Bitcoin Forum
August 20, 2019, 09:53:14 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Probably the hottest business idea of the moment in BTC  (Read 3036 times)
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500



View Profile
December 12, 2012, 08:31:55 AM
 #1

Quote
This could also take in a few hundred to a few thousand BTC a month, if well run by credible people, which possibly means half a million worth of BTC equity you're working for.

Original piece. Comments welcome.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
1566337994
Hero Member
*
Offline Offline

Posts: 1566337994

View Profile Personal Message (Offline)

Ignore
1566337994
Reply with quote  #2

1566337994
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566337994
Hero Member
*
Offline Offline

Posts: 1566337994

View Profile Personal Message (Offline)

Ignore
1566337994
Reply with quote  #2

1566337994
Report to moderator
greyhawk
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1000


View Profile
December 12, 2012, 11:19:40 AM
 #2

Totally concur. A service like that is sorely needed.

Unfortunately with the BTC community being what it is, it will likely end in people Dunning-Krugering themselves into believing they were qualified to offer the code review, messing that up, then failing to deliver on the insurance.

So another service level would be needed to review the reviewers, but that level bears the same problem.
Sukrim
Legendary
*
Offline Offline

Activity: 2506
Merit: 1002


View Profile
December 12, 2012, 11:34:28 AM
 #3

I don't really see the connection to BTC here, this could be done with Paypal as well.

https://www.coinlend.org <-- automated lending at various exchanges. No fees(!).
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
Endgame
Sr. Member
****
Offline Offline

Activity: 412
Merit: 250



View Profile
December 12, 2012, 12:56:35 PM
 #4

Yes this would be useful. The hardest part of implementing this would probably be finding employees capable enough to find all the holes. Also people would try and run inside jobs, breaking into their own code for the insurance payout.
killerstorm
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
December 12, 2012, 01:06:06 PM
 #5

This severely underestimates complexity of code verification.

It is kinda a spectrum. If you just look through the code, line by line, all you can say "I haven't found obvious flaws, yet", only idiot will say that it is "safe to run".

There is a reason why people write unit tests. If they want to make sure that it works, each line, each statement should be covered by a test. And quite often test suite is large than code base itself.

See here: http://www.sqlite.org/testing.html

Quote
As of version 3.7.14, the SQLite library consists of approximately 81.3 KSLOC of C code. (KSLOC means thousands of "Source Lines Of Code" or, in other words, lines of code excluding blank lines and comments.) By comparison, the project has 1124 times as much test code and test scripts - 91421.1 KSLOC.

And even that doesn't give you 100% guarantee.

Also see here: http://www.fastcompany.com/28121/they-write-right-stuff
Writing software with very few defects is incredibly costly. Running software with no defects at all is likely impossible.

OK, even if we rule out things which aren't feasible, there is still a lot of restrictions. I would give you any kind of assurance about for code written in dynamic programming language (JS, Python, PHP) or unsafe programming language (C/C++). It is simply a minefield: compiler performs almost no checks, so it is hard to make sure that it doesn't fail in a weird and unexpected way.

This leaves us with Java (it has many flaws, but at least it isn't as bad as things mentioned above), Ada, functional programming languages like *ML and Haskell.

So what I'm saying, if properly done it would be too restrictive for a startup business.

And if it not done properly it won't be a good service. It's basically an insurance business: you know that some system WILL fail because your code verification isn't exhaustive. You just do pre-screening to rule out obvious losses. Otherwise, it is a matter of luck, essentially risk pooling.

Thus you don't really need first-class programmers, I think.

colored coins proof-of-concept: private currencies, stock/bond p2p exchange

Tips and donations: 16v13Fa9cPmfFzpm9mmbWwAkXY4gyY6uh4
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1003


Ian Knowles - CIYAM Lead Developer


View Profile WWW
December 12, 2012, 01:12:29 PM
 #6

One point that I'd like to make is that the programming paradigm very much affects the reliability of the code itself.

