Hacker News new | comments | show | ask | jobs | submit login
Fog.sh – decentralized content publishing on the IOTA ledger (fog.sh)
35 points by degif 10 months ago | hide | past | web | favorite | 53 comments



Only 4 days ago this was posted:

http://codesuppository.blogspot.nl/2017/12/iota-tangled-mess...

Next to that I found this great article in the comments:

https://medium.com/@neha/cryptographic-vulnerabilities-in-io...


Not really deep into this, and haven't even read the whitepaper, but looking from the outside there are a lot of red flags around this project:

- Use of ternary logic [1]

- Writing their own hash function [1]

- Claiming that the flaws in the hash function were 'copy protection' [2]

- The Github issues page for their wallet client [3]

I've heard that the DAG approach has merit, but from what I've seen I would not trust this team to execute on it.

[EDIT]: Almost forgot the black-box closed source 'central coordinator' [4]

[1]: https://medium.com/@neha/cryptographic-vulnerabilities-in-io...

[2]: https://gist.githubusercontent.com/Come-from-Beyond/a84ab861...

[3]: https://github.com/iotaledger/wallet/issues

[4]: https://www.reddit.com/r/Iota/comments/7c3qu8/coordinator_ex...


1: By using a ternary number system, the amount of devices and cycles can be reduced significantly. In contrast to two-state devices, multistate devices provide better radix economy with the option for further scaling

2: Why is explained here: https://blog.iota.org/the-transparency-compendium-26aa5bb8e2... - CyberCrypt is hired to review and audit it.

3: The wallet is secure and does what it needs to do, no, it's not very pretty or user friendly but it works. A new wallet (Trinity wallet) will be released very soon.


ad 1. Citation needed

ad 2. From the article: "Let’s begin with the common sense, IOTA’s Tangle is a significant leap forward from blockchain". Why do you believe this subjective superlative when the protocol is still in beta and heavily contested? It's like saying: "Fusion reactors are a significant leap foward", while no production ready fusion reactors exist. You cannot make this claim unless you're willing to attest to the correctness and production-readiness. This seems common sense to me.

ad 2: What is this document? "The Transparency Compendium", "Transparency Report", "Blog post"? All of them are mentioned, but there is no mention whether this is an official statement, or just a sputter of random thoughts by the author. It seems official, but isn't.

ad 2: No mention of CyberCrypt in that article. Extraordinary claims require extraordinary evidence. Also, Occam's Razor. That's what I like about the original bitcoin protocol, it's as simple as necessary, but not simpler.

ad 3: It doesn't need to be pretty or user friendly. The complaints are about people losing their IOTA's and all kind of other complaints. Please address these complaints head-on, instead of just making blanket remarks about user-friendliness.


> 1: By using a ternary number system, the amount of devices and cycles can be reduced significantly.

How does that work? Trying to find information, it looks like it's designed for devices of the future that don't exist; so it's built on assumptions that may be plain wrong.


It would be ideal on trinary hardware, but it can work with a trinary emulator for now. I expect to see a Trinary chip very soon. CfB, one of the core devs of IOTA, founder of NXT and inventor of PoS has a team that has been working on Jinn (trinary cpu's) for the last 6 years.


So they're betting that it's the hardware of the future. And not something like the Mill CPU, which has been in development for much longer and it seems it will be able to execute all the millions pieces of existing software, faster and with less energy.


Hi,

-Can you explain why the use of ternary logic is red flag? I can explain why it is not but you have to justify your statement first. You calling the use of ternary logic a red flag must be based off of something I assume.

-They used a custom Hash functio called "Curl". But they now replaced it with KECCAK-384. Curl is now being reviewed by a third party.

-For this, I will let CFB (one of the devs) to explain. https://medium.com/@comefrombeyond/cfbs-comments-on-https-ww...

-wallet is a nuisance for some users I agree. But majority of users are fine with the wallet. Of course you can only hear those who had problems.


Ternary logic is a pretty niche thing. As I understand it the claimed benefit is improved efficiency / elegance for some mathematical operations when run on a ternary computer.

However since all modern hardware is binary, the use of ternary logic only serves to introduce an unnecessary software based translation layer, simultaneously increasing complexity and reducing performance.

I would consider this to be an example of very poor engineering judgement. Good software is simple software. I would be extremely concerned if a colleague suggested such needless overcomplication.


I would not consider in poor engineering judgement. It is a judgement yes. By using binary, you don't need conversion but lose computational power. By using ternary, you lose thru conversion but gain computational power.

In the end of the day, you have to choose as a dev.

So to your point, I don't consider it a red flag. You can even interpret it as "thinking outside the box". Yes ternary is more complex, that's what the devs are here for.


> By using ternary, you lose thru conversion but gain computational power.

How does that work? Isn't it being emulated on binary hardware?


However since all modern hardware is binary

They're actually working on trinary hardware with the closely related JINN project.

https://bitcointalk.org/index.php?topic=1273040.msg13159701#...


