Your concerns are valid. And you're free to commit to projects that align with your values.
To me, the immutability of an actual blockchain is non-negotiable. I've given up on Ethereum after the DAO fork out of principle.
But that's the beauty. Unlike our current financial system, you're not bound to use Ethereum. You have sovereignty and can make your own choices (and drive change).
-- (I only discuss part of your comment, don't have time for the rest)
Just FYI, the biggest problem for crypto fraud is phishing, not theft. A thief can't get your private keys from a hardware wallet. And there are many, many, MANY strategies you can use against phishing.
good luck building a good UX for a financial system where a small OpsSec error can wipe out your family's fortune.
And you need the private keys to conduct business so obvi they can exit the HSM
And if my 1M USD bitcoin is in some hardware wallet, won't that just incentivize someone to kidnap my kids until i send bitcoin, much like bitcoin breathed new life into ransonware economy after banks mostly shut it down?
Perhaps, despite the examples of ICOs, EVM smart contracts, NFT rugs, and the general flood of fake discords and so on, people assume the central banks and retail banks are a bigger threat than the criminal minds attracted to untraceable and unreversable payment methods?
> And you need the private keys to conduct business so obvi they can exit the HSM
While I agree with you in general, this is false; the whole point is that the HSM can sign transactions using the keys inside it but will never expose them to outside.
Touché on the use, but you propose a non transferable wallet? Or will it replicate to other HSMs with certain credentials? Will the car dealership owner people them replicated cross availability zones or to diverse geolocations? And will the HSM replicate the keys to a hacked HSM if I get the signing keys from an employee of the HSM with a promise of 10% of the winnings?
I'm not proposing anything, and I think these are hard problems. Potentially there are solutions to some of the things you say, but ultimately it's hard to escape the choice between trusting some entity and being able to lose your keys.
My point is that for large important financial amounts, irrevocable transactions are terrible UX.
For instance, my retirement now such as it is, remains pretty safe. I would have to read some financial meme (in the old sense of reproductive ideas) online and go thru a number of complex paper work steps to remove it from the boring fiat place it is now and send it to a much riskier place. The massive too big to fail institution could fail and not have 401ks bailed out, or society could collapse.
If it were some digital wallet, I could loose it just by signing something unrelated to “take all my money” with my private key and boom my wife and my self and my kids and other dependents are SOL.
Given that I have to trust society not to fail anyways to enjoy “stored value” where all value is embodied in and protected by society, i can’t find a way in which the irrevocable transactions benefit me more than the risk of my own laxness and occasional errors endangers the well being of my loved ones.
I don't understand your response. I wasn't debating the intricacies of self-sovereignty. I was pointing out that your understanding of hardware wallets is wrong.
> good luck building a good UX for a financial system where a small OpsSec error can wipe out your family's fortune
You are correct that the key need not leave the HSM to transact, touché. However it is an essential property of valuable keys that they can be extracted for backup or replacement of the HSM, and often for availability. At least the various HSM systems I have worked with.
As I understand it, people have lost their wallet contents due to trusting email, Discord, DNS and SSL protected websites. So if there is no basis for trusting the other parties in an online transaction, it seems any action whatsoever could lead to financial ruin. Even moving my assets to cold storage makes the scenario that my heirs forget how multiparty sig recovery works or just some eager relative throwing away the box of USB drives away.
If you can't find a job with a "proven track record" in this market, you're doing something horribly wrong. I'm willing to bet $100 that your resume is not stellar.
Many people are bad at evaluating themselves. I've seen countless posts by juniors apparently "grinding hard" to get a job, and you just take 1 look at their resume and everything makes sense. Zero research on how to write resumes, zero prep, projects are garbage, shotgunning on indeed without some creativity etc.
> If you can't find a job with a "proven track record" in this market, you're doing something horribly wrong.
Can you define both what "horribly wrong" looks like and what "not horribly wrong" looks like? Because I can't.
The problem with a "proven track record" is that nobody believes what you write on your resume and nobody wants to bother looking at your code. That leaves hiring on "feel" and I have no idea what somebody needs to put in their cover letter and/or resume to "feel" right to a recruiter, an HR rep and a hiring manager all at the same time.
It's quite straightforward actually: go through the CVs of engineers working at top companies and look how their resume looks different from yours.
Chances are that they're actually selling themselves properly, using lots of jargon, using strong action verbs, and following the advice that has shown to work for the last decade.
I started coding at 14 years old and have 10+ years of software development experience in a range of companies; both startups and corporations in a range of industries. I have 10 years of experience with open source. One of my projects has almost 6K stars on GitHub and almost 100K downloads per week. I even worked for a Y Combinator-backed company for over a year which had tons of big name SV investors including the famous actor Ashton Kutcher and Michael Jordan. My last job was leading the P2P team at a top blockchain company. The scalable P2P network solution which my team developed is still used 3 years after launch and never encountered any issues once launched (no vulnerabilities or bugs which needed patching). It only took 6 months for my team of 4 devs to build it from scratch. I'm willing to bet that it's among the simplest and best designed P2P libraries in the industry.
My record is impeccable. I build highly reliable software fast both as part of a group or as a solo freelancer. Much of my work is in the public domain on GitHub so it's easy to verify all this and check my code quality, automated tests and PR review history.
Layoffs hit overvalued, bloated companies, and the majority of laid of people are non-technical staff, or junior employees.
None of this has ANY effect on competent software engineers. Most of my peers keep getting massive offers left and right. Nothing has changed for them.
None of this has ANY effect on competent software engineers.
Maybe in your part of the world or the industry. I know at least a few excellent people with excellent track records and previously excellent career paths who have just been in the wrong place at the wrong time since COVID and its aftermath, just like I did in the GFC and the Dot Bomb before.
They say pride comes before the fall. I imagine that over the next couple of years some relatively young developers who have coasted along on the wave of tech growth through the 2010s and never experienced a big bust in the industry before are going to learn that those nice salaries and equity-backed top-ups aren't nearly as valuable or guaranteed as they've become used to.
We don't think that's a defining characteristic no.
We keep the kernel/user cause otherwise you can very very easily change page permissions which means all security goes out the window. You could instantly make rwx on all pages with a few instructions.
If you rewind to ~ 2013 most unikernels were talking about trashing the context switch yet depending on the "context" that implies various things (kthread <> kthread, user proc <> user proc, user thread <> user thread, etc...) They all have different costs and while we definitely agree with the aggressive cost of various user process to user process the kernel <> user was one we felt was not worth trashing.
Clearly though, because of massive adoption, we see 200% extra throughput on GCP and up to 300% on AWS - so the performance and security remain.
ETH has the same problem as the current financial industry: too much momentum. It's crazy that even in the world of crypto, history just repeats itself.
Ethereum is a flawed chain, and just not suitable for global scale DeFi. But people continue building on it.
Even many Solidity devs refuse to move on to other chains. Maybe it's the sunk cost fallacy.
Indeed it is. It is precisely a sunken cost fallacy for Ethereum holders and the chain itself to be useful for anything if one has to spend $150k in fees just to send $300, which is hilariously inefficient and has been so for years after promising for a reduction in fees since the problems first surfaced.
Like the creators of CryptoKittes which is one of the first NFT projects on Ethereum have complained about this and built their own blockchain, now the creators of Bored Ape Yacht Club (BAYC) has also realised that Ethereum cannot globally scale and are considering building their own blockchain.
Ethereum after all these years hasn't improved, and is still unsuitable for even for basic payments. Everyone was hyping for 'The Merge' to happen next month or so, but was delayed again.
Why would anyone tell businesses, clients and partners to 'Wait 7+ years for the bugs to be fixed and optimised first' only for it to be delayed again? They'll just give up and look elsewhere.
The current financial industry's momentum is just fine, because people make use of it every single day.
Crypto momentum OTOH seems crazy, not least because people appear to be cheerleading extortionate gas fees as the solution to avaricious banks charging $7/mo for a checking account.
As a dev, you build on mainnet because that’s where the liquidity is. Your project will get less trade volume on any other chain (even compared to an EVM compatible chain like polygon, where transaction times are faster and gas fees are lower.)
The story may be different on Solana but it’s not really my area of expertise. My guess is many ethereum devs haven’t moved to solana because of its lesser decentralization.
Anecdotally I know a lot of ethereum devs are excited about building on layer 2s like zksync / arbitrum but there’s a learning curve and relatively little liquidity there too
L2s are the PayPals etc that make "the internet" (cryptocurrency) useful for "the normies" (later adopters).
zkEVM and Starknet liquidity sharing between dozens of L2s is what will end up changing the game.
Letting people provide liquidity to each other, all individually transacting with a decentralized app, such as buying a Disney Princess NFT, or notorizing a deed to a property, or trading a gun on a first person shooter on GameStop's network.
Exactly. This is admitting that Ethereum is not designed to scale at all for anything on-chain such that it needs half-baked "Layer 2" contraption like Polygon, zkEVM, zkSync, Optimism, etc to be remotely useful for people who are not millionaires wasting >$100k in fees to send $100.
Even so. If the service is not on a layer 2, then you have go through the bridging process of moving your ETH to and from layers which is more complicated than directly using a layer 1 blockchain.
These 'solutions' are telling everyone that Ethereum is never going to fix these issues and the duck-taped layer 2 contraptions are now making it even harder for 'normies' to just 'use it'.
In the context of the tweet, it's not like we have a better alternative for "global scale DeFi" and not using it.
Looking at the top L1s, you either have centralized chain and thus no integrity (e.g. Solana), or chains that are cheap now just because of lower usage and lower token price (e.g. Fantom).
And also, decentralization is not achieved by technology. It's achieved by adoption.
You're never gonna find a new chain with strong decentralization. You have the wrong premise. Strong decentralization is the goal of DLTs, and we should select DLTs that have the best conditions to get us to that point.
It helps if the backing organization has integrity, which the Algorand foundation has shown many times.
I'm not familiar with Algorand. Has it had any event that's similar in scale to what's mentioned in the tweet?
Every chain can scale until it can't. And then it's either high gas fees or centralization. If you solved this problem, adoption would not be your concern. But that's a tall order.
Algorand can process 40k TPS, with transaction finality below 4 seconds - all without forking under the consensus assumptions.
This capacity is more than enough to power the entire world's financial infrastructure. They are also working on state proofs and side chains, making it suitable for CBDCs.
> If you solved this problem, adoption would not be your concern
I disagree. Because for decentralized projects, adoption and success go hand in hand. It's a chicken and egg problem.
And even if the tech is superior, it doesn't influence decision making of normal people. They are influenced by tons of misinformation from grifters, scammers and even mainstream media.
In this space, solving the problem is not enough. We need to educate people as well, which is arguably the biggest challenge of modern society.
This is so funny. I watched your stream yesterday for the first time randomly.
Never heard about eBPF before. Since then I've read up on eBPF and its use in low-latency engineering, which I found fascinating. And now I see your post here.
To me, the immutability of an actual blockchain is non-negotiable. I've given up on Ethereum after the DAO fork out of principle.
But that's the beauty. Unlike our current financial system, you're not bound to use Ethereum. You have sovereignty and can make your own choices (and drive change).
-- (I only discuss part of your comment, don't have time for the rest)
Just FYI, the biggest problem for crypto fraud is phishing, not theft. A thief can't get your private keys from a hardware wallet. And there are many, many, MANY strategies you can use against phishing.