urbit/pub/docs/theory/network-goals.md

566 lines
25 KiB
Markdown
Raw Normal View History

2015-10-26 20:58:11 +03:00
---
sort: 4
title: Network architecture: goals
2015-10-26 20:58:11 +03:00
---
# Design of a digital republic: part 1, goals
2015-10-20 20:51:45 +03:00
Some of us remember when the Internet was a social network.
Today, the Internet is a modem.
It's a wonderful modem. It connects you to all kinds of great
online services. Some of which are social "networks," but only
networks in the MBA sense. Really they're social *servers*:
giant virtual mainframes running one hardcoded program. 1976
2015-10-26 20:43:19 +03:00
called — it wants its acoustic coupler back.
2015-10-20 20:51:45 +03:00
So, you prefer 1996. So, you wish you had your decentralized
Internet back. So, you don't seem alone in this. So, we know
one thing: wishing hasn't made it happen.
## John Perry Barlow
It's interesting to go back and read John Perry Barlow's 1996
manifesto, the [Cyberspace Declaration of
Independence](https://projects.eff.org/~barlow/Declaration-Final.html),
Some parts of the *Declaration* are dated. Many parts seem
fresh, even urgent.
But in 2015, what stands out most about this document is its
incredible confidence that the Internet is inherently free, and
easily strong enough to announce and defend its own freedom,
against "Governments of the Industrial World, you weary giants of
flesh and steel."
Well... hindsight is 20/20. But in hindsight, even in 1996
2015-10-26 20:43:19 +03:00
things were starting to head south. Usenet — the brain of the
Internet, when the Internet had a brain — was already
2015-10-20 20:51:45 +03:00
disintegrating under the barbarian invasions. And where is the
WELL these days? (John Perry Barlow is probably still on it.)
While the Net has certainly scored a point or two against the
State, the State has scored a lot more points against the Net.
If the State wants your domain name, it takes it. If that's
independence, what does utter defeat and submission look like?
Worse: whatever state tyranny exists, it's obviously dwarfed by
the private, free-market, *corporate* tyrannosaurs that stalk the
cloud today. We can see this clearly by imagining all these
thunder-lizards were *actually part of the government*. "Private"
and "public" are just labels, after all.
Imagine a world in which LinkedIn, Facebook, Twitter, Apple and
the NSA were all in one big org chart. Is there anyone, of any
political stripe, who doesn't find this outcome creepy? It's
probably going to happen, in fact if not in form. While formal
nationalization is out of fashion, regulation easily achieves the
same result, while keeping the sacred words "private enteprise."
Reading Barlow's _Declaration_ is a lot like reading the real
Declaration, in an alternate history where Jefferson lost. In
2015, do we still believe in these goals? Arguably, we believe
in them more than ever. We basically live in 1996's nightmare.
We know exactly what to be afraid of. It's already here.
But we've lost the ability to believe we can *achieve* these
goals. 20 years ago, digital freedom seemed inevitable. Now it
seems impossible.
## Engineering digital freedom
Don't panic! This is a simple case of cause and effect. Digital
freedom isn't inevitable. It's also not impossible. It's quite
possible. It just requires *actual engineering work*.
If you think a result is inevitable, but it's not, you won't do
the work and you won't get the result. So, let's do the work.
Dealing is way better than worrying. 1996 worried about the
problem; 2016 ought to deal with it.
A constitution is not a declaration. It's not a list of ideals.
2015-10-26 20:43:19 +03:00
It's more like a bridge — an actual structure, that fails unless
2015-10-20 20:51:45 +03:00
it stands up to genuine load. A bridge isn't a bridge unless it
works. If you want a bridge, you have to build a bridge. It
doesn't typically happen that you set out to build something
else, but at the end it turns out you've built a bridge.
The designers of the Internet did not, of course, intend to
implement any of John Perry Barlow's ideals. How close they came
is in a way remarkable. Perhaps it was possible for the
designers of the Internet to build a global, decentralized social
network. They weren't trying to, and they didn't.
If we want a decentralized social network, we can't do it without
rigorous engineering work. And we can't limit our work to the
world of code. A decentralized network has to work not just
2015-10-26 20:43:19 +03:00
technically — but politically, economically, and socially.
2015-10-20 20:51:45 +03:00
Where do we go from here? How do we get back to 1996? Admit
we've failed, and try again. How else?
## Two axioms
It's rarely worth arguing over an ugly truth. Either you know
it, or you can't be argued into it. Or it's not true. So it's
better to just give it as an axiom. Two axioms:
One: the Internet can't be fixed. We *can't* redecentralize the
Internet. It has too many accumulated administrative and
technical misfeatures.
Two: there is no practical, completely decentralized network.
Government is a human invariant, in the digital world as in the
real world. Even Bitcoin has a central government.
We can't force you to accept these axioms. We'll just assume
they're true for the rest of this document. This means we're
designing a new, self-governing network on top of the Internet.
## On digital republics
The English word *republic* is from the Latin *res publica* -
"public thing." A republic is a government run as a public
trust, without any single point of failure - person or
institution.
Every (real) democracy is a republic, but not every republic is a
democracy. The distribution of both formal and actual authority
within a republic need not be in any way uniform. (Arguably, it
never is.)
The design goal of a republic is effective, durable and stable
governance. Humans and servers are inherently fallible.
Therefore this goal cannot be achieved without what humans call
*pluralism* and programmers *redundancy*. Or in other words,
decentralized governance.
Both the old Internet of the '80s and the distributed social
network built on top of it - Usenet - were very much digital
republics. ICANN still thinks of itself as a republic, but to
some it looks more like a corporation. In previous decades,
influence over collective decisions was more about personal
reputation than corporate authority - the way IETF still works.
A republic needs a constitution - a set of formal processes that
guides and shapes the real questions of governance, which are
always informal.
The republic is in a healthy state if its actual power structures
match this constitution. The Soviet Union had a fine
constitution. Its actual authority structures had little to do
with its official structures.
Again, the digital republic is a machine - if it's not
well-engineered, it won't work. There are three categories of
engineering we have to get right: political, economic, social.
## Political engineering
Our ideal network is actually not designed to *be* a digital
republic. It's designed to *become* a digital republic.
The most basic principle of political engineering is that there
is no one true constitution; the constitution has to fit the
polity. And our polity cannot succeed without changing. And we
care what it ends up as, much more than how it gets there.
### On young networks
In a young, small network, digital freedom is irrelevant. There
is no structural conflict of interest between the government and
the users. Everyone in the network is a pioneer, and all
pioneers have the same goal: found the republic. Anyone who
stops believing in the network just leaves.
The young network is a high-trust society in two ways: trust
between users, and trust in government. The main purpose
of decentralization is to prevent conflict among the distrusting.
Decentralization is superfluous in a high-trust society.
A young network can't be decentralized *even if it wants to be*.
Consider the early days of Bitcoin. Somewhere between the
initial release and now, there's a point in time T such that
before but not after T, Satoshi himself could have rebooted the
blockchain.
Not even with a 51% attack - but *just with an email*. He could
have said: I screwed something up, here's a new genesis block.
And everyone would have switched to the new blockchain, at the
mere verbal whim of Emperor Satoshi.
When Bitcoin was young, it was a centralized network, even though
it had a decentralized constitution. In practice, Satoshi was
above the constitution. Even if he didn't use it, he had an
authority above cryptography.
### Political engineering in Bitcoin
There are two layers of sovereignty in Bitcoin. The highest
layer is the choice of blockchain itself - the rule that the
longest chain is best is completely informal. Or to put it
differently, it's the principle that makes Bitcoin Bitcoin and
everything else an altcoin. No math is involved here - just the
agreement of human beings. Or in other words, politics.
Even the cryptographic layer rests on informal foundations.
The 51% attack on Bitcoin is well-known; any coalition that can
construct one is sovereign. But no such coup has happened, or
will - why?
Because the coalition is plural. Since each coup supporter would
be acting against its own self-interest by damaging the
reputation of the currency as a whole, the coup requires
self-destructive folly from multiple serious actors. Suicidal
collusion is never a realistic risk - or if it is, nothing can
mitigate it.
Even if one miner controlled 51%, their incentive against an
attack would be enormous, because they would destroy the
blockchain they captured. On the other hand, not everyone
responds sensibly to incentives. The purpose of a republican
constitution is to eliminate single points of incentive failure.
Bitcoin is a stable, mature republic - but it is *not* secured
just by cryptography, but also by political engineering.
### Political engineering in Reddit
Compare to an unstable, mature non-republic: Reddit.
