Skip to content

Instantly share code, notes, and snippets.

@michaelfolkson
Last active April 14, 2021 10:42
Show Gist options
  • Save michaelfolkson/92899f27f1ab30aa2ebee82314f8fe7f to your computer and use it in GitHub Desktop.
Save michaelfolkson/92899f27f1ab30aa2ebee82314f8fe7f to your computer and use it in GitHub Desktop.
If you have an opinion on ST (Speedy Trial) proposal please ACK/NACK this so we can log the level of support for this proposal
Details of the proposal are here: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-March/018583.html
edit (April 14th 2021)
Jeremy Rubin has asked me to add the following:
"[bitcoin/bips#1104](https://github.com/bitcoin/bips/pull/1104) has been proposed (and implemented via
[bitcoin/bitcoin#21377](https://github.com/bitcoin/bitcoin/pull/21377)) as a concrete interpretation of @harding's original
proposal. Feel free to re-ACK on the BIP PR (and in the core PR if you feel qualified to review) if this plan matches your
expectations, or raise any concerns otherwise."
@rustyrussell
Copy link

Taproot could be activated by a blind monkey, [...] ST avoids the hard questions, since it will almost certainly pass; [...] But one day, a real crisis will return. We won't have an answer, and we won't have practiced: this will make the crisis far worse. Instead, if we codify "devs propose, miners activate, users override" (i.e. a LOT=true option, off by default) we'll know exactly what the process will be when miners fail to activate. It may still be messy, of course, but we'll have all the tools at hand, and we'll even know the date the crisis will come to a head.

I think this argument makes two major errors:

* First, it tries to artificially tie two improvements together; "if you can't solve controversial activations, you shouldn't get taproot". That isn't the way we should do development: just as it was a mistake to try to tie segwit and a hard-fork to double the block size together, other improvements should also stand or fall on their own merits. If we're tying updates together there should be good reasons for why they're better together (eg segwit and the witness discount; and taproot, schnorr and tapscript).

No, this is a disagreement about how all changes should be activated. This is completely germane to the current debate. Remember, segwit wasn't "controversial" until it suddenly was, either. I believe this is not the case here, but then, I believed that last time as well.

* Second, it assumes that you can usefully test a weapon when play fighting -- if taproot can be activated by a blind monkey, then having your bodyguards activate taproot only proves they're as good as a blind monkey, not that they're ready to protect you from a home invasion. In particular, bip8 isn't even as ready as bip148 for a real battle; it lacks even the limited safeguards that were included in that client (and it's also lost the element of surprise, which might've been bip148's biggest advantage).

"BIP 8 isn't ready" is definitely a factor, but while I prefer existing code when there are no other major factors, there are IMHO major factors here.

I think it also probably assumes that the bip8 approach is more ready to go than it is -- there are (IMHO) serious unresolved objections to bip8 in every possible deployment mode (eg, just lot=true: developers are imposing decisions on miners and users; just lot=false: miners can object; lot=true and lot=false: unnecessary chain split risk, risk of downtime for those running lot=true, risk of reorgs/wipeout for those running lot=false). Maybe all those objections -- even the ones from one of the bip8 authors -- are mistaken, but personally I think it's more likely that significant improvements are needed.

"unnecessary chainsplit risk". No, that's exactly the point: if we end up with various significant factions fighting over the rules, there will be a chainsplit. There are no technical workarounds for this. BIP 8 has been revised to minimize the chance of an unnecessary chainsplit, and the entire BIP-8 lot=true mechanism was designed as an explicit mining forcing function.

I remember @pwuille saying explicitly about Segwit activation that users must decide. That has stuck with me, and my preference for a hidden lot=true option reflects this understanding. Without such an option, developers are saying "you can override, but you'll have to replace us." The result in practice that users are reduced to "beg the devs" or "beg the miners". That kinda worked last time but damn it was messy, and such uncertainty does not help the BItcoin ecosystem.

Personally, I can think of about half a dozen soft-forks I would like/expect to see progress on once taproot is squared away (great consensus cleanup, anyprevout, ctv, graftroot, annex-based block commitments, op_cat/covenants), so it's not like there aren't other opportunities to improve activation methodologies coming up.

