
Facebook Libra Is Architecturally Unsound - nuriaion
http://www.stephendiehl.com/posts/libra.html
======
pron
The answer to the question implied in the article -- why does Libra make such
unjustified design decisions -- is simple. Some people have become enamored
with blockchain despite it having almost no good use cases, and this certainly
isn't one. It seems like a classic example of focusing on the technology
rather than on the problem.

\--

Regardless of the other, far more important sections of this article, I find
the section about the programming language misleading. Programming language
theory does not study the quality of programming languages or their
suitability to certain tasks. It is simply outside the purview of the
discipline. PLT does not have any tools whatsoever to determine which language
is more or less suitable and it is not interested in that question. The theory
studies the properties of formal systems and the _internal_ implications of
their design. Much like mathematics can deduce from the Peano axioms that 10 >
5, but it says absolutely nothing about whether 10 is "better" than 5 because
the answer to that depends on context (are we talking cookies or tumors?) that
is simply outside the purview of mathematics. Similarly, PLT can say whether a
certain formal system is sound or not, but it says nothing whatsoever about
whether soundness is "good", "bad" or neutral, and certainly not _how_ good or
bad it is. Of course, programming language theorists have opinions on the
matter, but those opinions are not supported by the theory.

Also, given the other glaring flaws, there is nothing to suggest that a formal
definition of the programming language would improve matters in any
perceptible way. After all, we do entrust the world's monetary system, and
sometimes even our lives, to software written in programming languages that
don't have a formal definition. As someone who studies the issue of software
correctness, a formal definition of a programming language is certainly of
interest to theorists, but it has not been shown to be a particularly
worthwhile means of increasing correctness.

~~~
K0SM0S
If you may spare a minute, I'd like to know your opinion on mission-critical
software in dangerous-prone contexts (such as avionics, life support, even
just economically for permanently-written "ROM" software, etc). Formal methods
seem required in such projects, but your final paragraph seems to imply the
formalism isn't key to end quality?

(my agenda, for transparency: I want to send SOC's in space on tiny RISC-V
satellites, and the lowest layers of those should be 100% error-free because
there's no going physically there to reboot a working shell, remote is all we
have.)

Regarding 'love' for blockchain, I think it's the basic proposition of "100%
accurate data that cannot be controlled by anyone" that seduces. The 'cost' of
that in performance becomes a nagging second concern. It gives people a
feeling of safety if no other party, not their bank nor family nor employer
nor anyone can alter their data, their transactions (whatever the kind,
financial is but one use).

Whether blockchain is the only way to achieve that is another matter, but
(afaik?) so far it's the only working implementation of the concept of
perfectly secured data. I think that's what drove people nuts. I also think
Bitcoin or currency in general is but one use case and a very impractical one
in the current financial environment, i.e. Earth circa 2019. I'd wager there
are much better avenues to explore, eminently non-financial in nature, such as
peer-to-peer 'free' communication, or formal (law, contracts) codification
(anything official and 'forever' until 'revoked'). No coin, no market, no
whatever but the benefits of a slow but 100% truthful database, for small data
(text fits quite well).

~~~
pron
> but your final paragraph seems to imply the formalism isn't key to end
> quality?

That's not what I said. I said that merely creating a verified formal
specification of a language is not in itself a good path to increasing
correctness, and I wouldn't focus on that as a significant cause for concern
given all others. But even when you use formal methods in the development of
your software -- and I'm certainly a proponent -- there are many formal
methods with widely different guarantees and costs, and some of them don't
require a formal specification of the programming language. Moreover, no
system can be 100% error free, regardless of verification method used. Systems
rely on hardware whose actual behavior can never be "proven" correct, and, at
best, only probabilistically matches the spec.

I personally believe that some formal methods can greatly improve correctness,
and do so affordably, but the question of which formal methods are worthwhile
when and by how much each of them improves correctness is very much an open
question.

> it's the only working implementation of the concept of perfectly secured
> data.

I strongly disagree. There is no such thing as "perfectly secure." Security is
defined with respect to certain threats (e.g. a hazmat suit can protect you
from poisonous gas but gives you no defense from bullets, whereas a bullet-
proof vest is the opposite), and blockchain is rarely the most secure with
respect to the most relevant threats in a monetary system.

~~~
AlphaWeaver
> Security is defined with respect to certain threats, and blockchain is
> rarely the most secure with respect to the threats in a monetary system.

Wow, this is a great way to frame this! What do you see as the largest threats
to the effective operation of a monetary system?

~~~
pron
I think this question is best answered by economists, and I'm certainly not
one. But blockchain does seem to interfere with some of the best regulatory
defenses against economic disasters.

~~~
rossdavidh
Blockchain gives the impression that the primary threat it is designed to
defend against, is a government deciding (like Germany between world wars) to
inflate their currency for whatever reason. So, not surprisingly, in order to
defend a currency against being decreased in value by a central authority, it
is vulnerable to all of the threats that a central monetary authority might
help you with.

Which of these threats you think is the more salient is, of course, a matter
on which people may disagree. I personally find the risk of a central monetary
authority devaluing my money, to be not one of my top concerns, but I could
understand why others might think differently (especially if they were in a
different country, that used a different currency).

~~~
kragen
Right, here in Argentina our currency has lost more than half its value this
year, and the US dollar has lost 96% of its value since the end of the gold
standard in 1973. I carry a Zimbabwe 100 trillion dollar bill in my wallet to
remind people what real hyperinflation is.

I don't think that's the main threat Bitcoin is designed to defend against,
though; I think there's a whole spectrum of confiscation threats, ranging from
thieves tunneling into bank vaults (I know a woman here who lost her savings
that way), to immigration authorities confiscating jewelry, to pirates, to
trumped-up "money laundering" charges. And of course if we're mentioning
Germany and World Wars, we must not forget the confiscation of Holocaust
victims' entire possessions, including jewelry and fillings after the gas
chambers. Bitcoin can't make genocide impossible but maybe at least it can
make it unprofitable.

~~~
dmoy
> the US dollar has lost 96% of its value since the end of the gold standard
> in 1973

It is more like 80-85%, not 96%. $1 in 1972 is $6-$6.5 in 2019. A 96% loss of
value would mean $1 in 1972 is more like $25 in 2019, which is not the case.

Also to phrase it in context you should probably say "the US dollar has had an
average annual inflation rate of 4% per year over the last 5 decades". Also
for additional context you should point out that bonds slightly exceeded, and
that $1 of stock in 1972 in the US market became ~$104 in 2019.

Context matters a lot here.

~~~
kragen
It depends on which particular data series you use for deflation. There are
definitely things for which US$1 in 1972 is more like US$25 in 2019, such as
gold and energy. To take one example among many, oil cost US$3 per barrel at
the beginning of 1973, and despite the fracking boom in the US, it costs US$63
today, 21× as much. And, as you yourself point out, you need over US$100 today
to buy shares of stock that cost US$1 in 1972. (And there are other things
which are cheap in 2019 that were unavailable at any price in 1972, and vice
versa; and there are borderline cases like videotape recorders and
microcontrollers, on one hand; and 1963 Buicks, ivory, old-growth redwood
lumber, and quaaludes, on the other.)

I agree that "an average annual inflation rate of 7.1%" (or, using your US$6
number, 3.9%) sounds much milder than "lost 96% of its value since 1973" (or
83%). Where I differ is on whether the milder presentation or the more
dramatic presentation is more informative. I think that, except to financial
traders, "3.9%" or even "7.1%" is a misleadingly insignificant number.

