📅 Original date posted:2014-12-16
📝 Original message:Thank you Jeff.
Having looked at a lot of linux code, and now a lot of bitcoin code, the
biggest long-term systemic risk I see is that Bitcoin has is the lack of
code janitors.
The problem is that janitoring was *disruptive* for non-x86 linux architectures
when it first got going, and it's going to be very disruptive for bitcoin as
well, but it **needs** to happen.
The code is too complex and hard to follow as it is now. (now, I could just
be speaking because I haven't paid the social debt of looking at the latest
bitcoin code, including libconsensus), but there really needs to be a focus
on readability, maintainability, and (as much as I hate to say it) a rather
hard-line policy on coding standards.
I don't care which tabbing style or column width you pick, but **pick one**,
and enforce it across the entire codebase.
Maybe this should be bitcoin-stable, and bitcoin-devel, with a 6-9 month
social expectation of minimal cosmetic changes in -stable, with a 1 month
'merge window' where -devel turns into -stable.
On Tue, Dec 16, 2014 at 12:59:06PM -0500, Jeff Garzik wrote:
> It can be useful to review open source development processes from time to
> time. This reddit thread[1] serves use both as a case study, and also a
> moment of OSS process introduction for newbies.
> [1]
> http://www.reddit.com/r/Bitcoin/comments/2pd0zy/peter_todd_is_saying_shoddy_development_on_v010/
>
>
>
>
> *Dirty Laundry*
> When building businesses or commercial software projects, outsiders
> typically hear little about the internals of project development. The
> public only hears what the companies release, which is prepped and
> polished. Internal disagreements, schedule slips, engineer fistfights are
> all unseen.
>
> Open source development is the opposite. The goal is radical
> transparency. Inevitably there is private chatter (0day bugs etc.), but
> the default is openness. This means that is it normal practice to "air
> dirty laundry in public." Engineers will disagree, sometimes quietly,
> sometimes loudly, sometimes rudely and with ad hominem attacks. On the
> Internet, there is a pile-on effect, where informed and uninformed
> supporters add their 0.02 BTC.
>
> Competing interests cloud the issues further. Engineers are typically
> employed by an organization, as a technology matures. Those organizations
> have different strategies and motivations. These organizations will
> sponsor work they find beneficial. Sometimes those orgs are non-profit
> foundations, sometimes for-profit corporations. Sometimes that work is
> maintenance ("keep it running"), sometimes that work is developing new,
> competitive features that company feels will give it a better market
> position. In a transparent development environment, all parties are
> hyperaware of these competing interests. Internet natterers painstakingly
> document and repeat every conspiracy theory about Bitcoin Foundation,
> Blockstream, BitPay, various altcoin developers, and more as a result of
> these competing interests.
>
> Bitcoin and altcoin development adds an interesting new dimension.
> Sometimes engineers have a more direct conflict of interest, in that the
> technology they are developing is also potentially their road to instant
> $millions. Investors, amateur and professional, have direct stakes in a
> certain coin or coin technology. Engineers also have an emotional stake in
> technology they design and nurture. This results in incentives where
> supporters of a non-bitcoin technology work very hard to thump bitcoin.
> And vice versa. Even inside bitcoin, you see "tree chains vs. side chains"
> threads of a similar stripe. This can lead to a very skewed debate.
>
> That should not distract from the engineering discussion. Starting from
> first principles, Assume Good Faith[2]. Most engineers in open source tend
> to mean what they say. Typically they speak for themselves first, and
> their employers value that engineer's freedom of opinion. Pay attention to
> the engineers actually working on the technology, and less attention to the
> noise bubbling around the Internet like the kindergarten game of grapevine.
> [2] http://en.wikipedia.org/wiki/Wikipedia:Assume_good_faith
>
> Being open and transparent means engineering disagreements happen in
> public. This is normal. Open source engineers live an aquarium life[3].
> [3] https://www.youtube.com/watch?v=QKe-aO44R7k
>
>
>
>
> *What the fork?*
> In this case, a tweet suggests consensus bug risks, which reddit account
> "treeorsidechains" hyperbolizes into a dramatic headline[1]. However, the
> headline would seem to be the opposite of the truth. Several changes were
> merged during 0.10 development which move snippets of source code into new
> files and new sub-directories. The general direction of this work is
> creating a "libconsensus" library that carefully encapsulates consensus
> code in a manner usable by external projects. This is a good thing.
