ECIPs
ECIPs copied to clipboard
ethereumclassic
Discussion/Informational: Random thoughts on the longevity and network participartions of client software
Intended to pick up a tangential comment thread from #217, particularly the following comments:
- https://github.com/ethereumclassic/ECIPs/issues/217#issuecomment-559861432
- https://github.com/ethereumclassic/ECIPs/issues/217#issuecomment-559862589
- https://github.com/ethereumclassic/ECIPs/issues/217#issuecomment-559865482
- https://github.com/ethereumclassic/ECIPs/issues/217#issuecomment-559866580
- https://github.com/ethereumclassic/ECIPs/issues/217#issuecomment-559881215
- https://github.com/ethereumclassic/ECIPs/issues/217#issuecomment-560098079
- https://github.com/ethereumclassic/ECIPs/issues/217#issuecomment-560099224
- https://github.com/ethereumclassic/ECIPs/issues/217#issuecomment-560102235
"Maybe 11k+ commits and years worth of available surrounding Github metadata (at least), might suggest a notion a little less boisterous than "unknown provenance" and "zero defense"..."
Obviously not completely unknown, but IP attacks only single "bad commits" to be ruinous. Especially if those commits are to core algorithms. You get something "in deep" such that it is part of the protocol which you cannot change and you are screwed forever. Pending case in point is ProgPOW.
See also Microsoft's patent trolling on Linux.
We have two attack vectors here - insertion of patented content into particular client implementations (Geth here being the case in point) - which is BAD, but can be worked around because we have multiple clients - but the worse of all is insertion of patented content into the protocol spec itself, because that poisons every client.
"zero defense" is true. What is your objection to that?
"Are you a lawyer? Have you spoken with one or have documentation from a lawyer about the claims you're making here?"
Yes I have. Myself and @YazzyYaz met with Eben Moglen and Mishi Chaudhary a week or so ago.
Eben is the author of GPLv3. I think he knows a little about the law. Both of them consulted on cpp-ethereum relicensing too.
https://en.wikipedia.org/wiki/Eben_Moglen
"Why haven't the patent trolls already taken over?"
ProgPOW is perhaps the first major play to do just that. I hope to goodness that there are not any "submarine patents" which already made it into Ethereum or ETC protocol or into Geth, but we just do not know.
What SHOULD have happened in 2016 is that the Geth team should have gone through the process which I did for cpp-ethereum over several tedious months to establish provenance and consent, even with the license remaining as LGPLv3 / GPLv3. Of course that did not happen, because "Duty of Care" is a foreign language to the EF.
https://bobsummerwill.com/2016/07/12/c-re-licensing-plan/
"And again, whose interests are we protecting here against these alleged inevitable patent troll lawsuits? IBM's?"
We are protecting every participant in the ETC ecosystem. Those entities most at risk are exchanges, miners, businesses using ETC, developers using ETC.
Anybody who has a legal entity which can be attacked.
"Oh, and 3. Governance -- what was the solution for that which supposedly existed in 2016 for Ethereum that would have been (according to you) agreeable to IBM?"
No - it was actually seeing things like my actions with the C++ relicensing, like seeing ConsenSys actions in building "Enterprise Ethereum". It really was not anything which the EF themselves were doing, other than to the degree that I was driving while being employed by the EF.
In the end the EF failed the governance test there, failed it again when they did not support the EEA, and have failed it again and again since.
Do you know who has not failed that test? ETC.
The ETC Coop is building that bridge to the EEA and Hyperledger now because we are all adults, with responsible actions and with a Duty of Care to all ecosystem participants in a way which the EF has never done.
With regard to "Geth family will die", I absolutely stand by that. Because the Geth codebase and it's lack of responsible IP protections make it unacceptable for use by businesses which are savvy to these very real threats.
Want to have potential for future lawsuits if you use this code? No. I did not think so.
Use Parity-Ethereum, Hyperledger Besu or IOHK Mantis (if you could
Everything I am saying here, @meowsbits, is the result of 3.5 years of looking deeply into these issues, talking to world-class lawyers, talking to businesses, talking to the most knowledgable people on the planet on these topics.
Not pulling stuff out of my arse.
Current reality for Geth family - BAD Better reality - GPLv3 + DCOs Best reality - Apache 2.0 + DCOs
I know this will never happen while EF is steering the ship, so the inevitable consequence is death of Geth-family. That happens when ETH2 ships and Geth gets defunded. If ETH2 even happens.
The only thing keeping the lights on for Geth is the EF's ongoing investment.
Thanks for your answers so far, Bob -- I'm not trying to troll your or push your buttons, and I appreciate your earnesty and thoroughness :smile_cat:
I'm just trying to dig for careful and documented reasoning around these lines of thought.
Myself and @YazzyYaz met with Eben Moglen and Mishi Chaudhary a week or so ago. https://github.com/ethereumclassic/ECIPs/issues/225#issuecomment-560133602
Do you have anything in writing or any other documentation that came as a result of the meeting?
TODO. In my pile of hundreds of TODOs!
I will make a new ECIP soon enough with all this detail.
Re: https://github.com/ethereumclassic/ECIPs/issues/225#issuecomment-560133388
Pending case in point is ProgPOW.
Would you please cite your reference for this?
See also Microsoft's patent trolling on Linux.
I tried looking up Microsoft vs. Linux and found the following. Is this near what you're referring to?
Microsoft CEO Steve Ballmer likened Linux to a kind of cancer on intellectual property. Microsoft sued Lindows, a Linux operating system that could run Microsoft Windows applications, as a trademark violation. The court rejected the claim and after Microsoft purchased its trademark, the software changed its name to Linspire. [...] In the 2010s and under new CEO Satya Nadella, Microsoft began to adopt open source into its core business. In contrast to Ballmer's stance, Nadella presented a slide that read, "Microsoft loves Linux". [...] In 2016, Microsoft introduced Windows Subsystem for Linux, which lets Linux applications run on the Windows operating system. The company invested in Linux server technology and Linux development to promote cross-platform compatibility and collaboration with open source companies and communities, culminating with Microsoft's platinum sponsorship of the Linux Foundation and seat on its Board of Directors. https://en.wikipedia.org/wiki/Microsoft_and_open_source
"zero defense" is true. What is your objection to that?
I, of course, have no objection to raising awareness, if not alarms, if this is a serious threat. But so far I don't see any concrete legal precedent or clause that would suggest what it seems you understand as a certain and deterministic outcome.
RE: Microsoft patent trolling on Android. I said Linux, but it was actually Android:
https://www.howtogeek.com/183766/why-microsoft-makes-5-to-15-from-every-android-device-sold/
Microsoft have done a 180 on Linux in the meantime. They are huge allies for us on open source, but NOT on censorship resistance:
https://www.hanselman.com/blog/MicrosoftKilledMyPappy.aspx
RE: ProgPOW - I have written enough. Pointless to carry on with that here.
I am just going to put this thread on pause until I have written up the ECIP for my proposal for IP protection for ECIPs. Until I have that in a concrete form which we can discuss this is not an effective use of time for either of us.
Use Parity-Ethereum, Hyperledger Besu or IOHK Mantis (if you could ) and you will not have these problems. https://github.com/ethereumclassic/ECIPs/issues/225#issuecomment-560134684
Current reality for Geth family - BAD Better reality - GPLv3 + DCOs Best reality - Apache 2.0 + DCOs https://github.com/ethereumclassic/ECIPs/issues/225#issuecomment-560135086
Parity uses GPLv3, just like go-ethereum. Which leads me to reason that Parity's differential use of CLA, eg. https://github.com/paritytech/parity-ethereum/pull/6810#issuecomment-337245715, is what you're talking about when you say DCO.
Following the CLA-bot's link to Wikipedia finds me at https://en.wikipedia.org/wiki/Contributor_License_Agreement, where I see:
CLAs can be used to enable vendors to easily pursue legal resolution in the case of copyright disputes,[1] or to relicense products to which contributions have been received from third parties.[2]
The purpose of a CLA is to ensure that the guardian of a project's outputs has the necessary ownership or grants of rights over all contributions to allow them to distribute under the chosen license.
Where I interpret the legal benefactors of CLA's as "vendors" and "guardians" and "maintainers" of projects. And where in this case we're talking a specifically about "geth-family" codebases, these translate to entities who... fund development efforts on these projects? Who own these projects? Who steward these projects? Who are listed on Github as maintainers of these projects?
With some just-believe-the-hand-waving I can start to be convinced of potential risks for, say, The go-ethereum Authors (listed here), but I'm not clear on how the Swiss-based supposedly non-profit entity Ethereum Foundation would fit into this concern, let alone those you've cited as being most at risk:
Those entities most at risk are exchanges, miners, businesses using ETC, developers using ETC. https://github.com/ethereumclassic/ECIPs/issues/225#issuecomment-560133962
Can you explain what exactly you're anticipating as a risk for, say, an exchange (in... pick any country) running a go-ethereum instance in order to utilize the Ethereum Classic network, in the case that a patent troll fires up a suit against <whoever you think the patent troll would sue> suing for a protocol specification copyright (your worst-case scenario).