_sigh_... If you have a good problem to apply blockchain to, just do it. Make a startup.
If you want us to come up with problems for you to apply blockchain to, just stop. Find problems and apply whatever solution you need for them.
This applies for any single piece of technology one may want to use. The act of reaching out to the community looking for problems and suggesting you want to use hammers is, to me, a sign that company vision is muddy and unclear.
[edit] This is in no way an endorsement of blockchain, especially how it's used today.
> _sigh_... If you have a good problem to apply blockchain to, just do it. Make a startup.
There already is one similar to LibreOffice and it is called Skiff [0] which is open-source and has E2EE and signs, verifies documents, mail, etc using ENS addresses [1] (for the Ethereum blockchain) and others. Much more useable than 'LibreOffice Online' which that is still a giant hack, and has little to no real-time collaboration support.
LibreOffice really is sinking into irrelevancy as online alternatives have already eaten their lunch.
How about we keep the blockchain as far away from LibreOffice as possible. Those Venn diagrams do not overlap. Maybe instead, put some effort into making the LibreOffice experience and interoperability world-class.
This is entirely about credibility smuggling and attempting to force-feed crypto into spaces it has no business in.
I don't know, talking about blockchain became such an extreme topic that one can't just talk about it, even if it's a note that "We had a chat with Eth Foundation" and people are coming with foaming mouth. The article does not mention that they are thinking about _crypto_ but _blockchain_, which, seems like not a lot of people know about, does not 100% means "im going to release a shitcoin, haha, rugpull".
Good. The mere mention of "combining existing successful open-source product with blockchain" should get about the same reaction as "combining fruit bowls with metal spikes". This is a good thing, it means that people are waking up to what crypto actually is. There is no successful or interesting combination of "useful thing" and "blockchain", unless your definition of success is siphoning money from technologically illiterate people to grifters' pockets.
It's evident that the person who wrote the blog post does not understand that they're being approached by grifters, who want to use their existing brand goodwill to expand their grift's outreach. Being approached by the Ethereum foundation should be treated like cold emails asking if you'd like to put a link to a casino in your website. I'm glad that the community was able to clarify this for them.
> Being approached by the Ethereum foundation should be treated like cold emails asking if you'd like to put a link to a casino in your website.
Yes. It's become a sort of memetic virus that causes people to lose all their critical thinking abilities and immediately start trying to turn everything into paperclips (well, turn energy into discarded hash computations). This is why it gets a response like Alien or The Thing where people who appear to be compromised by the mind virus get the flamethrowers turned on them.
But why can't we talk about it like normal people? Everyone is coming against each other, it became such a taboo that one can't have a normal conversation with an other person for like a minute before they start going against each other's throat. It's starting to become like talking about politics.
This is a good thing. The more outwardly toxic the reaction against cryptocurrency grifts becomes, the less outreach these ideas will have, and the less people will be affected by them.
At its core, it's a form of herd immunity. You don't drink bleach, not because you know personally what drinking bleach does to your body, but because society has told you what the consequences of drinking bleach are, immunizing you against the idea of drinking bleach.
comment: they're not talking about crypto but people still just say "F them crypto is bad!"
this comment: F them because crypto is bad!
Crypto (money, nfts) is bad, I think smart contracts are a mistake too, and I don't think LO needs blockchain either, but the objection is more like the one someone else said about, if there's some feature that needs it, fine, but don't just look for some excuse to use a solution with no problem.
But also it would be absurd to say that cryptography, authentication, and povenence have no valid application with documents.
“ ESP focuses on strengthening Ethereum's foundations and enabling future builders: improving infrastructure, expanding the range of tools available to those building on Ethereum, deepening our understanding of cryptographic primitives, and growing the builder ecosystem through education and community development. The work we support is open source, non-commercial and built for positive sum outcomes.”
So do you believe they opened talks with the people working on a word processor in order to "[deepen] their understanding of cryptographic primitives"? Is that what the LibreOffice blog post is about? Cryptographic primitives?
It seems more likely to me that they were looking into "growing the [grifter] ecosystem through [...] community development" instead.
Cryptographic research makes sense for LibreOffice. There is no any reason for LibreOffice to grow grifter ecosystem - this assumption sounds more fueled by feelings than based on factual discussion. E.g. using zero-knowledge proofs to confirm facts about the document content without revealing the full document is much more sensible research topic for LibreOffice.
The only revolutionary thing blockchains enable is decentralized electronic cash and financial assets, which are fundamentally bad ideas, and the reaction is justified.
Any other "blockchain" related innovation is just a solution in search of a problem with the real purpose of pumping some virtual asset and selling it off in volume to other speculators. Anything you claim can be done with blockchains (other than decentralized finance) can be more easily done with databases, PKI, hashtrees, ZKPs and other technologies that exist for decades, and that includes smart contracts and anonymous & decentralized communication.
How about... they, and everybody else around the world, should work hard for good governance for all people of Earth?
It's simply obscene to claim that a speculative token peddled by SV venture capitalists could somehow magically solve things like disease, violence, corruption and lack of basic infrastructure keeping these nations down. It's so self serving and detached from developmental realities of poor countries - which I experienced fist hand in my life - that it makes my blood boil in disgust for the crypto bros.
Blockchain is just bookkeeping. I don't know, can you demonstrate a use case for accounting or book keeping?