Consider that throughout the 1600s, 1700s, and 1800s, there were families that
lived on the interest income from government bonds, both in the US and in
England. Even throughout the 20th century, people would buy "savings bonds" as
presents for children or as a means to save up for college or retirement; the
bonds would reach maturity decades in the future, providing a healthy reward
for the prudent and patriotic purchase. Since the end of Bretton Woods, that
3.9% or 7.1% has made nonsense of such ideas. Despite what you might think,
this hasn't eliminated plutocracy or increased social mobility — rather the
opposite has happened in the post-Bretton-Woods years, in fact. I think it's
hard to obtain the historical perspective necessary to appreciate the
importance of this radical experiment. But it is, I assure you, a worthwhile
effort. I recommend it.

Perhaps inflationary monetary policy is a necessary instrument for avoiding
financial panics; it's a plausible idea. But the evidence against it —
particularly the 1970s stagflation in the US — suggests that, though
plausible, it isn't such a clearly open-and-shut conclusion that we should
deny everyone access to alternative, non-inflationary currencies. Moreover, in
most scenarios, attempting to institute such a policy would only deny such
access to everyone but the well-connected and influential.

~~~
dmoy
Certain things outpace inflation, yes. Certain things are drastically cheaper.
That's why we use an inflation measure that's sort of an aggregate, not pinned
to one or two commodities. You don't spend 100% of your money on oil and gold.

Oil now is 3x more expensive even after a more average inflation of ~4%
compared to the bottom of 1973 (though in the mid 90s it wasn't so bad).
Energy as a whole though, is not 3x more expensive. Petrol is only about a
third of energy consumption. Consumer electricity prices for instance are
relatively constant from the 70s through now. Slight increase in the 80s,
slight decrease in the 00s, but within say <5% of prices.

I'm not making assertions about the change to bond markets (which I agree are
historically fascinating, and will continue to be so in the future too).

~~~
kragen
There isn't an objectively correct basket of goods that is obviously the
correct deflator to use, which seems to be a significant underlying assumption
of your line of reasoning. The debate about which ones are the important ones
to include in statistics like the US BLS CPI is a politically charged debate
resolved in part by political means, not purely by the disinterested pursuit
of truth. The CPI in particular eminently susceptible to drift over the years,
since the goods in it change over time according to the Consumer Expenditure
Survey — in 1973 people in the US were buying washing machines that are still
in use today and Saran Wrap made of actual Saran, for example, and today
they're buying washing machines that wear out in five years and Saran-free
Saran Wrap. And of course it measures the prices of only mass-market consumer
goods, not services (such as the essentials, child care and elder care) or
custom or unique goods such as hand-tailored suits or buildings — a political
decision, not an objective one.

If we want to be skeptical of carefully tailored metrics with thousands of
parameters produced by political appointees, what standard should we use to
measure the value of the dollar? Precious metals have been the standard
against which currencies have been measured for several thousand years — the
_gold standard_ for measuring the value of currencies, you could say — and by
that standard the dollar's loss of value since 1973 is about a factor of 25.
This compares to about a factor of 2 over the previous 40 years, since 1933,
and a factor of about 1.1 over the previous 140 or so years since the dollar
was introduced.

I suspect that if you compare other goods which are, like gold and crude oil,
verifiably produced to the same standard of quality in 1973 and today, you
will find a similar factor of 16–32 in their dollar prices. I'm thinking of
the most common grades of steel, aluminum, brass, portland cement, window
glass, industrial electric motors, and so on. There will definitely be some
exceptions — ±1% resistors are _much_ cheaper now, to the point where you
can't even get the ±20% kind that were the norm in 1973, and I imagine the
same is true of specialty steels, synthetic sapphire, and a number of other
things that were barely feasible at the time; and presumably photographic film
has become more expensive, as it has ceased to be a mass-market item. If
you're right about the cost of electricity "staying the same" — by which I
assume you mean that, in the US, it increases in line with the BLS CPI? — this
suggests that my hypothesis _won 't_ be true of _coal_. Do you have any other
ideas?

Let's take anthracite, because it's the purest grade of coal, so it should be
less vulnerable to variation in value from drift in grading standards.
[https://www.eia.gov/totalenergy/data/annual/showtext.php?t=p...](https://www.eia.gov/totalenergy/data/annual/showtext.php?t=ptb0709)
suggests that nominal anthracite coal prices have risen from US$13.65 per
short ton in 1973 to US$70.99 in 2011;
[https://www.eia.gov/energyexplained/coal/prices-and-
outlook....](https://www.eia.gov/energyexplained/coal/prices-and-outlook.php)
says that in 2017 they were US$93.17 per short ton, FOB the mine. That's a
factor of 6.8, which is a lot closer to 6 than to 25.

~~~
dmoy
> If you're right about the cost of electricity "staying the same" — by which
> I assume you mean that, in the US, it increases in line with the BLS CPI?

Yes I meant real price, not nominal.

US electricity is somewhere around a third from coal.

I would be interested in a study showing a 15-30x increase in similar-quality
construction materials.

The fixation on gold makes no sense to me. It's just a commodity, not a super
useful one either. Gold's price floats wildly based on people's fears. It's
not like everything became 4x more expensive between 2000 and 2015.

~~~
kragen
> Yes I meant real price, not nominal.

We were debating precisely which data series is best for computing the "real
price" from the nominal prices. But it seems you take me for a fool and beg
the question.

------
matthewdgreen
I don't disagree with the article per se, but I think many technologists are
missing the forest for the trees when it comes to the motivations here. Or
perhaps they're being charitable and are evaluating Libra on purely on its
stated motivations rather than the ulterior motive that Libra can't name out
loud. For example, take this quote:

"The possibility that a Libra node run by Mastercard or Andressen Horrowitz
would suddenly start running malicious code is such a bizarre scenario to plan
for and is better solved by simply enforcing protocol integrity and through
non-technical (i.e. legal) means."

It goes without saying that Libra isn't concerned about any sort of security
event at Mastercard or a16z. The purpose here is simply to evade and arbitrage
different regulatory regimes. The plan is to build a ledger that no single
party (or coalition of parties in a single legal jurisdiction) has the
capacity to edit or alter, and to make such alterations so technically
challenging that it's beyond the capacity of any single court or legislature
to do so. Once this chain is up and running, it becomes a "fact of nature"
that courts and policymakers will simply have to deal with.

It's a brilliant strategy from that perspective. It's going to be alternately
fascinating and horrifying to see if it works.

~~~
robbya
> The plan is to build a ledger that no single party (or coalition of parties
> in a single legal jurisdiction) has the capacity to edit or alter, and to
> make such alterations so technically challenging that it's beyond the
> capacity of any single court or legislature to do so.

I'm not seeing why they need a new cryptocurrency for this. If you grow
Bitcoin (or any other existing cryptocurrency) to be "too big to fail", it
would also have all these properties. Is starting from scratch with zero users
easier?

~~~
buboard
I think the idea is to have a US-controlled currency before some chinese-
controlled currency catches on , particularly in Africa

~~~
swensel
If the US supported cryptocurrency, particularly Bitcoin, instead of
considering regulation, we could keep up with innovation at least, instead of
having other countries leave us in the dust in terms of developing the
technology.

------
westoque
> Libra has no capacity for consumer protection mechanisms.

You can replace Libra quote above with your favorite cryptocurrency and that
pretty much sums up what I feel on the crypto space.

~~~
__MatrixMan__
What are you talking about? Fiat currency isn't reprogrammable--how would you
implement a consumer protection mechanism on it?

Pick your favorite consumer protection mechanism, and I'll pick my favorite
cryptocurrency and let's compare:

A) the up front implemention cost of the protection mechanism in fiat currency

B) the up front implemention cost of the protection mechanism in the crypto

C) the year-over-year cost in fiat

D) the year over year cost in crypto

I bet A and C are going to be in the hundreds of millions, if not billions,
while B is going to be in the tens of millions and D is going to be in the
thousands of dollars.

