115 comments

[ 3.8 ms ] story [ 317 ms ] thread
> A few hours before it was supposed to be released a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from The DAO

In particular, blacklisting DAO operations means that one can broadcast transactions that perform huge computations but just before running out of gas, perform a DAO operation. This huge waste of resources by miners cannot be compensated if the transaction cannot be included...

As i predicted then in my statements, a fork would be the start of the downfall of the crypto currency. They smashed the foundation of crypto currency down, the unbreakable block chain. Solution, just fork it :(
With wide support of the community.
Irrelevant. And the transition of Rome from republic to dictatorship (setting in motion its decline) similarly had wide support of the community, and even began with Pax Romana or 200 years of relative tranquility...
You can't have majority ignore the rules just because they are the majority. The software was law. It was disregarded. Now whatever the law is, it's meaningless. Note how in real life, people cannot be prosecuted retroactively. If what they did was a crime at that time, only then will there be punishment.
Actually you can-- look up jury nullification.

When the slaves from the southern US started escaping north and towards Canada, many northerners who aided them were put on trial because technically they broke a law because slaves were considered property.

The jury would acquit them because they did not believe in the spirit of the law.

Some people believe jury nullification is required for a truly democratic justice system.

Also in this scenario, the fork is essentially the majority's way of saying "we don't believe in the spirit of this contract, it wasn't meant to behave that way." Obviously, that brings up many complications. But the majority believed that a fork is essential to save the platform and worth the potential split in the community.

The community was penny wise and pound foolish. They saved their asses on that one stupid investment and set a terrible precedent that is going to come back to haunt them every time someone releases a smart contract with a bug in it.

Either the code is the contract or it isn't.

Btw -- what has the DAO even accomplished after they 'saved' it?

> what has the DAO even accomplished after they 'saved' it?

It has warned a lot of people to stay the hell away from this kind of construct because it can't be trusted. That's a pretty good accomplishment.

Except it wasn't? Ethereum's doing great right now despite the fork.

Seems a little strange to stand by your prediction now when we have the benefit of hindsight and can see pretty clearly that you were wrong.

I never understood this argument about how the blockchain would be magically "completely set in stone". It's a bit insane that such a new technology carries so much mythology and cargo culting, to the point where some things are considered sacred.

No Other Coins Before Me

Thou Shalt Not Attempt To Mutate The Blockchain

The blockchain has always been about consensus first and foremost. If a clear majority of the economic power decides to change something then that thing will change. There's nothing magical in the blockchain to prevent that. You can always decide that it's wrong and remain on the "classic" version, but if you don't convince anybody else to follow you there won't be any value.

More generally, I don't see how any coder would take the "code is law" thing seriously. All code has its share of bugs. Even if you formally verify it you may still have a bug in your verification code or your assumptions. The tiniest mistake can lead to catastrophe, as we've seen lately.

Code isn't law, law itself isn't law, it's how humans apply the law that's law. Removing the human factor from it isn't a feature, it's a terrifying totalitarian dystopia.

"Hello sir, the algorithm detected that $10 was missing from your utility bill 12 years ago, with the late fine, processing fees and interests you now owe us $1298.51. Please pay within a week."

"I can't pay this and I need to take care of my family. I'll have to mortgage the house!"

"I'm sorry sir, code is law. Beep boop."

Judge Dredd: blockchain edition.

It's taken seriously because "code is law" is (was) the premise of Ethereum's value. The blockchain isn't about consensus, it's about the use of mathematical (rather than political) consensus to maintain immutability. By removing all the messy human factors and defining it all in terms of cryptographically secure mathematical consensus, it was supposed to be this superior platform, and that's a big part of what drew the techno-libertarian digital nomads to it: the promise of a clean, unambiguous financial system outside human control.

Except then they hard forked, proving that political consensus still rules. The benefits of crypto-secured mathematical consensus are still subject to politics and messy human institutions. "Code is law" is a lie.

The funny thing is, this is a corner they painted themselves into. If they'd planted their flag only on decentralization, automation and trustlessness, and ignored "code is law", they wouldn't be having this problem today. Ethereum would be a technological advance on what we already accept: human economics.

It was wrong to fork Ethereum. Terms of DAO were pretty clear and there was no reason to refund.
(comment deleted)
I wish there was a way to test this hypothesis.

Some sort of A/B test where there were two versions of Ethereum, one with the fork and another one without the fork. That way we could have known for sure if forking was a good idea or not.

(comment deleted)
Is this sarcasm?
That's exactly what happened.
No its not. There is only Etherium with the fork. There is no version of Etherium that never forked. If we could peek into the multiverse and see a universe where Etherium wasn't forked, davidiach's wish could come true.
i assume you're being sarcastic, but of course the hard fork succeeded: the vast majority of users switched to the hard fork. that doesn't mean classic would've failed without the fork.
The classic chain is still there, anyone can use it if they like. That's probably the best thing that happened, both groups had their own way and went their own way. You can't satisfy everyone and keep them on the same chain.