Up to now we always had to do accounting in books that can be cooked and have to be trusted.
Blockchain is accounting with books that can't be cooked and don't have to be trusted.
It has other problems which are real, but so what? Everything has some kind of problem.
With blockchain the problem is if you go for convenience and use a centralizing key custodian, then someone else controls your keys and everything they protect, and if you don't, then it's too easy to lose your keys and everything they protected with no recovery.
Well those are real problems but they are no different from the problems of using a plain database that can be copied, modified, hidden, stolen, has to be trusted even though you know you actually can't trust the owner, etc...
Blockchain has pretty powerful use cases in the enterprise. Ethereum provides one such solution which allows companies to have a private blockchain and programmable smart contracts in place—and with that a nice internal audit trail as well.
Blockchains can use proof-of-authority or proof-of-stake not as a means to accumulate “wealth” but firstly to secure the network from tampering while facilitating the resilient, chain of transaction records.
Ethereum is a distributed Turing machine (completely programmable)—first and foremost—and that is much more powerful than a simple coin.
Distributed programmable Turing machines are indeed very powerful. We're talking through a network of distributed programmable Turing machines right now. It does not involve a blockchain.
Academia is currently exploring multiple use cases, and some are already being used in real world scenarios. Permissioned blockchains for example can have multiple use cases in enterprise.
An example is supply chain management [0] and supply chain traceability, which is already in use at Walmart [1].
A few more that havent been mentioned: Source control, public cryptographic beacons (eg randomness beacons, beacons containing public keys). Chaining blocks with cryptography is actually very useful.
I'm open to the idea that blockchain might somehow be useful for something somehow in the future. I don't see what LibreOffice could gain from blockchain.
I also think it's telling that they'd rather ignore the negative feedback because they want to apparently continue on this path than actually recognize that people don't want blockchain garbage ruining what's otherwise a good project.
I'm looking forward to the next post in 6-12 months where they talk about all the "awesome" plans they have with blockchain and they'll have the comments locked from the beginning. Oh, and not to forget the ensuing fork because honestly, we just want a word processor that doesn't suck and isn't proprietary.
> I'm open to the idea that blockchain might somehow be useful for something somehow in the future. I don't see what LibreOffice could gain from blockchain.
It's not because you can't imagine anything that nobody else can.
Are we already at the point where saying that crypto is a scam and the blockchain won't serve a useful purpose in a word processor is—"reactionary"? Dude get a grip.
Because there are no use cases for blockchains. Humanity spent billions (trillions?) of $ on this technology and there is no use for it. Now the people who sank their money into this, desperately try to find some fools to pass the hot potato to.
I think this is it or, at least, to moderate slightly, there are few valid use cases for blockchain. The top comment, from Theo Jackson, captures it really well:
"Please don’t. If there is a requested feature that _requires_ blockchain I’d be interested, but “possible ways to combine LibreOffice with blockchain technologies” sounds like a solution in search of a problem."
What are the actual problems LibreOffice are trying to solve here? It just feels like this post dropped in from 4 years ago where everyone seemed to be trying to shoehorn blockchain into everything with no clear idea of what they were actually trying to achieve.
And then there's the fact that many blockchain implementations have an absolutely horrendous energy requirement. It was always odious (or at least from about 2013 onwards) but, in 2022, in the midst of an energy crisis and rising prices, it's both ethically and environmentally indefensible. I know that Ethereum has been working to address this but the reality is that for many extant cases blockchain is horrifically compute intensive and inefficient.
Someone in the comments on LibreOffice blog expressed the same opinion. Which surprised me. Has the consensus been reached among the serious non-grifting public that blockchains are useless to represent peer-to-peer trustless money? Has bitcoin been declared a failure?
I'm not sure how a word processor uses peer-to-peer trustless money. The discussion shouldn't even be about crypto and blockchains, but about how crypto and blockchain can benefit LibreOffice. Given we cannot identify how crypto and blockchain can benefit anybody (well, except scammers and those 11 folks who actually transferred assets to third world countries) I believe the topic should have quickly died off but yeah...
> I'm not sure how a word processor uses peer-to-peer trustless money
The parent (and the commenter on the site) weren't saying that an office suite has no use for blockchains; they were making a far broader claim that there are no use cases for blockchains.
And so does heating swimming pools, baking bread and enjoying one's night at the movie theater, none of which excuses or justifies wasting energy for whatever real or imagined purpose.
If it didn't find its way into everyday person's pocket in 14 years since Bitcoin's whitepaper (even with all the money and attention thrown its way), I think it's fair to say it's unlikely that'll happen in the next 14 years as well.
No use for it? The blockchain is a massive achievement. It's a decentralized verification system. Of course it has plenty of uses beyond crypto currencies.
That isn't true. A blockchain powers Secure Scuttlebutt, Jami, Urbit, and has use anywhere a verified supply chain is needed. Because some people have politicized it, now all blockchains are scams or "useless". But this is demonstrably not true. It's just a technology and people have misused it but that doesn't render the technology itself useless or a scam.
Correct, but the word "blockchain" has two meanings. You're talking about the technology known as blockchain. The blogpost is not about the technology known as blockchain, it's about the grift known as blockchain. Here's how you tell the difference:
When a project has a problem that needs solving, and they look for a solution to that problem, and the right solution happens to be a blockchain-like system, then we're talking about the technology known as blockchain.
If the problem these projects are trying to solve isn't how to scam people, the project will usually intentionally avoid using the word "blockchain", like Scuttlebutt and Jami do, and instead refer to their solution with terms such as "cryptographically-verified append-only ledger"
They do this because, when other people hear "blockchain", they usually either hear "this will be used to scam me" or "I can use this to scam others". Because they're thinking about the grift known as blockchain, not about the (relatively obscure by comparison) technology known as blockchain.
When a project says they're looking into how a combination of blockchain and their project could be useful, they're not trying to solve any problem. They've decided they want to transform their existing project into a scam, using the grift known as blockchain.
If they are interested in solving a problem, they'll talk about the problem, and how they solve it using something similar to the technology known as blockchain. If they're interested in scamming you, they'll talk about the grift known as blockchain, and ask you to use your imagination to envision for them how the technology known as blockchain will help the project, while they stick their hands in your pockets.
So you're just talking about something else, but as Schneier argues, anything other than a public blockchain is nothing new and has little to do with all the hype beyond the confusing names.
> User content in SSB is organized as an append-only sequence of immutable messages, where messages cryptographically sign adjacent messages for the purpose of guaranteeing unforgeabilitity of the sequences as they are replicated to other peers.
That's pretty much a blockchain. Of course, they don't call it a blockchain themselves, because the Scuttlebutt people are not running a grift, they're creating a communication protocol that happens to use cryptographic primitives similarly to how blockchains use them.
That's using a specific definition of a blockchain that differs significantly from e.g. Bitcoin and Ethereum which are two of the most popular ones and the ones commonly referred to, along with their decentralization properties. The Schneier post I linked explains fairly how these are not novel and have nothing to do with the current hype beyond the confusing naming.
Concretely, if Scuttlebutt uses a blockchain, then Git also uses a blockchain by a similar reasoning. I don't think the original post claiming that "there are no use cases for blockchains" was implicitly claiming that Git (or Scuttlebut) is not relevant software, just that they don't use a blockchain, because indeed they don't for any interesting definition of "blockchain".
I agree with you completely, the "blockchain" term is confusing, and by the definition I'm using, Git would also be a sort of blockchain. The more that blockchain (the grift) expands, the more that the meaning of blockchain (the technology) is diluted.
A key difference to me between Git and Scuttlebutt, which in my (most likely flawed) view makes Scuttlebutt "blockchain-er", is the distributed nature of it. You add a friend on Scuttlebutt, and this will fetch their content from any node, and all their friends' contents. It has an "automatic replication across nodes" aspect which Git does not have.
[Disclaimer: I haven't used Scuttlebutt in a long while, so I may be getting the technical details of the friends-of-friends-replication thing wrong.]
Only if you remove all of the parts of a blockchain that make it a blockchain. The definition from wikipedia isn't a blockchain, it's a Merkle Tree. They're not the same thing - a blockchain _uses_ a merkle tree. The bits that are bolted onto the merkle tree are what make it a blockchain, and are the bits that don't provide value.
> has use anywhere a verified supply chain is needed.
Sure, in the same way that a hammer can be used for a screw, or an HGV can be used for commuting to work - i.e. it _will_ do the job, but there were plenty of other alternatives available. The thing that a blockchain does is a _decentralised_ verifiable supply chain. A verifiable supply chain has existed since we've been doing digital signatures, and RSA has existed since the 70's.
The problem with using blockchain for supply chains is what happens if someone claims that the original source is wrong? Say I'm Maersk, and one of my ships says "no, I did deliver that". Are Maersk's customers going to say "no, we believe that guy, we're forking the blockchain?" Or are they going to say "That sucks, guess you shoiuld have delivered it" and claim the loss on their shipping insurance? We both know it's the latter.
> But this is demonstrably not true.
Is it? I've yet to see a demonstrable use case for blockchains that actually solves a problem. We've been doing this for almost 15 years now, and we're still waiting for it.
> It's just a technology and people have misused it but that doesn't render the technology itself useless or a scam.
People misusing technology doesn't make it useless, but if the _only_ use case is useless or a scam, then the tech is useless.
You may think you're being well meaning but you aren't Maersk and can't speak for them. Maersk believes it's an advantage to them to use a blockchain. Maybe we ought to ask Maersk why they chose it.
Everything I read in this thread is dripping with vehemence, hate, ridicule, or certitude (your I haven't seen a demonstrable use case in 15 years).
If the kind of echo chamber you want to build is the one where you've won and any even smallest proffering of a tilt toward blockchain as useful is crushed congratulations you're doing it: nobody who even wants to give one inch to blockchain will come around here. When I try and point out one useful thing is a blockchain, oh that thing is a different kind of blockchain. It's astounding the mental acrobatics people will go to to stand victors over their tiny corner of the internet.
This is frankly culty, repressive behavior that's not at all in the spirit of curiosity.
I don't think your reading of my comment is fair at all. I think I was perfectly reasonable and avoided using words like culty and repressive. Instead of talking about the issues youve gone straight for a personal attack.
You're right, I can't speak for maersk, but given this is a pseudonymous internet forum where in this thread they are touted as legitimising the tech, I think it's fair game to speculate based on knowledge.
> When I try and point out one useful thing is a blockchain, oh that thing is a different kind of blockchain.
Meanwhile, everytime I ask for a problem that a blockchain solves, I get back problems that are better solved _without_ blockchains, or solutions that don't actually solve the problem in the first place.
I'm open to having my mind changed, I really am (it's happened many times on this forum), so please, feel free to share some of the problems that are being solved.
> dripping with vehemence, hate, ridicule, or certitude (your I haven't seen a demonstrable use case in 15 years).
> spirit of curiosity
I'm curious: what useful application of the blockchain have we seen in the past 15 years (outside of cryptocurrencies whose usefulness is apparently largely confined to pyramid schemes and paying for crimes)?
> A blockchain powers Secure Scuttlebutt, Jami, Urbit
I've honestly never heard about any of these. But I have heard/read about many other "uses" of blockchain, which ultimately boil down to scam. There are possible use cases, they just drown in the sea of scams.
It doesn't, it verifies who it came from. Someone else mentioned Maersk above for supply chains, but a blockchain allows both Maersk and I to verify independently, without trusting each other, that a third party has made a change. If the third party says Maersk has it, and Maersk say the third party have it, the blockchain will have a record of it if Maersk accepted it, and I can independently verify that.
Unfortunately this isn't actually a property of a blockchain, this is a property of a ledger. I'm still trusting Maersk in this situation, because if I don't, what do I do, fork the blockchain and pretend that Maersk has the item?
The post itself is bizarre. Imagine they had said: "we had a discussion with Denuvo about DRM (We’re not talking about putting DRM into LibreOffice!). In what ways could people find a combination of LibreOffice Technology and DRM be useful?"
I'm not trying to equate blockchain and DRM. The big question lingering over their post is "why?"
From what I can see the essence of the reaction is towards the fact they appear to be in search of a problem for their shiny solution. Maybe they find a real problem, but usually you don't have your solution before you find it.
It is not insane, far too many orgs are asking how can we shoehorn blockchain into X. The end-result is usually some vaporware, some weird commercialisation, or outright fraud. Libreoffice is a foundation, it should act in accordance with its charter. The public, likewise, should hold its officers accountable for acting in a way best serves these ends.
Maybe because nobody else has seen other use than shitcoins. Arguing this is not about crypto, but blockchain, when nobody has seen other use cases is the disingenuous part of all this.
In most environments this can be discussed, I think it is a specific subsection of IT professionals that are just quite militant about the subject. It is unpleasant, but just like all fundamentalists they're always going to exist. To my view, the best course of action is to politely ignore them and go on with your life.
Instead of this, it will help if the doc foundation works on providing mobile-friendly and also online libreoffice via the doc foundation and not by third party.
It could MAYBE be used to create an open/libre clone of services like DocuSign, but there are certainly already ways of validating a signature on a document that don’t require inserting a blockchain into an office suite!
Beyond that, I also cannot think of any valid use cases
Document signing is a good potential use case. The current transaction fee is $.50 [0] so that’s not too bad to securely sign a document.
There’s a separate issue of verifying and identity proofing wallets.
But I think blockchain actually helps solve the problem with pgp of trusting unknown identities and key exchange. Currently if a document is pgp signed by John Doe, I’ve got to figure out if it’s really John Doe and that’s a bit of work if I don’t already have John’s public key.
> I’ve got to figure out if it’s really John Doe and that’s a bit of work if I don’t already have John’s public key.
Maybe a dumb question, but assuming a scenario where you have a concept of "really John Doe", isn't there always some authoritative source on what that means that you could use to obtain John's public key (whether that's some user registry, direct contact with John, etc)?
yes there is, and that's why most blockchain projects that interact with the real world are doomed to fail.
Another classic exemple are those who wants to solve supply chain problems. To put it simply, the robustness or decentralisation of the database is not the reason why your inventory doesn't match what's in the warehouse. It's all human-related problem (eg. theft, losing shit, scanning the wrong item, being scammed by suppliers, etc.).
Document signing: vitalik.eth signs a PDF, everybody can verify the PDF is signed by his private key. He has to broadcast his public key for this, and probably also a content hash of the document so that we can be sure we are verifying the correct PDF. He can broadcast this on Twitter, but that is not a secure and tamper proof ledger, and it is centrally owned, and it's not a great storage mechanism for this system to scale to thousands or millions of signatures. LibreOffice could create a new service like keybase.io but that is also centralized and we saw how that went. Another alternative is these messages are broadcast through a public and decentralized ledger.
How does this fit with zero knowledge proofs that the blog mentions? There may be signature attestations you can make that you want to be private from the receiver, but made in a way that the receiver can still verify the signature is valid.
LibreOffice already has PGP support for signing documents, which is the standard mechanism for distributing trust among open source projects.
I suppose we can stuff PGP keys into the blockchain but I don't see the additional value. Each key needs to be trusted by the receivers independently (or through a web-of-trust-like system) so I don't see the added value of a tamper proof ledger.
> He can broadcast this on Twitter, but that is not a secure and tamper proof ledger, and it is centrally owned, and it's not a great storage mechanism for this system to scale to thousands or millions of signatures.
Public blockchains[0] are not known to scale either. I can open a Twitter account for free and publish a signature right now, and do it on several other platforms at the same time to have some kind of redundancy.
I only care about the medium being tamper-proof to be able to prove the signature is at least this old (if it's in a certain block, the signature was made before this block. If it's in a certain message on Twitter, it was made before this message).
So from first principles, blockchains brings this theoretically better time-stamping mechanism, because somebody controlling Twitter could change timestamps there, while nobody could on a blockchain. In practice though, the redundancy is enough, and it's hard to change something people care about on the Internet without people noticing.
Overall this use-case somewhat legit (more legit than most), but it's a niche within a niche.
I don't think redundancy is a clean solve. It might give more confidence to the message time stamp to see the same message replicated across 10 different websites, but this does not scale. Eventually if you do aim for a distributed database you end up down the path of consensus mechanisms and blockchains.
What I outlined is unlikely to ever be realistic on a L1, but recursive zk rollups that post proofs to L1 do scale very well and have strong security and tamper-proof guarantees.
> Another alternative is these messages are broadcast through a public and decentralized ledger.
There is no such thing as free computing and data storage. Involving the group of strangers that run public decentralized ledgers requires paying transaction fees. Decentralization in itself is a dubious benefit.
A centralized service would be way cheaper to run (so cheap that it could be free for the end-users) with perhaps a one-time fee for identity verification purposes. The technology exists since decades (X509), is proven in the field and usable today.
You would think a message board called "hacker news" would be more open to blue sky thinking. Zero knowledge proofs and a tamper proof ledger of timestamped cryptographic signatures could open up new use cases that are different than relying on central authorities.
One idea, document signing: vitalik.eth signs a PDF, everybody can verify the PDF is signed by his private key. He has to broadcast his public key for this, and probably also a content hash of the document so that we can be sure we are verifying the correct PDF. He can broadcast this on Twitter, but that is not a secure and tamper proof ledger, and it is centrally owned, and it's not a great storage mechanism for this system to scale to thousands or millions of signatures. LibreOffice could create a new service like keybase.io but that is also centralized and we saw how that went. Another alternative is these messages are broadcast through a public and decentralized ledger.
How does this fit with zero knowledge proofs that the blog mentions? There may be signature attestations you can make that you want to be private from the receiver, but made in a way that the receiver can still verify the signature is valid.
EDIT: Since I am on a throwaway account, my replies are being throttled. This could be another application of ZKP: create a proof that my main account has significant karma to post, without sacrificing my privacy.
> You would think a message board called "hacker news" would be more open to blue sky thinking.
And as you can see all over HN, most of us are quite tired of this diatribe...
This appeal to HN requiring us to be open-minded about a technology that had more than a decade to prove itself in a real world application is tiresome. I mentioned in another comment just this week, I was really excited about Bitcoin in 2012 and kept watching the whole space for opportunities to try a product that could improve my life.
Nothing has appeared, in 10 years, worse, in 10 years it all became a space filled with mumbo-jumbo, grifters and scams. In 10 years I've not seen any of these pie-in-the-sky proposals of digital attestation come to fruition.
It's a technology looking for problems, when something more exciting than Cryptokitties or pure speculation of shitcoins pops up I can definitely give it a try. Unfortunately as each day passes and more scams appear it eclipses any dreams that people like you have to sell to me, it's been thoroughly tarnished over 10 years, the space is a mess in every aspect, including information. Nowadays if you search for anything blockchain/cryptocurrency-related you will only find piles and piles of trash, of shit articles trying to peddle yet-another-scam.
It's really hard to keep any optimism when there was absolutely nothing gained from the technology in the real world.
No, remittances from developing countries is not really a gain, I personally know people that emigrated from places like Venezuela and Iran and absolutely no one is using blockchains/cryptocurrencies anymore, the few ones that tried got burnt after yet-another-crash.
A decentralised ledger might have uses, no one has shown any so far, at least none that got any traction even close to the amount of money poured into this bullshit.
It is incorrect to say nothing has happened during the last 10 years. Zero-knowledge proofs, as discussed in the potential research collaboration between Ethereum Foundation and LibreOffice, are more recent. The most useful, or compact, zero-knowledge proof systems have been created during the last few years. This can be partially contributed to the blockchain research.
You can more about the history of zero knowledge in this Wikipedia article:
Zero-knowledge proofs do not need a blockchain. They are "old crypto" (cryptography, not cryptocurrency) and actually predate blockchains by several decades.
Sensible, I'm gonna wait for real applications of ZKPs though, it's an interesting piece of technology, just like a decentralised ledger. When it gets applied I can form a better opinion if it was worth the US$ billions poured into blockchains that enabled more research of it :)
Most of us were very interested in cryptocurrencies at some point in our lives. At some point, we have to accept that things are not what we think they could or should be. They're just what they are.
If I build weapons for freedom fighters, but they're used to massacre civilians, I'm not bravely aiding the people's revolution, I'm just an arms dealer for a terrorist group.
If I build a decentralised cryptographically verified ledger to provide trustable alternatives to traditional banking, but it's used to trick people into spending millions on digital receipts for ugly monkeys, I'm not disrupting the corrupt banking oligarchies, I'm just running an elaborate technological grift.
Ideas like you suggest have been discussed on this forum uncountably many times. Blockchains in general as well, for well over 10 years now.
This stuff may look new and revolutionary to some, but if you've been here long enough you've already seen that stuff go through the hype cycle[1] and it has NOT emerged, at least so far, at the end of that curve looking good.
