Ethereum Is Coding’s New Wild West
Pelle Braendgaard has the textbook bio of an old-guard programmer. At 12, he often went to his local computer store in Denmark to write BASIC code on an eight-bit Sinclair ZX Spectrum. In 1993, he stumbled across Mosaic, the first graphical web browser, while aimlessly cruising the UNIX command line on a university computer. He quickly fell in love with the web, and found a job as the webmaster for AltaVista, a pioneering search engine.
“In the very early days, you really had to figure it all out yourself,” Braendgaard says, in an accent that floats between Danish and American. “All of us who were developing back then, we had to learn everything…there weren’t good libraries. There weren’t good developer tools.”
Gabe Nicholas is a graduate student at the UC Berkeley School of Information focusing on the intersection of technology and society.
Sign up to get Backchannel’s weekly newsletter.
The web has matured since then, but Braendgaard has moved on. Today, he’s writing distributed applications, or “DApps,” for Ethereum—a cryptography-based technology that’s as green a field as the 1990s web once was, offering the same tingle of novelty and a similar chance to make an impact.
If people know Ethereum at all, it is as Bitcoin’s hip, experimental cousin. If they know one thing about it, it is that the price of Ether, the coin underlying Ethereum, has skyrocketed by a factor of 20 over the last six months. But the ensuing get-rich-quick mania has led many to overlook Ethereum’s more lasting significance. More than a new type of digital currency, it is a new type of distributed computer—one that no one controls but inside which anyone can see. On this computer, a new generation of applications, called “DApps,” is being born.
How can Ethereum be a cryptocurrency and a computer at the same time? Instead of running on a laptop or a server, it runs on thousands of individual computers at once, all kept in sync with blockchain technology. In its simplest form, a blockchain is an ordered list of items upon which all of these computers agree. On Ethereum, that list is made up of programmable computer states (think ones and zeros). Anyone can pay currency (Ether, not dollars) to run their code on—and thus change—the state of the computer. Miners enter their machines into a random mathematical race to win the chance to choose which code will run next (i.e., to add the next block of ones and zeroes to the list) and collect the associated fees.
This system is called the Ethereum Virtual Machine (EVM), or colloquially, the “world computer.” Code is run publicly, but users are pseudonymous. It’s like Amazon Web Services, except instead of Amazon as the seller and users as the buyer, users can play either role. No individual controls the system. That makes Ethereum something genuinely new—something unprecedented.
Decentralized apps, or DApps, are programs that run on the world computer. “Run,” however, might not be the right word, because Ethereum-the-computer is dreadfully slow, and writing code for it is like turning back the digital clock a few decades. Computation on the EVM right now is far too expensive and inefficient to run a modern web-based service like Twitter. Storing even a single profile picture would cost hundreds of dollars, and today the network can only run about seven transactions per second. (For comparison, Facebook runs 25,000 transactions per second on searches alone.) Software changes can speed things up some, but Ethereum is always going to be slower than more conventional computing.
It’s a cumbersome system, but that’s not deterring developers from writing Ethereum programs. They’re attracted to what the platform earns by spending all those extra resources. DApps are small, interconnected scripts that transfer currency and connect users. They are good at coordinating lots of computers to perform tasks in exchange for currency without any central oversight. This decentralization is Ethereum’s biggest draw. DApps do not need to trust in the benevolence of central administrators like Amazon to run code, or in payment systems like PayPal or banks to exchange currency.
Blockchain theorists have a name for this decentralized protection from outside meddling: They call it “trustlessness,” and it is at the core of many DApps. (The term is confusing, because it sounds like a label for something you can’t trust. But what it’s really saying is, because you can trust the cryptography and the blockchain, you don’t have to take anyone’s word for anything.) The “Hello, World!” of Ethereum DApp development—the starter exercise programmers use to learn how a system works—is a voting DApp. If a voting DApp were used in say, a presidential race, the DApp could autonomously count the votes and determine a winner. All votes would be anonymous, but anyone could see the code that counted them and the system would be immune to meddling from, say, Russian oligarchs. Braendgaard is the lead engineer on a different kind of DApp called uPort, which uses trustlessness to let users manage their own identities. Users can prove their identity with other applications, but, unlike when signing into an app via Facebook or Google, they can do so without trusting a centralized provider.
