
Blockchain: A Better Way to Track Pork Chops, Bonds, Bad Peanut Butter? - Osiris30
https://mobile.nytimes.com/2017/03/04/business/dealbook/blockchain-ibm-bitcoin.html
======
lordnacho
Seems to be hype from MBA types who've lost the technical knowledge. Or
perhaps never had it.

What is blockchain? It's a way to create a global ledger without trust.

What do you need to track your pork chops? A ledger.

What is IBM? A huge, trusted, corporation.

Does anyone think if IBM operated a bog standard database of pork chops that
the users would not trust it?

Every few months I'm reading these articles about using blockchain, which is
pretty clever, for something that doesn't require it.

~~~
bizzleDawg
Something that confuses me about this blockchain hype. I was under the
impression that it's the distributed nature of crypyo-currencies that makes
them secure as opposed to the blockchain alone? It doesn't seem like it would
be that hard to re-calculate >1M sha256's to rewrite the chain if it's all a
system owned/controlled by one company. Am i missing the point?

~~~
stefano
Yeah,you also need enough people willing to mine (and spend a lot of money
doing so) your pork chops blockchain, otherwise anyone could come along and do
a 50% attack.

~~~
bluejekyll
Yeah. Isn't this a major problem with all of these alternative
implementations? The 50% problem will always be an issues in small
deployments.

It's still a problem in the largest deployment. Does anyone have a "solution"
to this?

In this specific case, it seems like what they really should do is have a set
of trusted nodes for ledger replication.

~~~
bizzleDawg
Surely the best antidote to the 51% attack is to have a large population of
nodes so that an attack would have to be prohibitively large?

W.r.t. having a set of trusted nodes, that's fine, however does the blockchain
add anything in this situation?

~~~
bluejekyll
No. That's actually my point. This industry probably doesn't want to invest in
always having 51% of the nodes, so trusted central ledgers makes more sense to
me.

------
haddr
I have a feeling that blockchain is more of a solution in search of a problem.
Blockchain is really a clever thing and it amazes me in many details e.g.
specially when looking at bitcoin. But it still doesn't convince me where else
it could be successfully deployed. By this I mean: in which domain we really
need all of those guarantees of blockchain and at the same time accept all the
disadvantages.

------
amelius
A blockchain might be overdoing it. Also, does it really provide a guarantee
against companies buying cheap and uncontrolled raw materials from e.g. China
and mixing it through our food?

------
farresito
I get the feeling that the blockchain is the solution to all the problems,
just like IA. I think it's getting overhyped too much.

------
alexro
Isn't it so difficult to grasp that you need a blockchain only and only if you
want to avoid trusting someone in a (meaningful) transactional system? And
you're ready to pay the price.

------
kakarot
I have an idea for a FOSS blockchain-based system that allows anonymous
reputation tracking through tokens to provide an alternate API for trusting
anonymized users through CDNs, portals, etc. Generating, storing and sending
the tokens can be automated and transparent.

The premise is that if your calculated reputation isn't above a certain score,
servers can choose to disregard or throttle your requests. Servers can update
your rep on the blockchain via a provided OTP, based on user behavior. The
higher your rep, the less likely it is that actions interpreted as malicious
will sever or throttle your connection.

The big technical challenges I see would be mitigating abuse from both
malicious clients and servers. Visit a malicious server and your rep is
harmed. Weighting all past scores could mitigate this issue. Combining a
gradient descent algorithm for adjusting reputation with a "time-out"
mechanism could possibly mitigate the incentive for botnets to farm good
tokens to sell to malicious users. The other big challenge of course would be
user adoption.

This could be a robust way of dealing with DDoS attacks and botnets in the
increasingly anonymized web. It could create an accountable web of trust for
anonymous authentication, as it would take time and effort to create and
maintain more than a few trustworthy private tokens. Any blockchain experts
care to chime in?

~~~
duskwuff
Er, privacy? From what you're describing it sounds like you'd be building a
giant public database of users' browsing habits, which should raise some
eyebrows.

