Thanks.  I don't know the script language, but can't you build a script with those opcodes that fails to validate if the opcode is interpreted as a NOP, but succeeds if it is redefined to something else?  I suppose that the only redefinitons that would allow a soft fork are of the kind "if (condition) then FAIL else NOP", correct?


OK, I see what you mean.

Back in 2009 there was only one kind of node, the miner-user-relayer.  Every player could mine; not just in theory, but in practice.  Satoshi apparently assumed that mining would be widespread,even if occasional and anonymous.  And he assumed that players would join primarily for the benefits of being users.

Later a second kind of node (already predicted in the whitepaper) was introduced, the simple client.  Still, the simple client was supposed to use the same rules as the miners, but only check a subset of them.  

Today there is a third kind, the dedicated "full but non-mining" relay, aka "node", which apparently has a very distinct role and is supposed to be an essential defense against misbehaving miners and other menaces.  And, TIL, needs special validity rules.  

The relaying function of miners in the original design was already a bit fuzzy, but since relaying was cheap, and all nodes were supposed to be also users and (potential) miners, they could be assumed to share the mining incentives and have the good intentions.  That does not carry over to the present-day nodes.  We have examples of relay nodes that filter transactions based on arbitrary ideological criteria, nodes that are committed to specific "parties" in the block size war...  Where is the analysis that they are helping rather than harming the security of the network?

PS. For general joy of mankind, I am traveling in a few hours and will be offline for 2 days.