Ethereum is also being used to create a range of new marketplaces built on trustless principles, much to the delight of technolibertarians. The Golem Project describes itself as “AirBnB for computers.” Users can sell their machine’s unused computing power or buy it from others. Early adopters have already used it to render CGI images on strangers’ computers that would have otherwise been sitting idle. Those adopters did not need to trust that Golem would pay them for their computing time or that the code would run as promised; the transactions were guaranteed by the openness of the network. In the future, Golem could be an alternative or even a challenger to the current cloud computing hegemony.
Gnosis is another market DApp with a lot of buzz. It’s a prediction market, meaning users can bet on the outcome of events (i.e. “Will Roger Federer win the Australian Open?”) and question askers can leverage the “wisdom of the crowd” to better predict an event’s outcome. Prediction markets have existed before, but they have always been heavily regulated and dependent on trust in a central source to determine the correct answer and dole out the money. “With Gnosis, we are not only using Ethereum to do payments. We are using it to build the core of the prediction market,” says Gnosis co-founder Martin Köppelmann. “Previously, people had to send money to our company, our company would hold the money, and later we sent it back. Now the big difference is that it’s really peer to peer. We don’t touch users’ money.”
Ethereum itself and all the code that runs on it are public and open source—so if users have the technical knowhow, they can verify how much they will be charged and see how secure the code is. On traditional apps, users must blindly trust developers to charge them appropriately and protect their credit card information. “On Ethereum, the need for security is shifted onto the users of the platform, which either can be good or bad,” says Phil Daian, a PhD at Cornell’s Initiative for Cryptocurrencies and Contracts. “If you are a sophisticated user and understand the system, that puts you in a good position. If you are my grandma, that might be beyond your security skills.”
Identifying secure code on Ethereum is no task for the digitally faint of heart, and neither is writing it. Ethereum links code and currency so closely that the cost of a security flaw can be astronomical. A recent vulnerability in the Parity Wallet, a popular DApp that stores users’ ether holdings, allowed hackers to steal $30 million in ether from the DApp’s users. The cause was a single missing word.
The cost of vulnerabilities make writing Ethereum code a daunting task. For Collin Chin, an upcoming junior at UC Berkeley and a programmer at Gnosis, the challenge is welcome. “If you make [your code] more monolithic, that makes it more vulnerable to attacks,” he says. “In the Parity Wallet attack…a small little oversight cost millions. It’s a very interesting language to code in. You have to think about these types of vulnerabilities and security bugs.” Chin is also a member of Blockchain@Berkeley, where a cohort of Berkeley computer science students are cutting their programming teeth by developing for Ethereum.
Most people do not worry about the apps they use mishandling their money, because the law limits their exposure to credit card fraud. DApps offer no such assurance. Decentralization and anonymity make law enforcement and regulation on Ethereum difficult, if not impossible. Users instead depend on (or dare I say, trust) their own technical savviness and respected members of the community to detect scams. Extralegal operation also means that DApps like Gnosis can be used for illegal purposes. “There are a lot of moral hazards involved there,” Daian says about prediction markets on Ethereum. “I can bet a million dollars you’re going to be alive on Monday. If someone wants to assassinate you, they take up the other side of that bet, kill you, and take my money.”
Ethereum presents a wide range of such perils—but for developers like Braendgaard, that is part of what makes it so exciting. Like the internet in the early 1990s, the network is largely undeveloped by programmers, untapped by business, and unintelligible to the public at large. “I remember explaining to non-technical people, ‘No, the internet is really cool because you take any data and split it into these packets and you send it through this network meant to avoid nuclear attack.’ People’s eyes would just glaze over,” says Braendgaard. “Really what got people excited eventually was, ‘Here, you can read your news, go shopping for things, send email.’”
Ethereum is still waiting for its killer DApp, its equivalent to email. The network simply may not be ready yet—and there is no guarantee it ever will be. But developers like Köppelmann are confident it will improve. “We are where the internet was in 1994,” he says. “If you had the vision in 1994 to create YouTube, well that’s a nice vision, but it was just not possible.” Ethereum’s early developers see too much potential in the network to believe it is fated to become a novelty where a lucky few made a quick buck on initial coin offerings. They are betting their time and their code that sooner or later, just as Netscape did with the internet, a DApp will bring the whole world onto Ethereum. And one of them intends to write it.