[simias]

How many times will we have to debunk this "physical goods traceability through the blockchain can work and be more efficient than some random SQL database" nonsense? If you trace physical goods you need to trust people not to lie about their nature, if you have trust then you don't need a blockchain and can use something a lot cheaper and more efficient. They should put that on a banner on HN or something, it'll save everybody some time.

I assume that what IBM did was centralizing mango grower info in a database instead having to go through complicated, manual processes. They did that through a Blockchain for some reason but I'm sure you could get similar result in some PostgreSQL DB. Of course I can't know for sure because the announcement is all fluff and hype and no substance.

[philbarr]

> If you trace physical goods you need to trust people not to lie about their nature, if you have trust then you don't need a blockchain and can use something a lot cheaper and more efficient

I think the point is, though, that you can trust someone to be honest whilst someone is watching them, but you can't necessarily trust them not to change their minds at some point in the future. If it's all on the blockchain you have an immutable historical record.

[gldalmaso]

I work on a product that does produce traceability. People put wrong input on forms every day, print labels and stick them into crates. They then ask us to make their code show correctly when searched. Having the wrong product appear on search and an irate client because the blockchain is immutable would generate immense problems.

Why not have auditable mutability? The audit log is the thing that should be immutable.

[qyv]

Immutable data storage does not require blockchain, period. Using blockchain because you need immutable storage is like using a helicopter to cross the street. Yes it works, but they are way more simple, efficient and straightforward technologies that will do the same job better and without introducing a bunch of unneeded features/complexity.

[philbarr]

> but they [sic] are way more simple, efficient and straightforward technologies

can you give examples? where all stakeholders have the same immutable "ledger"?

[beaconstudios]

how about some combination of Merkle trees and HMACs? The person who writes the entry signs it with their private key. No need for PoW miners, a constant internet connection, having nodes compute the head of the blockchain, none of the extra nonsense that blockchains require.

[philbarr]

> some combination of Merkle trees and HMACs?

...and then you could group the ledger entries into "blocks" of merkle trees and signing using HMACs, you mean?

You've basically reinvented the "blockchain". The commercially available blockchains are essentially this - they don't use proof-of-work. The enterprise blockchains are not the same as the one that underpins bitcoin.

[simias]

So where's the innovation? If that's blockchain technology then Linux package managers, PGP, HTTPS and bittorent have been using "blockchain technology" for a long while now. I could've come up with this solution 10 years ago if you had asked me, and I'm really not that clever. Did IBM engineers really just discover public key cryptography?

The current blockchain craze is supposed to find its root in the Bitcoin whitepaper which is about a decentralized distributed trustless immutable ledger. If you remove any of these attributes you end up with something absolutely mundane that definitely doesn't warrant the ridiculous amount of hype, resources and money being poured into it. There are only a very small number of problems that can be solved with a decentralized distributed trustless immutable ledger. That's exactly the point of TFA.

I think this is a very important point to make because many cryptocurrency zealots ofter argue that "the blockchain technology is here to stay, ergo cryptocurrencies is here to stay". Except it turns out that the term became almost meaningless because anything sort of qualifies as a "blockchain" these days, including many centralized systems like IOTA or Ripple or systems that are de-facto centrally managed and mutable (like Ethereum).

If people realize that Blockchain is 90% hype, 9% old technology and 1% actual innovation then maybe they'll think twice about whether having a ~$400 billion market cap for cryptocurrencies is sustainable in the long term.

[ska]

That's the key problem here, people can't agree on what a blockchain is, and keep re-defining it to meet their implementation needs. If you think decentralization is fundamental you won't accept the enterprise blockchains into the definition, but the B2B companies aren't going to look at it that way.

This is what usually happens when marketing around a term gets too froth (see also, AI).

[mirekrusin]

You can use Postgres or whatever as backend to the Blockchain if you wish. Blockchain solutions are maybe 20% Blockchain, 70% cryptography and 10% caching/traditional tech around it (percentages are my rough guess from what I’ve seen). They actually can solve some problems in large corporations relatively easily compared to centralised systems. If I had to summarise in few words why - I’d say it’s because of cryptography patterns and immutable/verifiable/temper resistant, distributed ledger that has completely different security profile from traditional systems - ie there’s nothing to hack except from stealing private keys in which case the damage is limited to areas that this key is covering (usually very small). This has implications in corporate setting because now you can deploy ambitious projects without worrying about security that much...

[simias]

>If I had to summarise in few words why - I’d say it’s because of cryptography patterns and immutable/verifiable/temper resistant, distributed ledger that has completely different security profile from traditional systems

The temper resistance is not god-given, it's a consequence of the miners racing to mine new blocks. If you want the same type of resistance for a custom blockchain then you need to convince a bunch of people to mine your chain. Why would I mine MangoCoin?

So instead immutability is achieved by making a "side-chain" that eventually links to a big and secure chain like Bitcoin or Ethereum. But then it's basically the equivalent of having a SQL database, computing a checksum every day and uploading it in a custom bitcoin transaction. Effectively you could achieve the same thing by computing the checksum, signing it with your PGP key and uploading it publicly on your website for all to see. This way anybody can make copies and if you attempt to modify an old entry in your DB it'll invalidate the checksum and anybody having a copy will be able to prove it.

So with this scheme your SQL database is immutable, verifiable and temper resistant. Unfortunately if you implement it that way your announcement won't make the rounds on social media and give you a lot of free PR and a boost to your stock, so better brand it "with real bits of revolutionary Blockchain(c)(tm) technology inside" instead.

>ie there’s nothing to hack

The Blockchain runs on computers, computers can be hacked. People can forge a bad transaction saying that some mangoes are organic when they're not. People can say mangoes have been stolen when in fact they've been sold to avoid paying taxes. The blockchain isn't harder to hack than any distributed database. The Blockchain isn't magic.

[mirekrusin]

PoW is never used for private/custom blockchains, I've never seen it, it doesn't make much sense. If you insist on saying it's just like sql, you'd have to say it's "just like" replicated, multi-master sql database, with publicly exposed read only access, forbidden deletes/updates, inserts restricted/enforced by triggers/whatever based on asymmetric cryptography of currently connected user.

It's just not the same thing, completely different security profile.

The only way to forge transaction is to steal private key.

Nobody is saying that blockchain will force humans to not click "organic" checkbox for non-organic mangoes, this is absurd - but it can encode digital signature of somebody who checks it so it can be later traced back and allows to write logic that signature is required for the mango to go to the next step in the supply chain for example.

I think you don't realize (most people don't) how many problems this little thing solves.

It's not replacement for sql, big data or what not - it would be silly to say that - when designing blockchain systems you actually spend a lot of time on finding the most minimal thing that has to be stored on the chain for your contracts to enforce all required logic. It allows you to trust data in it without security ceremony/setup.

[solatic]

> there’s nothing to hack except from stealing private keys in which case the damage is limited to areas that this key is covering (usually very small).

On the contrary. Let's say that you institute a blockchain to trace the chain of custody for evidence (not much different than tracing the chain of custody, cough supply chain cough, for mangoes). From the creation of a piece of evidence to transferring custody between different law enforcement officials, each block on the blockchain contains the private key signatures of law enforcement agents who have testified that they have taken custody of the evidence at a certain period of time. In theory, the benefit of a blockchain here is a publicly auditable record of custody which has clear value for the admissibility of evidence at public trial. Imagine that we wave away issues of latency for the sake of argument.

With cryptocurrency, actors are motivated not to share their private keys, because sharing their private key means risking irrevocably giving away all the currency in the wallet controlled by that key. What is the similar motivation here, for law enforcement agents not to share or otherwise compromise their private keys? If one cop tells another cop "hey I need you to do me a favor and sign custody of this evidence now while not actually taking it, so I can take it somewhere else and mess with it to make sure we can for sure put this guy away," or "hey do me a favor, I'm not going to sign custody on this now, but I'll do it later on" - what prevents this from happening?

Is it supposed to be the threat of perjury? Because the courts already have a problem with testimony which has been found to be false, where perjury cases are rarely subsequently prosecuted. Put it this way - just because something is auditable, who will audit it? And how do you police domain violations which are still valid blockchain transactions?

A blockchain where you have a publicly auditable, irrevocable record is meaningless if it doesn't really mean anything for blockchain actors to "act in their own interest". In this case, undermining the private keys is everything, because that's what undermines faith in the entire blockchain.

[mirekrusin]

Normally you'd have independent party/institution that physically verifies and digitally signs facts.

Police officer would issue a request to that 3rd party to sign this fact.

Blockchain doesn't magically make people honest, but it can encode claims that you can verify.

[solatic]

But if you already have a trusted third party, then why do you need a blockchain? The whole point of a blockchain is to avoid the centralization of trusted third parties. At that point you might as well have a normal relational database / transactions with ACID gusrantees.

[mirekrusin]

3rd party is just another actor in the system, they’re not running the system, they interact with it just like ordinary Joe with their private key.