choice.
< luke-jr>
sipa: BIP148 only needs about 25% hashrate to be successful
< morcos>
At the end of the day I think most of us have no interest in greatly increasing the risk of a devastating currency split. I think 148 does that.. But 149 has a decent chance of not doing that if there have been no other consensus rule changes in the interim. But will require consensus building.
< gmaxwell>
E.g. someone managed to convince them that the project would never adopt something like BIP149.
< sipa>
morcos: +1
< sipa>
it will require consensus building
< sipa>
not discussions here
< BlueMatt>
yup
< jtimon>
gmaxwell: ack on making the period shorter
< gmaxwell>
which seemed really weird to me, because I thought it was pretty obvious that a 149-like thing would be done.
< petertodd>
gmaxwell: it's only obvious if people say that
< morcos>
And to be clear, I think we'd all like to activate segwit via UASF before we could do so with BIP149 (and it would be feasible I think to build support in a shorter time frame), but we just don't have the technical bandwidth to code that up safely in time.
< wumpus>
I think that wasn't obvioius, no
< luke-jr>
if businesses get to decide protocol changes, then I guess bit 4 SW it is
< gmaxwell>
luke-jr: there is a big difference between saying 'businesses get to decide' and saying that the fact that virtually no industry participant is resolute with 148 is a strong sign the support isn't significant enough. If 148 and six months or a year on its clock that would be another matter.
< sipa>
gmaxwell: i don't think it's obvious that BIP149 will happen at all
< morcos>
luke-jr: no one even knows what bit 4 SW is? we might like it, what if its compatible with BIP141 segwit... lets not make decisions based on a single line in a medium post.
< luke-jr>
in the meantime, a sizable portion of the community will be enforcing BIP148, and with success eventually replacing the non-compliant chain
< luke-jr>
gmaxwell: it's only virtually none if you exclude the ones who have supported it
< jonasschnelli>
luke-jr: that's speculation
< petertodd>
luke-jr: while technically the result of bip148 may be a reorg, in practice if there is a non-trivial split the result will be two currencies, as someone will launch a currency based on a checkpoint
< jonasschnelli>
You can't measure "community"
< gmaxwell>
luke-jr: maybe I'm just not aware then.
< sipa>
luke-jr: i hope you're right, but my expectation is that every economically relevant full node will revert away from bip148 code hours after the hashrate fails to adopts it
< morcos>
luke-jr: I would hope that BIP148 and BIP149 supporters are able to agree at least that they should all support the same thing.
< luke-jr>
sipa: Bitfury has already agreed to enforce BIP148 if the bit-4 thing doesn't activate Segwit by August
< petertodd>
sipa: depends on how much hash rate... lots of incentive for exchanges to support it and let the two coins trade against each other
< jonasschnelli>
sipa: I guess they have also agree (among others) to run Classic
< jonasschnelli>
(meant luke-jr)
< sipa>
luke-jr: well, i hope you're right
< sipa>
but i'm very skeptical about that
< sipa>
topic suggestion: high-priority PRs?
< luke-jr>
if we're divided in opinion on this, we should at *least* give users the choice, even if they want to stick to Core releases
< gmaxwell>
If 148 managed to get the kind of support needed to result in avoiding a chain split, I'm fine with that. But I think it's a very poor and needlessly risky approach.
< sipa>
luke-jr: users already have a choice to not run Core
< morcos>
luke-jr: you already have a release process, release Knots with the option.
< luke-jr>
sipa: many don't want to choose that
< jonasschnelli>
maybe for a reason?
< sipa>
luke-jr: for good reasons, because we don't do reckless things
< gmaxwell>
luke-jr: then perhaps because the realize that we've usually had good judgement...
< kanzure>
what was the default in the bip148 paramflag pull request?
< petertodd>
kanzure: false
< jcorgan>
off
< luke-jr>
gmaxwell: and in this case, we disagree on that judgement.
< petertodd>
kanzure: I wouldn't have concept acked it otherwise...
< BlueMatt>
alright, next topic
< jtimon>
alright, sent suggestions to change bip8 to the mailing list...
< sdfkjs23>
deciding what choices users do or do not get seems overly political to me, if core developers want to make a political statement that's fine, but pretending to be neutral and not allowing an optional switch for bip148 seems disingenuous
< kanzure>
with context of "default off" some of the above comments make less sense
< cfields>
oh, quick topic suggestion: 0.14.2
< jonasschnelli>
sdfkjs23? You can offer it yourself by forking and deploying or patching?
