Author Topic: Nxt Rollback & Bitshares - Just an Idea for Consideration  (Read 11195 times)

0 Members and 1 Guest are viewing this topic.

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
i think that 5 years from now I will either completely lose my investment in bitshares x either BM will get the Nobel price! I think  option 2 is more likely. ;)

Quote
hink you have to view these thinks like pressurized systems, if you don't provide a release valve then they can explode under heat. 

Well said...Is it possible somehow the system to identify suspicious transactions and block the funds for some time? for example when the whole market cap is $20 mil if a transaction that is more than 5% of the market cap is not processed within seconds but rather takes 1 day to clear?

Offline bytemaster

The point of making it "hard" to do is that it means it is less likely to happen.   People need to know that it is "hard" so they can trust the system. 

In my original idea I probably didn't make it clear enough that:

1) Only a delegate could make the proposal
2) The act of making the proposal must come with a non-refundable fee of large magnitude ($1 million) that is paid to shareholders
3) Majority of delegates must approve
4) Must happen quickly, ie: not effect balances over 24 hours old.

A hard fork costs a network millions and those millions will be paid if it will save the network 10's of millions.   

The presence of such an automated system means that the network can "capture" the millions a hard-fork would have caused. 

Because the fee is so expensive, no one would dare cry wolf or use this option lightly.
Because the fee is non-refundable even if the delegates vote "no" then it is not likely to be paid unless there is already support/consensus.

But perhaps most importantly, the fact that a procedure exists means that suggestions to hard-fork to bypass the pre-established procedure will be roundly rejected. 

I think you have to view these thinks like pressurized systems, if you don't provide a release valve then they can explode under heat. 

I think that the community should establish some very sound guidelines prior to the event that server to minimize moral hazard:

1) An exchange that didn't use cold storage... is ineligible
2) Failure to use multi-sig...
3) .... 

All of that said, with BitUSD there is almost no reason to keep your funds on exchanges any more.  So perhaps a VERY HARD policy on this would be best. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline yellowecho

Hard rule of no rewrites has least moral hazard.

After further thought, I think this is the best choice.  Multi-sig might be the way to go
696c6f766562726f776e696573

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
For me it's a question of whether you can design a system that gives shareholders confidence these actions will only be taken in the big cases & when there is a definite clear consensus.

In every other system the answer is no, because you don't have the ability to provide that confidence. So I would not be in favour of a rollback for NXT.

This is *exactly* the problem actually.  If the rollback is only used in big cases, it means that it is safe to be part of a very popular NXT failure but not part of a small one (Because it won't be serious enough to be rolled back) - This will have a very centralizing effect where if you're going to be part of an exchange, well it better be the biggest exchange because otherwise people will say "Well it's not so bad, it wasn't the biggest exchange so we'll survive this". 

The rules need to be the rules, if you create conditions under which the rules and history itself can be re-written you will be inviting those who want to reinvent history to create exactly the conditions you are trying to avoid.  If it was not desirable to rewrite history such a mechanism could work, but because there are many ways individuals and groups and profit from rewriting history it's a very bad thing to codify in a way that is "OK".

It's concerning more people don't see this intractable issue.

We don't have to reward too big to fail. We could tax bter or burn all of it. I just don't want the hacker walking round with 50 million he can dump on the share price at any time.

You would want to tax them.  It would align the incentives in a superior way. 

At the end of the day, it will still be up to the delegates what they wish to do.  So our arguments on this board are largely superfluous.  The question is, should someone put in a mechanism to do this cleanly so it can maximize harm reduction ?  Or is it bad to make it "easy" to do, (while still requiring a majority, it could even be a large majority).

The beauty of all this is that even if the delegates went against the community consensus in some weird scenario, the community could fork around them. 

« Last Edit: August 19, 2014, 04:56:59 am by gamey »
I speak for myself and only myself.

