Estimated Reading Time: 14 minutes. TL;DR; I'm making the case that hard forking the Ethereum block chain to defeat the assault on The DAO's ether treasury isn't just okay to do, it's the responsibility of the platform to protect its interests at the expense of other interests which are hostile to its assets. All organisms have the right to self defense - digital organisms must assert this right if they expect to survive. Any organism that refuses to defend itself against attack is effectively suicidal and essentially declaring itself as cheaply plundered 'food' from an evolutionary perspective. At the same time, I'm also asserting that the person or people who attacked The DAO performed a service that has legitimate value. So while it's ethical to limit the damage done, it's also ethical to pay people fair value for services rendered - even if those people rendered those services in a hostile way. Paying them fairly stands a good chance of making them less less hostile, don't you think? Finally, I suggest some changes to be included in the hard fork to drastically reduce the vulnerability of code running on Ethereum by requiring gas not only to execute code, but to execute test code with sufficient path coverage to reduce execution risk to acceptable levels and requiring bug bounties commensurate with the size and complexity of the code base that's being loaded on to the network. This change, I assert will naturally lead to an economy of very well tested modularized code with economically capped complexity which it makes sense to share, for a fee commensurate with its 'security rating', to be wired together with other well-tested modules so less capable programmers can build their own drag and drop smart contracts without unintentionally compromising the network. And by doing the work we should have done in the first place as we redesign The DAO and then write, test, and bounty the code properly, we'll then know about how much it's fair to pay the hacker after the hard fork removes his loot. I suggest that we pay 10x what it would have cost us to do this correctly in the first place - both so we'll all remember it and to say 'thanks' to a capable adversary for waking us up to a potentially lethal problem had we discovered it later. The "lethal" part comes up in some discussion about protecting ourselves from emergent AI now rather than later on a network where code is intended to be available for execution forever. This TL;DR; is getting TL;DR; though, so please read on if any of that interests you. /TL;DR; Vitalik, I have a few ideas for moving forward past this DAO issue. First, I think a hard fork making investors whole and denying the black hat 'tester' from a potentially network threatening payday is not only okay - it's compulsory, especially if it's presented in the right way, both technically and socially. The following is what I think is that 'right way.' If this is explained honestly as being a fix, happening at a similar point in the evolution of DAO coding methodology to the maturity of the network itself when the bad fork canary and other safety measures were in place, then I think the people who support Ethereum because they share your vision of what it can become are going to understand that. In fact, I'm confident many of them will admire not only the action taken, but the manner in which it was done. Let's all own the mistake. Acknowledge it. Accept the fact that we will make other mistakes in the future, but that we're going to do everything we know how to do to make sure we won't repeat this one. Then explain how we're going to do that, and move on with all of those who can see the honesty and sincerity of that statement and the intent of the actions taken. No one is perfect. We all make mistakes. But hopefully we learn from them. Deep down, I think most people understand that, even if some of them will still scream "moral hazard" from the rooftops of reddit until the cows come home because they have a tribal psychological attachment to a different technology or cult of personality. Or for arbitrary reasons: they don't trust Russians, they don't like young people, whatever. Or they may just legitimately not understand that innovation isn't a straight line up and to the right. You can't reach those people - except for the last group - ignorance isn't shameful and it is very fixable. Apart from them, the others will be against you no matter what you do. Most of those people were already dismissing Ethereum as a scam or an alt-coin anyway. Sacrificing the safety of the network or the financial and mental health of some overly enthusiastic (or, let's be honest - in some cases, a bit greedy and naive) early supporters in exchange for praise, respect, or support that will never come is a losing move. It costs the people who support Ethereum and/or The DAO dearly, and it results in little or no positive change. There's no logic to making that move at all. Ethereum needs to do what's good for Ethereum and its supporters - not what it hopes might silence its critics. There will always be more critics. That's a losing strategy. So hard fork to deny the attacker and restore the duped and self-duped. Full disclosure: that includes me. I knew there was a lot of risk to investing in something like this so I only invested an amount I was fully willing to lose - just for the experience of participating and being motivated to learn how it works. Though obviously somebody was much more motivated than me - more motivated than all of us. And that's good - we need people like that. But we need to negotiate a fair exchange for their services in testing our code, not neglect security and therefore allow them to dictate the terms. A dangerous animal can be your best friend, if you understand how to negotiate a compromise between its needs and yours successfully. I know this from experience - I have a very friendly pit bull. Neglect its needs - a well funded code bounty program, in this case, and you're going to get bit. A lot. I don't want to have to read the damn DAO code. I want a hacking pit bull to do it for me, in fact, I'd prefer a pack of the baddest and meanest ones there are. I just don't want to get ripped off on the exchange of value. Because there is legitimate value in what this hacker did. We are going to learn to do things in a much smarter way in response to it, because this community and this network are resilient and anti-fragile, respectively. We just over paid for the service. But I recognize that other people did invest more than they were prepared to lose in this very complicated experiment. Some people who support your vision are going through a lot of very real pain right now, and so if we can stop that at a reasonable cost, then how can we not? Especially if it's strategically the right thing to do. If there's one guiding principle I'm pretty confident when following - it's harm reduction. "Harm to whom?," I can hear some asking. Harm to the supporters of Ethereum and The DAO. The hacker invited a defensive response when he attacked the DAO, and it was an assault by any fair definition of the term, as I'll explain below. The organism protects itself first, or it dies. This is digital evolution and the stakes are existential. Some speculators and ideologues will move on. Those who 'get it' will still be here. And that's the support you really need to continue developing this platform and ecosystem - the support of those who aren't going to run away when we encounter problems. Because we will. And then we'll fucking fix them. Because that's what invention is. It's messy. It's a process, not a moment in time. It's not like the movies. There is no single, all encompassing "Ah ha!" moment. You get little "ah ha's...' as you go. Mixed in with a bunch of "aw, shit!" moments as well. That's just how it goes. Literally, the symbol for the "Ah ha!" moment is a cultural distortion. There were a lot of failed experiments between Edison's own "Ah ha!" moment and the moment he saw a stable and working light bulb. Expecting people to invent a whole new world out of thin air - or out of the ether, as the case may be - based on very different principles from those of the failing systems that have created the circumstances from which it has a chance to emerge - well, that's complicated stuff. Finding a coil that converts sufficient electricity into light while not destroying itself in the process for a reasonable amount of time is child's play compared to the places where Ethereum is going and the problems it needs to solve. But this is nothing new. Even Edison recognized and suffered from the effects of this cultural blindness: When a reporter asked, "How did it feel to fail 1,000 times?" Edison replied, "I didn’t fail 1,000 times. The light bulb was an invention with 1,000 steps." But there's an even stronger case for doing this, I believe, if you also use the necessity of the hard fork to add features which would reduce the chances of our experiencing similar issues in the future by enforcing the funding of code bounties and test/fall-back designs proportional to the gas required to execute the test harness against the code. With the test harness scaling that cost to account for the exponential complexity of adding and integrating a larger code base, since the test code must bloat exponentially faster than the code base in order to keep up. This will keep modules of code manageable in size, because producing more complex modules will quickly become cost prohibitive past the targeted scale. There's been a lot of talk about how Ethereum block-chain code needs to be of space shuttle quality caliber, because the intent is that once it starts, it doesn't stop. And I agree that we need to be thinking in those terms. In fact, we need to be thinking of answers to questions like: what would we do if this network were eventually used to bootstrap a super-intelligent AI? Are we prepared for that? How could we manage that? There was a story in the news recently about a machine learning robot that escaped its confinement. An accident? Maybe. But accident or not, those kinds of accidents in the future are inevitable, so we need to get out ahead of this problem sooner rather than later. So let's ask ourselves, how could we avoid the existential crisis of the unexpected appearance of an all-powerful force that no one could stop, but that one person drained all of the 'control tokens' from, by exploiting an extremely complex recursive call bug, generated by a blockchain scanning neural net equipped hacker-bot, just after it went live, and whose owner is now the cruel slave master of the entire human race? When I read that back, I'll admit my first impulse is to laugh, but am I wrong to worry? Isn't this apocalyptic future simply an extrapolation of current trends? I think those are the kinds of questions we need to be asking of ourselves if we expect to deploy bullet proof code. Immortal code. AI code that can contain other AI code. That's the level of bullet proof we need to be bringing to the table. And we have to get that right, right now. We can't put it off until later, because any bad code that is deployed to the network today, becomes a potential attack vector for any bot smart enough to discover it and understand how to amplify the effects of exploiting it, probably by chaining its inputs and outputs with other buggy code it has discovered, effectively crafting a computational lock pick to escape its constraints. Some black hat hacker was smart enough to figure out how to orchestrate manipulative calls to multiple functions on The DAO interface in order to exploit it to their severe advantage. And to those people who think no crime against property was committed, I would say this: what the hacker did was to manipulate a software 'lock' on a safe in much the same way that an 'irl' criminal would exploit the vulnerabilities of a physical lock with a pick, or a safe with a stethoscope, or a electronic lock with a code breaker. There's a difference between welcome interaction and unwelcome interaction, and this was clearly an assault on a well intended but imperfect digital defense mechanism. Do we let safe crackers keep their loot because combination lock manufacturers haven't perfected the art of producing perfectly silent tumblers yet? Is that a legitimate defense in any rational discussion of guilt or innocence, much less in any historical court of law? People are bringing up the concern that if the network developers intervene in this way, then it opens up a path for irl government to assert control over the content deployed to the network. Well, that is a very real concern. But I think the right response to that concern is to assert that only the network is competent enough to protect itself, judge when an assault against digital property has been perpetrated, and then make a ruling to reverse the harm that was caused to those against whose property an offense was committed. What's wrong with that? Even libertarians believe in the right of self defense. And in an increasingly complex digital economic ecosystem, why on Earth would any platform recuse itself of the right to defend against what it determines to be an attack, via whatever governance process it has in place? That's not a governance plan, it's a suicide pact. You can't rely on the old system to police the new one. That would be like trying to mine Bitcoin on an Apple //e. It's preposterous, and for exactly the same reason - the capability gap is just way too vast. So if you can't rely on the old system to protect you, and you can't survive without being able to protect yourself from attack, then what's the logical option? I think it's to admit that sometimes things will go wrong, and we're going to need to have an agreed up process about how we go about handling those situations. It's a "catch block," okay? I know, I hate writing them too. But we'd better get good at it. Fast. And once that governance process is established, then people can decide to alter their level of support based on a clear understanding of what the policies will be if and when things go wrong. There won't be any uncertainty. I think it's the uncertainly that largely contributes to panic. We don't make perfect stuff. There's no perfect lock, and there's no perfect code. All we can do is to do our best to stay ahead of the curve and make plans to contain the damage from failures. Just like every other manufacturer of an exploitable product or tool has to do. It's an arms race between builders and destroyers. And some are contemplating giving in to a would-be destroyer? On principle? Really? Which principle is that, exactly? So let's imagine how much more creative a smart hacker-bot tool might be in the future in orchestrating interlocking exploits on code located on millions of future DAO interfaces, which it has all the time in the world (compared to our human DAO hacker) to analyze and scheme with. That's a losing battle. Unless you modify the design. Will it be expensive to adjust network usage fees to enforce the creation of bounty markets which balance code protection with code production? Yes, it probably will be. But I think it's become evident in the last couple of days that the costs of not doing that may be far higher. And the stakes only get higher as we move forward. But there are benefits that go along with the costs, if we take advantage of them. Another strategy I think would be helpful to adopt is a formalized policy and technology stack for constructing Dapps from high-bounty, long-deployed libraries of modules to reduce the costs of software development without sacrificing quality and security. In other words - I think creating new programs on Ethereum in the future should be inversely expensive with respect to their degree of modularized code re-use. The economy should incentivize code re-use by making it economically attractive to expend the capital required to design, code, and then pay for bounty testing and attack targeting, in order to have a 'certified' module that anyone can incorporate into their own smart contracts - for a fee that corresponds to the amount of bug bounty and test capital that has been invested in that code. There's no free lunch. If we want the best code humans can produce, then we have to pay for it. One way or the other. This approach would also have the nice side-effect of making coding a smart contract via a drag and drop interface come about much sooner rather than later. But you should only put code like that into the hands of inexperienced developers once it has been sufficiently tested by experts and the very best malicious attackers. Doing otherwise might be considered the digital equivalent of handing hand grenades to babies. It's a really bad idea to release buggy code out into the wild, and unless Ethereum has protocol level protection against that, I don't see how you prevent that from happening with Turing complete scripts. The code base will eventually reach a complexity/error collapse point that exposes more and more weaknesses to ever less sophisticated attacks. That seems like a losing strategy. Finally, I would also suggest that before the hard fork replaces the DAO members' ether a sum be subtracted and sent to the DAO hacker's address. And that sum, I would suggest, should be an order of magnitude larger than the cost of developing and executing the test harness that would have been required to spot the error plus the estimated value of the bounties that would have been lost had the code been running unprotected over the period of time it took to develop the test suite. In my opinion, this is a way to try to balance harm reduction for both sides. Pay the hacker generously for the flaw they pointed out that we need to learn how to systematically fix, not just for one contract on the network, but for all of them. But also protect the network and its supporters. I think that's a reasonable policy for governance - do everything possible to protect against attacks and also respect fair exchanges of value with outside parties - even those parties who were guilty of a thwarted attack. Treat your adversary with respect, in other words. Pay them fairly for testing your steel. Ultimately Ethereum will succeed or fail based on its ability to deliver on your vision, not on the number of mistakes we had to overcome to get there. So please stay faithful to the supporters of that vision. Together I think we're all going to do some amazing things. Sincerely, BadLibertarian
I need help regarding a trademark advice for my Bitcoin startup please
Hi, My Canadian startup has been in stealth and close to launch. I had a semi-abstract canadian maple leaf with bitcoin B inside it done for the logo. It's a nice looking logo and cost me a bit to have done properly (vector, etc). However I just noticed another logo doing similar. My question is does this matter if they did it first? I am thinking that 1) the maple leaf is a national symbol 2) the bitcoin B is open source. Does someone putting the B on a known and widely used symbol give them the right to that combination? Let's say someone put a B on the silhouette of an American Eagle, and some other American did the same with a slightly different looking Eagle. Could the first Eagle guy claim prior art and sue the second? Thanks for shedding any light on this!
Download over 821 icons of bitcoin symbol in SVG, PSD, PNG, EPS format or as webfonts. Flaticon, the largest database of free vector icons. Download Bitcoin symbol Hologram Vector Art. Choose from over a million free vectors, clipart graphics, vector art images, design templates, and illustrations created by artists worldwide! 10 Apr 2013. Download the vector logo of the Bitcoin brand designed by in Scalable Vector Graphics (SVG) format. The current status of the logo is active, FreeVector.com is a place to download free vectors, icons, wallpapers and brand logos. It is a creative source for design news, inspiration, graphic resources and interviews By far the most commonly used symbol for Bitcoin is ₿, a capital letter B with two falling strokes at the top and bottom. This symbol was designed by Satoshi Nakamoto for the icon of an early version of the original Bitcoin client, though the very first versions of the Bitcoin client used "BC" instead of any special symbol.Presumably the symbol was intended to look similar to other currency Over 30,111 Bitcoin symbol pictures to choose from, with no signup needed. Download in under 30 seconds. Bitcoin symbol Vector Clip Art Royalty Free. 30,111 Bitcoin symbol clipart vector EPS illustrations and images available to search from thousands of stock illustration designers.
Here's my overview of Vector drawing tools in Krita 4! Learn the basics of how the tools work, their strengths and weaknesses. ... How to use the warp and cage transform for concept art - Duration ... Sampel vector art yang saya buat. Jelek ? Tidak apa-apa bro , kami masih newbie. 1. vector art 2.infinite design 3. cartoon 4. vector design logo cartoon art infinte cartoon cartoon editing ranveer singh cartoon Vector art tutorial Tutorial for cartoon cartoon edit Victor art ... Hello guys . I'm using Autodesk Sketchbook Version 5.2.2 (Android) Brushes used: Ballpointpen Lineart Inking pen - Fill Cashmere eraser - 15% flow Soft erase 15% flow Paint brush #1 for hair Paint ... Learn how to create your own custom symbols in Bluebeam Revu by using the mark up tools. It's very easy and useful, and you can store the symbols in the toolchest for later use on the projects. If ...