Bitcoin Forum
October 21, 2018, 11:43:07 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: A replacement Alert System should be considered to promote updates as necessary  (Read 1808 times)
Tesorex
Full Member
***
Offline Offline

Activity: 201
Merit: 100



View Profile
September 19, 2017, 02:22:17 AM
 #21

Hey you want an alert system for Bitcoin Core client or the whole network? why don't you propose it for users to decide if they want it? or we could make it optional but available for users. with alert being implemented you are assuming every user is at their GUI watching the screen to see if an alert going to pop up any time now, if there is a critical issue then users will never know until it effects them which by that time they're already alerted.
1540122187
Hero Member
*
Offline Offline

Posts: 1540122187

View Profile Personal Message (Offline)

Ignore
1540122187
Reply with quote  #2

1540122187
Report to moderator
1540122187
Hero Member
*
Offline Offline

Posts: 1540122187

View Profile Personal Message (Offline)

Ignore
1540122187
Reply with quote  #2

1540122187
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
doctor-s
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
September 19, 2017, 03:07:29 AM
 #22

you want an alert system for Bitcoin Core client or the whole network?

Only talking about clients here.

Without some kind of carefully crafted notification, there will always be users who never ever update. It feels like stagnation is built into this system and it will never be overcome.
It sounds like to me that you're making assumptions which are simply not true, then fixating on particular solutions.
People do upgrade, this is a fact and we've seen it quite clearly in practice.  If you want software to nag users when it's really old, it could do that independent of there being any alert system.

Yes, people do upgrade, but bitcoin software is a special case as consensus rule changes require mass spontaneous upgrades - which doesn't happen with bitcoin currently, and I'd argue, without a direct means of communication to users - can never happen. That is where I am coming from in my above statement.

Without direct communication to your users, how can you accomplish a timely effective update?

So the concern is that if you or any other developer with access to an alert system is compromised,

"with access to" -- instantly you begin by just _presuming_ a centralized hierarchical world with privileged parties that have power over others.

I don't really appreciate the tone here, that's not warranted.
Also, I didn't imply a centralised world, I'm simply referencing one as a common implementation of an alert system - specifically mentioning such an example as something I _don't_ want.

I guess my response would be, doesn't that concern also apply to users simply downloading the software?
No, only _new_ users that downloaded it when it was compromised; not everyone already out there.

Yes, that was implied in my statement. Only new users (or updating users) would be compromised, however, that caveat doesn't negate my point. It is still a point of trust.

To add to that, there are many other points of trust, such as the communication channels suggested in the BIP discussion and wiki page linked in my original post. Forums, reddit, mailing lists are all centralised forms of communication to some degree. All of those suggested alternatives to an alert/notification system require a level of trust. They are not trustless.

You could counter that by saying that users can check the source code, but the reality is apart from some very select people, users aren't reviewing source code,
Most users do not, a few do. If the few that do find problems, they can sound alarms; protecting others (see the prior point).

Yes, this justification applies equally to a client alert/notification system.

prevent malicious developers or compromised developers exerting control.
Multisignature is still trusted and centralized.

Multisignature is better described as semi-decentralised.

It is impossible to have a communication medium that is fully decentralised, it's also not practical, or even warranted.

This would be my preliminary proposal for a "best practice" notification system:

  • Client based - not network based. Each client would be required to implement their own notification system if not yet implemented
  • Multi-sig authoring of notifications. Perhaps by majority of devs
  • Ability to permanently disable each notification by user
  • Multiple "back out" opportunities for users informing them that they are not required to update (when appropriate)
  • Links to open/decentralised discussion channels where the update can be reviewed by peers
Benefits:

* Faster implementation of security improvements
* Faster implementation of consensus rule changes/updates
* Greater likelihood of consensus rule changes/updates
* Faster and more effective communication to users

Downsides:

* Semi-centralisation of update information distribution (in effect no greater than forums, or mailing lists)
* Minuscule risk of notification system being compromised (in reality risk insignificant as would required greater than 50% of devs compromised)
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2534
Merit: 1550



View Profile
September 19, 2017, 05:10:25 AM
 #23

but bitcoin software is a special case as consensus rule changes require mass spontaneous upgrades
No it doesn't, in fact a decenteralized system cannot change like that. If bitcoin can be forced into "mandatory mass upgrades" then it has failed.

Moreover, well constructed changes in consensus rules are detected and responded to by existing software:

(And not just at the change, but in advance too!)



Quote
I don't really appreciate the tone here, that's not warranted.
I apologize for offending, but you appear to be wading in somewhat uninformed and telling other people what they should do. This is very insulting.  I don't mean to offend, but with your approach you are going to get a blunt response.

Quote
Also, I didn't imply a centralised world,
Perhaps you didn't intend to, but a world where we depend on trusted parties with special secret keys that have special powers is that kind of world.

Quote
original post. Forums, reddit, mailing lists are all centralised forms of communication to some degree. All of those suggested alternatives to an alert/notification system require a level of trust. They are not trustless.
And none are official, people use all of them and many more.  There are singular methods of communication that are highly controlled but communication between people is not.

Quote
Yes, this justification applies equally to a client alert/notification system.
It does not, because a message displayed on your screen commanding urgent and immediate action does not provide a timeframe for public review and communication to take place.

Quote
Multisignature is better described as semi-decentralised.
It depends on a trusted authority, the that the authority is a (perhaps informal) corporation rather than a natural person doesn't change the fact that such a system has a fixed center. Not only should users not want to depend on one, prudent parties don't want to be one because of the generation of completely uncompensated risk. (It becomes attractive to compromise or even kidnap key holders in order to generate false notices; no one pays us to take on risks like that so we want.  The kind of people who wouldn't care about that are the kind of people who on no account should you ever trust with it...)

Quote
This would be my preliminary proposal for a "best practice" notification system:

You will have more luck with proposals if you first demonstrate empathy and a high degree of understanding. I don't feel that you are doing that here. In particular, the claims that consensus systems require sudden/unexpected changes or that we're currently not able to have users detect consensus rule changes -- when we already have mechanisms for this which work.

Bitcoin will not be compromised
Argon2
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
September 19, 2017, 07:43:29 AM
 #24

Promotes Centralization - NACK
doctor-s
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
September 19, 2017, 12:22:15 PM
 #25

Yes, this justification applies equally to a client alert/notification system.
It does not, because a message displayed on your screen commanding urgent and immediate action does not provide a timeframe for public review and communication to take place.

But this is my point. This depends entirely upon what message is displayed, and how it is displayed. There are good ways of doing notification, and bad ways.
What you've described above is not what I have said in my posts on this topic. I agree I don't want a notification "commanding urgent and immediate action". But I do still think notifications have their place.


Multisignature is better described as semi-decentralised.
It depends on a trusted authority, the that the authority is a (perhaps informal) corporation rather than a natural person doesn't change the fact that such a system has a fixed center.

I don't understand what you mean when you refer to a singular "trusted authority". A multisignature system could be setup where you have a 5-of-10, or even a 20-of-30 (or any you consider appropriate), where a set of developers are able to issue notification. The notification multisignature system would be built into the client-release, and should be similar in working to the current development consensus building. In such a system a large number of qualified individuals would form an agreement, directly related to the work that they were carrying out.

If you're referring to the actual notification being the "trusted authority", again, I think that this is based on a very narrow assumption that the notification will be written and presented in a certain way. There are many different ways to write and present notifications.



Promotes Centralization - NACK

Please have the courtesy to actually read some previous posts on this topic before putting in a low effort comment like that.

A well designed notification system does not necessarily promote centralisation.
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1554
Merit: 1704


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
September 19, 2017, 02:03:04 PM
 #26

I don't understand what you mean when you refer to a singular "trusted authority".
The trusted authority is the group "Bitcoin Core developers" in general. It doesn't matter that there are multiple people in that group who would have to sign off on an alert, they are a trusted authority as they are part of the group "Bitcoin Core developers". Because those developers are part of the same group, they, as an entity, may decide to publish an alert for something which users may not want. Users have to trust that the group as a whole does not partake in any malicious behavior.

doctor-s
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
September 21, 2017, 12:32:59 PM
 #27

I don't understand what you mean when you refer to a singular "trusted authority".
Users have to trust that the group as a whole does not partake in any malicious behavior.

