Evicting vaults - brainstorm


Maybe, but that’s not my point. I’m giving an example to illustrate my more general point.

That there’s another solution to any particular problem doesn’t change the general point.


So this basically prevents vaults selling. Every transfer to a new owner = 50% age loss.


One thing that doesn’t seem to be being factored in here is that as a node ages, it’s not only getting a record of trustworthiness, it’s also collecting vault storage that will increase its safecoin-return probability – i.e., skin in the game, potential future loss.

While this point doesn’t wipe out the google attack potential, it does make it a lot more expensive.

Also, we need to remember that with disjoint sections, there’s not much gold mine to be harvested by bad behavior. Even disrupting consensus (the first level of attack, I think) is very difficult and not too noticeable externally. The “steal-safecoin” even is a very minimal return for all that it takes to achieve it.

All that said, “evicting” is very extreme. Occasional relocate with temporary bump from elder status to soon-to-be-returned-to-elder status should be quite enough.


I was not arguing with you:) In fact I really like your evolution inspiration in your post. I was just curious about that secondary market, since I never thought about it before.


That is how it is planned to work now.


This evicting discussion created in my mind new question. If there is an aging hierarchy, than younger vaults always want to evict or relocate older nodes so thier rights increase relatively compared to other vaults in the section? Is this correct? Do other vaults gain something if older vaults in that group are kicked out? Do older vaults gain something if they do the opposite and kick younger vaults which are about to be older soon? If so, than all vaults in the section have motivation to maximalize their age compared to the rest. They can’t make themselve older faster, but they can vote for evicting or relocating others to keep their dominance. So if this is the case and any vault has right to vote for any kind of age penalty of other vaults than they will do it. There is no risk involved in doing such behaviour. If vault has right to vote for some penalty than how can he be prevented for overusing it? If there are not any gains from this strategy than sorry for my interruption to this discussion.


I think most people would agree that short lifespans are linked to evolution. By forcing reproduction to occur early and then stop, you maximize genetic mixing. You don’t end up with Revision 1.0 organisms still creating Revision 1.1 progeny for two hundred years, when the current system of short lived organisms would have the population all at Revision 28 in a similar time span.

There is no reason for humans to continue to conform to this algorithm, since we no longer follow evolution. Survival of the fittest no longer describes civilized humans, so I say, in for a penny, in for a pound. The people arguing against extending human lifespan as being unnatural, don’t make sense to me, since we’re already unnatural.

As for SAFE, unless you intend to introduce evolution into your nodes, artificially reducing node lifespan seems a bit cargo-cultish. You’re copying something in the hope that copying it blindly will achieve something, just like a pacific islander building a headset out of coconuts to try to “radio” in airplanes loaded with supplies. That sounds more harsh than I intend, but it’s such a good metaphor that I can’t resist!

As somebody in this thread has already mentioned, if the probability of killing a good guy is the same as killing a bad guy, then statistically, you’re not benefiting the network, you’re just pissing off farmers and loading the network with churn.


Although, possibly, the attackers will try to destroy the reputation of the network more that an economic benefit, the control of a section would allow, not only to possess all the safecoin corresponding to the Xor space of that section, but to use them as many times as they want. And in an anonymous network like SAFE means being able to carry out a multitude of double spending before people start to realize it.

And do not forget that, also, they could get great benefits by going short on something they know is going to fail.


Of course, but the point is that, especially as the network matures, getting meaningful control of that “section” is fabulously expensive in terms of money, time and effort compared to the amount of damage that could be done.


Let’s use biomimicry as well, observing nature this is usually what happens:

  1. Young
  2. Grow
  3. Old
  4. Die

Death might bring the disadvantage of eliminating irreplaceable talent from the face of the Earth (such as ancient Greek philosophers, Da Vinci, Newton, Einstein, etc…).

Even though death eliminates good people, it also has a pragmatic side: it prevents eventual tyrants to sit perpetually in power and/or a stagnant status quo in creativity through authority.

To allow all elders, no matter how lovely they might be, to eventually reach to the end of their lifetime and die (and reborn maybe? A Nirvana/Reincarnation logic could be interesting) could be enough deterrent for these attacks…

Btw, regarding to the “Nirvana” it could check the behavior of the vault in its lifetime, tallying all the reports of misbehavior. If it is clean, it is allowed to reborn, and if has been sinful it just goes to hell.
(Btw, I know that the Buddhist concept of Nirvana is exactly the opposite to this… It would be more appropriate to call it “the Hell protocol”, but that doesn’t sound very marketable lol)

This would make @happybeing the marketplace of well-behaved nodes to be less appealing, as all of them would have an expiration date.

Just my quick two cents, I will mull a bit more about this and come back later.


That hypothetical marketplace has already been shown as non-viable…

So, anybody wishing for justification to allow killing well behaved nodes will need a new reason to do so, and preferably, not just “because nature does it”, since our nodes do not evolve.


No if the goal is destroy the network by undermine their reputation, the price of safecoin and, consequently, shooing farmers.
The network could face extremely powerful enemies, especially states, capable of spending large sums to eliminate the threat.


I am not sure I understand what you mean by the constant relocation.

My understanding is

  • There is the “random” node address allocation when a node is joining
  • There is the relocations when sections split or merge

And both of those are very much needed. The first is needed for security and is simply allocating a section for a new node. And the second is needed because otherwise we end up with a few massive sections that were setup initially.

But of course the counter con to this is that as you retire elders this gives a baddie node an opportunity to become an elder. Now is it cheaper to flood with nodes waiting for elders to be forced into retirement or to pay big dollars for a chance at getting an elder or two.

Moving equipment could make the node(s) lose eldership when it comes online again. Or transferring the cloud instance may cause a break because the cloud provider forces the instance to be stopped as ownership is transferred. Whereas flooding nodes is just a time game. In both cases it requires a good amount of funds anyhow.

Farmers will not have multiple vaults where they have 2 or more in one section. Otherwise the baddie would be able to do so with a node flood and that would be easier.

Whats the balance, which way is easier, well that is the question isn’t it

This might be an alternative to retiring elders. But does it improve security. Because if a baddie is an elder then relocating it to another section only gives the baddie another opportunity to get into a section where the baddie already has a couple of bad elder nodes. Or it could work the other way. The point is that it doesn’t reduce the ability of the baddie. Its all random in the first place where the baddie ends up and you give the baddie now multiple chances at getting enough nodes in one section.

The farmer sells his (now empty) wallet too. Solves that one.

Not necessarily if the farmer was using a cloud instance and the farmer sells the cloud account (and wallet) so in fact the network sees no difference.

This is the negative that struck me too. Otherwise it has some very good points.

And the other main issue I mentioned is that (random wise) if you evict a good elder then you have a possibility that a baddie node will replace it and it will cost the baddie node less because of the forced evictions. And on the other side of the coin, not evicting allows a baddie to remain. In random probability (without more info) this is a 50/50 situation for security concerns. But a real bad one for those who spent a lot of time and effort to keep their vaults running 24/7

@mav have you considered the reality that most, if not all machines experience some downtime. Power failures, router failures, ISP issues, even singular cloud instances. Would this in effect be enough? Age is halved.


Yeah, worth considering everything. I do understand the magnitude of potential opposition.
My instinct is that the network will be so amorphous that amassing and maintaining enough situational awareness amongst malicious nodes is the main point of defense. Diminishing status of elders is a dicey thing. I’m liking the idea that elders get relocated occasionally and have to regain some part of their status.


What if you sell the node without the need of turning off the node?
For example, I just sold an apartment with tenants. The tenants never realized of a change of ownership, and they didn’t require to leave the premises, the only difference is that the money doesn’t reach me anymore it goes to the new owners.

What if something analogous happens with a new type of smartcontracts. The old node is never turned off, as it had been sold to your customer, even though you are physically hosting it, it belongs to someone else.
The former owner might charge you a ‘hosting’ fee instead for the physical cost of running it, while the new owner gets all the benefits.

If there is a gold in the middle of the jungle, the roads will be built to get there sooner or later.


Yeah but it depends on the definition of ‘bad’. Is it ‘bad’ if google starts the first 1M vaults and never stops them again, so it’s very hard for anyone else to become an elder for a very long time? Even if google do all the consensus stuff etc perfectly, I’d say the effect they have of not sharing eldership is bad.

It’s not really about that. It’s about giving an incentive to new participants, ie increasing participation. That’s a really important marketing and sales idea. I wouldn’t get into bitcoin mining right now because it’s become dominated by a few big players and I haven’t got the skills to overtake them. This effect would be worse in safe because age is time-related not skills-related so there is no chance to overtake existing operators. That effect can be very detrimental to new participation.

Agree in principle that simplicity is always preferable but if that loose end unravels the entire rope then it can’t really be left loose can it? No harm in trying to imagine the ways, even if it leads to no changes in the end.

I like this idea because there’s an ongoing assumption that being an elder is desirbale but maybe it’s not…? Being an elder entails more work and maybe some vaults won’t want to have to do that extra work, they just want to store the chunks and farm the coins. There’s a big difference in work (how big?) between being the oldest adult vs the youngest elder. It may not actually be desirable and recruiting elders may be difficult. Bit of a stretch but I like that you’re pushing a bit toward that direction.

