[HN Gopher] Zooko's Triangle
___________________________________________________________________
Zooko's Triangle
Author : dedalus
Score : 122 points
Date : 2021-02-17 12:30 UTC (8 hours ago)
(HTM) web link (en.wikipedia.org)
(TXT) w3m dump (en.wikipedia.org)
| samdung wrote:
| Human-meaningful. Secure. Decentralized. Choose any TWO.
| genpfault wrote:
| > .onion addresses and bitcoin addresses are secure and
| decentralized but not human-meaningful
|
| I thought that's why you burned some CPU hunting for 'vanity'
| addresses[1]?
|
| [1]: https://opensource.com/article/19/8/how-create-vanity-tor-
| on...
| bitxbitxbitcoin wrote:
| A vanity address is only human-meaningful up to a certain point
| in the string. Not really memorizable.
| tialaramex wrote:
| What matters in practice is mostly by whether people memorize
| it. People choose to memorize Pi and the list of dictionary
| headwords (to play Scrabble, you don't need to speak or even
| read the language, just know all the valid words)
|
| Once upon a time people would memorize telephone numbers of
| friends and people they call often, not so much now.
|
| During the pandemic my gaming group uses Google Meet, some
| things use Zoom, we began having Friday evenings in Jitsi and
| we moved them to Gather Town.
|
| Zoom is the only one that is resolutely impractical to
| memorize, every Zoom meeting gets a random huge ID and
| password, so you need to pass around lengthy nonsense URLs
| for each meeting and even then you might also need to share
| the password. This is done in the name of "security" although
| it isn't actually more secure than...
|
| Jitsi takes arbitrary long strings to distinguish one
| conference from another, defaulting to generating word salad.
| So you tell everybody you're in
| "CloudsEffortlesslyChaseMushrooms" and joining creates it. If
| you want to name one "SecretHackerNewsRoom" you can, but I
| think somebody might guess that name.
|
| Google Meet uses shorter, random IDs. You can't mint your
| own, and by contrast to word salad they're tricky to
| remember, but you can re-use them, and after a while your
| mind remembers ZWC-KLWL-CBMB or whatever because it's the
| same every week. Also your browser will auto-complete it, if
| you have that turned on.
|
| Gather Town allows you to build and name custom places. Since
| you're customising them anyway, you get to name them. If you
| call it "RedLionPub" I'm guessing you might get uninvited
| guests. If you instead reference an inside joke
| ("TerramicDragonHouseOFish" or "InstantMonkeyDispatch") not
| so much. However there is an ID number baked into the URLs,
| and I don't know if there's search, so you'll likely end up
| memorizing or bookmarking URLs for a place you go often.
| zrm wrote:
| > A vanity address is only human-meaningful up to a certain
| point in the string. Not really memorizable.
|
| This is also the reason why they're discouraged from a
| security perspective.
|
| You burn a given amount of CPU time to get
| CyberdyneSystemsZfzah3uf, then someone else burns the same
| amount of CPU time to get CyberdyneSystemsZy6jhaef, then
| humans don't notice that they're not the same thing even
| though you're relying on that for security.
| olah_1 wrote:
| It's clear to me that human-meaningful is the one to drop.
|
| Status messenger has a nice naming solution. They give everyone a
| three-random-word name when they join (an Ethereum pub key is
| under that of course). Then (1) your friends can assign to you
| their own nickname for you, or (2) you can buy an ENS name that
| is globally findable.
|
| I think of this basically like car license plates. You can
| optionally get a vanity plate.
|
| Another project that I love is BrightID. It really embodies the
| idea that we don't actually need a global registry of names for
| most use cases. Most of the time we just want to know if someone
| is legit or not. A web of independent Rolodexes is enough to
| determine that.
| thingification wrote:
| "your friends can assign to you their own nickname for you" is
| "petnames":
|
| http://skyhunter.com/marcs/petnames/IntroPetNames.html
|
| Quote:
|
| _Though no single name can have all three properties, the
| petname system does indeed embody all three properties._
| olah_1 wrote:
| Yeah it's not a particularly groundbreaking concept. It has
| existed for as long as people have kept personal address
| books.
|
| Another implementation is in Secure-Scuttlebutt. But those
| "petnames" are actually gossiped around by default (which I
| would argue is not very intuitive for people).
| kube-system wrote:
| Dropping the "human-meaningful" part fixes the problems with
| the technology, but it exacerbates the problems with the human
| behind the keyboard.
|
| A trusted source of accurate information is a prerequisite for
| entering someone's information into a rolodex. This even a
| problem with _actual_ rolodexes.
|
| i.e.:
|
| * if data is missing, where do you get it?
|
| * how do you know that data is currently valid?
|
| * can you trust the person giving you the data?
|
| The human-meaningful names help users make important decisions
| on how they interact with their technology.
| andrewflnr wrote:
| BrightID is... interesting. The idea is to ensure that each
| physical human has at most one Bright ID account by using
| social verification, right? I can't figure out from a quick
| skim of https://brightid.gitbook.io/brightid/getting-started
| how they prevent you from getting multiple accounts by getting
| verified through two or more disjoint social groups.
| olah_1 wrote:
| > I can't figure out how they prevent you from getting
| multiple accounts
|
| I'm not sure about that, to be honest. One thing to keep in
| mind though is the importance of validating identities in
| person. I think you get higher trust by scanning each other
| IRL.
|
| So a whole network of anonymous avatars could "connect", but
| it would be rare for them to scan each others' devices in
| person. I would imagine that most people would simply lack
| the energy to go through the whole process with two different
| devices. So on-the-whole, the anonymous avatar style network
| would be less trustworthy algorithmically.
|
| This is probably a question worth asking them
| https://twitter.com/BrightIDProject
| dTal wrote:
| Sometimes human-meaningful is the point. You would have us use
| IP addresses instead of domain names?
|
| More precisely, the semantic buck has to stop somewhere. Let's
| say I want to visit the offical website of the Smithsonian
| museum. There needs to be a system I can type "smithsonian"
| into and reliably find the right page.
| munificent wrote:
| _> You would have us use IP addresses instead of domain
| names?_
|
| I mean... that's essentially what phone numbers are, and even
| non-technical people get by surprisingly fine with those.
| [deleted]
| flemhans wrote:
| What is the generic name for these triangles where you can
| "select any two" but never have all three?
| espadrine wrote:
| A trilemma.
| sillysaurusx wrote:
| This is absolutely hilarious and made me laugh really hard
| for some reason. Thanks. I'm using this term forever.
| Jtsummers wrote:
| https://en.wikipedia.org/wiki/Trilemma
|
| Coined in the 1600s, most likely. Can be used one of two
| ways:
|
| 1. A choice between 3 unfavorable options where you must
| choose one (lose your arm, your leg, or your other arm).
|
| 2. A choice between 3 favorable options where you can only
| choose two (the typical ones we see discussed/posted here).
| ovi256 wrote:
| One can observe that the first is a special case of the
| second, through the transformation of negation ("choose
| which two of your arm, your leg or your other arm to
| keep"). We can unify both under this system.
| quietbritishjim wrote:
| Negation works both ways, so it's not that one is a
| special case of the other; instead, they're simply
| equivalent.
| Jtsummers wrote:
| Right. The normal way we see it written here, like with
| the CAP theorem, would be: CA~P + C~AP +
| ~CAP
|
| The way it's normally phrased would be: choose 2 of the 3
| that you want, the other will be absent from your system.
| The alternate phrasing would be: choose 1 of the 3 that
| you can sacrifice, the others will be present in your
| system. But both phrasings describe the same logical
| expression written above.
|
| For the right arm, left arm, leg example it's similar.
| You're being asked which one you would sacrifice so it
| could be written as: RA LA ~L + RA ~LA L
| + ~RA LA L
|
| Offering two phrasings: which do you want to keep or
| which will you give up?
| StavrosK wrote:
| "StavrosK's triangle".
| dTal wrote:
| Who is to say that it isn't? If only we had a secure,
| decentralized system for mapping human-meaningful names to
| things...
| fsflover wrote:
| > Several platforms implement refutations of Zooko's conjecture,
| including: Twister (which use the later Aaron Swartz system with
| a bitcoin-like system), Blockstack (separate blockchain),
| Namecoin (separate blockchain),Monero OpenAlias[5] and Ethereum
| Name Service.
|
| Another implementation is the I2P Address Book,
| https://geti2p.net/en/faq.
| bob1029 wrote:
| How would git _not_ be a clear refutation of this conjecture?
|
| Sure, commit hashes are very high entropy identifiers, but we
| can still derive a lot of meaning from what they implicitly
| represent. Git is also a decentralized protocol. Perhaps the
| "authority" in these cases is whoever happens to be approving &
| merging a pull request? Has anyone reversed a SHA256 hash on a
| reliable basis yet? Does this count as secure & distributed?
|
| Perhaps my argument here is that high entropy and human meaning
| are not at odds with each other. This seems like a very
| subjective point on the triangle.
| garmaine wrote:
| Git doesn't have pull requests.
| bob1029 wrote:
| Agreed - Pull Request was a bad example to use. You can
| still effectively achieve the same thing in a decentralized
| manner (i.e. without GitHub).
| garmaine wrote:
| I'm not sure you can achieve the same thing without some
| sort of external name/trust system, which is entirely the
| point.
| flotzam wrote:
| https://git-scm.com/docs/git-request-pull
| zelly wrote:
| You still need some way to distribute the git commit hashes
| so it's TOFU and less secure than Bitcoin.
| bitxbitxbitcoin wrote:
| Yet another is Handshake.[0] Which Zooko himself welcomed to
| the world.[1]
|
| [0] https://handshake.org/files/handshake.txt [1]
| https://twitter.com/zooko/status/1025211998840086528?s=21
___________________________________________________________________
(page generated 2021-02-17 21:01 UTC)