< gmaxwell>
jtimon: I don't think we should change BIP8 generally: the reason we can do a shorter termination with SW is because we've already done one deployment-- so we know what the uptake looks like and how fast it went the first time.
< petertodd>
sdfkjs23: there's a multiple of optional switches that we could add to be neutral - we're not going to add them all, thus we have to make some kind of (hopefully conservative) political statement
< cfields>
(sorry, forgot all about it. we can pick it up after the meeting)
< luke-jr>
jonasschnelli: too many people (and especially companies) refuse to run anything unless Core releases it
< luke-jr>
jonasschnelli: it sucks, but it's reality
< gmaxwell>
sdfkjs23: Offering users settings we believe will harm third parties and the user is not 'neutral'.
< kanzure>
luke-jr: they want default-off merged and that's what will get them interested in bip148?
< wumpus>
#topic 0.14.2
< jtimon>
gmaxwell: the changes are just for providing warnngs in unkown deployments, like bip9 did
< jonasschnelli>
luke-jr: But core is consensus among devs for a reason. And I guess we mostly (never?) merged controversial consensus changes
< gmaxwell>
sdfkjs23: if users want 'neutral' they have a copy of GCC, they can write their own node.
< petertodd>
gmaxwell: +1
< wumpus>
let's do a 0.14.2 soon, even if just for the UPNP CVE
< gmaxwell>
(want neutral in that sense)
< luke-jr>
gmaxwell: we don't all believe that in this case. some of us admit that it's riskier to NOT enforce BIP148
< wumpus>
(of course we want to include some other fixes as well)
< gmaxwell>
sdfkjs23: sofware worth running is always opinionated in many ways, even if you don't realize it.
< luke-jr>
jonasschnelli: it's controversial to fail to enforce the softfork now
< gmaxwell>
wumpus: ack on 0.14.2 I think there are a couple other fairly modest fixes that could be backported.
< cfields>
I'd like to suggest a quick 0.14.2 for the upnp and recent peer visibility fix from marcos, along with whatever else has piled up in the meantime
< cfields>
heh, far too slow
< sipa>
sounds good to me
< jonasschnelli>
ack 0.14.2 ... there is also an important GUI fix
< sdfkjs23>
if that's what the main core developers want to say sure, but it's pretty clear that core is then the implementation as defined by this small group here, it is their vision and not open really to general community.
< morcos>
yes i think we could use more public notice on the peer visibility fix
< wumpus>
ok, please mark anything that should be backported to 0,14,2 as such
< wumpus>
(or ask us to do it)
< * jonasschnelli>
looking...
< cfields>
thanks, will do
< morcos>
even people who have connections, but are behind NAT are going to want to upgrade b/c eventually they wont' have connections (maybe.. i can't remember now)
< sdaftuar>
incoming connections*
< morcos>
yes sorry
< gmaxwell>
morcos: yes, so for backport the visiblity fix, cfields open PR with the connection stuff..
< cfields>
jonasschnelli: ah, good one if it backports cleanly
< wumpus>
jonasschnelli: that one is correctly marked, will port those in one go at some point (at lesat the ones that cleanly apply or need only small changes)
< sipa>
sdfkjs23: it's open source, anyone can repackage the software in any way they like, and i encourage everyone to do so (as long as they don't misrepresent the choices made)... but Bitcoin Core as a project has established some practices, and those include not accepting consensus rule changes without broad support and weighing the risks - it seems most people in this room now believe that bar isn't
< luke-jr>
sdfkjs23: in this case, it seems it's a minority of pessimistic devs holding back a softfork that the community largely wants and most of the devs are okay with merging, putting users who trust us collectively at a risk they shouldn't be :<
< kanzure>
sdfkjs23: open-source does not mean the project must "merge anything", it means you can compile whatever patches you want.
< sipa>
met for BIP148
< wumpus>
it's time
< wumpus>
#endmeeting
< lightningbot>
Meeting ended Thu May 25 20:00:21 2017 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)
< jonasschnelli>
sdfkjs23: with your argument we could not reject optional hard-fork proposals? Right?
< gmaxwell>
luke-jr: I think you're pusing the same kind of irresponsiblity as classic did, just this time it happens to be in favor of changes I want. But I still reject it just the same, the purpose of the system is to come to consensus. Intentionally splitting it is in no ones interest except that of opponents to bitcoin. If you had an order of magnitude more support than I've seen (and perhaps I've mi
< gmaxwell>
ssed some of it) OR months more to gain it-- I'd have a different view.
< jtimon>
luke-jr: sdfkjs23 not merging bip148 is not taking a position against segwit or uasf, it's just being conservative
< luke-jr>
gmaxwell: the split is LESS likely by merging BIP148; it isn't a hardfork
< luke-jr>
jtimon: it's not conservative when it increases the risk
< sipa>
luke-jr: i think you're insane
< sdfkjs23>
i've been following development for some time, i was under the false impression that core was intended to be the 'reference' client, just a generalized client that is neutral towards any consensus changes
< jtimon>
luke-jr: but we don't accept your premise
< BlueMatt>
luke-jr: wut
< sipa>
a split is less likely by merging a consensus change a few months agead of time?
< paveljanik>
luke-jr, in reality, it can even be much worse. People could signal UASF but not enforce it.
< kanzure>
gmaxwell: i think luke-jr is arguing that there is support for bip148 if default-off bip148 is merged. but only on condition of that sort of endorsement from core. seems like a chicken-egg scenario, so perhaps caution is warranted.
< luke-jr>
great, now we get ad hominems as argument
< gmaxwell>
luke-jr: I don't think it's that precise to say that it isn't a hardfork. In the sense that there is a nearly guarenteed hardfork (a miner violating it) which will happen.
< sipa>
luke-jr: apologies for the ad hominem... but i believe your argument it nonsense
< gmaxwell>
luke-jr: with softforks we have historically staged things to minimize the risk of block orphaning, so no hardforked blocks.
< luke-jr>
paveljanik: the signal is irrelevant
< gmaxwell>
kanzure: I haven't seen that.
< kanzure>
haven't seen evidence of community requiring endorsement from core by merging?
< BlueMatt>
luke-jr: if it were true that a vast, vast majority of users, businesses, and miners were not only supporting 148 but actually honestly committing to running it irrespective of what their peers do, maybe, but that is blatanly obviously not the case
< paveljanik>
luke-jr, yes. I also do not think where people get "large support" in the community for BIP148 etc.
< jtimon>
gmaxwell: I disagree, I see it as a controversial softfork
< sipa>
sdfkjs23: bitcoin core implements bitcoin's consensus rules... we need to make a judgement about what those rules are, as they can change and are not under our control
< luke-jr>
BlueMatt: it seems to be the case, perhaps minus businesses
< gmaxwell>
sdfkjs23: nonsense. we are not netural. E.g. We support Bitcoin and are not ambivilant towards things that would damage it. Would you suggest the project also merge a switch that if set allows mtgox to make 600k bitcoin out of thin air to replace the losses, 'neutral' right?
< luke-jr>
BlueMatt: maybe it's not obviously the case, but it certainly isn't obviously NOT the case
< morcos>
luke-jr: even you think only 10% of nodes are running bip148 right?
< gmaxwell>
jtimon: you have a lot of weird opinions.
< BlueMatt>
luke-jr: would you like me to buy you a plane ticket so you can talk to people?
< luke-jr>
jtimon: Segwit itself is a controversial softfork; that's only a barrier for hardforks
< BlueMatt>
I'd be happy to
< BlueMatt>
you spend too much time on reddit and not talking to real people, I think
< kanzure>
BlueMatt: you can also talk with people over the internet. travel is not required.
< sdfkjs23>
gmaxwell, you have a bad habit of using outrageous counter examples, they aren't analogous, please stick to the actual issues at hand
< luke-jr>
morcos: so far, and that's in a short timeframe since binaries were released
< luke-jr>
BlueMatt: go talk to CodeShark, who reports a lot of support in NYC
< gmaxwell>
sdfkjs23: welcome to /ignore -- don't enter my channels and then lecture me on how I should debate.
< kanzure>
sdfkjs23: it's only outrageus for your position from your argument-- that was the point.