2015's Reddit civil war is a dead ringer for one past conflict:
the English Civil War. As Marx and Pareto agree, all major civic
conflict arises when a new social class develops a collective
sense of its right to govern. The danger is most acute when a
governed class senses that the governors do not live up to the
standards of the governed.
Much as the Puritans looked down on the Cavaliers as immoral,
atheistic fops, the Reddit moderators looked down on the Reddit
staff - or certain parts of it - as faceless corporate drones.
When you've attained real political status in a community,
through hard work and genuine talent, it's contemptible to let
yourself be governed by people without the basic skills to even
pass as competent, much less exceptional, in this community. As
Napoleon said: every regime is safe so long as it is ruled by its
most talented citizens. And if it's not, it isn't.
But technically, Reddit couldn't just have a French Revolution.
Reddit is an inherently centralized site. It looks like a bunch
of different places, but that's an illusion. It's actually one
big mainframe. The Reddit staff is stuck running this mainframe.
The users have a lot of social capital invested in it.
If there was a technical mechanism that let the users of Reddit,
collectively and coherently, fork Reddit and take ownership with
a Tennis Court Oath, they certainly would have done so long ago.
The result could only be a digital republic. But they can't, so
Reddit's future is unclear. Man may be born free, but mainframe
guest accounts certainly aren't born free.
### From monarchy to republic
In real-world history we see a curious pattern: not only are
republics fairly rare, but every successful republic (from Athens
to Rome to England) started out as a successful monarchy.
Perhaps this is also the right way to build a digital republic?
Another way to state the political engineering problem that our
new network has to solve: maximize the chance of producing a
mature digital republic. There are two failure cases: failure,
and a mature non-republic. We should prefer the former - "range
safety," as a rocket scientist would say.
Our conclusion is that a young network is a monarchy (whether
under a BDFL or a faceless corporation), whether it likes it or
not. But the network must be technically designed to *evolve*
into a mature republic.
And - most critically - the republican evolution *cannot* be
prevented by the monarchical admins. When the evolution has to
happen, the monarchy has every incentive to help it succeed. If
it chooses to interfere instead, it will just get run over.
Reddit couldn't have a revolution; its code wasn't designed for a
revolution. A new network can and should be designed for just
that. Revolution may not be the ideal way to give birth to a
republic, but it certainly works and it's better than nothing.
Thus what seems like an optimal political design: the ugly,
centralized, young larva that's designed to molt into a
beautiful, mature, decentralized butterfly. And once mature, the
2015-10-26 20:43:19 +03:00
larva must molt or die — not keep growing into a gigantic,
2015-10-20 20:51:45 +03:00
man-eating caterpillar of death.
## Economic engineering
Economically, a new network should bootstrap. It should be
designed to generate revenue that funds its own development.
Ideally, its operators accept no traditional investment at all.
A digital-token business is no novelty in the age of Bitcoin.
But a network address space is not at all the same thing as a
digital currency. When we look at current address spaces of
meaningful economic weight - DNS domains, IPv4 addresses, even
Twitter handles - we see not digital money, but digital *land*.
### On digital land
Digital land is very different from digital money. People mine
gold, but nobody mines land. Transactions in money are common,
fungible, and should involve minimal friction. Transactions in
land are rare, unique, and involve significant friction. And
most important, land has intrinsic utility; money does not.
For example, Bitcoin needs a blockchain to solve the double spend
problem. A blockchain is very expensive. If we consider mining
dilution as a cost, a Bitcoin transaction costs multiple dollars.
That cost is exacted as a dilution tax on all holders (arguably,
correct accounting in BTC uses a "normalized BTC" unit which is
the fraction of all BTC outstanding), but it remains a cost.
For certain values of "solved," the double spend problem is also
solved by a trusted escrow agent. For digital money, escrow is
not a workable general solution. For digital land, it may be.
Escrow is certainly orders of magnitude cheaper than a blockchain.
Digital land in a decentralized system still needs to be owned
cryptographically, like Bitcoin. But as with real property,
it doesn't need to be mathematically impossible to steal digital
property. It just needs to be realistically impractical. If we
can ensure that those with the power to steal lack the motive,
and those with the motive lack the power, our design works.
For digital land, a blockchain is an unnecessary expense. So
digital land has no mining. But from the Bitcoin purist's
perspective, any altcoin without mining is "100% premined" - ie,
probably a scam. Digital land is not digital currency, but it's
silly to argue over definitions.
