Discussion of GE design

I think this should be changed. Allow the SNO’s to perform the graceful exit and based on the % successfully completed, payout the same % of the withheld amount to the SNO for at least trying to correctly GE rather than abandoning the network entirely and starting fresh, etc…

In addition, downtime while in GE doesn’t make sense considering that GE wants to extract 100% of the data available. So if there was downtime, it shouldn’t matter.

Another thought if a piece is missing and the GE couldn’t extract that data, mark it as bad and continue with the remaining data rather than completely stopping the GE process. This will increase the % of successful GE and retrieve the valuable data from the SNO.

This will encourage even crashed SNO’s to try and complete a GE, rather than outright abandoning and creating a new nodeID and starting over again, etc.

Thoughts?

It would open the doors for cheaters. First I delete data and if the satellite is noticing it I call graceful exit and get away with it. → GE shouldn’t be a loop hole to escape DQ.

It is needed. As a cheater, I would otherwise initiate GE, go offline for a few months, and later transfer the remaining 3 pieces that didn’t get moved by repair in the meantime. Going offline allows me to reduce the number of pieces I have to transfer at the end. Again a loop hole to finish GE even as a cheater.

It is not implemented that way. You will not fail GE for missing a single piece.

1 Like

Hmmm, I don’t quite see the point of being “a cheater”. If the HDD or raid or storage failed or was corrupted for whatever reason outside of SNO’s control the SNO did not on purpose cause the issue so treating them as a “cheater” seems wrong.

If they had continued to run the node in a bad state, yes they would be DQ’s because a crash occurred and they didn’t repair the problem.

The only solution is to:

A) Let SNO run a command to perform a data integrity check of the data they host. Depending on the outcome, allow the SNO to “run a command to request repair” to repair any data that is inconsistent or invalid. This would be at the SNO’s expense by using either their (withheld amount OR the earning for the month).

B) Allow the SNO to perform a GE and complete a % of data extracted and pay the SNO the % of the withheld amount for at least trying. If the data integrity check showed sever degradation of data loss, then the SNO could decide if the want to do a GE based on total % of usable data, however not penalizing the SNO during the GE would benefit both the Tardigrade network and the SNO based on length of service part of the network.

I don’t quite understand this. Why would going offline for 1 hour impact the total data extraction from the SNO. Or in your worst case assume that SNO would deliberately go offline for 3 months, how would going offline for 3 months affect the total % of actual data extraction required to be completed to 100%? Instead of taking 30 days to complete the data extraction (depending on total data in GB’s) or it would take more than 30 days because they were offline since they still need to extract x GB’s of total data regardless of downtime. OR… are you saying GE is time based rather than Total % of data extraction based?

Sure in a perfect world without any cheaters we can assume that nobody is cheating and don’t need any protection against it. Well we don’t live in a perfect world. We need a penalty in place without any loops hols to make sure cheaters don’t even try it. I am not saying that everyone that gets DQed is a cheater. I am also not saying that people with an RAID failure are cheaters. I am saying that we will get cheaters as soon as we remove the penalties or create ways to bypass the penalties.

It doesn’t and you don’t fail GE for that. Feel free to go offline for 1 hour.

Repair doesn’t wait for SNOs to finish GE. It will still trigger repair for SNOs that are offline. Just stay offline as long as possible and you can finish GE without transferring any pieces.

This is bad design and should be changed. I think this is 1 of your primary concerns how a “cheater” could cheat the system.

A GE shouldn’t be a timed amount but data extraction total from the SNO to provide 100% valid data back.

So no other feedback on the integrity check or repair request for SNO’s at all?

So, you want to punish all SNO’s regardless of how DQ can possibly occur? Rather than improve the system to retain more SNO’s and improve the quality of the network?

It seems silly to me to simply out cold DQ and don’t pay any withheld amount to the SNO that was running a node for say 15+ months or longer in the future. We’ve experienced bugs previously where missing pieces were marked as failed audits because a piece was requested to be deleted, then a piece followed with a request to audit that piece the satellite expected to be there, but it wasn’t because it was deleted by a valid request, etc… We can never 100% be sure that a bug in the future WON’T happen that might cause similar or same scenario issues where pieces fail an audit because of a software bug. Lets be realistic here. I’m still going through your guide and I can see a few SNO’s also pointed out what I also pointed out which was to allow SNO’s to perform an integrity check and repair request for their data hosted.

You either want quality SNO’s to be retained on the tardigrade network for as long as possible, or you don’t care about the SNO’s and whatever happens they get DQ and you keep their withheld amount (thanks for cheap hosting SNO’s) but you can try again with a new NodeID… Doesn’t make sense to me…

:thinking:

I agree. Now the question is should we disable GE in the meantime or should we keep it enabled? Even if it is bad designed that doesn’t mean it is high priority.

Sounds like a communication mistake here? I guess you wanted to say that we have designed GE in a way that cheating it should be impossible. Yes it was one of several concerns. Not necessarily the primary concern but that is just wording.
You sentence has a different meaning. Is this the primary concern about cheaters? In that case I have to answer with No. My primary concern is detecting cheaters via audits followed by a lot of other ways to cheat the system. GE is somewhere at the end of my personal list.

Not from my side. I would also argue that this is unrelated to GE. I understand that some SNOs managed to lose data and would now try to find a way to repair that but as explained GE is not designed for that. For that reason, an integrity check should be discussed somewhere else and not in this thread.

All SNOs? That would imply that all SNOs are failing GE which is not the case. No we don’t punish all SNOs.

We can’t archive both goals at the same time. If we want to keep the SNOs happy we could just disable all aways to get DQed. This would decrease the quality of the network. DQ and all the penalties around it are in place to improve the quality of the network. It is a tradeoff.

This is not correct. You wouldn’t get an audit penalty for a deleted piece. You might still get the audit request because delete can happen in parallel but before we apply a penalty we double check if the segment was touched including delete.

We are already offtopic and far away from the GE guide. Just because I am far away from my own topic doesn’t mean I am willing to extend the scope any further.

This implies that all SNOs are quality SNOs or all SNOs are bad SNOs. No room between these extremes. Sorry I can’t agree with that. You might want to rephrase it.

1 Like