undefined | Better HN

0 pointsmimixco4y ago0 comments

I'm not saying most transactions are wrong, but some are. So transactions may need to be corrected, just like code. And, in practice, they often are.

In practice, software companies take responsibility for bugs in three ways today, based on their business model.

Old line companies like IBM paid millions of dollars for people and tools to find and fix bugs and to distribute the fixes to customers. IBM did not wait for you to tell them you had a bug. Their system could tell you if you had a bug that someone else reported. And IBM would ship you a custom tape which fixed that bug and didn't break the rest of your software. Let's call that The Gold Standard. With money, it's certainly possible.

Option 2 is a company like Red Hat. Unironically, IBM bought Red Hat. The reason that, while open source gives you the option to look at the code, most companies don't really want to do that. In other words, Ford could make a lot more money focusing on making cars than they can by hiring people to find and fix bugs in (free) Linux software. Voila! Red Hat offers bug fixing and finding (and a plethora of other things enterprise customers don't want to setup) for a hefty subscription fee. Red Hat has many service offerings in the $10,000/month+ range. Once again, if you pay people, you can find and fix bugs.

Finally, option 3 is a company like Google. They don't really care if anyone else can get open source software to work. But... and this is a big but... they need it to work for themselves. Having built a very lucrative empire on open source (Android, for example), Google cannot afford to wait for "the community" to find and fix bugs. They must pay people and they must pay them well. And, this they do. So while the free open source isn't directly monetized by Google, it's worth their while to pay to keep it up to date and correct. Other companies like Netflix do the same thing.

So there are three ways you can do it today.

What irks me about projects like Ethereum is that, having all these real world models out there, its founder doesn't seem interested in finding or fixing bugs at all. He is relying on "the community" (we know that doesn't work, see #3) and not spending any of his own money on debugging or fixes. In all the real cases where you want fixes to happen (and you want CI/CD to get them to customers), "you", being the publisher or heavy user of such software, must pay.

That's what I mean about responsibility. It's where the buck stops.

0 comments

tluyben24y ago

I think we are in agreement and the implementations that can fullfil so what remains is: how can you find the person or group responsible for fixing or getting sued in blockchain land? I can put some malicious code on the eth chain: how will you find it was me. And that is with intent.

But we agree and I will reiterate: without rollback, current human coders cannot write reliable software. So in it's current state, smart contracts are a utopia and no one should trust them, with or without code audit. But if you still want to play a lottery of humanity vs complexity, read the code, think hard and put or not put your money. If you put your money, do not whine after you lost it. You might as well shout at your toilet for the same endresult.

j / k navigate · click thread line to collapse