Here's an example of the kind of thing I'm talking about:

[https://www.ccn.com/cardano-to-help-ethiopia-grow-coffee-
usi...](https://www.ccn.com/cardano-to-help-ethiopia-grow-coffee-using-
blockchain-tech/)

Consider the recent news regarding contaminated black market vape cartridges--
that's going to be insanely expensive to fix, because there's nothing about
high schoolers passing around dollars after school that gives those students
any insight into the supply chain of the cartridges they're buying. But if
some vape company did with their supply chain what Cardano is trying to do
with coffee, they could provide consumers (and authorities) a way to trace
their products back to their origins, a capability that already would have
saved several lives.

It's not surprising that Libra is a dumpster fire, but let's not throw the
baby out with the bathwater.

~~~
bennyelv
You've made some assumptions here about the impact of a verified supply chain
for vape cartridges, and it sounds like you're proposing a solution to a non-
existent problem.

A reputable supplier of vape cartridges gains nothing from having a verified
supply chain - people trust them anyway and they maintain a supply of good
cartridges to protect that reputation.

A non-reputable supplier of vape cartridges doesn't care, and only sells to
people who don't care what they're buying. Their lack of good reputation
doesn't matter, and their lack of a verifiable supply chain won't matter
either.

If the customer wants a dodgy black market vape cartridge, that's what they'll
buy. If they want a quality one from a reputable source, they can already do
this.

~~~
__MatrixMan__
That's a fair point. But I mentioned high schoolers in my example because they
can't buy from a reputable source since they're not old enough (not that I
think they should be vaping at all, but supply and demand...).

But still, the perpetrators here are not technically capable of pulling off a
convincing forgery, so if the kids were sensitive to this issue in the first
place then I guess there would indeed be no reason to insert a blockchain into
the situation.

So let's take a scenario where the middle men are indeed capable of convincing
forgeries: sneakers. Cardano is working on a supply chain integration there
too:

[https://beincrypto.com/new-balance-to-use-cardano-
technology...](https://beincrypto.com/new-balance-to-use-cardano-technology-
to-fight-counterfeits/amp/)

And my wife's students (she's a teacher) are really into their sneakers.
They're also largely unaware that chain/web of trust type measures exist at
all for validation of product authenticity--but if Nike started doing this,
they'd become experts overnight. And then, after school, when offered a
sketchy vape product, they might think twice.

Maybe that's a weak argument too. Still, I like the ability to use the same
channels you money would flow through to determine if your upcoming purchase
came from where you think it did, and I think that that's a capability that's
going to be hard for fiat currency to mimic.

------
silverlake
This post is nonsense. 1) FB claims they want to eventually make it a public
network. Therefore, they'll need BFT sooner or later. 2) No blockchain can
match a centralized system (WeChat, Visa, et al). 3) Very few languages have a
formal semantics written in Coq. 4) So what if the crypto lib has additional
functions? Algorand has VRF code in their repo. Is the whole project doomed
now? And it would take a huge effort to verify a crypto lib ala Everest. Even
cryptographers don't do it. 5) In the US many banks are in a consortium called
Zelle which allows retail customers to send money around. It has finality;
can't be reversed.

I don't give 2 shits about Libra. Gov'ts will clobber it anyway. But these
criticisms are mostly "why didn't Libra do the latest bleeding edge researchy
thing that no-one else does?" Because they had to ship this century, that's
why.

------
carlosdp
> It is a pivot from a company whose advertising business is so embroiled in
> scandal and corruption that it has no choice but to try to diversify into
> payments and credit scoring to survive.

It's amazing to me that nearly every single expert that weighs in on this
topic completely misses the intention behind Libra. Facebook wants to make
money off of it's massive user gains in the developing world (like hundreds of
millions of users massive), but many of those people don't have digital money
right now. Libra wants to be their digital money so Facebook can sell more
expensive ads.

It's really as simple as that. Move on from the "why" and talk about the rest
of it which is the actually problematic part.

------
forgotmyhnacc
I'm confused about this article. I've read it, and it's skeptical of libra
(which is fine) but makes handwavy and non concrete arguments about it's
soundness. Can anyone tell me why it's so popular, besides just bashing
Facebook?

~~~
woah
It's bashing both Facebook AND blockchains using handwavy faux-intellectual
arguments, and is thus in the exact sweet spot of Hacker News upvotability.

------
m12k
I've been thinking and it actually makes a lot of sense for new ways to be
created to transfer money and pay for things (though I'm highly skeptical of
having it operated by Facebook and of the ad-hoc pump-and-dump-prone and
whitewashing-and-tax-avoidance-friendly properties of cryptocurrencies). But
when you think about it, it's insane that transferring money is something
credit cards and payment processors can regularly charge a fee of 1.5-3.0% on.
In order to change some numbers in a couple databases... The marginal cost of
this ought to be less than pennies. The only reason they can even partially
justify this is because of fraud and credit, and the costs associated with
dealing with that. But what if we had a way to transfer money between entities
that mandated two factor authentication to prevent fraud, and sidestepped the
whole credit thing by only working if you had the money? (or required that you
took the loan elsewhere, so the account that actually transfers the money does
not have to deal with credit at all). Verify that the person is who they claim
to be, and that they have the money needed, then do the transaction - no more,
no less. No chargebacks, no credit checks, no fraud checks. Why isn't this a
thing?

~~~
Slartie
The actual cost of processing payment is far less than 1.5-3% - especially
with debit cards (which actually implement most of what you think "is not a
thing") but even when dealing with credit cards and the necessity to include
some overhead for countering card fraud and chargeback costs and whatnot, the
total cost is far lower, below 1%.

How can I know this? Well, how do all these credit cards that offer cashback
bonuses in the realm of typically 1-2% make this unbelievable feat of paying
you for paying stuff happen? They pay for it out of the 2-3% that they get for
the transaction. Let's take 2.5% as a middle ground and deduce 2% cashback,
that leaves us with 0.5% from which the actual costs of doing the payment have
to be covered - and the profits to be paid to shareholders, of course.

Also, Europe has this nice regulation in place limiting credit and debit card
interchange fees to 0.3% for credit and 0.2% for debit cards. This regulation
has been in effect for a few years already, and the only thing that
disappeared were these 2%-cashback-on-every-payment cards (or similar
offerings, like granting airplane miles of about the same value). Debit and
credit card issuers seem to be entirely able to operate under these
conditions, which means that their actual costs of doing business must be
under these fractions of a percent.

------
drtillberg
>The possibility that a Libra node run by Mastercard or Andressen Horrowitz
would suddenly start running malicious code is such a bizarre scenario to plan
for and is better solved by simply enforcing protocol integrity and through
_non-technical_ (i.e. _legal_ ) means.

Refusing to rely on _legal_ means of enforcement suggests the project views
itself supreme over all national policies, laws and regulations. On the one
hand, such a concept is usually the domain of autocrats, despots, and
organized crime-- odd for a tech startup. On the _other_ hand, it would
suggest a system more secure from outside legal interference than, say,
MasterCard. This detail tends to add a datapoint explaining the lack of
support from global ministers of finance....