How come the links to jinn repos don't work? https://github.com/JinnLabs/


Using ternary logic causes a lot of things (like the custom cypto) to be non-standard and thus hard to evaluate. "Rolling your own crypto" is a red flag in itself, but making such choices while everyone else in the blockchain/DAG world mainly uses tried-and-tested building blocks, seems like a red flag.

And in the end they are "just" red flags (= warning signs), which might hint at fatal flaws, but also might not.


https://eprint.iacr.org/2016/1159.pdf

The above is a proper paper on how to do math for a DAG based protocol.

Serguei Popov, the research mathematician behind IOTA DAG based protocol, claims that it is impossible to make proofs behind the tech. [1]

[1]: https://medium.com/@johndom/iota-and-spectre-64ee12d9b1a8


This invention is supposedly possible through the use of something called a 'directed-acyclic-graph'

Before I bought a single IOTA, I read this whitepaper and it's pretty indecipherable. I'm a pretty technical person myself, but this paper was not written in a way that anyone can easily understand.

That Code Suppository "article" (blog post) is complete rubbish.

The issues in 2nd article have been fixed.


Every cryptocurrency have had their vulnerabilities at some time in the history, I don't see how this is relevant to the topic. Also he claims have been debunked by the IOTA team - https://blog.iota.org/curl-disclosure-beyond-the-headline-18....


> I don't see how this is relevant to the topic.

At least please read up and educate yourself before conditioning others into your opinion.

> Also he claims have been debunked by the IOTA team

only that they haven't been debunked[1].

Curl/Kerl should be reason enough for anyone to run away screaming. If somebody peddles a secure e2e encrypted messaging app based on an untested freshly invented hashing or encryption algorithm everyone would agree it's wrong. Why should the behavior displayed by IOTA team / management be treated with silk gloves? Whenever I see somebody vouching for IOTA I can only imagine 2 reasons:

  1) person doesn't have a clue about basic engineering / security principles
  2) person owns IOTA ans hence is personally too deep invested to be unbiased
[1] https://www.linkedin.com/groups/4807429/4807429-634451121504...


So this John Ratcliff is actually crying because he can't reuse his address after sending from it. Please do know that Iota uses Winternitz one-time signature. Iota team discussed already the pros and cons of this choice. And not reusable address is a known and conscious decision from the devs.


IOTA is being attacked with FUD from all sides, some people really don't want it to succeed.

There's a pretty complete thread on reddit with most FUD in it and why it's not valid:

https://www.reddit.com/r/Iota/comments/7j81tq/fud_copy_pasta...

Here's an article by one of the IOTA founders addressing your second article:

https://blog.iota.org/curl-disclosure-beyond-the-headline-18...


Wonder why you only post the old negative articles. There are maybe 5 articles that claim they found something negative, but 20 that are positive or directly debunking the negative articles using credible professional sources.

The nonsense about the 'vulnerability' neha found got destroyed in multiple answers. either directly from the devs or from independent sources.

Just yesterday one of the core devs answered (again) to the claim by narula: https://medium.com/@comefrombeyond/cfbs-comments-on-https-ww...

Your post shows the classical signs of a FUD-Attack. Excellent explained in this article: https://www.psychologytoday.com/blog/mind-in-the-machine/201.... Here is IOTA as Victim of ongoing targeted FUD-Campains identified.


> Wonder why you only post the old negative articles. There are maybe 5 articles that claim they found something negative, but 20 that are positive or directly debunking the negative articles using credible professional sources.

here you have a couple more:

1) https://pbs.twimg.com/media/DQcxVVhUIAAVAY0.jpg:large

2) https://pbs.twimg.com/media/DQQKnDiU8AAQJRW.jpg

3) https://hackernoon.com/why-i-find-iota-deeply-alarming-934f1...

I have plenty of private email discussions and transcripts from calls with 2 of the IOTA guys from when they started out. All I say at this stage is that they have been engaging in pump+dump. The situation with their "fake" partners was carefully designed to help with that.


Because he's not invested in iota like you clearly are.


You don't have to be invested in something to be unbiased.


How does the fact that he is not invested give him the right to spread false informations and throw dirt? When i see bullshit, i call it out. simple as that.

My opinion is as good as his. But my sources are much better and reliably researched and obviously not biased.


A developer defending his project with a blogpost that mostly seems preoccupied with attacking the authors instead of their argument is "obviously not biased"? That response makes them look even worse.


did you literally just sign up for a comment on this post?

bad idea to come in here guns blazing ... what usually works very well on the Internet as a newcomer to any site is to lurk a little. get a feel for the vibe and the people, then decide if you fit-in and comment.


Everybody signs up at one time or another. Highlighting the fact someone's passionate enough to discuss a topic is not indicative of ill-doing. Just means they're new. So were you at one time.

As for the technical meaning of IOTA.. Well, it seems interesting. IIRC, they're doing some sort of DAG so blockchain based slowdowns don't occur. But they're doing really funny stuff with trinary math and rolling their own crypto. Usually not a good sign in the least. Makes me hesitant in trusting anything about this, at least until people smarter than I confirm they did mathematically correct operations. Still, using trinary makes most algorithmic tools just not work...


That i get heavy downvoted here just proof that i hit a nerve. Job done. I'm happy with that.

People seem to just see the FUD Articles and think right away "Oh yea, MIT, must be true", without even thinking about checking the sources.

If the old members here don't want to read the other side, okay, but newcomers should not get dragged in this vortex of misinformations.

Seriously people, read all information and you will see very fast that 99% of all posted Anti-IOTA articles are biased nonsense.


so much that IOTA hat to launch a smear-campaign against MIT researchers claiming their "arguments are FUD because they are invested in competing technology" (like zcash or btc).

You're an anonymous troll with 0 karma[1] that has only just signed up to "correct/convert" people. Please, just go away. Thanks.

[1] https://news.ycombinator.com/user?id=RoqueNE


Amount of 'newbie investors' in IOTA and their over-zealous defence in any medium is scary.

We've had Perl people, Python people, Ruby people and their arguments but none of those invested their money in languages' success. This blockchain programming zeal mixed with investors trying to hype their currency is annoying and mildly scary.


It's even worse when you realise a lot of them are kids, playing with manipulation tactics for quick "pump and dumps" on discord channels etc. Crypto in general is a madhouse.


Welcome to 1997. The ride is only starting.


indeed very distracting! Becomes impossible to argue when everyone is so pumped by their possible financial ROI that they're blind to any criticism.

And then there is the fanboys / evangelists who sign up to forums like this just for spreading their belief. Like mindless bots. The whole technology is fascinating but it's a pain for researching facts when half the community is biased the other half are morons.


The reason for presence of fanboys in IOTA's case seems almost entirely a reaction to deliberate misinformation being spread about IOTA.

In 24 hours, the price of IOTA tanked from a high of $5.50 to a low of around $3, beginning just after a vitriolic tweet brought up an old security vulnerability in the Tangle network that was discovered by an MIT lab. Of course, the tweet conveniently failed to mention that the vulnerability had since been removed and confirmed as such by the same lab.

https://www.psychologytoday.com/blog/mind-in-the-machine/201...


It's not about being blind to criticism, it's about lies being told about a cool new technology in a thread about a cool project build on top of it. This complete comment thread has been taken over by a discussion about IOTA, about parts of IOTA that are not very relevant to this project, and the authors comments of the project who's here as well get snowed under due to this.


I know this will get down votes (but I'm generally a sarcastic guy so please take this in that spirit): if half are biased and half are morons what camp do you fall in? :)


You don't have to be part of the crypto-zoo. You can just stand on the side observing and shaking your head.

Disclaimer: I personally don't gamble/speculate and therefore don't have any crypto currencies in my possession. (this argument is usually used by IOTA fanboys to discredit critics of their currency/ICO)


Standing on the side lines, indirectly referring to participants as animals (crypto-zoo), shaking your head from your percieved superior position, generalizing participation as gambling / speculating demonstrates you are squarely in the biased 50% camp.

My Disclaimer: I have positions in several crypto projects (not IOTA specifically b/c I don't like some of the decisions they've made). I make no predictions as to which (if any) cryto projects will succeed but ultimately I think that the long term outlook is positive for a few.

edit - typo


What's actually stored on the ledger? Like if I make a blog post with title "Hello world" and body "1234", would those two strings be on the ledger?


Hey, one of the authors here. Short answer - yes. Together with some meta data, the published content is signed by the author, encrypted (read more here on how exactly https://blog.iota.org/introducing-masked-authenticated-messa...) and stored on the Tangle.

Fog CMS helps with the content publishing and is one of the ways on how to read and display the content from the Tangle.


Just remember that all the message/transaction metadata is purged when the IOTA team makes a “snapshot”. One of my first evaluations of IOTA was to store IPFS URLs in transactions. Then came a snapshot and all the data was gone. This probably wouldn’t happen in a system with transaction fees.


Hey, one of the developers here! Happy to see this on Hacker news, thought the CMS is still in heavy development. Happy to answer questions and I hope we can stay on the problem/technology/product topic and oversee all the crazy speculation stuff ;)


Nice work! This seems really slick :)

How has your experience of building with IOTA been? Is there a good SDK / documentation somewhere? I've just started digging into Ethereum and so far I've been a bit disappointed by the standard of the tooling... :/


Right now IOTA works as a content storage and distribution "database" regarding to what we are building, so it's more simple than Ethereum smart contracts and their own language. The API SDK's are all there and are working great for us!


Does the SDK call out to some server running a node somewhere, or does it actually implement a client side IOTA node in JS?


To check the data authenticity it's connecting to a node server for the data synchronisation, the data encryption happens on the client side. Client side nodes are on IOTAs roadmap as it's a technical challenge to synchronise with the network by just storing a small chunk of it.


Who runs the server?

What incentive do they have to expend resources to commit data to the ledger?

How can you trust that they have committed what you asked them to?


why is fog.sh storage better than dropbox?


It's not because of Apples and Oranges :)


Does the particular content object live as single chunk of data in the decentralized network or as multiplicated copies as in case of virtual currencies ?


This seems like it might be interesting if there were some technical detail about how it actually works.


I don't see an advantage to https://datproject.org ?! Do I miss something?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: