IOTA’s Copy Protection VS the NXT JPL

  • IOTA’s Copy Protection VS the NXT JPL
    Or how to protect blockchain open source code
    In response to Neha Narula’s discovery of a fatal flaw in IOTA’s curl hash function, lead developer of IOTA cfb claimed that this bug was introduced on purpose into the software as a form of “copy protection”. I do have my doubts about this claim but let’s accept it as is.

    Being a software engineer and working in corporate environments for 20 years, even the thought of introducing a fatal flaw on purpose into production code is deeply concerning, let alone doing so on a software project like IOTA, which represents a token of value worth over $1B and not disclosing this fact upfront.

    CFB indeed used this dubious technique in the early days of the NXT project (well before I joined the team) with one major difference, the fact that the software contains deliberate flaws was disclosed upfront and presented as a bounty program for finding each flaw and by doing so also encouraged people to review the code for other problems.

    I can assure the NXT community that this practice is discouraged, it has never been used in NXT ever since, and will never be used in our future Ardor platform. Also note that CFB has left the NXT development team back in 2014.

    Regarding copy protection of open source blockchain projects, this is indeed a major concern, the risk that someone will copy our source code and create its own competing token is very real, and in fact this happened in practice many times. See Bitcoin clones like Litecoin and Bitcoin Cash or Ethereum’s clone ETC. NXT also had its share of clones like Burst, XEL and others and several other projects which did not copy the code itself but copied many of the ideas like NEM, Waves and others.

    Therefore the IOTA’s team concern about the introduction of IOTA clones is indeed valid, still I argue that introducing bugs into the software is not the solution to this problem.

    Introducing the Jelurida Public License

    When faced with the same problem, the Jelurida developers came up with an innovative open source software license in the form of the JPL.

    The idea is that we allow anyone to clone the code and create its own blockchain instance with its own token of value. We even make this process very simple, by providing the Blockchain Creation Kit which is a flavor of the NXT software which allows anyone to create their own genesis block and spawn a new blockchain instance with its own independent token.

    In return, we ask the clone developer to grant 10% of the new tokens to existing NXT holders. This compensates the NXT holders for the dilution caused by the introduction of a possibly competing token, and motivates the existing NXT community to cooperate with the clone instead of viewing it as competitor.

    We are currently aware of several groups using the JPL approach to clone the NXT robust and stable code and create innovative solutions based on it, while contributing back to the NXT community.

    In response to Come-from-Beyond

    The JPL is not about stopping scammers it’s a method for clone creators to benefit the original token holders.
    I’m not against cloning, I want to make sure cloners does not dilute the value of the NXT token. In fact we made it very simple to clone NXT, probably simpler than any other blockchain out there.
    Regardless, I think your method of copy protection is a bad practice. Do you have any other copy protections left in the iota source code?


    为了回应Neha Narula发现IOTA卷曲哈希函数的致命缺陷,IOTA cfb的首席开发人员声称这个错误是故意引入软件中的一种“复制保护”形式。我确实对这种说法有疑问,但让我们接受它。

    作为一名软件工程师并在企业环境中工作了20年,即使是故意将有致命的缺陷引入生产代码的想法也是非常令人担忧的,更不用说像IOTA这样的软件项目,这代表价值超过1美元的价值。 B并没有提前透露这个事实。



    关于开源区块链项目的复制保护,这确实是一个主要问题,有人复制我们的源代码并创建自己的竞争令牌的风险是非常真实的,实际上这在实践中发生了很多次。查看比特币克隆,如Litecoin和Bitcoin Cash或以太坊的克隆ETC。NXT还拥有像Burst,XEL等其他克隆版本以及其他一些项目,这些项目没有复制代码本身,而是复制了许多想法,如NEM,Waves等。