IOTA’s Copy Protection VS the NXT JPL



  • IOTA’s Copy Protection VS the NXT JPL
    Or how to protect blockchain open source code
    In response to Neha Narula’s discovery of a fatal flaw in IOTA’s curl hash function, lead developer of IOTA cfb claimed that this bug was introduced on purpose into the software as a form of “copy protection”. I do have my doubts about this claim but let’s accept it as is.

    Being a software engineer and working in corporate environments for 20 years, even the thought of introducing a fatal flaw on purpose into production code is deeply concerning, let alone doing so on a software project like IOTA, which represents a token of value worth over $1B and not disclosing this fact upfront.

    CFB indeed used this dubious technique in the early days of the NXT project (well before I joined the team) with one major difference, the fact that the software contains deliberate flaws was disclosed upfront and presented as a bounty program for finding each flaw and by doing so also encouraged people to review the code for other problems.

    I can assure the NXT community that this practice is discouraged, it has never been used in NXT ever since, and will never be used in our future Ardor platform. Also note that CFB has left the NXT development team back in 2014.

    Regarding copy protection of open source blockchain projects, this is indeed a major concern, the risk that someone will copy our source code and create its own competing token is very real, and in fact this happened in practice many times. See Bitcoin clones like Litecoin and Bitcoin Cash or Ethereum’s clone ETC. NXT also had its share of clones like Burst, XEL and others and several other projects which did not copy the code itself but copied many of the ideas like NEM, Waves and others.

    Therefore the IOTA’s team concern about the introduction of IOTA clones is indeed valid, still I argue that introducing bugs into the software is not the solution to this problem.

    Introducing the Jelurida Public License

    When faced with the same problem, the Jelurida developers came up with an innovative open source software license in the form of the JPL.

    The idea is that we allow anyone to clone the code and create its own blockchain instance with its own token of value. We even make this process very simple, by providing the Blockchain Creation Kit which is a flavor of the NXT software which allows anyone to create their own genesis block and spawn a new blockchain instance with its own independent token.

    In return, we ask the clone developer to grant 10% of the new tokens to existing NXT holders. This compensates the NXT holders for the dilution caused by the introduction of a possibly competing token, and motivates the existing NXT community to cooperate with the clone instead of viewing it as competitor.

    We are currently aware of several groups using the JPL approach to clone the NXT robust and stable code and create innovative solutions based on it, while contributing back to the NXT community.

    In response to Come-from-Beyond

    The JPL is not about stopping scammers it’s a method for clone creators to benefit the original token holders.
    I’m not against cloning, I want to make sure cloners does not dilute the value of the NXT token. In fact we made it very simple to clone NXT, probably simpler than any other blockchain out there.
    Regardless, I think your method of copy protection is a bad practice. Do you have any other copy protections left in the iota source code?

    原文地址:https://medium.com/@lyaffe/iotas-copy-protection-vs-the-nxt-jpl-5e6f2440f34d



  • IOTA的复制保护VS NXT JPL
    或者如何保护区块链开源代码
    为了回应Neha Narula发现IOTA卷曲哈希函数的致命缺陷,IOTA cfb的首席开发人员声称这个错误是故意引入软件中的一种“复制保护”形式。我确实对这种说法有疑问,但让我们接受它。

    作为一名软件工程师并在企业环境中工作了20年,即使是故意将有致命的缺陷引入生产代码的想法也是非常令人担忧的,更不用说像IOTA这样的软件项目,这代表价值超过1美元的价值。 B并没有提前透露这个事实。

    CFB确实在NXT项目的早期(在我加入团队之前)使用了这种可疑技术,其中一个主要区别在于,软件包含故意缺陷这一事实已经提前公开,并作为一个用于查找每个缺陷的奖励计划提供。这样做也鼓励人们查看其他问题的代码。

    我可以向NXT社区保证不鼓励这种做法,从那以后它从未在NXT中使用过,并且永远不会用在我们未来的Ardor平台上。另请注意,CFB已于2014年离开NXT开发团队。

    关于开源区块链项目的复制保护,这确实是一个主要问题,有人复制我们的源代码并创建自己的竞争令牌的风险是非常真实的,实际上这在实践中发生了很多次。查看比特币克隆,如Litecoin和Bitcoin Cash或以太坊的克隆ETC。NXT还拥有像Burst,XEL等其他克隆版本以及其他一些项目,这些项目没有复制代码本身,而是复制了许多想法,如NEM,Waves等。

    因此,IOTA团队对引入IOTA克隆的关注确实是有效的,但我认为将错误引入软件并不是解决这个问题的方法。

    介绍Jelurida公共许可证

    当遇到同样的问题时,Jelurida开发人员以JPL的形式提出了一个创新的开源软件许可证。

    我们的想法是,我们允许任何人克隆代码并使用自己的值标记创建自己的区块链实例。我们甚至通过提供区块链创建工具包使这个过程变得非常简单,该工具包是NXT软件的一种风格,它允许任何人创建自己的创世块并使用自己的独立令牌生成新的区块链实例。

    作为回报,我们要求克隆开发人员将10%的新令牌授予现有的NXT持有者。这可以补偿NXT持有者因引入可能的竞争令牌而造成的稀释,并激励现有的NXT社区与克隆合作,而不是将其视为竞争对手。

    我们目前已经知道有几个团队使用JPL方法克隆NXT强大而稳定的代码并基于它创建创新的解决方案,同时回馈NXT社区。

    回应Come-from-Beyond

    JPL不是关于阻止诈骗者,而是克隆创建者使原始令牌持有者受益的方法。

    我不反对克隆,我想确保克隆者不会稀释NXT令牌的值。事实上,我们克隆NXT非常简单,可能比其他任何区块链都简单。

    无论如何,我认为你的复制保护方法是一种不好的做法。你在iota源代码中还有其他任何版权保护吗?

    (谷歌翻译)