< jtimon>
gmaxwell: fair enough, but I think they aren't so weird, they are actually quite simple: what causes chain splits (apart from mistakes) are controversial rule changes, not whether they are hf or sf
< BlueMatt>
luke-jr: I live in NY, and strongly beg to differ
< sdfkjs23>
i'm being civil, and this isn't *your* channel this channel is for core development discussion
< sipa>
sdfkjs23: and we've now far strayed from that topic, imho
< sipa>
none of this discussion belongs here
< jcorgan>
gentlemen, please
< petertodd>
sipa: quite correct
< morcos>
luke-jr: I think a lot of people support the concept of a UASF, but I actually made it a point to ask people wearing UASF hats what that meant to them.. And many actively preferred BIP149 or something else to BIP148
< luke-jr>
jtimon: what causes chain splits are negligent or malicious miners who fail to enforce the rules
< sipa>
if it's clear that BIP148 is accepted by the ecosystem, then obviously it will be implemented
< sipa>
usually we don't discuss consensus changes here at all
< petertodd>
morcos: indeed, I prefer bip149
< luke-jr>
morcos: preference isn't the question, though. BIP148 is happening, so the question is how many will support and go along with it
< petertodd>
luke-jr: we have to design systems that are robust to negligent and malicious miners
< sdfkjs23>
bip148 was brought up as the topic -- it appears the current argument against it (it is hard to follow because this changes very rapidly) is that there isn't enough 'community' support even though no one can argee on how to even measure it
< luke-jr>
petertodd: and BIP148 does, so long as people enforce it
< jtimon>
luke-jr: let's say halfthe users want to increase the monetary limit to 22 M but the other half doesn't: both chains will be mined and used
< luke-jr>
jtimon: that's not a softfork
< sipa>
sdfkjs23: a consensus change merged a few months before it happens is madness
< sipa>
we hardly have time to create a release in that time
< luke-jr>
sipa: yet you want to delay the merge longer?
< jonasschnelli>
sdfkjs23: this channel is specific for bitcoin-core (the client) development. General bitcoin protocol and consensus discussion shall happen in #bitcoin-dev
< jtimon>
that is a controversial hardfork, let me think of a controversial softfork example
< sipa>
luke-jr: my expectation is that bip148 will not have any effect, but i hope i'm wrong
< sdfkjs23>
a switch which woudl easily allow the community to opt in is now being rejected by 3 or 4 core developers because they find it dangerous
< luke-jr>
jtimon: in this case, it's not controversial anyway
< jtimon>
let's say half the users want to some aml softfork feature
< sipa>
sdfkjs23: then don't run Core; i beg you
< luke-jr>
at least not more controversial than Segwit itself
< sipa>
the maintainers of this software shouldn't determine what the network's consensus rules are
< jtimon>
luke-jr: to me it is controversial on grounds of the deployment plan alone
< jtimon>
like bip109 was
< jtimon>
I mean, that was controversial for other reasons too, but I think you get my point
< luke-jr>
I don't.
< Lauda>
which is why Core should add opt-in consensus proposals, not opt-out
< morcos>
luke-jr: sdfkjs23: Lets be clear, the resistance here isn't against UASF, or even a UASF for segwit. It's against the particular activation methodology and schedule for BIP148. It would behoove us all to try to build support from current BIP148 activists for 149 or another more cautious path
< jonasschnelli>
morcos: +1
< jtimon>
+1
< kanzure>
luke-jr: have you considered something like bip148 except with best chain tip selection weighted by segwit-signalling? instead of blanket rjeection of all blocks, you'd get competing long reorgs, which is arguably better than rejecting all blocks.
< kanzure>
wait, no, not better.
< luke-jr>
What "activation methodology" besides UASF are you referring to?
< kanzure>
it's better so long as your confirmation threshold is longer than the reorg length :P
< jcorgan>
this is #bitcoin-dev or even #bitcoin territory, can we please get back to business
< morcos>
luke-jr: you could help, if you wanted to avoid a split, by making the argument that at this point BIP148 doesn't HAVE to happen. Since you are such an advocate for 148, maybe others would take some advice from you if you felt another path safer
< luke-jr>
kanzure: I couldn't change BIP148 if I tried.
< jonasschnelli>
What jcorgan said...
< kanzure>
luke-jr: i said "something like bip148"
< luke-jr>
morcos: the ONLY way to avoid the split is to make sure BIP148 succeeds. It WILL happen. Nobody can change that.
< morcos>
ok. yeah i'm done discussing in this channel. agreed.
< jtimon>
if I proposed something like bip148 but actiavting next week instead of august, would you ack that if some users support it?
