Daily reminder that ChainLink had no answer to the reputation farming problem
Other urls found in this thread:
nootropicat... so hot right now.
Reputation can only be gained from randomly assigned jobs where the data source is comfirmably publicly accessible.
Holy shit this guy is still going?
He fucking convinced me to dump my link. The datasource api can just cryptographically sign the data and one miner can be paid in ether or whatever currency to retrieve the data. 100x more effiecent and more secure since it is secured by math and not rule of majority.
Should not have listened to autists on Veeky Forums but rather on clever redditors.
what will it take to convince you to stop shitting upon the streets of mumbai?
So you're smarter than vornth?
Don't you think it's pathetic that the technical community manager gets BTFO by some reddit nobody?
Doesn't it make you question whether or not they thought things through before publishing their white paper?
Yes user some random redditor is smarter than Ari Juels, the Zeppelin team, all of REQ, HCL Technologies, SWIFT, DocuSign and everyone else.
He didn't even read the whitepaper but he completely BTFO the developers with his surface-level elementary hypotheticals. How will they ever recover?
Honestly though can you stop shitposting. This meme stopped being funny the first day you started doing it.
holy shit, just sodld 100k
You forgot the part where this guy asked his surface-level elementary question and CL DIDN'T HAVE AN ANSWER FOR IT.
I don't care how many names you throw at me, if the CL team (and vornth specifically said the team, not himself) can't provide a satisfactory answer to such an "elementary" scenario then that puts into question the feasibility of their entire tech
I hope you guys know what you're talking about. I don't fall in love with my bags and my rational side gets a little anxious when rather than a logical refutation the only defense I see in these threads is you think you're smarter than x, y, z...
You realize thomas is just there to placate the neckbeards so no one goes rogue and sabatoges the project? They routinely withhold information and don't give full answers to questions. In any case there are many different ways to prevent this and I have no doubt Andrew Miller and Ari Juels have or can think of ways to mitigate this risk. I'm sure everyone here realizes the obvious one.
>Yes user some random redditor
>argument from authority
The whole point of pseudonymity is to have discussion based on merits
Reputation farming is such a basic scenario that I'm shocked they don't have an answer for it and even more shocked that they hadn't even considered it. It literally throws their entire manual selection process off which was a feature they were heavily touting. This is some legit FUD
>mobius pays some guy to fud link and at the same time fish for info on how they solved problems that their team is stuck on
Can someone give me a link for that discussion?
He's like a superstar now. And all his fud is shit that has been dispelled on Veeky Forums months ago.
I wouldn't be surprised desu
Thanks, just bought 100k
Yeah buddy 100x more secure... until that single node fails. Or the power goes out.
YOU WILL SEE!!!
SERGEY WILL TAKE US TO THE MOON!!!
WE'LL REACH PLANET $1 AT THE END OF THE MONTH
>For the node selection process, nodes that are able to retrieve the requested data would first signal (and pay the penalty deposit if required) that they would accept the job
>This seems vulnerable to DDOS. If I see an exploitable contract being offered I have an incentive to DDOS other nodes so that only my own are able to respond.
>Although I don't see how you would pull off a DDOS on other nodes.
>I can easily get lots of node ips by offering many jobs for my own api.
I think what he means is first farm reputation and collect competitors' IPs. After that ddos collected IPs to knock competing nodes out. Attacker can obtain majority as a result.
Sounds like something hard to defend against. Any ideas?
Simply put, decentralized reputation is a hard problem, and many dApps are going to struggle with it.
There's research into it, however.
fuck can someone answer this
all his arguments are getting to me
I'm losing my faith in link
Where is you Assblaster nigger !!??
I will pump your ass to $1k asap !
Show yourself nigger and I will wreck yo ass !
C'm'ere nigger and I show you real pump nigger !!
DDoSs are fairly easily mitigated these days. it's not an issue for smart node operators.
>LINK is intrinsically worthless. Node operators can be payed in existing cryptocurrencies. Just look at the testnet right now, it only accepts ETH instead of LINK lmao. It means that ETH can easily be substituted for it, that is, if someone wants to fork the token to accept ETH (an established cryptocurrency instead of some fucking ERC20 token made with a two-man team), LINK is basically useless. That is besides the fact that everything LINK aims to do can be easily done by cryptographically signing the data from the API source.
>>muh next ETH
>Link, 5 months in: 35 cents (3.5x ICO)
>Ethereum, 5 months in: $5.50 (17x ICO)
>Uh oh, pissed stinker incoming HAHA.
LINK is intrinsically worthless. Node operators can be payed in existing cryptocurrencies. Just look at the testnet right now, it only accepts ETH instead of LINK lmao. It means that ETH can easily be substituted for it, that is, if someone wants to fork the token to accept ETH (an established cryptocurrency instead of some fucking ERC20 token made with a two-man team), LINK is basically useless. That is besides the fact that everything LINK aims to do can be easily done by cryptographically signing the data from the API source.
>muh next ETH
Link, 5 months in: 35 cents (3.5x ICO)
Ethereum, 5 months in: $5.50 (17x ICO)
Uh oh, pissed stinker incoming HAHA.
where is assblaster? what on earth happened to assblaster? ASSBLASTER?!?!
Have to love the chainlink devs, any hard question comes up they go off into long tangential paragraphs about their plans for the future instead of actually giving simple answers.
It's actually very simple
don't include reputation gained from manually chosen nodes
>install ETH oracle
>everybody who wants to use your data in smart contracts now has access
what am I missing
yeah that's his original point, that api providers are going to start selling data directly
wheres the "were all in this together" retard lmao
Doesn't this FUD decentralization as well
Expecting biz to know anything about link besides memes kek
and why wouldn't they? he's saying they'd sign the data and somebody else would be the oracle, but the providers can also make their own oracles directly for very little effort. just don't see how it's gonna be any different
the data has to come from a single source anyway
Except it did and your fud is shit
Bought [email protected] = comfy
wow you completely fucked up that pasta
I'm also sure Sergey will run a shitload of his own nodes to overpower any potential attack
that's why they are careful with spending ico money now, because they will need it later too.
They cannot reveal all the ways they will counterfight bad actors right now
What was the answer
>I'm also sure Sergey will run a shitload of his own nodes to overpower any potential attack
If most nodes belong to Sergey that would make chainlink a centralized oracle company...
the fact that they'll need to devise plans to counteract bad actors isn't reassuring. it should be at the core of their operations.
A) Not everyone wants to use ETH.
2. This leaves a single centralized point of failure/attack/tampering.
* This system still requires an overarching way of handling any transaction that is more complex than "query API > ??? > profit". Look up what a 'smart oracle' is.
- And it doesn't matter if the API puts out its own oracle. Regulations like PSD2 are forcing financial institutions to open up their internal APIs to third parties anyway. So the API's own oracle is just going to be one in a sea of potential oracles making use of the API.
I'm trying to cut down on my spoonfeeding, so enjoy it while it lasts.
You have no idea when your Oracle is being used for a data pull. So you would have to continually give bad data in hopes that one of those times your bad data is pulled. Except everytime you send bad data , where it's pulled or not , it gets identified and penalized.
It could be done but it's very costly .
Not to mention your reputation gets wiped out once you change the data your sending . So you can't farm reputation sending weather info , then change to sending bond rates and use the same reputation . You start over at square 1.
>the fact that they'll need to devise plans to counteract bad actors isn't reassuring
You'd prefer it if they didn't make an effort to counteract bad actors?
>but the providers can also make their own oracles directly for very little effort
yes they can but would these oracles be trustless?
>the data has to come from a single source anyway
no it doesn't
regarding the DDOS fud
Mark Zuckerberg in 2004:
>I have this amazing idea for a website where people can be friends
>but the website can get DDOSed so why create it?
Kek rewards me for my spoonfeeding.
yea because Sergey will sabotage his own project,
or you think you'll be able to detec and attack all his nodes lmao
that's the reality of decentralization, nothing is 100%, no one will give you insurance for anything. ETH team has a separate departament to research and work on potential bad actors attack preventing scenarios. You think they're gonna share what they work on?
and who's gonna run the nodes then ?
go fork btc or eth you faggot, no one will mine that trash for you
also LINK has additional features and it's slightly different standard than erc20, I'm 100% sure you had no idea about that like every fudding faggot
Isn't it an attempt to prevent reverse engineering of the thing they are creating?
Eth is working on corner cases in regards on bad actors. Chainlink apparently has problems with most basic of attacks
>A) Not everyone wants to use ETH.
well if the API provides signatures for each response then it doesn't matter who makes the oracle and relays the message, it can always be trusted
>2. This leaves a single centralized point of failure/attack/tampering.
what, the API?
>* This system still requires an overarching way of handling any transaction that is more complex than "query API > ??? > profit". Look up what a 'smart oracle' is.
that's probably what ethereum is intended to be used for?
>- And it doesn't matter if the API puts out its own oracle. Regulations like PSD2 are forcing financial institutions to open up their internal APIs to third parties anyway. So the API's own oracle is just going to be one in a sea of potential oracles making use of the API.
so everybody's gonna use APIs signed by banks as data sources anyway? how does that help
I'm not even trying to make you mad or something, I just dun geddit
>yes they can but would these oracles be trustless?
uh, if you trust the API in the first place you shouldn't have a problem trusting their oracle
>The problem with all countermeasures is that even it they prevent an attack 99.99% of the time, that 0.01% would destroy all trust in the system. All in all there are so many uncertainties and exploitation routes I wouldn't trust anything that relies on non-sgx chainlink nodes.
That's it, I'm going to sell my link on the next pump
>Regulations like PSD2 are forcing financial institutions to open up their internal APIs to third parties anyway
If they sign results it makes chainlink useless.
>but the website can get DDOSed so why create it?
The point is that ddosing during the contract period helps the attacker to obtain majority and push false data. If facebook is down all that happens is that normies don't know what to do with their life
>The datasource api can just cryptographically sign the data and one miner can be paid in ether or whatever currency to retrieve the data
Umm, sweetie, that's not what ChainLink is for
Like I said, I'm cutting down on my spoonfeeding. Also I actually want as many people as possible to sell.
by default autism causes people to pick holes in everything til the death. nothing is 100% perfection. there are many existing real world products and services that are imperfect, some more than others, there is always room to develop and improve. not fud.40k linky
These hypotheticals all miss the forest for the trees, which makes sense, given that this FUDer admitted to not reading the whitepaper.
>this FUDer admitted to not reading the whitepaper
That was painfully obvious.
NOBODY on Reddit has any concern over this Mobius paid fudders info.
>The point is that ddosing during the contract period helps the attacker to obtain majority and push false data
you can always push false data, but that would ruin the reputation now wouldn't it? moreover, if some smart contract requires confirmation from three nodes and one of the nodes decides to DDOS the shit out of the other two, the contract won't just forget that it requires three nodes
After some consideration, we decided as a team to address this question here, since we received some questions about it from the community.
A smart contract which could possibly hold millions of dollars needs to be evaluated end-to-end, as Sergey explains in this talk. An ideal scenario would require multiple data sources in order to validate data against peers, as discussed in our white paper in section 4.1. This is because no oracle service, decentralized or not, can validate if the obtained answer from a data source is truly correct, only that the provided answer is what the source said it was (the last few sentences of section 5.3 gives some insight into this). Using multiple data sources would obviously be optimal as it would fit in well with the trustless setting. If one data source is providing faulty information, that is easily caught before a smart contract could execute based on the data provided by nodes retrieved from other data sources.
Sometimes, utilizing multiple data sources is simply not possible because there is only one source available. When this happens, that data source would be considered as a single point of failure for the smart contract. It would be entirely up to the smart contract creator if they are willing to accept that amount of risk for their contract. However, using multiple oracles as the trigger for the smart contract, even if they're all connecting to the same source, is still advantageous over a single oracle acting as a trigger for the smart contract. This is because a centralized oracle would be considered another single point of failure.
It seems to me like the argument of using a notary for a centralized service being better than a decentralized oracle service isn't fully acknowledging the need for an end-to-end trustless smart contract ecosystem. Regardless if the centralized oracle knows what it's processing or not, it can still go down and prevent the smart contract from executing when it needs to. Utilizing centralized services sounds like the present day, where if someone doesn't fulfill their obligation of the agreement, you sue them (which has additional costs and headaches of its own). So it makes sense why this reasoning seems valid at first glance, because that's the world we live in right now. In a trustless world, however, relying on centralized services is simply too much risk. Why would one choose to use a single data source, with a single oracle, feeding data to a decentralized smart contract?