### A moral theory of digital land
The libertarian philosophy of Murray Rothbard is the normative
belief system of Bitcoin. It's easy to explain digital land in
Rothbardian terms: ownership is on the homesteading principle.
Property in land, as anything, is owned by those who create it -
which in real land means enclosing and cultivating it. Digital
land is just the same, but creation is a simpler process - and
it never involves conquest and/or genocide of previous owners.
All this is precisely according to Dr. Rothbard.
Intuitively: if you didn't do any real work to create your
premined altcoin, it's a scam. If not, not. It's not necessary
to appeal to Rothbard to see why this makes sense.
### Economic dynamics
Any bootstrapping address space can define a metric which is the
fraction of namespace value recycled into development cost: the
erecycle rate*. In a sense, if the recycle rate is 100%, the
network does not leak economic energy.
(In a scam, this non-leaked economic energy non-leaks into the
scammer's pocket. In a non-scam, it goes back into the engine.
It's expensive to settle any new America; if that America has
positive general utility, its value when settled should subsidize
the cost of settling it. Or at least, a design that doesn't work
this way is like Newcomen's steam engine, not Watt's.)
One tradeoff against perfect recycling is the importance of
ownership decentralization. If you own an entire network because
you created it, you can increase the value of the whole address
space by giving blocks away. You may even increase the value of
your own position.
A monopolized network is not politically healthy. So its
2015-10-26 20:43:19 +03:00
economic value is lower. So — if the network is properly
designed and structured — it can be stably demonopolized. The
2015-10-20 20:51:45 +03:00
monopoly power achieved by combining large positions is smaller
than the reputation cost of remonopolization, so centrifugal
force dominates and the system stays decentralized.
Mining is one way to create initial demonopoly. But if it's not
actually necessary, mining has a recycle rate of zero. In a
blockchain network, mining is a necessary service and pays for
itself. In digital real estate, it would be a bad design.
The objective of demonopolization isn't necessarily a *fair*
distribution of real estate. Fairness is nice - but from an
engineering perspective, to create the incentive structure of a
true republic, all that's needed is nontrivial decentralization.
Not much is needed to maintain the stabilizing incentives.
## Regulatory engineering
There's another kind of "political engineering." Our new network
is a sort of second-level political entity; but it exists within
a first-level entity, the real government.
Minimizing bad interactions with the real government involves
three simple steps. First, don't look like you're breaking the
law. Second, don't break the law. Third, *really* don't break
the spirit of the law.
Fortunately, digital land (such as DNS domains or IPv4 blocks)
already exists and is largely unregulated. Or rather, it's
regulated perfectly well by standard property law.
This isn't just an accident of history. If DNS domains became a
useful way to launder money, or any kind of sink of financial
skulduggery, carders, pedobears, etc - the baleful eye of the
real government would rapidly fall on them.
It's incumbent on anyone creating a new network of any kind not
just to avoid using it *yourself* for criminal purposes, but to
design it so that *it's not useful* for criminal purposes. A
darknet is not a machine for producing digital freedom. It's the
opposite - an excuse for installing digital tyranny.
## Social engineering
Bringing people together is an easy problem for any social
network. The hard problem is keeping them apart. In other
words, the hard problem is *filtering*. Society is filtering.
A society without filters is a whirling, beige mess of atoms in a
blender. Beigeworld is an inhuman antisociety. A digital
republic is a garden; not only does a garden smell good, but
every flower smells good. An unfiltered network is a sewer. All
sewers have exactly the same smell.
There are four orthogonal classes of filtering: topic, community,
flavor and quality. Filtering should be orthogonal to content
type: the topic filter "sci.physics" can be a chatroom, a
preprint archive and a streaming video channel.
### Filtering: topic
Users themselves want to keep themselves apart in structured
ways. Topic filtering is the most basic. Imagine a Reddit or a
Usenet with only one group. It would consist only of noise.
For topic filtering, the ideal network has a single, organized
global topic tree (ontology). Call it half Usenet, half
Wikipedia and half the Dewey Decimal System.
### Filtering: community
Every topic deserves a community. But not every community is a
topic - a node in the ontology. To put it differently, not every
community should have a global name. The existence of small,
informal, private communities - tribes and microtribes - is
essential to a healthy network.