Ah yes good catch but the idea is what matters. ‘Double trustworthy’ is maybe not the same as ‘double work’!

I think there’s no way to stop vault selling. If I wanted to buy a vault with no consequence or effect on the network, I’d force the previous owner to send me their newly farmed safecoin and give me the rights to control the vault for voting etc (ie control of the rpc for the vault). Sure the seller could screw with it because there’s double ownership but that’s like saying the person who sold you a car could still have a spare key… yet sales still happen.

This is a tough distinction and one I’m still working through. I don’t think age measures trust. It measures total work. Maybe it also measures reliabilty. But trustworthiness… it can change too quickly so I’d say trust can’t really be measured.

And then the question becomes, of ‘work’ vs ‘relability’ vs ‘trust’ which ones are rewarded and why and how much? What is actually valuable to end users? What is valuable to the network? What is valuable to vault operators? Where do they diverge and how can that best be managed? Voting? Eviction? Strict algorithmic adjustments? Energy consumption? Crytographic proofs?

I haven’t seen this specified anywhere. As far as I was aware age was only used for voting rights, not for earning rights. Got a link to more info?

Yeah this is getting into the interesting aspects of voting and game theory. If there’s no penalty for voting then the behaviours are quite predictable. But if there’s some cost to voting, the voter must weigh up the cost vs benefit of their vote and ideally the space between the cost and the benefit is what defines the value of the system. But that value must reflect the goals of the end users, not the goals of the voters. It’s a fascinating area.

Maybe evolution already exists in the form of software / protocol versions. Backward compatibility (or lack of) becomes the evolution. Some overlap between versions perhaps but eventually backward compatibility is removed and thus evolution occurs.

I think this benefits the network by giving new players a reason to feel their activity will have a chance of becoming significant. If they feel that current participants will always be older than them then they’ll be less likely to participate which creates a risk to impartial consensus.

I disagree. I think it’s not only viable but inevitible (see above).

Yes that may be enough. But my goal is not to increase security by stirring the top-end of the network harder or faster, the goal is to give new participants reason to decide to join, to increase diversity of vault ownership, to be able to say “let’s get your vault started right now” rather than “don’t bother it’s not worth it”.


I think I am most unhappy with the idea of punishing farmers who have done everything right, but whose nodes are mysteriously reset. The original idea was that good behavior was encouraged because a reset was so damaging to your farming rate. That incentive is reduced if they still get reset anyway.

Perhaps a farmer does not know whether or not his node is a voting elder, or just an adult. He doesn’t know, and even if he could figure it out, he wouldn’t care, because he makes the same money, either way. If the network decides to randomly allow his node to vote, and then randomly disallow it from voting, he doesn’t know, and doesn’t care, because it doesn’t effect his farming. Perhaps this is what everybody else is already picturing. Is that possible, without adding extra complexity?


It’s not a punishment if everyone has it and the reason is for the overall good of the network. Instead of thinking of my vault age as permanent I enter into the network knowing it’s not going to last forever and accept that for what it is. Seems ok to me.

I agree that arbitrary punishment is bad, but I don’t think this is arbitrary. It has a good purpose. Maybe not good enough to warrant actually implementing it.


Can voting eligibility be decoupled from farming rewards? I do not care if my node votes, but I do care that if it has faithfully served the network, that it be trusted to continue that contribution and be rewarded for it. If it is randomly called upon to serve a higher purpose (jury duty) and then released from that purpose, without me even knowing or at least needing to care, that seems like a win.


Btw interestingly, there is an interesting corpus of information from almost nine decades of research in behavioral psychology regarding the effectiveness of incentives and behavior modification.

Surprisingly operant conditioning doesn’t work when the reward is foreseeable or consistent, but when the rewards are actually random. Sounds completely counterintuitive, but that is how both animals and people get hooked, and it is the basis for addictive behaviors.

If you want to read more about it, search for the “variable-ratio schedule” (schedule as in reinforcement schedules of operant conditioning)

So, some of the concerns here are not really a problem.
Yes, you might get pissed when you lose at blackjack, but why do you keep playing it a few times more?
Or yes, we are pissed when we click a clickbait, but why do we keep falling for it?
And yes, we keep getting annoyed when we lose the lottery, but why are we buying two more right away?
“Variable-ratio schedule”, is the answer. This is universal in virtually every species on Earth.

Also there is an interesting area of research on intrinsic and extrinsic motivation.
One rule of thumb is that extrinsic rewards kills intrinsic motivation, it is called the “overjustification effect”.