trentmc's comments

Hi, thanks for the thoughts.

For "why would I want to use this over a SQL alternative" see [2].

For "what kind of applications can I build with this?" see [1][2][3][4].

Cheers!

[1] https://www.bigchaindb.com/usecases/

[2] https://blog.bigchaindb.com/three-blockchain-benefits-ae3a2a...

[3] https://blog.bigchaindb.com/six-blockchain-application-verti...

[4] https://blog.bigchaindb.com/where-does-blockchain-scalabilit...

As you'll see in my other comments (and articles on it), "blockchain" is better described as a field with a set of related goals for technology artifacts, rather than a specific data structure [1]. I frame it as: it has blockchain characteristics if it's decentralized, immutable, and assets [2].

This is a much healthier framing, because it doesn't constrain the goals to a particular approach (e.g. a particular data structure).

[1] https://blog.bigchaindb.com/blockchain-as-a-field-47c9f45894...

[2] https://blog.bigchaindb.com/three-blockchain-benefits-ae3a2a...

"Truth" of course is a red herring. "Claim" is better. And, "digitally signed claim" is better yet.

Then to answer your Q: a good sharding approach should let you see all digitally signed claims (including when those claims were made) with probability --> 1.0. I'm framing this probabilistically because many sharding approaches rely on that definition. (And even non-sharded blockchains like Bitcoin itself.)

Many people disagree about what blockchain technology is. To me, it' about the characteristics, rather than how they're implemented. I see three characteristics: decentralized, immutable, assets [1].

Under this framing, the "linked list of hashes" is one partial way to achieve immutability. And "every node has this list" is one partial way to get to decentralization is achieved. But that's only part of it. Eg you need to address: what if a node acts badly? And you want a means to create & issue assets.

> every node has a copy AND the list is append only leads me to something that doesn't scale well.

Correct. That's why there is work to scale better, e.g. via sharding by BigchainDB and by others.

[1] https://blog.bigchaindb.com/three-blockchain-benefits-ae3a2a...

To me, "blockchain-like" is about getting the benefits of decentralized, immutability (tamper-resistance), and assets.

How one goes about getting those characteristics is wide open. Most blockchain systems do have a full copy of the database at each server node, i.e. fully replicated. Also, they are "peer to peer" which means there is no distinction between clients and servers. (They do have SPV wallets though which is kinda similar.)

BigchainDB's focus has always been about scale. We're partly there but not fully: we are currently fully replicated but are targeting sharding to address that [1]. Where we do get scale already is properly distinguishing between between clients and servers. Servers are "super peers", decentralized among themselves. They do the heavy lifting, i.e storage. Apps don't need to run a server node; instead they simply are clients to the network, and of course can query >1 node.

[1] https://blog.bigchaindb.com/bigchaindb-developer-update-2d32...

> How does this solution respond to someone spinning up a thousand nodes, and simply voting for their double spend attack? This is the classic "Sybil attack". But I bet you knew that:)

If you have a member list (ie list of public keys) of who can be server nodes, then you can control this. Each member (public key) only gets one vote. So even if that person makes 1000 copies, it's only 1 vote total from that member.

> governing organization behind the network controls the member list, so Sybil attacks are not an issue.", which is directly contradictory to your statement that it is decentralized. A decentralized network has no "governing organization".

Great question. However the control of this organization is decentralized too. Here's how. IPDB is the BigchainDB public net, and foundation to help govern. Net: each server node is run by a "caretaker". Foundation: each caretaker has one vote. They vote to control the member list (list of caretakers), as well as IPDB board. So, it's decentralized: no single entity is controlling it.

There are other ways to curate "member lists" to address Sybil attacks. E.g. Bitcoin's PoW is basically "one electron one vote" on average (assuming everyone has a modern ASIC). In search of block rewards, many players work hard to maximize their electron spend (ie big ASIC farms), which of course eats a lot of power. Or BitShares' PoS is a riff on "one token one vote". There are more. We simplified the problem for IPDB: start with a great initial member list of reputable orgs that deeply care about the future of the internet (Internet Archive, Open Media Foundation, COALA, etc); and give them control from there. Some heavy lifting up-front to set this up allows great gains in efficiency.

You're welcome! :)

Also, I encourage you to try out BigchainDB. Within just a few seconds you can send your first transaction to IPDB (BigchainDB public net): https://www.bigchaindb.com/getstarted/

Cheers!

Thanks for responding to this query as well. Fully agreed:)

BTW we work closely with the Ripple folks (especially on Interledger Protocol) and the iota folks (they're also in Berlin:)

Thank you:) Even if there's hype and critique, we can always rise above and maintain our integrity as we build things that matter.

+1 :)

Hey Tony, great to hear from you! Yes please do check this out, we think it's interesting too:) Also interesting is BigchainDB's sister project www.oceanprotocol.com. Cheers!

I should also mention that we've been working on supporting a BFT option. It should be out in the next release or two. https://github.com/bigchaindb/bigchaindb/blob/master/docs/ro...

Re (2): this would be a group of people or organizations running nodes together. (If it was just nodes you controlled it misses the point of being decentralized.) You could store sensitive data in this setup, if each person/org had the proper data protection setup. This is not easy, however.

> Also, are suggesting that no sensitive data should ever be stored in a BigChainDB, or I misinterpret #3?

Actually option (2) shows a way to store PII on BigchainDB. But it's not easy. My recommendation is to do (1). And, like my comment before, please please don't do (3) ;)

Oh cool! Thanks for the ping, Dean. I hope you're well. Yeah blockchain space is a bit crazier than EDA, but some of us are engineers bringing our discipline and experience to this new field:)

I encourage you to give BigchainDB a whirl, it's easy: https://www.bigchaindb.com/getstarted/

Neither sharding nor encryption give "decentralized", "immutable", or "assets". E.g. how many sysadmins can MySQL have? (And the answer is 1. Hence, not decentralized.)

I'm not defining "decentralized" as simply "distributed between multiple corporations, where multiple people have read/write access".

To be "decentralized", it's key that there are >1 sysadmins (ie runners of server nodes); and bad behavior from some sysadmins does not take the whole system down.

We experimented with a bit with decentralizing Cassandra. From what we saw, it is possible to decentralized it in the way I define it. We also tested other DBs. We chose RethinkDB because we liked their approach to global oplog; and we preferred a document-store interface over a column store interface. Later we added MongoDB support because of customer interest and some technical benefits. (For the record we added this support before Rethink's woes. Glad to see it found a foundation:)

Good point! I think the Python folks made a great design choice there. I updated my comment above to help future readers.

OK! :)

Good point - BigchainDB wraps MongoDB, which is in C++. I updated my comment above to help future readers.

Hi, it's Trent here, CTO of BigchainDB.

That's a great question. It's surprising how few people are aware of the current German data protection laws (where we're based) and the upcoming EU data protection laws aka GDPR.

There are a few ways to address the issue:

1. Don't store any PII on the database, rather only use it to link to data that's stored on-premise in many places. The database has permissioning, and therefore acts as (decentralized) access control logic. Have a TOS with proper legal teeth so that if a database user does store PII on the database, they are liable in the real world.

2. Run an instance of BigchainDB within a region, e.g. within Germany, and comply with the appropriate laws there. Let PII be on the database. But, each node must follow data protection guidelines, similar to how a single centralized entity would, but now do it for each node.

3. Force encryption of all PII, and pray.

(3) is really a non-option. I stated it because many people are saying "just encrypt". But the problem is quantum computing. In 5-15 years quantum computing will be sufficiently easy to access that any encrypted data that's publicly available can be decrypted. You might say "well let's migrate to quantum-tolerant crypto before then" but that doesn't stop a malicious actor from copying encrypted PII now. You might say "let's use quantum tolerant crypto now" but we've seen with most crypto algorithms that it takes years to harden them. Would you trust your PII with untested crypto algorithms? I wouldn't. In short: putting encrypted PII on public nets is a bad idea. Please, please don't do it.