Slashdot Mirror
Blockchain Study Finds 0% Success Rate and Vendors Don't Call Back When Asked For Evidence (theregister.co.uk)
Though Blockchain has been touted as the answer to everything, a study of 43 solutions advanced in the international development sector has found exactly no evidence of success. From a report: Three practitioners including erstwhile blockchain enthusiast John Burg, a Fellow at the US Agency for International Development (USAID), looked at instances of the distributed crypto ledger being used in a wide range of situations by NGOs, contractors and agencies. But they drew a complete blank. "We found a proliferation of press releases, white papers, and persuasively written articles," Burg et al wrote. "However, we found no documentation or evidence of the results blockchain was purported to have achieved in these claims. We also did not find lessons learned or practical insights, as are available for other technologies in development."
Blockchain vendors were keen to puff the merits of the technology, but when the three asked for proof of success in the field, it all went very quiet. "We fared no better when we reached out directly to several blockchain firms, via email, phone, and in person. Not one was willing to share data on program results, MERL [monitoring, evaluation, research and learning] processes, or adaptive management for potential scale-up. Despite all the hype about how blockchain will bring unheralded transparency to processes and operations in low-trust environments, the industry is itself opaque." Burg was an enthusiastic advocate for blockchain until recently -- as he explained in this Medium post.
Blockchain vendors were keen to puff the merits of the technology, but when the three asked for proof of success in the field, it all went very quiet. "We fared no better when we reached out directly to several blockchain firms, via email, phone, and in person. Not one was willing to share data on program results, MERL [monitoring, evaluation, research and learning] processes, or adaptive management for potential scale-up. Despite all the hype about how blockchain will bring unheralded transparency to processes and operations in low-trust environments, the industry is itself opaque." Burg was an enthusiastic advocate for blockchain until recently -- as he explained in this Medium post.
I have similar results for "AI". A lot of press releases and white papers but nothing that is really more than computers running algorithms.
was found in the people looking to buy this amazing new synergistic disruptive technology to use in their business. (Yeah, I know there's probably some good use for the tech out there somewhere, but I have yet to find one where other tech can't do the same thing just as good, if not better.)
Similarly, blockchain will give you greater choice and clarity when it comes to how your taxes are spent and the government goods and services you can benefit from...Blockchain is like a loom that can weave together multiple strands of separate things, including these technologies I mentioned above, into an integrated fabric where you can see what the data means and adjust resources in response.
Blockchain does none of this actually.
The success rate of blockchain technology in extracting money from gullible investors and corporate management is far higher than 0%, I assure you!
Block chain technology could be useful, but since people seem to have forgotten that there's more than just that hammer, this bullshit pervades. Guessing everyone is still upset MjÃlnir is broken, and that's why we have this hammer obsession.
I guess it depends on your definition of "success", but isn't bitcoin built on blockchain technology? Wouldn't that count as a success?
Politics; n. : A religion whereby man is god.
The tech is new, untested, untrusted. The ones behind most of it are pump n dumpers. Its a scam. There is no way to use the blockchain without forcing it onto users, there is no company in the world that wants to put their information, be it monetary ledges or otherwise, out there for the whole world to peruse at their leisure. This is a solution in search of a problem, but no one has a problem it fits into without creating much larger problems.
The scammers and shady operators got involved and tainted the technology.
There are some use cases... but no one is interested in anything except separating âinvestorsâ(TM) from their money.
You'll find your blockchain miracle results in The Cloud!
You and Bitcoin, two failures.
In a world where despite the importance most people can barely manage to deal with http certificates, attempts to adopt a much more complicated technology for much more dubious use cases fell short.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Maybe it is because nothing good/valuable comes out of scams (other than hard lessons about what not to invest ever)?
Everyone wants it. Achieves perfectly nothing. Well, except drive up your valuation if you stick it in your business plan or even just your company name. You don't even have to ICO (thus exposing you to SEC scrutiny for unlicenced security trading). Just drop the word a couple times and you'll have to fight off the drooling "investors" giving you money.
It's safe. It's buzzword-y. It doesn't actually do squat on its own. You really can't ask for better buzzwords than that.
Compared to the noughties, this is progress: A complete bubble in a single word.
And crypto currencies. If you choose to ignore the two biggest uses today then I wonder how many others they "missed" https://www.certificate-transp...
Um. You need to have some sort of partner in order to be cuckolded. So now you've cast doubt upon your entire thesis.
creimer's right hand cheats on him all the time.
