[ethbro]

Isn't that the whole security / obscurity point? That true security only comes by being exposed to active, intelligent, informed adversaries for a sufficient amount of time?

Or, another way: each exploit and oops only improves the system, rather than being a signal of its failure.

And let's be honest, the competition is still "Oops, I accidentally sent $900M to the wrong party." [1]

[1] https://news.ycombinator.com/item?id=24222045

[Analemma_]

> And let's be honest, the competition is still "Oops, I accidentally sent $900M to the wrong party." [1]

The counterargument there is that Citibank is currently pursuing a resolution in the courts to that issue, and if they win they will get their $900M back. If you flub a DeFi transaction, you're shit outta luck.

[TeMPOraL]

And of course, if cryptocurrencies ever become anything more than Internet play money (and environmental disaster), the legal systems of countries worldwide will make sure the same protections apply. So yes, your newest cryptoanarchist token may have totally irreversible transactions (cross my heart, here's the math proof!), but the court can still order the thief to send back the money they stole in a separate transaction, under threat of prison time. The judge will not care that the relevant "smart contract" prohibits such behavior.

Because that's what real-world security ultimately boils down to: men with guns, ready to drag you where the law tells them to. It's not perfect, but it achieves 99% of the effect at the fraction of a cost of a "trustless" proof-of-work system.

[WalterSear]

By definition, if it can be regulated, it's no longer decentralized. And if it's not longer decentralized, blockchains have no benefits over regular databases.

Blockchains solve a very specific problem - decentralized transactions. Unfortunately solving that problem for the world's organized criminals brought a massive amount of heretofore hidden financial activity to light. Consequently, people, most of which don't actually understand blockchains, are trying to replicate this 'bonanza', like moths chasing a light bulb.

There many other use cases for decentralized transactions. But, with so much perceived opportunity at stake, industrial -strength pretzel logic is being applied to the problem, along with eye-popping amounts of venture and FOMO money.

[WalterSear]

Doh, that should have read 'there aren't many other use cases for decentralized transactions'.

[pas]

TLS issuance is decentralized too, yet Certificate Transparency provides accountability, and inclusion into Mozilla's trusted CA list is basically the vetting process that binds CAs to legal entities.

In theory in crypto currency world "staking" is this process.

[lmm]

TLS is not decentralised, it's hierarchical. There are a fairly small number of root CAs, and an even smaller number of browser makers who define their trusted lists.

[pas]

Just the Mozilla CA list has more than a hundred CAs ... https://ccadb-public.secure.force.com/mozilla/IncludedCACert...

And you can install your trust root if you want, for example I can't find any Russian ones in that list, so probably the Russian government uses internal ones. (Their tax authority interestingly uses Sectigo a CA from the UK.)

[AnthonyMouse]

> Because that's what real-world security ultimately boils down to: men with guns, ready to drag you where the law tells them to.

But that's assuming the judge knows who the thief is. One of the main characteristics of cryptocurrency is that you can hold it without giving anyone your social security number.

In that respect it's much the same as cash -- if you get away with it you keep the money, but if you get arrested, they can order you to return it, and seize your house/car/wages/etc. if you don't.

The issue, which creates the demand for cryptocurrency, is that we don't have a digital equivalent of cash that isn't based on proof of work. But the regulatory system could create one quite easily.

[TeMPOraL]

> But that's assuming the judge knows who the thief is. One of the main characteristics of cryptocurrency is that you can hold it without giving anyone your social security number.

You can, but AFAIK it's harder to do that when you're trying to cash out your cryptocoins in fiat (though arguably, this becomes less of a problem for criminals with the growing numbers of goods and services you can pay for with crypto). Still, I think if governments ever allow for a mainstream, sanctioned adoption of digital currency, they won't let it keep this level of anonymity.

[AnthonyMouse]

> You can, but AFAIK it's harder to do that when you're trying to cash out your cryptocoins in fiat (though arguably, this becomes less of a problem for criminals with the growing numbers of goods and services you can pay for with crypto).

It also becomes less of a problem if any of the things you can buy for cryptocurrency can then be resold for fiat, which is already the case.

> Still, I think if governments ever allow for a mainstream, sanctioned adoption of digital currency, they won't let it keep this level of anonymity.

But that's the problem. If you can get it from cryptocurrency then it's available, so the only consideration is whether it's available from the system that isn't built on environmental destruction, thereby removing the demand from the system that is. It would be better if we'd admit that and get on with it.

[rglullis]

In two to three years, Ethereum 2.0 will be using a Proof-of-Stake system and environmental concerns will be no more.

> the court can still order the thief to send back the money.

What if the court can not find the thief? What if the thief is from another nation? What if the thief is another nation?

[sjy]

I’m sure I remember people saying the same thing about proof of stake 2 – 3 years ago. What’s the hold up?

[rglullis]

I am not so sure that people were talking about having PoS already used in 2020. What has been planned was to have the first phase of a PoS on testnets, and this milestone has been hit.

In any case, Ethereum still has a lot of characteristics of a research project. If you follow closely, you start seeing that ideas are explored, some approaches are validated, some are proven impractical, etc. Some delays and hiccups are inevitable. As long as the Ethereum Foundation keeps its transparency and does not overpromise I am fine with it.

[wolco]

So that 2 year timeframe mentioned earlier means very little?

[TeMPOraL]

It will ultimately have to be handled the same way these problems are handled with fiat: through international treaties and multinationals subject to several jurisdictions simultaneously.

[rglullis]

How?

We are talking about a scenario where cryptocurrency become prominent enough that people would be trading with it. Governments and financial institutions can only control the on- and off-ramps from fiat to crypto. So now the US can claim to a quarter billion USD from North Korea [0], but what about a scenario where your assets are just numbers in a ledger that no one can control and these fiat ramps simply are irrelevant?

You want to talk about Governments trying to make it illegal? That is debatable, but a better argument. You want to make the argument that States and Institutions will create their own blockchains with backdoors so that they can override it? That is possible (or actually implemented if you look at Ripple), but that will be no real disruption of the existing global financial system.

I fail to see how "Governments will allow it as it is, but control it" is a possibility, though.

[0]: https://www.forbes.com/sites/danielcassady/2020/08/27/feds-m...

[TeMPOraL]

> I fail to see how "Governments will allow it as it is, but control it" is a possibility, though.

I do not claim that. I believe governments will allow it iff it's in a shape and form they can control. If some features prevent effective oversight, these features will have to be removed for the cryptocurrency to be officially sanctioned.

[ethbro]

It's amazing how many cryptocurrency users are citizens of Panama...

[svachalek]

Citibank is in an argument with other institutions that operate in broad daylight. Crypto nets allow anyone, anywhere to jump into the transaction as a feature. These guys don’t care about New York City police. I don’t think regulators will have any control without having a controlling stake in the ledgers.

[biolurker1]

no environmental disaster at all with POS or other systems different than POW

[alkonaut]

Exactly. There is no way I'd ever want to anything remotely important, or remotely high value, on a system that isn't run by humans and with transactions reversible in courts.

Who is it that uses these smart contracts, and for what? Is it mostly a gadget for research and speculation (still)?

[iSnow]

I work in old industry and the supply chain guys as well as finance is having a boner from the idea of moving their crufty systems to blockchain. The whole paper trail around a bill of lading isn't a joke if you are shipping from say China to South America.

But - like the internet - it's just a fad that will soon pass.

[RhodesianHunter]

It'll never happen on the supply chain because of all of the entities in the middle with zero desire to participate.

[rglullis]

If they don't, they will be put out of business. Do you think if Walmart says "I will only buy from you if I am able to audit you and prove that your shrinkage is less than X%" they are just going to say "Opposite, sorry we can't do that."?

Or if Amazon ever starts a blockchain-based certification system to crack down on counterfeit products, the legit distributors are not going to push down on all their suppliers? Of course they will.

[RhodesianHunter]

This thinking belies a very simplistic view of a very complex supply chain.

Brands like Nike often don't touch their products after they produce the design.

Manufacturing, distribution, shipping, warehousing, sales are all handled by a massive web of smaller entities with long term contracts. Most of these businesses use very very old tech, and will actively resist change.

Its a chicken or egg problem too, since having half of your products on a blockchain is pretty much worthless, it's an all-or-nothing problem which makes it that much more of a massive undertaking.

I've studied this pretty extensively and honestly don't think it'll ever happen. At least unless the current paradigm of supply changes massively.

[rglullis]

For all the scams, ponzi schemes and outright theft that has happened in the blockchain space, I can bet a good amount of money that we as a society lose more every year to corrupt officials, subverted institutions and petty theft than we will ever lose on a system that is not run by humans.

[ivalm]

In total? Yes. As a fraction of total volume? Debatable.

[rglullis]

Some quick Google searches:

- World GDP: 142 trillion USD.

- Global cost of corruption: At least 5% of World's GDP according to WEF. [0]

- Cost of violence: estimated to be 11% of GDP in 2012 [1]

We are already at 16% and we are not even counting resources and parts of the world economy under the control of authoritarian regimes.

[0]: https://www.un.org/press/en/2018/sc13493.doc.htm

[1]https://www.researchgate.net/publication/261037678_Estimatin...

[ivalm]

Then for crypto you need to count what fraction of value is used for illicit activity. Here is a paper estimating its about 46% of transactions [0]. If you look at transactions that cause real economic activity (as opposed to speculation) I bet the fraction would be in the 90%+.

[0] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3102645

[cryptica]

>> each exploit and oops only improves the system

This is not necessarily true. If the system architecture is highly complex and poorly designed, each exploit will result in a patch which will only make the system more complex and more brittle. IMO this is exactly what is happening with Ethereum.