I wish everyone would realize that when they do this, they leave obvious trails in the data and so it is not worth the risk.
This limits the number of use-cases tremendously to those where "everyone-can-see-everything" is an acceptable tradeoff.
There are several ways around this.
1) Zero Knowledge Proofs. But these are highly specialized and resource intensive. To my knowledge we don't have these for generalized Smart Contracts.
2) Split the overall state into Channels, Subledgers etc. with narrower "viewing rights". But again this typically involves an application compromise.
3) Encrypt or cryptographically hash portions of the state. But by definition, this portion of the state cannot be acted upon by smart contracts.
4) Use frameworks like Microsoft's recently released CoCo Framework which relies on Hardware Trusted Execution Environments (TEE). The issue here is that a compromise of a single TEE negates the whole scheme.
In my opinion the privacy characteristics of Blockchain are a critical factor that needs to be taken into account while deciding on the suitability of Blockchai for an application.
I'm currently looking at Hyperledger Fabric and it falls into that category.
Now, if one takes a Supply Chain example (a domain I'm quite familiar with), most transactions cannot be restricted to just parties A, B and C. Some will involve A, B and D and some will involve B, C and F etc. So, it is difficult to come up with a suitable Channel membership model.
Even if the transaction is between A, B and C often the view rights are not symmetric. For example in a drop ship case where A is the Buyer, B is the seller and C is the fulfiller, the price attribute may need to be visible between A and B but not C. This is not possible with the Channel approach.
So this particular type of hard partitioning only works for the simplest Supply Chain examples.
Another type of hard partition is to partition by Transaction. But this involves issues such as synchronization between transactions. This becomes an off-chain concern with major consistency issues.
Hope this helps.
This will change once homomorphic encryption is feasible.
Garbled circuits don't scale.
Your folder with git. There is nothing that you cant do with git that you can do with blockchains as a database.
About the BFT part, it fails the mention the very important part that it doesnt work without proof-of-work.
---
So then when should we use p-o-w blockchains?
When you want to decentralize control - both, distribution & conflict resolution.
https://eprint.iacr.org/2014/765.pdf
"Regarding BA, we observe that Nakamoto’s suggestion falls short of solving it, and present a simple alternative which works assuming that the adversary’s hashing power is bounded by 1/3."
One important difference between how a truly BFT system behaves versus Bitcoin is how Bitcoin handles network partitions, or rather, how it doesn't handle them.
Specifically, when Bitcoin goes split-brain, i.e. in the event of a network partition, Bitcoin will "reorg" into two new chains, both of which will happily accept writes from both sides. When the partition is healed, one chain will win, and the writes to the other chain will be clobbered. Ideally these transactions will wind up in the mempool again and be accepted into the new chain, but that isn't a guarantee, more of a band-aid, and doesn't change the fact the system ostensibly acknowledged a write it then lost.
On the CAP triangle, Bitcoin has chosen to sacrifice partition tolerance (i.e. Bitcoin is NOT partition tolerant), and this is bad: https://codahale.com/you-cant-sacrifice-partition-tolerance/
There are ways to turn Bitcoin into a truly BFT system. The main one I like is decoupling proof-of-work from transaction processing, turning it into a leader election system for a more traditional BFT algorithm, such as ByzCoin:
https://arxiv.org/abs/1602.06997
With ByzCoin, if you can't reach quorum, you can't make progress, so in the event of a network partition the system will simply stop accepting writes if it can't reach quorum, as opposed to accepting writes which will go on to be clobbered by a future reorg.
This may be a stupid questions, but how does such a system prevent me from adding new nodes, only to remove them all at once if I want to prevent the system from progressing?
Besides , how many times in history a continental network partition of the internet has happened?
And it would only take a single node connected to both sides (land and satellite?), to undo all the work of the would be attacker.
What blockchain achieves is proof of history given only the latest block's hash. This might or might not have a PoW on top of it to achieve BFT.
Practical example:
An authoritative server which responds only with the latest block's hash (this is cheap, think microcontroller cheap) is another way to make a blockchain useful with no BFT. This way blockchain distribution can be offloaded to untrusted peers while the actual agreement is not distributed (and thus no DFT is involved).