Technically, no transactions were undone, but the fork agreed to a new state set in the future. The users of the new version also had a choice if they wanted to support the fork or not, the majority went with the fork. It's not like anyone was forced to fork. Actually, you could even run both, and I did for a time until it was clear who was the winner.

This is a screenshot of the choice everyone was asked when starting up their wallet: https://upload.wikimedia.org/wikipedia/commons/thumb/d/d7/Et...

> The classic chain is still there, anyone can use it if they like. That's probably the best thing that happened, both groups had their own way and went their own way.

Semantic games aside, this is a classic illegal maneuver in corporate law -- I think the term is "freezeout merger."

It works like this: Alex, Beth, and Casey each own 1/3 of FooCo. So Alex and Beth get together and, by a 66% vote, agree to sell the assets of FooCo to BarCo for $1. BarCo just happens to be owned by Alex and Beth without Casey.

It's a nice move for Alex and Beth, right? They just each increased their net worth by 50% with a simple legal formality. In fact, if you think about it, this maneuver is always a rational transaction for the majority shareholders in any corporation. Which is why it's illegal -- otherwise it breaks the game.

So, what do you think Alex and Beth say in this scenario if they're called on it? They say exactly what you said here: Casey didn't lose anything! She still has 1/3 ownership of FooCo, plus she got her 1/3 of the $1 paid from BarCo, fair and square. No harm, no foul.

(No kidding, I've actually had the lawyer for a company that did this to my client try to make this argument across a conference table. Then the lawyer tries to pretend no one has ever had that idea before. Like this wasn't thought of and dealt with about 5 minutes after the first minority shareholder existed.)

A court, and the rest of the world, will find this argument ridiculous. The obvious intention and impact of Alex and Beth's action was to take net worth (in real world terms) from Casey and award it to themselves. They can't avoid that by playing clever games with the labels.

Likewise, the obvious intention and impact of the Ethereum shareholders' actions was to take net worth (in real world terms) from the DAO hacker and award it to themselves.

Play all the games you want with the words, that's what happened. And that's the takeaway: in the law, the minority has protection from the majority. In Ethereum, the majority shareholders rule, and if they decide you don't deserve to have ownership, they can vote to take it for themselves.

It's potentially rational to decide you like your chances better with the majority-shareholder-vote-is-law system than the legal system in your jurisdiction. (If you live in the US or a similar jurisdiction then I disagree, but it's an interesting argument anyway.) But trying to pretend no one lost anything from the hard fork just doesn't fly.

This is very well put. Thanks for writing it and explaining the way you did.
>, this is a classic illegal maneuver in corporate law -- I think the term is "freezeout merger." It works like this: Alex, Beth, and Casey each own 1/3 of FooCo. So Alex and Beth get together and, by a 66% vote, agree to sell the assets of FooCo to BarCo for $1. BarCo just happens to be owned by Alex and Beth without Casey.

FYI for those who don't happen to know the early Facebook ownership story... Mark Z attempted a variation of this.[1][2]

FooCo would be the Facebook (Florida) LLC created April 2004.

BarCo would be the Facebook (Delaware) Inc created July 2004.

Alex & Beth would be Mark Zuckerberg & Dustin Moskovitz & Sean Parker & et al except for Eduardo Saverin. Casey would be Eduardo Saverin.

>A court, and the rest of the world, will find this argument ridiculous.

Yes, the real world confirms that. After Eduardo Saverin figured out that he was diluted via trickery, he sued Mark. Mark lost and owed Eduardo additional stock (worth billions).

[1] http://www.businessinsider.com/how-mark-zuckerberg-booted-hi...

[2] https://en.wikipedia.org/wiki/Squeeze-out

Zuckerberg really has all the makings of a president.
If you're going to start taking US law and applying it to cryptocurrencies though, then couldn't you also argue that the DAO hacker(s) broke the law and that the funds _should_ be taken from them and returned to their rightful owners?

It's rather inconsistent to on the one hand claim that "that's just how Ethereum contracts work; the hackers should be allowed to keep those funds" even though those hacks would clearly be illegal under US law, then on the other hand turn around and say "forking the currency like this is wrong because it'd be illegal if this was a company operating under US law".

If that's the case, then you can't even count on the ownership of your cryptocurrency, no? Your assets are subject to the whim of the majority. Decentralized tyranny of the majority?

The "attacker" is seen as the "bad guy" so everyone decides to screw him?

You're correct. That's a known property of most cryptocurrencies known as a 51% attack. It's up to you whether you consider that a deal breaker or not.
In the case of fork as well, a majority of nodes would need to comply, right? Is it fair to say in both cases it requires a majority participation?
Yeah, that's what a "hard fork" means - it requires the nodes to actively choose it.
Im failing to see how what the DAO exploiter did was actually illegal.

The software IS law in the world of Etherium. There is a reason they are called "Smart Contracts", instead of "methods" or "functions". They are designed to be binding.

