Hi Rob,
I'm back from the previous time, since I saw the announcement for PoDC I stopped calculating the numbers for PoL, I've read the new proposol for PoDC and have some concerns.
First of all, I think it's a great idea to want to help scientific research, however I don't think the current proposel meets the criterea to remain a fair crypto currency. Relying on a single entity like BOINC to maintain a database of shares for mining even when verfied by a consensus system like masternodes would centralise the crypto currency and would allow hackers to unfairly edit the blockchain.
Not only does this open the risk for BiblePay to be compromised, it also makes BOINC a target for hackers looking to make money, you mention in the wiki that you the developer will intervere if something doesn't seem right in the BOINC data however this would still centralise the coin around you (not that I don't like you or trust you Rob it's just a bad idea from a security point of view).
The current proposal is untennable it centralises the blockchain in an unhealthy way around BOINC and the developer; Satoshi Nakamoto wrote Bitcoin the way it is because a crypto-currency should require no trust it should be verifiable and decentralised in my professional opinion the current proposal unfortunatly does not meet these criteria.
I am however a big fan of using blockchain technology to help scientific research, we could perhaps integrate such functionality in to the pool (subsidising those who do research), or perhaps we could open a contest to see what ideas the community have in order to further the goal of helping scientific research without bringing the network in danger.
Hi Swongel,
Thanks for the concerns. Yes, I have addressed all of these (no new concerns posted here), and will give an opinion on each risk.
"I don't think the current proposel meets the criterea to remain a fair crypto currency. "
-> Assuming you mean using proof-of-dc as a consensus would not allow us to be mined fairly
"Relying on a single entity like BOINC to maintain a database of shares for mining even when verfied by
a consensus system like masternodes would centralise the crypto currency and would allow hackers to unfairly edit the blockchain."
-> I've studied this for years now (no seriously, Ive beein a boinc researcher for over 5 years and used Gridcoin for mining for years before creating Biblepay), and have come to the conclusion the risk of hacking into the Rosetta SQL server is low. (It has NOT happened to Gridcoin yet- all that happened to them was something to do with neural consensus security). Also let us clarify 'single entity', as Rosetta has tens of management servers, and we gather the credits from the daily Rosetta credit dump files on their web farm, not from a single centralized entity other than Rosetta. There is no way for me, Togo, any Biblepay admin to edit this file, and it is downloaded by 10% of Biblepays Sanctuaries and voted on by the Sancs, and it is downloaded from the Rosetta farm, not from a single entity.In addition, I assert that the way we pull the daily total credit and RAC numbers, we could detect and eliminate most hacking attempts (where numbers have been modified, as the constituents per host wont add up to the last totals or avg RAC), and if a layman were to hack in to the Rosetta SQL credit servers, that is most likely what would happen. I havent seen it happen yet.
"it also makes BOINC a target for hackers looking to make money, you mention in the wiki that you the developer will intervere if something doesn't seem right in the BOINC data however this would still centralise the coin around you (not that I don't like you or trust you Rob it's just a bad idea from a security point of view).
"
I don't see a risk here, because Rosetta is serving millions of users, and the integrity of their SQL server is paramount. If its been hacked, it will become obvious in our reports, as something will not match. Id rather focus on writing reports that ensure all the numbers roll up correctly.
In summary, I view the use of Rosetta/BOINC a good tool to divert wasted heat from POW mining to something useful, the RAC we harvest in the Sanctuary Quorum accurate per researcher, and very hard to hack (as hard as someone hacking into Kelloggs to change the cornflake text)
and finally this is the big one:
Comparing pure-POW, DC, and POL: DC beats pure-POW with the botnet any day, as right now in Prod, using the holy grail of security (IE the Status Quo, Bitcoin-heat mining) we have 93% of our traffic being solved on an "anonymous botnet" some where between Russia and China and our pool of registered users only solves 7% of the traffic. Meaning that technically 93% of our POW budget is going down the toilet.
Even if the DC system was hacked twice a year and I had some extravagant report detecting and kicking off anyone with more than 100 machines in cancer research I argue that would be 10* better than what we have (it would be over 90% accurate), we would have diverted 90% of the heat into useful science. And finally, its easier to be nimble with DC than with POW. The cat & mouse game is almost impossible with a hard fork miner. With DC we have years of work being poured into the CPU algorithm, that is almost impossible to duplicate the work unit scanning result of a protien fold. What am I talking about? Im saying that 100 developers spent 5 years of time and effort to stack libs on top of medical libs into the 79 meg EXE, to calculate the results of a protein fold. Those results are sent to the rosetta server for analysis. Rosetta only approves the work units that pass vigorous testing. Thats like having a team of 100 devs + 10 admins running the decentralized "credit checking algorithm" of an advanced scientific cancer-mining system offloaded from our core. Give it a chance, I think time will bear out the fruits of the system.
And finally there is no way for me to step in and edit anything - 10% of the sancs pull the file from Rosetta, and hash it, and vote on it. All I can do is send a SPORK in to disable PODC (thats if we find out Rosetta was compromised). Then I can re-enable it when we find the system is back up.