EDIT:
Off the top of my head I can see a few applications of such an scheme: imagine a very low-power device taking mission-critical measurements. This device would periodically distribute a message consisting of (current block of measurements + previous message's hash) to untrusted high-power-large-storage clients. In case of any client desynchronizing it can request from its peers the measurement chain, and only has to receive the latest message from the low-power device to ensure the chain he got has not been tampered with.
That is not BFT because the source of truth is just an authoritative server. There is no distributed consensus even if there is distributed storage.
Reading this it seems like the author comes pretty much to the same conclusion.
Is it really that simple? I feel like I must be missing something, because the hype is so real.
Is this really possible? I can't see why not. If so could a DoS on a specific region of nodes that's large enough to sustain it's own sub chain for a short period be possible? This would be extremely dangerous if transactions were confirmed by the network on a chain that is eventually ignored.
So you could say that the connected component of the netsplit graph with the highest hashrate will win with the highest probability.
> Blockchains fall
Okay, blockchain is singular, so it always refers to a single object.
There is a universe U of objects, and "Blockchain" is a predicate on U. So for any given x in U, "Blockchain(x)" is a proposition. In other words, we can ask whether something is a blockchain or not.
> Step one is to figure out a framework for analyzing blockchain
Here it's being used as a plural, like you might study a herd of blockchain. That's okay in principle - some words are their own plurals, like "sheep" or "fish". But above, it had an "s" at the end, so it can't be plural.
Another possibility is that "blockchain" is the name of some specific object. "Fred went to the store" -> "I asked blockchain for some money".
That's no problem: Your name can be "Archer" and you can study Archery.
There is a constant c in U such that Blockchain(c). Something somewhere is named "blockchain".
> blockchain does not have the capability to support
> For everything Blockchain does worse than other databases
More evidence that he's talking about some specific blockchain. Christians capitalize God in every sentence to show reverence, while Atheists tend to leave it as a lowercase god.
Is something similar happening here? Which blockchain are people even talking about?
I do hope you'll read the article regardless!
To timestamp transactions in a distributed way.
Transactions can be signed, proving authorship.
At signing time, you can prove the transaction happened AFTER something else.
The only thing missing is PROVING THE TRANSACTION HAPPENED BEFORE SOMETHING ELSE.
For that, you need an incentive structure to keep each transaction be accepted by someone, somewhere, in a growing merkle tree.
That's the blockchain.
However we don't need proof of work to elect the next miner for every block. It leads to an incredibly wasteful arms race.
In fact we don't even need every transaction to be verified by a miner. Only the merkle tree that happened before the block signing time.
Proof of work means that the lucky random miner has invested energy on a previous valid block, and is lucky enough to find another valid block.
If you take that away, you could as well use a database and a trusted timestamp server.
In any case, that's like saying someone is "lucky" to win a video game in Dave and Buster's. That's not the only way to incentivize validators to timestamp transactions. All you really need is a consensus protocol.
Ripple for example has a consensus protocol that can be run by an entire LOCAL community and can fund itself and the resources it uses. Without requiring a global blockchain. And Bitcoin validation is effectively centralized in the hands of a few miners.
I propose "whatcoin", a cryptocurrency designed to create a market for peer to peer media sharing based on the upload/download ratio model used by what.cd and other private torrent trackers to incentive seeding and penalize leeching.
The whatcoin "blockchain" has a catalogue of all currently available music on the platform, so it doubles as the tracker and transaction ledger. The catalogue can have multiple copies of albums sorted by the specific release and the quality (lossless FLAC, lossy 320kbps, etc).
So let's say you want to download a FLAC formatted 1988 MFSL release of Pink Floyd's Dark Side of the Moon album. You'll pay a specific amount of whatcoin from your own wallet based on the size of the files being downloaded, which will be distributed to the seeders you peer with. You'll also pay a network transaction cost.
The network transaction costs fund the "miners", or those who upload new, verified releases that are not on the whatcoin network yet. Those who upload the music are also strongly incentivized to continue seeding it, because they will be paid whatcoin inversely proportional to the number of other available seeders for the same files whenever someone chooses to download them. So the more exclusive the media is, the more lucrative it will be to host it.
