|
|
|
|
|
|
by mgkabar
3175 days ago
|
|
|
It really seems like the most appropriate response to this is indeed ¯\_(ツ)_/¯ You're assuming quite a lot of this hypothetical hacker - the response above clearly addresses the hypothetical by stating "here are the relevant reasons why this hypothetical is impossible or at least unlikely, and here are the relevant sections in the whitepaper for more verbose information". >The many sentences that come before the shrug do nothing to address the very realistic scenario of a breach. If you're assuming blackhat success for any conceivable project/company/database regardless of security measures taken to prevent it, what would an appropriate response even look like? What kind of answer would satisfy you? |
|
|
Yes, by saying "the hypothetical is moot". Moot. And why? Because "in principle" "this should ... prevent the circumstances enabling such an exploit from ever happening.". Moreover, that we should simply trust that the intrinsic balance of economics means successful projects cannot exhibit a state in which a breach would be profitable, and anyway that the combination of someone smart enough, mean enough and motivated enough to breach is inconceivable.
Which could all be acceptable. Except if they're wrong even once, you lose everything.
> What kind of answer would satisfy you?
I see this response a lot on HN, and it's an obviously cheap shot.
If the asymmetry of outcomes in the two types of breaches is not obvious to you, then lets talk it out.
If an attacker breaches your real world company servers, they can cause a lot of damage. No question. They can steal IP, records, etc etc etc. The examples are legion. You're right.
But if they breach your Colony dAPP? They own you. Not metaphorically. They take de facto ownership of whatever value you've created.
No matter how incredibly well you can hack eg. Apple, you can't ever take over total ownership and control. Even if you hacked the Exchanges and somehow reset all the records, even if you compromised key board members, etc etc in the real world we have recourse, we have liability, we have laws and courts and means to make claims and pursue remedies.
But on the Blockchain? All your Colony are belong to someone-else the moment you edge-case a smart contract. Permanently. (Unless you can convince Vitalik et al to re-fork, case in moot point.) The equivalent would be if Apple ran a server that if you could figure out how to breach you could take ownership of Apple and total control of its operations.
So, "what kind of answer would satisfy"? One in which the design did not fundamentally and existentially depend on no-one ever figuring out a combination to a lock that gave them total and immutable control of a store of ever increasing value.
> It really seems like the most appropriate response to this is indeed ¯\_(ツ)_/¯
Except, if you've ever been decently burned by a clause in a contract, you'll know that the actual felt response is not even close to ¯\_(ツ)_/¯