76
submitted 1 year ago* (last edited 1 year ago) by Mikina@programming.dev to c/programming@programming.dev

Hello!

When I was creating a CTF for a conference, I've finally got to learn about how blockchain and smart contracts actually works in practice, and the whole concept is simply brilliant. A quick introduction for those unfamiliar with it would be in this summary, but just to summarize how I basically understand it, blockchain is simply a VM that runs code (smart contracts) a both the code, and result of every execution of it is calculated by a bunch of users (so, mining is basically running a VM) and appended into the blockchain based on some kind of consensus and proof of work. This means that you get a single source of truth and history of every execution of a smart contract that is decentralized and you can rely on it.

But, almost every use of blockchain or smart contracts I have seen has pretty large issues either in sustainability in the long term, or in cases where you simply need some form of an authority to prevent and punish misuse. While I'm not really that much familiar with every use of blockchain so far, I will first list what I've already thought about or seen, and the main issues that I think are a deal-breaker for choosing blockchain for that kind of tasks. It's possible that some of the issues are wrong or have already been solved, so please correct me if I'm wrong - my knowledge of blockchain isn't really that in-depth.

First and the most common use is the one you are probably most aware of - cryptocurrencies. If I ignore the biggest and most unfortunate issue of cryptocurrencies turning into an investment-only product, with hugely volatile and inflated price that is not backed by any kind of real value (sure, you can pay with BTC, but it's slow, expensive and super volatile to be useful, so the only real use is to literally sell it to others for a profit - which also basically means you are scamming someone out of their money down the line), I see the following problems with using blockchain for currencies:

  • Longevity - The ledger size is already getting massive, only after a few year. It's not sustainable, and it will eventually be really hard to keep the whole ledger at a large enough number of places to not run into problems of integrity. It's growing exponentionally, and is at around 500Gb after around 10 years.
  • Gas cost - It's getting harder and harder to mine and confirm new transactions, which increases the cost while also making less people able to mine new transactions without being at a loss. This will only get worse, and eventually lead to the 50% problem (if someone controls 50%+ of mining nodes, he can confirm fake transactions or do whatever he wants with the blockchain) being a real issue.
  • Lack of moderation - This may be one of the more controversial issues, because it goes directly against the whole idea of cryptocurrencies, but is one of the biggest problems I see that are in the way of crypto being able to be considered for wider use. We live in a world where some people are dicks that are not afraid to steal and cheat, and something like a currency simply has to be moderatable. You need to be able to punish criminals, and take back what they have stolen. If someone doesn't pay their debts and owns me money, the government should be able to just take the money if they have them. If someone uses an account for scamming and stealing, it should be possible to freeze it.

The last issue will eventually show in most of the other uses of blockchain as well, and while I have included it, I'm still not sure how I feel bout it. In an ideal world, you would not have to deal with something like this. I would also really like to have an option to do my transactions privately, without anyone being able to profile my behavior and data, but such a system would have to allow for some safeguards against missuse to be widely adoptable. (Which is an interresting off-topic question - would it be possible to create a system that is private, but also has the possibility for trusted authorities to freeze accounts and force transactions?) And the more that I think about it, the more I'm certain that I'd rather have a centralized system where you can punish criminals and scammers, than a system where lives of people are regularly ruined by someone stealing all of their savings unpunished. But it is a thin line - I only say that because I live in a country that is all-right and I can trust my government - for now. But I definitely agree that such a private unmoderated option should exist - but can't be considered for widespread use, which I've heard some people say that "crypto will replace cash in a few years". And this is why it never will, IMO. But this discussion shouldn't be about whether this is a good opinion or not - but more about "what blockchain is a good tool for".

Next one are NFTs. I will just quickly gloss over them, because they are even bigger scam than crypto is. Ever heard someone say "Someone has copied and minted my NFT?". Well, it's a shame that there isn't some kind of centralized authority that could, you know, not allow them to do that.

Another use I've heard someone praise as "the future" was lending money. I'm not sure what were they talking about, but the whole point was that you can... Escrow an amount you are borrowing, and then borrow the same amount? It didn't make any sense, so I guess I'm missing something, but then again - we have the same issues as above, while also it being just a bizare idea - why simply not use the amount you already have? The person tried to explain it to me, but it just feels gimmicky. And if you escrow a lesser amount, you then have the same problem with moderation as above - nothing can force you to return the money (unless it is already escrowed, but then, why??)

So far, every use of blockchain I have heard about would be better done in a centralized fashion, especially as far as longevity is concerned. The growing ledger size and increasing gas cost, along with the 50% problem simply makes most of these kind of uses too impractical to work on a larger scale.