The DAO having a faulty smart contract is akin to someone agreeing to a bad deal. They feel cheated, but there is nothing legally that they can do.

Personally, I believe there should never have been a hard fork. The people that invested in the DAO were stupid to do so.

tbf, the bug was triggered not only because of theDao's code, but because of a combination of other conditions, including the way the virtual machine executed the code. The meat of the exploit was executed in the attacker's contract, as explained here https://medium.com/@MyPaoG/explaining-the-dao-exploit-for-be...

The token holders of theDao did not approve running of the attacker's contract, since they did not agree to the attacker's contract. At least that's how I interpret it.

Also, the word "contract" is not the same as a contract in law, it's more of a buzzword. They are just programs. So I don't think a program can have legal meaning by itself because it also depends of the semantics of the machine & how it interprets the programs. What happens if the code is correct, but something in the machine is broken?

The rules of the Ethereum virtual machine were altered later. I think the 'fallback function' now has a limit of 23k gas, correct me if I'm wrong, so attacks like these are more difficult, if even possible.

> "forking the currency like this is wrong because it'd be illegal if this was a company operating under US law"

That's not my argument. My argument is that there's a reason it's illegal under US law (and presumably in other functioning legal systems): because it has to be illegal for the game theory of vote-per-share corporations to work. Otherwise entering a corporation as a minority shareholder is irrational.

If you abandon the legal system's protection for minority shareholders, you're assuming that you don't need those protections -- that somehow cryptocurrency game theory works differently than the game theory of legal corporations. I suspect that's wrong. But either way, we have to at least be clear about the practical impact of Ethereum's hard fork in order to have the debate.

So you are saying that people who run a piece of software with a certain configuration option set to "yes", are breaking the US law?

> agree to sell the assets of FooCo to BarCo for $1

This is where your analogy breaks. The classic chain was not sold to the forked chain.

It would be more comparable to Alex & Beth getting together and creating new company, copying all the books & records from the old company (that were public domain), minus Casey's balance. Without buying the old company. Customers of the two companies could go to any company at any time they wish, except for Casey, who is not a customer of the new company. That would be legal in US?

There are a few other issues with your interpretation:

- Coins do not represent shares of a company. There's no stock.

- There's no voting: At most, the miners probably have voting power with their hashrate, however as the linked article stated, a soft-fork was impossible to do, so even the miners could not vote.

- Hardfork was not a vote. Even if you said "Yes" to the hardfork config option, you could still go back and say "No" to play with the classic chain at any point in time. (Refer to the screenshot in my OP)

This is the wrong level of abstraction to think about the problem at. You're talking about how it was done, in terms of technical implementation. Focus on the effects, in terms of real-world exchange value -- that's what matters, both to the law and to human beings.

In my analogy, Casey owned 1/3 of X (a corporation), where X is some social construct with real-world market value in terms of dollars or bitcoin or gold or whatever. The other owners of X worked to transfer real-world market value from X to a new social construct, Y, in order to capture Casey's share of the value. Under the US-law ruleset this is a violation of their fiduciary duty to Casey as a minority shareholder.

In the Ethereum example, the DAO hacker owned 1/20th (or so?) of X, where X (ether) is some social construct with real-world market value in terms of dollars or bitcoin or gold or whatever. The other owners of X worked to transfer real-world market value from X to a new social construct, Y, in order to capture the DAO hacker's share of the value. Under the Ethereum ruleset this is OK.

So we have two different rulesets with different protection for minority stakeholders. It's an interesting question whether (despite this example) Ethereum could end up being more favorable for minority stakeholders overall. But it's not at all interesting to spend time arguing about whether a minority stakeholder was injured by the Ethereum split -- that was the entire, explicit, point of the split, and if you focus on real-world exchange value there's no way to disguise it.

Again, I think this is where we differ - you're thinking in terms of stocks and shareholders, but there are no shareholders here. There are no shares that represent ownership of anything, and the most important distinction here is that when the fork was created, there was no transfer of ownership, which is the key concept in your argument.

Also, if I change my level of abstraction to think about the problem as you say, it would appear that the attacker was trying to injure the project, opposite to your Casey example, where she was the victim. Those that had 'skin in the game' did what they had to do, to protect themselves from the attacker. I don't think the attacker was naive, they would have known that such a move would inflict a loss of value for the project.

I also think that the hardfork was the best outcome for both parties: Classic represents the value of Ethereum should it have chosen to keep on going with the attacker, and Ethereum Fork is the value representing the attacker absent. Everybody wins, the thief would be pretty happy with their loot regardless (if it's legally theirs, maybe it's not). In your Casey example, she was left with nothing, so it's another important distinction to make.

Btw, thanks for replying and for the debate. It's been a pleasure.

Also in the law, a thief can be compelled to return your property even if it was your own lack of security that allowed the theft to happen. Technically the thief loses his plunder, but according to the law it was never his to begin with. If we argue about whether the thief lost anything, we're just playing semantic games again.

Also in the law, a suitable majority of voters and/or their delegates can change the law concerning the return of stolen property. They can even change the definition of theft if they want, or even change the Constitution. They're the (super-)majority after all. No amount of code or technology can ultimately stop them from having their will. Even the protections you mentioned only exist because some group of people who are more numerous than Alex and Beth have decided that they don't like freezeout mergers.

no, consensus for the win.
Sometimes you need to break eggs to make an omelette.

At the time, not hard-forking would have made the very concept of programmable blockchain a no-go area, never mind the damage to the project and the initial investors with some 10% of the whole token supply being drained because of a software bug.

In a way, the decision to hard-fork proves the Ethereum Foundation and community are truly committed to creating a new internet and we will do whatever it takes to make it a success.

Legal contracts are not immutable like this. That is one big reason courts exist: arbitration and resolution in the event that a contract is ambiguous or illegal. If I put a typo in a contract that could lead to malicious misinterpretation, I am not free to exercise that malicious misinterpretation because of what might happen if I am takien to court.

That said, contracts also tend to have many "fail safe" and conditional provisions to handle unanticipated events and edge cases.

It sounds to me (without much understanding of how exactly contracts are programmed) like there ought to be some kind of hard-coded "laws" restricting for controlling what contracts can do. Is there anything like a legal system in Ethereum?

The whole point of the proof of work blockchain is that no trust is needed, and the state of the chain is determined by distributed concensus. There is no moral right or wrong. Forking is the by-design mechanism to deal with large scale disagreement.
> The creation period was an unforeseen success as it managed to gather 12.7 Ether (worth around $150M at the time)

What?

(comment deleted)
There is way too much Ethereum and Bitcoin stuff on HN now. :/
Said the person with one submission in a year.
what does that have to do with his observation?
That if you want less of 'x' on HN that you should at least do your best to submit more quality links on other subjects.
I was kind of vaguely interested in this digital currency stuff, and even saw a few local stores tentatively start dipping their toes in last year. But now I have no idea what's going on with a thousand different currencies and now forks of the major ones and huge thefts and I don't even know. From a casual observer's perspective, they seem to be imploding and destroying any credibility they had built up over years.

I'll stick to real money, thanks.

They're consistently on a cycle of booming and busting - Bitcoin's value has been slowly creeping up and up through these cycles. Others... not so sure. Bitcoin is a huge driver for the hype cycle in cryotocurrencies in general.

If you want to watch anything, watch what happens with Bitcoin between now and August 1st. It's a make or break time for whether that trend of slowly increasing value keeps going or blows up horribly.

Eh, I'm not really interested in "watching" it, I just see what comes my way by chance. That mostly seems to be scary emails from CoinBase[1] and snippets of news of "the community" having major arguments about the fundamental nature of its value. This is not confidence inspiring for the casual user. Maybe it'll settle down sometime and I'll re-evaluate, but for now I've officially moved into the "not interested" camp.

[1] """The User Activated Hard Fork (UAHF) is a proposal to increase the Bitcoin block size scheduled to activate on August 1. The UAHF is incompatible with the current Bitcoin ruleset and will create a separate blockchain. Should UAHF activate on August 1, Coinbase will not support the new blockchain or its associated coin.

The User Activated Soft Fork (UASF) is a proposal to adopt Segregated Witness on the Bitcoin blockchain and could result in network instability. It is scheduled to activate at the same time as the UAHF."""

>They're consistently on a cycle of booming and busting - Bitcoin's value has been slowly creeping up and up through these cycles

Have we even seen a single cycle yet? Bitcoin hit the mainstream, what, five years ago? The value certainly hasn't "crept up"; it's growing exponentially like every bubble in history.

> Have we even seen a single cycle yet?

I mean, just look at the data. Yes, there have been -- without any doubt! -- at least 3 cycles that I recall. And by cycle I mean Bitcoin losing at least 50% of its market capitalization suddenly (bust!) and then slowing crawling back up, then quickly shooting up (boom!). No one, not even Bitcoin's biggest detractors, doubts that it's been through numerous boom and bust cycles (and that's not even a good thing, for a store of value).

>I mean, just look at the data.

I look at day-to-day - or even month-to-month- variations as noise, not cycles. How far down the time-series fractal is considered a cycle? All of this variance might look hilariously insignificant in 20 years. Perhaps we have a difference of perspective.

Definitely, we've seen several cycles - to name 2 I watched more closely, the $30 peak and the $1000 peak were both followed by extended months of much lower prices. After which the value tends to average out higher than it began, but remain quite distant from the peak for quite some time. This I call a cycle.
yeah, none of that shit happens with real money
It does, sure, to a vague degree. (Fiat money is not exactly as easy to fork, so you don't get the scenario of economic system disputes leading to alternate currencies as much. The rest certainly apply, of course, even the huge amount of thefts -- see the 1MBD Malaysian scandal as an example..)

