this post was submitted on 09 Aug 2023
1469 points (95.3% liked)

Dank Memes

6146 readers
4 users here now

This is the place to be on the interweb when Reddit irreversibly becomes a meme itself and implodes

If you are existing mods from r/dankmemes, you should be mod here too, kindly DM me on either platform

The many rules inherited from

  1. Be nice, don't be not nice
  2. No Bigotry or Bullying
  3. Don't be a dick!
  4. Censor any and all personal information from posts and comments
  5. No spam, outside links, or videos.
  6. No Metabaiting
  7. No brigading
  8. Keep it dank!
  9. Mark NSFW and spoilers appropriately
  10. NO REEEEEEE-POSTS!
  11. No shitposting
  12. Format your meme correctly. No posts where the title is the meme caption!
  13. No agenda posting!
  14. Don't be a critic
  15. Karma threshold? What's that?

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] vrighter@discuss.tchncs.de 28 points 1 year ago (1 children)

but the transport authority in my country does not use blockchain. And yet I still know I'm the 13th owner of a classic car I own. It's almost as if the type of database used to store the information doesn't matter.

[–] sloppy_diffuser@sh.itjust.works 1 points 1 year ago (4 children)

You are trusting the transport authority in this instance to always report the truth.

My understanding with NFTs is that the previous owner only needs to say it once as part of the sale. Now only you can transfer ownership. No central body needs to be trusted.

Maybe... pretty sure I've seen some articles of NFT chain creators having the ability to revert transactions (e.g., owner was phished). In that case yeah... just use a database.

[–] vrighter@discuss.tchncs.de 10 points 1 year ago* (last edited 1 year ago) (2 children)

yes, I am. how is that different than trusting some random dude minting nfts?

The issue is not what happens after they have been minted (what blockchains claim to solve), but if the data came from a trustworthy source in the first place (which blockchain doesn't, and fundamentally cannot, tackle either)

[–] dx1@lemmy.world 1 points 1 year ago (1 children)

Because the original signer is the car manufacturer. Study existing pki systems a bit.

[–] vrighter@discuss.tchncs.de 9 points 1 year ago* (last edited 1 year ago) (1 children)

That doesn't change anything. How do I trust that the car company has entered valid data? How do I know they won't pull a VW and fudge with data? (they can fudge the data before putting in on the blockchain, so immutability not only doesn't help, but is actually detrimental, in this case) And that is just with one car company. So I have to build trust with each individual car company myself.

How about I outsource the job of verifying the trustworthiness to one single entity dedicated solely to this, whom I trust. That way, I have less work to do, while not changing the fact that I still had to put my trust somewhere in the first place.

And therefore, the transport authority.

pki verifies the originator of the data. It says absolutely nothing about the data itself.

pki does not solve the problem of establishing a solid root of trust. And neither do blockchain technologies

[–] dx1@lemmy.world -1 points 1 year ago (1 children)

The data can't be fudged after the fact. If you say you sold a Nissan Nassina to Bob Jones on Aug 10 2023, that's there forever.

[–] vrighter@discuss.tchncs.de 2 points 1 year ago (1 children)

I don't care about what happens after the data is written in the blockchain. I care that accurate data goes in in the first place. that part blockchain cannot solve. And if inaccurate data does make it in, I want it corrected. So I'd have to trust someone to make those changes.

besides, what do I do if it gets stolen? prove I own it? I can already do that.

and if you do want that immutability, that's what digital signatures are for. We both sign the same copy of a document with our private keys. Then we both keep a copy of the signed document. There is no need for anyone to have a copy of it, nor do we need anyone else's computing power for us to be able to show it has not been tampered with, since we don't have each other's private key. The blockchain is not needed.

[–] dx1@lemmy.world 0 points 1 year ago* (last edited 1 year ago) (1 children)

I don’t care about what happens after the data is written in the blockchain. I care that accurate data goes in in the first place. that part blockchain cannot solve. And if inaccurate data does make it in, I want it corrected. So I’d have to trust someone to make those changes.

