-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alleviate network penality #106
Conversation
Thanks for submitting! |
If I store files with a miner and its owner declares the miner is in maintenance, how can I retrieve files during the maintenance window? Can the miner just take the storage payment and declare maintenance based on their own needs? This will not be good for clients because the maintenance is unpredictable and it can decrease quality of file storage service. |
A force majeure event might cause retrieve files impossible for the time being whatever if miner declare maintenance or not. To your second point, a daily penalty fee need to be introduced during maintenance to make it economically inefficient for the miners to abuse it, while penalty is not too hash (3.51 br per sector) that miner rather abandon their node and client lose their data once for all. |
My reading of the proposed implementation is that we will need a v15 state migration to correctly implement this FIP: https://github.com/filecoin-project/specs-actors/pull/1440/files#r644859590. If we move forward with this FIP it will need more actor implementation details to move forward. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for submitting this PR and the great discussion in the Core Devs meeting. Summarizing some discussion as well as my own opinion:
- The proposal is well-motivated, natural disasters are rare but do occur
- Unfortunately, compromises Filecoin's storage guarantees about proving storage
- Security considerations definitely need a lot of analysis too
- @jbenet flags that integrating a Natural Disaster Oracle would make this better
I would vote against landing this PR, but we can definitely get more feedback from the community.
(my opinion, not official) First, "maintenance" windows are usually on the order of a few hours at most. If a storage provider told me my data wasn't going to be available for many days, I'd walk away. Filecoin's primary goal is to become a decentralized storage network, so any form of extended maintenance window would set a very bad precedent. Second, depending on the actual problem, downtime may not even be necessary. There are three core operations performed by Filecoin miners:
The difficult part of "moving" is moving the proving operation (sealed sectors). While it would require some implementation work, it's entirely possible to pause/move sealing/mining with no downtime and no protocol changes. So:
|
I think the question @Stebalien is asking above is "are there better ways to achieve the goals of this FIP that don't create forced downtime for Filecoin storage clients?"
This is one proposal - but potentially there are other mitigations that achieve the same desired goal? |
Seems like this FIP needs more discussion before a Draft FIP - moving the conversation to #103. please reopen the PR later when there is a revised the proposal! |
Two FIPs are included in this PR
FIP0016 - Emergency and temporary measure before FIP0017 is realized, network wide penalty alleviation, should only happen when majority of the network power will be cut in short time period and those power can be restored afterward.
FIP0017 - A more sophisticated solution which will allow miners to choose their own maintenance window based on their own situation.