The main issue to be aware of with cryptocurrency at the moment is quite a bit more volatile than the most major currencies. For now, at least, I would classify cryptocurrency investment as "speculative". EG: I wouldn't recommend anyone put their life savings into a cryptocurrency, at the moment.

>I'll stick to real money, thanks.

By "real" money, you mean more established and widely used, correct?

30 years ago: "guys you're writing way too much about internet stuff, I can't wait for this fad to be over"
I was going to post this! I've been in cryptocurrency-land since 2012 and initially the posts on HN were very occasional... now we have 2 or 3 on front-page at any time.

IMO this means that we are reaching peak interest among techies. It happened with node, with angular, with react and now with crypto... it'd be fun to see some data graphs with info from algolia or the HN dataset from GCloud...

https://cloud.google.com/bigquery/public-data/hacker-news

Regarding the post: I opposed the fork, but now I think it was the best way to go. When there are irreconcilable views/goals in a community, the best thing to do is to separate ways. It happened with linux distros, with dev frameworks, etc and cryptos are not different, it's just software.

There's drama, conflict, hacks, fuckups, civil wars, bugs, theft, more drama, bailouts and all of the growing pains that make a story worth telling.
So basically Eve Online.
Along with the same harsh attitude if you get burned
From my reading, many comments are negative. I was interested in crypto currency, but after reading enough HN, it has made me very cautious. I especially enjoyed learning about the horrible design flaws of the Solidity language.

I think HN plays a vital role and these opinions by very intelligent people are very helpful to me.

Your comment also made me wonder about a sentiment analysis of HN comments. Something like:

"What does HN Think about It?" App

Careful--there is a tendency for engineers to conflate superior technology with the success of a product.
FWIW, many of these negative comments that I read and most remembered as making powerful points happily admitted, as part of the criticism (not a hedge against it), that the security issues inherent in Ethereum are due to the very factors that might have made it successful (such as making web developers think they can now write smart contracts by offering a language that looks like JavaScript and is even as quirky as JavaScript, and sweeping verification under the rug).

I actually see lots of parallels to companies like StackMob, Parse, and Firebase, which launched incredibly insecure "serverless" database products that didn't even support any notion of security and even as they added security would almost encourage "anyone can read and even write all of your data" in the documentation as even mentioning security in a tutorial made the product look hard to use.

But the result, of course, was that there were even companies offering dating apps that even claimed in their marketing "we are actually secure, unlike others", which were listed as featured users on the StackMob website, where you could just dump their entire database--including both offline Facebook access tokens for all the supposedly-anonymous users as well as the entire database of what they were saying to each other in their supposedly-private messages--as it was all public.

The market is fundamentally incapable of optimizing for secure products in the same way it is incapable of optimizing for open products. Both of these properties of a product are too complex for users to analyze and the benefits often come in some difficult to measure effect that happens on some difficult to predict timescale. We need to work on this problem before the "Internet of things" becomes too popular and we hit truly dystopian levels of insecure centrally-controlled products.

A meta sentiment analysis of HN comments about <subject> would be fascinating to me. Quantify the opinion of the "hivemind".
I would be wary about basing too many decisions based on HNs advice (or any other internet forum for that matter). Although you find some jewels sometimes, HN comment section is famous for typically having cynical comments, and you'll find that over the years a lots of tech that later became big were considered "hype" or plain bad here, from stuff like ruby on rails to VR to Deep Learning, to name just a few. With crypto currencies there is the additional aspect that for a lot of ppl this is a sort of religion with money involved, so comments and submissions can be very biased or downright nasty. By reading certain cryptocurrency forums or publications you even risk getting a very distorted version of the real story due to mountains of disinformation and an echo chamber effect.
Be careful with these negative HN comments, they have cost me millions.

I first heard about bitcoin right here, when it hit $3 per coin for the first time. That was a huge event.

I had my own reservations about investing in bitcoin, but reading the comments here prejudiced my view.

VC's say it's not the losses that get to you, it's the companies you miss out on that scar you.

Not investing in Bitcoin at $3-5 was the single worst strategic decision of my life.

It was something that could have saved me years of toil, it was an easy ticket into the Big Game. A massive influx of economic energy, a fantastic counterstrike to entropy was right there, and it was easy. So easy to buy, granted it would have been not easy to hold through the dark times, the dips, the panic.

Oh, but if one did!

None of the hard work of starting a company, finding product-market fit, hiring a team, raising funds, fighting off the inevitable bandits that will come for their extortion money in the form of frivolous patent lawsuits...

None of that. Just easy, huge, beautiful, juicy investment capital right at my fingertips.

Oh the land that could have been bought! The development deals that would have flowed and the opportunities that could have been pursued. Instant entrance to Ruling Class, a ticket to the best club on earth.

'The most important men in town would come to fawn on me! They would ask me to advise them, Like a Solomon the Wise. "If you please, Reb Tevye..." "Pardon me, Reb Tevye..." Posing problems that would cross a rabbi's eyes! And it won't make one bit of difference if i answer right or wrong. When you're rich, they think you really know!"'