I am currently working on some stuff where blockchains are actually a potential solution (very related to public key cryptography, by the way), but the problems with it as a solution to anything except digital casinos are so numerous and the scams so prevalent in this space that it's next to impossible to come up with genuinely useful applications and services that rely on it. That's the reason why usages of this technology are currently extremely limited, not because there's some sort of conspiracy to stop it from succeeding!
I don't quite get what you mean. The internet was designed and used to connect networks of computers. I started using it for email, gopher, and ftp in 1989 but it was 20 years old at that point.
Hacker News has historically been very open to blockchain ideas. I'd wager that without HN's contribution, it would not have been well known enough to get picked up by silk road which is really when it went from toy project to normal people caring. Even after that, I think many of the early blockchain for X startups got good press here and there is a decent chunk of HNers employed in the blockchain.
So I don't think negative reactions to blockchain articles on HN started as some sort of kneejerk conservatism, rather HN has seen the entire lifecycle of blockchain so far and what we've seen has exhausted the opening goodwill towards the concept for many users
Most of the negative comments on this thread read like knee-jerk reactions. I'd wager that many of them see blockchain as Bitcoin, and they are not cognisant of newer developments like zero knowledge proofs, verifiable computation, and smart contracts running on a zk rollup.
Zero knowledge proofs have nothing to do with blockchain, verifiable computation has nothing to do with blockchain.
You can use Zero Knowledge proof with many things, one of them is blockchain.
This inverses the relation of Zero knowledge proof and Blockchain, Its like saying supply chains are an advancement of blockchain. Just because you can do something (poorly) with blockchain does not make it part of blockchain.
This kind of inversion of relations stands in the base of why people with subject matter knowledge are opposing Blockchains/Crypto. Its a tower of badly constructed arguments standing on top of each other.
Private money is not a blockchain advancement, Supply chain management is not a blockchain advancement, Consensus algorithms are not a blockchain advancement... and zero knowledge proofs are not blockchain advancement.
Each and every one of this things can be done better not using blockchain.
ZK is old tech but succinct, non-interactive and general purpose ZK is not. Look at SNARK and STARK, and every other research and advancement in the last 5 years. Funded by blockchain, developed for blockchain, with hash functions optimized for use in a blockchain. This modern form of ZK underpins most new blockchain bridges, light clients, and scalability solutions.
These new ZK proofs are much different than anything in the last decades, and can be used without a blockchain. But they also do fit elegantly within the context of blockchains, like having a ZKP verifier running on EVM instead of a single website like keybase.io, to further reduce points of centralization.
"ZK is old tech but succinct, non-interactive and general purpose ZK is not." Do you work on SNARK? this is just their marketing language reiterated.
Zero knowledge proofs do not need to be "small". What kind of ZKP use-case do imagine that cannot bother to send 1kb of additional data? What does any of this have to do with decentralization? Why is decentralization a goal? Do you really believe that most research into ZK cryptography is funded by blockchain?
Try and expand your sources of information, I have a feeling that you are in an internet bubble :(
Succinctness means the proof size is smaller than the witness, and that it can be verified quickly. So your proof size and verification time can remain small even with large inputs. Succinctness and SNARK is the basis for practical verifiable computation systems like Pinocchio[1], early applications like Zerocoin, and now is the basis for scaling blockchains with ZK rollups.
See for yourself[2]. Much of the recent developments of practical ZKP stems from SNARK. In the last few years there has been an explosion of new papers and tools around this - lots of it driven by blockchain and in some cases directly funded by it.
Zero knowledge proofs were first invented/described in the 90's. Verifiable computation is older than blockchains and zero-knowledge proofs. Neither of these have anything to do with blockchains.
> You would think a message board called "hacker news" would be more open to blue sky thinking.
On the other hand: a site called "Hacker News" will likely point out business scams involving technology. ;-)
If you desire this openness towards blue sky thinking, we should unmask all those cryptocurrency con men so that the only people who stay in the cryptocurrency ecosystem are those who really are into the mathematics behind it or love blue sky thinking.
>He has to broadcast his public key for this [...] through a public and decentralized ledger.
Yes, but then he also has to broadcast the transaction linking his identity and public key. He could do this on twitter, but that is not a secure and tamper proof ledger. So he creates a second blockchain to advertise the transaction. But then he needs to advertise the second blockchain's transaction in order to link his identity and public key. He could do this on twitter, but that is not a secure and tamper proof ledger. So he creates a third blockchain to advertise the second transaction...
> it is fine to publish those signatures on a website you are known to control (or Tweet them out or whatever).
Say I tweet, post on reddit and internet archive both of those pages. When somenoe goes to verify later on, the 4 values are different to the value you've provided to me. Which of the 5 values is trustworthy? This is the problem that a blockchain verifies, in theory.
Unfortunately, there's two different answers, depending on what we're actually sharing. If we're sharing something that confirms my identity, the only correct answer is "it doesn't matter, you are not who you say you are".
If we're sharing something that proves something happened, the answer is "I need to choose one of the N options to trust", and unfortunately going down this path should leave you to "it doesn't matter, I can't actually verify what happened without trusting _someone_". The reality of both situations is that it doesn't matter whether or not the trust is centralised or not centralised, the action you take in both cases is the same - you stop trusting and look elsewhere. And Blockchains can't solve that problem.
Like I said to someone else, the real answer is to not sign documents that are wrong. To avoid doing this, you might have to be more precise than "my public key is X." You probably should include a timestamp, an expiration for the key, a hash of the previous message so people can tell what is supposed to supercede what, etc.