But I really like the concept and idea of smart contracts, and I'm sure there has to be some kind of use that is not as "revolutionary" or large scale. I'm just having hard time coming up with any.

I have only one - voting, and maybe transparent randomization (i.e lottery). Smart contracts are an amazing way to collect votes transparently but privately, since you can be sure that no-one can cheat, if you set it up properly. It's also something that doesn't suffer from the longevity problem, because it's more of a one-shot use of blockchain, rather than something ongoing - which also justifies the price.

(tl;dr feel free to start here:) Which is what I'm interested in - does any of you have similar ideas for use of smart contracts and blockchain, that would be practical in a daily live? Be it one-shot smart contracts for a small task, such as voting or random winner selection, maybe some kind of escrow. It doesn't have to be a "society changing system", or something revolutionary. A common small code snippets or apps that would solve the trust issue inherent to a centralized task is what I'm after - but have hard time coming up with.

And just a disclaimer - I don't plan on building anything and am not fishing for the next blockchain thing, I barely even understand it. I would just like to incorporate blockchain into my programming repertoire as a tool, because the concept feels so clever, but is also misused or misunderstood due to hype, but it has to have it's uses that are overshadowed by people jumping on the blockchain bandwagon without considering whether it's really the best tool for the job.

But is has to be a good tool for some kind of problems, right? And I would like to start a discussion about what would that be, without it being affected by the hype and reputation surrounding blockchain. I feel like that would be an interesting though exercise, and I'm sure we can come up with some interesting little uses here and there, without it being gimmicky but actually the best tool for the job.

Thank you!

EDIT: And I'd like to add that I never got into the blockchain hype, and my opinion on how it's used so far is mostly negative. If a product mentions blockchain, I usually just avoid it as a gimmick. But that's why I'm genuinely interested in this discussion - I don't judge a tool about how people misuse it.

top 50 comments
sorted by: hot top controversial new old
[-] TCB13@lemmy.world 52 points 1 year ago* (last edited 1 year ago)

Blockchain and/or smart contracts try to solve problems that were already solved in multiple ways by adding a ton of overhead that makes them unable for large scale deployment and long term usage.

Here's what's stupid about the people who say that blockchain will revolutionize the financial sector: why add a blockchain and all the computing power to store transactions when you can take the obviously efficient route and simply store transactions on a SQL database? Before anyone screams the word "decentralization" do you really think banks will cease to exist? NO. The most likely scenario - if people keep pushing this bullshit - will be to have some kind of closed blockchain that banks use to transact money, so it essentially becomes the same thing we've now with added overhead, environmental impact and technical complexity. We have efficient system in place with safeguards, operations can be tracked, reversed etc.

Frankly it would be a better use of everyone's time, money and effort to simply fix the REAL problems in the banking industry, such as the fact that the US still doesn't have a decently working, standardized digital system to transfer money between account holders in different banks. Europe has this with SWIFT/IBAN and people can transfer money between accounts, banks and countries almost instantly by just providing the amount they want to transfer and an IBAN number (nothing else required). Now tell me, how many people in the US have bank account with IBAN numbers? Most likely only millionaires. The majority of people use a combination of poorly structured system of account and routing numbers that often fail and lead to delays. Oh btw Russia has a similar system to IBAN.

There are tons of other weaknesses in the US banking system around the way credit and debit cards work, for instance why would anyone on their right mind assume that a system where you can provide your credit cards number and CVV/CVC code over a phone to make a transfer wouln't be abused to scam people and steal money? Then, after decades of fraud, to "alleviate" the issue they decided to create a bunch of companies that offer virtual credit cards with limits. Now let this how with works in most European countries: banks will, most likely, refuse any attempt at charging a physical credit card unless its made on a physical payment terminal with the card actually physical inserted on the thing an a 4 digit PIN code typed in. If you want to buy shit over the internet simply open your bank's app or website and they'll have a function to create a single use virtual credit card for the transaction. Way more secure isn't it? :) Either way most European countries also other systems to handle those kinds of payments eg. the online stores provides you with a specific code and you then can go into any ATM or your Bank's App, insert the code and make the payment.

As you can see making the banking system efficient and having fast, secure and usable things isn't about blockchain bullshit, its usually more about common sense and creating standards that companies, such as banks, have to comply with.

[-] Whirlybird@aussie.zone 13 points 1 year ago

Great post.