If we have a single data source as the sole supplier of some information, what can they do as we head towards a trustless world? They could create multiple independent endpoints for their API in order to provide some level of redundancy. This would at least prevent a single endpoint from being a point of failure.
>uh, if you trust the API in the first place you shouldn't have a problem trusting their oracle
the oracle is another step in the way that can be fucked with
Using chainlink you'll have nly 1 point of failure (data source)
using some centralized single oracles makes it 2 points of failure
However, it would still be up to the smart contract creator to determine if that reduces the risk enough to use as a factor for their contract, since it still does nothing to validate factual information.
We can even take it a step further and say that the data source doesn't even want any 3rd parties connecting to their API. How would they provide their data to smart contracts? Some may say that they will create their own oracles, I don't think so. There are a lot of technical issues that need consideration before one can simply create their own oracle. How do you handle blockchain forks, rollbacks, congestion, varying gas prices, etc.? Chainlink already has solutions in place for all of those issues. It would require significantly less effort to create an external adapter for their own API and run a node (or multiple for redundancy) than to start at the beginning of creating a specialized oracle.
All further points raised in the criticism were raised debated an refuted here
Its fud. It has zero bearing on chainlink an its place and success.
>FUDer admitted to not reading the whitepaper
Its at this point that the PnD team who have been using biz and trolling reddit with fud nee to stop and think. If they have reached the state where they are wasting the teams time and actively undermining the team just to accumulate, how dumb are they?
'As long as they are in a minority' and how does that work?
Such bullshit FUD.
>given that this FUDer admitted to not reading the whitepaper.
kys brainlet its shit fud but its cancer to waste the teams time on it.
Did you read the whitepaper? Nodes are penalized for providing false information, part of which includes a payment of staked LINK.
Either you choose them manually, in which case, why the network? You're already doing the work, you may as well choose several companies looking at reviews. Or there's some automatic rule that determines 'high-quality security' and reliability (I assume you include correctness in that) - but then the question of how is correctness determined returns.
Dude, go read the whitepaper, it's clear that you haven't based on the questions you're asking: link.smartcontract.com
Retarded little fudder with an ego problem spewing bullshit while high on drugs
>Daily reminder that ChainLink had no answer to the reputation farming problem
Daily reminder that the PnD group that FUD link to accumulate are fucking cancer brainlets more like.
>Did you read the whitepaper? Nodes are penalized for providing false information, part of which includes a payment of staked LINK.
Even vornth agreed with him that they aren't
>Dude, go read the whitepaper, it's clear that you haven't based on the questions you're asking
You're quoting someone's opinion that he didn't read the whitepaper, not his admission that he didn't
I think this guy might be legit retarded. This is the stupidest thing I'd read so far. "Give correct data to my nodes and wrong data to competitors". Jesus Christ I'm surprised he can operate a computer with this level of expertise.
I think he's purposefully trying to waste the team's time.
The same pnd groups that shilled you your bags in the first place
this fud is older than Link memes
>what if I give bad data from my own API
how exactly would he give different data to different nodes fom 1 API?
Also you think the Node operators will trust some shady contracts/data sources?
We will see
lol dude you're looking for reassurance or trying to make the community look bad ? lmao
if you listened to Sergey's talk at devcon he taked about API library
you think average node operator will serve data from some shady sources just to get caught in a trap?
Chainlink will be usccessful because the customers are not at risk, only the node operators, and the community will weed out all the bad actors, but that's also why running a node is for people with an >double digit IQ
>you're looking for reassurance or trying to make the community look bad ?
I updated my comment
...Anybody else, feel free to jump in
Not only is doing this impossible it's very premise is retarded.
He wants to create an order for HIS OWN API with zero reputation or past history and employ hundreds of nodes (because he has to control the majority for penalty payments). And he says he wants to REPEAT THIS hundreds of times, the nodes continuously accepting this shady job they're getting penalized for. And "reputation" will not be some singular value like in a fucking RPG or something either. People will be able to see what the nodes fucked up and where.
It's completely absolutely retarded. He's braindead trying to poke holes in something with his teenager level knowledge.
You can't ddos someone just by having their IP. You need the target to have some service running and listening on some port.
This guy is going off the deep end now.
He's the kind of sperg who would scrutinize water into not being wet.
I can't believe what I'm reading.
>I can share the data with my nodes in some other way
no you fucking can't, not only do the damn nodes not see what they're processing due to SGX they have to get the data from the requested API. If you modify the node code to circumvent this everybody on the network will see you're running modified code and refuse to work with you.
like I thought, he creates some sci-fi scenarios just to show off
his last sentence is just a repetition of the old fud
>hurr durr the api providers will serve the data themselves
it was already talked about, there is a reason why they still aren't doing it, because first of all it would be a centralized oracle (which already exist) and none of them will give you any insurance, second of all thinking that API provider will also become an Oracle is like thinking that Bank employees will have to be trained to cook their own food for launch instead of ordering catering.
S P E C I F I C I T Y, do you speak it?
The node operators will only serve data from trusted and known APIs, if some node operators decide to risk going into shady teritory it's their business, and once they get burned it will be flagged.
That's why the API library will be for.
Chainlink is for institutions to transfer data from sources that are already TRUSTED, it's all about the middle part, the trusted/trustless mailman (Chainlink) that's missing.
Chainlink is the missing link (see what I did here?)
Like I said, most data needed to be transfered already comes from trusted sources. It's all about transfering it safely from A to B
$10-$70 EOY, screencap this
This. DDoS is short for distributed denial of service. What service do you want to deny? Servicing requests? Well every request costs LINK so you better have a fuckton ready to employ one million requests a second.
Well look at it from my perspective
I am not a programmer, I understand the importance of Link at a high-level perspective but these technical what-ifs I can't comprehend fully. It is especially alarming when a team member says something like:
>I'm open to suggestions from anyone as to how this can be prevented
Seeing as nobody is countering his points I'm forced to post replies from this thread
>It is especially alarming when a team member says something like:
>>I'm open to suggestions from anyone as to how this can be prevented
Because the scenario doesn't make sense.
There's no incentive to do this other than to sabotoge someone's conract and it will cost a significant amount of money. Once they've spent all that money farming reputation and release their nodes out into the wild the only way for them to successfully attack is to randomly be selected for more than 50% of the nodes chosen from among a vastly greater number of legitimate nodes (which there obviously be because those nodes have the incentive of making money to be honest). Then they'd end up losing the money (as you can you'll likely have to put put up a significant amount of "collateral" for this very reason) they staked on the contract and their nodes would lose their reputation. It could only be done once.
All of that was based on the existing incentive and reputation system. This isn't even to mention other things the team could implement to prevent such attacks and blacklist nodes that engaged in that sort of behavior. Thomas is open to suggestions but probably just humoring the guy because they have determined his scenario isn't a realistic threat and having other ideas for mitigating extreme edge cases like that isn't a bad idea.
I mean you can criticize link for that but its pretty much the crypto sphere at this point.
It's pretty clear they just don't care about responding to criticism on social media. Look at how thomas started his post. "after some deliberation."
At the end of the day it doesn't do anything. The project doesn't live or die based on what some neets on the internet think of it. This is quite literally the first time anyone has responded to any criticism online too so I'm not really sure what you're on about.
The only other thing I've seen them respond to was people questioning SWIFT. Which 1. happened when datadash said it was off to which rory replied it was not, and 2. Another time someone asked and Rory explicitly said they would tell us if it was off, neither of which were meandering or equivocating and pretty clearly bullish.
>only way for them to successfully attack is to randomly be selected for more than 50% of the nodes chosen from among a vastly greater number of legitimate nodes
that's why I'm 99% sure Sergey will run a fuckton of his own nodes (without ever disclosing it of course) to strengthen the network and make sure even the most relentless pajeet from mobius or italian faggot from oraclize won't be able to do any damage.
That's why they don't have to worry if enough neets on biz run the nodes. Like AssBlaster said, they didn't even want to run an ico in the first place but it looks good on paper to have it done for the open banking/decentralized narrative.
I'm glad you like chainlink but the idea that sergey would run a huge number of nodes to prevent an attack like that is retarded for 17 different reasons. Drop this line of argumentation and reread this thread so you don't make chainlink look bad.
Yeah its pretty concerning