If this approach is good enough until there's a crisis, then why would anyone approve anything until a crisis comes?

@fresheneesz
Copy link

this is a disagreement about how all changes should be activated

@rustyrussel I hear you saying that you want to decide now on how all future changes should be activated. It sounds like what you're worried about is that if the community doesn't block this release to decide this question, that the community won't actually work towards an agreement on that front until next time we need to release something. Is that right? But what if that wasn't the case? What if the community commits to work towards a better activation mechanism as the next top-priority without blocking this upgrade? Would that be agreeable to you? For example, if there was a credible group of people who will commit to working towards a better solution and building consensus on it well before the next upgrade, would that assuage your worries?

why would anyone approve anything until a crisis comes?

I think many in the bitcoin community look forward to preventing attacks and issues well in advance of when they might actually happen. I get the feeling that a substantial fraction if not a majority do care about getting a consensus on improvements to things like bitcoin's upgrade activation process. Are there specific things that make you think otherwise?

One thing I don't have good context on is: what was the previous activation process we came to a consensus on? Is that process documented somewhere? Like, when evaluating Speedy Trial, what should I be evaluating it as an alternative to?

@Kixunil
Copy link

Kixunil commented Mar 25, 2021

Is this the best place for discussion? The topic was to ACK/NACK (and I think it's OK to give bit of details), maybe it'd be better to move the discussion to another place? I specifically refrained from saying anything beyond ACK/NACK until now to not cause noise.

@michaelfolkson
Copy link
Author

michaelfolkson commented Mar 25, 2021

@Kixunil: Yeah this gist was intended for mass participation of ACKs and NACKs with comments. If you want to do more than log a N(ACK) with comments and have a broader discussion I'd recommend the bitcoin-dev mailing list or the ##taproot-activation Freenode channel. Feel free to start a thread on either of those (linking to a particular comment on this gist if that is a starting point)

@ajtowns
Copy link

ajtowns commented Mar 29, 2021

@michaelfolkson

So ideally you want an activation mechanism where developers aren't imposing decisions, miners can't object, no chain split risk, no risk of downtime, no risk of reorgs/wipeout (and presumably you'd prefer it be in a Core release rather than an alternative client).

Well, yes; wouldn't you? (Well, "miners can't object" is too strong, and bitcoin is probabilistic at best, so "no risk" is also too strong, but assuming those are "minimal risk" and "a small number of miners can't block things" those seem like good goals)

I think https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-March/018723.html meets those goals, in addition to Rusty's "devs propose, miners activate, users override" triumvirate.

You want to keep references to BIP 9 in the codebase so future activations can't say BIP 8 was used for Taproot.

I've spent a lot of time working on bip8, I don't know why you're imagining that I'm fundamentally opposed to it. I'd like an activation method that gets as optimal a balance between the various different goals as possible and I'd thought bip8 with lot=false followed by an update to lot=true later if/when it became necessary was a good mix for that. Doing lot=true from day 0 was not what I was expecting after Luke's updates to bip8, so seeing people wanting to do that has changed my opinion substantially -- it's a very different upgrade scenario if any significant number of users are running lot=true code. And seeing the proposed testnet activation height be already passed when I had a first look at the proposed parameters made me uncomfortable, so when I realised you could make time-based activation compatible with mandatory signalling I changed my opinion there too. In any event, the whole point of a speedy trial is that its over quickly, one way or the other -- if it fails there's no need to keep the code supporting it around after the signalling period ends (and there's sufficient work on top that a reorg is vanishingly unlikey -- even a week is probably enough).

There's a whole bunch of other mind reading ("You want", "You hope", "you don't like") in your comment. Please stop it; it's very annoying even if you weren't getting it so wrong.

@michaelfolkson
Copy link
Author

@ajtowns: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-March/018723.html does not meet those goals and it doesn't meet Rusty's triumvirate. A flag day in Core is Core developers imposing activation via a flag day.

There's a whole bunch of other mind reading ("You want", "You hope", "you don't like") in your comment. Please stop it; it's very annoying even if you weren't getting it so wrong.

I am honestly doing my absolute best to try to understand where you are coming from. While you say things like a flag day meets all those goals (when they clearly don't) you don't leave me much choice other than to speculate on things you are thinking but you aren't saying. It is as annoying for me to feel the need to do this as it is for you to read it.

@JeremyRubin
Copy link

@michaelfolkson you should re-read the link @ajtowns shared; he's not saying a flag day meets Rusty's goal.

@TheBlueMatt
Copy link

A flag day in Core is Core developers imposing activation via a flag day.

I'm not sure where this comes from? "imposing activation" is always a question about social norms, whether something is in Core, not in Core, or a flag. Doubly so for something like Taproot where 95% of users have no reason to care, should not care, and don't care about it - a UASF is just as much some small group "imposing activation" as the fork being in Core, if not more.

The only thing that can ever define Bitcoin's consensus rules is what people refer to as Bitcoin, whether Bitcoin Core is that or not. Based on past experience, it seems like many agree that the market should define that by either futures or active trading across chains. In order for a fork being in Core to "impose activation", we'd have to restrict the market from trading the other side, or redefine norms around what Bitcoin is to be "what is in Core", which would obviously be a terrible idea. If you want to ensure that Core "isn't deciding", about the only way to do that is to ensure that users, the market, and exchanges understand that switching to a release with fork activation parameters is switching Bitcoins, and that they should consider that carefully, everything else is just fluff.

Still, no matter what we think of it (and I think we all think its generally good), if the protocol (for however you define that) goes in a way which the market of Bitcoiners doesn't like, the market will let us know. If there's one conclusion that we can absolutely take away from the Segwit2x/BCH/etc drama, its that the market not only wins, but finds a way to make its voice heard even when the people promoting a fork explicitly wish to ensure that it "just happens".

@michaelfolkson
Copy link
Author

The act of a user running a UASF release rather than a Core release is the "users override" part of Rusty's triumvirate. It is a conscious decision of a normal Core user to say "No I won't run what is in Core. I want what this UASF release does instead."

Even if it is true that 95 percent of users don't care about the Taproot soft fork (I'm not sure that it is) they should care about changes in consensus rules. Their node will likely be imposing them for the rest of Bitcoin's existence.

@TheBlueMatt
Copy link

I'm not sure what your point there, was? Was that in response to something specific I'd said, because it didn't seem like a response.

@1337in
Copy link

1337in commented Mar 31, 2021

@TheBlueMatt

Doubly so for something like Taproot where 95% of users have no reason to care, should not care, and don't care about it

Why should 95% not care about Taproot?
Why do you think they have no reasons to care?
Was there any survey or poll in community to conclude only 5% care about Taproot?
Are you in 95% or 5%?

Copy link

ghost commented Apr 2, 2021

@TheBlueMatt I have left my involvement in Bitcoin but couldn't stop myself in this discussion when someone shared the link even if it affects my life. Your name and website is used in DNS seeds of Bitcoin Core (Total 9), have contributed a lot including Stratum v2 and still active. Why so negative, right now? Why so positive about privacy, tokens etc. on twitter all the time? If you want development on Bitcoin and layer 2 using Bitcoin we need Taproot and it improves lot of things. If you ignore everything, it improves IBD for full nodes mentioned here: https://bitcoin.stackexchange.com/a/103809/103136

Stop misleading people that it helps only 5% or only large multisigs. Thanks.

@TheBlueMatt
Copy link

Why so negative, right now

Hmm, it seems my comment here was misunderstood in the past two comments. I didn't mean to suggest that Taproot isn't something we should land, its great! I've spent a ton of time trying to move the activation discussion forward! My note was more a general philosophy of forks - many, many soft forks (and to a large extent Taproot) are designed such that they don't have an impact directly on a large number of Bitcoin users, adding features that are useful for some, but largely not hurting others. That's great, but it also means that we should be considering this property when we talk about activation methods - if a large number of Bitcoin users aren't going to be directly impacted by a fork (as is the case with Taproot - wallets don't have an incentive to use it quickly, though over time it would be nice if users migrated to it for various reasons), then we should have an activation method which includes those users not needing to be active in the activation process (but allow them to "stop" such an activation if they are being negatively impacted by the fork).

