> For instance, unique usernames are impossible without a centralized username registry.
This is Zooko's triangle and was squared by blockchains. Namecoin (2011), BNS (the Blockstack Name System, 2014), and now a bunch of other fully-decentralized naming systems can give you unique usernames. Recently, Ethereum tried launching ENS and ran into some security issues and will likely re-launch soon.
Problem is, I don't want to be assigned a username. I hate it when I get assigned a username. I want my username. If you hand me a username of "$&OdUgr606cZ", I will never remember that, I will never share that, and I will consequently never ever log in.
But it doesn't matter because this issue is already solved. We already have globally unique usernames. They're called email addresses, they are unique by their very nature, and they are (for all intents and purposes) already decentralized.
> But it doesn't matter because this issue is already solved. We already have globally unique usernames. They're called email addresses, they are unique by their very nature, and they are (for all intents and purposes) already decentralized.
No, they're not: billg@microsoft.com depends on microsoft.com, which depends on com, which depends on the root nameservers, which are … a central nameservice.
That's the whole point of Zooko's Triangle: of secure, decentralised and human-readable, you can have at most two. Global-singleton approaches are still centralised (the singleton is the centre), although they may build the singleton in a decentralised fashion.
I think you misunderstand what the phrase "for all intents and purposes" means. It doesn't mean "literally, 100% true" it means "for true enough for this argument". What network does your blockchain run on? It still relies on Comcast to get to my house right? Because you want it to run over the Internet? Maybe you're using AT&T? Probably L3 is in there somewhere, but you're still relying on a centralized piece of equipment somewhere, and you're probably going to have a .com or .org to advertise it, and you might have a Wikipedia page or a Facebook group or collaborate development on Github and chat with your team on Slack and exchange files on Dropbox and send messages on Gmail and you log into all of those services with... your globally unique email address. Possibly using a domain you own, with the mail exchange hosted on a server you own that you set up specifically for this project.
Maybe I'm missing the point, and I would look to you to explain to me what that is. But I guess congrats, you don't rely on ICANN anymore...
> I think you misunderstand what the phrase "for all intents and purposes" means. It doesn't mean "literally, 100% true" it means "for true enough for this argument".
Email addresses aren't in any way decentralised. Saying they are isn't true enough.
> What network does your blockchain run on?
The product in question _doesn't_ rely on ICANN, or Comcast running to your house; it can work without either of those.
xyr point seems to be that your claim that e-mail addresses are decentralized is faulty. No amount of "Well you are not decentralized in your block chain, either." is going to rebut that. Indeed, it actually reinforces the argument that your claim was faulty, by implicitly agreeing to it with a "but neither are you" response.
So perhaps you would like to now explain how e-mail addresses are a system without a centre. Bear in mind that you yourself have just made the point about ICANN being at their centre. (-:
That's only possible with what SSB Handbook calls a "global singleton". That's what I meant with "centralized username registry", which SSB does not have.
Love the ZeroNet project! Been following them for a year and they've made great progress. One thing that's concerning is the use of Namecoin for registering domains.
Little known fact: A single miner has close to 65% or more mining power on Namecoin. Reported in this USENIX ATC'16 paper: https://www.usenix.org/node/196209. Due to this reason some other projects have stopped using Namecoin.
I'm curious what the ZeroNet developers think about this issue and how has their experience been so far with Namecoin.
What is the point of namecoin and a having a central domain registrar at all?
It seems like a publisher-addressable network (where documents are identified using a publisher's public key) or a content-addressable network (where documents are identified using a file hash) would be good enough by itself, so long as the protocol had builtin support for distributed document searching and ranking.
Casual internet users on the regular internet do not seem to be using domain names to locate resources anymore. They are using Google to locate resources, and only looking at the domain name to verify identity. If the primary purpose of the domain name is not to locate a resource but to verify identity, then it seems like this could be accomplished with a web of trust without a central name registrar.
Also, if you ever lose control of a namecoin domain you can say goodbye to it forever. A squatter will take it instantly and hold on to it forever unless you buy it from them for actual money.
Has squatting gotten worse on Namecoin? Squatting is fairly hard to handle in decentralized naming systems in general. Namecoin got a lot of squatting issues mostly because of the pricing function (price of names dropped over x years, and now it's almost free to register names). Here is another paper from WEIS'15 that studied squatting in Namecoin: http://randomwalker.info/publications/namespaces.pdf
Depends on the toplevel suffix. For instance, .fr (France) domains have a "no taking" period after the expiration date, where nobody can take it from their previous owners. The owner can then take it back, but it won't be re-activated for a couple of weeks, I believe. So the punishment for screwing up is a temporary blackout of your domain name.
.com, .net, .org domains are handled differently, and may be easier to lose permanently.
So it impacts the DAO and potentially impacts other deployed contracts (we don't know yet).
It's an issue with Solidity because it doesn't even do static analysis to give the programmar a warning.
It's not that programmers actively avoid doing this or are explicitly warned to not do it. When real money is at stake the language design needs to be a lot more careful.
Agreed the original article does a great job. However, without the "sensational" title and simpler explanation people were not paying proper attention to this.
The original article discussed a bunch of other things as well -- everyone should read it to understand the details.
By people you mean traders. This sensationalism is utterly unnecessary since the non-traders involved with Ethereum read the original article and are capable of understanding it.