One of the big things all the crypto shills constantly said was that banks are bad and crypto was the saviour because of the decentralised nature. Then they realised that it was complete shit to use without some sort of centralisation, so they made exchanges……which are just banks with less regulations……..and then those exchanges went bust and everyone lost their money and started calling for more regulation 😂

There’s no real world need for blockchain tech.

[-] lemmyvore@feddit.nl 10 points 1 year ago* (last edited 1 year ago)

You don't need many of the features you listed to make a blockchain. Its basic form is a Merkle tree. For which there are many practical uses, some of which predate Bitcoin, and which you're probably familiar with.

Git is a blockchain. It's one of the most important tools for free and open software, which in turn powers huge parts of internet and technology.

Most of the extra stuff (proof of work etc ) were added specifically for crypto.

[-] pjhenry1216@kbin.social 9 points 1 year ago

Many people don't consider Git to be a blockchain because it lacks more than just proof of work. No argument against merkle tree, but a blockchain is more than a merkle tree, otherwise it would just be called a merkle tree. Part of the issue is I don't think there's any real accepted definition for just a simple blockchain.

For example, you can absolutely undo a commit (it's messy, yes). This is counter to how blockchain operates. Each commit does not rewrite every previous commit.

So git is sort of a precursor to blockchain. Distributed ledger, sure. Blockchain, no.

A blockchain is extremely difficult (virtually impossible) to intentionally tamper with. Git is not. Well, relatively speaking.

load more comments (2 replies)
[-] snowe@programming.dev 7 points 1 year ago

I haven’t heard anyone ever refer to git as a blockchain. The main point of “blockchains” is to have a trustless security mechanism, which git doesn’t have. I don’t think blockchain and merkle trees are the same thing at all, even if blockchain uses merkle trees under the hood.

load more comments (3 replies)
[-] Jamie@jamie.moe 6 points 1 year ago

There is actually a system in the works called FedNow that banks here can sign up to be a part of to allow national money transfer between any two people. Probably a lot of banks aren't taking part yet since it's barely a couple weeks old, but it's promising.

[-] Whirlybird@aussie.zone 9 points 1 year ago

Just an FYI for those that don’t know - outside of America everyone has been able to transfer money between any 2 people’s banks whenever they want without issue for decades.

[-] pjhenry1216@kbin.social 3 points 1 year ago* (last edited 1 year ago)

Tbf, this isn't entirely true (it's as true as it would be for the US). This is more about the time required. Europe has had instant transfers for approximately a decade.

Edit: to be clear, I'm just refuting the plural of the word decade. The US is still behind by quite a bit though.

load more comments (6 replies)
[-] TCB13@lemmy.world 6 points 1 year ago* (last edited 1 year ago)

Yes it is, and I hope it actually fixes the issue. But I'm not sure how it works in detail and it doesn't seem to actually replace the mess that banks made but instead just add a bandage. At least is seem to use ISO 200022 message standards but as I said would it be THAT hard to simply ditch all the crap and model a baking system around what the EU/Russia does? Actually I don't get why the US can't just adopt the internationally used SWIFT system and the IBAN improvements that is used by 77 countries world wide for their national and international transfers. This system won't make the US dependent on anyone as it is mostly a bunch of technical standards and recommendations on how to transfer money between banks.

load more comments (8 replies)
[-] Mikina@programming.dev 5 points 1 year ago

I live in Europe and have some direct experience with how the banking system works (I was pentesting the system that shares transaction data between banks over their closed intranet), and I had no idea that US doesn't have something like that. That's interesting, that sounds like a lot of inconveniences.

load more comments (1 replies)
[-] csolisr@communities.azkware.net 36 points 1 year ago

Blockchains are only useful in cases where non-repudiability (the ability to prevent users from denying that an event happened) is more important than any other factor. And there are preciously few cases where this is the case, the vast majority being related to audit - tracking receipts, votes, certificates, or similar attestations in an environment where no single party can be trusted. Disclaimer, I've worked in the past in projects related to the aforementioned - fortunately all of them related to the field of audit.

[-] interolivary@beehaw.org 8 points 1 year ago* (last edited 1 year ago)

Notabaly most of these use cases probably don't benefit from a public ledger though, in the sense that anyone with enough stake / hardware could be a validator. Exposes you to way too much uncertainty about whether validators will screw you over with Maximal Extractable Value tomfoolery, edit: and is obviously slow and very expensive compared to PoA

load more comments (4 replies)
load more comments (1 replies)
[-] arisunz@lemmy.blahaj.zone 30 points 1 year ago* (last edited 1 year ago)

buying drugs and scamming people

oh, and throwing gasoline at an already burning planet

load more comments (5 replies)
[-] jmk1ng@programming.dev 22 points 1 year ago

Blockchain? Oh, hah, no no... none of us were ever hyping up a tech we didn't understand as the solution to literally any problem.

