pull down to refresh
541 sats \ 15 replies \ @petertodd 1 Nov 2022 \ on: LND brought down by huge bitcoin transaction again bitcoin
Relevant reading: https://petertodd.org/2016/multiple-implementations-consensus-systems
Reimplementing Bitcoin Core is generally a bad idea.
Reimplementing Bitcoin Core is generally a bad idea.
I disagree strongly. Implementation follows specification, not the other way round. Bitcoiners forgetting their principles about decentralization when it comes to Bitcoin-core is just cognitive dissonance.
These are just child-illnesses. With a few more years of lifetime the Bitcoin ecosystem will be rocksolid.
reply
Implementation follows specification, not the other way round.
In an ideal world where "specification first, then implementation" (assuming software spec can be perfect which is rarely the case), then yes. But that has never been Bitcoin.
Bitcoin Core can have bugs too or have internally inconsistent code, but when it does, you want to follow whatever it does.
It's not ideal but the ship has sailed long ago on that one. There's no going back to the "specification first, then implementation" model. Not on a live, decentralized production network worth hundreds of billions of dollars.
This is true even if certain parts of btcd / libbitcoin / [INSERT YOUR ALT. CLIENT HERE] are somehow "better written" / "more sensible" than in Core.
In a distributed consensus sense, being correct is not the ultimate goal. Being correct relative to everyone else is.
Another reason to stick to Core for consensus is that consensus is so hard (and 10x more critical for a base monetary protocol), even Core must honor its past selves. The backward-compatibility requirements for Bitcoin is the most stringent among all software we humans have ever built to-date, if it is here to stay and to have an impact that we hope for.
In summary, IMHO people are applying old mental models and existing software practices to Bitcoin, but that's a huge mistake.
Bitcoin (as a software project) is an extremely special beast, and is the first and only of its kind. The old rules / practices might not apply.
reply
The Bitcoin Core source code that does consensus is the specification.
Making that spec be written in English rather than C++ won't make Bitcoin more decentralized, as the centralized debate would just be on two levels. You can't fight reality: computer science is yet capable of getting two different code bases to agree 100%
reply
You can't fight reality: computer science is yet capable of getting two different code bases to agree 100%
Have you looked into "TCP" or "HTTPS" or "JSON"? Or how every plattform in the world has a compatible Android and IOS app?
This is nonsense. Just pure cognitive dissonance.
And I'm glad that it doesn't matter anyway because we will have multiple big implementations in 10 years anyway. History goes its way like water downhill.
reply
HTTPS isn't a consensus system. The requirements for HTTPS to work are much less stringent than Bitcoin as you don't need “bug-for-bug” compatibility.
reply
The reason many people insist that Bitcoin should have a single implementation is that Core has been captured (clear to anyone who witnessed the block size wars), and multiple competing node implementations would challenge their current total control over the network. As it stands the only time the network has seen a change of primary developers was when the current core cabal essentially performed a hostile takeover of the core repo, kicking out the original developers through the use of incredibly impressive social engineering and PR. Unfortunately the tactic was successful and now many apparently free-thinking humans believe that only core can lead the project and the possibility of the free market choosing which software to use is blasphemy.
reply
Thinking about the future, that's more worrying than reasssuring
reply
My understanding is that the bugs (both times) were in block deserialization code. People want to write bitcoin-processing applications in a variety of languages, which means we’re going to have parsers in different languages. Having only one implementation of the full node wont change that.
reply
Nope. The bugs are in validation code added on top of deserialization; actual deserialization wouldn't have those issues.
reply
Ah! I didn't realize that. Thank you.
reply
Well written article, Peter!
I saw the Lightning reference in the footnote, but can’t figure out how you feel about the 4 major Lightning implementations. Do you believe we’d be better off with all Lightning development activity going into a single reference implementation?
reply
Lightning isn't a consensus system, so multiple implementations probably do improve overall reliability.
Basically, my LN node can disagree with your LN node on most things without all hell breaking loose. That is not true of mining in a consensus system.
reply
Absolutely. It just helps if you don't accidentally re-implement base layer consensus code in your Lightning node, when you're already using a separate base layer module (bitcoind) doing the same thing (but, correctly).
reply
Exactly!
I asked a CLN dev, and apparently CLN just trusts your block provider to validate and does minimal further parsing. That's exactly how to do it right.
Defense in depth is ok in some circumstances where downtime is acceptable. But Lightning isn't one of those circumstances because if you're down too long your counterparty can defraud you.
reply
I disagree. I believe multiple implementations will strengthen the LONG TERM stability of the consensus system. As bitcoiners, we like low time preference.
I agree that in the short term, re-implementing bitcoin core could be a bad idea. In the long term, however, it is obvious that it is optimal to have multiple implementations.
Imagine that a three letter agency finds a bug in the bitcoin core consensus system and convinces a minority of miners to operate their honeypot mining software. This allows them to crash the network at any time and adversarially erode trust in the consensus process.
Developing multiple implementation is crucial for the anti-fragility of the bitcoin consensus mechanisms. It is much better to find the consensus bugs EARLIER (at $20k) rather than LATER (at $2M). It is difficult to imagine that only bitcoin core c++ will continue to run for 100 years. Think about all the outdated FORTRAN and COBOL software that runs our society.. that is merely 60 years old. Lets be realistic...
reply