Offline bytemaster

Quote
Then as soon as the hard rule is formalized, some south African cartel kidnaps the ByteMaster and demands that half of all bit shares be sent to a certain address, within 12 hours, or they terminate him.

Lets not give anyone any ideas.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Brent.Allsop

  • Sr. Member
  • ****
  • Posts: 242
    • View Profile
    • Canonizer.com
Dang, I'm trying to get my head around all these great ideas, and trying to monitor if there is any consensus forming.  Many people have summarized there view, but it's hard to merge any of these summaries together to see how many people agree.

I guess I'm spoiled, because that is what we get at Canonizer.com.  There are lots of good ideas being thrown out there, which lots of people seem to be agreeing with, and there is a lot of stuff that seems like trash to me,  but I might just be not fully understanding what some are saying.  If there was some measure of real consensus, so all the best ideas could rise to the top, so we could easily ignore all the bad ideas being thrown out there, like we get at Canonizer.com, that would sure help.

Wouldn't it be great to have a concise description and survey of all the best possible solutions being proposed in a consensus building way, and a quantitative measure of how many people thought each of the possibilities was important?  How many people are there, really that are for absolutely no hard forks or no hard rollbacks, under any conditions?  How many people think differently, how is this changing, over time, why?

It seems like a consensus is forming around a hard rule for never any roll backs.  So let's say we formalized that, and all the delegates indicate they are 100% for that, and will never authorize a roll back.

Then as soon as the hard rule is formalized, some south African cartel kidnaps the ByteMaster and demands that half of all bit shares be sent to a certain address, within 12 hours, or they terminate him.

The bottom line is, dumb hard and fast rules are what bureaucracy is all about.  If millions of -people can find a way to work, dynamically, instantly, in an amplified wisdom of the crowd, we can know 90% of the holders will buy into this action, in an instant, we will be able to face, intelligently adapt to, and out compete any threat, or any competitor.

« Last Edit: August 19, 2014, 02:24:18 am by Brent.Allsop »

Offline Riverhead

My views on this are pretty straight forward. Basically the road to hell is paved with good intentions.

Some basic tenants of my stance:

1) A blockchain is first and foremost a ledger. It is an immutable record of transaction that happened (just or unjust). We shouldn't play time traveler with the ledger.

2) For lack of a more elegant way to state it: people over a long enough period of time suck.

That said other precautions can be taken in the event of what happened with NXT.  Thefts happen. There going to keep happening. What is up to us to figure out is how to mitigate the financial damages to those stolen from. This is what insurance is for.

So far not a single theft has been the fault of the protocol itself, certainly not in the case of NXT. Therefore if people want to protect themselves from such events they can start an insurance DAC, be more proactive about how they secure their wealth, etc.

Bottom line: The A in DAC stands for Autonomous for a reason. People basically suck over a long enough period of time. Good intentions are abused by bad actors.

No roll backs. Ever. We are not time travelers.

You still haven't addressed the scenario of governments being the thief. They have confiscated people's gold in the past so it is very possible.

Suppose your government confiscated your stash of Bitshares using legal force? Is there anything you or the protocol could do?


If an entity compels someone with a gun to their head (metaphorical or otherwise) there isn't much you can do about it from software. Also, how the community would vote on such a situation is, again, human. Would you be willing to roll back the blockchain in the event of Silk Road's BTC confiscation?  Why or why not? The whole point of an autonomous system is that it removes that judgement call.


In this particular scenario I am compelled to turn over my stash by an agency in power. The "people in charge" decide to roll back the blockchain and I get my funds back. I get raided again and am compelled to release all my funds. Rinse and repeat.

Offline luckybit

  • Hero Member
  • *****
  • Posts: 2921
    • View Profile
  • BitShares: Luckybit
My views on this are pretty straight forward. Basically the road to hell is paved with good intentions.

Some basic tenants of my stance:

1) A blockchain is first and foremost a ledger. It is an immutable record of transaction that happened (just or unjust). We shouldn't play time traveler with the ledger.

