Alerts: first version of invalid v3 blocks

[harding]

Previews:

• http://dg0.dtrt.org/ (main page, alerts banner)
• http://dg0.dtrt.org/en/alert/2015-07-04-spv-mining (message first draft)

I'll merge this version as soon as it gets an ack from someone knowledgable about the situation, and then begin working on a longer and more detailed version.

[theymos]

The good chain has overtaken the bad chain now, so I'm not sure that this is necessary.

[luke-jr]

@theymos v2 miners can still make 1 or 2 block false-confirmation for SPV/old nodes, and as long as F2Pool is "SPV mining", they will extend it even longer. So it's not really resolved until at least F2Pool fixes their stuff.

[ABISprotocol]

David,

Wasn't it supposed to be something like "make sure and update your SPV
wallet to the most current version immediately" or something? Because
the way it is currently worded makes it sound like you have to switch
to Core and there's no other way.

Correct me if I'm wrong though

Previews:

• http://dg0.dtrt.org/ (main page, alerts banner) *
  http://dg0.dtrt.org/en/alert/2015-07-04-spv-mining (message first
  draft)

I'll merge this version as soon as it gets an ack from someone
knowledgable about the situation, and then begin working on a
longer and more detailed version.

[luke-jr]

@ABISprotocol BitcoinJ has not been fixed and remains vulnerable in all versions.

[harding]

@ABISprotocol no, upgrading your SPV wallet won't help; it's a fundamental problem with SPV wallets---they trust the longest chain, even if it's an invalid chain.

[theymos]

@luke-jr Good point. I'm OK with merging this, then. Though it might be less panic-inducing to tell people to wait for ~30 confirmations if they're using the affected wallet software instead of telling them to stop accepting transactions completely.

[petertodd]

"and will remain so until all miners have switch back to full validation, and the remaining miners who have not upgraded to support BIP66 upgrade."

[harding]

@theymos changing it to 30 confirmations per discussion on IRC. After that I'm going to push it to the site and start on a more detailed notice.

Any comments left here will be incorporated into the more detailed version, and I'll post here with the PR number for the more detailed version when it's available.

[saivann]

@harding When displaying a panic alert in red, I think it's very important to make it clear what is the risk, and what isn't. For instance, mention clearly that people's existing bitcoins are safe. For example:

What you should do

Miners

...

Users

Your current bitcoins are safe. However if you are receiving a payment, there is a higher risk of double-spend fraud until the issue is fixed.

Bitcoin Core users should upgrade to Bitcoin Core 0.9.5 or later.

...

[ABISprotocol]

So, you're telling me that everyone using an SPV wallet should just upgrade to Core? I'd like to hear more people weigh in on that, it sounds like you are saying "all is lost" for all SPV wallets forever, abandon all hope all ye who enter here. A bit hasty.

I would say hold off on that merge and wait for more comments, please.

@ABISprotocol https://github.com/ABISprotocol no, upgrading your
SPV wallet won't help; it's a fundamental problem with SPV
wallets---they trust the longest chain, even if it's an invalid
chain.

[harding]

@saivann I like the "your current bitcoins are safe". I'll do that.

[luke-jr]

@ABISprotocol Light "SPV" nodes are inherently vulnerable to attacks, and the malfunctioning miners are effectively performing those attacks.

[petertodd]

@harding +1

[ABISprotocol]

How about someone go talk to F2Pool? Not exactly problem solved, but then at least, part of this would be resolved, then you wouldn't have people screaming "run for the exits, y'all."

I see no need to tell people they need to bail on their SPV software forevah when simply a phone call or bitmessage to F2Pool might actually be what needs to be done...

just my three bits

@theymos https://github.com/theymos v2 miners can still make 1 or
2 block false-confirmation for SPV/old nodes, and as long as F2Pool
is "SPV mining", they will extend it even longer. So it's not
really resolved until at least F2Pool fixes their stuff.

[harding]

@saivann when this is over, we should setup a shared google doc between everyone here and the other core devs to make joint alert editing easier.

[luke-jr]

@ABISprotocol They have been informed, but there is no confirmation yet that it has been fixed. In any case, even after they fix it, there remains 5% of the former miners working on invalid blocks.

[harding]

New commit addressing feedback from @saivann and others. Preview updated.

[ABISprotocol]

For people who are basically hearing about this but are ok with it all, but don't want to update to Core, they'll shut down their SPV client and wait it out. Some will update to Core.

But what will happen if people just keep using SPVs as is likely the case? People aren't going to just shut down all their SPV wallets and go hustling over to Core. That's kind of a large change for most
people using SPVs and in fact there are a lot of people who originally used Core and switched to SPVs and have no plans on going back...

Point of clarity... I am assuming that this alert is intended for all users and not just for users who are SPV mining... so if all you do is have an SPV wallet and you use it for ordinary transactions... then you still should be concerned.

So, what will happen? Am I correct to assume that basically there is just another fork (or actually, longest valid chain)? At some point, the "Longest valid chain is the valid chain, in the eyes of the original Bitcoin client" (per aaaaaaaarrrrrgh on reddit), therefore, can a person with a SPV client simply keep their SPV wallet off and wait for this drama to end, and then when it all resolves, turn it back on?

Curious to know.

@ABISprotocol https://github.com/ABISprotocol Light "SPV" nodes
are inherently vulnerable to attacks, and the malfunctioning miners
are effectively performing those attacks.

[saivann]

@harding I think that's excellent and as soon as @luke-jr or @petertodd ACK, this should be merged (further improvements can be made if needed).

[luke-jr]

@ABISprotocol Yes, ignoring the SPV wallet until the situation is over (which may be weeks) is a sound approach. SPV wallets might release an update in the meantime to filter out this particular problem.

P.S. Please stop quoting and PGP signing your comments. :(

[petertodd]

To be clear, for Bitcoin Core users running >=0.10.0 (or 0.9.5) the situation never happened.

[petertodd]

ACK

[harding]

@petertodd thanks for the ack. Merging now.

Everyone: please post suggested refinements here and I'll incorporate them in the update. Thanks!

[luke-jr]

2 more changes: 1) perhaps express uncertainty as to F2Pool's current state; 2) Eligius is misspelled

[saivann]

@harding s/transations/transactions/

[saivann]

@harding Note; You might want to wait for the alert to be displayed before pushing additional commits, because that will otherwise cancel the ongoing build and slow down the update.

[harding]

@saivann & @luke-jr pushed 6ec2551 to master with typo fixes only.

@saivann I was justed telling Luke on IRC that we needed to wait in order to prevent restarting the build. :-)

[GandalfBitcoin]

AntPool seemed to be "SPV-mining" too, due to this block:
https://blockchain.info/block-height/363734

[harding]

@GandalfBitcoin it looks like Peter and Luke are discussing on IRC how probable it is that block indicates SPV mining. I'll see what they conclude before updating. Thanks :-)

[harding]

Pushed 756dc81 to master moving f2pool to the good list and removing Antpool since there's some doubt as to what they're doing. (I don't think we need to list every safe pool; just provide a few options.)

[saivann]

@harding The commit was on your repository only. I pushed it to master and added another commit to remove an extra HTML tag.

[harding]

@saivann oh, thanks!