------
madrafi
Would like to point that the work done by the curve25519 team is solid, Henry
is also behind the ristretto RFC. The reason Facebook used the BFT algorithm
is for pure regulatory purposes (they needed a Blockchain therefore a solid
consensus algorithm with failure tolerance). The cryptographic constructions
used are quite solid unlike OP claims.

~~~
bascule
The article also incorrectly claims that curve25519-dalek has never had
security audits. It's had at least two by reputable cryptography auditing
firms (Quarkslab and NCC), the former of which is public (the NCC audit was
done at the request of my former employer and is private, but like the
Quarkslab audit only found minor issues):

[https://blog.quarkslab.com/security-audit-of-dalek-
libraries...](https://blog.quarkslab.com/security-audit-of-dalek-
libraries.html)

------
bascule
This post is filled with a large number of factual inaccuracies, so numerous I
wrote a blog post in response: [https://tonyarcieri.com/factual-inaccuracies-
of-facebook-lib...](https://tonyarcieri.com/factual-inaccuracies-of-facebook-
libra-is-architecturally-unsound)

~~~
buboard
You should submit that

~~~
bascule
Someone else already did. You can find it here:
[https://news.ycombinator.com/newest](https://news.ycombinator.com/newest)

~~~
roryokane
Direct link to the submission:
[https://news.ycombinator.com/item?id=21455739](https://news.ycombinator.com/item?id=21455739)

------
dathinab
I think the start problem of Libra was to go with the ideas that: 1\. One
globally _uniform_ payment system is needed/wanted/makes sense. (It doesn't
make sense due to regulation, is not needed, as long as a non uniform system
still can make cross area transactions reasonable fast. It is not wanted (by
some) as it put consumers at additional risk wrt. data protection and
international conflicts). 2\. Blockchain makes sense and "fixes everything",
somehow, magically

Sure the current payment systems have a lot of problems. But many come from
complicated regulations which makes building such systems harder not
incompetent bank IT. I fear a single company can't do to much here. Especially
because banking software has to be reliable from the get-to-go.

------
mgraczyk
There are many valid criticisms of Libra, even if we restrict our view to the
code. This article contains none of them.

However, use of a BFT consensus algorithm, newish crypto libraries, and
missing but promised features in an unlaunched product are not reasonable
criticisms.

BFT algorithms that scale well (Libra's will, that's one thing Facebook is
good at) are great for public financial networks. All large companies end up
implementing their own crypto libraries and for some (Google, Facebook) this
ends up a net positive for the open source community.

Consumer protection will be there, Facebook is not going to knowingly violate
local regulations in such an obvious way.

------
Mathnerd314
The author seems to have done no actual research beyond skimming the code.
E.g., "none of these libraries have had security audits"

When in fact there has been a review, and probably more internal audits that
haven't been published: [https://blog.quarkslab.com/security-audit-of-dalek-
libraries...](https://blog.quarkslab.com/security-audit-of-dalek-
libraries.html)

------
gok
> smart contracts refer to logic deployed on public networks which allows
> escrowing, laundering money, and the issuance of extralegal securities and
> gambling products

I'm a blockchain skeptic but come on

------
jsjolen
An alternative company which actually seems to do good work w.r.t. safe
languages is Alacris/LegiLogic. Though I haven't found the operational
semantics of the language there is a public compiler that can be found here:
[https://alacrity-lang.org/codeeditor](https://alacrity-lang.org/codeeditor)

------
HashThis
This ignores the big problems in Facebook's Libra:

1) It charges ECONOMIC RENTS. The ethical asset backed and currency backed
stable coin needs to pass profits from revenue generating assets to the
currency holder. The member companies should only take a tiny slice of the
profits. This is the MASSIVE problem.

2) Libra is designed that ECONOMIC RENTS will be sharecropped and sent to the
member companies. This will be the economic incentives for them to force it on
their customer base and create incredibly fast adoption. This is a good thing,
except it turns evil by the economic rents from #1.

~~~
tomp
I'm no fan of FB or Libra, but I don't get it, how is that any worse than
existing system? Banks charge huge interest rents and pass only a tiny (or
zero) on to customers, credit cards charge even bigger interest rates _in
addition_ to fees that make all our products more expensive, ...

~~~
pjc50
Interest rates are lower than at almost any time in history. They're usually
strongly linked to default risk, which is why mortgages are about 2% but
credit cards in the 10-20% range. But none of that is applicable to
cryptocurrency, which doesn't really have a credit infrastructure at all and
instead is trying to replicate something closer to negotiable bearer
instruments.

Transaction fees are a real thing, but essentially that covers keeping fraud
out of the system. In cryptocurrency that's your problem, and many of the
"solutions" are riskier and in the end more expensive.

------
robbya
What's the profit potential for Facebook here, especially above using an
existing cryptocurrency for payments on their platforms?

Having low friction payments on Facebook makes sense, it build value into the
platform and Facebook can capture some of that. But can't they do that with an
existing cryptocurrency?

It doesn't seem like Facebook will maintain full control of the currency due
to the consensus algorithm. There is power and control if Facebook continues
to control the fork of the code base that everyone uses, but presumably nodes
could choose to switch away from Facebook's fork. So I'm not seeing "control a
currency" as a long term benefit.

It makes sense that anyone running a Libra node would make money, but anyone
else running a node would make similar profit.

The article mentions that a long term goal could be "act as a data broker and
mediate consumers access to credit", although again, doesn't the decentralized
nature permit any node from taking those steps? That doesn't seem to uniquely
advantage Facebook.

As others mention, once a cryptocurrency is "too big to fail", regulators are
locked out. Is Libra really an easier approach to getting a cryptocurrency to
that point, versus adopting and accelerating the growth of an existing coin
(like Bitcoin)?

Does Facebook just think they can build a better cryptocurrency? I don't doubt
that they can hire good engineers, but with all the politics and marketing
focus on the code now, development is probably getting stressful and chaotic.

~~~
gerikson
> What's the profit potential for Facebook here

In a world where "everyone" uses Libra, they need a FB account to access their
wallet, and FB will see every consumer decision at its most valuable - the
point of exchanging money for goods and services. This is immensely valuable
for an ad company.

------
wiremine
> Not many people who work on financial infrastructure speak publicly about
> their work...

This was a bit of a throw away line, but I found it insightful. As someone who
isn't in this space, my question is: why is this? Is it contractual, or is
that just not part of the space's ethos?

Feels like we need to overcome this some how to achieve progress?

~~~
Erlich_Bachman
Why would you give away any details, when each one of them might end up being
a secret that is causing your firm to make millions of dollars?

The financial sector is many things, it's a lubricant of the economy, it is a
prediction machine, it's a fascilitator of markets, but not least important it
is setup as a game, where every player tries to outsmart the others. Why would
you talk about how you are playing and give your opponents a chance to outplay
you?

~~~
Jeff_Brown
I wish superior innovation were more responsible for the bulk of profits.
Weighted by volume, in more cases it is simple market power.

(Fun fact: Statistics was invented many times throughout history. Minus the
last time, it was always hidden to make someone money.)

Even when you've got awesome secrets, you've still got other parts of the
business. Open research moves faster. Libraries of books have been written
about investment, or running a business, or writing software, or other
profitable things. Granted, some of that comes from people teaching without
acting -- but a lot of it too comes from actors with serious skin in the game.

------
jrochkind1
> The possibility that a Libra node run by Mastercard or Andressen Horrowitz
> would suddenly start running malicious code is such a bizarre scenario to
> plan for and is better solved by simply enforcing protocol integrity and
> through non-technical (i.e. legal) means.

Hmm, I'm not sure I'm convinced. While "Mastercard as an entity turns into a
malicious actor" doesn't seem like an important threat model, it seems to me
maybe guarding against mailicious actors within (eg) Mastercard, as well as
external attacks on Mastercard is? And justifies this stuff?

The possibliity that a node run by Mastercard would suddenly start running
malcicious code doesn't seem that bizarre a scenario to me, if we remember it
can happen not just cause the CEO of Mastercard directs it to, but because of
criminal activities from hackers as well as employees for their own gain.

Am I wrong?

~~~
pckhoi
The author didn't say that we should trust MasterCard but he was saying that
this trust issue can be solved much more efficiently via the legal system. And
in practice the current system already works as billions entrust their
financial transactions in these institutions.

