The script is the rules that specify the conditions required to spend the coins.  Taproot makes it so that most of the script doesn't need to be published-- which is often a scalability improvement sometimes a massive one,  just like P2SH made it so that the script didn't need to be published until spending time (and never published, in case you happened to lose the keys ).

Hasn't been since 2012.

This is perhaps ignoring the forest for the trees, those distinguishable lightning txn are relatively uncommon.  2 of 3 multisig and various multisig or timeout keys are about half of all transactions.   Taproot should eventually allow most of those to look just like single key wallets.  It'll also let users improve their security by using multisig without increasing their fees or making their transactions stand out at all.

It's hard to reason about all the benefits because it also makes possible some things that aren't possible today so we don't know how common or how valuable they'd be.  For scripts with a compatible structure taproot increases the maximum script size a factor of 10^43 or so...   If you happened to know a pubkey for every resident of california you could make an output with taproot that could be claimed by any of them.  The signature would just be a few hundred bytes.   Without taproot that would take a 1.3GB transaction.

There are two major possibilities:

Activate a rule without hashpower enforcement which may create a second incompatible forkcoin blockchain with fair probability, causing millions of dollars cumulative cost to the part of the industry that handles third party bitcoins (exchanges, etc) when they may be forced to allow withdraws of the fork (or sued when they don't),  with high probability creates long reorgs  (>6 blocks) that will be visible to a portion of users, potentially allowing double spending theft.  Notably none of these costs are costs to miners (other than indirectly through dropping the Bitcoin price), and an additional fork gives miners the potential for greater profit (because more total coins are issued but difficulty is split).

Or have a system that waits until a super-majority hashpower will enforce the rule, so that a second competing chain cannot persist.  A consequence of this is that miners can delay activation.

Those are the choices.  The details of the parameters can influence the severity of the negative effects-- e.g. longer to upgrade can make fewer users effected by reorgs,  or a shorter activation period can reduce the maximum delay miners can cause,  but that fundamental issue remains.

If you make a non-hashpower enforcement take *years* to activate then ubiquitous enforcement by users might eliminate the forks/reorgs/etc. But in that case you've created *years* of delay instead of months of delay, so the goal of not being delayed fails.  "YOU CANT DELAY US IF WE DELAY OURSELVES!!!"


Checkout the HN taproot thread and the long discussion I had with someone who was *convinced* that taproot was going to create a spinoff chain.  The only reason it almost certainly won't is miner activation.

Now, if miners are legit blocking a deployment against the communities will, then the significant costs and risks of a forced activation may be well worth it.  Or if it's already blocked, making the forced activation happen years out wont be any more delay.  Or if the change is a non-urgent fixup, then delaying it years to begin with may not be a problem.

But if there is no particular reason to think they are going to block something, why the heck would we either add huge activation delays or the risk of splitting the chain (requiring preparatory costs, even if it doesn't happen!) just in case they might?   If they do it can be dealt with then, with the full benefit of information about how the obstruction went, how widely and quickly the users deployed the update, etc.

To give a concrete example, say we learned that 20% hashpower obstructed for no good reason and users upgraded about as fast as they normally do during an initial attempt.  Then it mike make sense to deploy with a 70% activation threshold and a flag day that activates regardless after 3 years,   This way it'll probably activate quickly with minimal disruption but users still have adequate time to upgrade before a disruptive hard cut if the blocking miners grow.   Or maybe we learn that user uptake was extremely fast for this upgrade, in which case cutting the 3 years to 2 might make sense.

So yeah, sure miners being able to delay stuff isn't good.  But you can't just wish it away, it comes with a phenomenal benefit-- one that is a competitive advantage against constantly hardforking scamcoins-- and one that allows us to activate new consensus rules much *faster*.   If we find miners actually blocking something, then the benefit may not be worth it.  Considering that plenty of users don't anticipate using any specific new feature-- so it has no benefit to them-- a potentially disruptive activation means that some otherwise desirable features would be legitimately opposed by users: why should they take cost and risk for some feature that won't benefit them?

Skipping over the miner activation only looks attractive if you ignore the costs of not using it-- Significant risk of spiting and/or destabilizing the network, years of additional delays, or both.

If you don't like delays you should prefer hashpower triggered activation, except when hashpower wont activate something quickly.  If delay isn't an issue, simply having a flag height set a few years out is probably best.

The right way to think about this is that a consensus rule upgrade naturally takes 2-5 years to do so with low risks.  Using hashpower signaling we can safely bring that down to months, but hashpower might not bother to (or active choose not to) cooperate and then we're stuck with riskier or slower approaches.