The most inhuman form of community filtering is the form in which
"communities" are inferred algorithmically from an unstructured
social graph on a social server. A community is a tribe, not a
proximity cluster. Humans are a tribal species and have
exquisite instincts for interactions in medium-sized groups.
### Filtering: flavor
Flavor filtering is the only major filtering class that's poorly
developed in presently deployed systems.
Suppose you're building an online grocery store. Suppose one
feature of your store is a profile setting where users can mark
that they're vegetarians.
There is no use in asking vegetarians to shop for meat. At best,
you're trolling them; at worst, you're boring them. A cooking
site should not show them recipes for rack of lamb. Etc.
More broadly, many forms of discourse have vibrant flavors which
other users are inherently uninterested in tasting. Like topics,
these flavors naturally form trees - some users may naturally
block all sexual content, others just a subset.
But flavors are not topics. Topic can imply flavor - the bondage
board will have bondage-flavored content. Not all communities
are topical. Not all all topical communities stick to the point
in every single communication.
A key component of flavor-oriented filtering is the principle
that flavor is marked by the content author, and enforced by
social convention in the community. A well-run community - and
not all communities will be well-run - enforces flavor marking
even among the locally dominant majority.
Anyone reading this has been subject to speech codes, of one sort
or another, since they were old enough to talk. There's a reason
for this: blasphemy and/or heresy is disruptive and antisocial,
absolutely regardless of its actual intellectual merit.
If we have a technical way to filter out blasphemy, we don't need
to suppress it with coercive force. Imagine a world in which,
not just in theory but also in practice, you could say anything
you wanted - so long as you marked it as what it was.
### Filtering: quality
All other filtering problems are unimportant next to quality.
Any successful digital republic must be in some sense a successor
of Usenet, whose defeat by the barbarians is a matter of history.
Alas, no one really knows how to do decentralized quality
filtering. (Even centralized filtering doesn't work well.)
Fortunately, a young network is inherently high-quality.
Low-quality content is parasitic. It develops only as a network
matures. There's plenty of time to work on the outer walls while
the network boots up.
And we can state one social-engineering goal which is not
*sufficient* for barbarian resistance, but perhaps almost
*necessary*. This is *expansion resistance*: the difficulty of
creating a new identity.
If expansion resistance is zero, anyone can create infinite
numbers of identities; Sybil attacks become trivial. Expansion
resistance is negligible in email; spam filtering works, kind of;
it can save SMTP, it certainly couldn't *create* SMTP. Email has
a lot in common with 14th-century Constantinople.
Metafilter (which anyone can join for $5) has solid expansion
resistance; it may not be perfect, but it's certainly spamless.
And the grand champion is certainly the '80s Arpanet, where where
creating an identity involved applying to a university or getting
a tech job - effectively, infinite expansion resistance.
Imagine a genuinely abuse-free global, decentralized network,
where no one had ever heard of a firewall. Usenet was a fragile
flower that could only exist under this glass bell. We can't
go back to the Arpanet, but we have to understand why it worked.
Broadly, disposable identities and sockpuppets are the enemy of
Internet civilization. The principle of one identity per person,
persona or corporation is an absolute principle of netiquette.
Genuine multiple personas exist - it's one thing to split your
own identity between person and persona, name and *nom de plume*
or *nom de drag* - but they're rare, and an easy exception.
One of the most praised texts in 20th-century political science
is s James Scott's _Seeing Like A State_. Scott points out that
successful governments encourage social structures which are
structurally governable, like a forester planting rows of trees
in straight lines. People today have names like "Carter" because
medieval English barons made their peasants take surnames, just
so their tax databases would have valid primary keys.
A naive libertarian might call this a bad thing. Simplicity is
not tyranny; simple government is good government, which is the
opposite of tyranny. The simpler its task, the less energy the
government must exert to achieve the same output. Anarchy and
tyranny are cousins; so are liberty and order.
# Conclusion
Goals and ideals are different things. An ideal is something you
want. A goal is an ideal, plus a realistic plan to get it.
Goals are more interesting than ideals, don't you think?
Goals and features are also different things. What are the
features of a network that attempts to achieve these design
goals? In the next installment, we'll look at how our own
2015-10-26 20:58:11 +03:00
network — [Urbit](http://urbit.org) — measures up to these
2015-10-26 20:44:44 +03:00
yardsticks.