Functional programming (possible in C++ but perhaps best done in a language designed for it such as Haskell) changes things a lot in that by using extremely well tested and covered "functions" the unit test requirements are greatly simplified (e.g. you are not having to check 1000's of versions of a "for" loop there is only the known "for loop" functions).

In my own upcoming open source project (hopefully to be launched before the end of the year) I have taken this concept a further step by combining both "functional" and "aspect oriented" programming with MDA ("model driven architecture") into a source code generating platform (so that manual source code is actually never written at all).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500



View Profile
December 12, 2012, 02:21:10 PM
 #7

Totally concur. A service like that is sorely needed.

Unfortunately with the BTC community being what it is, it will likely end in people Dunning-Krugering themselves into believing they were qualified to offer the code review, messing that up, then failing to deliver on the insurance.

So another service level would be needed to review the reviewers, but that level bears the same problem.

This has already happened with the usagi/CPA thing to some degree. Obviously everything depends on the quality of the people involved. Much like all other BTC businesses.

I don't really see the connection to BTC here, this could be done with Paypal as well.

Non-BTC software is a worthless piece of crap, a point everyone knows and actively strives for. There exist some very limited applications where code is insured, and the costs involved are nothing on the level of Paypalness.

As suggested here.

The less that thing is involved in the better. Much like the Pope.

Yes this would be useful. The hardest part of implementing this would probably be finding employees capable enough to find all the holes. Also people would try and run inside jobs, breaking into their own code for the insurance payout.

Obviously once code is compromised that reviewer is fired, possibly in strong terms.

This severely underestimates complexity of code verification.

No. Your head would want it to, but it does not. Otherwise, unit testing is specifically mentioned, please read more, submit more, contradict me for the sake of contradicting me less. You're not quite clever enough.

Running software with no defects at all is likely impossible.

Stop repeating this sort of stupidity and instead show me your Knuth check.

This leaves us with Java (it has many flaws, but at least it isn't as bad as things mentioned above)

Java as implemented is possibly the worst piece of crap that ever saw the inside of a computer, being busted wide open on a regular, yearly basis at the very least. Anyone seriously proposing it be deployed for anything other than pranks is in desperate need of some meds.

One point that I'd like to make is that the programming paradigm very much affects the reliability of the code itself.

This is very true. As a good example I could easily see the Z specifying that "anything written in Java is unacceptable on the face and will not be reviewed".

so that manual source code is actually never written at all.

This has been tried for a while now, but it has its own pitfalls.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1003


Ian Knowles - CIYAM Lead Developer


View Profile WWW
December 12, 2012, 02:29:54 PM
 #8

This has been tried for a while now, but it has its own pitfalls.

I don't think (from my own research) that anyone has gone as far with this idea as I have (apart from perhaps Charles Symonyi's "Intentional Software" platform ) but I will welcome criticism when I launch the project (the entire website will have 0% manually written source).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
meowmeowbrowncow
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
December 12, 2012, 02:53:36 PM
 #9

This has been tried for a while now, but it has its own pitfalls.

I don't think (from my own research) that anyone has gone as far with this idea as I have (apart from perhaps Charles Symonyi's "Intentional Software" platform ) but I will welcome criticism when I launch the project (the entire website will have 0% manually written source).


Looking forward to it.  Should be interesting.

"Bitcoin has been an amazing ride, but the most fascinating part to me is the seemingly universal tendency of libertarians to immediately become authoritarians the very moment they are given any measure of power to silence the dissent of others."  - The Bible
2112
Legendary
*
Offline Offline

Activity: 2114
Merit: 1027



View Profile
December 12, 2012, 04:32:55 PM
 #10

Quote from: Mircea Popescu
… is a code review and insurance service.
Comments welcome.
This isn't only a surefire money maker. The (yet unpublished) Dunning-Kruger-Popescu halting insurance pricing model will revolutionize the computer science. The old chestnut of halting problem will forever join the phlogiston in the annals of obsolete science. In similarity to the Black-Scholes option pricining model the creators of it will receive either the Fields Medal or the Nobel Prize for their key contribution: instead of the old boolean decision halts/doesn't halt replace it with an insurance contract: keep paying premiums while program runs and receive one-time settlement when the program doesn't halt.

Where do I send money? I mean I need to order some of that great Romanian sparkling wine to stimulate my own creativity in this holiday season.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
killerstorm
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
December 12, 2012, 05:33:25 PM
 #11

The problem with this idea is that most likely it will be run by assclowns who are totally detached from realities of commercial software development. I mean like MPOE-PR.

It's obvious that the plan is to blame everything on developers, making them scapegoats.

I wouldn't recommend any programmer who cares about his good name to join such insurance business.

So I guess only people who do not mind being paid to be scapegoats will work for you.

Good luck.

colored coins proof-of-concept: private currencies, stock/bond p2p exchange

Tips and donations: 16v13Fa9cPmfFzpm9mmbWwAkXY4gyY6uh4
killerstorm
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
December 12, 2012, 05:46:43 PM
 #12

Functional programming (possible in C++ but perhaps best done in a language designed for it such as Haskell) changes things a lot in that by using extremely well tested and covered "functions" the unit test requirements are greatly simplified (e.g. you are not having to check 1000's of versions of a "for" loop there is only the known "for loop" functions).

Some pieces of code written in high-level programming languages can be formally verified. This doesn't mean that you can be sure that code does what you think it should do, but at least you can be sure that it won't fail in stupid and unpredictable way, so you can focus on high level logic.

However, there is a problem: proof is done on language semantics level, but problem can exist on compiler level, or on runtime library level. I guess verifying Haskell compiler would cost you a lot of $$$$$.

Then, program's correctness generally depends on OS correctness, and operating systems are typically implemented using rather messy C code.

So no one can be sure and no one can check everything.

But still, program written in Haskell, thoroughly verified and running on, say, OpenBSD is far less likely to fail than some piece of shit written in PHP and running on Ubuntu.

So if I read this correctly, there is now a demand for Bitcoin software written in type-safe functional languages? LOL.

colored coins proof-of-concept: private currencies, stock/bond p2p exchange

Tips and donations: 16v13Fa9cPmfFzpm9mmbWwAkXY4gyY6uh4
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
December 12, 2012, 05:57:16 PM
 #13

How much of this article is still relevant?

http://www.fastcompany.com/28121/they-write-right-stuff
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1005


Trusted Bitcoiner


View Profile WWW
December 12, 2012, 06:59:32 PM
 #14

my feeling is.

this is crazy no one is going to guarantee someone elsess code is 100% safe...
and what do you do when you come across what looks like bad code... you fix it? and guarantee your fix will not break anything anywhere else?
for any project that has more then 100 lines of code, this service wouldn't cost 100's of bitcoins but 1000's of bitcoin.

guaranteed code  Shocked

no way...

Sukrim
Legendary
*
Offline Offline

Activity: 2506
Merit: 1002


View Profile
December 12, 2012, 07:12:03 PM
 #15

Also, if someone could audit code in a way to guarantee that it works as intended, this someone also could write a program for that...

What might be more interesting though would be to create unit tests for given pieces of code with 100% coverage. A platform where you post your code and get tests back to integrate in your test suite might already be something to verify against.

https://www.coinlend.org <-- automated lending at various exchanges. No fees(!).
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500



View Profile
December 12, 2012, 10:44:51 PM
 #16

I don't think (from my own research) that anyone has gone as far with this idea as I have (apart from perhaps Charles Symonyi's "Intentional Software" platform ) but I will welcome criticism when I launch the project (the entire website will have 0% manually written source).


Certainly an interesting and valuable thing to try.

Quote from: Mircea Popescu
… is a code review and insurance service.
Comments welcome.
This isn't only a surefire money maker. The (yet unpublished) Dunning-Kruger-Popescu halting insurance pricing model will revolutionize the computer science. The old chestnut of halting problem will forever join the phlogiston in the annals of obsolete science. In similarity to the Black-Scholes option pricining model the creators of it will receive either the Fields Medal or the Nobel Prize for their key contribution: instead of the old boolean decision halts/doesn't halt replace it with an insurance contract: keep paying premiums while program runs and receive one-time settlement when the program doesn't halt.

