Discussion/Informational: Random thoughts on the longevity and network participartions of client software #225
Comments
|
"Maybe 11k+ commits and years worth of available surrounding Github metadata (at least), might suggest a notion a little less boisterous than "unknown provenance" and "zero defense"..." Obviously not completely unknown, but IP attacks only single "bad commits" to be ruinous. Especially if those commits are to core algorithms. You get something "in deep" such that it is part of the protocol which you cannot change and you are screwed forever. Pending case in point is ProgPOW. See also Microsoft's patent trolling on Linux. We have two attack vectors here - insertion of patented content into particular client implementations (Geth here being the case in point) - which is BAD, but can be worked around because we have multiple clients - but the worse of all is insertion of patented content into the protocol spec itself, because that poisons every client. "zero defense" is true. What is your objection to that? |
|
"Are you a lawyer? Have you spoken with one or have documentation from a lawyer about the claims you're making here?" Yes I have. Myself and @YazzyYaz met with Eben Moglen and Mishi Chaudhary a week or so ago. Eben is the author of GPLv3. I think he knows a little about the law. Both of them consulted on cpp-ethereum relicensing too. |
|
"Why haven't the patent trolls already taken over?" ProgPOW is perhaps the first major play to do just that. I hope to goodness that there are not any "submarine patents" which already made it into Ethereum or ETC protocol or into Geth, but we just do not know. What SHOULD have happened in 2016 is that the Geth team should have gone through the process which I did for cpp-ethereum over several tedious months to establish provenance and consent, even with the license remaining as LGPLv3 / GPLv3. Of course that did not happen, because "Duty of Care" is a foreign language to the EF. |
|
"And again, whose interests are we protecting here against these alleged inevitable patent troll lawsuits? IBM's?" We are protecting every participant in the ETC ecosystem. Those entities most at risk are exchanges, miners, businesses using ETC, developers using ETC. Anybody who has a legal entity which can be attacked. |
|
"Oh, and 3. Governance -- what was the solution for that which supposedly existed in 2016 for Ethereum that would have been (according to you) agreeable to IBM?" No - it was actually seeing things like my actions with the C++ relicensing, like seeing ConsenSys actions in building "Enterprise Ethereum". It really was not anything which the EF themselves were doing, other than to the degree that I was driving while being employed by the EF. In the end the EF failed the governance test there, failed it again when they did not support the EEA, and have failed it again and again since. Do you know who has not failed that test? ETC. The ETC Coop is building that bridge to the EEA and Hyperledger now because we are all adults, with responsible actions and with a Duty of Care to all ecosystem participants in a way which the EF has never done. With regard to "Geth family will die", I absolutely stand by that. Because the Geth codebase and it's lack of responsible IP protections make it unacceptable for use by businesses which are savvy to these very real threats. Want to have potential for future lawsuits if you use this code? No. I did not think so. Use Parity-Ethereum, Hyperledger Besu or IOHK Mantis (if you could ) and you will not have these problems. |
|
Everything I am saying here, @meowsbits, is the result of 3.5 years of looking deeply into these issues, talking to world-class lawyers, talking to businesses, talking to the most knowledgable people on the planet on these topics. Not pulling stuff out of my arse. |
|
Current reality for Geth family - BAD I know this will never happen while EF is steering the ship, so the inevitable consequence is death of Geth-family. That happens when ETH2 ships and Geth gets defunded. If ETH2 even happens. The only thing keeping the lights on for Geth is the EF's ongoing investment. |
|
Thanks for your answers so far, Bob -- I'm not trying to troll your or push your buttons, and I appreciate your earnesty and thoroughness 😸 I'm just trying to dig for careful and documented reasoning around these lines of thought. |
Do you have anything in writing or any other documentation that came as a result of the meeting? |
|
TODO. In my pile of hundreds of TODOs! I will make a new ECIP soon enough with all this detail. |
|
Re: #225 (comment)
Would you please cite your reference for this?
I tried looking up Microsoft vs. Linux and found the following. Is this near what you're referring to?
I, of course, have no objection to raising awareness, if not alarms, if this is a serious threat. But so far I don't see any concrete legal precedent or clause that would suggest what it seems you understand as a certain and deterministic outcome. |
|
RE: Microsoft patent trolling on Android. I said Linux, but it was actually Android: https://www.howtogeek.com/183766/why-microsoft-makes-5-to-15-from-every-android-device-sold/ Microsoft have done a 180 on Linux in the meantime. They are huge allies for us on open source, but NOT on censorship resistance: https://www.hanselman.com/blog/MicrosoftKilledMyPappy.aspx RE: ProgPOW - I have written enough. Pointless to carry on with that here. |
|
I am just going to put this thread on pause until I have written up the ECIP for my proposal for IP protection for ECIPs. Until I have that in a concrete form which we can discuss this is not an effective use of time for either of us. |
Parity uses GPLv3, just like go-ethereum. Which leads me to reason that Parity's differential use of CLA, eg. openethereum/parity-ethereum#6810 (comment), is what you're talking about when you say Following the CLA-bot's link to Wikipedia finds me at https://en.wikipedia.org/wiki/Contributor_License_Agreement, where I see:
Where I interpret the legal benefactors of CLA's as "vendors" and "guardians" and "maintainers" of projects. And where in this case we're talking a specifically about "geth-family" codebases, these translate to entities who... fund development efforts on these projects? Who own these projects? Who steward these projects? Who are listed on Github as maintainers of these projects? With some just-believe-the-hand-waving I can start to be convinced of potential risks for, say,
Can you explain what exactly you're anticipating as a risk for, say, an exchange (in... pick any country) running a go-ethereum instance in order to utilize the Ethereum Classic network, in the case that a patent troll fires up a suit against |
q9f
added
status:0 wip
Intended to pick up a tangential comment thread from #217, particularly the following comments:
The text was updated successfully, but these errors were encountered: