Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jun 20 2016 02:11
    @alexvandesande banned @algotrader2013
  • Jun 05 2016 10:31
    @alexvandesande banned @adamskee
Bob Summerwill
@bobsummerwill
Hey everyone!
Just moving here from All Core Devs on ProgPOW and governance concerns that raises for me.
My blog post from yesterday, for anybody who has only seen the Twitter noise in response and not read what I actually said. It includes links to press releases, screenshots, videos, etc:
https://bobsummerwill.com/2019/09/17/progpow-author-kristy-leigh-minehan-uninvited-from-etc-summit/

Something which came out of this for me was how strongly I feel that we are missing safegrounds around the EIP process which are common for mature client codebases. For example, Hyperledger Besu, like all other Linux Foundation projects uses DCO (Developer Certificate of Origin) declarations for all contribution. And those are with real legal names, not pseudonyms.

For EIPs, all we have are required CC0 licensing. No patent protection.

There was a proposal on the patent part, which is good:
https://ethereum-magicians.org/t/patent-covenant-for-eip-submissions/2901

But I think we do need to get a lot more risk-focussed, and recognize that the EIP process will be an attack vector for bad actors. Is that the case for ProgPOW? Some people think so, some do not, but the fact is that we don't have consistent armor in our process to defend against these social and political attacks.
https://github.com/hyperledger/besu/blob/master/DCO.md

Tim Beiko
@timbeiko

For example, Hyperledger Besu, like all other Linux Foundation projects uses DCO (Developer Certificate of Origin) declarations for all contribution. And those are with real legal names, not pseudonyms.

So I think there’s a big difference between EIPs and clients here

Bob Summerwill
@bobsummerwill
What is that difference?
Aren't the stakes even higher for the protocol definition than for implementations of that protocol?
Tim Beiko
@timbeiko
Sure, specific clients, like Besu, may want DCOs, but requiring this at the “Ethereum-level” seems wrong. IMO Ethereum should remain permissionless and I’m not sure we gain much by adding overhead at that level.

Aren't the stakes even higher for the protocol definition than for implementations of that protocol?

INAL, but the protocol doesn’t “belong” to anybody. It’s not a product, it’s a spec.

Bob Summerwill
@bobsummerwill
DCOs aren't about ownership. They are about risk management for a shared resource. In this case, an incredibly valuable one.
Marius van der Wijden
@MariusVanDerWijden
I agree with @timbeiko. I don't think we should force anonymous open source contributers to sign CLAs/DCOs. The blo
Bob Summerwill
@bobsummerwill
What do IETF and W3C do around this sort of stuff, I wonder?
Tim Beiko
@timbeiko
That’s a good question.
IMO the real name requirement is overkill, and it’s worth keeping in mind that Ethereum is a valuable shared ressource in large part because it acts somewhat separated from a lot of legal, financial, etc. infratructure. Obviously, this is where the protocol/client difference is most apparent.
Bob Summerwill
@bobsummerwill
IETF especially, where (like Ethereum Magicians) you have an organization without any formal membership, where individuals speak as themselves, but they are collectively building protocols and standards. Very analogous to our own situation.

The nightmare scenario is for patents to get inserted into the protocol.
Lesser scenarios, but which are entirely plausible is for proposals which economically favor particular parties to be inserted by them.

I understand that this stuff is "the whole game" for bodies like the ISO, with companies like IBM being masters at playing it. Pushing "their thing" as a standard, because they have a huge business built on top of that or whatever.

It would be naive to think, with the sums of money at stake around Ethereum, that everybody is going to play fair here. You absolutely will see parties gaming the EIP process.

Bob Summerwill
@bobsummerwill
Changing the hash algorithm is obviously the example here, but there will be many more as there are more and more business building on top of Ethereum.
I don't know whether dropping "real name" essentially nullifies the benefits of DCO, patent covenants and other IP law best practices. Probably. Because what real world leverage is there against bobbyrandom@gmail.com and his declaration that he made this EIP and he pinky promises it is above board.
Brent Allsop
@BrentAllsop
@bobsummerwill, Sorry, what is "DCO"?
Jean Cyr
@jean-m-cyr
Ethereum, unlike the IETF, doesn't have the notion of a formal chairman per group with the final decision authority. The comparison is weak.
As for gaming the process, I think you're already seeing it in the case you cite (changing the PoW)
Greg Colvin
@gcolvin
The Magicians can form working groups and organize them as they choose, including designating a chaiir, @jean-m-cyr. It’s just less formal the IETF, at least at this stage. Even in the IETF the chair doesn’t have final authority, but that’s a long discussion in itself.
Bob Summerwill
@bobsummerwill
@BrentAllsop
DCO = Developer Certificate of Origin
See https://developercertificate.org/
Essentially asking that each contributor to a project (using a real name) asserts that they authored the code and have the right to contribute it under the licensing which the project is using.
Nick Savers
@nicksavers
@bobsummerwill what's stopping people from writing patented code in an Ethereum contract and claim revenue from the ETH holder?
Bob Summerwill
@bobsummerwill
I think that the law there, @nicksavers, is likely analogous to running applications on an operating system.
It is the potential of patents or other badness getting into the platform itself which is the issue which I think we need to address.
Brent Allsop
@BrentAllsop

@bobsummerwill, You are bringing up some very important stuff. We’re working on what were calling the “Ethereum Consensus Project” (https://canonizer.com/topic/210-Ethereum-Consensus-Project/1) at Canonizer.com. It would be great to start a topic to see if some consensus can be built around some of your ideas. For example, we need to get a topic started around the Ether EIP process. Would you mind helping us craft a topic around your ideas so we can find out how many people do and do not agree with this?

Also, as we tweeted here: https://twitter.com/StallionCornell/status/1174439694643298304, we need help tracking consensus for (or against) ProgPoW.

Micah Zoltu
@MicahZoltu
FWIW: If the EIP process (or any other part of Ethereum development) required a DCO I would immediately stop contributing.
I'm in this space because I'm sufficiently frustrated with "the real world" and I want to create a new, better world.
I don't want to just make a copy of "the real world" that sucks in all of the same ways.
Part of that world I want to live in is one without patents/copyrights, where everything is just public domain and there are no patents.
Another part is that the participants in the system are valued based on their contribution, not based on the ability to use threats of violence against them to get them to capitulate.
Separately, a DCO doesn't actually solve anything since anyone can trivially lie on it. Even if you require full KYC, such measures are not that hard to bypass by a motivated actor. This means that a DCO effectively reduces to legal theater, where companies are just saying "well, we tried, if someone sneaks a patent into our code it isn't our fault" when they get taken to court.
TL;DR: Patents bad. Copyright bad. DCO is legal theater. Old world sucks. New world is good.
Marius van der Wijden
@MariusVanDerWijden
I have also not found any legal disputes that suggest that DCOs would have solved the problem.
Which means that DCOs would probably not help us in a legal dispute with people contributing copyrighted code.
Regarding patents: Patents can not be applied in reverse. Once something is published, you can not get a patent on it anymore, so the argument that Craig Wright or someone would hold a patent on ProgPoW is invalid.
Micah Zoltu
@MicahZoltu
@MariusVanDerWijden I believe the argument is that someone patents something, and then submits code that is beholden to that patent to some open source project.
After the project is released, they then demand royalties from the aforementioned project.
Marius van der Wijden
@MariusVanDerWijden
But every patent application has to be public, so we would know if someone holds a patent on something
Micah Zoltu
@MicahZoltu
The volume of patent applications around the planet is high enough that you would need a task force of people whose sole job it was to keep up-to-date on all patents and monitor all code changes.
This is a massive bureaucratic overhead, to the point that it is simply unreasonable/unrealistic to actually execute on.
Marius van der Wijden
@MariusVanDerWijden
So we need to put patent applications on a blockchain?
Micah Zoltu
@MicahZoltu
My proposal is to abolish patent law. :shrug:
Or in the case of individuals, just ignore it.
In the US alone there are over 300,000 patents granted per year.
Worldwide it is probably close to 1M.
Of course, not all of them are software patents. But it gives you an idea as to the scale of the problem.
At a glance, it appears that in the US there are around 18,000 software patents granted per year.
And it appears about 500,000 software patents total in the US as of a few years ago.
So this team of people would need to be familiar with all 500,000 existing patents, plus keep abreast of all new patents, and be able to identify if any code being submitted was patented.
Micah Zoltu
@MicahZoltu
Since this is unrealistic, even for a large company like Microsoft or Google, the legal theater solution to the problem is to require that any contributor must attest that their contribution doesn't violate a patent. This gives the company plausible deniability if patented code enters their system, and they can shift the blame to the author of the code. Since the author of the code likely is not worth trying in court, this largely indemnifies the company against patent suits.