Oddbean new post about | logout
Jameson Lopp | 9 months ago (raw) | export | reply | flag +26 
 Are node operators sleeping on the job? I take a look at upgrade patterns in my latest post:
https://blog.lopp.net/when-do-bitcoin-node-operators-upgrade/
halalmoney | 9 months ago (raw) | root | parent | reply | flag 
 TIR:

it's a fundamental aspect of Bitcoin's security model that node software does NOT automatically update. Auto-updates would create a single point of failure that could cause a malicious update to quickly spread to a supermajority of nodes on the network. As such, manual action must be taken by node operators to keep their node software up to date. This creates a point of friction and means that node operators must maintain some awareness of project development.
halalmoney | 9 months ago (raw) | root | parent | reply | flag 
 “Bitcoin is a constantly evolving adversarial environment: node operators should be aware that they should not just "set it and forget it" if they want to retain a strong security posture. Running a node to validate your funds against the rules of the network is the path to financial sovereignty, but it also means that you're taking on the same responsibilities as a server administrator!”
cadayton | 9 months ago (raw) | root | parent | reply | flag 
 I try to update annually, but keep my ear to the ground for any major  bug fixes that require an immediate update.   Recently, updated my script that checks on the running status of the Bitcoin stack to report the running version.

https://m.primal.net/HahG.png
Jack D | 9 months ago (raw) | root | parent | reply | flag 
 It's a bummer that security maintenance isn't focused on supporting older version patches over making sure the newest features are added in every release. Please consider that some node operators may not want to take a political stance on a new feature, and in so doing, they may refrain from updating.
HashBros 👣 | 9 months ago (raw) | root | parent | reply | flag 
 But what if I don’t agree with the changes in a new version?
Jameson Lopp | 9 months ago (raw) | root | parent | reply | flag 
 Then you should really find a different well-maintained implementation that you like so that you can continue to receive security patches.
Erik | 9 months ago (raw) | root | parent | reply | flag 
 My publicly accessible node was running 0.21 for a while because I wanted compact block filters. Now I've cut to 26 two weeks after the release because I wanted transport V2.

Sorry, I only like the shine new things 😅
Erik | 9 months ago (raw) | root | parent | reply | flag 
 Just FWIW, I send over 4TB monthly to the network, holding average 100-300 peers at any time. I'm listening ipv4/6, tor and i2p.
Matthew Kuraja | 9 months ago (raw) | root | parent | reply | flag 
 Many times, an app's update just claims "bug fixes" but actually introduced ads, and I couldn't roll it back afterwards.

I'm not saying I worry the same about Bitcoin Core. I'm saying years of dishonest release notes have molded me to not update what hasn't seemed broken to me.
Jameson Lopp | 9 months ago (raw) | root | parent | reply | flag 
 Be aware that critical security updates will not be announced in release notes.

Because doing so puts unpatched nodes at risk.