< luke-jr>
and BIP149 is NOT safer anyway.
< jtimon>
of course it is, but yeah, let's go #bitcoin or something
< luke-jr>
jtimon: it's not "some users", it's a LOT of users, perhaps even a majority already
< petertodd>
luke-jr: chances are the majority of bitcoin users aren't on any social media at all you know...
< jtimon>
well, if "a LOT of users" supported my like-bip148-but-next-week proposal
< petertodd>
luke-jr: they may not even speak english
< paveljanik>
luke-jr, from where you get "a lot of"?
< instagibbs>
discussion has been moved to #bitcoin, fwiw...
< paveljanik>
great. I can't follow such intense communication though :-)
< morcos>
sipa: are you interested in briefly describing how we'd do away with rescan?
< sipa>
morcos: requiring birthdays on all imports
< sipa>
and rescanning on demand, rather than explicitly
< morcos>
sipa: i've found that sometimes there is a need to import multiple keys in a short period. forcing that to happen in a single importmulti call is a bit cumbersome
< morcos>
it can be easier to do a batch of all the imports with rescan false, and then later do 1 explicit rescan
< morcos>
anyway, thats just my opinion
< sipa>
morcos: rescanning could also move to a background job
< sipa>
which just restarts if needed
< jtimon>
that sounds simpler
< jtimon>
maybe a rescanning progress bar in the gui, seems very usable, and maybe in the rpc if you ask for imported stuff that needs rescaning and rescan is in progress, throw an error
< morcos>
i don't know about simpler, but yeah a better design
< jtimon>
yeah, I guess I meant simpler to use
< da2ce7>
On a slightly related topic, what contingency planning is there for the case that BIP148 has a non-zero hash-power?
< da2ce7>
That would force all the non-bip148 nodes to checkpoint for continued safe operation.
< da2ce7>
Is there a way to distribute such a checkpoint in a safe manner?
< da2ce7>
Or dose Bitcoin Core not want to merge in such code?
< jtimon>
if bip148 gets the hashrate majority we don't need to do anything
< jtimon>
we will reorg to their chain
< da2ce7>
jtimon, what happens if it has 10%. Then all non-BIP148 nodes are zombie until they checkpoint.
< sipa>
??
< jtimon>
no, no zombie, we go on with the majority chain which is also valid to us
< da2ce7>
This is fine, except the risk is asymmetrical.
< sipa>
da2ce7: i don't understand what risk you're even talking about
< da2ce7>
Because if at any date in the future the BIP148 chain overtakes, the non-BIP148 chain will be wiped out.
< sipa>
yes?
< jtimon>
that's what I said, if it gets the hashrate majority non-bip148 nodes will follow their chain, no problem
< jtimon>
I mean, apart from maybe a big reorg
< da2ce7>
If I disagreed with BIP148, I would checkpoint so my transactions wound't face the wipeout risk. The same if for example if BIP148 as replaced with "evil softfork".
< jtimon>
I will wait and see with my node
< sdfkjs23>
a large reorg will cause issues for everyone not paying attention -- or anyone who goes along with cores deployment at this time. essentially core development team is handling the risk for the end client instead of allowing the client to manage the risk with a optional switch.
< da2ce7>
If Bitcoin XT was a soft-fork, I would checkpoint so that my node would NEVER reorg onto their chain, even if they gain a majority hashrate.
< sipa>
you can use invalidateblock
< sipa>
to force your node onto another chain
< jtimon>
oh, I didn't know that option
< da2ce7>
My personal view is that the risks involved in BIP148 (a partial fix) are less than the risks covert CVE-2017-9230 continuing for a minimum of another 6mth. So I have decided to run BIP148 on my nodes.
< da2ce7>
However it is always a trade-off of risks between mitigating a security vulnerability and the risks of the deployment of the security mitigation.
< sdfkjs23>
core should probably note in the release notes that running their software after august 1st could result in a large reorg
< da2ce7>
It is my view that the miners who don't use covert asicboost have a very strong incentive to support the swiftest deployment of any mitigation of CVE-2017-9230, including BIP148. Hence, I expect the mining power for BIP148 to be similar to the mining power that signals for SegWit now.
< da2ce7>
At this hash-rate the changes of BIP148 failing are very small.
< da2ce7>
*chances.
< da2ce7>
I'm assuming that the miners who support SegWit are don't just support it out of the "good of their heart" but because it partly-mitigates a unfair competitive advantage against them.
< jtimon>
I don't know much about the p2p part, but I really don't get it
< da2ce7>
I have been taken back by the core developers from the lack-of-response to my posts on AsicBoost, now CVE-2017-9230. I would have expected that there would be some sort of announcement about the risks and possible mitigation of an accepted Security Vulnerability. - I have not received any negative feedback; In my mailing list post I received three positive responses. - Yet, here I'm met with silence.
< jtimon>
oh, I didn't read this part in the bip: "This deployment is incompatible with the BIP9-segwit deployment and should not be run concurrently with it.", but I really don't understand why, please, help undesrtanding very welcomed
< sipa>
da2ce7: i don't know what you think we can do?
< da2ce7>
Well, at least say: "No you are stupid! The risk of another 6 to 9 mth of Covert ASICBOOST are far-less than the risks of being seen to support BIP148".
< jtimon>
I think we could deploy the proposed fix to covert asicboost with bip8 pretty fast, but maybe still not august
< sipa>
that's something the whole ecosystem needs to decide on
< jtimon>
I mean, miners could accelerate it, I mean the max deployment time
< jtimon>
but for segwit there's already an ongoing activation coordination deployed in many nodes
< sipa>
da2ce7: my personal opinion is that bip148 is reckless even if it succeeds...
< sipa>
it being a solution for some forms of asicboost is not nearly a reason to abandon safe practices
< sipa>
but that's my personal opinion, and others may have another
< deego>
newbie q: how can it just succeed. It has to first be committed, right? right now, it's just a B I "proposal", right?
< Chris_Stewart_5>
sipa: Would you support BIP148 that *only* solves covert ASICBOOST? No segwit stuff involved
< sipa>
Chris_Stewart_5: my problem with bip148 is its deployment, not its rule changes
< jtimon>
right, if that's the urgency let's do just that faster without taking unnecessary risks
< sipa>
it being about asicboost or segwit is orthogonal
< sipa>
deego: it's open source; bitcoin core is a software project, we don't decide or try to tell people what code they should run
< Chris_Stewart_5>
gotcha. I'm interested in solving covert asicboost first because I doubt we are going to get support from the mining majority to solve that, but I'm fairly confident the economic majority would support it
< jtimon>
I wouldn't be sure how to write the code, but it is said that the pre-segwit fix of covert asicboost is simple to implement
< sipa>
and it's not just a proposal... there is software out there that implements bip148
< Chris_Stewart_5>
if we are going to do some sort of UASF..
< deego>
sipa: i see, thanks
< jtimon>
Chris_Stewart_5: I'm all for adding a bip8 deployment for the covert asicboost fix, and its final activation can be earlier than nov 2017 I think
< Chris_Stewart_5>
jtimon: I like that idea. When is the next release scheduled for core?
< da2ce7>
For me, BIP148 is a reasonable for an emergency soft-fork. Are we fixing an emergency security vulnerability? The more I study CVE-2017-9230, the more I'm inclined to say Yes.
< jtimon>
I mean, I say this because I expect a patch with very little changes, perhaps I'm being too optimistic
< da2ce7>
There is no faster potentially viable rollout of this partial mitigation.
< jtimon>
I believe 14.2 when it's ready, but you could even put it in a 14.3 if this is not ready by the time 14.2 is released
< da2ce7>
With core support it goes to about 100% viable.
< sipa>
da2ce7: i don't understand the need for emergency
< da2ce7>
Bitcoin isn't Bitcoin if there is only one miner. AsicBoost has a exponentially growing advantage for miners who adopt it.
< sipa>
please
< da2ce7>
So it's effect starts off small, but as miners re-invest profit, the effect gets larger.
< jtimon>
I generally disregard claimed needs for emergency, but the simpler it is, the less conservative you need to be with deployment schedules I think
< Chris_Stewart_5>
da2ce7: I think it would be wise to separate the concerns of segwit and covert asicboost
< sipa>
don't use the word exponential where you just mean big
< sipa>
yes, the effect of asicboost may be terrible - or may not exist at all
< sipa>
and i would very much like to fix it
< sipa>
but not with a hasty patch that encourages forking the chain
< jtimon>
Chris_Stewart_5: I agree on separating concerns, I believe that was precisely what gmaxwell's proposal was about
< sipa>
we're better than that
< da2ce7>
I mean, if you have a constant factor advantage in mining, over time that advantage is exponential against your competition that doesn't have this constant factor advantage. - Unless my understanding of the gamer-theory is wrong.