Say, have you heard about AI? It's a revolutionary technology that's the solution to any problem!

[-] Zyansheep@lemmy.ml 6 points 1 year ago

I mean, machine learning can theoretically approximate any computable function given enough time and resources...

load more comments (1 replies)
[-] ICastFist@programming.dev 13 points 1 year ago

The only useful use case I've seen is for when you absolutely MUST be able to track historic data and ensure edits don't destroy the original. Blockchain "solves" this by never allowing saved data to be edited.

The only place I've seen it actually being used properly for that was within Brazil's medical vaccine tracking (ptbr article), which is what allowed them to confirm that Bolsonaro falsified his vaccination card. It doesn't offer details on what kind of protocol it uses, but it could just be a "decentralized, distributed" database, for all intents and purposes.

load more comments (2 replies)
[-] nibblebit@programming.dev 10 points 1 year ago* (last edited 1 year ago)

Audit logs and Access control paper trails.

Security event logging has to be:

  1. Broadly accessible
  2. Write-protected
  3. offering some proof of completeness.

These three requirements are tricky and often conflicting. Block-chain might be an inefficient way to achieve these, but the glove does fit quite neatly.

Logistical paperwork

  • Purchase Orders/Invoices and packing slips
  • Waybills/Bills of lading and CMR's

These kinds of documents require multiple stages of matching and approval by untrusted 3rd parties. There are dozens of ecosystems of interacting systems that support processing these documents, but most people still use paper. Paper is more reliable when you need to deliver a container full of diapers from Poland to North Sudan. It's more reliable but incredibly prone to fraud and forgery. Having all of these approvals and transactions tracked on a blockchain and letting different systems interact with the same chain, would make it possible without each ERP having a rest API to each other ERP.

[-] MiddleKnight@discuss.tchncs.de 8 points 1 year ago

I fail to see what blockchain can provide in the realm of audit logging?

Fundamentally, you need to trust the systems which are logging events to log the correct events at the correct time. How does blockchain change this?

[-] nibblebit@programming.dev 3 points 1 year ago

Yeah the problem isn't the veracity of the logs, it's providing a mechanism for third parties of proving that the sequence of events in your log hasn't been tampered with after the fact

[-] MiddleKnight@discuss.tchncs.de 3 points 1 year ago

Any system which publishes the log to third parties as they are written would do that.

[-] nibblebit@programming.dev 3 points 1 year ago

Yeah you're not wrong, that would be more efficient. Again a blockchain is not an efficient way to do it. But it would be effective.

In practice audit logs are used by and for auditors. Non-technicals that need evidence that would hold up to argument. Yes you could send your logs to a third party. Now you have to prove that third parties trustworthiness twice a year to the standards of each legal entity you operate in. And lawyers are more expensive than blockchain devs haha :p

Having a private blockchain that you can share with several changing parties that can subscribe to it. Without having to update anything about your infrastructure is a benefit.

Even though I've lived through several iso 27001 certifications, I'm still walking on thin ice when I say that it would probably easier to explain the blockchain in practice than any other proof of completeness method. Because the public is more aware of it. On the other hand the public is also more skeptical of crypto so it could also backfire :p

load more comments (8 replies)
load more comments (3 replies)
load more comments (7 replies)
[-] interolivary@beehaw.org 10 points 1 year ago* (last edited 1 year ago)

Blockchains are "just" distributed databases with a guarantee about transaction ordering (doesn't have to be totally ordered like regular literal chain-of-blocks but eg. some sort of DAG). Then on top of that you have your consensus-forming mechanism like PoW, PoS or PoA (Proof-of-Authority), most of which are designed to work in a network where you don't trust the participants, except for PoA where nodes that eg. have a cert signed by a specific authority can do validation.

I could see PoA networks being useful for eg. banks, real estate related stuff, DNS (like @jet@hackertalks.com mentioned) etc. Anything where you'd be interested in having all parties agree on some order of transactions, and where validation is only done by trusted actors. DNS-like systems could maybe even be done with public validation, but PoW is out of the question because of the W part, and most PoS-like systems (well, PoW and PoS but still) have lots of problems with validators being incentivized to order transactions in a certain way ("Maximal Extractable Value" et al) that can actually be detrimental to the network (or even consensus) and to the users.

I'm not really super sold on the idea of public blockchain networks where anyone (well, anyone with the means, which is not a small barrier) can be a validator, they mostly seem a bit like a solution looking for a problem. I can easily envision blockchains becoming something like Linux in the sense that they could be used "in the background" in many contexts, but so that us plebs rarely actually have to deal with them (the majority of the Internet runs on some flavor of Linux, but most people don't "consciously" use it apart from Android which does its damndes to pretend not to be Linux).

[-] jet@hackertalks.com 3 points 1 year ago* (last edited 1 year ago)

Your comment pivoted from smart contracts to the foundations of why blockchains are useful. If we're going down to strictly what a blockchain can be used for, replacing the web of trust for certificate validation.

Monero is a good example of what digital money should look like. Fungible, not an open ledger, usable like cash is.

If we ever put an authority in a position where they can surgically change things on a distributed ledger. It's much more efficient to simply have a central ledger controlled by that same authority.

It does get interesting when we look at partitionable blockchains with Central oversight but those are pretty rare. But if you do have a partition will blockchain your the government functions could keep operating if there's some network partition government event natural disaster communication interruption or say colonies on different planets. That could be interesting.

load more comments (5 replies)
[-] armestam@lemmy.world 9 points 1 year ago

Git

Git is Blockchain and it's pretty much the only use of the tech I actually see make sense. Most other uses add too much expense where we could just used a trusted ledger. I know people are all about zero trust but the cost benefit of Blockchain doesn't pan out for almost anything. It's not hard to develop cheaper ways to trust an actor, such as laws. Which is how we create trust today. When's the last time your westernized bank stole money from you?

[-] pjhenry1216@kbin.social 9 points 1 year ago

Git is not blockchain. Git is a distributed ledger. You can rewind a git commit if you know what you're doing. If fit were a blockchain, removing the last commit would corrupt the entire chain. Every transaction is part of building that trust.

Your conclusion of uses of blockchain is spot on though. I also feel it's extremely expensive and complicated when there are much cheaper and more efficient ways outside of it.

When did this become a thing where people started calling git a blockchain? Git is much older than blockchain. I don't see anyone giving Torvalds credit for inventing blockchain. Because he didn't. And git isn't blockchain. It's sort of useful as an illustration of how blockchain almost works, except it's much more efficient because it doesn't do all the things that blockchain requires.

load more comments (2 replies)
[-] imperator3733@lemmy.world 5 points 1 year ago

The only use that I've thought of over the years is event logging where you need a very high confidence that no one has tampered with the logs.

[-] OffByOneError@programming.dev 5 points 1 year ago

When NFTs were invented, people imagined them being used for things like titles/deeds. Instant transfer and verifiability would be a huge thing. especially in places that have real estate scams due to the slow/corrupt bureaucracy.

[-] computertoucher5000@programming.dev 4 points 1 year ago* (last edited 1 year ago)

A good while back I read a paper, blog post....I read something somewhere a while back that laid out an interesting use case involving vehicular service records for fleet vehicles. And I know exactly about as much about blockchain then, as I do now, but I did spend some time in fleet logistics for a large scale service company with about 20+ field vans and at the time, the notion seemed compelling and interesting on the face of it.

After a very brief google, it seems the topic has been widely written about but nothing in depth compared to the piece I read all those years ago (which felt more like a full on white-paper). Looking around and will edit the comment if I find it so the people in the room who are smarter than I am can weigh in.

load more comments (1 replies)
[-] jet@hackertalks.com 3 points 1 year ago

Name lookups. Like DNS.

If you have a trusted Oracle on whatever chain you're using, then your smart contracts can start working with real world data. And that opens up lots of possibilities. Of course it puts a lot of faith in oracles. But for instance you could have an inheritance scheme that triggers on the death of a relative. You could do life insurance. You could affect any sort of contract was transaction money or currency.

To your points about central control, I think it's anthema to the idea of a distributed system. If your resistant to malicious actors you have to be resistant to censorship. Because it's only a matter of time until the central authority becomes a malicious actor. At least for some of the population.

[-] TCB13@lemmy.world 8 points 1 year ago* (last edited 1 year ago)

Trust is a fundamental thing in human life an society. It get around the abuses by having checks designed into the system and smart ways to stop corruption. If you can't trust a company to deliver a service after payment why would you even work with them? This is the "issue" that smart contracts allegedly fix.

load more comments (2 replies)
[-] MxM111@kbin.social 3 points 1 year ago

Maybe when we have AGIs making contracts with each other and current legal system just does not work for them?

load more comments
view more: next ›
this post was submitted on 03 Aug 2023
76 points (85.2% liked)

Programming

17765 readers
602 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS