SAFE Network concerns from an old employee

Welcome back at the forum and thanks for the replies.

You can’t choose or calculate your own address in XOR on SAFE. If you join as a Vault you are relocated to an address chosen by other nodes that might or might not pick you up. So yes, one could target a group but A: it’s hard and B: It doesn’t depend on your computing power. I think it’s more bandwidth and how many IP’s you know to connect to at bootstrapping your connection.

You seem to be way more on the technical articles than me, but if I understand disjoint groups correct it works like this:

10 nodes are responsible for the address-range 2000 to 2400 in a group called “A”. So whenever some action needs to be done in consensus, the group “B” close to this group will wait for signs from the quorum of that group. Let’s say we want 50% +1. So group B accumulates 6 signs from nodes in group A before they route any data (like a Safecoin transaction) over to the destination. Now what happens if we lose 5 nodes in group A at once?? The 5 nodes left are still responsible for address-range 2000 to 2400. They update their RT and share this new state with the other close groups like B. So group B now accepts signs from group A when they received this update when 2 +1 nodes sign a Safecoin transaction. So IMO there can’t be a situation where the address-range is split in this case. It’s just 5 nodes responsible for the same address-range instead of 2 different groups after a split. Nodes can’t decide on their own to just split or merge without reaching consensus with other close groups. Looks something like this:

• Group A shares the same routing table with 10 nodes and they’re responsible for address-range 2000 to 2400 as different persona’s. This state is agreed up on with a close group like A1 or B1. So whenever group A wants to sign a Safecoin transaction, it won’t be routed/accepted by close group A1 or B1 as long as there’s no quorum sign from group A.
• If 5 nodes churn in group A the group is still responsible for address-range 2000 to 2400. There’s no split of responsibilities in the address-range. Group A1 and/or B1 won’t accept any decision as there are not enough signs for quorum. The RT needs to be updated first.

That’s why the minimum desired groupsize should be high enough. So even when 80% of the nodes churn, a group can still update it’t state with the close groups and still reach quorum and consensus. I think a minimum could be 13 nodes. That means a maximum of around 28 nodes before a split occurs.

Another point to make is that you not only connect to your close nodes in a group like “A”. You also connect to close group “A1” or “B1” at the same time. So even if 4 evil nodes in a group (of 10) send out a message to close group “B1” they want to update the routing table as other nodes churned, group “B1” can find out fast by just sending a message to the other nodes to see if they get a reply. Group “B1” isn’t stupid as they will always check and double check before a change is allowed to the RT.

Whilst I do agree the content of what he says must be taken seriously and analysed/responded to in detail, I will have to disagree that where or why he says what he says is unimportant.

As you rightly say, the technical details of this are beyond most of us, so motive and context are hugely important for people who cannot fully understand or analyze the technical aspects themselves.

This is not a matter of hurt pride, it’s a matter of understanding what is really motivating the actors on this stage.

I’m a poker player at heart, I read situations based on the stories they tell and the motives I perceive underlying them. I look at this situation and it does not make sense for any intelligent person to approach their concerns in this way. It is quite obvious this harms the project, but by his own admission he is also quite unsure of most of the details. If you are a professional and uncertain then you don’t risk your reputation to help unknown investors before checking with the company you worked for previously that your concerns really make any sense, or are not answered somewhere else in literature you haven’t found yet.

I completely agree that anyone who invests in anything quickly develops a slightly rose-tinted vision of their chosen horse and no one should risk more than they can afford to lose. That’s true of everything in crypto for sure. Not sure how relevant it is though tbh, he is clearly not actually concerned with the average investor, if he were he’d make sure to get his facts straight first instead of creating FUD with the way he asked his questions.

His motives and approach don’t really make sense, so without being able to pick apart all of his technical comments I have to make a judgement call, it’s all I have to work with.

I do appreciate your points and I do not think we should all just walk blindly into the fire because the cause is ‘righteous’. However, I do think we must be cautious about the kind of FUD that’s bought and paid for. One must be equally careful not to make bad choices or investment decisions before all the facts are in, we are easily spooked when we don’t understand the technical details ourselves… I know a fair few people who sold their BTC when Mike Hearn wrote his little ‘death of btc’ post too. They all lost a lot of money because of FUD as well, so FUD’ing does not protect investors, well researched information does. He should have had a lot more detail before he went public and have been a lot more certain and specific if he was ‘concerned’ for investors. An ex-employee’s words carry more weight and should be spoken with care and consideration. I’m sure he knew that before he “tweeted” his concerns. They are also more marketable because they carry more weight and in this crazy-crypto-world that is all too often a real issue.

So, if it isn’t investor concern then what other reasons could motivate this? Hmm, well I can think of a lot of possibilities and I don’t like any of them. I don’t buy whatever it is he’s selling, not until it has been picked apart thoroughly, although I do welcome the idea of people looking for problems to be constructive or destructive within the network itself, obviously we need that to happen for it to prove it is robust. I doubt that’s what this is.

Get over yourself hotshot. Im just relaying the facts as I see them and I see an unemployed guy who still lists a former employer as a current employer. Take that issue up with the right people.

You should know that in the real world employment status IS relevant to criticisms. And you should also know that the method of delivery and quality of those critiques is also relevant. You fail bigtime in delivery and quality and reckless sums it up.

I dont know if your claims are valid. What I do know is you have no class and a brand new reputation for afterthought, which as I previously noted is not a good quality for a dev.

But its great to hear your not on the gov dole.

Dude, you must be new to this social media thang.

Yep, lets get on it. Right away.

You must be his business manager. The clue was “highly intelligent” not just “intelligent”

DAM! Why didnt I see this first. All your other sh**t wudda made more sense.

It is not. Context is everything.

Keep it a bit cool please , everybody is free on this forum or elsewhere to post their concerns. “Please treat this discussion forum with the same respect you would a public park.”

I’m sure it will be easier for him to find employment now. Most all employers search social media these days so when they search Lee Clagett I’m sure all this will make him a star candidate

I’m very cool. No evidence of being uncool. You haven’t been to the public parks where I live. I don’t throw softballs and call a spade a spade. Too many emotional immature kiddies here.

I for one would like to see some public response to this as some of these do seem like valid points.

In particular with the CAP theorem, which anyone with a distributed database background will be familiar with. Since partitions will be unavoidable that means the network has to sacrifice either consistency or availability? Which one does Maidsafe lose?

I wound like to a see a public response as well.

Perhaps the availability/consistency balance is a tunable parameter available at the application layer?

Safecoin integration will be the real test of the system, since then there will be incentive for breaking the network.

We are entering into the trap that Mr. Clagett has placed.

He try that someone prove what can not be proved and, of course, he know that.

Academically he use now the CAP theory but, if needed, could use the FLP impossibility or others impossibility proofs for distributed computing.

And in practical reasons, can always go further …

What if a group lose 1/4 of his members? and 1/2? and 3/4? and all members?
What if an attacker have 10% of all nodes? and 25%? and 50%? and 99%?
What if, even with DataChain, the archival nodes never returns?
What if Godzilla eat all submarine communications cable?
What if …?

All distributed software solutions are engineering works and they only can prove their behaviour under certain conditions but is impossible to prove it under all conditions.

This is the same as asking an engineer the proof that the bridge, which has built, will never fall. The engineer can show structural calculations, simulation trial, materials tests or perform real tests filling the bridge of heavy trucks but can never prove that the bridge will not fall.

And we are in the same situation…

I do not know what are the intentions of Mr. Clagett, in his return from the dead after almost year and a half (revenge, economic interests,…), but, apart from the issue of reuse nonce, his comments only served to damage his former colleagues.

A theorem is a theorem until it’s proven or broken, like Zooko’s triangle (btw Zooko is insanely good and thoughtful) and bitcoin. All the flat earth postulates and so on. new/innovative means having tools we never previously had, SAFE is no different, look at zk-snarks and the “impossible” halting problem. I have no ego regarding all these theorems, I do not fear them or ignore them. As @digipl says there are always reasons not to try and assume failure before you start, we don’t go that way

Take a partition: Btw I have three RFC’s to write tonight so will answer quickly, if somebody says hand waving I say time limited human at keyboard.

Network splits for long time or short time or whatever

With DataChains even 1 member of a group can republish → great. So what?

Data (at least identifiers) is available, even on massive partition (xor does not partition like a linear addressed network)

regardless there is a significant ability to maintain data now, securely.

SAFE has no central node (name node (hadoop) for instance) so we are cool there.

Data is either network owned (immutable) or user owned (only user can update).

So availability looks good. Smaller possibility of not available data. Not impossible though (as nothing is impossible)

Consistency → all clients see same data, well no not in a decentralised system, so southern hemisphere goes off line, users in southern hemisphere see the smaller network consistently and it’s data (that can only be changed if owners are in this network as well), others see the other network.Seems reasonable. taking above into account.

Partition tolerance → see above. Plus when network re-combines the updates to structured data for instance do pass the secure successor test, so we are good there.

This is a very fast fly past and does not go into everything, but should show where we are heading.

If we wanted to go very deeply into this then

1. Lets do it in the dev forum
2. Lets get features in place, first

So a dedicated topic may make sense, but the team will not be keen to depart from Alpha 2 right now, so time limited, but there are bigger issues for us to deal with. Hopefully this provides some things to think about

1. Xor partitioning not linear (so groups exist, but smaller till they merge)
2. Data republish is powerful
3. Updates to data by owners otherwise it’s immutable, so what you see in your partition is consistent and will be also on merge of the partitions.

If you want to make a choice then choose availability (until partition rejoins) I suppose. I believe that is very pedantic and not the final answer.

Thanks @dirvine for addressing these claims despite having very little free time.

I think your answers are a little hand-wavey, but I have great faith in the project. I don’t think people truly realize the dividends that data immutability pays.

Plus when network re-combines the updates to structured data for instance do pass the secure successor test, so we are good there.

I’m curious about the details of how this works, but I’m fine waiting to see how it plays out in code.

I can’t wait until the alpha moves back to the public network!

There’s the hand wavy comment again. The man is busy along with the rest of the team let them be busy they’ll answer when they have time to take a breath. Guh.

https://dirvine.github.io/data_chain/master/data_chain/data/structured_data/struct.StructuredData.html#method.replace_with_other

If you click on src you can see the implementation of that.

Yeah, I can’t help but always be a bit critical, it’s a personality flaw.

To be clear, I think David is doing extremely important work and deserves a lot of praise for it.

@sfultong please don’t take it as a jab or otherwise at such a trait, I’m just not a fan of the hand wavy term as I it’s been used so much it’s morphed into a personal jab at David it seems like. Which is unfortunate as I know when he’s in the zone explaining, like other very intelligent people I know personally, the explanation can be jumpy as they register it all but spit out the general idea rather than every detail for whatever reason, be it time constraint or excitement that to me is another human trait that people may see as a flaw where as to me I’m just glad to know that such brilliance and critique in your case is the product of humanity.

Best comment yet. Get this guy some votes.

Didn’t even think of Godzilla… Jeez, looks like it’s time to throw in the towel and join the rest of the planet in watching Jersey Shore till it’s our time to die

It would be helpful if you actually showed us something more that Test Test … By the time this is done we will have transporters like on star trek and the coin will be worthless.

I expect the fanboys to not consider the investors … Too bad nobody cares about us…