this post was submitted on 15 Apr 2025
1488 points (95.9% liked)
memes
14327 readers
2901 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Reminds me of Blockchain
It's not a fake or fundamentally useless technology, but everyone who doesn't understand it is rushing to figure out how they're gonna claim to use it.
Yeah, when someone just describes blockchain, saying "I guess we could use it for supply chain tracking or healthcare tracking or whatever" is a reasonable first impression.
The problems show up the second you start thinking about how to actually implement the damn thing. You don't need a blockchain for logistics or healthcare tracking. It has no inherent advantage over regular databases. It doesn't solve organisational issues. It's just a slow trustless distributed append-only database. It's good when you need a trustless distributed append-only database! Most people don't need one.
Same thing with AI technologies, just a bit different in that it's somewhat more useful. They're good and useful technologies and they have plenty of perfectly valid usecases. Then the tech bros started going "Maybe we could use AI for some weird wacky obscure niche and charge a lot of money for it?" or "we're going this wacky crap whether you want it or not, we don't care what it's necessary for us to do to make it happen, and we'll charge a lot of money for it".
https://hbr.org/2022/01/how-walmart-canada-uses-blockchain-to-solve-supply-chain-challenges
So: A company had a problem with invoices. They made an invoice management system. The problem was solved. Wow. Never saw that coming.
Without the details, it's hard to see how blockchain specifically was the magic ingredient. Not saying it wasn't, just saying this was already a problem that was solved long before the blockchain.
The invoice management system is owned by the whole supply chain. It is not a database run by walmart.
The problem wasn't solved before blockchain because centralized databases do not have the administrative flexibility to respond to a changing supply chain. A central administrator only sees one layer deep.
What if - hear me out - you build a centralised database, and then give appropriate access to all of the actors in in the system? Like most people have been doing forever?
And isn't updating one centralised system actually more flexible than trying to manage a distributed system? Changes can easily be rolled to production when you only have one system to worry about.
What if the actors don't know they will end up on your database? What if they decide to sell the end product to someone else? What you want to access the database of someone else without needing read permissions?
No, because this centralised system is tailored to one particular stakeholder.
Oh yes. Centralised systems are faster cheaper and easier to maintain. But they are untrustworthy, inflexible and dominated by a single stakeholder.
I had to rewrite this because it got eaten by the browser. Sorry if this appears as a duplicate or something.
The whole point of the system in question was that the relevant invoice information is stored in the database. Doing business with companies generally involves clearly defined contracts. This is an organisational issue, not a technical one, and blockchain doesn't solve it.
If you mean that this system is harming the other company's ability to engage in business with others, that company is only required to use the system to do business with the company that implemented this centralised system, because that's the big company's way of doing business. If you mean that selling end product to someone else would violate some kind of contract, that activity is happening outside of the system to begin with. This is an organisational issue, not a technical one, and blockchain doesn't solve it.
This is a design issue, not a technical one. Nothing prevents designing the centralised system in a way that information is available to parties that need it. Nothing prevents the other company adopting a policy that such invoice information is publicly available. Blockchain doesn't help or hinder this either way.
But nothing prevents it being tailored to all stakeholders. Again, this is a design and organisational issue, not a technical one, and blockchain doesn't inherently fix this. In traditional business systems, if some of these stakeholders have special requirements, these can be bridged over through interoperability, rather than building an unified distributed system. Invoice numbers go a long way. There's a reason why DBAs spend a lot of time thinking about primary keys and unique identifiers.
Disagree about the latter two and I already addressed them. Trustworthiness is, again, a thing that blockchain doesn't solve. "Trustlessness" only guarantees data/transaction immutability, it doesn't guarantee organisational problems like fraud (as cryptocurrency market demonstrates). And if you don't trust a company in organisational sense, why do business with them to begin with?
Traditional invoicing is bilateral. You have no idea about the components that make up the end product being invoiced. Solving this is both organisational and technical.
Not if you are looking further up or down the supply chain. Someone providing components will not be able to predict the final destination so will be unable to interact with the correct proprietary system.