- If I Were A Rich Man, Fiddler on the Roof

And it's that emotion thats fueling crypto asset valuations right now, along with actual riches created by people who didn't give in to the negativity, the doubt, the fear.

The thing has value. People like this thing. They like it all over the world. There are infinite uses for something like money + code + global computer networks.

And a thing doesn't have to be perfect or solve every problem to have value.

The standard that commenters here hold crypto to is not the same standard they hold startup companies to.

With companies if they do something some people like enough to use, they say wow what a success, look they are a real company with profits!

I mean even if the only use for crypto currency is regulatory/legal arbitrage, that's insanely valuable and would have merited an investment.

HN comments might have saved you a ton, too. If you focus only on the missed opportunities and not the things you've done right, you're just making yourself unhappy for no good reason.
Personal happiness doesn't factor in to it, missing very early bitcoin was a result of flawed thinking, which I intend to correct.
Was it flawed thinking, or was it correct thinking that doesn't give correct results 100% of the time because the world is complicated and nothing can give correct results 100% of the time?
That's too bad.

The various majority of comments on HN are negative but they are also deeply ignorant. It's easy to dismiss blockchain technology because it's hard to understand. It takes a while for this stuff to come in and it requires careful and deep understanding of computer science, economics, and distributed systems.

Here's the thing: if you're interested in distributed systems you should understand the blockchain. Regardless of any profit potential, regardless of much of nonsense you'll read here, and regardless of the economic foundations (the most trenchant criticism comes from economics [1]) -- it is a very innovative and powerful new way to do distributed computing. Best of all it is virtually all open-source which means deep understanding is possible by diving into the source code. It's a rich area and it'd be silly to dismiss it completely because of the fluff posted here.

[1] https://www.youtube.com/watch?v=CK7IAndQzK8&feature=youtu.be...

If the voting for stories is fair, then "too much" means "the HN community is more interested in this than I am".

There's a lot of activity lately so it makes sense that there's more news on this lately. IMO it's relevant to HN. If I see stuff that I'm not interested in on HN (of which there is plenty) I just move on to the other stories.

> This is not a bailout as you are not taking money from the community, it is just a return of funds to the original investors

Isn't this the exact definition of a bailout? Specifically it's bailing out the investors in the DAO.

No? If the community or the government were somehow using their own money to replace the stolen funds that'd be a bailout. In this case, the stolen funds were simply taken from the hackers' accounts and returned to the people who originally owned them.
The question isn't who gets their money back, the question is who has to pay and/or take on the risk. In 2008, the banks were largely bailed out by taxpayers. In this case the hacker 'paid' because what they held was no longer recognized as ETH.

Even then, the hacker didn't lose anything. He might have a legal argument that he has been unjustly deprived of his wealth, but the legal system isn't generally available to criminals. Also, there's an alternative timeline where ETH fails because of this breach of trust, ETC takes off, and the hacker gets rich. But since the value creating developers supported to forked chain, that's where the value went.

I am not 100% certain that the hacker did anything illegal. As I understand it he exploited a loophole in the contract, that has been going on since contracts have existed and is not illegal in itself.
For me, this is the most interesting question. I suspect this was illegal, though. CFAA is pretty broad for exactly this reason -- the effect and intent, not the vector -- is what matters.
Why would the CFAA[1] apply? I don't think US law is the governing law for everything that happens on the Internet (though they'd probably love that...).

[1]: https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

You mean jurisdictionally? E.g. if the hacker was located in the US, or in one of the many, many countries with an extradition agreement since some of those distributed computations almost certainly occurred in the us. Or in one of the many, many countries whose hacking laws are explicitly modeled on cfaa...
Indeed.

"I have put one million dollars in this safe. The combination is one of the factors of this very large number."

Man factors number, opens safe, and takes one million dollars

"Woah hold on there, I didn't think anyone could do that! The money is still mine! Give it back!"

No.

It's a pretty grey area. I'm not sure they did either, but my guess is that they want to find out for sure by approaching the court system. Would definitely be an interesting conversation with their lawyer.
> The super majority of people (89%) voted for the Hard-Fork...

Wasn't it 89% of those who voted? What was the voter participation rate?

I've only just started following Ethereum in light of this incident and the other recent one I saw on HN yesterday. That said, if I understand it, the "attacker" was just the first person to truly understand the contract and exploit that understanding, no? If what happened isn't what the creators of the contract intended, then that's the fault of the creators, not the "attacker". Lastly, if they'll fork for one bad contract, why not fork for all bad contracts?
"contract" is a very poor term since it's often confused with real-life legal contracts. A contract is just code, and the DAO attacker exploited a flaw in one of the methods of the code to do something it was not intend to. It is an attack just like finding some flaw in a bank login system to steal money does not make it okay nor legal.

> Lastly, if they'll fork for one bad contract, why not fork for all bad contracts?

