
AutoDapp: a proposal to decentralize existing web apps - jeffreyxdash
https://raymondcheng.net/projects/decentralization/autodapp-proposal.html
======
drchopchop
So, it's not even that the SQL state is distributed, it's that _every change_
to the SQL state has to be "validated" and appended to a blockchain? At a 1M
DAU traffic level?

How often are blocks/writes written? Who pays for all that data storage? How
"decentralized" would it really be, considering the incredibly onerous
requirements to run a validator at the target scale?

~~~
synctext
Indeed, as a professor who studies these systems for a living I also had to
think. Will this scale? Big step forward if we get something like this finally
to 1 million people. Who owns the server infrastructure? How are these miners
paid? The usual token-based incentive? Where do I buy these with real Euros or
Dollars?

Incentive alignment is key. We known since Bittorrent tit-for-tat that
creating a micro-economy is a hard problem. I hope they get some sort of token
and micro-economy going, but this is a known hard problem.

------
buggeryorkshire
Just what we need, blockchain crowbarred into something else it's entirely
unsuited for.

------
CJefferson
One thing I was trying to find. Is it possible to completely erase things from
history?

Because if not, the first time someone uploads something illegal to your
decentralized wikipedia and it gets into the block chain, you are in trouble.

~~~
verdverm
I have yet to see this issue addressed in a meaningful way.

~~~
theK
I am very curious about this ideology.

The whole world seems to see indelibility of data as a problem in this
context. Yet immutability is seen as a generally good thing for a lot of other
software cases. Further we cannot manipulate past events and there even is
something about repeating history when you don’t know it.

So why would we really want to delete past data? From this standpoint wouldn’t
deleting data be similar to trying to cover up the past? Sure we might also
try to label it “humankind’s childish try to assert itself over the
unstoppable arrow of time” but that is just too Freudian to me.

Is there some big idea I’m missing that explains the favoring of the “mutable
past” view?

~~~
hk__2
> So why would we really want to delete past data? From this standpoint
> wouldn’t deleting data be similar to trying to cover up the past?

This assumes that data is always true and accurate, which is not always the
case. Say Bob was convicted for pedophilia but a couple months after the
charge was retracted because it was an error. Now Bob can’t find a job because
“the data” says he’s a pedophile, even if he’s not.

~~~
04091948
and why can't bob find a job even if he was a pedophile or a murderer or
whatever?

why is extrajudicial punishment allowed?

~~~
x0137294744532
> why is extrajudicial punishment allowed?

In some cases it is common sense. For instance: a pedophile shouldn't be
allowed to be a school teacher.

~~~
04091948
in that case, there should be a court order that prevents them from exercising
such occupations.

~~~
verdverm
Even if, there is still human bias.

What if someone posted false claims about you? Would you like recourse in that
event?

------
agentultra
Write actions that can take seconds to minutes to validate. This doesn't seem
like a trade off any application I can think of would make.

~~~
tenebrisalietum
Let's say you implement a Facebook-like social network (think something like
Elgg). If you really need the benefits of decentralization, is waiting a few
minutes for your post, profile update, file upload, etc. to go through that
big of a deal?

~~~
GordonS
Even if you don't _need_ it, people are going to want their posts to go out
"now". Seconds of latency is tolerable, but your average person is not going
to be happy waiting minutes.

~~~
tenebrisalietum
See, in the 90's when everyone was on dial-up, people really did wait minutes
for stuff. I waited HOURS for a single MP3.

You just have to sell it. Market it as "this decentralized network has delays
to ensure dark and addictive patterns don't overrun the network - our network
is more than just trying to see who has the most likes in the shortest amount
of time."

~~~
GordonS
Thing is, I was there in the 90s, on crappy 14/28/56k dialup. I remember it,
and it was _shit_.

------
crispyporkbites
Trying to understand this one - this is saying we take an standard 3-tier app
and instead of storing data in our normal sql/nosql database, we route it
through some kind proxy called a "validator", which is a blockchain based data
store, that uses the same database API.

And the benefit of doing this is to allow other users to be able to validate
the integrity of data and ensure historical changes cannot be overwritten?