>
> The development was performed quite responsible: Multiple developers would
> verify each cosmetic change, ensuring no behavior changes had been
> accidentally (or maliciously!) introduced. Each pull request receives a
> full multi-platform build + automated testing, over and above individual
> dev testing. Comparisons at the assembly language level were sometimes
> made in critical areas, to ensure zero before-and-after change. Each
> transformation gets the Bitcoin Core codebase to a more sustainable, more
> reusable state.
>
> Certainly zero-change is the most conservative approach. Strictly speaking,
> that has the lowest consensus risk. But that is a short term mentality.
> Both Bitcoin Core and the larger ecosystem will benefit when the "hairball"
> pile of source code is cleaned up. Progress has been made on that front in
> the past 2 years, and continues. *Long term*, combined with the
> "libconsensus" work, that leads to less community-wide risk.
>
> The key is balance. Continue software engineering practices -- like those
> just mentioned above -- that enable change with least consensus risk. Part
> of those practices is review at each step of the development process:
> social media thought bubble, mailing list post, pull request, git merge,
> pre-release & release. It probably seems chaotic at times. In effect,
> git[hub] and the Internet enable a dynamic system of review and feedback,
> where each stage provides a check-and-balance for bad ideas and bad
> software changes. It's a human process, designed to acknowledge and handle
> that human engineers are fallible and might make mistakes (or be
> coerced/under duress!). History and field experience will be the ultimate
> judge, but I think Bitcoin Core is doing good on this score, all things
> considered.
>
> At the end of the day, while no change is without risk, version 0.10 work
> was done with attention to consensus risk at multiple levels (not just
> short term).
>
>
>
>
> *Technical and social debt*
> Working on the Linux kernel was an interesting experience that combined
> git-driven parallel development and a similar source code hairball. One of
> the things that quickly became apparent is that cosmetic patches,
> especially code movement, was hugely disruptive. Some even termed it
> anti-social. To understand why, it is important to consider how modern
> software changes are developed:
>
> Developers work in parallel on their personal computers to develop XYZ
> change, then submit their change "upstream" as a github pull request. Then
> time passes. If code movement and refactoring changes are accepted
> upstream before XYZ, then the developer is forced update XYZ -- typically
> trivial fixes, re-review XYZ, and re-test XYZ to ensure it remains in a
> known-working state.
>
> Seemingly cosmetic changes such as code movement have a ripple effect on
> participating developers, and wider developer community. Every developer
> who is *not* immediately merged upstream must bear the costs of updating
> their unmerged work.
>
> Normally, this is expected. Encouraging developers to build on top of
> "upstream" produces virtuous cycles.
>
> However, a constant stream of code movement and cosmetic changes may
> produce a constant stream of disruption to developers working on
> non-trivial features that take a bit longer to develop before going
> upstream. Trivial changes are encouraged, and non-trivial changes face a
> binary choice of (a) be merged immediately or (b) bear added re-base,
> re-view, re-test costs.
>
> Taken over a timescale of months, I argue that a steady stream of cosmetic
> code movement changes serves as a disincentive to developers working with
> upstream. Each upstream breakage has a ripple effect to all developers
> downstream, and imposes some added chance of newly introduced bugs on
> downstream developers. I'll call this "social debt", a sort of technical
> debt[4] for developers.
> [4] http://en.wikipedia.org/wiki/Technical_debt
>
> As mentioned above, the libconsensus and code movement work is a net gain.
> The codebase needs cleaning up. Each change however incurs a little bit of
> social debt. Life is a little bit harder on people trying to get work into
> the tree. Developers are a little bit more discouraged at the busy-work
> they must perform. Non-trivial pull requests take a little bit longer to
> approve, because they take a little bit more work to rebase (again).
>
> A steady flow of code movement and cosmetic breakage into the tree may be a
> net gain, but it also incurs a *lot* of social debt. In such situations,
> developers find that tested, working out-of-tree code repeatedly stops
> working *during the process of trying to get that work in-tree*. Taken
> over time, it discourages working on the tree. It is rational to sit back,
> *not* work on the tree, let the breakage stop, and then pick up the pieces.
>
>
>
>
> *Paradox Unwound*
> Bitcoin Core, then, is pulled in opposite directions by a familiar
> problem. It is generally agreed that the codebase needs further
> refactoring. That's not just isolated engineer nit-picking. However, for
> non-trivial projects, refactoring is always anti-social in the short term.
> It impacts projects other than your own, projects you don't even know
> about. One change causes work for N developers. Given these twin opposing
> goals, the key, as ever, is finding the right balance.
>
> Much like "feature freeze" in other software projects, developing a policy
> that opens and closes windows for code movement and major disruptive
> changes seems prudent. One week of code movement & cosmetics followed by 3
> weeks without, for example. Part of open source parallel development
> is *social
> signalling*: Signal to developers when certain changes are favored or not,
> then trust they can handle the rest from there.
>
> While recent code movement commits themselves are individually ACK-worthy,
> professionally executed and moving towards a positive goal, I think the
> project could strike a better balance when it comes to disruptive cosmetic
> changes, a balance that better encourages developers to work on more
> involved Bitcoin Core projects.
Troy Benjegerdes [ARCHIVE] /
npub1m6…rdjn5
2023-06-07 17:28:08
in reply to nevent1q…zx0p
Author Public Key
npub1m6p5kgcd428x6pxyfege98zjmlwrdhp0gyz6pdnsvrvalscddnxqurdjn5Published at
2023-06-07 17:28:08Event JSON
{
"id": "3d3d44f136105c318c188db90dc3cb8b21cba661cd68a9adba0127e6efd7cde3",
"pubkey": "de834b230daa8e6d04c44e51929c52dfdc36dc2f4105a0b67060d9dfc30d6ccc",
"created_at": 1686151688,
"kind": 1,
"tags": [
[
"e",
"dd716f1e7faf032c91b65518e9dd569a17c376058d94f8b231649ad35a5fa5c1",
"",
"root"
],
[
"e",
"96863ef350b2385231cbde0bff9171481f4ab62395ac29a8c7ca24898e9eb47d",
"",
"reply"
],
[
"p",
"b25e10e25d470d9b215521b50da0dfe7a209bec7fedeb53860c3e180ffdc8c11"
]
],
"content": "📅 Original date posted:2014-12-16\n📝 Original message:Thank you Jeff.\n\nHaving looked at a lot of linux code, and now a lot of bitcoin code, the\nbiggest long-term systemic risk I see is that Bitcoin has is the lack of \ncode janitors.\n\nThe problem is that janitoring was *disruptive* for non-x86 linux architectures\nwhen it first got going, and it's going to be very disruptive for bitcoin as\nwell, but it **needs** to happen. \n\nThe code is too complex and hard to follow as it is now. (now, I could just\nbe speaking because I haven't paid the social debt of looking at the latest\nbitcoin code, including libconsensus), but there really needs to be a focus\non readability, maintainability, and (as much as I hate to say it) a rather\nhard-line policy on coding standards.\n\nI don't care which tabbing style or column width you pick, but **pick one**,\nand enforce it across the entire codebase.\n\nMaybe this should be bitcoin-stable, and bitcoin-devel, with a 6-9 month\nsocial expectation of minimal cosmetic changes in -stable, with a 1 month\n'merge window' where -devel turns into -stable.\n\n\nOn Tue, Dec 16, 2014 at 12:59:06PM -0500, Jeff Garzik wrote:\n\u003e It can be useful to review open source development processes from time to\n\u003e time. This reddit thread[1] serves use both as a case study, and also a\n\u003e moment of OSS process introduction for newbies.\n\u003e [1]\n\u003e http://www.reddit.com/r/Bitcoin/comments/2pd0zy/peter_todd_is_saying_shoddy_development_on_v010/\n\u003e \n\u003e \n\u003e \n\u003e \n\u003e *Dirty Laundry*\n\u003e When building businesses or commercial software projects, outsiders\n\u003e typically hear little about the internals of project development. The\n\u003e public only hears what the companies release, which is prepped and\n\u003e polished. Internal disagreements, schedule slips, engineer fistfights are\n\u003e all unseen.\n\u003e \n\u003e Open source development is the opposite. The goal is radical\n\u003e transparency. Inevitably there is private chatter (0day bugs etc.), but\n\u003e the default is openness. This means that is it normal practice to \"air\n\u003e dirty laundry in public.\" Engineers will disagree, sometimes quietly,\n\u003e sometimes loudly, sometimes rudely and with ad hominem attacks. On the\n\u003e Internet, there is a pile-on effect, where informed and uninformed\n\u003e supporters add their 0.02 BTC.\n\u003e \n\u003e Competing interests cloud the issues further. Engineers are typically\n\u003e employed by an organization, as a technology matures. Those organizations\n\u003e have different strategies and motivations. These organizations will\n\u003e sponsor work they find beneficial. Sometimes those orgs are non-profit\n\u003e foundations, sometimes for-profit corporations. Sometimes that work is\n\u003e maintenance (\"keep it running\"), sometimes that work is developing new,\n\u003e competitive features that company feels will give it a better market\n\u003e position. In a transparent development environment, all parties are\n\u003e hyperaware of these competing interests. Internet natterers painstakingly\n\u003e document and repeat every conspiracy theory about Bitcoin Foundation,\n\u003e Blockstream, BitPay, various altcoin developers, and more as a result of\n\u003e these competing interests.\n\u003e \n\u003e Bitcoin and altcoin development adds an interesting new dimension.\n\u003e Sometimes engineers have a more direct conflict of interest, in that the\n\u003e technology they are developing is also potentially their road to instant\n\u003e $millions. Investors, amateur and professional, have direct stakes in a\n\u003e certain coin or coin technology. Engineers also have an emotional stake in\n\u003e technology they design and nurture. This results in incentives where\n\u003e supporters of a non-bitcoin technology work very hard to thump bitcoin.\n\u003e And vice versa. Even inside bitcoin, you see \"tree chains vs. side chains\"\n\u003e threads of a similar stripe. This can lead to a very skewed debate.\n\u003e \n\u003e That should not distract from the engineering discussion. Starting from\n\u003e first principles, Assume Good Faith[2]. Most engineers in open source tend\n\u003e to mean what they say. Typically they speak for themselves first, and\n\u003e their employers value that engineer's freedom of opinion. Pay attention to\n\u003e the engineers actually working on the technology, and less attention to the\n\u003e noise bubbling around the Internet like the kindergarten game of grapevine.\n\u003e [2] http://en.wikipedia.org/wiki/Wikipedia:Assume_good_faith\n\u003e \n\u003e Being open and transparent means engineering disagreements happen in\n\u003e public. This is normal. Open source engineers live an aquarium life[3].\n\u003e [3] https://www.youtube.com/watch?v=QKe-aO44R7k\n\u003e \n\u003e \n\u003e \n\u003e \n\u003e *What the fork?*\n\u003e In this case, a tweet suggests consensus bug risks, which reddit account\n\u003e \"treeorsidechains\" hyperbolizes into a dramatic headline[1]. However, the\n\u003e headline would seem to be the opposite of the truth. Several changes were\n\u003e merged during 0.10 development which move snippets of source code into new\n\u003e files and new sub-directories. The general direction of this work is\n\u003e creating a \"libconsensus\" library that carefully encapsulates consensus\n\u003e code in a manner usable by external projects. This is a good thing.\n\u003e \n\u003e The development was performed quite responsible: Multiple developers would\n\u003e verify each cosmetic change, ensuring no behavior changes had been\n\u003e accidentally (or maliciously!) introduced. Each pull request receives a\n\u003e full multi-platform build + automated testing, over and above individual\n\u003e dev testing. Comparisons at the assembly language level were sometimes\n\u003e made in critical areas, to ensure zero before-and-after change. Each\n\u003e transformation gets the Bitcoin Core codebase to a more sustainable, more\n\u003e reusable state.\n\u003e \n\u003e Certainly zero-change is the most conservative approach. Strictly speaking,\n\u003e that has the lowest consensus risk. But that is a short term mentality.\n\u003e Both Bitcoin Core and the larger ecosystem will benefit when the \"hairball\"\n\u003e pile of source code is cleaned up. Progress has been made on that front in\n\u003e the past 2 years, and continues. *Long term*, combined with the\n\u003e \"libconsensus\" work, that leads to less community-wide risk.\n\u003e \n\u003e The key is balance. Continue software engineering practices -- like those\n\u003e just mentioned above -- that enable change with least consensus risk. Part\n\u003e of those practices is review at each step of the development process:\n\u003e social media thought bubble, mailing list post, pull request, git merge,\n\u003e pre-release \u0026 release. It probably seems chaotic at times. In effect,\n\u003e git[hub] and the Internet enable a dynamic system of review and feedback,\n\u003e where each stage provides a check-and-balance for bad ideas and bad\n\u003e software changes. It's a human process, designed to acknowledge and handle\n\u003e that human engineers are fallible and might make mistakes (or be\n\u003e coerced/under duress!). History and field experience will be the ultimate\n\u003e judge, but I think Bitcoin Core is doing good on this score, all things\n\u003e considered.\n\u003e \n\u003e At the end of the day, while no change is without risk, version 0.10 work\n\u003e was done with attention to consensus risk at multiple levels (not just\n\u003e short term).\n\u003e \n\u003e \n\u003e \n\u003e \n\u003e *Technical and social debt*\n\u003e Working on the Linux kernel was an interesting experience that combined\n\u003e git-driven parallel development and a similar source code hairball. One of\n\u003e the things that quickly became apparent is that cosmetic patches,\n\u003e especially code movement, was hugely disruptive. Some even termed it\n\u003e anti-social. To understand why, it is important to consider how modern\n\u003e software changes are developed:\n\u003e \n\u003e Developers work in parallel on their personal computers to develop XYZ\n\u003e change, then submit their change \"upstream\" as a github pull request. Then\n\u003e time passes. If code movement and refactoring changes are accepted\n\u003e upstream before XYZ, then the developer is forced update XYZ -- typically\n\u003e trivial fixes, re-review XYZ, and re-test XYZ to ensure it remains in a\n\u003e known-working state.\n\u003e \n\u003e Seemingly cosmetic changes such as code movement have a ripple effect on\n\u003e participating developers, and wider developer community. Every developer\n\u003e who is *not* immediately merged upstream must bear the costs of updating\n\u003e their unmerged work.\n\u003e \n\u003e Normally, this is expected. Encouraging developers to build on top of\n\u003e \"upstream\" produces virtuous cycles.\n\u003e \n\u003e However, a constant stream of code movement and cosmetic changes may\n\u003e produce a constant stream of disruption to developers working on\n\u003e non-trivial features that take a bit longer to develop before going\n\u003e upstream. Trivial changes are encouraged, and non-trivial changes face a\n\u003e binary choice of (a) be merged immediately or (b) bear added re-base,\n\u003e re-view, re-test costs.\n\u003e \n\u003e Taken over a timescale of months, I argue that a steady stream of cosmetic\n\u003e code movement changes serves as a disincentive to developers working with\n\u003e upstream. Each upstream breakage has a ripple effect to all developers\n\u003e downstream, and imposes some added chance of newly introduced bugs on\n\u003e downstream developers. I'll call this \"social debt\", a sort of technical\n\u003e debt[4] for developers.\n\u003e [4] http://en.wikipedia.org/wiki/Technical_debt\n\u003e \n\u003e As mentioned above, the libconsensus and code movement work is a net gain.\n\u003e The codebase needs cleaning up. Each change however incurs a little bit of\n\u003e social debt. Life is a little bit harder on people trying to get work into\n\u003e the tree. Developers are a little bit more discouraged at the busy-work\n\u003e they must perform. Non-trivial pull requests take a little bit longer to\n\u003e approve, because they take a little bit more work to rebase (again).\n\u003e \n\u003e A steady flow of code movement and cosmetic breakage into the tree may be a\n\u003e net gain, but it also incurs a *lot* of social debt. In such situations,\n\u003e developers find that tested, working out-of-tree code repeatedly stops\n\u003e working *during the process of trying to get that work in-tree*. Taken\n\u003e over time, it discourages working on the tree. It is rational to sit back,\n\u003e *not* work on the tree, let the breakage stop, and then pick up the pieces.\n\u003e \n\u003e \n\u003e \n\u003e \n\u003e *Paradox Unwound*\n\u003e Bitcoin Core, then, is pulled in opposite directions by a familiar\n\u003e problem. It is generally agreed that the codebase needs further\n\u003e refactoring. That's not just isolated engineer nit-picking. However, for\n\u003e non-trivial projects, refactoring is always anti-social in the short term.\n\u003e It impacts projects other than your own, projects you don't even know\n\u003e about. One change causes work for N developers. Given these twin opposing\n\u003e goals, the key, as ever, is finding the right balance.\n\u003e \n\u003e Much like \"feature freeze\" in other software projects, developing a policy\n\u003e that opens and closes windows for code movement and major disruptive\n\u003e changes seems prudent. One week of code movement \u0026 cosmetics followed by 3\n\u003e weeks without, for example. Part of open source parallel development\n\u003e is *social\n\u003e signalling*: Signal to developers when certain changes are favored or not,\n\u003e then trust they can handle the rest from there.\n\u003e \n\u003e While recent code movement commits themselves are individually ACK-worthy,\n\u003e professionally executed and moving towards a positive goal, I think the\n\u003e project could strike a better balance when it comes to disruptive cosmetic\n\u003e changes, a balance that better encourages developers to work on more\n\u003e involved Bitcoin Core projects.",
"sig": "df1f0b1732a7c677723028b8aa6b41db1dd6eaddaebfc12b25760247c0aba44cc4ea7e65cd257c4a57ef31d9bd53b94e050d239756a6c5e0b451db72fc66e6d1"
}