@michaelfolkson
Copy link
Author

I would close this for new comments but you can't on a gist. Can you take any further discussion on activation not directly related to the Speedy Trial proposal to ##taproot-activation Freenode channel or the bitcoin-dev mailing list? I will start to delete new comments that aren't directly related to Speedy Trial from this point onwards (admittedly I have been as guilty at straying off topic as anyone else).

@michaelfolkson
Copy link
Author

I'm going to rescind my ACK for Speedy Trial. The whole point of "Speedy" Trial was that it wouldn't be a long drawn out process with people playing games NACKing use of BIP 8 and NACKing block height (in favor of MTP) because of test networks of all things. BIP 8 and use of block height were discussed in the community meetings pre Speedy Trial and garnered a vast amount of consensus. Test networks (testnet, signet) are there to test the optimal solutions on mainnet. You don't change solutions on mainnet so they better fit testnet, signet. This is blatantly obvious.

Hence Speedy Trial has lost its "Speedy" and in my opinion we are back to where we were before Speedy Trial was proposed. So I'm a NACK on Speedy Trial. I'm also pretty appalled by some of the shenanigans that have been going on to delay what should have been a simple PR review path post Speedy Trial being proposed. If this is in any way a precedent for how people will behave for future soft fork activations this strengthens @rustyrussell's argument for his NACK.

@fresheneesz
Copy link

fresheneesz commented Apr 11, 2021

By my count, there are 83 full ACKs, 3 ACKs with reservations, and (now) 3 NACKs. Sounds like overwhelming support of Speedy Trial.

@michael, I understand this process has been frustrating, and thanks for putting in effort to move things forward. It seems like you are most frustrated with the process by which we're building consensus, rather than Speedy Trial itself. Its a bit confusing to me that this is leading you to NACK Speedy Trial, when it really sounds like you should be NACKing something a bit more meta: the consensus building process.

I might be a bit out of the loop, but there's clearly conesnsus for Speedy Trial, and you're saying there's also consensus for BIP8 and block height. Have we lost a clear consenus on BIP 8vs9 and block height vs MTP? If so, shouldn't the next step be to come to a consensus on those two parameters and then push go rather than scrapping Speedy Trial altogether?

@luke-jr
Copy link

luke-jr commented Apr 11, 2021

Just adding my NACK here for the record.

ST/BIP8 was reasonable as a subset of a proper longer-term BIP8, but even considering digging BIP9 out of its grave is just plain absurd and defeats the purpose of ST (to be a compromise subset between disagreement on LOT within the scope of the consensus around BIP8).

Furthermore, a fundamental premise of ST was that it would start ~immediately and end quickly. But over a month has passed already with only movement backward, second-guessing things we already had consensus on.

IMO, ST is simply dead at this point.

@evoskuil
Copy link

It’s not clear to me why BIP8 or any compromise with it was ever considered seriously. It was clear at the time that the wrong lessons had been learned from segwit. This whole BIP8 fiasco is just the fallout from that. BIP9 would be just fine.

@JeremyRubin
Copy link

@luke-jr can you give a definition for what consensus is? Is there a concrete and consistent definition you are applying that BIP8 LOT=true is satisfying that the current ST MTP start/stop + height of activation minimum is not meeting that can be applied here and in the future?

@stefment
Copy link

There seem to already be a process for activating softforks. BIP9.

The reason i like BIP9 is because its simple and it encourages consensus and gives plenty of time for this to form if it hasnt formed already and people are just waiting to signal.

@michaelfolkson
Copy link
Author

@fresheneesz: I'm not frustrated by the process, I consider myself partly responsible for the process up until this point. So in that sense I can only be frustrated with myself. I don't know why there have been games (NACKs of technical minutiae with very weak rationales, community meetings to discuss technical minutiae, coin flips...) over BIP 8 vs 9 and block height vs mix of block height and MTP for Speedy Trial. I wasn't expecting them when Speedy Trial was proposed. If I had expected them I wouldn't have supported Speedy Trial in the first place. The whole point of Speedy Trial was to avoid gridlock and have a smooth (but rigorous) PR code review and merge path. I am very disappointed it hasn't turned out that way especially given the community support for this proposal.

By my count, there are 83 full ACKs, 3 ACKs with reservations, and (now) 3 NACKs. Sounds like overwhelming support of Speedy Trial.

Agreed, if the Core Speedy Trial PR #21377 can get merged I think we should work around that. If it can't get merged I think an alternative release to Core is our only hope for getting Taproot activated. In that scenario I would support BIP 8(LOT=true).

Regardless, the time for theoretical discussions and new proposals (or rehashing old ones) is over imo. I certainly won't be partaking in them. The initial proposed timetable for Speedy Trial had a startheight of May 1st. We are at April 11st and we don't have a merged PR in Core nor do we have any sense of what the timetable will be or what the finalized parameters are.

@luke-jr can you give a definition for what consensus is?

It’s not clear to me why BIP8 or any compromise with it was ever considered seriously. It was clear at the time that the wrong lessons had been learned from segwit. This whole BIP8 fiasco is just the fallout from that. BIP9 would be just fine.

@JeremyRubin, @evoskuil: Please take discussion of non-Speedy Trial topics to ##taproot-activation on IRC or the bitcoin-dev mailing list. Thanks

@Rspigler
Copy link

I'm going to rescind my ACK for Speedy Trial.

Agreed, if the Core Speedy Trial PR #21377 can get merged I think we should work around that.

Not trying to troll. I understand you are frustrated. But is it a final NACK or ACK?

@michaelfolkson
Copy link
Author

michaelfolkson commented Apr 12, 2021

@Rspigler: I personally won't be issuing any more ACKs or NACKs related to Speedy Trial, here or on Core PRs. I have tried to advance Speedy Trial in good faith (e.g. looking over the PRs and identifying that not only had we agreed on revised BIP 8 in the community meetings but a majority of reviewers had a slight preference for consistent use of block height) especially when I recognized that Speedy Trial had more community consensus than either BIP 8 (LOT=true) or BIP 8 (LOT =false)). Had I known at the time that there would be "NACKs of technical minutiae with very weak rationales, community meetings to discuss technical minutiae, coin flips...) over BIP 8 vs 9 and block height vs mix of block height and MTP for Speedy Trial" I would have NACKed Speedy Trial from the beginning.

I understand why Luke is angry and he should be. As he says Speedy Trial was supported by him (and me) because it had more consensus than either BIP 8 (LOT = true) or BIP 8 (LOT=false). For a small number of contributors (2?) to NACK using block height consistently across Speedy Trial and insist on not using BIP 8 is just bizarre to me in the context of where we were pre Speedy Trial and in the absence of a strong rationale to NACK using block heights consistently (test networks are not a strong rationale imo and nor is UASF marketing).

I am personally reviewing #21377 because I want to be as familiar with it as I can be and there is a very unlikely chance I find a bug etc in the code. But I won't ACK or NACK the PR and I won't issue any further ACKs or NACKs on this gist. I risk damaging my reputation (more than I already have) and making a mockery of the Core review process. In the very unlikely chance I find a bug I will of course raise it immediately.

@michaelfolkson
Copy link
Author

michaelfolkson commented Apr 12, 2021

For additional context see this and this from @maaku. He is staying out of this as he has quantum security reservations leading to him NACK Taproot itself. Regardless he writes better than me on BIP 8/9 and block height/mix of block height and MTP. He is also an author of a BIP on MTP.

@JeremyRubin
Copy link

JeremyRubin commented Apr 13, 2021

bitcoin/bips#1104 has been proposed (and implemented via bitcoin/bitcoin#21377) as a concrete interpretation of @harding's original proposal. Feel free to re-ACK on the BIP PR (and in the core PR if you feel qualified to review) if this plan matches your expectations, or raise any concerns otherwise.

@michaelfolkson perhaps update the top post to point people appropriately

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment