DEVCON2 report: Day 3 - Final day
Link roundup
- Devcon day 0
- Devcon day 1
- Devcon day 2
- Devcon day 3
- Blockchain summit - demo day
- Blockchain summit - Day 1
- Imgur album: https://imgur.com/a/CFlSZ
- Reddit Post: https://www.reddit.com/r/ethereum/comments/53u98s/devcon2_report_day_three_final_day/
Question: the 3 days of devcon are over. Are people interested in reports on the next 3 days of international Blockchain week (demo day + 2 days of global Blockchain summit) http://www.blockchainweek2016.org/index_en.html
Event
The buzz during the day was around the "stick puzzle" that Bok Khoo was giving out to people. It is just a stick, with a loop of string. He gets you to turn away, he uses "the trick" to put it onto your bag and then you try to get it off.
The WeChat channel was just filled with everyone asking where they can get it, and the screaming that they can't figure it out. Only about 5 people reported they were able to solve it (I haven't yet)
Sessions
I'm biased, but I thought the announcement from Microsoft with the update of cryptlets was a big deal. The morning sessions covered a few different oracle systems, the afternoon had lots of IPFS sessions.
Microsoft - A Lap around Cryptlets
https://azure.microsoft.com/en-us/blog/cryptletsdd/
https://azure.microsoft.com/en-us/documentation/templates/ethereum-consortium-blockchain-network/
https://azure.microsoft.com/en-us/blog/author/marleyg
Microsoft was a sponsor of Devcon1 & 2
Ethereum is a 1st class citizen
Support for community & partners - Bizspark, Meetups, Workshops
Announcing:
Bletchley v1
Distributed Ledger stack
V1 is a private Ethrerum consortium, that you can spin up for your own enterprise / group
Cryptlets are being developed to help with security, identity, etc.
How do you get trusted external data feeds injected into the Blockchain?
Doing things on a specific interval (every 15 mins)
When price of something hits a threshold (oil goes above $40/barrel)
Secure IP protected algorithms, but still share with blockchain network.
Use libraries for common platforms (.Net, Java, etc)
Cryptlets vs Oracle
Cryptlets will have a marketplace on Azure that will allow you to purchase and utilise
Use case: Trigger on an event
Wake up on 4pm, if market was open that day, then give me the price of gold for that day.Get signature of attested server, attested sender.
Use case: Control
Using smart contract like a traditional DB. Declare data you are keeping track of, and the functions/"stored proc" to update that data.
Cryptlet runs off chain, and can be scaled up.
Utility cryptlet. Use an attribute in solidity contract with cryptlet details
Developer references at design time the cryptlet they want the contract to call
Contract cryptlet, deploy the cryptlet at same time as contract.
Why would you want Azure to do this?
SGX allows you to create "secure enclaves", can have complete isolation on the hardware chip where it is not modifable.
Provides a secure enclave at the CPU level. Can give full attestation right down to the silicon.
Will be provided as a enclave container on Azure.
Will be released for .NET core CLR first, then other languages.
Can create cryptlet libraries that you can scale and put into the Azure marketplace.
An ecosystem for developers & ISVs to consume and publish.
Bletchley v1 released today will let you spin up a private consortium.
Before today, it took a long time to try and deploy a private consortium (can take weeks to read doco,
Now takes 5 minutes to deploy!
Creates a private consortium, puts each member in its own separate subnet
Mist Vision and Demo
I was too busy sharing the release posts of Microsoft project bletchey v1, missed this talk.
It did look interesting, I will watch this one later.
Idea: Reward for bandwidth. Providing connection could replace mining as entrance point for desktop computers. Allow you to have a trickle so you can trigger smart contracts.
Standardised backends, so that you can swap out the underlying node between geth, blockapps, etc.
Web3.js
https://github.com/ethereum/web3.js
Etehereum JS API
Smart conracts are EVM opcodes,
Helps translates calls to JSON RPC calls. Helps do the ABI encoding when sending data from JS to EVM
It kept on growing, many different utility functions being thrown in. Is time to clean it up and be refactored.
They are now building a NEW web3.js
The communication will be socket based, will enable subscriptions. Everything will be based on promises to subscribe to events, like log events.
Bunch of other newer cleaner methods and ways to do things like deploying contracts.
Smart contract security
Was a very good postmorteum of The DAO and things that could be done to mitigate it in the future.
An issue with The DAO was trying to do a massive jump from centralisation all the way to full decentralisation. Meant no one could step up and make a decision on how to save it. We need to make smaller steps towards full decentralisation as we learn as a community how to do this.
Same security patterns as yesterday's talks: check invarients, beware 1024 call stack depth, reentry exploit (update state BEFORE executing calls), timestamps are manipulatable.
Updateable contracts. Who can update it? Community multisig?
We need better rools: formal verification, compiler warnings, improved IDEs, trusted libraries, excape hatches
Conclusion: It is still very early days in this space, be careful.
A Provably Honest Oracle Model: Auditable Offchain Data Gathering & Computations
Oracalize is the most widely used oracle (until everyone starts using Microsoft Azure cryptlets ;-) )
Contract calls Oracalize contract with the data they want, off chain they see this get the data, Oracalise then trigger their contract externally, which does a callback to your contract with the data.
Can use external notary servers.
Can get proof from multiple external services to get a higher level of confidence about data (e.g. stock price from a few feeds).
Off-chain (auditable_ computation)
AWS sandbox 2.0.
Put the execution package onto IPFS, AWS gets it and executes it, signs it.
iEx.ec: Fully Distributed Cloud Thanks to the Ethereum Blockchain
http://iex.ec/
Provides blockchain based execution environments
Global market for computing resources.
Idea is to do what we did before with "grid computing" use the idle capacity of computers. But this time do a trickle of micropayments. Allows people to harness this global power to execute their tasks in a global "distributed cloud".
The Final frontier: The company smart conract
http://otonomos.com/
Helping companies to incorporate on the blockchain.
Having a charted company
Smart oracles
https://github.com/smartoracles
Connecting to external resources is difficult. Hard to try and use external currencies (like a bank account / fiat money) to make transactions. Could hook in paypal, HSBC, wells fargo, etc.
Can provide your own payment services as an API to a smart oracle for smart contracts to consume.
Do off chain data storage by calling smart oracle API
Roadmap: more data sources & more payment methods
IPFS & Ethereum: Updates
https://Ipfs.io
IPFS is AMAZING, seriously go watch the full 1 hour talks Juan has given in previous years.
Current web has current issues. Centralisation, etc.
IPFS is a new hypermedia transfer protocol
Content can be retrieved not from specific servers, but instead via it's hash so that it can come from anywhere in the network (maybe from the person next to you who has cached it).
It is highly modular, all of the transfer protocals, routing, naming, etc. are all swapable
Is available as GO-IPFS & now JS-IPFS
Means now you can run IPFS in the browser
IPFS was great for static content, but not so great for dynamic content. Low latency pub/sub protocol will help with dynamic data.
Created a distributed peer to peer chat app using this new dynamic content protocol.
IPLD a common link-tree hash format
Will be able to use IPFS to retrieve ethereum blockchain blocks DIRECTLY
Can use IPFS as a package manager to retrieve them in a distributed manner.
Many projects are using Ethereum & IPFS Uport, Digix, Infura, Ujo, Eris, Blockfreight.
Filecoin was created as a way to try and incentivize nodes to keep files longer time.
People rent out hdd space to earn filecoin. Exchange bitcoin/filecoin. Use filecoin to store files in network.
Filecoin is going to be built on top of the public Ethereum blockchain, as a virtual blockchain / token.
IPFS Libp2p & Ethereum networking
Network connectivity between any 2 nodes can be difficult. Censorship, bandwidth, network issues, etc.
Having to deal with different networking topologies and access.
Libp2p & Devp2p is different. Devp2p is for Ethereum. LIbp2p is modular, can swap out components to change network access, encryption methods, etc.
Can build up a MEGA mesh network, by utilising traditional wired internet, radio, bluetooth between some nodes.
Web browser using web socket, to a node, which routes across network, to zigbee to a IoT device.
Libp2p & Devp2p could merge and augment each other. Could create the libp2p components to replace the devp2p bits
Any 2 nodes that speak the same protocol can communicate and be a part of the network chain.
Experiment. They took the browser based version of EVM. Then used Libp2p to talk to the Ethereum network. Had a complete ethereum node running in a browser.
Uport
https://uport.me/
Universal identity platform
Current challenges: key management. Ux for average person. Dapps via mobile. Identity and data ownership.
How do you keep a consistent identity, even if you lose a key.
Have some multisig contracts that you can use to keep track.
Social recovery, use your friends to attest it is really you.
Keep private key on mobile, do transactions on the desktop, scan a QR code to sign the transaction on your phone and send it off.
A Deep Dive into the Colony Foundation Protocol
It is an open source governance protocol built on Ethereum
Problem with voting is how to prevent Sybil attacks.
Votes are weighted by a reputation score.
Reputation is non-transferable that can only be earned.
Total weighted voting helps mitigate this.
Chain orchestration tooling & smart contract package management
Eris is tooling for developers.
Package manager to build your own blockchain.
Can compose a chain, e.g. geth + tendermint consensus.
Init, install, do.
Can easily install on Mac/bew, linux/apt-get, Windows/choco
The Golem Project: Ethereum-based market for computing power
http://www.golemproject.net/
Anyone can make an offer to sell computing power. e.g. Distributed rendering
Want to create a standard framework that anyone can use to submit and process jobs.
Status: Integrating Ethereum Into Our Daily Lives
https://status.im
Want to get ethereum everywhere. "Mist for Mobile"
Everyone is using their mobile phones for everything, but mostly using instant messaging.
What would Ethereum in a IM window look?
Created a IM mobile app that has a local geth node. tart up, it asks you to create a password, it generates a pub/private pair.
Then can send messages via whisper, and the messages are signed with your public key.
Can load Dapps up in the local webview and interact with them.
Allows you to create "chat Dapps", that you interact with via text. Like chatbots
Maker Ecosystem Overview
www.Makerdao.com
Dai: seeking stability on blockchain.
Stablecoin engine: smart contract that holds collateral reserves and controls the Dai lifecycle.
MKR: open source community managing risk of the system
In the last year, investing in a solid technical core. More slow and audit things. Moving into the next phase of stablecoin development.
Their latest project is the "Simplecoin project"
Meeting Thereum community's need for stability. An independent platform for creating centrally administered simple stablecoins.
Issues create their own rule sets: Collateral types, participant whitelists, security parameters.
Example: Shrutebucks. The only people who own it are Dwight, Jim & Pam. They backed it with 1/3 ETH 1/3 DGX 1/3 DUSD.
Orbit. A distributed peer to peer app on IPFS
https://github.com/haadcode
Created a full distributed chat room, itself distributed through IPFS.
It is integrated with uPort for identification
Using uPort allows you to verify that you are talking to the correct person in the chat channel. All their messages are signed with their public keys
He also created a full distribited twitter clone, using uport for the identity as well.
Orbit-db key value store DB that stores its data on IPFS. Eventually consistent
Appends data to the DB, an event is sent to those subscribed on pub/sub so they can see the latest root hash. Based on CRDT
Ethereum + Pubsub + CRDTs + IPFS = super power primatives to build dynamic distributed apps
Development considerations with distributed apps.
Need to ensure that apps work offline.
No centralised servers.
No data silos.
Provide integration path.
Future work: could you use uPort for ACL like permissions?
Mobile use cases, how to make it work nicely on mobiles
Building scalable React Dapp architecture
https://github.com/SilentCicero/react-dapp-boilerplate
React + Ethereum
He has a configured boilerplate template.
Has contract scaffolding. Enforced contract Linting/testing. Wallet generation/identity. Preconfigured web3 instance.
UI: Mature react arhitecture "react boilerplate". Prices listed in USD with ETH/btc via kraken api. A basic multi-contract example Dapp. Offline first, dapp runs without internet.
Uses Redux. State models in UI & blockchains work well.
PostCSS, CSS Modules, sanitize.cs. Redux, immutableJS, reslect, redux-saga, i18n, redux-router.
Web3, ethdeploy, dapple, solium, eth-lightwallet, chaithereum, ethereumjs0-testrpc
Enforced contract testing in 2 languages.
Ethereum for Enterprise (BlockApps Strato)
Trying to make sure that Ethereum stays relevent to enterprise development.
Why do you need a blockchain WITHIN an org, shouldn't they trust each other? Well different departments may not, they may reconcile differently, and can help automate/orchestrate between them.
Blockchain is the "killer app" for cloud financial services. Legacy infrastructure, batch prossing, etc are all restricting fintech from progressing. Blockchain can happen in real time, can replace legacy.
Ethereum is very flexible and programmable, works well. There are others based on Bitcoin (like Hyperledger).
Ethereum + Blockapps = Extreme productivity + Proven Technology.
Blockapps is extending Ethereum for Enterprise.
Runs very well on Azure
Enterprises don't want all their data exposed on public chain. Blockapps helps solve data privacy and scaling with multichain fabrics.