Besides,  I proposed taproot in January 2018, assuming it activates at the earliest opportunity via hashpower it'll be almost four years since I proposed it.  These folks that are now so worried about the risk of a few months of delay by miners...  Where were you all these years?   Or is delay only something you care about to the extent of angrily retweeting some hashtag and not enough to bother helping with the work to make something real?

no? wtf.  If anyone is ignoring the community, it's luke:

https://github.com/bitcoin-dot-org/Bitcoin.org/pull/3667#issuecomment-830865897

No, not even-- they start mining the empty block without even receiving the block by spying on the stratum output of other miners.

That would be nice, but you can look at the published code to see it isn't so.

In many prior activations at some point after the rules became active some broken miner managed to mine a rule violating block and some other miners who weren't broken but were just not updated yet produced blocks that continued after the invalid one.

Everyone who is updated, including correctly upgraded miners*, will just ignore those blocks like they never happened.  So the invalid block and its descendants will all become stale blocks.

If you aren't upgraded you may see confirmations that go away during such an events, and if you're a miner and not upgraded you will lose money by mining on a doomed fork during such an event.

If *many* people don't upgrade such an instance could be disruptive to the ecosystem, with various services accepting transactions on the invalid fork that will be lost when the valid fork overtakes it.

If for some reason you can't upgrade before activation it would be best to make sure your node(s) connect to the public network exclusively via an upgraded node so the upgraded node will act as a bad block filter.  This works for mining too, since older standard software won't introduce invalidity, only follow it if someone else introduces it.

If you can't even do that but are actively accepting payments, then you should require more confirmations before considering a transaction irreversible.  An extra ten might be a good starting point, depending on how quickly you'd respond do an incident.

If you're not accepting payments it's less critical to upgrade, but its still good to do so that your node can participate in helping the propagation of valid blocks and not propagating invalid blocks.

(*) A number of large miners engage in validationless mining-- they will mine empty blocks after a block without validating it. So confirmation by a string of empty or nearly empty blocks shouldn't treated as confirmation.  The emptyness is actually not a fundamental property but its easiest to implement that way so for now its a reasonable indicator that the miner hasn't actually validated anything.

Well, it does.. and least for some definition of mobile.
Not the point, the issue I'm raising is that chunks of the site aren't indexed at all, not just poorly ranked.

One possibility is that the site is being targeted by parties trying to keep information out of google.  For example, after forum user cy ph er doc (spaces to avoid the same fate for this thread) participated in a scam that ripped off a lot of people he ended up in court over it which resulted in his bitcoin address being posted Bitcointalk.  Although his bitcoin address is still on bitcointalk you can't find any of those pages in google.  So maybe he paid some service to vanish the information from the internet and they're doing something shady to get bct pages removed from google indexes? -- and stuff like that.  Maybe the cumulative effect of various scammers trying to keep pages on bct that expose them out of google might be hurting the sites visibility?

Fair point.

Though I also should have mentioned, you shouldn't sync from just the DNSseed results, you should learn addresses from them.   Syncing just from them results in more uneven distributions of load.  Bitcoin Core works pretty hard to not contact dnsseeds at all and usually only does on first run or after being offline for a long time.

You can request which service flags you want from the seeds.

Pruned nodes do serve blocks-- though only ones near the tip.  (and if you need peers that can serve older blocks ... then ask for those.)

As far as the nodes that you couldn't reach-- they may have gone down recently.  The seeder checks them but only about once a day or so.

They are also severely down weighing anything that isn't HTTPS... but the effect of this is to severely bury tons of great technical/academic/hobby info at the expense of promoting garbage filler sites and social media.

But that decision wouldn't impact bitcointalk.

I have been using duck duck for most of my searches, though it too sucks compared to google of old. -- just differently.  My concern here isn't just me though-- it's about the kind of distortions that hiding BCT threads has on the wider world.

Your bitcoin.conf configured rpcpassword likely had non-permitted characters (such as #) and so it was getting ignored.

I've noticed a large number of my old posts are no longer discoverable via google, maybe on the order of half that I search for (really informally).

Here is an example:

https://bitcointalk.org/index.php?topic=1427885.msg14601127#msg14601127

You should be able to find it by googling for substrings:

Example.

Yet you can't.  In fact, AFAICT, no substring will make google return anything on the first page of that thread.

If you google the thread title you get the second page of the thread and only the second page of the thread.

Duck-duck-go, however, returns it just fine.

I find it pretty demoralizing to have my posts vanish from search indexes, especially because last year Reddit changed so that negative-voted posts don't get search indexed and as a result thousands of posts of mine in rbtc effectively vanished from the internet.

Why was this even supposed to matter? Banks get in trouble for money laundering with some regularity.  They pay their fines (sometimes billions of dollars) and continue on as if nothing ever happened.