Some people have the tendency to think that technology could solve anything
and should be allowed to solve everything. This Libra thing is no better than
the crypto-currencies.

~~~
stale2002
Ok, now what if the legal system is the one trying to get them to run the
malicious code?

For example, governments, in the past, have tried to prevent bank transactions
from being sent to wiki leaks, even though they were never charged with any
crimes.

The credit card transactions failed to go through, but the crypto transactions
DID succeed.

Crypto currencies seem to have done a pretty good job so far, of preventing
this attack vector.

I can think of no examples where a government has taken over a crypto currency
yet.

------
phlip9
I strongly agree with him on transaction privacy, though not for the reasons
he lists.

Some issues, however:

1\. His argument against BFT is "legal systems are efficient" (lmao). Also,
the whole point of HotStuff (vs. PBFT etc...) is linear O(N) communication
complexity outside of cascading proposer failures...

2\. He clearly didn't investigate move bytecode-verifier, which asserts
linearity.

3\. Strong disagree on the untested crypto-primitives argument.
curve25519-dalek is audited (x2) and written in Rust; simple and minimal; not
a bloated, unauditable mess like TLS.

4\. Consumer protection can be built on top via the wallet providers.

------
basicplus2
<Reading through the publications released, it is clear there is a fundamental
deception in the stated goal and implementation of the project. Put concisely,
this project will not empower anyone. It is a pivot from a company whose
advertising business is so embroiled in scandal and corruption that it has no
choice but to try to diversify into payments and credit scoring to survive.
The clear long term goal is to act as a data broker and mediate consumers
access to credit based on their private social media data. This is such an
utterly terrifying and dystopian story that should cause more alarm than it
does.>

<The overhead from the consensus algorithm serves no purpose and will only
limit throughput of the whole system, and appears to be there here no reason
other than apparently cargo culting public blockchain technology which is not
designed for this use case.>

<Libra has no transaction privacy>

<The system is designed to be a very large way of replicating transactions to
a number of external parties who under existing European and US bank secrecy
laws should not be privy to the economic details.>

<Libra HotStuff BFT is not capable of achieving the throughput necessary for a
payment rail.>

<Libra’s Move language is not sound.>

<Libra’s cryptography engineering is unsound.>

<Libra has no capacity for consumer protection mechanisms.>

~~~
chrisweekly
> " It is a pivot from a company whose advertising business is so embroiled in
> scandal and corruption that it has no choice but to try to diversify into
> payments and credit scoring to survive. The clear long term goal is to act
> as a data broker and mediate consumers access to credit based on their
> private social media data. This is such an utterly terrifying and dystopian
> story that should cause more alarm than it does."

^ This. The rest is moot.

------
pearjuice
Facebook and a variation of "libre" in the same sentence makes so little sense
to me that by definition I would refuse to use this product if it would ever
reach market. Companies which main purpose is aggregation and selling of data
to advertisers should simply not be trusted with financial transactions
because in the end, this data will be used to make your financial transactions
greater and more tailored to the advertiser paying the most for your data.

------
SkyMarshal
_> For a system that is designed to be run in a consortia of highly regulated
multinational corporates, all running Facebook signed code and access
controlled by Facebook it simply makes no sense to deal with malicious actors
at the consensus level. Why is this system designed to be byzantine tolerant
at all rather than just maintaining a consistent audit log for compliance
checks. The possibility that a Libra node run by Mastercard or Andressen
Horrowitz would suddenly start running malicious code is such a bizarre
scenario to plan for and is better solved by simply enforcing protocol
integrity and through non-technical (i.e. legal) means._

BFT is still useful in that scenario as part of a defense-in-depth against
compromise of some of the validators/nodes, yes even ones run by Mastercard or
A16Z.

It’s certainly more difficult for that to happen in these settings, but given
the state of the world with nation states rampantly hacking each other in any
way they can of varying levels of sophistication, from social engineering to
stealing user databases to stuxnet, having an extra layer defenses against
that in a global currency is not superflous.

And that’s what Libra is, a global currency, not a mere payment system.

------
lubujackson
I am always amazed at the concept that blockchain is private at any level. The
architecture is built specifically to share transactional data. It is useful
for creating a digital entity that is unique and can be treated as currency,
but the shared transactional nature is a huge, huge privacy flaw, as far as I
understand blockchain (at least Bitcoin). Please correct me if I am wrong
about the public nature of transactions - I haven't seen anything discussing
the encryption of transactions but I am by no means an expert on this.

So assuming the transactions are accessible to anyone (and even encrypted is
somewhat worrisome), what are the implications? Well, for a while Whole Foods
was accepting payment by Bitcoin. That means if you know Whole Foods' Bitcoin
account number you could simply look up all transactions to Whole Foods to see
how much money they were making through Bitcoin, how many unique accounts paid
them as well was when and how much. Does every business want their detailed
transaction history to be public?

And on a personal level, I remember when Netflix released anonymized data of
movie ratings with ratings and date stamps. From this alone, some people were
identified by looking at other personalizing data:
[https://www.wired.com/2007/12/why-anonymous-data-
sometimes-i...](https://www.wired.com/2007/12/why-anonymous-data-sometimes-
isnt/)

All it would take is one data harvesting company to pair your account to your
transactions and then could track everything you do through it. I really hope
this isn't how all of this works... and even if there are protections to
prevent this, it seems like a viable attack vector to consider for any
blockchain technology.

~~~
nybble41
> Well, for a while Whole Foods was accepting payment by Bitcoin. That means
> if you know Whole Foods' Bitcoin account number...

They wouldn't have just one "account number". Standard practice is to use a
different address for each transaction, both for privacy and for increased
security. (An attacker only has the public key hash to work from for any
unspent transactions, not the full public key.) Now, these funds would
probably be consolidated into a smaller number of holding accounts, and you
might be able to deduce some other likely payments to Whole Foods by looking
at which inputs were combined together in later transactions, but obtaining
their complete ledger is nowhere near as simple as looking at one payment to
Whole Foods and finding all the other transactions involving the same address.

------
HashThis
I wouldn't worry as much about Libra’s byzantine tolerance architecture. Sure
it is O(n^2) now, but it can be replaced. That can be optimized away, if the
economics cause companies to push it into the market and make it have mass
adoption.

Bitcoin, Ethereum and EOS have optimized away the exponential problem of
O(n^2) byzantine tolerance. I'd be careful that that is just a short-term
artifact of getting an early version running.

------
amluto
I have only studied Move by reading the whitepaper, but there's a gaping
architectural hole that I found in five minutes:

    
    
        public withdraw_from_sender(amount:u64): Coin {
           let transaction_sender_address: address = GetTxnSenderAddress();
           ...
        }
    

Checking the global txn sender address is not a sound way to authorize a
transaction in a smart contract language. Consider that a buggy or malicious
function in a different smart contract could call withdraw(). Linear type
theory might prevent the resulting stolen coins from being _duplicated_ , but
they're still stolen.

I don't know if there is a clean theoretically sound way to do this, but
here's an idea based on linear types:

The main function in a transaction is given a Sender object as one of its
arguments. The Sender has a method that generates an assertion (an object)
that the transaction intends to perform a specific action, e.g. withdraw 10
coins of type A. The withdraw() function takes an assertion as a parameter and
calls a method that _consumes_ the assertion before withdrawing the coins.

~~~
_nhynes
It sounds like what you're describing is passing a capability to withdraw
balance (which is implicitly captured in an erc20's internal state via
`approve` [0]). Of course, cap handling is probably a bit unwieldy for a
snippet in a whitepaper, so they're likely making the assumption of "don't
call untrusted code." I don't see a construction for sender delegation, so at
least it reduces the TCB to the immediate callee.

[0]
[https://eips.ethereum.org/EIPS/eip-20](https://eips.ethereum.org/EIPS/eip-20)

------
seibelj
Typical blockchain and Libra hatchet job, except this time under the veneer of
someone with software skills. I will make some counterpoints.