If access to that system can be altered at the whim of the database owner then it is unacceptable
If information needs to be published in a public, immutable, traceable manner. Then Blockchain is the only technology that can solve this.
If it can be altered then there is no guarantee if business for stakeholders. They will not engage.
You are now describing Blockchain technology. Primary keys are held by each stakeholder and uniqueness is cryptographicly guaranteed.
So blockchain does solve it.
Nor was this claimed.
Because you want money. Businesses want a solution where trusting a particular organisation isn't necessary.
What you're talking about is using technical solution to mitigate problems in the organisational level. There's little you can do on technical level to 100% ensure that invoice information is correct and matches what is actually happening in the real world. Blockchain doesn't solve the organisational side of this, nor does it bring anything new to the table.
If you want the entire supply chain to be covered by the system, you have to either build one giant big traditional system to manage everything, or (the blockchain variant) one giant big blockchain system to manage everything. Or - hear me out - a series of interoperable systems, which is how things generally work.
By the way, I didn't remember this earlier on, but what do you do in cases where the supply chain is deliberately opaque? What if this information is something that companies cannot, for one reason or other, share with one another? Not necessarily a nefarious reason, but sometimes it is. There's plenty of companies that definitely do not want to discuss where their products originated in, even internally. Walmart included, it seems.
But nothing stops them from accessing (and copying) the information while they have legitimate access to it! Nothing stops publicly available information from being mirrored either. Archival of such records is usually considered to be a good thing. Also, perhaps at this point unsurprisingly, it can be done without a blockchain.
And what do you propose happens when the blockchain just straight up isn't accessible anymore for one reason or other? Nothing in blockchain specifically ensures this kind of longevity. All it does is say "hey, here's some data, it can be easily copied to another node", which isn't special in itself. It's the same problem as mirroring data by other means.
Cryptographic signatures are a thing, you know. Nothing prevents people from adding signatures on publicly released documents. Ensures integrity/source. Publication can still be covered by other means.
Again, hard forks in cryptocurrency world would suggest blockchain isn't a magical solution to this problem either.
So you do see there's no difference between the two things. For practical purposes it doesn't matter one bit if you're tracking an invoice by an invoice number or by some cryptographic hash identifier. Exactly what I was saying: blockchain doesn't improve things one way or other here.
Um, no, it doesn't. Trustworthiness is a social concept, trustlessness is a technical one. Blockchain can only ensure trustlessness, it can't ensure trustworthiness. Fraud happens outside of the technical domain. That was my point.
You claimed centralised systems are untrustworthy. You failed to demostrate how blockchain systems by contrast are trustworthy.
I'm just saying blockchain technology, while trustlessness, has so far failed to create a trustworthy economic platform for cryptocurrencies.
How do you propose blockchain technology can create trustworthy system of any other kind through technological means, then?
But as the cryptocurrency market has shown, blockchain by itself cannot prevent fraud. So blockchain so far isn't a solution for this problem, then?
No. Blockchain is for solving intraorganisational problems. I.e. How can the invoices of your suppliers be made available.
This is known as the Oracle problem.
But they don't work, because one cannot confirm who entered or manipulated the data, or whether the data has been altered in a malicious manner.
This is where Zero Knowledge is used. A trusted third party (C) certifies some data as correct (I.e. a birthday) then the supplier can then create a proof that all their employees are over 18 as certified by (C) but the actual ages are not disclosed.
True with or without blockchain.
Blockchain controls access without needing to set up authentication for all users.
If availability is important then you run your own node. You also choose a flavor of blockchain that has very little downtime.
Agreed, blockchain creates permanent immutability, it does not guarantee permanent availability.
Agreed, cryptography defines ownership, hash linked lists defines immutability. The two together (with a validation engine) defines blockchain.
Ensures integrity/source. Publication can still be covered by other means.
Hard forks are not a big problem. You just choose a fork to support.
From an internal organisational perspective, yes.
