Friday, June 16, 2017

Nice article on the Ethereum hack

Earlier this week, Bloomberg journalist Matthew Leising's in-depth article about the Ethereum smart contracts incident was published on the Bloomberg site: Ether Thief Remains Mystery Year After $55 Million Digital Heist

It's an interesting article; it's as much about social organizations as it is about computer organizations.

Once Van de Sande got in touch with Green in Germany, along with two or three others, the foundation was laid for what would become known as the Robin Hood group—white hat hackers who’d devise a bold good-guy plan to drain the remaining DAO. To save the DAO, they’d have to steal the remaining ether, then give it back to its rightful owners.

And yet as they scrambled that Friday, qualms emerged within the group. “What does it even mean to hack something?” Van de Sande asks. No one knew if what they were about to do was legal. Also, wouldn’t their hack look just as bad as the theft they were trying to stop? Then there were the practical issues. “Who pushes the button?” he remembers wondering. Doing so would initiate their counterattack and alert the community. “Someone has to push the button.”

The blockchain concepts are absolutely fascinating to me, although I became obsessed with learning about the blockchain in a rather odd way; I arrived there by studying how git compared to Perforce.

The basic notion of the blockchain is also the under-pinning of the most important versioning software in the world, git. There are many ways in which the two algorithms are similar. The most important way in which they differ is that git is designed for use by people who desire and intend to collaborate; the blockchain is designed for use by people who don't. Danno Ferrin does a much better job of explaining this here.

Some of the best coverage of Ethereum and the DAO, I think, comes from Bloomberg's Matt Levine, who has been writing about this topic for several years, including this excellent article from a year ago: Blockchain Company Wants to Reinvent Companies.

As Levine has pointed out, and continues to point out, efforts like Ethereum and the DAO are full of algorithms and computers and science, but they are also inevitably inter-twined with the social interactions of the human beings that want to use these algorithms:

Smart contracts are cool! Companies are weird bundles of contractual relationships that have become stereotyped and calcified over time, and re-imagining those relationships for a new and more technology-enabled age is a good project. But companies aren't just networks of contracts; they aren't pure agreements negotiated freely between willing participants and no one else. They are also structures that are embedded in society, with rights and responsibilities that are regulated by background rules as well as by contracts. The blockchain-y reinvention of everything in the financial world -- money, contracts, companies -- is fascinating and impressive and, viewed from a certain angle, adorable. But sometimes it could stand to learn from what has gone before. After all, the elements of finance -- money, contracts, companies -- have already been invented. Perhaps their historical development might hold some lessons for their re-inventors.

Note that, when it comes to re-inventing, you'll see that many of the links from Levine's year-old article no longer work. Web sites get re-invented all the time, as people change their minds about what they think and what they want to say.

With git and Perforce, recognizing that software is not just pure science, but exists to serve the goals of the human beings who use it, lends depth and nuance to the analysis and comparison. Yes, it's cool that everything is a SHA; on the other hand, have you ever looked at two indirectly-related commit SHAs and tried to understand the underlying history that led those repositories to get to those states? Less-efficient systems may be much easier for humans to use.

Blockchain systems often suffer from similar chasms of (un-)usability, as Leising observes:

Who, exactly, were they at war with?

No one really knows, but there are some clues. One address the attacker used is 0xF35e2cC8E6523d683eD44870f5B7cC785051a77D. Got that? Like everything else in a blockchain, a user’s address is an anonymous string of characters. But every address leaves behind a history on the blockchain that’s open for examination. Not that it makes sense to 99.9 percent of humankind, but Green gets it.

It's just an algorithm, it's just code, and it is completely accurate to note that there is a complete "history on the blockchain that's open for examination." (It's just as true with git.)

But as Levine points out, the most interesting aspects of all of this are not really the technical ones, but the human ones:

"What does it even mean to hack something" seems to be the key philosophical question of the DAO episode, and I submit to you that you probably don't want to invest your life savings in projects that raise philosophical questions like that. If your bank ever said to you "well, what does it even mean to hack something," you would worry. You know what it means! It's just that, with the DAO, the code didn't know what it means, and the whole point of the DAO was to substitute the code's judgment for yours.

And here, then, is one of the crucial differences between using git, and using a blockchain system. With git, if somebody does something disruptive, like a merge instead of a rebase, or an unwanted force push, the community using that particular collection of repositories collaborates and cooperates to repair the damage.

But blockchains are intentionally intended for situations where the users explicitly do NOT collaborate and cooperate. And, in Ethereum, there is a challenge, because some people viewed the hack as damage, and wanted to undo it, where others did not, leading to the situation described by Leising:

Then something else unexpected happened. The original ethereum blockchain, the one with the DAO attack in it, kept growing. Imagine a hard fork is a branch of a tree that sprouts in a different direction at the end of the main limb. The end of that limb is supposed to wither after a hard fork, but here it continued to grow as a small group of users continued to process transactions on that version of the blockchain. Instead of dying, this became a second form of ethereum, quickly dubbed ethereum classic, complete with a digital currency that now had value. Even in the science fiction world of blockchain, this was an unprecedented turn of events.

Computers are fascinating. Algorithms and software are fascinating.

People are more fascinating still.

No comments:

Post a Comment