> _Byzantine fault tolerance is a fairly niche area of distributed systems
> research that concerns the ability of a networked system to endure arbitrary
> failures of its components while taking corrective actions critical to the
> system’s operation. Networks that are byzantine tolerant must resist several
> types of attacks including restarts, crashes, malicious payloads, and
> malicious voting in leader elections. This design decision is central to
> Libra and it makes zero sense._

BFT consensus is standard in blockchain. Libra is building a protocol and
reference implementation but anyone can build their own implementation, just
as Bitcoin and Ethereum have several clients written independently as separate
open source projects. As Facebook intends to be just one member of the Libra
consortium, and anyone (member or not) can write software to the protocol
spec, BFT is the logical choice.

If Libra was trying to be a centralized entity owned by Facebook, then BFT
consensus would make no sense. But it's not - Libra is supposed to be a
decentralized blockchain payment system, similar to Bitcoin, so BFT is the
logical (and standard!) choice.

> _Libra has no transaction privacy. By the admission of the whitepaper the
> system is designed to be pseudonymous meaning the addresses used at the
> protocol are derived from elliptic curve public keys and contain no metadata
> about the accounts._

This means the same level of anonymity as provided by Bitcoin. Post-
transaction analysis may identify the owners of keys by cross-referencing
known addresses, but onchain it is unknown. Again, very standard in
blockchain. There are various techniques to improve privacy, such as how
SiaCoin generates new addresses for every transaction by default, but again I
want to emphasize that the shrill language used by the author is coming from
someone who doesn't understand the technology. I agree with him that Facebook
could (and probably will) improve on Bitcoin's pseudo-anonymity, but claiming
outright that this is some sort of grand oversight is just plain wrong.

> _Libra HotStuff BFT is not capable of achieving the throughput necessary for
> a payment rail... There is no technical reason that cross border payments
> could also not settle instantly, except for the differences in rules and
> requirements across the jurisdictions involved._

This is more about the philosophy of our payments infrastructure. Let's assume
Facebook solves scaling, which is a problem many blockchains have solved (or
are solving) in various ways. For example, Bitcoin's lightning network moves
small transactions off-chain to settle later in one transaction that batches
them. I'm not saying that's a good solution, either for Bitcoin or for Libra,
I'm just saying the scaling problem can be solved even if the consensus
algorithm is limiting.

On the question of "why use blockchain for payments at all", this is more
philosophical. You have monopoly-controlled payment systems that tightly
control who can integrate with them and improvements to the core level take
years / decades (see ACH in the USA). Blockchain is one major way that
software is eating finance - companies and individuals will be able to hack
away at the system and build novel innovations with much less friction.
Whether you think this is a good thing is a matter of philosophy.

> _Libra’s Move language is not sound... In the public blockchains, smart
> contracts refer to logic deployed on public networks which allows escrowing,
> laundering money, and the issuance of extralegal securities and gambling
> products. These are typically done in a shockingly badly designed language
> called Solidity, which from an academic PL perspective, makes PHP look like
> a work of genius._

Clearly biased, Solidity has its warts but it is successfully being used for
billions of dollars in real-world transactions per day. The author is
something of a compiler hacker according to his Github so I assume he feels
qualified and passionate to speak on this. But Move has not been battle-tested
yet so I would at least let it get finished and deployed before claiming it's
dead-on-arrival.

> _Libra’s cryptography engineering is unsound._

Facebook, like many other companies, can pay for audits and formal
verification of crypto libraries. As Libra will not be production-ready for
years (it isn't live today!), I think we can give Facebook the benefit of the
doubt on this. They are a massive company with near-limitless resources.

I want to conclude by saying that blockchain and cryptocurrency are knee-jerk
hated by Hacker News, and have been so for years. You typically won't find
positive (or even neutral) opinions on it, nor casual HN comments discussing
the minutiae of the underlying tech the way you would for (say) Rust.

People who are deep into this scene are posting on other websites that aren't
as negative on the subject. There are indeed highly technical and competent
people who work in this space. However it remains quite niche given its
outsized mindshare in society. I encourage people to keep an open mind, there
are very interesting problems to be solved if you can avoid the overwhelming
criticism.

~~~
sbmassey
What are some good websites for discussing technical aspects of blockchain?

~~~
reportgunner
Check out Andreas Antonopoulos

[https://aantonop.com/books/](https://aantonop.com/books/)

------
haolez
Genuine question: how do I share code with other parties in the industry?

Suppose that I'm working in the insurance industry and I want my company A to
share the ownership of some code (and its execution) with company B. It's a
redundant piece of code that would otherwise be implemented in both companies
internally.

We may share a repository. That's simple and clear. But who is going to run
this code? How do I know that the code running is the one shown in the shared
repository?

When I see things like Hyperledger Fabric, I see a possible solution to this
problem (although I don't know about the downsides of Fabric). I can ensure
that, given the same inputs, all parties will produce the same outputs. This
seems like a fair use for a permissioned blockchain and smart contracts.

But what else is out there? How would you approach this problem?

------
dharma1
Aside from perhaps lack of developers / competency, I wonder why central banks
don't issue digital currencies themselves?

Mark Carney (current Bank of England governor) has been warming up to the idea
- [https://www.theguardian.com/business/2019/jun/20/mark-
carney...](https://www.theguardian.com/business/2019/jun/20/mark-carney-bank-
of-england-lend-digital-business-sme-cryptocurrency)

Not sure if that because he is setting himself up for a new job at Libra after
his BoE gig finishes in 2 months, or is there merit to the idea and appetite
from central bankers?

~~~
lm28469
> Aside from the perhaps lack of developers / competency, I wonder why central
> banks don't issue digital currencies themselves?

Why would they though ? I can transfer money worldwide in a few hours for very
little fees already. Normal currencies are good for 99.99% of use cases.
Aren't most currencies already mostly digital, they're literally integers in
databases around the world, most of it isn't backed by any physical currency.

Facebook wants its own currency because it would allow granular tracking and
profiling like never before. What would banks gain from it ?

~~~
dharma1
I can think of a few reasons

1) Geopolitical - if there was a widely accepted, regulated global currency
that is relatively non-volatile, pegged on a basket of assets, I think many
countries would gladly do cross-border trade in that rather than USD. I don't
think Libra will be it, because it's perceived as being Facebook coin. But an
effort from central banks could be it.

2) mainstream programmable money doesn't really exist, neither do
microtransactions, or access to the financial system for many of the world's
poor

------
cimtrae
This whole article sounded like he started with a conclusion and then found
reasons to support it. It doesn't look objective. I am no supporter of Libra
but increasingly media and influencers are about starting with a
belief/conclusion based on their bias and then finding proofs for it. Perhaps
that's how any human mind works!?

------
gwbas1c
For the TLDR crowd, here are some juicy quotes:

> The possibility that a Libra node run by Mastercard or Andressen Horrowitz
> would suddenly start running malicious code is such a bizarre scenario to
> plan for and is better solved by simply enforcing protocol integrity and
> through non-technical (i.e. legal) means.

> The overhead from the consensus algorithm serves no purpose and will only
> limit throughput of the whole system, and appears to be there here no reason
> other than apparently cargo culting public blockchain technology which is
> not designed for this use case.

> ... the model as proposed is hundreds of person-years away from being able
> to handle global transaction throughput and would likely have to be
> completely redesigned from first principles.

> Enterprise software consultants generally thrive on ambiguity and smart
> contracts are the apotheosis of enterprise obscurantism because they can be
> defined to mean literally anything.

> It should be assumed this entire crypto stack is vulnerable to a variety of
> attacks until proven otherwise. The “move fast and break things” model
> should not apply to cryptographic tools handling consumer financial data.

> The final conclusion one must take away after doing technical due diligence
> on this project is this simply that it would not pass muster in any
> respected journal on distributed systems research or financial engineering.
> Before trying to disrupt global monetary policy there is a massive amount of
> a technical work needed to build a reliable network the public and
> regulators could trust to securely handle user data.