Ask IBM. They advertise the use of blockchain.
https://xkcd.com/2030/
Dissociated Press (DP) — FOR IMMEDIATE RELEASE Physicists identify new fundamental particle May herald a new particle family and restructuring of the Standard Model Geneva, Switzerland — December 3, 2018 Keywords: hypino, shinyon, blockchain High energy particle physicists at the CERN (Conseil Européen pour la Recherche Nullité) facility have confirmed the existence of the long-conjectured hypino (hy-PEE-no). It is thought to be the first member of a new class of particles known as shinyons (SHY-nee-ons), distinct from bosons and fermions. Unlike other subatomic particles, hypinos carry no charge, and have neither rest nor relativistic mass. Their only defining quantum property is spin. Hypinos are thought to be the fundamental unit of marketing hyperbole. To date, hypinos are the only known members of the proposed class of shinyons, which are of especial interest to tech investors and holders of the MBA degree. Dr. Martin Waugh, of the Institute for Advanced Squander, further posits that the hypino may be the carrier of the so-called “weak-minded force”, a mutual repulsion between fools and their money. It is theorized that, upon sufficiently accelerated spin, hypinos transform into super-excited hyperinos, detectable only by Chief Information Officers. The discovery of the hypino is recounted by Drs. Robert Crawford and Robert Jensen as follows: “It was a Friday afternoon, and we and our colleagues were returning from a long lunch. Maintenance on the Large Hadron Collider (LHC) was scheduled to start Saturday morning, and the apparatus would be unavailable for two months. We were in a ‘what the hell’ kind of mood, so we thought we'd take a fantasy shot, just for grins and giggles. “We had a few leftover Higgs Bosons from 2012 on the shelf, so our lowly lab technician, Garth Dennis, breech-loaded them into the beast , set up a blockchain for the target, positioned the extremely sensitive Swindleometer at the intended point of collision, energized the superconducting electromagnets, and let it rip. Upon collision, the blockchain shattered into a shower of the elusive hypinos. Examination of the debris field revealed that the blockchain and all of our cash were gone! Apparently the hypinos were entangled with our funding.” There may be natural sources of hypinos. The strongest natural emitters appear to be located in Redmond, Washington, and Armonk, New York.
I'll bet they found plenty of invoices.
Overhyped tech turns out to be snake oil rubbed all over smoke covered mirrors you say?
The big thing in online casinos is to use blockchain to provide absolute provable fair play by the casino. Open ledger that is immutable allows players to see and validate each play.
Feels like a Rube Goldberg machine with the way it is turning out, or worse, like a perpetual motion machine, or snake oil, etc.
most folks say "AI" as a catch all of "Automation informed by large datasets" because it's easier for laypersons to understand. But if you consider that then there's a mountain of "AI" going on right now. Sure, that's not strictly speaking AI, but when lost your job to a bot or some other clever form of automation do you really care?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
They're called buttcoins thank you very much.
If you just think about what the blockchain really is you realize that it's just a chain of messages signed by various keys, where each message includes the hash of the previous one.
Since no browsers use Certificate Transparency to warn against fake certs, I'm not sure it's a huge success.
Google created Certificate Transparency, yet when I go to a site with a cert that isn't using CT, I get no warning in Chrome. My Chrome is a couple months old, but I haven't heard that this has changed. When even the creator of the system doesn't use it, is it a big success?
"stressful projects" should be "successful projects".
Certainly some block chain projects have been stressful.
The text of the study is available via Blockchain.
It must have been something you assimilated. . . .
https://www.youtube.com/watch?v=LgI0liAee4s
First ripe paste!
First rube parsed!
This news comes out just before Sears changes their name to Sears-Blockchain.
Fast Ray posed!
Is with crypto appliances where the private key is generated randomly, permanently inaccessable (think TPM module) to any individual, and has a one way seeding value tied to the block number with a set of other heterogenous nodes all doing the signing as well.
Under these circumstances the blockchain offers transparency and validity, so long as the records being blockchained are published in real time and to all signing nodes.
Outside of these circumstances it is possible to compromise the blockchain history, and it doesn't allow verification of the signing since anyone having access to one or more of the private keys has the potential to rewrite the blockchain history (in the case of bitcoin derivatives it is the 51 percent attack, which has actually been proven to require less than 51 percent if you attack both the blockchain and the network at the same time.) Some of these attacks can be detected by a neutral third party, but state level actors, commercial interests or intelligence agencies each have the possibility of assets and resources capable of doing such a conspiracy-level compromise if the benefits outweighed the risks. And unless dozens of people have the time and money to archive copies of old blockchains it is unlikely one outlying kook would be able to raise a flag over a 'transparent' blockchain being backdata'd (think backdating) when a particularly uncomfortable record needed to be rewritten to better follow the current big data agenda.
At that point blockchain, or git repo have about the same level of authority and both allow alterations that could tamper with remote copies if they believe the updates are authoritative.
The "roadmap" you linked to consists of this statement:
--
Certificates issued in October 2017 or later will be expected to comply with Chromeâ(TM)s Certificate Transparency policy in order to be trusted by Chrome
--
I notice it is is December 2018. Chrome still trusts certs that don't have CT. They could not implement it as planned, because people weren't and aren't using it.
I make security scanning tools for a living. My team checks at least a dozen things for each certificate. CT isn't something we check, because nobody cares.
Check out Ripple. They signed contracts with banks all over the world months ago.