Seeders will be paid for uploading media and leechers will pay for downloading media; leechers can then earn more whatcoin by continuing to seed the media they've just downloaded. Each upload/download transaction is recorded on the whatcoin network, and the greatest economic opportunity is available to those who can upload popular new media and then seed it very early on.
This proposal is similar to Filecoin, but you're paying to download new media instead of to store your own and retrieve it later. It also adds the extremely high fidelity media cataloguing that some private trackers have achieved. You could market it to the MPAA or RIAA as an "enterprise blockchain" the way banks are currently investigating it. The studios would be paid for new media they bring onto the platform, and indie artists could be paid for bringing their media onto the network instead of, say, SoundCloud or Bandcamp. If the media is popular enough then the original uploaders are heavily compensated and their hosting costs decrease over time, because there will be other seeders to maintain the media.
If large media firms didn't go for this immediately, you could try and take this concept and ICO with it. Then start competing with Bandcamp and SoundCloud to capture the indie market. With the ICO funding and notoriety in that space, try to take on the RIAA.
There are a lot of technical problems in this what you wrote, it's only good in theory. You write that each upload/download transaction is recorded but you don't define what is a upload/download transaction. If you will use protocol like bittorrent you have chunks that are downloaded from many peers that are divided into blocks, having all those transactions in blockchain will not scale, it's just too much data. Another problem, How can you ensure that someone will not cheat in network? I can spoof that I have certain data, you will send me coins and I will not send you the data or if you confirm in source it's even more easy to cheat I will just send information that I got corrupted data even it's ok. There is a lot more other problems with this idea.
Hmmm. Under this scenario, though, wouldn't the major labels be losing out when others host their files? They may have an incentive to place music on the chain, but if I read you right, when others host the same files, the labels' share of whatcoin for those files declines.
It is not about quality. The same exact story submitted by different people or at different times may get 1 upvote and gets buried, or hits over 100 points on the front page. See this for example!
https://news.ycombinator.com/item?id=14929067
I suspect most frontpage people ask their friends to upvote a story in the first few minutes.
Check out my own list of submissions for some examples. The vast majority is 1-2 points. Including SHOW HN stuff I worked hard on such as this:
https://news.ycombinator.com/item?id=13474714
Ironically, I got more upvotes on a comment I made, regarding this phenomenon.
There's no right to "get anything to get noticed" on HN. There is, however, a duty not to defraud the community. If people defraud the community then obviously we're going to ban them many times over.
We detached this subthread from https://news.ycombinator.com/item?id=15010431 and marked it off-topic.
I totally agree that the community should protect itself from being defrauded. I actually support the measures you are taking on that front. I just wanted to bring to your attention, as a pretty active and interested user of HN, that it has changed and the system pushes people to do this kind of stuff. It's fostering competition to do it, because that's what it takes to get to the front page. I suspect that this happens in most cases. Look, I could be wrong - you have way more data than me - but using just what's available to me suggests that "asking friends to give you a couple upvotes in the crucial first few minutes" happens a lot. Heck, I did it in the past once or twice and it worked. The problem is that this mentality causes the element to become necessary. That, or clickbait.
We don't want this in the community, I agree, but it's like punishing X in individual cases while the system almost requires X to get to the front page in the first place. It is not about a "right" to get anything noticed on HN. It's about the incentive structure that develops over time as the system grows and changes.
Bitcoin started out to be decentralized and now is in the hands of several miners, and fees have gone up. Saying that there is "no right to have a transaction be recorded in the ledger" doesn't mean there isn't an incentive problem with a root. The root of that problem is the escalating proof-of-work arms race.
Authorities in the drug war thought if only they got low level dealers to rat out their suppliers there would be no more drugs on the street, but the incentive structure of money to be made on drugs caused a problem. The root of that problem is an escalating arms race between the feds and the cartels caused the drug gangs become more ruthless and publicly execute the families of those who ratted people out, greatly increasing violence.
The root of this problem is an escalating arms race to get noticed as HN has grown. But perhaps there is no problem. If there is, however, this is NOT OFF-TOPIC. The topic is gaming the system. And I am saying this as someone who wants to see less of it, but recognizes that the system now encourages it more than in the past.