Where do I send money? I mean I need to order some of that great Romanian sparkling wine to stimulate my own creativity in this holiday season.

You're such a hater.  Grin

The problem with this idea is that most likely it will be run by assclowns who are totally detached from realities of commercial software development. I mean like MPOE-PR.

The only assclown in this discussion is you. Go away, you've made it plenty obvious already.

Who the fuck ever heard of PR running a project! The article itself states Mr. P is not interested in running it. What part of reading is too difficult for you?

this is crazy no one is going to guarantee someone elsess code is 100% safe...

Safe in the context of insurance and safe in the abstract way you think about it are different beasts.

and what do you do when you come across what looks like bad code... you fix it? and guarantee your fix will not break anything anywhere else?

You don't fix it, you make a note of the problem.

Also, if someone could audit code in a way to guarantee that it works as intended, this someone also could write a program for that...

No, they could not. AI is still an unsolved problem.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Sukrim
Legendary
*
Offline Offline

Activity: 2506
Merit: 1002


View Profile
December 13, 2012, 09:08:36 AM
 #17

I wrote guarantee, not promise.

If I can guarantee that code X does Y and nothing else, I have mathematical proof. This can be done programmatically too.

Actually theoretically with a specification that's exact enough one can generate the code on the fly to fulfill that specification. On the other hand this just means that the problems shift from writing good implementations to exact specifications...
All in all the idea is nice and good, I think the risk from both sides is too high to make this work out in a useful way with humans and to audit code with computers we're still a far way away to really audit code.

https://www.coinlend.org <-- automated lending at various exchanges. No fees(!).
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
killerstorm
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
December 13, 2012, 10:49:40 AM
 #18

Actually theoretically with a specification that's exact enough one can generate the code on the fly to fulfill that specification. On the other hand this just means that the problems shift from writing good implementations to exact specifications...

Yes, sufficiently complete specification IS code. And incomplete specification is incomplete code, apparently.

So in the end you always need human judgement, it's just that you can spare human a need to inspect boring and trivial parts.

All in all the idea is nice and good, I think the risk from both sides is too high to make this work out in a useful way with humans

If there is at least some inspection and there is some compensation for loss, it is already much better than nothing.

Financing development of more secure software would be a good thing.

The problem is that business types usually want to claim that service they offer is absolutely unbreakable and that they will cover all losses if shit happens. But all they want to spend on development is 100 BTC. LOL.

colored coins proof-of-concept: private currencies, stock/bond p2p exchange

Tips and donations: 16v13Fa9cPmfFzpm9mmbWwAkXY4gyY6uh4
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500



View Profile
December 13, 2012, 04:16:00 PM
 #19

I wrote guarantee, not promise.

If I can guarantee that code X does Y and nothing else, I have mathematical proof. This can be done programmatically too.

Actually theoretically with a specification that's exact enough one can generate the code on the fly to fulfill that specification. On the other hand this just means that the problems shift from writing good implementations to exact specifications...
All in all the idea is nice and good, I think the risk from both sides is too high to make this work out in a useful way with humans and to audit code with computers we're still a far way away to really audit code.

Actually formal validation (and the possible move towards ISO27001/9001) was discussed there.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
2112
Legendary
*
Offline Offline

Activity: 2114
Merit: 1027



View Profile
December 13, 2012, 06:57:59 PM
 #20

There is a miscommunication going on here.

I'm pretty sure that killerstorm had mathematical formal verification in his mind.

http://en.wikipedia.org/wiki/Formal_verification

The ISO stuff mentioned by spyked is a bureaucratic formal verification of management processes, possibly in relation to information technology.

I think the best summary of the ISO certificates is with the old Russian joke: a certificate that you aren't a camel.

http://en.wikipedia.org/wiki/Russian_jokes

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!