Great! So: Two years ago and entirely not about the current activation nonsense.

No that is entirely untrue.  I think I've spent a total of an hour on the subject in the last three months not including time wasted reading the endless pointless shed-painting debates. And much of that hour just testing the activation setup and the rest was mostly correcting a bit of misinfo on reddit.

I am not a Bitcoin developer, I have not been a bitcoin developer for years. I was not materially involved in the discussion around taproot activation.  The article simply made a mistake-- it was corrected before I even knew about it (THANKS to whomever reported the error!).

What the heck?  There are several reports for your post for offtopic/trolling and I'm inclined to agree.  But in the off chance that you are actually just profoundly ignorant:

Lightning is just a technique of using Bitcoin smart contracts to compress multiple Bitcoin transactions into one transaction.   After some setup, I can make a payment to you but not immediately post it to the blockchain, keeping it available to be revised as funds move back and forth. At any time either one of us can post the latest transaction to close it it. Moreover, it's possible to securely and atomically update multiple of these not-yet-final transactions, which makes it possible to pay someone you don't directly have a channel with by updating the balances of a collection of channels.

That's it-- the rest is just implementation.

Through this we can make thousands of payments but only post two transactions to the chain, and as a side benefit these benefits enjoy instant reversibility and improved privacy because they only require the interaction of the participants rather than the global network.  The tradeoff is that the participants need to be online and the underlying wallet software required more engineering effort.

Payment channel support has been built into the transaction format and consensus rules of Bitcoin since day one.  The only transactions involved in lightning are Bitcoin transactions, so it has nothing to do with altcoins.  Your post is extremely similar to saying that posts involving multisig ought to belong in an altcoin subforum.    Guess what: Not everyone uses bitcoin exactly like you do.

Lightning doesn't have anything to do with Bitcoin core,  ... at least today there is no lightning support in Bitcoin Core.  If this subforum were only about Bitcoin core, then I suppose there wouldn't be any lightning stuff in it... but it isn't.

The fact that lightning has its own complexity means that there are plenty of technical things to discuss about it.

This isn't a differential disadvantage.  For any secret sharing scheme, you need data generated at share generation, and for distributed share generation (e,g key wasn't born with a single point of failure) this means data stored from other parties.  So in both cases you need to reliably store information generated at the time of wallet generation.   Bonus, for multisig the information isn't secret--- you can go ahead and post it on your tumblr or whatever, while for secret sharing that data is secret and you could only post it on your tumblr after encrypting it.

In either case, you can just store this extra data with your private keys--  which would be a total non-issue except for the prevalence of stamped metal seed storage or whatever that has no extra room to store any data like that.

In any case, I have an *extremely* negative opinion of secret sharing as a freestanding system.  The tradeoffs it provides are poor, as a result you find it mostly used/implemented by people who aren't thinking carefully, and as a result it doesn't provide its expected positive properties and often hurts security a lot.  Essentially with SSS you are using an underlying cryptographic primitive directly, and pickup the expected bad outcomes from homebrew cryptography.

 https://en.bitcoin.it/wiki/Shamir_Secret_Snakeoil

The point you're trying to make is a valid one, but your expression of it isn't technically correct.  Miners can easily fake their 'support' for any flag, and they often have in the past-- e.g. signaling BTC1 when they weren't running it and had zero intention of ever running it.

So while it's true that miner signaling is sybil resistant,  the mining pools signaling flags don't necessarily have much skin in what they signal, so fairly little incentive to do so honestly.  This is particularly true because the parties with an investment in hardware are hashers (whom don't control the flags) and not pools (who do control the flags.  Many pools have significant altcoin investments and it's not too hard to imagine a kickback or altcoin play making fake signaling in a pool's interest.  Even hashers can move hashpower to altcoins that might gain value if Bitcoin had issues.

You could imagine a scheme where people pay _ethereum_ into a black hole to vote for bitcoin proposals. ... it would be an unfakable measurement, but if anything it would be anti-correlated with the wants and best interest of the Bitcoin community.

More generally,  we should always be careful when we're substituting what we can measure with what we need.  Measuring hashpower is probably only a reliable proxy when people haven't realized that they can game it, and we know for a fact now that they have.

The real unfakable metric is the eventual market price of the asset -- but we can't know that in advance, only make educated guesses.

Sounds like you have it figured out.  I thought I would point out:  It's implemented this way instead of a more obvious way so that the comparison gets compiled to constant time code.  It's also faster than the most simple non-shortcutting comparison.

If constant time wasn't needed the more obvious approach would be faster.  (though that isn't always true-- sometimes constant time code is just faster.  In this case, though only one in 2^64 inputs would need to compare more than the first word in vartime code.)