So who pays for the transaction storage costs? and how does this validator
thing work?

~~~
ryscheng
That's exactly right! The argument is that if you look at truly reliable cloud
services (think Google). They already use consensus protocols to replicate the
database globally for fault tolerance purposes. The spanner paper does a
decent job explaining their architecture.
[https://static.googleusercontent.com/media/research.google.c...](https://static.googleusercontent.com/media/research.google.com/en//archive/spanner-
osdi2012.pdf)

Why not do it for decentralization purposes too? Blockchains are just a
another class of consensus protocols. IMO one of the defining aspects of
blockchains is the stronger threat model. Traditional consensus protocols are
designed to be crash-fault tolerant, not byzantine-fault tolerant.

I wouldn't get tripped up by the word "validator". In the academic world we
probably would have used the term "node" or "replica". It has a special
meaning in the blockchain world because it conveys a sense of trust and work-
checking.

"Who pays" is a fantastic question. The blog completely elides the question
about incentives which in my opinion will vary depending on the app. For
creating an censorship-resistant Wikipedia, it'll be different than a
communications app. Hoping to write a blog post about that soon after we get
more built to show.

------
viraptor
So I'm not familiar with the dapp apps internals like the ones described in
the article. Does anyone have a quick summary of: How do you do user
authentication and other "secret data" cases if the data is visible to
everyone? Let's say there's an app with user-configurable webhooks which need
to be used by the server, but shouldn't be announced to everyone.

~~~
auston
Cofounder of QuikNode.io here - this is kind of a “it depends”
question/answer. What chain are you using? Ethereum? Bitcoin? EOS?

At a high level you could encrypt the data (URL) you want to send the webhook
to, then (let’s say you’re using Ethereum) you could subscribe to an event &
make sure you have the decryption key there to decrypt the URL & actually
forward on the webhook.

In terms of the user auth question, you can use signed requests or just
signatures in general - I love the localcryptos.com implementation of user
login, for instance.

Happy to answer more questions like this, just email me: auston@quiknode

------
thefounder
Maybe when computing gets really cheap this could be done. I mean cheap like
downloading and running Google(front/back-end) on my phone.

------
Taek
"For the purposes of this blog, we will narrowly define blockchains as a
Byzantine-fault tolerant consensus protocol"

I don't think this is a useful definition. Blockchains are about trust and
control, not Byzantine fault tolerance.

~~~
verdverm
And they seem to be doing poorly on the trust element. My lack of trust in the
controlling entities is why I left the space.

Bitcoin is more centralized ( via the mining cartel) than the existing banking
system. The wealth gap is greater in crypto than the analog world too.

------
SI_Rob
Wouldn't any such apps used for anything beyond toy experimentation quickly
re-centralize around maximal cliques? At scale, the demand for responsiveness
tends to drive out the demand for everything else.

------
addisonj
Hrm.. interesting idea!

The tl:dr; appears to be "we built a blockchain based query logger" where
essentially the consensus appears to just be that it is valid SQL, and defines
an ordering of the statements. Then once everyone agrees to apply the change,
then it is applied... With (AFAICT) no interaction with the DB during the
consensus process?

This seems to be a bit naive of features like locks and transactions that are
critical to most DBs, so while maybe you can define a global ordering of
statements, the execution of those statements may be nonsensical and result in
a lot of failed transactions. For example, it seems like you could grind the
usability of the system to a halt by flooding the validators with 'valid' SQL
designed to create as many conflicts as possible that would cause a ton of
writes to fail to commit.

I agree with the desire for more services to become decentralized, and this is
a novel idea, but (IMHO) more and more the technical hurdles of blockchains
often bring more challenges than they solve.

~~~
q3k
This is naive of any real-world, large scale use of RDBMS systems. Not to
mention any actually distributed storage systems.

~~~
addisonj
Agreed. You aren't going to get this to work with Wikipedia. But I could see
some utility on the small scale (if it weren't easy to break with conflicts).
A Discourse install for local discussion in an oppressive regime run across a
few hundred commodity computers could be pretty hard to shut down and
reasonable to have work for 50k people, the weakness here is that one bad
actor could disrupt it just by flooding it with valid but conflicting writes
(not to mention being able to just issue deletes against all the state if all
actors are treated equally)