> I see no reason to believe that Facebook has done the technical work needed
> to overcome these technical issues in their project, not does it have any
> technical advantage over existing infrastructure that already works.
> Claiming one’s company needs regulatory flexibility to explore innovation is
> not an excuse for not doing it in the first place.

------
yungcoder
> The overhead from the consensus algorithm serves no purpose and will only
> limit throughput of the whole system, and appears to be there here no reason
> other than apparently cargo culting public blockchain technology which is
> not designed for this use case.

I may be behind on Libra news, but my understanding was that the permissioned
blockchain governance model would only exist during the bootstrapping phase to
launch Libra and would eventually evolve into a public blockchain once it
reaches some arbitrary point of stability. If that is still the case, then
wouldn't Byzantine fault tolerance be required from the get-go, assuming
Facebook wants to avoid a hard fork of Libra?

------
macmichael01
Crypto in general still have a ton of security flaws. To call out a specific
currency is silly. Lets acknowledge that there is still tons of security to
fix with crypto in general.

------
z3t4
When you make a oversea money transaction the banks take up to 20%. For every
electronic transaction a bunch of middle-men takes a percentage. Maybe there
need to be a payout for those that keep the system running? Like in Bitcoin
mining ... But the thing is, transactions can be highly automated, with almost
zero marginal cost (the cost of making yet a transaction when you already
process millions per second). So the transaction fees for the middle-men is
almost pure profit after a certain level. So there will be efforts to make
sure any joint solution fails.

~~~
gerikson
> When you make a oversea money transaction the banks take up to 20%.

You need to comparison-shop the price of remittance:
[https://www.saveonsend.com/blog/welcome/#more-1](https://www.saveonsend.com/blog/welcome/#more-1)

------
cloudhead
The author correctly states that BFT algorithms are meant to handle arbitrary
failures, but then explains how that is the wrong choice because one shouldn't
handle malicious actors at the consensus level. Yet there are categories of
faults that cannot be handled by basic FT systems, that BFT systems can
handle, and are not due to malice. So all in all, BFT _is_ the right choice.

------
snarf21
There have been a lot of posts and responses about Libra. The core of it is
that FB wants to be an _unregulated_ bank. That is all this whole thing is
about. Given the current (and post 2020 political realities?), it is no wonder
all the established payment companies tapped out. This effort will be delayed
until their is a government structure willing to look the other way. It will
also be really interesting to see how this gets rolled out against GDPR and
other European laws.

~~~
no1youknowz
As time goes on, it's increasingly looking likely that it won't be rolled out
in Europe[0].

> "Libra is not welcome on European soil," French Economy Minister Bruno Le
> Maire told reporters the sidelines of the annual meetings of the World Bank
> and International Monetary Fund

> "Do we want to put monetary policy in the hands of a private company like
> Facebook? My answer is clearly no," he said

[0]: [https://www.business-standard.com/article/pti-
stories/paris-...](https://www.business-standard.com/article/pti-
stories/paris-rome-berlin-preparing-to-block-facebook-s-libra-in-europe-
french-minister-119101801388_1.html)

~~~
K0SM0S
Worth noting however that Facebook could register some entity as a bank and
operate the Libra service from there (even sharing offices with Fb, that's not
illegal afaik).

They would fall under all possible kinds and manners of banking regulation,
but it's viable; many companies originally outside of the fin sector are
offering financial services now (notably Orange, the French leading and
historical ISP, formerly a state-owned public company).

This would likely result in some tiny fee when crossing in/out of the
traditional banking sector (from/to Libra and some regular account or merchant
paying system), and maybe when entering/leaving Europe, but would remain
largely free for Libra transactions _within_ the EU.

Which, as I see it, is the purpose of said regulation: to protect EU citizens
(account insurance up to €100K, rights to certain features like free inter-
bank transfers within the EU, etc). Libra unregulated would basically fall to
Facebook's unilateral rules for protection and features, and that just isn't
acceptable to the EU.

~~~
davidgerard
So far as I can tell, (a) Calibra will be a "custodial wallet", i.e. it'll
hold the Libra tokens and present to the user a bit like PayPal; (b) they're
talking up a Libra-per-currency, rather than the synthetic basket; (c) they're
actively at work developing Calibra, in some sense.

To me, it's increasingly looking like they're heading for Calibra as PayPal-
but-it's-Facebook. This is a more sane and comprehensible business idea, at
least.

~~~
K0SM0S
Indeed, and thanks for the info. Makes sense, definitely.

Basically just a layer of abstraction like in-game currency in virtual worlds,
only this one has some 2.2b 'players' so the in-world PayPal is one hell of an
easy way to transfer money?

That's much less sexy from a technological and social standpoint, but it might
just be the simplest way to both reach a solution and seduce just enough
blockchain lovers for the 'buzz' (best fueled by Controvery®).

When you think about it, people use items as secondary currency to exchange
real-world money since forever and a day. E.g casino chips (physical), in-game
assets ("virtual" but really we just mean software i.e. codified text, like
we'd write score cards in tabletop RPG, or... computer punched cards).
Colibra, fundamentally, would be just that...

So much ado about nothing if it turns out to be such a custodial abstraction.
Now I expect Colibra lootboxes and gift shops in WhatsApp and Instagram! —
once you've seen people spend hundreds on pixels in games, cosmetic shaders to
embellish their avatar, you know there's no limit to human commerce. Probably
Facebook's endgame with Libra if you ask me.

------
lazzlazzlazz
The article is so confused about the underlying reasons for choosing a
decentralized (among Libra members) ledger that it boggles the mind.

It's a legal move. Not a technical one.

Regarding privacy — it seemed obvious to me that privacy solutions for Libra
would be build on top of Libra (the so-called "Layer 2") and not within the
core protocol.

Stephen's critique here is bizarre and lacks context.

------
magnamerc
As soon as blockchain is even mentioned on HN, everyone loses their freaking
minds. For some people that tout themselves as intellectuals, they just seem
to parrot that 'blockchains are useless' without even taking a cursory look
into the technology. It seems to me that a lot of people here fall into the
category of ultracrepidarianism.

~~~
briatx
Or maybe after much research and some testing they conclude (correctly) that
"blockchain is useless."

~~~
magnamerc
If that were true, then they would come to a different conclusion. There are
several examples of useful applications that are live today that would be
otherwise impossible without a public programmable blockchain.

------
HashThis
Bitcoin launched with crypto that was replaced later. Yes, the algorithm, key
length and similar things need to be right at the start (or back compat is
harder). But the cypher and cryptography library implementation can be
wholesale replaced, without a problem. Just as you pointed out, Microsoft did
with a new TLS library.

------
HashThis
Not being able to reserve payments is a FEATURE and not a BUG. That inherintly
breaks a currency that is fast and removed of human transaction approvals. My
thesis is that refunds will need to operate at a business level at a higher
level. Their KYC and AML can be effective at backing that up.

