Oddbean new post about | logout
TheGuySwann | 1 months ago (raw) | root | parent | reply | flag +1 
 “Timelocks and multisig have classes of uses beyond lightning so you’re right, it would have been silly to reject them because we didn’t know of the potential of lightning. We already knew other ways they could be used. For example, shared custody.”

You misunderstand my analogy here. It wasn’t that we didn’t understand it’s value because of its, it’s that one didn’t have to defend multisig as a tool by predicting everything that could be built with it to know it was safe. If that was a requirement, then we could never make any changes at all. 

“Imagine you are a systems designer for a nuclear reactor…”

Dude I’ve done dozens of shows on this, you don’t need to argue that this is foundational, nuclear grade software, that this should be treated with utmost care, that upgrades should be extremely limited in scope and well understood. If you are making that argument then we aren’t actually on topic.
TheGuySwann | 1 months ago (raw) | root | parent | reply | flag 
 In order to make sure my “on topic” comment isn’t too vague, I’m saying that we both completely agree on this point and the argument is about *what* the conservative, save for nuclear grade options are.

So to equate CTV with an open API is to misunderstand that I’m saying CTV appears not only the safe, and most conservative option while still getting the functionality we want, but that explicitly comparing it to previous soft forks, it’s *easier* to justify than a bunch of things we’ve already soft forked for.

So what I’m saying is that I agree with basically your entire post. I *disagree* on where CTV falls in that risk profile.
techfeudalist | 1 months ago (raw) | root | parent | reply | flag 
 You say it “appears to be safe”, but have put forward no justification to support that statement. You can’t say just say “trust me” to the bitcoin community. We need the “verify” part too. 


“it’s *easier* to justify than a bunch of things we’ve already soft forked for.”

Sure, but you and I both know that’s not a real argument. Arguing that devs were more reckless in the past doesn’t justify additional reckless protocol changes. That past recklessness explains why we have the witness discount, more spam data in our timechain, and additional centralizing forces on miners. 

Bottom line: if you’re advocating to change the core protocol, you have an obligation to demonstrate that it’s safe and necessary. You owe the community this. And since you have a highly visible platform, you have a duty to use a higher standard of care … a higher bar, if you will.