That's unsolvable in general besides through consensus algorithms (which blockchain can facilitate). I'm not really sure what the example here is in the analogy we've been using - an auto manufacturer sells a car to someone that's a different model than they wanted? They could refuse purchase.

Blockchain adds authenticity through proof of when it occurred, which is not available through signature chains.

[–] vrighter@discuss.tchncs.de 1 points 1 year ago (1 children)

are you really suggesting that blockchain invented timestamping????

[–] dx1@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

No. Blockchain provides timestamps via the block height,, which means the signer(s) can't forge them.

[–] sloppy_diffuser@sh.itjust.works -3 points 1 year ago* (last edited 1 year ago) (3 children)

There could be a "validator" you choose that has to sign off on the blockchain the seller's claims are true as a condition to finalize the sale. Similar to buyers (in the US at least) selecting and paying for a home inspector when buying a property.

The point is, nobody can change their answer later with lots of independently operated data redundancy. The data is meant to be tamper proof. Its up to you to authenticate identities, delegate authentication, or blind trust the seller before trusting that data.

It's not a one size fits all solution. A better example is if all the transport authorities in the world wanted to share one database. Who would all those transport authorities trust to operate it globally? Probably no organization would have the trust of all of them. With a blockchain, transferring that ownership from being managed by one authority to another would then go through that validation flow where the seller and receiver transport authorities sign off that they authenticated the other out-of-band and that they authorize this transaction as a matter of public record.

The NFT use case is dumb for digital art with the intent they hold value as if the resource is scarce.

The Matter DCL on the other hand I think is a great use case. Apple, Amazon, Google, and many more companies want to share a common database for certified IoT devices. They don't trust each other enough to agree to one company operating this database. They can agree to a certifier, but its not the certifier's role to certify devices and host the infrastructure to automate a device is certified during adoption by a customer. So the big companies built that infrastructure using a blockchain and made it easy for the certifier (account authenticated out-of-band when created) to post certification results. 67% of the companies verify the certifier's identity on the chain matches who they previously authenticated every time a result is posted (automated using public key cryptography). Only then are the results authorized to be published. Since the data is tamper proof, everyone trust those published results.

[–] vrighter@discuss.tchncs.de 4 points 1 year ago (1 children)

You already can't modify my copy of a document digitally signed by you, which I can use to detect/prove that you have attempted to change your copy (because only you can use your private key)

And we already know that blockchains do not solve the root iof trust issue. Why would I suspect data if you tell me said data, but trust that exact same data if you put it in a blockchain and i read it from there? I'm not worried about you changing the words. I'm worried about your words being bullshit in the first place and not being able to have that rectified. Any solution to that involves me trusting some central authority to be able to make those changes, which defeats the purpose completely.

so what's the value add here?

[–] sloppy_diffuser@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago) (1 children)

Tamper proof federated distribution. That's it now that I've had a couple days to think on it. Why use Lemmy when Reddit or even old school forums exist? We (as a generalization) are here because we see value in accessing many forums under one UX and we do not trust Reddiit as a centralized distributer.

If some user here started posting they were a famous person, we wouldn't trust that without some additional verification. Same with blockchain accounts/wallets.

Blockchains provide one possible mechanism that prevents any Lemmy instance from falsely distributing ActivityPub messages from a user that did not author them. False messages can be checked they didn't come from that user since they were not signed with their private key. The rest of the federated distributors would detect the forgery and drop the message.

Sure we could all sign our messages with a PGP key. Blockchains just bake this feature into the distribution.

The last feature, which may or may not be desirable, is that these tamper proof federated distribution channels have a full audit log.

[–] vrighter@discuss.tchncs.de 1 points 1 year ago* (last edited 1 year ago) (1 children)

you don't need blockchain for it to be baked into the distribution. you just need to implement it. You even said how yourself.

The only thing a distributed blockchain would achieve would be that now, every instance needs a full copy of everything on every instance, instead of only the stuff its users are subscribed to.

your proposal also assumes that instances post untanted data in the first place. You seem so focused on verifying who said what. What we need to verify is that what is said reflects reality.

this is not possible. it works with crgptocurrincies because there you're just moving coins that already exist in the system. That way nobody can create coins out of thin air because you can always see where the coin was taken from. This is obviosly impossible with comments. You can't just pre-create all comments and have users distributing those among themselves.