But this level of trust is already existent with the development of the reference client?
Carlton Banks
Legendary
*
Offline Offline

Activity: 2156
Merit: 1380



View Profile
September 21, 2017, 02:23:31 PM
 #28

I don't understand what you mean when you refer to a singular "trusted authority".
Users have to trust that the group as a whole does not partake in any malicious behavior.

But this level of trust is already existent with the development of the reference client?


No.

Users can choose to use new versions of the software, if at all. But they cannot choose whether or not to receive alert messages.


Current situation is a good compromise; you're wrong, the alert system still exists, but it's determined by the software, and has a narrower range of events for which alerts are sent.

The behaviour you're seeking could be added programmatically (i.e. without requiring human input), you could write the code and submit it as a pull request for review.

Vires in numeris
doctor-s
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
September 21, 2017, 11:45:09 PM
 #29

That's a distinction without a difference. You're saying people can ignore updated software, people can ignore notifications as well.
Tesorex
Full Member
***
Offline Offline

Activity: 201
Merit: 100



View Profile
September 22, 2017, 01:11:03 AM
 #30

You are asking here why are you asking? in Bitcoin you don't ask you suggest, if you are asking with a hope of some particular individuals consider your request then you already determined your stand here, you speak as if you are speaking with a central authority with power to change things but not even developers could do what you asking and even if they could do it then it will be up to users to run that version with alert activated on.
Stop talking to them like they are in charge, I believe that's what they are trying to tell you that there shouldn't be a central source of news and updates.
Carlton Banks
Legendary
*
Offline Offline

Activity: 2156
Merit: 1380



View Profile
September 22, 2017, 10:07:19 AM
 #31

That's a distinction without a difference. You're saying people can ignore updated software, people can ignore notifications as well.

That would be correct, if it was what I said. But subtly, that's not what I said. You should read (and write) more carefully.

Vires in numeris
cr1776
Legendary
*
Offline Offline

Activity: 2030
Merit: 1009


View Profile
September 22, 2017, 01:42:46 PM
 #32

That's a distinction without a difference. You're saying people can ignore updated software, people can ignore notifications as well.

As you probably are aware, anyone is welcome to fork Bitcoin Core and re-add the Alert System to it - even the code is out there to re-merge.  Provide the multi-sig keys to whatever group you deem trustworthy, publish that list, and then convince the people who run nodes that the Alert System is a positive for them and have them use your fork.  If indeed it is a good idea, then I suspect that many nodes would update to the Alert System fork since it doesn't involve a blockchain fork or changes to consensus rules.  If people do not believe that it is a useful feature, then they won't use that fork.

As an alternative, you could easily write some very simple software that does this and this alone and convince people who run nodes to run this Alert System software since it would be non-resource intensive.  Or just recommend people who run nodes to monitor IRC, forums, reedit, the bitcoin-dev/disc lists etc.

 Smiley

Cøbra
Bitcoin.org domain administrator
Member
**
Offline Offline

Activity: 82
Merit: 33


View Profile WWW
September 24, 2017, 07:53:49 PM
 #33

Why does the alert system have to be in the software itself? Maybe users could be given the option to subscribe via email to receive updates and other information when downloading from https://bitcoin.org/en/download. If you present it well, you can get the email addresses of most of the people downloading the software, then you can just reach them through email whenever you need to inform them about a new version of the software or an issue with the network. Most people do actually check their email often, so you get similar reach as you would with bundling the alert system into the software itself.
doctor-s
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
September 25, 2017, 06:40:38 AM
 #34

Why does the alert system have to be in the software itself?

Simply because it ensures that anyone who is running software, is made aware of updates/changes/etc.

It would be interesting to know how many 'zombie nodes' are out there - nodes run without any input or oversight that will most likely never upgrade. Probably impossible to determine short of a software survey with user input and some kind of way of measuring historic uptime.

Maybe users could be given the option to subscribe via email to receive updates and other information when downloading

That maybe a worthwhile alternative option/stepping stone.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!