[mirekrusin]

You can use Postgres or whatever as backend to the Blockchain if you wish. Blockchain solutions are maybe 20% Blockchain, 70% cryptography and 10% caching/traditional tech around it (percentages are my rough guess from what I’ve seen). They actually can solve some problems in large corporations relatively easily compared to centralised systems. If I had to summarise in few words why - I’d say it’s because of cryptography patterns and immutable/verifiable/temper resistant, distributed ledger that has completely different security profile from traditional systems - ie there’s nothing to hack except from stealing private keys in which case the damage is limited to areas that this key is covering (usually very small). This has implications in corporate setting because now you can deploy ambitious projects without worrying about security that much...

[simias]

>If I had to summarise in few words why - I’d say it’s because of cryptography patterns and immutable/verifiable/temper resistant, distributed ledger that has completely different security profile from traditional systems

The temper resistance is not god-given, it's a consequence of the miners racing to mine new blocks. If you want the same type of resistance for a custom blockchain then you need to convince a bunch of people to mine your chain. Why would I mine MangoCoin?

So instead immutability is achieved by making a "side-chain" that eventually links to a big and secure chain like Bitcoin or Ethereum. But then it's basically the equivalent of having a SQL database, computing a checksum every day and uploading it in a custom bitcoin transaction. Effectively you could achieve the same thing by computing the checksum, signing it with your PGP key and uploading it publicly on your website for all to see. This way anybody can make copies and if you attempt to modify an old entry in your DB it'll invalidate the checksum and anybody having a copy will be able to prove it.

So with this scheme your SQL database is immutable, verifiable and temper resistant. Unfortunately if you implement it that way your announcement won't make the rounds on social media and give you a lot of free PR and a boost to your stock, so better brand it "with real bits of revolutionary Blockchain(c)(tm) technology inside" instead.

>ie there’s nothing to hack

The Blockchain runs on computers, computers can be hacked. People can forge a bad transaction saying that some mangoes are organic when they're not. People can say mangoes have been stolen when in fact they've been sold to avoid paying taxes. The blockchain isn't harder to hack than any distributed database. The Blockchain isn't magic.

[mirekrusin]

PoW is never used for private/custom blockchains, I've never seen it, it doesn't make much sense. If you insist on saying it's just like sql, you'd have to say it's "just like" replicated, multi-master sql database, with publicly exposed read only access, forbidden deletes/updates, inserts restricted/enforced by triggers/whatever based on asymmetric cryptography of currently connected user.

It's just not the same thing, completely different security profile.

The only way to forge transaction is to steal private key.

Nobody is saying that blockchain will force humans to not click "organic" checkbox for non-organic mangoes, this is absurd - but it can encode digital signature of somebody who checks it so it can be later traced back and allows to write logic that signature is required for the mango to go to the next step in the supply chain for example.

I think you don't realize (most people don't) how many problems this little thing solves.

It's not replacement for sql, big data or what not - it would be silly to say that - when designing blockchain systems you actually spend a lot of time on finding the most minimal thing that has to be stored on the chain for your contracts to enforce all required logic. It allows you to trust data in it without security ceremony/setup.

[solatic]

> there’s nothing to hack except from stealing private keys in which case the damage is limited to areas that this key is covering (usually very small).

On the contrary. Let's say that you institute a blockchain to trace the chain of custody for evidence (not much different than tracing the chain of custody, cough supply chain cough, for mangoes). From the creation of a piece of evidence to transferring custody between different law enforcement officials, each block on the blockchain contains the private key signatures of law enforcement agents who have testified that they have taken custody of the evidence at a certain period of time. In theory, the benefit of a blockchain here is a publicly auditable record of custody which has clear value for the admissibility of evidence at public trial. Imagine that we wave away issues of latency for the sake of argument.

With cryptocurrency, actors are motivated not to share their private keys, because sharing their private key means risking irrevocably giving away all the currency in the wallet controlled by that key. What is the similar motivation here, for law enforcement agents not to share or otherwise compromise their private keys? If one cop tells another cop "hey I need you to do me a favor and sign custody of this evidence now while not actually taking it, so I can take it somewhere else and mess with it to make sure we can for sure put this guy away," or "hey do me a favor, I'm not going to sign custody on this now, but I'll do it later on" - what prevents this from happening?

Is it supposed to be the threat of perjury? Because the courts already have a problem with testimony which has been found to be false, where perjury cases are rarely subsequently prosecuted. Put it this way - just because something is auditable, who will audit it? And how do you police domain violations which are still valid blockchain transactions?

A blockchain where you have a publicly auditable, irrevocable record is meaningless if it doesn't really mean anything for blockchain actors to "act in their own interest". In this case, undermining the private keys is everything, because that's what undermines faith in the entire blockchain.

[mirekrusin]

Normally you'd have independent party/institution that physically verifies and digitally signs facts.

Police officer would issue a request to that 3rd party to sign this fact.

Blockchain doesn't magically make people honest, but it can encode claims that you can verify.

[solatic]

But if you already have a trusted third party, then why do you need a blockchain? The whole point of a blockchain is to avoid the centralization of trusted third parties. At that point you might as well have a normal relational database / transactions with ACID gusrantees.

[mirekrusin]

3rd party is just another actor in the system, they’re not running the system, they interact with it just like ordinary Joe with their private key.