But the invoice number from company A will not match the invoice number from company B. Nor can it be seen by company A that company C provided parts to company B
From a multi organisational perspective exposing a globally unique hash tree is much more controlled and useful.
Agreed. Blockchain immutability documents fraud, but it doesn't mitigate it.
Centralised systems can imperceptibly alter their databases and calculation algorithms. Blockchain systems cannot.
Blockchain systems are mathematically verifiable. As a platform they are entirely trustworthy. The value people put on that trustworthiness is an entirely different subject.
It eliminates accounting fraud. It has never claimed to eliminate all fraud.
It's an excellent solution for audits.
But it doesn't solve these problems. It's one thing to say that maybe blockchain can give you tools to facilitate intraorganisational problem-solving. It's entirely another to say that it solves the problem. That's salesman talk, not system designer talk.
Yup. One of the problems blockchain doesn't solve. Can't fix organisational problems without organisational effort.
Make logging changes a design requirement, then. Nothing stops people from documenting the changesets. Cryptographically hashed and signed, if you're feeling paranoid.
Zero Knowledge isn't a "blockchain" solution, it's just a cryptographical solution.
(I keep mentioning this because we've seen plenty of this in blockchain hype. Blockchain proponents keep raving about how blockchain fixes everything, while forgetting that the solutions they're talking about are cryptography fundamentals that predate blockchain stuff by decades, and can be actually used much more efficiently in non-blockchain solutions.)
And, of course, it's functionally equivalent to the company staff sanity checking things, which - let's face it - they have to do anyway. It's no improvement over non-zero-knowledge solution.
Never mind that this doesn't address the opaqueness of the supply chain at all. Just because you have a trusted adjudicator doesn't mean deliberate fraud doesn't happen. I'd argue relying too much on technical system do the adjudication can actually sometimes be worse - "the computer says everything is good" is a great way to increase complacency about the procedure.
Any other ideas?
Precisely. So blockchain offers no advantage either way there. Glad we agree there.
Now that's genuinely fascinating - exactly how does that work?
If you don't set up any authentication for particular items, then how do you control access? Isn't setting up access control by definition dependant on some kind of authentication? If the users aren't identified, how is this different from the information being available publicly?
More importantly, how is this enabled by blockchain specifically? My own knowledge is mostly from public blockchains, and those obviously have no access control whatsoever, the entire ledger is public, duh.
Can you give me concrete examples of this kind of system in use?
This can be done much more efficiently by just mirroring the data directly. If availability is important, your average content delivery network just obliterates the throughput of all blockchain solutions in comparison. Just have the data mirrored on geographically nearest datacenter! Or the server in your closet, if you want!
So if you regret signing a contract in this fancy supply chain blockchain, you can just choose a new fork to support, one without this contract?
This is why you have to actually think about what happens when actual users are using the system, sometimes with malicious intent. If the designers are immediately saying "it's not a big problem" to some issue that has already caused big problems elsewhere, you just can't ignore that. That warrants scrutiny. That's salesman talk, not designer talk.
Umm, how is this different from enacting a policy that states that invoice numbers have to be globally unique and have to follow a certain format?
Surprise, if you are actually designing a massive system, this kind of design requirements come naturally. You just identified the problem - companies A, B, and C don't have common standard for invoice numbers. Solution: Make sure they all do that in the next iteration of the system. And you can even make that a cryptographic hash if you fancy!
So I take it you agree blockchain solution is not trustworthy in itself, then?
If fraud happens, then you need actual organisational level investigation anyway. If your system has the verifiability functionality, then you certainly can document fraud.
Speaking of which:
Verifiability (as part of trustlessness systems) isn't the same thing as trustworthiness in the organisational domain. We already went through this.
Also, mathematical verifiability isn't the same as organisational verifiability. No amount of hashing will say the contracts you're operating on are valid at the organisational level. So you need the organisational policy to determine whether the information is trustworthy anyway.