< jtimon>
sipa: let's say (as an example, not an actual proposal) the asicboost fix is included in 14.3 with bip8, minimum activation by miners august, final activation dec 2017, would you say that is conservative enough?
< sipa>
jtimon: with clear community acceptance
< Chris_Stewart_5>
da2ce7: Are you talking about generically using the deployment mechanism specified in BIP148, or BIP148 itself? BIP148 only pertains to segwit IIRC
< sipa>
jtimon: it's not a boolean
< sipa>
jtimon: but the riskier a change is, the higher the bar for acceptance
< da2ce7>
Chris_Stewart_5: SegWit is the only well-tested partial-mitigation of CVE-2017-9230 I know of.
< da2ce7>
So I mean BIP148, activating SegWit.
< sipa>
and i think bip148 is both high risk, and with very unclear support
< Chris_Stewart_5>
sipa: Would worst case be similar to what happened a few years back with BIP66 (or 62)?
< jtimon>
sipa: fair enough, yeah, I'm all for community acceptance, maybe I'm over optimistic about the community wanting the covert asicboost fix
< Chris_Stewart_5>
da2ce7: Yeah, but I think we need to deal with realities of the baggage that comes along with segwit
< jtimon>
but from my conversations with users, it seems pretty clear to everyone that nobody would oppose to such a change unless is benefitting directly from covert asicboost, which nobody seem to claim
< da2ce7>
jtimon, I have no idea how the time to validate the asicboost fix faster than deploying SegWit. The logical soft-fork afterwards with BIP 8 would be to make Witness Commitments non-voluntary.
< Chris_Stewart_5>
I think we all agree segwit is awesome, but we can't stall progress of the system anymore based on the deployment of segwit
< sipa>
i think segwit is much more widely accepted than asicboost being a problem
< jtimon>
da2ce7: I think gmaxwell described it in his proposal, but sadly I don't know how to translate his specification into code
< jtimon>
by it, I mean activate asicboost fix before sw
< Chris_Stewart_5>
I don't think there has been any consensus rule changes since segwit has been deployed, I think fixing covert asicboost would be a good way to get that ball rolling again
< da2ce7>
Since SegWit is not controversial, we can deploy it as a partial mitigation of asicboost.
< jtimon>
Chris_Stewart_5: me too, but yeah, as sipa points out, assuming community support and reasonable dates
< sipa>
da2ce7: totally agree, i just don't think bip148 is a good or likely succesful way of doing that
< da2ce7>
sipa, do you think that my assumption that the miners who signal for SegWit now are likely doing it because they want the partial-fix to AsicBoost Deployed? If so, would they reasonably support a BIP148 soft-fork?
< sipa>
da2ce7: i honestly don't know
< da2ce7>
this we can agree on. :)
< da2ce7>
I'm going to try and refine this assumption with more evidence. With 33% mining support, I think that doing BIP148 is remarkably safe in the face of an active exploit.
< sipa>
33% of mining support, excluding miners who already signal segwit?
< da2ce7>
I mean, 33% total. For upgraded node, the remaining 67% doesn't exist. - The network effects for a 33% soft-fork are huge. Because of the asymmetrical wipeout risk.
< da2ce7>
The only risk is that the 67% explicitly attacks the smaller chain. However this is grounds for an immediate change of PoW.
< Chris_Stewart_5>
da2ce7: I don't think so. An immediate change of PoW for the majority of miners following the old rules? Seems rash to me
< da2ce7>
Chris_Stewart_5, no they are not following the old rules, they implement the soft-fork, except at the same time attack the smaller chain maybe by producing 0tx blocks.
< da2ce7>
This is what I mean by an 'explicit attack'.
< Chris_Stewart_5>
da2ce7: So you would encourage an extended chain split, which could last forever? I don't think I would support that. We need to remain on one chain
< da2ce7>
Chris_Stewart_5 for any other exploit I would encourage a chain split to fix the exploit, In this case is no different. If the miners could make 2btc extra each block, then I would soft-fork with less than 50% to fix this bug.
< da2ce7>
Even if the miners +2btc chain could last for a longer time.