As if it can be expected that complex code will not contain a bug or an exploit.  That was the first failure but it is a *fundamental* failure: one cannot write complex software from scratch, without having it used, and the guarantee that no bug or exploit will exist.
Normal software gets around this, by updates, when bugs or exploits are detected.  But, by definition, smart contracts cannot be updated because they are a contract which has, of course, to remain in place as it was originally convened (unless you make the update part of the contract, which opens even more the Pandora's box of potential bugs and exploits).

The principle of complex, Turing complete, bug free and exploit free smart contracts from the start, unstoppable and unalterable, is an oxymoron.

Moreover, the *economic function* of the DAO was ridiculous, as I posted earlier.  There's nothing the DAO could economically accomplish which simple crowd funding cannot accomplish.   It just got vastly more complicated, where some privileged got more to say about other people's money.

I really wonder what was the sense of this experiment, of which the disastrous outcome was evidently predictable.  Did one really need to mess with $150 million to find out the obvious ?

This is very profound.

Bitcoin has a very, very serious, fundamental problem: the absence of anonymity and hence the fact that bitcoins are not fungible.  It has other technical problems too (like the limited number of transactions per second).  It has also amazingly good properties, but I think the anonymity that is lacking is the most serious problem.
This will bite back one day.  But indeed, bitcoin was the first, and has a huge "first mover" advantage especially because of its network effect.  Although many altcoins are stupid ideas, some altcoins really have brilliant improvements over bitcoin.

The altcoin scene is the laboratory for crypto, because bitcoin has become "too serious".

What has been said earlier, that bitcoin has a quasi-perfect initial distribution because there was no "greed" the first year or so, can easily be solved by an "altcoin" : instead of starting a new block chain, it could simply fork off bitcoin, hence solving all the issues of initial coin distribution and seigniorage.  Ethereum is the first experiment in the altcoin scene of forking off instead of starting new chains.

Today: ETH: $11.10, ETC: $1.84, ETH + ETC: $12.94

It is this aspect which makes me think it is cryptographically broken, because in order to be able to do, as founders, what nobody else can, the cryptography cannot be open and clear, because if it is, the "founders" cannot possibly keep their privileged position.   There are only two ways in which I can imagine this is done: there is a golden key for the genesis block, or there is a golden key for the code.   If this golden key mechanism is public, then, as you point out, it is very easy to fork it (if it is the code) or to start a new chain (if it is the genesis block).  If this golden key mechanism is obfuscated, then the system is entirely not to be trusted, because that means there are potential back doors everywhere.
When you see that cryptographic standards go through all the pains to demonstrate that there AREN'T obfuscated golden keys (which was for instance a potentially unjustified suspicion on the DES S-boxes) and use mathematical constants such as Pi and prime numbers if they need "random stuff" to prove that it is not hiding any golden key, you can imagine what kind of error would be an obfuscated golden key in a block chain.

Only if implemented on ethereum

Well, the two opposing systems are not "separate" but is each agent in the community: both a gud guy and an attacker at the same time, and that community is part of what I consider "block chain technology".  It rests on the individual antagonism of agents.

Ah, I think that I didn't manage to bring over my idea then, I failed at communicating it visibly.

My point was that there are no "safekeepers" of a block chain, but that those "safe keepers" are themselves part of the projected dynamics of an "immutable block chain emergent phenomenon"  (the intend) ; in other words, that the block chain dynamics (including the "safe keepers") is such, that the safe keepers never manage to really hard fork (on the core principles, not on some technical detail).  I see "block chain" on this level as both a sociological and computer science dynamical technology, such that what emerges is an immutable record with immutable principles, and that part of the sociological technology is such that the "safe keepers" *don't manage to fork over immutability or principles*.

I think that *this* is the intend of "block chain technology" (including the sociological technology of using greed and trustlessness of individual agents against one another).

As such, when the "safe keepers" (who are nothing else but gears and wheels in the technology in my view) DO succeed in forking, then my idea is that this is an instance of block chain technology failing.


My point is that I consider them part of "block chain technology", and that the whole purpose of the technology was that they wouldn't succeed in doing so.


My allegory was misunderstood.  A safe is a system made of hardware (the safe), owners and burglars, and is supposed to be such that whatever the burglars do, they cannot get into it, while the owner can.  Burglars are part of the "safe technology", in the same way as "opponents" are part of any cryptography.
A block chain is made of computer stuff (hardware/software/network) and "community" and is supposed to be immutable in past record and principles whatever the community tries to do.  It is important to understand that "community" is part of block chain technology, in the same way as "opponents" are part of cryptography.  Block chain technology is supposed to work on the basis of human relationships.  With block chain cryptography, one hasn't the usual cryptographic notions of "the gud guys" and "the nasty boys", but everybody is "nasty boy" and "gud guy" at the same time: the community.  Block chain technology is designed such that from that crowd of gud guys/nasty boys emerges an immutable record and immutable principles.

If the burglar succeeds in getting into the safe, the "safe system" failed.  If the community (including the safe keepers) succeeds in altering the past or the principles, then the "block chain system" failed.

A block chain system should be seen as a piece of technology where the community is part of that piece of technology.

What is maybe disturbing is that in block chain technology, the SAME people are "gud guys" and "bad boys".  That's a bit like with a digital signature, where both parties (the signer and the checker) are both gud guy and bad boy: the signer can prove that he signed it (then the gud guy is the signer) and the checker cannot deny it (bad boy).  But the checker can also prove that the signer signed it (non-repudiation).  Here the gud guy is the checker, and the bad boy is the signer (wanting to avoid proof of signature). 
Block chain brings this to a higher community level.  When I am user (part of the community) of a block chain, I'm a "gud guy" when I want to use the block chain to prove ownership of coins and make a payment.  And at the same time, I'm also a bad boy (if I could) because if I could rewind the block chain or alter its principles in my advantage, I would, of course.  The whole point is that sociologically, I will not be allowed to do so, even though all actors in the community would like to alter the chain to their advantage.  But they can't.  THAT is block chain technology: everybody would like to change it, but nobody can.

I largely agree with the gist of what you are saying: block chain *technology* fails somehow when it doesn't realize *block chain intend*.  However, maybe we differ on the point of view over "who's guilty".

I also consider the ETH block chain to be "damaged" (although strictly technically speaking, their block chain hasn't altered, only the protocol has altered: they didn't rewind blocks - but I was myself one of the first to say that this comes down to the same thing: altering the interpretation of data (the protocol) or altering the data themselves, is up to a point, equivalent).  

However, I don't consider that "the ethereum community screwed up their block chain".   I consider this a failure of the block chain system itself.  The fact that is was POSSIBLE in practice to do so, is what illustrates a "block chain dynamics gone wrong".  The whole intend of a block chain was that one would not be able to pull this off.  One did.  So the block chain technology used by ethereum didn't succeed in obtaining an emergent property of immutability, and the community was capable to alter history to a point, which it was supposed not to be able to do unless strong collusion (which is exactly what happened).

In other words, I don't see the ethereum ETH fork as "a stupid decision by a bunch of irresponsible idiots not realizing what they broke" but rather an illustration of a failure of block chain technology.

In other words, it is similar to a safe that has been broken open.  I could say that it was a totally irresponsible act by the burglar to break open my safe, but I could also consider this as a failure of "safe builder technology".  The equivalent question of the poll is then: "Did the burglar succeed in re-defining the function of a safe ?"
Wheras the function of a safe is never to open, except to the rightful owner of the safe.  No, the burglar redefined that function into "sometimes also open to a burglar who is smart enough".

That only makes sense if these chains also implement anonymity.  Otherwise, it is too easy to go after the "guilty" and punish them in the real world, or punish those that agree on transactions with them (see the DAO hacker, see the "RHG"...).

For instance, if you obtain according to the smart contract (code = law) a certain amount of tokens, but "real world justice" finds that you shouldn't, then if you can be traced, one can allow you to get the tokens, but force you to pay back their value or a multiple of it "in the real world".

Imagine the DAO hacker being caught, one could have let him have his (former) ETH tokens, but oblige him to pay $60 million to the DAO owners who make themselves known.   This would let the smart contract run as programmed, but applying a "real world correction" that undoes it in practice.  To avoid this, one should, by all means, have an anonymous smart contract system.

I think ethereum is doomed, and COMPLEX smart contracts are doomed.  Ethereum is doomed because it is Turing complete, which makes for uncheckable code.   Complex smart contracts are doomed, because one cannot write bug-free guaranteed complex code in a Turing complete system.
But simple systems, with a finite and small "possibility tree" are checkable and possible.

There are also less "legal" problems with simple contracts, exactly because of their simplicity.    A multi-sig transaction is such an example of "smart contract".  A multisig with 5 out of 10 needed signatures for instance, is the same as a majority vote smart contract.  Inter-chain distributed exchanges are examples of smart contract.  The individual peer-to-peer links on the Lightning network are examples of smart contract.

But one can think of many other applications.  For instance, instead of a DDoScoin, one could have a smart contract that rewards a DDoS attack.   One could have a smart contract rewarding pen testers (you put a file on a computer to be pen tested, and you give the hash of it in the smart contract: if the pen tester can obtain the file to the contract, he gets the reward and you know that your computer has been compromised).
One could think of more involved arbitration on things like openbazaar.  One could have smart contracts on rents of a car with some guarantees.

In fact, most of these small smart contracts can probably be implemented in the bitcoin scripting language (some with some difficulty).  I think that the error was to build complex smart contracts.  That's not smart.

I see a future in a new series of coins, initiated by the DDoScoin proposal.
Maybe we will see a Allahu Ackbar coin which explodes when you download it ?

On the contrary, this is a very interesting concept.  DDoSing a site is in general difficult to do, and has to be done using intrusion in other people's systems, because there was no incentive to DDoS a site at the demand of someone else.  With this kind of coin, one is creating a market for on one hand people interested in attacking a site, and willing to put $$ on the table, and on the other hand, people with machines capable of performing part of a DDoS attack and willing to gain some $$.    This is in fact not a coin, but a kind of smart contract, where you can buy DDoS power against a site you want to target, or where you can gain money by attacking a site someone is willing to pay for.

There is no needed "value perception" because the value is in the performance itself.  It is not so much a coin as it is a smart contract.

This surprised me too, but in fact, all ETH holders are also ETC holders and this is "free money" they can use to buy more ETH, and as such, generate demand for it, and sustain its price.

The total market cap of ETC being of the order of $150 000 000, and the daily volume of ETH trading being of the order of $ 8 000 000, even in the assumption that all of the ETC is slowly dumped in order to buy ETH, this means that the current price and volume could be sustained for 20 more days just by dumping ETC and nothing else.

I know this explanation doesn't fit with the earlier, much higher trading volumes of ETC and ETH, but there have been a lot of back-and-forth movements to exploit the volatility swings between both coins.

Let us, for the record, note the ETH + ETC price (in $) on regular intervals, to see a trend (I'm not aware of anything available like that).  Even if there is a swing between ETH and ETC, the sum should give an idea in the overall interest in ethereum in general.

Today: ETC 1.81 ; ETH 11.05, sum: 12.86

I'm very interested in the anonymity aspects, and my respect for monero comes from its cryptographic technology, and not the other way around.  I like DASH because it tried to implement anonymity as best as it could in bitcoin technology, but cryptonote's technology of Monero is simply better at it.  Now, if Zcash improves significantly on that, I can only applaud that.  However, there are some things that I read about Zcash (but, contrary to monero, I haven't wrapped my mind yet around how it works) that one would need to trust anything.  If that is true, then Zcash is dead-born.  In crypto, everything should be verifiable from scratch, open source, and open math.
I don't see how such is possible with a company that can assign itself a certain fraction of monetary creation, because that implies a non-centralized aspect in the cryptography (not all players are equal, because some have an element that can assign them coins that others, in principle, can't).  In as much as this is true, there's nothing that can save zcash. 

Cryptographic systems are to be open, known algorithms with no hidden keys/backdoors in it.  With what I read, I have the impression, but I can be wrong, that zcash doesn't follow that principle.

That is a ridiculous argument, because a fork can do of course anything, including altering the PoS and even the whole PoW history.

I think we are talking about two different meanings of the concept of "block chain".  One is an intend, the other is a technology.  I was talking about the technology, you are talking about the intend.  Both are linked of course, but the technology is what it is, and the intend is the hope that the technology will achieve, but may fail to do so (and this was my point: it can fail to do so, the technology is not always fulfilling the intend).

The block chain *technology* is essentially a linked list of hashes with some "difficulty" like PoW (in fact, I think honestly that ONLY PoW has a true block chain meaning).   The *intend* of a block chain, most of the time, is to build an immutable ledger and protocol.  However, this intend is to be realized as an emerging property of antagonism of the actors: no single actor has the cryptographic means to do it on his own, and there is not enough incentive for collusion between sufficient actors.  If these conditions are met, the block chain technology gives rise to the block chain intend.

But of course, when there is sufficient collusion and the conditions for emergence of the intend are not satisfied (or the theory doesn't work), then the block chain technology will not necessarily give rise to the block chain intend, which is immutability and stability of protocol.  So the block chain technology can then "do whatever one wants", even change the genesis block every Saturday.  Technologically, this is not impossible, on the contrary.  That was my point.

Next time there's a contract on ETH not working as intended, is ETH going to fork again, or is it going to become a criminal coin too ?

There is actually nothing "funny" about it.  After all, in the classical economy, we do see the emergence of weapon manufacturers too.  We see armies (mercenaries, and paid by states) which are economic entities too.   In as much as a decentralized economy will develop, there should also be a weapon economy.  Hell, why shouldn't there be specific networking and crypto tools for "distributed armies" that kill in the real world ?  Why not have DAO-like structures that are "armies" with distributed ownership of attack drones, killing people, and rewarding the entity that did the killing upon verification of death ?  Distributed automated soldiers running on smart contracts.
That would be a mightily powerful army because no hierarchy, no points of failure, distributed, secret and just potentially present anywhere.
We might see hidden battles between power groups and distributed armies, without having the slightest idea of what is going on, and why entire cities are exterminated.

I think the answer to the poll is a factual "yes".  Of course a "community" (that is, at least one miner) can mess with a block chain as much as he wants.  Whether he "should" is a silly question, because by definition, in a trust less environment, there is no "should".

That said, the original cryptographic IDEA of a block chain was that it would remain immutable.  But not because this is a moral law, but rather because it was thought that the non-collusion of interests and the individual greed of participants would have AS AN EMERGING PROPERTY that the block chain would remain immutable.

The ETH/ETC debacle has factually proved that this emergent property doesn't always hold.  In other words, that the supposed cryptographic function of a block chain, namely immutability, is not always guaranteed.

Your question is somewhat like: "can secret keys be stolen ?"
Of course they can.  But if so, then the cryptographic security of what they intended to protect, this cryptographic function, is broken.

"should secret keys be stolen" ?  Of course not.  But that was not the idea of secret keys.  The idea was that one wouldn't steal them even though opponents would try so.