That way, if people get multiple messages from you, they can actually verify which one is supposed to be the most recent and what your key actually should be.
That will solve your problems and let you disseminate public keys through Twitter.
> Like I said to someone else, the real answer is to not sign documents that are wrong.
If "don't make mistakes" was a viable solution, we just wouldn't have a whole family of problems.
> you probably should include a timestamp, an expiration for the key, a hash of the previous message so people can tell what is supposed to supercede what, etc.
An expiration for your current key doesn't _really_ help the problem of "I don't know where to get the next key from". A blockchain _in theory_ formalises the "disseminate your public key through this accessible place" (which you've defined as twitter, I might define as a CA registry that comes with browser and someone else might define as a blockchain), but this solution doesn't actually solve the problem of "the public key is different, which one do I use?" which _is_ what a blockchain does, except in reality, it's useless because when these things diverge you almost certainly look elsewhere for trust.
By the way, this chain of documents with precise information is a blockchain in itself. You don't need another one. Particularly not for disseminating information, where it doesn't really solve any problems. Publish those documents wherever you want, and include the appropriate information so that they are not wrong. That's a blockchain.
I will add that "don't make stupid mistakes" is a key tenet of cryptography in general - and blockchains in specific.
I publish them somewhere I have control, like my website, and ask archiving services to archive that page. I don't need them to be under nobody's control.
If someone compromises my blockchain keys, it's about as bad as if someone compromises my website (in terms of the actual attack vectors).
Unless you go full self-hosted, your website is also under the control of your hosting provider and DNS registry. You implicitly trust those, until you don't. (See the Linode/Itch.io gaffe from the other day.)
And what if your use case requires you to prove to others that you (or your publisher) can't surreptitiously and arbitrarily alter the information you published?
Lets try to understand this central point some more: blue sky thinking is a kind of enthusiastic faith in the future. The same kind of enthusiasm that scams, pumps and dumps require in order to succeed.
Thus we have a call for "just believe in the technology" which on it's own is fine, but it's a call that is required for all the scams that have occurred and keep on occurring to occur.
So people easily confuse the enthusiastic earnestness of blue sky thinking with crypto/blockchain with the enthusiastic earnestness of the fool that is rapidly parted with his money.
(As a note to this, I hope that the current massive crash of crypto happening right now might in a strange way increase the actual number of interesting technologists involved in it somehow, but I've not identified how)
> Another alternative is these messages are broadcast through a public and decentralized ledger.
Trouble is, the "decentralized ledger" can only reliably timestamp if there is a financial incentive that motivates peers to burn hashes, stake and vouch for blocks etc. Without that financial incentive the whole blockchain breaks down to something inferior to even the PKI distributed systems described by Lamport in the 70s and 80s.
That's the major fallacy of "blockchains" as a technology, they are always a disguise for token speculation, they require native minted tokens of speculative value to operate.
The distinction is between something that costs money and competes in the maketplace based on that, versus something so insanely expensive the only way it can compete is to pretend it prints actual money and speculate on their future value.
If Bitcoin didn't have bitcoins, nobody in their right mind would pay to an electricity bill the size of Argentina just to keep it running as a distributed timestamping ledger. There is no imaginable practical application that would justify that resource waste.
idk man, I was open minded on cryptocurrency backed blockchains for a decade, I'm kind of over it now.
Everything you're describing could be done with a git repo (also a cryptographically signed tamperproof ledger), 10x faster and with 1000x less baggage of a deeply scummy industry behind it.
The core problem to solve with your idea is proving that a piece of data that represents someone electronically (eg a public key) truly actually represents them physically. Cryptocurrency backed blockchain solves none of this any more than any other technological solution does, because it does nothing to tackle the actually hard problem, of making that physical->electronic link.
Keybase did it by not truly doing it, and instead providing a plethora of different ways that all somewhat do it, and left it up to the user as to whether they trusted that. So you can link your domain, your twitter, your reddit, your crypto wallet, etc. That still didn't actually prove the physical->electronic link, but it added evidence.
The problem I outline is not about a physical to digital link. It is essentially about decentralization and using a tamper proof append-only log to store key events and signatures.
Storing commits on GitHub is neither of those things; data is owned by a single company in the US, and previously published logs can be deleted to recreate a false history.
> previously published logs can be deleted to recreate a false history.
No it can't, that's the point of git. In git parlance that would be a rebase, which is instantly and unavoidably obvious, and people just wouldn't take anyone's rebases.
And how do you plan to host and distribute that? If not GitHub, maybe your own site, but neither is tamper proof or verifiably secure. In both cases the repo owner can delete commits and rewrite history, and viewers would not know. There needs to be some way to come to consensus about which SHA-1 head is valid. In a website, it is just whatever the website tells you is the correct chain. For it to be verifiably tamper proof you would need a consensus mechanism, which would spawn a blockchain.
>so that we can be sure we are verifying the correct PDF
Umm, what? Someone cannot create a PDF and sign with someone else's key. This would've defeat the purpose of public-key cryptography.
>it's not a great storage mechanism for this system to scale to thousands or millions of signatures
Not sure how recommending a system that scales not on signatures but on messages shared is better.
>Another alternative is these messages are broadcast through a public and decentralized ledger.
