Hacker News new | past | comments | ask | show | jobs | submit login
A Blockchain-based DNS and HTTP server (github.com/okturtles)
103 points by timtadh on Aug 15, 2014 | hide | past | favorite | 25 comments

Am I the only one who finds anything bitcoin/blockchain related to come off as so incredibly complex and buzz wordy and technical that the mainstream will never adopt it?

I feel like it would be a really valuable endeavor to try and make this all much more simple to understand. Right now it just reads like gibberish to anyone other than the sufficiently technical.

The solution is to just not explain how it works, the public doesn't need to understand how it works to use it and to trust it.

If people who advocated for the web explained the entire networking stack every time they tried to get people to use it they'd miss how it helps them.

I agree with all of the above. It's difficult to see how useful this is among the deep technical explanation. The chart on the github page emphasizes features of DNSChain that the current system lacks, but perhaps a chart showing where the current system fails and where this fixes those issues would be more useful?

> The solution is to just not explain how it works, the public doesn't need to understand how it works to use it and to trust it.

Who is "public"? People with technical background or without technical background?

Let's first restrict our scope to people with technical background and assume people already have a degree of understanding on how blockchain is used. Then if a developer tells you the README doesn't convey the message clearly, take note of that and appreciate the feedback. Don't say "just trust me it works."

If this is to the general public, you better hire someone who can actually explain to user how it works from a high level giving analogy is always good.

In fact, you should never assume there are two groups of audience. This is not writing API documentation. A README should be really clear to user how to get started (understand what it does and how to start using it). Think about working with a manual. You can't assume everyone know what certain nail is called by nickname. You need to write the actual name with an actual picture. Don't assume. Be general.

"Trust me it works and it's secure" is the worst thing you can sell to anyone today. Of course I will never know how Dropbox handles my files on their server securely, but at least I can understand when my file is transferred over HTTPS it's encrypted in the communication and when they say they are over the cloud I know I can access it anywhere at anytime as long as I have an Internet access and the data center still exist.

And if I don't understand what the software does how can I trust you to deploy this on my own term? How do I even begin debugging problem during installation or configuring my service?

"Trust me" is not an option, especially when someone is trying to get people to use a software. The one thing we need to change is to teach people enough computer so they can make a judgement whether they should trust something or not ("trust me this photo tool is awesome and is free ... minus the free ad program install alongside with it) or trust me this version of browser is nice come to https://evil.com instead of https://mozilla or chrome

Perhaps we can learn from PGP adoption and evangelism. One reason why it's not widespread is it simply doesn't "just work" in the minds of a non-technical end user. Sure there are longer, detailed causes to debate over but that is the bottom line to a non-technical end user.

Mainstream doesn't adopt a technology, but services.

Want to send a message ? There once was (and still is) SMTP and IMAP, but now you also have XMPP and all its variants, the Skype protocol, something baked on top of HTTP, ... Who cares what's the technology, as long as the service is there.

Want to watch a movie/listen to a song? There were all those containers and formats, but as long as your movie player works mainstream doesn't care. You can use Napster, KaZaa, eMule, Bittorrent, USENET, direct download, and now there are those proprietary streaming things... Again, as long as the service is fulfilled, "Mainstream" doesn't care.

Same with HTTP and DNS. Very few people know how it works, as long as it works. And the goal of dnschain is actually in line with this: The goal is to use your existing software that already work, and migrate from old-style DNS to DNS-through-namecoin. All transparent from a user point of view.

This is why I like ethereum. They take care of all the explaining, and give people a single concept for understanding an ethereum-backed altcoin. Then, any application built on ethereum can just refer people to the ethereum documentation.

Understanding how ethereum apps work has network effects, in the sense that once you understand ethereum, you understand every ethereum app.

okTurtles presented a demo video at EFF CUP at SOUPS 2014 conference that also explains the basics of DNSChain in what could be an easier-to-digest manner:


This is a very interesting and potentially groundbreaking solution. I'm just a tad bit concerned that the tech is represented by... a turtle.

This a layer on top of Namecoin which actually was released over three years ago, inspired by Aaron Swartz's musings[1].

1. http://www.aaronsw.com/weblog/squarezooko

Remember that some "censorship" is good. When FinFisher is being used by a repressive government against protesters and journalists, or a Zeus trojan has nabbed the credentials for your bank account, it's really nice for the security folks to be able to take down the domains being used for command and control.

> Remember that some "censorship" is good.

What you're describing as "good censorship" doesn't actually require any censorship at all. All you need is a mechanism to notify users (or their client software) that a name is designated as malicious. Then the user or the user's client can decide what to do with that information, including ignoring the designation and connecting to the address anyway. That way it can't be used for censorship but it can be used to put ye olde red screen of malware alert in front of the user.

How do you determine the authenticity of such notifications without a central authority?

You obviously need someone to maintain the blacklist. That party could sign their work. If they do a poor job (false positives / false negatives), users and makers of client software can switch to some other blacklist maintainer at any time.

Fast-flux or generated DNS are both pretty crap C&C bootstrapping infrastructures, and relatively traceable.

I won't describe the really good ones, because I don't want to proliferate them.

...because you use them?

I want an invite: akr has an invitation available If you know akr, you can ask them for an invitation to Keybase.

There are a lot of very stealthy, non-obvious methods that are easy enough to do once you realize they're possible. Some people don't like always going full disclosure. I have some things I've thought up that I won't share even though I don't use them.

C&C over Tor has gotten some coverage in the last year, as an example.

I remember tracking down a bad BGP route advertisement in the 90s attributed to Cox. IIRC they ended up pulling a big chunk of some country's traffic into one of their routers. Realized then that the Internet was a fragile thing.

Except that reasoning falls apart when you realize that the budget and start-up cost (in terms of money and otherwise) are significantly more favourable for a malware operation than for a legitimate but oppressed service.

It's not worth it.

Botnet C&C can use IRC lookup or raw IP, so it's a particularly weak argument for DNS censorship.

It's really not that useful. They need to track down the bad actors, not put up weak communication barriers.

DNS is for humans to have memorable addresses, and can be trivially side-stepped.

What are the differences between this and namecoin?

It's middleware running on top of Namecoin's RPC interface. It does not have it's own blockchain.

More specifically, it uses namecoin and the information you store in there [0] [1] and makes it accessible to non-namecoin software through DNS and HTTP.

Best use-case, to me: put your TLS certificates with DANE structures, and you can be sure they aren't spoofed by anyone when someone gets your records. No need for the heavy and centralized DNSSEC.

[0] https://wiki.namecoin.info/index.php?title=Identity [1] https://wiki.namecoin.info/index.php?title=Domain_Name_Speci...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact