All the more reason the code which controls money probably shouldn't be an object oriented language compiled to bytecode. Strict functional will be looked back on as the obvious choice.
Probably don't necessarily need strict functional, just need explicit "commit" statement or function where all of the mutations to the Blockchain are gathered the end of the function it makes it very clear what got changed
Most of these are just plain old scams (phishing, inside jobs, etc), which aren't affected by the choice of programming language. There are also a bunch of hacks where off-blockchain software is compromised.
You must not understand the terminology. The first five are clear contract code bugs. Even if there are scams, I'm not sure what you want to conclude about how to improve contract code from that. What I stated is well accepted.
Scammers will hire developers to make fake Github activity just so people looking see an active project, and then "rugpull" months later taking everything.
If you debate OOP vs. functional or choice of programming language as if it were the central issue, you are helping scammers con investors by focusing on the wrong thing.
At least one cryptocurrency has made a sales pitch of "Haskell is a secure language immune to exploits", and it's important to remind ourselves that using a technology that agrees with our preferences or programmer identity doesn't change the scam-status of it.
I don't think a functional programming language can stop someone who's intentionally attempting to perpetrate a scam. It also probably couldn't entirely stop vulnerabilities in these "smart" contracts, but that's an entirely separate topic.
Do you have any idea what comprises the source code for most traditional banking infrastructure? It ain't modern functional languages, I'll tell ya that much. >_>
Smart contracts are a pile of money exposed directly to the internet with no firewall in the way. And no recourse when things inevitably go pear shaped. They’re somewhere between self funding bug bounties and just straight up honeypots. It’s interesting the folks with piholes and boobie trapped routers are the first to get behind this idea.
> Smart contracts are a pile of money exposed directly to the internet with no firewall in the way. And no recourse when things inevitably go pear shaped.
When you say it like that, it sounds like you're poking fun at the stupidity of defi and cryptocurrencies in general.
But what if there were public contracts, with billions of dollars locked in them, with no firewalls, essentially a huge self funded bug bounty, widely publicized, running for literally years, and it... just works as intended?
You probably still wouldn't like it because it doesn't fit your mental model of how security should work.
But if years go by and any of it keeps working despite the massive bug bounties, people will build on the stuff that works. 90% of smart contracts can fail, as long as knowledge is gained and confidence goes up in the 10% that are left. The contracts are composable, so if something works, you can reuse it in a trusted way. After all, anything with billion dollar bounties that survived this long must be pretty strong.
The contracts provide a feature that you can't get anywhere else: trustless decentralized computing. The "pile of money exposed directly to the internet" is actually a feature that tests trust.
It might not seem like a big deal to you, but for banks or funds or nations or anyone with very large sums of money, the ability to withdraw/transfer/borrow/lend with no possible downtime or fraud is extremely appealing.
With all the billions being thrown at this problem, I don't see how smart contracts could fail.
> when things inevitably go pear shaped
If you really believe all of these contracts will inevitably go pear shaped, are the billions not enough incentive for you to go find the bugs yourself?
> It’s interesting the folks with piholes and boobie trapped routers are the first to get behind this idea.
Yes, these people are called "early adopters". They're excited by new technologies, even when they involve risk. You should try it sometime.
That's a means, not an end, and has no intrinsic value. Any value it has is extrinsic - derived from its applications. Of which there are none that are better handled that way.
TCP/IP has no intrinsic value either. What's built on it has value.
> ...withdraw/transfer/borrow/lend with no possible downtime or fraud is extremely appealing.
Really? No possibility of fraud? Are you sure? Might want to click through the link at the top of the page. Didn't half of DeFi go down with AWS? Didn't Solana get DDOSd and also have to get rebooted recently? Can't you nuke any NFT on OpenSea from orbit by filing a DMCA complaint with Google? I suggest this position is aspirational... at best.
> If you really believe all of these contracts will inevitably go pear shaped, are the billions not enough incentive for you to go find the bugs yourself?
That's not my area of expertise, but there are plenty of folks for whom it is. I trust this task is in good hands already.
> Yes, these people are called "early adopters". They're excited by new technologies, even when they involve risk. You should try it sometime.
I do, when those new technologies have value. I've been daily-driving Rust since 2015. I've been following crypto since 2016, I've used a number of chains a number of times. I heated my condo mining ETH for a while on a 3090. Closed out the position via dex. It's pretty dang pointless. Not everything new is good.
What problem can it solve that a central database can't?
Half the scams I've seen are stopped because a central 3rd party (like OpenSea) refuses to deal in the "stolen" property. At which point, there's no decentralisation.
Look, I'm pro-decentralisation and pro-cryptography. But no one working in your space has built anything which has convinced me you're on to something brilliant.
I hope I'm wrong though. Because if not - an awful lot of money, talent, and goodwill have been wasted.
Some of us just like to work on distributed systems, formal methods, compilers, etc… I’m skeptical about the whole thing and so are many colleagues I’ve worked with but the technical challenges are interesting.
You should work on actual problems, then not only will the technical challenges be interesting, but the result delivery and client satisfaction challenge will be too !!
Don't you dream of doing work that people actually use ?
I donate a lot of money to charity (>10% a year) - that’s my way of having an impact. If I can make that money working on cool tech problems and without scamming people then I am very happy. If the tech also becomes useful then that’s awesome, that’s just added to the upside. If it doesn’t, well I’ve done a lot more good with my career than if I took a lower paying job to make some web app slightly more performant for people to buy sweaters.
Dude if you weren't busy scamming them, that'd be one less source of adversarial financial risk and you may not have to throw some crumbs at them.
Charity is when the taxpayers failed :(
And I'm glad at least you helped people buy clothes, that sounds more rewarding than selling them debt and misery :) And I've sold personal loans, I know :D
I don’t scam people and I don’t work for projects that scam people. No one I know scams people. Some projects and people might, sure, but I’m not part of that. If I knew of a scam I'd be very vocal about it.
Well for instance you may work on an artificial means of exchange that derives value from marketing to its member that they'll get rich if only they convince more people to use it.
It's like working as a food expert at Herbalife. Sure it must be interesting to invent new receipe, but can you really Van Braun your way out of what misery you're helping produce just because it s fun to optimise the Haskell compiler ?
Another way to say it: project yourself 5/10 years in the future and the entire thing collapsed. Everyone knows where you work and what you contributed to: was it worth it, net? Did you learn more than the suicide rate of the people losing their savings cost ? You can leave now, imagine you're an employee of Theranos a year before Carreyrou.
To be fair to OP, your mind appears to be made up, and you can probably admit that, if youre honest with yourself, you don't earnestly look into the field much, right?
A third of GDP in Nepal is money sent by nationals working abroad and 1/4 of that is taken through high international banking fees. Use stable coins on a blockchain to get around those and you’ll see a 1/12 increase in GDP?
Phone credit based economies still exist in Africa. They have internet but no banking infrastructure. Using a blockchain allows people to create accounts and build a credit history as opposed to phone credit balances.
The Gates foundation mentioned a lot of pain points in direct giving was the fees taken along the way. Again, something that could be looked at with crypto.
Digital licenses - they aren’t transferable because the resale market doesn’t give returns to the creators. With NFT licenses you could trade them with fixed royalties going back to the creator.
Use a proof-of-stake chain and they're a few dollars, so much cheaper. That's why Visa and JP Morgan are hiring to build a blockchain to run inter-bank transactions to get around them.
One killer feature that doesn't get nearly enough hype is uptime. Check out these stats: https://www.buybitcoinworldwide.com/bitcoin-uptime/ The last incident to cause downtime for bitcoin was in 2013. Ethereum has never had downtime.
Another is speed. People like to talk about how slow web3 is, but even Ethereum is super fast compared to a traditional banking transfer. Traditional accounting isn't expected to be instant, so it has a lot of waiting periods and days-long SLAs.
Also trust. Not everyone can trust their local bank or local government. And even if they can, why should the default preference be to have a company with a spreadsheet tell me how many assets they have marked to my name? I'd rather have a decentralized ledger that doesn't require me to place my trust in an individual company or government.
You can't really build these features without some sort of "blockchain". You could try to put together a consortium of companies or individuals to run a shared database with consensus and vote about administration, having it backed by contracts that would be enforceable by world governments. That'd get you 95% of the way there, but it'd still be less good than a public blockchain run by volunteers that provides the same trustless features.
> Speed? In the UK I can send money for free to any other UK bank account instantly. Not everywhere is as slow and expensive as the USA.
If you believe that all the world is really the divine right of the queen, I suppose sending payments instantly within the UK is more than sufficient.
> Uptime is legitimately amazing. But when you look at the computational speed - a Raspberry Pi on a UPS is probably more powerful.
Way more powerful, but practically useless, as 100% uptime globally is the requirement.
> Trust is great. How do you do a chargeback on a fraudulent transaction on Ethereum?
Blockchains completely prevent chargeback fraud by simply not allowing for reversal of transactions. You might not want this feature if you're buying a cup of coffee, but it's very important if you're dealing with large sums.
I'm not anti-crypto per-se and my guess is most people like me aren't opposed to the ideas behind it but the reality is there is massive fraud(-adjacent) stuff happening and while some of the ideas might be ethically noble, most of them aren't. The result being (for me at least) that skepticism is best.
https://rekt.news articles dive into most hacks to describes how the relevant contracts/crypto/logic works, what's the suspect code, and which parts in the architecture were abused. This is on-brand for "Hacker News" and intellectually stimulating.
But this submission got nuked. It went to #4 in an hour, and then disappeared. Maybe we need decentralized HN!
Sorry milord, continue working earnestly a little bit more before we have to bow and kiss your golden moonshaped shoes.
What do you guys work on all day long ? How to convert a DOGE to USDT to BTC then to a bored ape NFT looking to the right ? Hope you dont work at SafeMoon or other such "project" you guys call "crypto" because there's 1 hash function somewhere and one key elsewhere :p
> Sorry milord, continue working earnestly a little bit more before we have to bow and kiss your golden moonshaped shoes.
You see, this is the issue I have. This is just twattish behaviour.
> What do you guys work on all day long?
Pretty interesting problems. In the last year or two I've worked with some of the founding designers of Haskell on compiler profiling. I've heard from Leslie Lamport on using TLA+ to formally prove consensus algorithms. I profiled worst-case-performance of cloud infrastructure across the world. Stephen Wolfram and Vint Cerf gave internal talks to us at monthly learning sessions. I've written systems code in Rust, Haskell, Golang, F#, and multiple other 'cool' languages. I got to ask the guy who introduced monads to functional programming wtf is a monad? I spoke to SPJ about programming. Been taught property-based testing by the creator of QuickCheck. Etc... It's a really cool space if you like tech with some great minds in it.
> Pretty interesting problems. In the last year or two I've worked with some of the founding designers of Haskell on compiler profiling. I've heard from Leslie Lamport on using TLA+ to formally prove consensus algorithms. I profiled worst-case-performance of cloud infrastructure across the world. Stephen Wolfram and Vint Cerf gave internal talks to us at monthly learning sessions. I've written systems code in Rust, Haskell, Golang, F#, and multiple other 'cool' languages. I got to ask the guy who introduced monads to functional programming wtf is a monad? I spoke to SPJ about programming. Been taught property-based testing by the creator of QuickCheck. Etc... It's a really cool space if you like tech with some great minds in it.
Sounds a lot like university, what do you guys produce as a result ? Do you work at BlockOne, I hear a lot of such dilettante feedback where work is more about learning fun things at random without any specific purpose. I mean from compiler profiling to property testing, do you have time to focus on a tight deadline ? How many systems do you focus on, if you have to touch 4+ languages just to apply a change ? I hope at least it's not each end to end feature that requires all those languages -_-.
But at least, good you accept to work on all of them, problem where I work, where we do more classical Python/Java/C#/JS,is I have trouble to convince my colleagues just to touch a second one and de-specialize.
I worked on the Cardano blockchain at IOHK, then worked on a financial exchange but that’s NDA’d, and now work for a decentralized exchange trying to think of consensus methods that avoid front running (so problems like generating random numbers that are both deterministic while also not being known in advance in a decentralized and distributed space). I used Haskell on Cardano, F# for profiling Windows stuff to find a file system performance issue, Go at the NDA’d thing, and Rust in my current role. Also python and typescript for bits; wrote a 1k bash script for one project lol.
Perhaps you should look at why people become anti-crypto. Most of us have had bad experiences with it and have decided that the problems outweigh the benefits.
I still think it's an interesting experiment, but I won't invest another cent in it.
47 comments
[ 0.83 ms ] story [ 117 ms ] threadIf you debate OOP vs. functional or choice of programming language as if it were the central issue, you are helping scammers con investors by focusing on the wrong thing.
At least one cryptocurrency has made a sales pitch of "Haskell is a secure language immune to exploits", and it's important to remind ourselves that using a technology that agrees with our preferences or programmer identity doesn't change the scam-status of it.
https://web3isgoinggreat.com/web1
That and the safari crowd with closed-source paid adblockers
When you say it like that, it sounds like you're poking fun at the stupidity of defi and cryptocurrencies in general.
But what if there were public contracts, with billions of dollars locked in them, with no firewalls, essentially a huge self funded bug bounty, widely publicized, running for literally years, and it... just works as intended?
You probably still wouldn't like it because it doesn't fit your mental model of how security should work.
But if years go by and any of it keeps working despite the massive bug bounties, people will build on the stuff that works. 90% of smart contracts can fail, as long as knowledge is gained and confidence goes up in the 10% that are left. The contracts are composable, so if something works, you can reuse it in a trusted way. After all, anything with billion dollar bounties that survived this long must be pretty strong.
The contracts provide a feature that you can't get anywhere else: trustless decentralized computing. The "pile of money exposed directly to the internet" is actually a feature that tests trust.
It might not seem like a big deal to you, but for banks or funds or nations or anyone with very large sums of money, the ability to withdraw/transfer/borrow/lend with no possible downtime or fraud is extremely appealing.
With all the billions being thrown at this problem, I don't see how smart contracts could fail.
> when things inevitably go pear shaped
If you really believe all of these contracts will inevitably go pear shaped, are the billions not enough incentive for you to go find the bugs yourself?
> It’s interesting the folks with piholes and boobie trapped routers are the first to get behind this idea.
Yes, these people are called "early adopters". They're excited by new technologies, even when they involve risk. You should try it sometime.
That's a means, not an end, and has no intrinsic value. Any value it has is extrinsic - derived from its applications. Of which there are none that are better handled that way.
TCP/IP has no intrinsic value either. What's built on it has value.
> ...withdraw/transfer/borrow/lend with no possible downtime or fraud is extremely appealing.
Really? No possibility of fraud? Are you sure? Might want to click through the link at the top of the page. Didn't half of DeFi go down with AWS? Didn't Solana get DDOSd and also have to get rebooted recently? Can't you nuke any NFT on OpenSea from orbit by filing a DMCA complaint with Google? I suggest this position is aspirational... at best.
> If you really believe all of these contracts will inevitably go pear shaped, are the billions not enough incentive for you to go find the bugs yourself?
That's not my area of expertise, but there are plenty of folks for whom it is. I trust this task is in good hands already.
> Yes, these people are called "early adopters". They're excited by new technologies, even when they involve risk. You should try it sometime.
I do, when those new technologies have value. I've been daily-driving Rust since 2015. I've been following crypto since 2016, I've used a number of chains a number of times. I heated my condo mining ETH for a while on a 3090. Closed out the position via dex. It's pretty dang pointless. Not everything new is good.
What problem can it solve that a central database can't?
Half the scams I've seen are stopped because a central 3rd party (like OpenSea) refuses to deal in the "stolen" property. At which point, there's no decentralisation.
Look, I'm pro-decentralisation and pro-cryptography. But no one working in your space has built anything which has convinced me you're on to something brilliant.
I hope I'm wrong though. Because if not - an awful lot of money, talent, and goodwill have been wasted.
Don't you dream of doing work that people actually use ?
Charity is when the taxpayers failed :(
And I'm glad at least you helped people buy clothes, that sounds more rewarding than selling them debt and misery :) And I've sold personal loans, I know :D
It's like working as a food expert at Herbalife. Sure it must be interesting to invent new receipe, but can you really Van Braun your way out of what misery you're helping produce just because it s fun to optimise the Haskell compiler ?
Another way to say it: project yourself 5/10 years in the future and the entire thing collapsed. Everyone knows where you work and what you contributed to: was it worth it, net? Did you learn more than the suicide rate of the people losing their savings cost ? You can leave now, imagine you're an employee of Theranos a year before Carreyrou.
My mind isn't made up. But I'm struggling to find use cases which fit the Blockchain model.
Phone credit based economies still exist in Africa. They have internet but no banking infrastructure. Using a blockchain allows people to create accounts and build a credit history as opposed to phone credit balances.
The Gates foundation mentioned a lot of pain points in direct giving was the fees taken along the way. Again, something that could be looked at with crypto.
Digital licenses - they aren’t transferable because the resale market doesn’t give returns to the creators. With NFT licenses you could trade them with fixed royalties going back to the creator.
Etc
One killer feature that doesn't get nearly enough hype is uptime. Check out these stats: https://www.buybitcoinworldwide.com/bitcoin-uptime/ The last incident to cause downtime for bitcoin was in 2013. Ethereum has never had downtime.
Another is speed. People like to talk about how slow web3 is, but even Ethereum is super fast compared to a traditional banking transfer. Traditional accounting isn't expected to be instant, so it has a lot of waiting periods and days-long SLAs.
Also trust. Not everyone can trust their local bank or local government. And even if they can, why should the default preference be to have a company with a spreadsheet tell me how many assets they have marked to my name? I'd rather have a decentralized ledger that doesn't require me to place my trust in an individual company or government.
You can't really build these features without some sort of "blockchain". You could try to put together a consortium of companies or individuals to run a shared database with consensus and vote about administration, having it backed by contracts that would be enforceable by world governments. That'd get you 95% of the way there, but it'd still be less good than a public blockchain run by volunteers that provides the same trustless features.
Uptime is legitimately amazing. But when you look at the computational speed - a Raspberry Pi on a UPS is probably more powerful.
Trust is great. How do you do a chargeback on a fraudulent transaction on Ethereum?
There are some amazing theoretical gains for Blockchain technology. I hope they become practical in the near future.
If you believe that all the world is really the divine right of the queen, I suppose sending payments instantly within the UK is more than sufficient.
> Uptime is legitimately amazing. But when you look at the computational speed - a Raspberry Pi on a UPS is probably more powerful.
Way more powerful, but practically useless, as 100% uptime globally is the requirement.
> Trust is great. How do you do a chargeback on a fraudulent transaction on Ethereum?
Blockchains completely prevent chargeback fraud by simply not allowing for reversal of transactions. You might not want this feature if you're buying a cup of coffee, but it's very important if you're dealing with large sums.
But this submission got nuked. It went to #4 in an hour, and then disappeared. Maybe we need decentralized HN!
What do you guys work on all day long ? How to convert a DOGE to USDT to BTC then to a bored ape NFT looking to the right ? Hope you dont work at SafeMoon or other such "project" you guys call "crypto" because there's 1 hash function somewhere and one key elsewhere :p
You see, this is the issue I have. This is just twattish behaviour.
> What do you guys work on all day long?
Pretty interesting problems. In the last year or two I've worked with some of the founding designers of Haskell on compiler profiling. I've heard from Leslie Lamport on using TLA+ to formally prove consensus algorithms. I profiled worst-case-performance of cloud infrastructure across the world. Stephen Wolfram and Vint Cerf gave internal talks to us at monthly learning sessions. I've written systems code in Rust, Haskell, Golang, F#, and multiple other 'cool' languages. I got to ask the guy who introduced monads to functional programming wtf is a monad? I spoke to SPJ about programming. Been taught property-based testing by the creator of QuickCheck. Etc... It's a really cool space if you like tech with some great minds in it.
Sounds a lot like university, what do you guys produce as a result ? Do you work at BlockOne, I hear a lot of such dilettante feedback where work is more about learning fun things at random without any specific purpose. I mean from compiler profiling to property testing, do you have time to focus on a tight deadline ? How many systems do you focus on, if you have to touch 4+ languages just to apply a change ? I hope at least it's not each end to end feature that requires all those languages -_-.
But at least, good you accept to work on all of them, problem where I work, where we do more classical Python/Java/C#/JS,is I have trouble to convince my colleagues just to touch a second one and de-specialize.
Perhaps you should look at why people become anti-crypto. Most of us have had bad experiences with it and have decided that the problems outweigh the benefits.
I still think it's an interesting experiment, but I won't invest another cent in it.