You said that blockchain documents fraud but doesn't mitigate it. This is correct. Blockchain system would leave a record of a mistaken or malicious entry. But it's still going to be there at the end of the day when the problem will be sorted out at the organisational level.
By the way, again somewhat unsurprisingly, nothing stops centralised system from being verifiable and immutable. There's one massive example of this: Git.
It coincidentally uses the same cryptographic building blocks as blockchain systems: hashes and Merkle trees. Changes are verifiable through hashes, changesets are immutable through Merkle trees. But instead of trying to build automated consensus mechanisms or access controls, ultimately, Git solves trustworthiness problem entirely differently than blockchain systems: users have to implement access control, users have to verify incoming information. All trustworthiness questions are answered at the organisational level where it belongs. Also, Git works both as a centralised system and as an interoperable system, because, again, workflows are settled at organisational level where they belong.
What a massive hand-wave. "Oh, this system is theoretically safe. Unless people want to actually use it. Then it kinda depends." Or: "Oh, the actual usage of the system is out of the scope of the design."
Blockchain advocates put way too much emphasis on the theoretical viability. People who build actual systems that actual fallible end users use tend to put more emphasis on all of the factors that go into designing the system. You have to consider the ways people can break the system. You have to address organisational problems. You can't handwave it away as being out of the scope.
It doesn't eliminate accounting fraud - as we just discussed, it only makes the fraud evident. Or as you said, "blockchain immutability documents fraud". In other words, you can see if someone tried to mess with things, but it's still up to the organisation to actually do something about it.
That's what I've been trying to tell you when I said technical solutions can mitigate problems, not solve them. If the system has verifiability built in, then that's a technical solution that helps audits. And you don't need blockchain for that.
Now it's the English language you are picking a fight with? I will happily state that Excel solves my accounting problems.
Add in verification of changes according ru a strict set of rules and you have reinvented blockchain.
It is blockchain compatible. Essential for most layer 2 blockchains. Anyway I only introduced it because you asked about privacy.
But it took decades for someone to realize that these technologies could be covid combined. Neural networks were first proposed in 1944
Not at all. The proof is entirely separate from the underlying data.
It's game theory. The only thing an auditor really sells is their reputation.
Pre defined rules set by smart contracts.
No. You don't necessarily need to know anything about whoever is interacting with your blockchain.
Because the information is limited to a subset of users, who's identity is not needed.
Via private keys and hashed data.
Smart contracts control access on a case by case basis. Only the hash of the data is registered on the blockchain.
https://en.wikipedia.org/wiki/Commitment_scheme
That's exactly what each full node does. The node also checks that the current state is coherent which is a stronger requirement than a database mirror.
No. Consensus mechanisms usually make this prohibitively expensive to do, even in the short term.
Because that policy has to be enforced in an immutable, attributable way by a group of actors that don't trust each other.
You are so close. The natural design limit of this massive database/computational system with common standards where no single actor has control, is a blockchain.
Data internal to the blockchain is 100% trustworthy, otherwise new blocks could not be verified.
External data added to a blockchain is transparent and traceable, but requires additional verification to be considered trustworthy. Fraud is identified by these additional non blockchain processes.
Git is decentralized. Everyone has a copy.
If you enforce signing of git commits and only accept data in commits that follow strict rules linked to signers public keys, and create a mechanism to eliminate forks, then you have a blockchain.
Again. You are so close. Follow this thinking to its logical conclusion for an industry wide database/computer where actors can join at will, and you will end up designing a blockchain. .
The block calculations (the accounts) are transparent and verified by all nodes. Accounting fraud is impossible.
If you want a technical solution to scale across multiple untrustworthy entities, that has verifiability, immutability, accessibility and transparency, then you will end up designing a blockchain.
[Continued from the other reply]
Verifiability is not the same thing as trustworthiness. I believe I already said that.
Which is a long way of saying organisational solutions are needed for organisational problems like trustworthiness.
But not every Git repository that is cloned elsewhere is meant to stay identical. If anything, it's more of a federated system than a decentralised monolithic system, with each of the clones just doing their own thing.