2) For lack of a more elegant way to state it: people over a long enough period of time suck.

That said other precautions can be taken in the event of what happened with NXT.  Thefts happen. There going to keep happening. What is up to us to figure out is how to mitigate the financial damages to those stolen from. This is what insurance is for.

So far not a single theft has been the fault of the protocol itself, certainly not in the case of NXT. Therefore if people want to protect themselves from such events they can start an insurance DAC, be more proactive about how they secure their wealth, etc.

Bottom line: The A in DAC stands for Autonomous for a reason. People basically suck over a long enough period of time. Good intentions are abused by bad actors.

No roll backs. Ever. We are not time travelers.

You still haven't addressed the scenario of governments being the thief. They have confiscated people's gold in the past so it is very possible.

Suppose your government confiscated your stash of Bitshares using legal force? Is there anything you or the protocol could do?
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline Empirical1

  • Hero Member
  • *****
  • Posts: 884
    • View Profile
What about snapshotting with the rollback enabled and airdropping us identical shares on a new blockchain.

Offline Riverhead

My views on this are pretty straight forward. Basically the road to hell is paved with good intentions.

Some basic tenants of my stance:

1) A blockchain is first and foremost a ledger. It is an immutable record of transaction that happened (just or unjust). We shouldn't play time traveler with the ledger.

2) For lack of a more elegant way to state it: people over a long enough period of time suck.

That said other precautions can be taken in the event of what happened with NXT.  Thefts happen. They going to keep happening. What is up to us to figure out is how to mitigate the financial damages to those stolen from. This is what insurance is for.

So far not a single theft has been the fault of the protocol itself, certainly not in the case of NXT. Therefore if people want to protect themselves from such events they can start an insurance DAC, be more proactive about how they secure their wealth, etc.

Bottom line: The A in DAC stands for Autonomous for a reason. People basically suck over a long enough period of time. Good intentions are abused by bad actors.

No roll backs. Ever. We are not time travelers.
 
« Last Edit: August 19, 2014, 01:34:56 am by Riverhead »

Offline Empirical1

  • Hero Member
  • *****
  • Posts: 884
    • View Profile
For me it's a question of whether you can design a system that gives shareholders confidence these actions will only be taken in the big cases & when there is a definite clear consensus.

In every other system the answer is no, because you don't have the ability to provide that confidence. So I would not be in favour of a rollback for NXT.

This is *exactly* the problem actually.  If the rollback is only used in big cases, it means that it is safe to be part of a very popular NXT failure but not part of a small one (Because it won't be serious enough to be rolled back) - This will have a very centralizing effect where if you're going to be part of an exchange, well it better be the biggest exchange because otherwise people will say "Well it's not so bad, it wasn't the biggest exchange so we'll survive this". 

The rules need to be the rules, if you create conditions under which the rules and history itself can be re-written you will be inviting those who want to reinvent history to create exactly the conditions you are trying to avoid.  If it was not desirable to rewrite history such a mechanism could work, but because there are many ways individuals and groups and profit from rewriting history it's a very bad thing to codify in a way that is "OK".

It's concerning more people don't see this intractable issue.

We don't have to reward too big to fail. We could tax bter or burn all of it. I just don't want the hacker walking round with 50 million he can dump on the share price at any time.
« Last Edit: August 19, 2014, 01:32:43 am by Empirical1 »

Tuck Fheman

  • Guest
I'm for no rollback or no "reorganization" of the blockchain in such circumstances.

Offline luckybit

  • Hero Member
  • *****
  • Posts: 2921
    • View Profile
  • BitShares: Luckybit
For me it's a question of whether you can design a system that gives shareholders confidence these actions will only be taken in the big cases & when there is a definite clear consensus.

In every other system the answer is no, because you don't have the ability to provide that confidence. So I would not be in favour of a rollback for NXT.

