Zooko's Spectrum, not Zooko's Law
A problem I have always had with Zookos Law (decentralization, security, human-memorizable, pick two) is that he doesn't define what he means by those three terms. What does he mean by security? Security to me is a spectrum, from completely open to completely militarily locked down. What does he mean by human-memorizable? That goes all the way from extremely human friendly, such as "Brad Neuberg" to "brad@neuberg.com" to short identifiers like Compuserve used to have such as "234323432@compuserve.com" all the way to 128-bit hashes. That sure looks like a spectrum to me.
Decentralization is also itself a spectrum. Systems such as Napster and Bittorrent are hybrid decentralized, while systems such as Gnutella are much more decentralized. Systems are a complex collection of pieces; some pieces can be centralized, while the rest are decentralized, as Napster and Bittorrent have shown. Bittorrents trackers are relatively centralized, while the content streaming is decentralized. The goal is not to be religious on whether to centralize or decentralize, but to identify what your political, social, and business goals are in order to decentralize the bits that achieve these goals.
I agree that at their extreme, you can't have all three qualities, but that is an extreme statement. If each of these three qualities, decentralization, security, and human-friendly names, are a spectrum, then perhaps we can have all three if we slightly relax them.
Call it Zooko's Spectrum, not Zooko's Law. You don't have to throw out all three, you just have to slightly relax one of them. So you can have human-friendly names and security, but you have to slightly relax the degree of decentralization in your system (but not throw it completely out). Or perhaps you can demand extreme decentralization and extreme security without throwing out human-friendliness, but slightly relax the human-friendly part (by having names that are short numerical GUIDs the length of phone-numbers but not the 128-bit GUIDs of FreeNet).
The end result is you can have your cake and eat it too, if you decide to use carrot cake instead of flour. Decentralization, Security, Human-Friendly Names: a nuanced spectrum of choices that can't all be had 100% but can slightly be had if you slightly relax one of them.
A problem I have always had with Zookos Law (decentralization, security, human-memorizable, pick two) is that he doesn't define what he means by those three terms. What does he mean by security? Security to me is a spectrum, from completely open to completely militarily locked down. What does he mean by human-memorizable? That goes all the way from extremely human friendly, such as "Brad Neuberg" to "brad@neuberg.com" to short identifiers like Compuserve used to have such as "234323432@compuserve.com" all the way to 128-bit hashes. That sure looks like a spectrum to me.
Decentralization is also itself a spectrum. Systems such as Napster and Bittorrent are hybrid decentralized, while systems such as Gnutella are much more decentralized. Systems are a complex collection of pieces; some pieces can be centralized, while the rest are decentralized, as Napster and Bittorrent have shown. Bittorrents trackers are relatively centralized, while the content streaming is decentralized. The goal is not to be religious on whether to centralize or decentralize, but to identify what your political, social, and business goals are in order to decentralize the bits that achieve these goals.
I agree that at their extreme, you can't have all three qualities, but that is an extreme statement. If each of these three qualities, decentralization, security, and human-friendly names, are a spectrum, then perhaps we can have all three if we slightly relax them.
Call it Zooko's Spectrum, not Zooko's Law. You don't have to throw out all three, you just have to slightly relax one of them. So you can have human-friendly names and security, but you have to slightly relax the degree of decentralization in your system (but not throw it completely out). Or perhaps you can demand extreme decentralization and extreme security without throwing out human-friendliness, but slightly relax the human-friendly part (by having names that are short numerical GUIDs the length of phone-numbers but not the 128-bit GUIDs of FreeNet).
The end result is you can have your cake and eat it too, if you decide to use carrot cake instead of flour. Decentralization, Security, Human-Friendly Names: a nuanced spectrum of choices that can't all be had 100% but can slightly be had if you slightly relax one of them.
Comments