Git repositories can work independently and local branches can do local things. Nothing in it forces everything to be committed to a "single ledger". Nothing about Git works on technically enforced "consensus". It just gives users the ability to make sure that if they choose a common branch, then they have the ability to build on that.
But nobody implements it that way. Especially the part about eliminating forks. The ability to create forks and branches in Git repositories is considered a feature.
In blockchains, they're considered undesirable, yet they happen anyway, because of bugs and users and developer meddling.
Again, you really shouldn't be going "well, this solution based on decades old technology kinda looks like blockchain if you squint a little bit."
Or you don't! Based on the above, if someone manages to build a system like that without blockchain, I'm sure you'll be there saying either "well they should have built a blockchain" or "it kinda vaguely looks like blockchain to me".
I brought it up only because you seemed concerned that privacy couldn't be achieved using blockchain
Yes, Blockchain is a bridge on the shoulders of giants, but before this bridge existed the practical implementation of an autonomous database didn't exist.
Sanity checks are very different from zk proofs. You can't sanity check to confirm that everyone is being paid the minimum wage.
That blockchain and zk removes the need for the auditors to confirm blockchain output. Only external data input requires verification.
This is the value put on blockchain data, not the integrity of the data itself.
There wasn't another fork where the hackers kept their loot. Consensus won.
This is just one example: If the on-chain contract gives permission to view the archive of a particular hash then the off-chain database encrypts the archive matching the hash with the requesters public address and makes that publicly available.
Not if the viewer can be anyone (or thing) in the world and that viewer has reason to distrust the integrity of the centralised database.
When you want to restrict access, but you don't necessarily want to define in advance who can read/write/modify (usually the latter is restricted but read is open). Usually write access is granted in exchange for cryptocurrency.
The data is immutable and highly accessible. It is also usually within an ecosystem of other similar data where synergies exist. The network effect is impossible with centralised databases.
True for read access. Not for write.
You still have authentication, but it is controlled in a decentralized manner (smart contracts) not by a centralised, possibly untrusted, entity.
The public address is known, but not the identities. A Know Your Customer type service can be performed if real world identities are essential.
This is just an array of public addresses. You can be as simple or sophisticated as you like with how you add to this.
It's decentralized access control and IDs.
Anyone can pick up a key and create their own access point, but in a manner that is integrated with everyone else's database.
We've added a database layer and a verification algorithm on top of TLS.
The key difference is the how combination of old technologies are integrated.
But just doing that you are missing the immutability and data verification side of the solution.
It's better because access is granted without having to ask permission of the database owner.
https://hbr.org/2022/01/how-walmart-canada-uses-blockchain-to-solve-supply-chain-challenges
https://toucan.earth/
https://www.energyweb.org/
https://opensc.org/
Taken independently, each component of blockchain can be implemented more efficiently in a centralised manner. Blockchain is for when you want a certain group of properties to exist concurrently.
But they don't think about accessibility or immutability. To scale across an industry you need everything.
They are now not frequent enough to be a problem.
On your own, yes.
It's the combination of properties blockchain offers cannot be achieved with traditional systems.
All the components are old but the combination is new.
If you want computation immutability and there is no centralised authority then you end up with blockchain.
In blockchain parlance a non identical clone is a fork. The consensus mechanism removes these. We agree Git is not blockchain, but I'm say that if we add enough constraints and it could be.
You brought up Git. I'm playing along with the analogy to aid your understanding.
I'm trimming this a little bit so that I don't have to repeat myself that much.
No, I've just watched marketing making unfounded promises long enough. Unfortunately, not a new problem in the software sector.
Like I said, blockchain proponents have way too many hand-waving hype salesmen and not enough people who think of the problems comprehensively.
Good for you. A lot of businesses use Excel as a tool that is part of the business process. Maybe I'm using it wrong, I just get an empty worksheet when I start it up. It doesn't actually solve my problems unless I actually interact with it.
