Hacker News new | past | comments | ask | show | jobs | submit login
Ethereum Alarm Clock (ethereum-alarm-clock.com)
94 points by mwilcox on Oct 27, 2015 | hide | past | web | favorite | 42 comments



While this site looks interesting enough and even the comments below sort of say the same thing. What is this? I mean really. I look at this site and think. I do not know what this is. And even worse there is nothing on the site that even remotely explains it. Why was it even posted?


Its a cron system for decentralized apps. Since there's no way to run 'cron' trustlessly, this alarm clock creates an incentive to call functions at given time periods.

Its one of those things that you need some background on Ethereum to understand, but if you understand Ethereum you know why something like could be the cornerstone of a lot of apps.


Thanks for clarification. I had the same problem as OP and was literary scratching my head.


This sounds interesting, but I'm not sure I really grasp what it 'is'. Can you explain what this it to me, as if I were 5 years old? I really struggle to understand two things:

a) What this is. b) Why it's valuable.


On Ethereum there is no built in way to have a contract be called periodically, say every 5 blocks, or at a specific time in the future. This contract creates a market which allows contracts to hire people to call them at the requested time.


What is a contract, and why would people want one called periodically?


> What is a contract...

A contract is a group of functions that live in the Ethereum Blockchain (a distributed virtual machine for running decentralized applications)

> Why would people want one called periodically?

For the same reason people need cron to call periodic functions.


A contract is the term for an application that has been deployed on Ethereum.

Contracts expose functions as an API that others can use to interact with them.


> This contract creates a market which allows contracts to hire people to call them at the requested time.

Does that mean that if 'market conditions' deteriorate or make it unfavorable to 'take the job' as it were, that the reliability of this system would take a hit?


Executing a scheduled call is always profitable, so no. People would just make less money.

The market aspect is more akin to a marketplace where people are hired to do a job. And the job is entirely automatable.


Is there some world where demand for scheduled calls exceeds the market's capacity to execute them? And no one has the means or immediate liquidity to switch what they're doing to make a profit off that gap?

I'm just thinking this is really loosely tied system, and it's interesting to think of all the possibilities for how it could break down.


I think the number of transactions/second will always be reached before demand could outpace the ability for people to execute the calls.

You are correct that it would be an interesting world if somehow demand for scheduled call execution spiked to some massive number that outpaced the ability to execute them. I am having trouble thinking of realistic scenarios where that happens but that doesn't preclude it as a possibility.


For those of us who are new to Ethereum:

Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.

https://www.ethereum.org/


Maybe a more descriptive explanation (from the White Paper[0]):

"What Ethereum intends to provide is a blockchain with a built-in fully fledged Turing-complete programming language that can be used to create "contracts" that can be used to encode arbitrary state transition functions, allowing users to create any of the systems described above, as well as many others that we have not yet imagined, simply by writing up the logic in a few lines of code."

[0]https://github.com/ethereum/wiki/wiki/White-Paper


After reading about this for the past hour or so, I found this to be the most helpful document to understanding Etherium: https://github.com/ethereum/wiki/wiki/Ethereum-Development-T...


Great. It's essentially a cluster computing platform with a handful of small permutations on that basic idea. Why don't these people use more accessible language? It would dramatically help increase adoption.


>Great. It's essentially a cluster computing platform with a handful of small permutations on that basic idea. Why don't these people use more accessible language? It would dramatically help increase adoption.

I guess because they aren't aware of the precursors.


Ethereum's contract system has no way of knowing whether events outside its little world actually occurred. It can't tell if someone who said they'd send your alarm message actually did so before paying them. There's talk of "trusted intermediaries", but if you have trusted parties, then you don't need Ethereum.

The banks that are talking about blockchain technology for settlements have a better handle on this. If bond ownership transfers are actually recorded through a transaction on the bond blockchain, then you could have offers, acceptances, contracts, and verified deliveries without a trusted back-end service.

Conceivably you could put a music or video download service on Etherium, where you got a crypto key to unlock the content by paying for it. But Etherium can't tell if the key you got was any good, or that the file it unlocks was what was ordered.

Does someone have a convincing use case for this thing?


So often Ethereum straddles the line between brilliant and terrible idea.

Outsourcing function calls to 'trusted' providers is brilliantly interesting, and a terrible, terrible idea.

What if this used for trading purposes, e.g. price reports from an exchange?


I'm curious if you would expand on why this is a terrible idea.


1) Get trusted 2) Wait until your function is used a lot 3) Lie, ideally in a plausibly deniable way. 4) Profit.

"We had a hiccup with processing USD and EUR prices, and briefly crossed them with this code push, sorry. Everything is back to normal now."

While it's easy to imagine how you'd use this as a trader, I think my fundamental disagreement with the idea is that you are expanding your threat surface for anything that consumes data from 'trusted' providers. That seems almost impossible to be a good idea.

Mitigating this risk with, e.g. multiple 'trusted' providers reduces to the problem bitcoin mining solves in the first place.

I think I would have a more informed opinion if you detailed a sample application consuming this; I'm not trying to shit on what was undoubtedly very solid work putting the service together, but I'm very dubious about the breadth of useful services that wouldn't have unacceptable risk profiles.


It's not really a trust-based mechanism. Ethereum runs on a blockchain, just like bitcoin, but instead of just maintaining account balances it implements a simple turing machine where each instruction costs some amount of the underlying cryptocurrency. Contract code is stored on the blockchain, so the behavior of any contract is fully predictable.

Here's one example: Augur (http://www.augur.net/) have already released an alpha of their fully decentralized prediction market. With bitcoin someone could run a prediction market, pools payments and pay out to winners. With Ethereum you will be able to send cryptocurrency directly to a contract that manages the bet and pays out to the winners, based on some prearranged signal source.


Augur is a great example, and you mention my concern right here.

Under no circumstances should Ethereum Alarm Clock be used as the signal source for Augur's "signal source" / adjudication on prop bets.


@vessenes, I would ask that you backup that assertion with an actual explanation of why Alarm should never be used for Augur.

Just saying it shouldn't be used isn't very constructive.

Edit:

If I make some assumptions about why you think it's a bad idea then I would guess it is that you think the call executors can behave badly in some way. The way the call execution works is that as long as there is at least one honest caller, then calls cannot be censored. Call execution is a binary operation as the executor can't control the call data. So the only thing a call executor has control over is whether or not they execute the call. Even in the situation where some attacker represents a large part of the caller pool, there is a section during the last part of the call window where anyone may execute the function call in exchange for a large payout. So even if an attacker is operating 99/100 of the accounts executing function calls, that 1 honest person can execute the call if everyone else chooses not to.


I think we're just having trouble with specificity here: let me elucidate and see if we in fact agree, which I bet we will.

Augur must in some way be designed to get information from outside the blockchain, unless it only allows prop bets about things directly observable inside Ethereum.

Therefore, part of the risk model for someone making a prop bet with Augur is that a trusted and verified third party at some point tells the Augur contract e.g. "Carly Fiorina did not win the Republican Nomination."

All those who transact with Augur have to reason about the trustworthiness and risk model for the parties that inform the Augur contract. This is how I interpret the idea of the "signal source" in the comment above.

To restate what I said above, under no circumstances should Ethereum Alarm be used to trigger the "Carly Fiorina did not win" action for a prop bet. It's too risky; we have to think about and validate the risk profile for someone cheating.

What I'm guessing you're imagining is that it would be fine to instrument our prop bet contract in such a way as to say "If our trusted Augur oracle has deemed this prop bet decided, be available for Ethereum Alarm to trigger the payouts".

That seems fine to me, and given the limitations in how Ethereum works, makes sense as something valuable to the creators of the prop bet markets.

My larger point, poorly stated at the start, and I would say that I at least am beating a dead horse now, is that it would pay good safety dividends for neophyte Ethereum devs to get some suggested rules about using the Alarm.


>My larger point, poorly stated at the start, and I would say that I at least am beating a dead horse now, is that it would pay good safety dividends for neophyte Ethereum devs to get some suggested rules about using the Alarm.

This is a great point. I think a list of dos/don'ts, design patterns, and examples of complete systems built with Alarm would be very useful.

> To restate what I said above, under no circumstances should Ethereum Alarm be used to trigger the "Carly Fiorina did not win" action for a prop bet. It's too risky; we have to think about and validate the risk profile for someone cheating.

I don't think this is possible: you could trustlessly trigger an "It is 5pm EST November 11 2015" bet via Ethereum Alarm, but not anything more complex. This might be useful for betting on the apocalypse happening or not happening, but not much more.

>What I'm guessing you're imagining is that it would be fine to instrument our prop bet contract in such a way as to say "If our trusted Augur oracle has deemed this prop bet decided, be available for Ethereum Alarm to trigger the payouts".

IIRC Augur includes a semi-decentralized reputation oracle where each bet has a pool of oracles, each with a reputation maintained by Augur on the ethereum blockchain, that are paid some percentage of the total bet value. Anyone can sign up as an oracle, but to get to a reasonable reputation (and payout amount) you need a consistent reputation for correctness (or at least consensus).


I don't know much about Augur, or Ethereum Alarm :), but I think I was reading this part of the alarm site

    The Alarm service supports designation of certain addresses as authorized
 schedulers. Contracts can trust authorized calls were scheduled by an address
 that they authorized, allowing you to schedule calls to functions that would
 normally not be publicly callable.
and extrapolating the "It is 5pm EST November 11 2015" trigger to "It is after 5pm EST November 11 2015 and that thing you specified you were interested in happened."

I'm not sure if your code allows such a thing or not, either specifically, or just by assumption in the original contract ("Only my trusted callers will be able to call this, and I can therefore rely on them for indication of some event happening")


* Recurring and Scheduled payments. On the first of every month, the alarm service pings my wallet to pay my utility bill.

Most of the other potential applications it's easy to argue that they could set up their own incentives to get some user in the system to execute the call. (lottery payout, scheduled trade, crowdfunding payout, etc).

I think that yes, each of those applications has a viable way of motivating some party to execute the call. However, if a service like Alarm proved to be very reliable, it may be simpler to just automate it with a scheduling service. Scheduled or recurring execution doesn't have to be the only solution to a problem for it to still be a good solution.


OK, that's interesting, and I agree that for the use case you specify you're essentially fixing a hole in the ethereum specification / building out the 'standard library' in a useful way.

If I were running it, I would still make strong recommendations that recipients of the alarm 'ping' only execute idempotent functions which do not rely on any data from the ping itself, or on the ping being executed implying any state anywhere in the world, whether on blockchain or not.


A point of clarification. All call execution is just a ping. If the call requires call data it is supplied by the scheduler and cannot be manipulated or changed by the caller. All call execution is relayed through the alarm service so it only relies on the executor to initiate the transaction and then the alarm service does all of the rest.


> What if this used for trading purposes, e.g. price reports from an exchange?

Timestamping trades clearly is not the use case for this. Don't blame the tool but he who uses it in the wrong way...


I urge you to read this classic, The case of the killer robot. http://tareksobh.org/online_courses/cpe300/Lectures/Lecture1...

I believe all engineers have a responsibility to adjust design for risks, especially unintended use cases.

Most engineers would generally agree with this principle, although I have found software engineers tend to be a little more lax than, say civilian engineers.


Just in a generic sense, the tool has something to do with it. How clear is its purpose? How unambiguous is its design? The tool is part of the system of its own use.


Just one minor problem: There are no guarantees that your function will be called. So it's an alarm clock that might not work.


I'm the author of the service.

This is a fundamental limitation of the network as opposed to a shortcoming of the service. When you submit a transaction, it is up to the miners as to whether it gets included in the next block. There are lots of factors that go into this decision, and in normal situations, transactions are going to get included in a block very quickly.

If you accept the assumption that there are enough people executing calls (in exchange for $$) and that the network is not so flooded with transactions that miners are having to exclude them due to volume, then the likelihood that your function won't be called drops near zero.

If the network is congested with too many transactions, then it doesn't matter if the call was triggered by the alarm service or somewhere else, it will still have to compete to be included in a block just like any other transaction.

Now if you want to talk about selective censorship of function calls, then that is an interesting attack vector that I'd love to chat about.


room for an insurance contract on the alarm clock call. Libertarians love contracts ;)


Is this because of the unknown cost at the time?


I believe the reference is coming from http://docs.ethereum-alarm-clock.com/en/latest/overview.html...:

Guarantees - Will the call happen?

There are no guarantees that your function will be called. The design of this service is meant to provide the proper motivation for calls to be executed, but it is entirely possible that certain calls will be missed due to unforseen circumstances.


Strictly speaking, there is no such a thing as "guarantee". Your alarm clock may malfunction in an important moment. An asteroid can suddenly wipe civilization with all insurance providers (now that's an idea...) So you - in a strict sense of a word - always have to estimate and compare probabilities.


It's because the alarm program relies upon someone calling it at the right time. The code itself does not 'sleep' until the right time.


Why is a caller pool required? You don't care who calls your contract, as I see it, nor how reliable they are in general - provided they call your contract at the right time, you're happy!

Since the caller gets rewarded for making the call, the incentives should be in place to make things work without any need for centralization.


Calling contracts has to be profitable, otherwise nobody would do it.

Since there is no way to reject a transaction, every person who attempts to execute a scheduled call will have to pay some small amount for the transaction. If the service is implemented as a first call wins sort of thing, then all of the people who tried and failed would be out the gas cost of that transaction. For calling contracts to be profitable, these costs would have to be covered somehow, otherwise there is no incentive for people to execute calls.

So, this cost would have to be offloaded onto the people scheduling calls which would cause a significant increase in the overhead of scheduling a function call.

The alternative solution I came up with was having a caller pool. The people executing the calls are guaranteed a window of time where they can call the contract and also incentivized (by their bond) to fulfill that duty lest the next person in the pool claim their bond.

I'm open to alternate solutions to this problem.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: