[izqui]

This is Jorge, Tech Lead at Aragon, a platform for creating companies on top of the Ethereum blockchain (DACs). Here is our launch post and mission statement: https://medium.com/aragondec/introducing-aragon-unstoppable-...

We are still early, but we are now in Alpha stage. We have published a small sneak peek of what we are building on aragon.one so you can try out how managing an Aragon company will be like.

Our ambition is for Aragon to be the backbone of a new generation of companies that will thrive in the new decentralized economy. We have focused on building a modular system, in the frontend and in the smart contracts, so modified versions for specific company types/industries could be build (pe. Aragon for Hedgefunds, Aragon for Non-Profits or Aragon for Open Source projects).

Aragon is a fully decentralized app that only needs having a connection to a Ethereum node in order for the core functionallity to work. We will be packaging it and distributing in a Electron binary for ease of use with non-iniciated users. We have integrated Metamask in Electron, so the app can be standalone (more on this soon).

Even though every screenshot in the website and the demo is live code running against the EVM (via TestRPC) and the alpha is working, we are not open sourcing the contracts for a couple of weeks (some cleaning and refactoring needs to be done before they are ready to be public). All the frontend code will be open source too, but we don't have a specific timeline for this. We are open source first and open source only, our core technology needs to be open source so it can be under the scrutiny needed for Aragon to be a secure technology.

[monkmartinez]

The launch post seems to say that Ethereum|Aragon can solve the nation state problem, taxes and a whole host of other "problems" associated with running a business.

How?

How does Aragon eliminate the IRS or DIAN if you are doing business in America or Colombia, respectively?

How does it eliminate regulations on interstate and international commerce?

What companies would actually use this to run their verses say Quickbooks, right now?

What companies have been built on Ethereum so far and how have the principals done with regard to taxes and tariffs?

[aaron-lebo]

It also includes:

You can replace every intermediary with a more efficient and fair decentralized solution.

How?

Decentralized solutions by their nature are less efficient than centralized solutions.

One of the most basic needs in humans’ lives is to transact. Create products, provide services, sell them to others. Add value to their lives. The market.

It’s the core of everything we do, from the moment we wake up to the moment we fall asleep. The market system is how we live.

What does this mean? It sounds like something you'd hear on Silicon Valley. Very rah-rah but where's the substance?

I feel like this is a cool technical solution that is not realizing that the real issue is social and bureaucratic. The way they are pitching themselves doesn't give me faith that they have a solid plan. Hopefully that's not unfair.

[alexmingoia]

Are you dogfooding Aragon? Do you get paid and manage your shares through it?

[seagreen]

What language are the contracts written in? Do you have a specification of that language?

EDIT: Nevermind, I see in an another comment that you're using Solidity. Thanks for the answer!

Now I have a new question. What do you think about the claim that, "Solidity, while being an interesting proof of concept, is dangerously under-contained and very difficult to analyze statically." (http://www.stephendiehl.com/posts/smart_contracts.html)

[DennisP]

Disclaimer: I write and audit Solidity for a living.

The max-callstack issue isn't a problem anymore due to a change in the EVM.

TheDAO was hit with a reentrant call. It's pretty easy to avoid that class of bugs by either (1) putting any external calls (including ether transfers) after all state changes, or (2) using address.send instead of address.call.value. Also, TheDAO was a very convoluted contract; better coding practices help a lot. Any contract that's at all hard to understand is a huge red flag for me.

Solidity may not be a perfect language but it's rapidly improving, statically typed, and has a set of best practices which are fairly well known at this point. The current alternatives aren't nearly as well tested or reviewed, and don't have clear advantages anyway.

There are various experimental projects for more advanced functional-style languages but they're not ready yet. There's also someone at the Foundation working full-time on formal proof systems.

[seagreen]

Thanks for the info. Glad this stuff is being taken seriously by the core part of the community.

[monkmartinez]

Are you paid in Eth or some other form of currency?

[DennisP]

I'm paid a salary in fiat but the company I work for prefers payment in ETH, with Bitcoin its second choice, and our clients are generally happy with that.

[izqui]

I think that Solidity is quickly getting ready for prime time and in 2017 we will see tons of very big and high stake projects getting deployed.

That being said, there are already projects like http://rouleth.com that has been managing an over $100k bankroll with no issues for 8 months now.

To sum up, if the needed security measures are taken, you should be good. And we won't be encouraging anyone to run a company with Aragon in production for the next months until proper security audits have been done.

[seagreen]

Please consider trying to get off of Solidity at some point.

It doesn't matter how much auditing is done, if you're building on a shaky foundation mistakes will eventually slip through. Solidity is definitely a shaky foundation.

I really admire projects like yours for their daring, but that needs to be backed up with hard engineering work. I would hate to see smart contracts go down the path of the "Internet of things" -- finally succeeding only to cause more harm than good due to compounding security vulnerabilities.

[izqui]

Solidity http://solidity.readthedocs.io

[semiel]

Solidity is not an ideal language, but I also think that the ~deep concern~ everyone has about it is overblown. C is a pretty problematic language too, but plenty of reliable software is built in it. Engineering and testing practices are more important than bikeshedding the language itself.

[seagreen]

A flagship Solidity product has already been pwned for $50 million dollars, leading to a hard fork of Etherium. This is not fake "~deep concern~", this is a real problem.

[semiel]

It was a badly designed app written by a couple of over-eager developers who didn't have any security plan in place. If you blamed the language every time a website got hacked, there wouldn't be any languages left.

[seagreen]

Language choice matters. If asked to write a pacemaker in PHP I would refuse.

[johnhenry]

Could you please expand upon this story?

[Alex3917]

Conceptually I like the idea of running our company on this. But do you have any sort of insurance in case something goes horribly wrong?

I'd probably be willing to use this for a side project, but I feel like the prospect of saving even a substantial amount of legal fees isn't enough to risk everything on a new technology that would be a full-time job to actually understand.

That's not to say it's not a good idea, because it is a good idea, but there's a really big lift in terms of getting mainstream adoption.

[izqui]

I completely agree, insurance and proper bug bounty mechanisms are being worked on.