#DeleteFacebook
So, what's an example of a "nail"? (That can't be hammered in by a traditional database, that is.)
It's for the few corner cases when you don't want the drawback of a database :
- it's *a* databaase (singular) and all actors have to trust this one single database. Also that database represent a single point of failure.
Usually the answer against single point of failure is to do replication.
Blockchain when you squint at it is replication taken to the extreme, where every single node on the network have their own copy of the database, forming a distributed trust instead of the classical central authority.
And as everbody has a local copy of the distributed ledger, everyone can audit (check) it.
other than exchanging things without government oversight (i.e. crime).
Technically imprecise.
- Not everything your government considers a crime is necessarily one in my government (e.g.: sex, drugs, probably even rock'n'roll if you look at some specific governments in backwards countries)
Though even in the US some places tolerate sex and drugs
- Not oversight, but *control*. Because there is no central Blockchain Ltd. company at whose door to knock, there is no way to exert any control nor enforce any prohibition. On the other hand government can exert surveillance : the ledger is public (the whole distributed trust mechanism relies on it) and government are typically the class of entities with enough ressource to data-mine this database and make sense out of it.
Bitcoin, by design is the opposite of anonymous. It's merely pseudonymous because transactions are identified by your cryptographic keys, instead of your passport number/social security number/whatever...
Beyond "passing virtual objects around without a central authority" (how Bitcoin is relying on blockchain to make it possible for to people to exchange BTC without there being a need for a "Bitcoin Inc Bank" to exist), blockchain could also be used for smart contracts, etc. again without needed for a central authority to exist.
(There could be technical ways to implement something like AirBnb or UBER entirely on blockchain tech).
The problem, that means also that central company do not need to exist, only software. Thus no profit to be made, and no commercial success.
(There could not be a "block chain airbnb" company making money out of blockchain. At best only a collaboratively developed piece of opensource software on some git repository... which if you look at it is the situations of bitcoin : the core technology is opensource software developed in the open, not a single central software seller)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Maybe the problem is this article is looking at "Blockchain vendors" (aka tiny startups). One of the biggest problems in having a successful blockchain use case is it requires PARTNERSHIP with many external companies, who are usually competitors. This is not something easily brokered by startups.
IBM Food Trust (IBM / Walmart / Dole / Kroger / Carrefour ) Expands Blockchain Network to Foster a Safer, More Transparent and Efficient Global Food System
https://newsroom.ibm.com/2018-...
--
Maersk and IBM Introduce TradeLens Blockchain Shipping Solution
https://newsroom.ibm.com/2018-...
- blockchains allows anonymous or private transactions
- blockchains have perfect traceability built-in, every copy of the blockchain contains full information about all transactions
- blockchains is precisely what we need for millions/billions/trillions transactions
- blockchain calculations take minutes/hours, will require terawatts of power and will cause 4C of global warming
- blockchain on IoT devices...
I would rather think about something else.
https://www.theguardian.com/wo...
> considering that it exists, and even seems to be a good idea. I suppose there's some downside I am unaware of? What is it?
It may be a good idea, or not. I'm reserving judgement on that and just saying it hasn't caught on. There are two issues I see immediately, obvious downsides. There may be more.
The first step for a targeted attack is surveillance, checking out the target environment and finding which systems one wants to compromise, what software they are running, which version, etc. Then the same for systems between the attacker and the valuable target - I might first compromise a firewall and a workstation in order to get to my real target, a database server.
At the security company I owned, we had one machine that existed solely to store credit card numbers and submit charges to the payment processor. That machine didn't run a public web server, which could be compromised. It didn't run our DNS or anything else, it *only* stored and submitted credit card numbers. Since the credit cards weren't being housed on the same server as any publicly accessible service, bad guys would have no way of knowing that machine even existed. Unless our CA published a publicly accessible log saying they issued a cert for cards.mycompany.com!
The CT log is an open list of sensitive systems, servers that people have decided need some security. A target list. That's certainly a downside.
Perhaps more importantly, it adds complexity. Complexity is the enemy of security. Bad guys love complex security protocols, because there is almost always a loophole, either in the spec or an implementation. An example is one of the worst TLS vulnerabilities ever, Apple's "goto fail". The code was effectively this:
if (hash-is-correct)
accept;
Seems simple, right? Only accept the cert if the hash is valid. The problem is that check was added before the check to see if the cert was valid for the name in use. The programmer accidentally accepted the cert if it had a valid hash - even if rhr cert was issued for cracker.com and then user is connecting to bank.com.
Every line of code you have is another opportunity for a vulnerability. I have over 100,000 vulnerabilities in my database. If you ask me to audit your program and give my stamp of approval saying it's not vulnerable, this will be my answer:
The only code that is known safe is code that doesn't exist.
We know you won't have any vulnerabilities in a feature if and only if you do not have that feature. If CT is widely adopted, that might be good or bad. If it's not widely adopted, support for it should be removed from all systems, because it's currently just one more place to have a bug.