Totally agree you do not need a blockchain. Its just one class of implementations. There are others like Apache Zookeeper, or even just roll your own.

Also really appreciate you engaging with me on the topic. I'm currently working on a federated product (business to business). Blockchains have come up (private chain), so I'm trying to convince myself it brings something to the table as a framework by arguing from the other side.

Verifying who said what is the major concern we are trying to solve. Everyone having a copy of the data is also preferred so each business pays for their own read usage.

Verifying who is who is pretty much solved using traditional PKI with certificates. The what is said is less of a concern so long as we know who said it. The whats in our use case are not digital assets.

We are looking at it like pub/sub kafka-like framework with complete history intact that is immutable without needing to dedicate resources to rolling our own. Co-operators have something to gain by working together (long term) but can also gain by screwing each other over (short term).

Tendermint/Cosmos has been looking pretty attractive as a private chain with ~1s commits (no mining). 67% of the nodes must agree on who signed a message and the order the messages were seen to commit it to the next block. So far its seeming pretty convenient for what we are looking for.

[–] cogman@lemmy.world 4 points 1 year ago (1 children)

This is a hammer in search of a nail.

The way this currently works is certifiers publish lists of what they certify. No block chain needed and if a certifier becomes untrustworthy, you can start ignoring what they say.

Rather than making a pachinko machine of keys, trust, and computational waste, you can simply ask certifiers you care about "is XYZ certified".

There's little value in making certifications immutable.

See UL certification.

[–] sloppy_diffuser@sh.itjust.works 1 points 1 year ago (1 children)

Lemmy analogy might be a better example if it was on a blockchain. Its like if we all started putting PGP signatures at the end of our posts, only its baked into the protocol. That way, as messages traverse the fediverse, they cannot be altered without detection.

Certificate publishers can post on ANY instance and consumers can read those result also on ANY instance, similar to Lemmy. If we didn't see value in a common UX we would all go back to old school forums. Likewise, if we didn't see value in federating, we would be on some centralized platform.

If an account claiming to be Elon Musk said they were going to do an AMA, we won't believe it without additional proof he is controlling the private key of the account that made the claim.

The open ledger (immutable messages) is the big distinguisher. Its like having archive.org or users taking screenshots of a public figure's message before they delete it, but baked into the protocol for every message. Probably not a great social media feature, but for business transactions over a federated distribution channel, its nice to have.

Not all blockchains require mining and create computational waste. See tendermint/cosmos, the one the Matter DCL uses.

[–] cogman@lemmy.world 2 points 1 year ago (1 children)

These are a lot of steps for what we already have that already does this, the internet. In a decentralized fashion no less.

TLS certificates are in fact proof that "this data came from a trusted webmaster." Every communication is secured such that you can't have a third party tamper with legitimate messages.

Certainly this doesn't prevent a website from changing messages (as you point out, archive.org solves that problem). For the most part, that's not really a negative. Things change and sometimes the old information needs to be corrected.

The internet goes a step further, though, because we have a set of trusted certificate managers we can know for sure that the signed cert we get from "google.com" is actually from the owners of google.com. An issue with the block chain is there are no trusted 3rd parties saying for sure "this signature came from X". So how can you tell that the public key you are looking at is actually musk's and not someone else's? What about the case of musk losing his key (which, hilariously, happened with the Q poster on 4chan). You end up needing to rely on some out of chain communication to re-establish the new set of facts and to (importantly) invalidate future communications in the case that the old key is actually compromised.

All these problems are solved with TLS.

Certificate publishers aren't having problems getting their certificates out there or letting the general public know about them. Go to ul.com and you to can see what UL has certified.

The only benefit I'm seeing is you can see that UL revokes a cert for some reason. But that's generally not something you care about. When looking for certification you want to know "what is the current certification status of this". Nothing more.

Blockchains I fully agree don't deal with trusting a public key. Something out-of-band is needed if you need to trust the author of a claim and not just the claim is consistent. Concsistancy is where I see a block chain adds value.

Lets look at Matter which is operated by a coalition of companies (connectivity Standards Alliance or CSA).

What if the CSA wants many certifiers and not just ul.com?

What if the CSA wants a single datastore of those results? Maybe ul.com stops certification for Matter devices and no longer wants to maintain infrastructure for the CSA. The CSA then needs a cache of past certifications some place then.

What if CSA members don't trust any one company in the coalition to host that federated datastore? For example, Apple fears if Google hosted they will introduce random faults when queried to cause a poor user experience when checking an Apple product. Nobody is neutral enough that everyone can agree on one company to host. Since this is an international standard, it could be the US and China won't agree on a host. Point is, nobody trusts anyone to consistently report the same thing.

They don't even trust an outside entity like ul.com to provide consistent reports.

Once its been said on a blockchain, it cannot be unsaid. It would take 2/3 of the coalition to agree to a false result to screw over the other 1/3.

Important decisions like votes on what accounts/wallets on the chain can post certification results also requires a 2/3 majority that can be audited on the ledger. Trust of those accounts is established off the blockchain.

If a certifier doesn't want to certify a device, a blockchain won't solve that. Its solves the trust problem that results will be consistent during the millions of requests for a certification result. My bank has a trusted certificate as a trusted web master. Doesn't mean they won't give me different loan options based on location/browser/any other meta data they can get. That is their right to not give consistent results. That doesn't mean there are not any use cases for it.

[–] JollyG@lemmy.world 2 points 1 year ago

There could be a “validator” you choose that has to sign off on the blockchain the seller’s claims are true as a condition to finalize the sale. Similar to buyers (in the US at least) selecting and paying for a home inspector when buying a property.

In other words, for blockchain technology to be applied to sales validation, there needs to be a central authority who everybody trusts, that can validate transactions.

[–] yata@sh.itjust.works 3 points 1 year ago

Cryptobros are the last persons I would trust with anything much less actual currency.

[–] AeonFelis@lemmy.world 2 points 1 year ago

You are trusting the transport authority in this instance to always report the truth.

If my car gets stolen, the police is going to be the one that needs the location data to track it. If I get stopped by cops, they will be the ones to look at the data to verify that it's legally registered and that I legally own it. If I buy a stolen car, the police and the DMV are the organizations I'm going to get in trouble with.

Even if the registration itself is decentralized, it's usage is centralized - it's always the state that checks it. Even when I check the registration with the seller to make sure it's legit, I do it because I know the police or the DMV is going to check the very same registration. I mean, there are some used TVs that cost more than some used cars, but I wouldn't check their registration (which does not exist) because the police is not going to check my TV's registration (I'm not from the UK 😜)

With that in mind - we don't lost much when we trust the state to operate the centralized database. If they wanted to scam us they could do it just as easily when checking the blockchain. Sure, maybe having it decentralized will make it easier to prove in court (which - let me remind you - is also state operated) if they do decide to fake their own blockchain queries, but at this point it's nowhere near worth the extra operation cost of the blockchain.

Same with things like tickets - the organizer is going to check your ticket anyway, and if they decide to scam you they can just not let you enter even if the blockchain says you really do own the ticket. Or even better - just mint NFTs for tickets for a fake event that is never going to actually happen. So why not just let the organizer run the centralized database?

Software activation too - let the developers run the keys database. If they wanted to scam you they could just block your login even if the blockchain says you own the NFT.

And note that in all these examples, the organization that could run the centralized database has much less incentive to scam you than some random seller (or scalper). Yes, an incentive to scam always exists, but its strength should be taken into account and compared to the cost of the scam-prevention mechanism suggested.

Decentralization works for JPEG NFTs because they are worthless. You don't verify them to get anything useful - the closest thing to it is Twitter showing an octagon around verified NFT profile pictures - which is easy to bypass.

[–] droans@lemmy.world 1 points 1 year ago

And with NFTs, you're still trusting the regulators because they have to enter the information to begin with.

There's always going to be some external trust at some level. NFTs just add an unnecessary layer to it all.