Also compatible with everything else. So as we've seen in this discussion, it's not inherently a blockchain advantage and blockchain doesn't help or hinder this any way.
You're reciting that like some kind of religious history, St. Satoshi's Idea That Changed The World As We Knew It.
While in the actual reality, invention of blockchain was little more than an interesting chapter in the big history book of cryptography.
And were use in decades. Much like individual cryptographic concepts. This is all evolutionary leaps, not revolutions.
But company employees sanity checking the business data is also separate from the underlying data. They can hire independent auditors if something really fishy is going on. What are you getting at?
And as we've seen from history, reputation doesn't matter when there's enough money on the line. As we have seen from cryptocurrencies, people are perfectly willing to sacrifice their integrity and abscond with ridiculous amounts of money.
Incidentally, same goes with the technical solutions. Need I remind you what happened with The DAO and Ethereum in 2016? Someone messed with the blockchain, so the blockchain developers messed people back?
But smart contracts are just software (running on mining nodes) operating on data (in the blockchain). How do you control the access to the data?
And can't this be implemented more efficiently on centralised services anyway?
So why set up access control then? If you don't care about who is interacting with the system, why have access control? If you actually do care who has access to the information after all, how do you do that without authenticating?
And in what sense is this different from traditional publishing systems? If the information is available publicly, then it doesn't matter to the publisher who is accessing it?
But how do you limit the information to a subset of users without authentication? If their identities are not verified, how do you know how to limit that information to that set of users?
How do you create an "user group" without specifying who the users in the group are?
...If the users in fact do have keys, then that's just access control and user identities, isn't it? You can't issue people keys without knowing who they are, right? Otherwise it's no different from information being available in public, because then the keys can only guard the integrity. You've invented TLS from ground up. (Blockchain proponents reinventing old cryptography concepts and calling it a blockchain revolution really isn't surprising.)
Nothing stops people from using private keys and hashed data on non-blockchain systems. That's just bog standard identity management. So this isn't a specific blockchain solution, which was what I was asking about.
Smart contracts are just software that have distributed execution on the mining nodes. They don't inherently implement access control any better than software that is run on the servers elsewhere.
Oh wow, a cryptographic concept from 1988.
Anyway, that's not what I asked for. I asked for concrete examples of a system in use. Is this actually in use anywhere in a blockchain system? How does it work in practice? I'm genuinely curious.
Yes, exactly! Except less efficient, like I said.
Dunno, modern distributed database folks spend quite a lot of time thinking about ensuring consistency and working on efficiency. So do people who build centralised databases, but hey.
I'm don't follow, sorry. Are the hard forks not a big problem and you can easily choose which fork to support, or is doing so in fact prohibitively expensive to do?
Because as far as I can remember from cryptocurrency scene the former was certainly true, people were more than willing to settle on opposing camps over ideology. Would be a shame if that happened on a super serious business-application blockchain over some departmental or organisational kerfuffle.
You know what, we're going in circles. I try to get to the bottom of why something blockchain related can't be done with traditional systems, you respond with another buzzword that's still nothing that can't be done in traditional systems, and the cycle continues. It's mildly frustrating.
I guess the only way to do this is to wait until this is actually implemented somewhere and then compare how these supposed advantages actually pan out in practice. I expect costly mistakes in that field, but at least they'll be costly mistakes other companies can learn from and avoid.
Oh, you're so close. People have been building these kind of systems successfully for decades. Now blockchain proponents are showing up and saying "hey, we have a new solution", and it turns out it's just the old solution again.
Your problem is that you think you have something new here. It's not. Blockchain is just a slow distributed database. It's one solution for a specific niche use case most systems designers don't run into, and if they do, they have other solutions that almost certainly work better depending on what they want to accomplish.
There's nothing "natural" about ending up with a blockchain. All you can argue is that it's natural to end up using cryptographic tools. Because they're tried and true solutions with decades of work based on them, just like all other business system blocks used in traditional systems. They're not manifestations of divine ideals whose time has finally come, or somesuch.
[Hit comment size limit, continued in another reply]