This is *exactly* the problem actually.  If the rollback is only used in big cases, it means that it is safe to be part of a very popular NXT failure but not part of a small one (Because it won't be serious enough to be rolled back) - This will have a very centralizing effect where if you're going to be part of an exchange, well it better be the biggest exchange because otherwise people will say "Well it's not so bad, it wasn't the biggest exchange so we'll survive this". 

The rules need to be the rules, if you create conditions under which the rules and history itself can be re-written you will be inviting those who want to reinvent history to create exactly the conditions you are trying to avoid.  If it was not desirable to rewrite history such a mechanism could work, but because there are many ways individuals and groups and profit from rewriting history it's a very bad thing to codify in a way that is "OK".

It's concerning more people don't see this intractable issue.

What about in the scenario of police confiscation? Could the network agree to burn in this instance?

One way to do it would be if the previous owner elects to enable the network to burn in the instanced of confiscation. Currently technology doesn't allow proof of event or a sure way to confirm police confiscation.

But in the case that it did happen then the original owner gains nothing by electing to give the network the power to burn his stash.

In the end though it's too complicated to be worrying about this right now. It creates unnecessary confusion. It's like trying to have a dynamically generated digital constitution when we don't even have a fully functioning static digital constitution.

For today let the rules be the rules because that is what works best. If the black swan event occurs then we can react to it then and it will not be so difficult to discuss and decide what to do. If governments confiscated over 51% of Bitshares it's pretty obvious to me that there would be a rollback.

Just like if the Bitcoin community discovered that the government somehow owned most of it's coins they would have to do something if mining/Proof of Work cannot generate new coins. They rely on Proof of Work to allow themselves to have static rules. The FBI can confiscate a lot of coins and even be the largest address but because new coins are always being created it's not like the FBI could ever get 51% of the hashing power even if they had 51% of the coins.

Proof of Stake is different. If the government got 51% of the stake then DPoS would be owned by the government. In that instance we might want to hit the panic button if we saw that kind of takeover attempt.

Hard rule of no rewrites has least moral hazard.


Sent from my iPhone using Tapatalk

The only black swan event which I could think of to justify burning a stash is a scenario where governments around the world start raiding and confiscating in unison. At that point it would be clear that it's an attempt to own Bitshares.

But even with these attacks the people who have escaped from confiscation along with the delegates can fight back. I think this black swan event is actually very likely to happen because it has happened with Bitcoin.

There shouldn't be rewrites but it might be possible to invalidate and burn a stash. The problem is to build this in right now creates risks and there is no evidence of the black swan event just yet. It could be that enough governments embrace it that its seen as just another technology, we just don't know yet.

« Last Edit: August 19, 2014, 01:31:02 am by luckybit »
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline bytemaster

Hard rule of no rewrites has least moral hazard.


Sent from my iPhone using Tapatalk
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline AdamBLevine

  • Sr. Member
  • ****
  • Posts: 492
    • View Profile
    • Let's Talk Bitcoin!
For me it's a question of whether you can design a system that gives shareholders confidence these actions will only be taken in the big cases & when there is a definite clear consensus.

In every other system the answer is no, because you don't have the ability to provide that confidence. So I would not be in favour of a rollback for NXT.

This is *exactly* the problem actually.  If the rollback is only used in big cases, it means that it is safe to be part of a very popular NXT failure but not part of a small one (Because it won't be serious enough to be rolled back) - This will have a very centralizing effect where if you're going to be part of an exchange, well it better be the biggest exchange because otherwise people will say "Well it's not so bad, it wasn't the biggest exchange so we'll survive this". 

The rules need to be the rules, if you create conditions under which the rules and history itself can be re-written you will be inviting those who want to reinvent history to create exactly the conditions you are trying to avoid.  If it was not desirable to rewrite history such a mechanism could work, but because there are many ways individuals and groups and profit from rewriting history it's a very bad thing to codify in a way that is "OK".

It's concerning more people don't see this intractable issue.
Email me at adam@letstalkbitcoin.com