~~~
simiones
It is a mis-feature - it is done intentionally, but it is a bad idea. Having
to go through the legal system to reverse a fraudulent transaction is a huge
hurdle compared to the current state of affairs, and it will significantly
impact the use of Libra for internet payments.

~~~
Jamwinner
Its a feature for avoiding facebook holding the bag when it is invaribly used
for fraud. Let the little guy eat the risk.

------
baby
This is a well-written post, although obviously carrying some confirmation
bias against the idea of a cryptocurrency.

I'm also obviously biased, but if people are interested in my opinion (and
only my own) here it goes.

> Libra’s byzantine tolerance on a permissioned network is an incoherent
> design.

There are two aspects here that the author seems to forget:

* The next best system, that a consortium of very different companies (think from different countries) would agree to run together is probably a protocol like Certificate Transparency which would be too slow and would have no mechanism to prevent double spending. If you're not doing this, then you're probably using a protocol that doesn't tolerate faults and the first time you have a fault your protocol collapses. There's probably a reason that Venmo cannot talk to Paypal which cannot talk to Square.

* Libra will eventually move to a permissionless setting, which means it has to be designed from scratch to support this evolutionary change. You can agree or not with this, but this is the way it was planned.

> Libra HotStuff BFT is not capable of achieving the throughput necessary for
> a payment rail.

Two things again:

* The number of people in the world who uses GBP vs the number of people who will use Libra at launch is probably not comparable. This means that Libra will be perfectly fine to carry the load for a number of years.

* Current research has shown that the largest throughput improvements are hidden in layer 2. If you don't know what layer 2 is: basically you do transactions off-chain, with whatever protocol you have, and only sometimes do you confirm the current state on the chain.

> Libra’s Move language is not sound.

I believe the type checking (and other checks) are done by the VM, (but that's
not my domain so I might be wrong). Indeed, why would you trust the compiler
to do the right thing?

> Libra’s cryptography engineering is unsound.

There are two things in this section that are completely wrong:

* No, dalek is not the "wild west” and is actually written by some of the few people who you could trust to write such a library. Yet, audits are planned. Also: we do actually use formally verified code! We have integrated fiat-crypto (a formally verified library, not a cryptocurrency :D) into dalek in order to use formally verified field operations.

* Neither do we use VRFs, bilinear pairings, and threshold signatures (they are just experimentations at this point) nor are these new tools or techniques. I don't have to say much at this point but I would take the author "It should be assumed this entire crypto stack is vulnerable to a variety of attacks" with a huge grain of salt.

> Libra has no capacity for consumer protection mechanisms.

Of course, it is a financial backbone, not a financial service.

------
ummonk
>For a system that is designed to be run in a consortia of highly regulated
multinational corporates, all running Facebook signed code and access
controlled by Facebook it simply makes no sense to deal with malicious actors
at the consensus level. Why is this system designed to be byzantine tolerant
at all rather than just maintaining a consistent audit log for compliance
checks. The possibility that a Libra node run by Mastercard or Andressen
Horrowitz would suddenly start running malicious code is such a bizarre
scenario to plan for and is better solved by simply enforcing protocol
integrity and through non-technical (i.e. legal) means.

Eh, I'm not so sure about that. It seems like a good feature that hackers
successfully targeting a single node don't take down the whole system.

>In congressional testimony the product was stated as a challenger to emerging
international payment protocols such as WeChat, Alipay and M-Pesa. Yet none of
these systems are designed to run on byzantine tolerant pools of validators.
They are simply designed in the traditional high-throughput bus that orders
ledger transactions according to a fixed set of rules. This is the natural
approach to designing a payment system. Preventing double-spends and forks is
simply not an issue that a properly designed payment rails should ever have to
deal with by design.

I would assume these systems are each run by a single company though, no?
Which makes them fundamentally different from what Libra seems to be aiming
at.

>The overhead from the consensus algorithm serves no purpose and will only
limit throughput of the whole system, and appears to be there here no reason
other than apparently cargo culting public blockchain technology which is not
designed for this use case.

On the contrary, running byzantine fault tolerant consensus on a small number
of node partners (which each submit aggregations of transactions from their
clients) seems like exactly the kind of system that blockchain technology is
best suited for. Not the kind of highly distributed consensus we see in e.g.
bitcoin.

>A defining feature of a payment rail is the ability to reverse transaction in
case payments need to be undone by legal action or if they result in
accidental or system malfunction. The Libra system is designed to have “total
finality” and does not include a transaction type to reverse a payment.

I don't know that this is necessary? A transaction can of course be reversed
simply by making the inverse transfer. I don't know what kinds of annotations
/ metadata they would be storing in the ledger for audit trails, but it
doesn't seem to me like a reverse transaction should be treated extra special.

Disclosure: I work for Facebook in a totally unrelated initiative (Facebook
Connectivity) but have only cursorily followed Libra news in news media. I'm
generally highly skeptical of cryptocurrencies, but less skeptical of
distributed byzantine fault tolerant ledgers as a general technology for some
niches. My comments are completely my own personal views.

~~~
PeterisP
For the case of "A transaction can of course be reversed simply by making the
inverse transfer." the equivalence is broken by the technical authorisation
required - in most systems if I'm able to make a transfer, I'm not able to
simply make the inverse transfer, _that other person_ is able to make the
inverse transfer. So the question of reversals essentially is whether the
inverse transfer can be made (and if so, under what conditions) against the
wishes of the original recipient.

And when there's a good answer to that, the next question is what are the
exact consequences to reversals (or attempted reversals) of money that's "not
there anymore" \- e.g. there's a valid transfer from A to B; followed by a
transfer from B to C; followed by a need/decision to reverse the A to B
transaction (which is a very, very common scenario in e.g. scam resolution).
For systems that treat money as the conceptual equivalent of "stuff" (e.g.
Bitcoin) that's a very hard question; most of our financial infrastructure
(probably for millenia) treats money as the conceptual equivalent of "debt
relationship" i.e. a metric of who owes whom how much, and then it's a bit
easier but still not trivial.

------
homakov
A long boring read lacking arguments.

------
lacker
I am not affiliated with Libra in any way, but I cannot agree with this
article. Let me respond point by point.

 _Libra’s byzantine tolerance on a permissioned network is an incoherent
design._

The criticism here is that byzantine tolerance is not needed, when every
participant is a regulated multinational company. But it certainly isn't a
_bad_ thing to have byzantine tolerance. Maybe a set of the regulated
multinational companies will have backdoors put in place by a malicious entity
- that has certainly happened before.

The downside of byzantine tolerance is the computational overhead. Yes, there
is going to be a cost in throughput. But it just doesn't make sense for Libra
to optimize for transactions-per-second at this point. If they run into
scaling problems, _then_ they can optimize. Right now they are quite far away
from having scaling problems.

 _Libra has no transaction privacy._

It's the same privacy level as Bitcoin. Transactions are public, endpoint
identities are trackable but don't have real identities attached. You can say
it isn't a good set of tradeoffs for a cryptocurrency to be pseudo-anonymous.
But it doesn't make the system "architecturally unsound".

 _Libra HotStuff BFT is not capable of achieving the throughput necessary for
a payment rail._

Again, it doesn't make sense to criticize Libra at this point for not being
able to achieve tens of thousands of transactions per second. If they start
running into scaling problems, they can work on all sorts of extensions and
improvements then.

 _Libra’s Move language is not sound._

The criticisms here really boil down to "Move needs more work". It isn't
fundamentally unsound, it just needs more work.

 _The claims seem to reduce to nothing more than handwaving and marketing
rather than actual proof. This is an alarming position for a language
engineering project which expects the public to trust it to handle billions of
dollars._

Okay, well don't go putting a billion dollars in a Move smart contract
tomorrow. Programming languages, and especially programming language
documentation, can be improved a lot over time.

...

There's more in the article, but really, it reads like a rant, where the
author is so biased by their hatred of Facebook that they think every little
thing that Libra does is wrong.

IMO, the core mistake behind Libra is assuming that regulators would be okay
with it, because it isn't very different from other permissioned
cryptocurrencies, like Stellar. Instead, regulators have been quite opposed to
it because Facebook is behind it, even when technologically it isn't very
unique. It is certainly not "architecturally unsound".

------
bsenftner
Just ignore this Facebook Libra pollution; failure from inception, as the
producer cannot be trusted for shit, which is prerequisite #1 for this type of
endeavor.

------
crb002
The point of Libra is to create a consumer small purchase transaction medium
with low friction. Businesses using it only care if it has enough Swiss
backing so they can get a week’s business or two turned into real currency.

It only has to be sound enough for those goals. As it is used more it will get
hardened.

The killer use is being able to pay overseas contractors without friction.
Since there is no privacy, government on the other end will levy instant
income tax withholding with glee.

