Bitcoin also uses a DAG (albeit in a trivial sense), so umm?
Skimming through the info on the tangle, concentrating on its dagness seems superficial (is it even one? They talk about merging nodes a lot which sounds like cycles to me EDIT: ignore this aside). Anyways, things like this should have security proofs (or at least arguments) and maybe it does, i havent read enough in depth to know. But if it doesn't i would say the skepticism is very well warranted
It doesn't matter. IOTA isn't a cryptocurrency, but a decentralized messaging platform. Coin is a funding mechanism, it's more like matrix.org on financial steroids, rather than bitcoin.
The hack was apparently exploiting a vulnerability in a third-party dependency in the wallet app, which is built on node.js. All these dependencies that is used in the majority of modern apps seems like a huge security risk to me. They make rapid cross-platform development possible, but at what cost?
Anyway; the network itself was not hacked, which is good I guess. And the coordinator (centralized node) is said to be the training wheels which will be removed at some point, but it still seems to be quite far of into the future.
I am somewhat pleased to see JS dependencies causing real-world problems and losses. I was so fed-up with the dependency hell, I switched to native programming. Especially programming for iOS using Swift is such a pleasure, we still have the concept of dependencies and external libraries but the Apple provided libraries are very rich so you would seldom need to import anything from the wild.
After seeing the other side of the fence, I am quite surprised that anyone would make native apps with Node.JS. In the time you set up your dependencies for your Electron, ReactNative or whatever you can have your native macOS or iOS app UI running. Also, wouldn't spin the fan when running.
I mean it has more to do with NPM than Javascript or Node itself, NPM and its "small package that do a single thing" bull philosophy, and the fact that multiple versions of the same package are installed in the dependency tree, because NPM allows it, instead of rejecting package conflicts, like Composer or any sane package manager.
Conflicts should be resolved by the developers, upstream, and package managers shouldn't install trees of dependencies, dependencies should be flat.
It has become almost impossible to audit anything with NPM, when you have the same package installed 50 times with 50 different versions locally.
I mean, one could argue that NPM ended up like that because of JS's terrible standard library that includes none of the basics people need all the time.
I really like working with TypeScript, but that is the pain point that always comes up.
The biggest problem as a desktop app developer is that all the good UI libraries are barely maintained, obscure, questionably licensed or have limited 3rd party compatibility meaning you have to build too much from scratch yourself. This is why Electron has taken off so much lately for desktop development.
People don't want to pay for anything, therefore we get...
> barely maintained, obscure, ... have limited 3rd party compatibility
Building anything really polished that isn't those things is a huge undertaking that someone would have to pay for.
Electron piggybacks on the massive web ecosystem which is funded by SaaS, advertising, and surveillance so it lacks the abandonware problem. Unfortunately it's also not really built for the role of desktop or mobile UI layer and so you get a bloated, insecure, slow mess when you try to shoehorn it in there.
Oh jesus this actually hits the mail on the head, I had a brief foray into development of UWP (modern windows store) apps, and damn the performance and language are good, but I was so jealous of all the visualizations, ui elements and libraries web devs have access to, while I had to dick about with basic gauges.
> I was so fed-up with the dependency hell, I switched to native programming.
Same, but I switched to Flutter. Native performance, declarative UI, and while I do still have dependencies, they’re much easier to manage and the scope of individual packages/widgets are much smaller/tighter/focused imo.
One of the reasons I've stayed away from Node is the ridiculous attack surface brought by the npm ecosystem. It seems that even the simplest of projects end up with hundreds of dependencies - most having different maintainers and security practices.
For those who haven't been following the previous episodes, IOTA is the cryptocurrency that uses ternary logic because it supposedly makes it more efficient (it very much remains to be proven). The idea is to bring cryptocurrencies to embedded devices, which IMO like much of the cryptocurrency space is very much a solution in search of a problem. Didn't stop them from making a fortune with pre-mined coins during the cryptocurrency boom.
I remember that a few years ago there was a lot of debate about whether IOTA was truly decentralized. Advocates were arguing basically that "it's not completely decentralized now but it will be soon". Well I guess we know were we're at right now.
> uses ternary logic because it supposedly makes it more efficient (it very much remains to be proven)
I think that's generous - using a java 32-bit integer to emulate a single 'trit' in your software stack is bound to be hysterically less efficient, and effectively rule out any embedded/IoT use.
I know the stock answer to that was "we're working on ternary hardware too", but that just adds more questions - why are you redesigning the world from the ground up here? Are you going to rewrite entire embedded operating systems in ternary when you have this chip? How on earth is that going to help adoption by developers?
> Didn't stop them from making a fortune with pre-mined coins during the cryptocurrency boom.
Indeed, and there was some sort of spat a few weeks ago that likely saw at least one of the founders continue to fleece the community.
"why are you redesigning the world from the ground up here? Are you going to rewrite entire embedded operating systems in ternary when you have this chip? How on earth is that going to help adoption by developers?"
I believe it's a variant on the popular cryptocurrency business plan of "if I throw up enough smoke, I can tell you that behind the smoke there's a beautiful shining city that just as soon as the smoke clears, you can go live in forever and ever, so you'd better buy in now before it becomes overcrowded!"
For this plan to work, you want the quality smoke, you know, thick, luscious, oleaginous, billowing and colorful and perhaps even interesting in its own right. On that front, this "ternary-computation" smoke is pretty brilliant stuff.
If you talk to IOTA believers about these questions they will just spin you in circles. They will tell you that trinary computing/encryption is better, more secure, better for IOT, etc.
If you ask what that even means and why it would be better, or even different from binary since it's just a different base of numbers, they will either do some sort of circular logic or just get angry.
It's kind of mind blowing to have conversations with people who are heavily invested in something emotionally that falls apart with a single question.
This doesn't even get into the inherent centralization or the fact that no one can actually explain how the decentralization will actually work.
It isn't even comfortable realizing there are so many people like that out there.
Devil's advocate arguments, from someone who has never really paid attention to IOTA:
There's one place ternary logic already exists—the https://en.wikipedia.org/wiki/Content-addressable_memory found in network switches. You need to be able to put essentially "trit vectors" on the address bus (think e.g. "0110??10?1") to describe the search queries you want your CAM to execute; and the CAM itself needs to be able to store trits so that it can represent bits that "don't matter" and could match a search query with any value in that position. (The "third value" here acts like a NULL does in an RDBMS, but comparing equal to everything rather than unequal.)
That's... pretty much the only existing real-world use I know of for ternary, though.
For a non-real-world argument: ternary is closest to the theoretical "base e" that would have the best numeric packing factor, and therefore be able to represent numbers in the fewest digits. If you're incredibly space-constrained but only somewhat CPU-constrained, it might make sense to encode numbers as ternary when persisting them, as a kind of compression; and then to persist them to something else that stores natively in ternary (like an imaginary NAND cell design half-way between SLC and MLC with three voltage levels per cell.) But that's probably nothing to do with what IOTA's doing with it, if they're using ternary as a live representation for computation.
Disclaimer: I'm not IOTA's biggest fan, I broke their ternary hash function and one of the IOTA co-founders threatened to sue me after I disclosed the vulnerability to them. See previous hn thread on it: https://news.ycombinator.com/item?id=16457120
Following on with your discussion of Ternary in networking networking switches, I think Balanced Ternary can be mathematically elegant way to represent numbers. We shouldn't completely dismiss it just because currently we have massive path dependencies on binary.
However in the context of a highly ambitious project, such as IOTA, which is attempting to integrate with a large number of deployed systems that use binary, it is a mistake to switch to ternary. None of the existing tooling works, you have to write custom software for stuff that in binary have already been built and well tested.
tl;dr Doing one impossible thing is hard enough, never try to do two impossible things at the same time.
> Balanced Ternary can be mathematically elegant way to represent numbers
When discussing ternary computation, I always see people talking about representation and storage. In these aspects, ternary can indeed be more elegant and efficient than binary.
I never see any discussion about the complexity of the physical circuits, though. From the little I have seen (see [1]) it seems that using ternary circuits for computation will never be a good idea. Even though you'd need fewer wires to carry information, that advantage is more than cancelled by the increased complexity of the computation circuits themselves (those papers compare specifically binary and ternary adders and multipliers).
What you are talking about is data transfer and storage, but what IOTA seems to claim is that somehow the math for cryptography changes and is better when it is 'trinary'.
You've got the marketers who want to driv up the price and the cultists who have bought in and can't imagine anything but the price going in. Coherent conversation is rarely found in such an hysterical sell-sell-sell environment.
Yeah the pre-mined coins were sketchy, and the ternary was dubious.
I don't want the innovation to get lost in the bathwater though: the tangle datastructure was novel. Not an expert, but it was designed to allow for minimal proof of work while retaining some hashed auditability and tamper resistance. I think the key idea would be that you help hash several other blocks into transactions and then your transaction will get hashed by a few other workers. It didn't require heavy POW so it was more suitable for an embedded device to perform on the edge.
> 3 is closer to the universal optimum 2.71 than is 2. That is the absolute most simple elevator pitch for ternary.
- iota co-founder
Drivel like the above has long outed Iota as an absolute scam. The ternary business was some mixture of (a) bamboozling non-technical users, (b) distraction from its other failings, and (c) sheer delusion.
Iota pushers hand-wave with slogans like "gets faster the more people use it" and "replace the central coordinator with voting (someday?)" but without actual security. Whereas PoW has a well-understood security model (see 51% attacks) Iota hopes you won't notice that basically nothing can be decided without the central coordinator.
And then it gets worse. Iota-without-the-coordinator washes its hands of consistency. Individual nodes would have to pray they are connected to good actors, and then through some unexplained governance scheme, deduce the consensus state.
In short: iota is unsuitable as any kind of distributed ledger.
>> 3 is closer to the universal optimum 2.71 than is 2. That is the absolute most simple elevator pitch for ternary.
>- iota co-founder
lol they seriously say that? For those who aren't aware...
You get e (2.71828...) as the optimal base when you're trying to minimize the product of a) the number of symbols you're using and b) the number of symbols needed to represent a number.
Once there are other factors that are significant, it's no longer the optimum. And indeed, in the real world, you care about the difficulty of implementing base-x vs base-y logic in hardware, the installed ecosystem for computing in that base, etc, which (to put it mildly) heavily favors base-2, even for domains where one subproblem is more naturally expressed in trinary.
I read the white paper about a Tangle a few years ago. The design doesn't make sense because it doesn't seem like the network would be able to reach some kind of consensus at all.
Also, rolling your own POW and making claims about that POW isn't some trivial thing. Hashcash was created in 1997 which is eleven years before bitcoin. Rolling your own crypto system isn't just something where you can just make one up and use in a production environment.
Maybe it's the greatest thing since the invention of the Fourier transform but talk is cheap and it looks like despite being many years into development and having access to more cash than most startup would dream of they still haven't managed to make it work without a central node. Cryptocurrency startups sure seem to break things but they don't move very fast.
I'll add it to the list of absolutely revolutionary blockchain technologies that are going to change the world [working implementation is left as an exercise for the reader].
The tangle may be novel because it's useless for a distributed ledger: thus far IOTA has relied on a centralized coordinator.
The tangle, like trits and many other IOTAisms, appear to be the perfect basis for a scam: too complicated for non-experts to fully understand yet just enough plausibility to sell it.
Even if the creators were not conciously trying to create a scam, so far it has been indistinguishable from one.
(I'm interested in a peer review of tangle as just searching for it only uncovers page upon page of marketing drivel.)
I was also trying to find actual info. https://iota.org/IOTA_Whitepaper.pdf is the closest i found. Its still a bit annoying and meandery but its much better than the rest of their marketing drivel.
The tangle is a DAG (directed acyclic graph). A DAG is a viable data structure for a distributed database, but it has issues for a cryptocurrency where you want to maintain consensus on a single objective global ledger.
There are a bunch of cryptocurrencies which use DAGs. All of them claiming to be 100% unique and innovative.
I saw one which claimed it was "impossible to 51% because it's a DAG and both chains just end up on the network"
No. That means either you don't have consistency (which means 51% attacks could be theoretically implemented with way less than 51% of the hash rate) or that the consensus of which transaction are valid can be 51%ed.
Iota is even worse. Doesn't even try to have a distributed consensus, just uses a centralized validator.
A DAG describes a wide variety of data structures and choices. Bitcoin is a DAG.
Actually wouldn't any sort of structure that prevents double spending have to be a dag? In order to prevent double spending you need to put transactions in topological order (to know how much money the account has). If you can do that your data structure is a DAG.
A block chain is a special sub-type of DAG in which (1) there is only one edge from each node to a predecessor, and (2) there is only one canonical path through the DAG at any given time and there exists an objective set of rules for selecting this path. Usually nodes that are not part of this path are eventually forgotten in a block chain.
It has been known for years that it was not a truely decentralised currency, ironically enough, they probably had some good foresight to retain that auth node.
I hardly think that it's "good foresight" for a cryptocurrency to retain properties of centralized systems - unless you're saying that I have even better foresight by keeping all of my savings in fiat currency in the US financial system, which gives me all sorts of convenient properties like rollbacks and legal protections and FDIC insurance.
NO! Absolutely not! They should let the network govern itself because thats one of the main differentiators (for better or worse) of crypto.
This always happens with crypto - there's a hack, some people lose money and then the community vibe goes out the window and there's software patches, transactional rollback attempts, network forks, and so on.
Part of the risk of a decentralised autonomous system is that it's DECENTRALISED AND AUTONOMOUS. If you lose money because of a hack THATS PART OF YOUR RISK PROFILE. DEAL WITH IT.
Having a centralized node with a single authority mitigates some of the uncomfortableness of the original hack, and might get some or all of the money back - but the cost of that is undermining the entire network ethos. This currency is a single issuing authority who can dictate the rules when it suits them and pull the plug if things get uncomfortable.
You guys realise that all crypto currencies can be programmed with rollbacks and shit using hard forks if they do find an extreme zero day exploit or something? The only difference between the decentralised ones and the centralised ones is that no one can actually stop a compromised chain from functioning while they deploy a hard fork.
You can wake up one day to a severe ECDS bug and bitcoin will have to rollback anything that gets compromised afterwards (assuming it isn't a bug that makes the scheme trivially crackable and hence invalidates everything from the genesis block) as they patch up the software. It's not an unforeseen problem. You have to rely on the fact that the attackers also don't compromise your media outreach capabilities so you have no way of informing the world that the chain is no longer secure.
If you set up a libertarian community in which everything is privatized, and then one day your home catches on fire, but you don't pay for firefighting service, it sucks to be you, but is your neighbor* going to just say "that's part of your risk profile, deal with it"? Laws and philosophies are one thing, but there are predictions you can make about the actions of people separate from that, and so your rules and abstractions have to be compatible.
I mean, governments can collapse, fiat currency can fail, financial regulation can be corrupted, so it's entirely possible in ten years everybody will be using cryptocurrency, because everything else has gone to hell.
In general I don't believe in trying to hedge against everything going wrong. I want to be rich in the future where money can buy, say, immortality or space travel, not in the Mad Max future where money just makes you a target.
I think this criticism is a bit off. We can see that there are places in the world today where the government and financial systems are really fucked, but people do use crypto, so it is conceivable that sort of situation will spread and take over the developed world. But it would be the new dark ages, not a glorious future. If it did happen, my hope is that like everything these days it would happen faster and be over sooner.
Lol, not a "true decentralized currency" is sort of like saying north korea is not a "true democratic republic". Technically true but also misleading because the phrasing implies its sort of close to being there.
The IOTA Foundation has claimed to be working on removing their central coordinator since at least late 2018 [1]. As the expression goes, "rumors of its death are greatly exaggerated".
Everyone concentrating on iota being a bs cryptocurrency. Which fair enough but i think that kind of burries the actual story:
People trying to make a currency involving large sums of money don't even have the security controls to check they are not loading malicous dependencies from npm! This is not some fancy crypto hack, this is plain old boring compromised dependency from an ecosystem with a reputation for high profile compromises.
You just proved OP's point. Cryptocurrency which isn't seriously decentralized is pretty pointless - you might as well just go back Wells Fargo and an Oracle DB.
Decentralization is one of the defining traits of a cryptocurrency. It's like saying a car is an airplane, but without wings. It just doesn't make sense.
Hell even bitcoin doesn't have a great notion of verifability (verify what? No double spending? Lets hope your opponent doesn't control 33% of the hash power.). Central-db systems can issue recipts (like humans have been doing for thousands of years). Centralized cyrptocurrencies basically offer the same protection at best and much less at worse.
Well yeah, how else are you going to get investors past your hand-wavey technical-sounding nonsense? You could sell homeopathy to investors these days as long as it had a nice enough marketing website (see Goop).
I think you are downplaying how mainstream homeopathy is. I believe CVS has carried homeopathic OTC products for years. And I don't get the impression it particularly bothers most people. If you think the "placebo effect" is a thing, then homeopathy is justified even if the only person who believes in it is the patient. Someone might see this as moral/intellectual rot and corruption, but that seems kind of like a fringe, wild-eyed/haired attitude.
> If you think the "placebo effect" is a thing, then homeopathy is justified even if the only person who believes in it is the patient.
That depends really - some people are deterred from taking real medicine by homeopaths, and there have been a few high profile deaths where people had been persuaded that homeopathy was superior to, say, mainstream cancer treatments.
Further, even if you believe that homeopathy is somehow a 'useful' placebo, that doesn't justify any of the claims of efficacy that are made about it.
Unfortunately yes, it is quite mainstream and there are billion-dollar businesses making money from the gullible with this stuff.
Are you arguing in defense of placebos versus homeopathic medication? That is, there is a correct way to make and market "medications" that don't do anything, and a correct way to deceive patients, which is ethical and useful?
When companies get the dilution wrong people die. Here's an example of a company that got warned once, and then went on to get it wrong again, which killed at least 10 children and harmed hundreds more. This company spent years ignoring all the warnings.
Me? No I don't think that marketing placebos is honest or useful either, unless you market them directly as such* . I only really mention them in relation to what I was replying to.
(*in some cases the placebo effect appears even with a known placebo)
How do you determine a placebo is "known"? A basic pattern of thinking, when faced with contradictory information, is to assume some of it is false (whether or not you know specific reasons) and some of it is appropriate to rely on. People also rely on their sense of what everyone else is doing to figure out what to trust. So it's a false model if you assume that a disclosure means something is "known".
I don't honestly care and I'm not really interested in dissecting the finer points of whether someone knows whether they're getting a placebo or not. You brought up placebos, you tell me what you think about them.
I'm in the homeopathy-is-a-load-of-horseshit camp, not the gives-two-shits-about-placebos camp.
"I believe CVS has carried homeopathic OTC products for years."
Read the labels of some of them. In some sort of bizarre double-fraud twist, there's actually some "homeopathic" products that contain meaningful levels of the active ingredients, and are basically labeled "homeopathic" the same way the words "organic" or "gluten free" get tossed about with wild abandon on products that it should be absolutely irrelevant for. (I have a picture somewhere in my family photo pile of water being labeled as "gluten-free".) It's like homeopathy, stripped of the idea that the more you dilute the better, or, homeopathy without the homeopathy.
If homeopathy consisted of selling tubes of plain water with a label of "may help the common cold", I wouldn't really have a problem with it.
Instead recommending people to take crazy doses of supplements, making entirely crazy claims like "cures strep throat" or "can prevent infections" or generally pushing unregulated supplements is absolutely preying upon the weak, weakening the ability of medical providers to actually do their job and is nothing more than naked profiteering by private companies. Anybody supporting or pushing homeopathy is immoral.
>selling tubes of plain water with a label of "may help the common cold", I wouldn't really have a problem with it.
AFAIK they would also need the standard FDA disclaimer of
>This/these statement(s) have not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure or prevent any disease.
The products in the drug store always say, I believe, something like "this has not been determined to cure or prevent any condition or disease by the FDA".
So that meets with your approval?
Obviously you can't say something is plain water whether or not it is - surely the placebo effect requires the recipient to think there is medication, and isn't it common knowledge that something like a bitter taste enhances it?
* This has not been determined to cure or prevent any condition or disease by the FDA. Please note that Prop 65 of California law requires us to disclosure that this packaging may contain a known carcinogen. Long disclaimers are really hard for the average consumer to read and parse in any meaningful way and by using both small text and dense fonts manufacturers are able to make disclaimers extremely ineffective.
There are issues with the CBD market both in bad claims about what CBD can/will do, and bad claims about the actual content of CBD product.
That's not a reflection on CBD itself.
Texas specifically is working on adding legal requirements around purity testing and what claims can be made. While there's a downside of cost I think that strategy is the most worthwhile.
For those who are wondering what happened, an attacker loaded malicious JavaScript through some compromised third party library.
This isn't unique to cryptocurrency, although the permanence of crypto transactions makes it pretty concerning there. Similar Magecart type attacks have been stealing credit card numbers from websites including British Airways, Ticketmaster, or Macy's, right off the checkout page.
Most sites still would have no idea if this were to happen to them today.
That’s why I’ve developed Enchanted Security (https://enchantedsecurity.com/) - a client-side firewall that tracks the network requests and even blocks malicious ones. It’s like a network firewall but running on your users’ browsers. It can run on other JS platforms too, like Electron or React Native, which are commonly used for crypto wallets. Get in touch if you’re interested in learning more.
Bit of an unfair comparison there with csp on your website there. You cite the article that most csp policies are ineffective at preventing xss, but xss and data exfilitration are different things, and csp policies that are ineffective at blocking xss are often effective at blocking data exfiltration.
The price dropped 20% between Feb 12 (when the network was shut down) and today, so I wouldn't call it "barely". I'm guessing all the current owners don't really care about the fundamentals so something like this isn't going to affect their outlook.
20% is a relatively small move for most crypto currencies. I don't follow iota's price history, but I'd assume this falls well within 2 sigma or something (even assuming returns follow a normal distn which seems suspect for most of these assets).
Since the network is down, can this still be traded?
I know exchanges use 1 big wallet, and internally keep track of who owns what. So in practice you would still be able to trade, just not able to add or request funds.
But if all exchanges block trading, nothing can happen to the price can it?
> Since the network is down, can this still be traded?
Yes. Trading generally happens off-chain, simply by changing account balances in exchange's database. Actual on-chain transactions don't take place until funds are withdrawn from the exchange (which is why they should not be kept there for long - obvious hacking risk).
>Since the network is down, can this still be traded?
All the major exchanges are showing volume, so yes it's still being traded.
>But if all exchanges block trading, nothing can happen to the price can it?
Not really. All that does is remove an "official" price, and make spread/confidence interval bigger. OTC trades (with trusted parties since the network is down) is always an option, so are derivatives like futures/options/cfds.
Trust is a big part of a credible cryptocurrency. Can you really trust a currency that the vast majority of people don't understand?
I don't think cryptos will ever take off without widespread institutional and gubernatorial support. Governments will probably issue cryptos themselves eventually. They are an opportunity for the government to create a centralized Federal Retail Bank that reduces the amount of rents and subsidies captured by commercial banks. Every citizen would have a free digital checking account, fully backed by the issuing government. When someone wants a loan, commercial banks and fintech companies would get temporary access to user data to compete on providing that loan. The data would only be used for that loan in particular, and it would be illegal to use it for any other purposes, or to retain it after the loan is done.
The government cryptos would have to be as impermeable to hackers as your current digital bank account with (insert Big Bank here). Obviously, while such a system has tangible consumer benefits, it wouldn't be nearly as libertarian as Bitcoin.
I don't think your argument makes sense. People use things that they don't understand every day. Do you understand how a plane works? Or how the current banking system works? Or even how HTTPS and the CA system work?
People generally know how dollars work. They don’t know much about the monetary system from a macro standpoint, but a dollar is a dollar.
There’s no wallet code on a flash drive that you can lose. There’s no weird pseudo-bank. There’s no mining (which adds huge transaction costs to the network).
If a new VC-backed company called Mt. Zox said “keep your cryptos with us, we have the latest in crypto security. Here are all the virtually incomprehensible protections we have. Trust us, we’re better than the Other Guys” how can you fully evaluate them? Even if they have great standards on paper, how do you know that they will be upheld in practice? How do you know that there’s no backdoor for hackers or company founders to use? Even if you do all your research before investing, you’re still a sitting duck with the tail risk of capricious losses.
My point isn’t that full understanding is a prerequisite for widespread crypto adoption. However, there is a “tangibility-trust” axis with currencies. The less tangible the currency is, the more trust is required in the issuing institution.
Gold is more tangible than dollars. Physical dollars are more tangible than digital dollars. Digital dollars are more tangible than cryptos. Bitcoin took a step down in both intangibility and institutional trust. It is, essentially, a currency backed by full faith in speculation, illicit activity, asset hiding, and under the radar transactions.
Side note: I changed “trust something” to “trust a currency” in my OP to be more specific.
People understand dollar bills, but they don’t understand their credit card and the visa/mastercard network.
You’re making the error of talking about cryptocurrency from the network perspective instead of the ecosystem perspective. You can compare a cryptocurrency with a financial backbone. A bank/credit card/any financial service can be sitting in front of both a cryptocurrency network or the current financial network and users wouldn’t see a difference (well except lower fees)
Theoretically, what’s going on behind the scenes shouldn’t matter. However, you could only trust the system to properly implement this extremely intangible technology if you fundamentally trust the organizations involved. Again, how do you know that their representations regarding the currency are true? How do you know that the amount of crypto withheld for the founding organization is fair or won’t overly dilute the network? How do you know there are no backdoors? If the crypto is pegged to another currency/commodity/crypto, how do you know that the peg will work in practice (this is very hard)? How do you know that the organization is actually holding the pegged currency in reserve, like they said they would? Even if the currency is perfect, how do you know that your wallet provider is safe/not inadvertently malicious? What recourse will you have if you get hacked? (none, and if someone says “that’s not fair, Chase can be hacked too” - sure, but that’s less likely, and the U.S. will step in to help, which gets back to my point about institutional backing) Some of these concerns exist with large established banks, but we don’t really care because 1. They have a great history of keeping your assets safe 2. They have the backing of the government. 3. The Federal Reserve is in charge of our monetary system, and whatever beef one may have with them, they are far, far better than a small group of friends who wrote a white paper somewhere.
Don’t forget the massive cost to compensate miners for all the time, electricity, and computing power that they use. If you amortize those costs, they far surpass even Amex’s credit card fees. Also, what’s with the whole >50% control condition? So now I have to worry about a top secret Russian organization with dozens of 160 IQ scientists racing to create a quantum computer that can overwhelm some/all cryptos and bring wealth to the motherland? I’m half-joking, but that’s the kind of technological weirdness that I’m not comfortable with, much less the average person.
That's much too sweeping a statement. The Nano currency is a pure currency. IOTA on the other hand wants to sell itself as a data exchange layer for IoT. With emphasis on "wants" ...
I would compare Nano more to what the early Bitcoin wanted to be: "A Peer-to-Peer Electronic Cash System"
And yes, as such Nano is one of the most promising projects in the world of cryptocurrencies.
The first few exchanges that traded it were unfortunately the subject of hacks, and I'm still trying to figure out how someone managed to compromise my Nanowallet.io wallet when I believe I've taken reasonable measures to secure the key and seed.
Download the wallet to your computer, most often than not these web wallets are open-source and available on Github.
The problem with a web wallet is that since clients potentially re-download the app everytime they use it, the server can be compromised and malicious updates pushed silently, selectively, and make many victims in a short window of time.
I can't speak for anything specific, but when it comes to crypto wallets, you should try to always use an offline application to generate your private keys.
If you use an online application, it's very difficult to ensure your keys are truly private.
If you have programmability and an immutable base layer, you can build whatever mutability you want on top. The reverse doesn't work; if you don't have base-layer immutability, then there's no way to add any sort of immutability at all.
I deliberately wrote "decentralized anonymous immutable", not just "immutable".
It's the combination of those features (which happens to be the selling point of cryptocurrencies) that is problematic.
Because if transactions are not anoymous, you can (at least in principle) track down a thief and make them give back the money. And it they're not decentralized, the central authority can be made to add a reversing transaction.
Yes, I include all three of those. On top of a blockchain like that, a smart contract can implement a token which enables a central authority able to reverse transactions or authorize users, if that's what we really want. We can do that and see exactly what capabilities the authority has, just by looking at the code.
But there's no way to implement anything decentralized, anonymous, and immutable on top of a base layer which is not those things.
> On top of a blockchain like that, a smart contract can implement a token which enables a central authority able to reverse transactions or authorize users, if that's what we really want. We can do that and see exactly what capabilities the authority has, just by looking at the code.
...and when that code has a bug, we're fucked.
And until then we've spent a ridiculous amount of effort to get what we already have.
Not necessarily fucked. If you want the authority to be able to handle that scenario, then you can give it the power to swap out the contract code. Some smart contracts on Ethereum do exactly that.
But to the extent you want immutability, you can have it this way.
Cryptocurrency could become “electronic cash” (most of the time it kind of acts like one). Do we want electronic money that retain some of the features of cash?
That would mean that everyone has the understanding that you never keep large amounts of funds in this form because it's inherently dangerous to do so.
But a) that's very much not how people treat cryptocurrencies now, and b) I don't see how you could replicate some other features of cash, namely that you can fairly dependably protect your cash by investing in physical security, and that there is inherently no such thing as a vulnerability that can be exploited at scale.
> there is inherently no such thing as a vulnerability that can be exploited at scale.
There are, many. In the past 30 years, most European countries have gone through at least one monetary reform that made previously issued banknotes obsolete. The first wave was USSR's and its satellites' collapse in 1990s (with very unfavorable exchange rates to new currencies), and the second wave was the adoption of Euro in 2000s and 2010s.
> namely that you can fairly dependably protect your cash by investing in physical security
If you've generated your private keys offline and store them on paper, that paper can be treated the same as cash of the same value, and secured in a similar mechanism
> there is inherently no such thing as a vulnerability that can be exploited at scale
Counterfeiting has been a problem for cash holders for a long time. It's definitely a more severe vulnerability for crypto holders tho.
If you need it spelled out: cryptocurrencies suck because you can lose all your money through no fault of your own with no way to get it back. And that is the result of exactly those properties that are unique to cryptocurrencies.
Thats not really an argument to make. Maybe you can say you
"don't need" and make some arguments for that, but telling people what they don't want.. Doesn't seem helpful .
Also
> very basic principle of a cryptocurrency
The BlockChain is a very good principle. But again I don't think you're sure the difference.
> Thats not really an argument to make. Maybe you can say you "don't need" and make some arguments for that, but telling people what they don't want.. Doesn't seem helpful.
I stand by my statement. People certainly think they want those things, but they're wrong. Because they want them only until something like this happens and their money is gone because of an error someone else made. Then they suddenly want a way to get back their money a whole lot more, but it's impossible because of exactly those things they thought they wanted.
> The BlockChain is a very good principle.
It's a good principle for getting distributed, (possibly anonymous) immutable transactions. It's an absolutely terrible idea to apply that to money. I don't think anyone has yet found a practical application it's better suited for than all the alternatives.
> But again I don't think you're sure the difference.
I'm sure I understand the difference better than you.
People tend to forget that this is alpha software - bugs happen. And re: centralization, decentralizing something too fast is the dumbest thing to do. Easier said than done, but it's something they've been working on for a while from what I've read.
Last time this happened with Ethereum for example, they split the chain in Ethereum Classic and the "New" Ethereum. Also not an ideal scenario. At least they are transparent/actively working on fixing this issue.
"within 25 minutes of receiving reports that hackers were stealing funds from user wallets, the IOTA Foundation shut down "Coordinator," a node in the IOTA network that puts the final seal of approval on any IOTA currency transactions."
Hard for the price to crash when they shut down the network 25 minutes after the hack.
Iota also relies on a central server[2]. So many others[3] have criticized it too.
[1] https://medium.com/@neha/cryptographic-vulnerabilities-in-io...
[2] https://domschiener.gitbooks.io/iota-guide/content/chapter1/...
[3] https://medium.com/@thedrbits/why-i-also-find-iota-deeply-al...