Okay. So suppose a message was distributed from an address. How you know to whom this address belongs? How will be different that you being shared their public key?
Vitalik, or maybe a charitable non profit organization, signs two PDFs: one says "our new public key is X" and the other says "our new public key is Y." Both of these documents verify correctly, but how do you know which is the latest? One approach is to use Twitter as your append-only timestamped ledger, and broadcast a link to the latest file on IPFS. Another is to build a new centralized service and promise it is secure and will not get hacked or mutated. Another is to rely on a public distributed ledger that is verifiably secure and strongly resistant to modification.
If you're imagining that this is part of some key rotation procedure, what about signing a document that says "until April 20th, 2022, 0:00 UTC our public key is X"?
And then if the central source gets hacked, people will be suspicious of the PDF for a few hours, but nobody will do anything disastrous.
Edit: you can also add chaining to the documents themselves: "until... the private key is X. This document supercedes the doument with hash Y."
In this example it is key rotation, but you do not know when your key will expire, so you cannot put that in the message. Imagine you have a key, and later realize it may or may not be compromised, so you decide to rotate.
You can be in the habit of writing "I signed this message at date K" but if any of your old keys are compromised, the hacker can sign a new message with today's date to spoof a new rotation event. Without ordering these events by time, you cannot know which is the newest.
One solution is to have a log showing the timestamped key rotations. A company can store everybody's timestamped key rotations on a sqlite database and promise it won't ever be modified, or you can put these state changes in a distributed ledger. If the value of the key rotation events outweighs the cost of submitting transactions to the ledger, it may be worth it. This is unrealistic with Eth L1 but more realistic in something like a recursive zk rollup on L2.
The documents themselves are the log. You don't need "zk rollup on L2" to make a verified chain of documents. All that's left is the distribution method.
For that, you put them on your website, using proper security. You put them somewhere where you (and your users) have legal recourse if something goes wrong. That is the safest place to put your public keys.
Also, if your keys are compromised, a blockchain solution is completely and forever corrupted. A website is only corrupted for a few hours until you regain control.
As I understand, DHT is vulnerable to sybil and eclipse attacks, and not really suited to the task of creating a tamper proof log. If the log and timestamping is not tamper proof, key rotations can be spoofed. Users in the network may need to come to consensus about the ordering of events, such as if signed documents A and B are order dependent. See:
> As I understand, DHT is vulnerable to sybil and eclipse attacks
So are blockchains. However, blockchains are much harder to secure, since they need to preserve the order of the ledger (for Bitcoin that's a total-order; there are some chains which only require partial-order). That forces all transactions to jump through hoops, like proof-of-X; even if they're not under attack.
> not really suited to the task of creating a tamper proof log
That's my point; why impose a log (and hence a total-order of events)?
> Users in the network may need to come to consensus about the ordering of events, such as if signed documents A and B are order dependent.
That's a heck of a hypothetical; and it's solvable without baking order-dependence into everything, e.g. we can embed the hash of one document inside another document; or we can provide hashes-of-hashes (Merkle trees), etc.
> So are blockchains. However, blockchains are much harder to secure, since they need to preserve the order of the ledger (for Bitcoin that's a total-order; there are some chains which only require partial-order). That forces all transactions to jump through hoops, like proof-of-X; even if they're not under attack.
This hardness is what makes them tamper proof, and more resistant to sybil and eclipse attacks than a DHT.
> why impose a log (and hence a total-order of events)?
To quote my linked post:
>> Vitalik, or maybe a charitable non profit organization, signs two PDFs: one says "our new public key is X" and the other says "our new public key is Y." Both of these documents verify correctly, but how do you know which is the latest? One approach is to use Twitter as your append-only timestamped ledger, and broadcast a link to the latest file on IPFS. Another is to build a new centralized service and promise it is secure and will not get hacked or mutated. Another is to rely on a public distributed ledger that is verifiably secure and strongly resistant to modification.
> That's a heck of a hypothetical; and it's solvable without baking order-dependence into everything, e.g. we can embed the hash of one document inside another document; or we can provide hashes-of-hashes (Merkle trees), etc.
Key rotation, financial statements, exchange of assets, loans and borrowing, social messaging interactions, many things in our world are order and time dependent.
Using hashes-of-hashes as you suggest does create an order, but without the distributed consensus mechanism. If there is a fork split, like two key rotation documents both signed by vitalik.eth pointing to two different new addresses and creating two independent chain of hashes, how does the system know which new chain is correct?
To solve this you might store the chain of messages in an append only ledger, like posting on centralized Twittter, or posting on a decentralized blockchain. This is where the original conversation started from: what if instead of having a single centralized and mutable ledger to store these signed messages like keybase.io, you build on top of a decentralized and immutable ledger. Private versus public infra.
You never interacted with hackers right? Here in Germany most of the CCC members are quite the realists there isn't much bluesky thinking done without any merit.
I like Hackernews as a place where you can read articles related to technology, which are sometimes really interesting. As for most of the users and most of the comments, this is just another highly toxic social media platform on par with Facebook
If you want us to come up with problems for you to apply blockchain to, just stop. Find problems and apply whatever solution you need for them.
This applies for any single piece of technology one may want to use. The act of reaching out to the community looking for problems and suggesting you want to use hammers is, to me, a sign that company vision is muddy and unclear.
[edit] This is in no way an endorsement of blockchain, especially how it's used today.