The fact that it's structured as a blockchain makes it _worse_ , as there's no
way to age out data.

~~~
kakarot
Blockchain-based, so pure bitcoin-style blockchain implementation isn't
necessary. It probably wouldn't be that big of an obstacle adding a trimming
mechanism by, for example, maintaining a group of sub-chains.

To limit the granularity of data being stored, it would only be used at
authentication endpoints, to create a private session. Once you've identified
yourself as reputable with a OTP that doesn't reveal anything about your
actual internal ID, you can transfer secrets and further authentication is not
necessary.

The system would employ paranoid homomorphic encryption [0] and a fuzzy API.
Hardly a worthwhile vector for analysis compared to the standard MitM attacks
applied today by state agencies and ISPs.

[0]
[https://en.wikipedia.org/wiki/Homomorphic_encryption](https://en.wikipedia.org/wiki/Homomorphic_encryption)

~~~
duskwuff
I think the problem runs deeper than you're considering. The entire purpose of
this service, as you're describing it, is to allow web sites to access
information on what other sites their users have visited (and, presumably, to
read "reputation" annotations made by those sites), and to use that to make
access control decisions. The privacy violations involved are inherent to that
purpose; you can't wipe them away by throwing "but with encryption" at the
problem.

~~~
kakarot
I don't mean to shut down your criticism, but how does it present a vulnerable
security model?

~~~
duskwuff
Privacy is a component of security. Systemically violating your users' privacy
is a security issue -- period.

If your "security models" don't recognize this as an issue, you need to change
those models.

~~~
kakarot
Privacy and security are two separate domains. But even then, how does this
violate anyone's privacy in any way that existing authentication protocols do
not?

------
davidgerard
tl;dr no.

I literally put up something about this just this evening:
[https://davidgerard.co.uk/blockchain/business-bafflegab-
but-...](https://davidgerard.co.uk/blockchain/business-bafflegab-but-on-the-
blockchain.html)

Many blockchain schemes promise the magic of full availability of properly
cleaned-up data. The actual problem in every case is cleaning up the data in
the first place; the barrier that such efforts founder on, over and over, is
that no industry’s players want to create such a new monopoly. The proponents’
business goal is usually to become the organisation effectively controlling
the newly cleaned-up data, with a monopoly maintained by network effect.

If your big goal is cleaned-up data across multiple organisations, the
approach that will get you there is creating a data schema that is so
obviously and elegantly the right thing that everyone just adopts it
themselves, and a regulator eventually says “hey, use this schema.” Note lack
of blockchains. (This is the usual approach in computing, though even there
companies routinely try to set themselves up in the role of central octopus.)

Supply chain provenance is a perennial proposed use case. _e.g._ , Provenance,
Inc. is a London startup who offer to put data about tuna catches on the
Ethereum blockchain. They claim to offer supply chain transparency to all
participants, and this will reveal illegal overfishing or fishing that
involves human rights abuses. The actual problem turns out to be no agreement
on what data to collect or what to do with it. The data would still be entered
by local humans under the auspices of “trusted” local NGOs – who would be
paying monthly for the necessary software – on the apparent assumption that
commercial operations engaging in illegal overfishing or human rights abuses
will certainly _carefully document_ their human rights abuses in the
blockchain and not have strong incentives to just _lie_ or something, or bribe
the “neutral” adjudicators, as already happens in current supply chain
monitoring. The main byproduct of this sort of scheme is a monopoly for the
traceability provider, i.e. Provenance.

As IBM found out _after_ starting Hyperledger, all manner of businesses –
financial institutions, beef industry, shoe brands, confectioners – don’t want
to share data even with all participants in their blockchain, but only with
the people the specific deal is actually with. Funnily enough. This was
apparently news to them. It turns out that IBM set up an elaborate hammer
design consortium without first finding out if there are nails.

The precise same considerations, goals and problems will apply in this case.
In all these schemes I've seen to date (and let me assure you I've read
horrible PDF whitepapers out to here), the aim of the scheme is to sell
someone thousands of contracting hours by convincing them you can help them
become the controlling octopus at the centre of their industry.