It's not easy to a HF of this nature, there was a lot of discussion for a consensus to come about. In that case the funds were also effectively locked for a time in a single address so it was much easier to do a change to return those funds. the % of eth at the time was also enormous (around 15% of the supply) and arguably enough to cause problems later with future updates like proof of stake.

Yet the whole point of smart contracts was that the code is the contract. Descriptions of what the contract was seeking to achieve were explicitly non-binding. It will be an interesting legal case if something like this ever goes to trial.
Okay, that's one way of looking at it, but the core value proposition of Ethereum over i.e. Bitcoin was that you could write contracts. Whether or not they've succeeded at that goal, they're called contracts because the goal was for them to be contracts.

If you're saying that they have failed at that goal I'd agree. The contract language they implemented is too error-prone for writing secure contracts, and the only solution they have is to break every contract in the system except the one large enough to perform a 51% attack on the blockchain.

But if we call these programs or code instead of contracts, are they useful for anything? Why would we invest our wealth in programs that lose that value if the code isn't unrealistically bulletproof and the largest program in the system? Calling it a program instead of a contract doesn't make it any less useless.

The main core value proposition (at least for me) is as an consensus layer for creating truly decentralized applications with a truly distributed and decentralized infrastructure, these applications don't necessary have money involved (ENS being an example). In this sense "smart contracts" are actually just pieces of code you deploy pretty much like one would with aws lambda, which is why the term "contract" is a bit confusing, but alas we're stuck with it now.
(comment deleted)
That's a lot of buzzwords you've got there. Call them contracts/programs/applications/whatever--whatever you call them, they're fundamentally broken, and not decentralized. If you write your code in their language, it's error-prone, and if you somehow manage to write it correctly, the DAO might reverse your code by hard forking. Rebranding contracts with a bunch of buzzwords doesn't fix the problem.
I was trying to be precise on what I meant and not using buzzwords or rebrand anything. It was being asked what was the value proposition and for many of us in the space the decentralized infrastructure and its implications is it. Often Ethereum is seen through a Bitcoin lenses in which contracts are just bells and whistles on top and that's not really what Ethereum is about.

Regarding the programming language, please note there is VM and Solidity is but one language (although by far the most popular currently) that compiles to bytecode for this VM. Much more restrictive/secure programming languages can be created for this VM and we'll likely see more work towards this as development continues, it's likely in the future developers will use different languages depending on the usecase they are trying to implement on the blockchain. Also in regards to the code deployed (the contracts) they can be decentralized, but contrary to popular belief they can also be as centralized as one wants in order to be possible to an update if something goes wrong. However in either case the Infrastructure remains distributed and decentralized.

Regarding the other comments: "if you somehow manage to write it correctly, the DAO might reverse your code by hard forking" and "the only solution they have is to break every contract in the system except the one large enough to perform a 51% attack on the blockchain."

In one sentence it sounds like you're saying the DAO contract somehow reverses 3rd party correct code, and in the other that every contract gets broken (?) except one contract because it's large? and the contract (?) performs a 51% attack on the blockchain (?)

Honestly I don't understand those sentences which is why I didn't address them, I mean you no offense.

> Regarding the other comments: "if you somehow manage to write it correctly, the DAO might reverse your code by hard forking" and "the only solution they have is to break every contract in the system except the one large enough to perform a 51% attack on the blockchain."

> In one sentence it sounds like you're saying the DAO contract somehow reverses 3rd party correct code, and in the other that every contract gets broken (?) except one contract because it's large? and the contract (?) performs a 51% attack on the blockchain (?)

Yes. When the DAO broke, the Ethereum community banded together and performed a 51% attack on the Ethereum block chain, potentially breaking every other contract in the entire system, even correctly coded ones.

Calling it an attack is a bit weird. Attacks are typically meant to things like create double spends. An hard fork is the natural mechanism for a blockchain to update. The Homestead release for example was an update that was done through an HF, the next update Metropolis will also be done through a HF.

For the DAO HF: The DAO contract was replaced by a withdrawal one, that was the only change, No other contract broke because of the fork.

If you were watching a building go up in flames due to arson, exasperated by faulty construction and you knew there were people inside you could save what would you do?

I'm pretty sure you wouldn't just say "It's their own fault for living there and it's also the construction company's fault for not carrying out safety tests. Let them burn because intervening now will only let the construction company & tenants off the hook - they all should have known better."

I dislike this analogy as I hold human life in a much higher regard. If you replace people with something like "property with no sentimental value" then the anology would be closer, but still imperfect. In that analogy, I would give pause but "letting it burn" would be much more palatable.
No, but we're not talking about human lives. We're talking about an ecosystem that is, as I understand, built on the premise that code is law. I may be mistaken.
No harm to any sentient being was caused by the unintended DAO usage ("hack").

A more apt comparison would be: Someone found a flaw in my distributed MMORPG and now the game isn't interesting / useful anymore to some people. Should we collectively change the rules, even though we previously committed to not doing so? And before you say "Ethereum is no game", consider how serious some people take their gaming worlds and how much resources (time and money) they invest.

That's essentially what happens in real life in some places: Don't pay for the fire department (although you should have known better) and in case of a fire the fire department will protect your neighbor's house, but will watch as your house burns to the ground: http://www.kfvs12.com/story/13281481/fire-chief-responds-to-...
Worth noting that it doesn't work like that for the overwhelming majority of residences in the US. Only places where you have to pay a specific fire subscription.
> Lastly, if they'll fork for one bad contract, why not fork for all bad contracts?

Conceptually, they would, it's just that DAO was an exceptional case.

a) The amount was really large. b) Ethereum ecosystem wasn't mature enough (and yesterday's event proved that they can take a hit like that and survive). c) DAO had a 30 day lockdown of the hacker's fund, this is something which allowed for a hard fork to be possible.

The last is really important. Once hacker gets your money out of the hacked contract, no hard fork is feasible. The DAO essentially created a situation where it was impossible for hacker to get the money, nor for the white hat hackers to get the money. Both could have created a script, where hacker would move his funds to a new child contract, and the WHG would follow him to the child contract (thus essentially rendering him unable to get his money out).

> Once hacker gets your money out of the hacked contract, no hard fork is feasible.

Why wouldn't it be feasible? Have all users update to a version of the client which artificially corrects for the balances of the hacked wallets. Isn't anything possible with a hard fork?

Anything is possible, but it gets much harder once the money is in circulation. If the hacker has time to buy socks & soap with the stolen funds, and convert some of it to USD on an exchange - then the soap merchant and exchange will not want their wallets "corrected".

Sorting out who should get their money returned and who gets to keep it would be infeasible.

"That said, if I understand it, the "attacker" was just the first person to truly understand the contract and exploit that understanding, no? If what happened isn't what the creators of the contract intended, then that's the fault of the creators, not the "attacker"."

I would go even further and suggest that the user (not "attacker") of this ethereum contract proudly stand up and identify themselves - without fear of retribution.

This individual played their game by their rules.

They are not an attacker, this was not a hack, and nothing was stolen.

How is this any different than exploiting a web application via something like SQL injection? After all, their implementation legally allows you to supply inputs containing those characters and their system responds by doing whatever with the database. Is that fundamentally different than supplying "expected" input and getting expected outputs?

"Your program just computes a different function than you expected and I supplied legal inputs" can be used as a defense of literally all software exploitation.

He or she shouldn't just stand up and identify themselves, they should claim their right. It would in a way be the ideal case to litigate.
It's a glorious hack in the original sense of the term.
The long-lasting angst I continue to observe on the part of those (usually casual observers without skin in the game)denied their schadenfreude always impresses me. No one's opinion was excluded by the split between Ethereum and Classic, both sides "got their way" by making the conscious choice of which chain they would like to continue with. I suspect some of the folks who chose the chain in which the hack did succeed are perhaps sour grapes that their specific view of Ethereum is significantly less popular (with a similarly small market cap) though.

This I see as a wonderful property of blockchain currencies, everyone can get what they want in an entirely democratic way, except the haters who just want to see other people's fun ruined.

The thing i never understand is the people who act like the ability to have "code as law" is new. The reason code hasn't been law since the time of hammurabi isn't because of lack of capability to precisely and logically express conditions, or even executing them reliably. It's because society didn't want it. I haven't seen much that says this changed today.

Even today, the reason contracts today haven't been written in symbolic logic and enforced rigidly isn't because we lack the capability or some legal hurdle. It's because, often, the result of negotiation on a specific point is very deliberately "let's worry about this later" (IE in court). It allows agreement on the major things while putting off the improbable events to a time when they actually happen, and gives a resolution mechanism when that occurs.

> The reason code hasn't been law since the time of hammurabi

It was called the CODE OF HAMMURABI but don't let that get in the way

> "code as law" is new.

It is new.. because it's decentralized.. you know, the D in DAO?

If you don't "get it" by now - don't worry about it. People are going to build cool stuff on these platforms and when you're using them in 10 years it'll click.

Contracts are decentralized by default.
Code as law isn't new, and it's probably true that people don't want it. However, two things are new:

1. The ability to execute code automatically. 2. The ability to decentralize.

There are lots of places where these things are of value, which is why some people are willing to accept code as law as a tradeoff to get them.

I find it hard to imagine any sane person intentionally writing ambiguous contracts with the plan to hash out the details in court in the future. The last place you want to end up is in court because of the time cost and uncertainty.
(comment deleted)
I don't want Code to be Law when it comes to whether I get thrown into prison.

But I don't mind if Code is Law with respect to paying out suppliers for my bakery today.

Especially if, when things go sideways, I can choose to use different Code tomorrow.

I wouldn't trust Ethereum with the cash balance of my business, or all its assets, but I might trust it with the daily float.