I’m sorry that this is the conclusion you have drawn from the whole discussion. The point I was making throughout is that you cannot go fully radical on this (or most other issues). So I (and others) pointed out various ways in which this extremist approach leads to very bad latency and even worse scalability.
You need to allow canister developers to say “I want these 5 canisters to be migrated together”. This emphatically does not mean that the system always has to respect all such constraints. The obvious counterexample is “I want all these 10M canisters to always be on the same subnet”. But for well-behaved applications the option must be there. And the system’s behavior must be on a spectrum between “do exactly what an attacker wants” and “constantly shuffle single canisters around”, depending on the situation.
More generally, as I’ve repeatedly said before, engineering is about making compromises. You’re not going to build a scalable and useful system if every second decision you make is either at one extreme or the other. It just doesn’t work like that in real life.
Now, if all you see in the IC is “token swaps [as] the basis of blockchains” then by all means, picking a blockchain that is only a decentralized ledger is the way to go. I mean that. Don’t even bother with the IC, because it was never intended as a really fast ledger.
I think the main discussion point is whether canister migration makes it easier to do a targeted DoS attack against a subnet or dapp. I think that is not the case: even if you can’t choose the subnet you install a canister on, with sufficient attempts, anybody will manage to get canisters on all subnets. Now you can dynamically trigger load on whatever subnet you want to target by sending some message to the canister on the right subnet which may trigger a lot of work. So I think canister migration does not have a negative effect on DoSability. As I said above, I do agree that there is room for improvement here, which I think we should tackle after canister migration. Compute allocations are one partial solution that allow your canister to run reliably even if the subnet has a lot of load, but they don’t fit all use cases.
So for “attackers”, it’s easy to switch load between subnets. However, honest users care about their canister id and their state, and cannot easily switch between subnets. This is exactly the problem we see now: certain subnets naturally grew in load, and are now heavily loaded, but developers can’t easily move their canisters to other subnets. This would be hugely improved by canister migration.
So in summary, this is how I see it:
I think canister migration does not make targeted DoS attacks a bigger problem, while it would very clearly help improve the situation we see today, so I think that’s top priority
After we have canister migration, I think we should put more effort into finding ways to allow canisters to remain super low latency even when there are bursts of load on a subnet
Yes, I feel responsible for the ck-tokens, and they’re all on the public fiduciary subnet.
I’m not sure what you base this on, but I disagree with this statement. The discussion is about whether you should take advantage of colocation of canisters on ICP or not, but I dont see how this speaks negatively of the scalability of ICP. Also to your later point wrt Solana: it’s noteworthy that even the busy subnets right now, although they have increased latency for ICPs standards, have a significantly faster finality time than Solana.
I think there is a huge disconnect between what marketing people and Dom say and what engineers believe is possible. Even here, I think I read something like, “Solana can only run a ledger,” implying that the IC is supposed to run a ledger and much more. However, the reality is that we can’t run a ledger as efficiently as Solana.
I think what matters is whether a full app can be implemented with the latency that millions of people expect. That probably requires connecting with many ledgers, and therefore, I don’t think it’s fair to say that.
I’m sure there is a lot of hyperbole in marketing materials, whether from DFINITY or anyone else in the crypto world (and outside of it). But I challenge you to show me someone from DFINITY claiming that the IC can run a ledger more efficiently than Solana (and I don’t mean that as “only 13 replicas to run a ledger instead of thousands”; which would be true). Lower time to finality? Sure. A LOT more scalable? Definitely. (Particularly when compared to a system that does not scale.)
But if you ever believe (or think you heard) someone claiming that a general purpose system is more efficient at specific tasks than (even vaguely decent) purpose-built systems, then I’ve got a bridge to sell you.
That being said, I believe this conversation has gone way off track and at this point it only makes everyone taking part in it look bad. So if you don’t mind, I will not be engaging in it any further.
I think you only need to read the comment of @Manu above about Solana. (I know that technically he is correct.)
Solana’s primary goal is to build a fast, global ledger, which seems achievable given its current performance. As far as I know, Ethereum has moved away from positioning itself as a “world computer”. Even if it hadn’t, someone would likely come up with a solution to meet the necessary latency requirements (perhaps through something like MegaETH). On the IC, however, I don’t see that level of flexibility. We promote the “world computer” concept, but then engineers in the forum say, “Nope, not possible”.
is it possible for a canister owner to not be responsable on what subnet it is going to run?
Can’t we abstract it away to another canister which is going to be responsible to assign a canister to a subnet depending on performance requirement or other kind of specification such as :
maximal latency accepted
european
etc…
All that to say that even the canister controller cannot know the subnet into which it operates.
A new canister could be created that will be handling all canisters location depdning on specification
This canister could even compute some data from canister running on subnet and move the canister to another subnet which is a better fit
This canister will also be responsible to demand to add new subnet of a certain type depending on parameter that has been voted on nns
For now, i know it is not possible but maybe going into that direction could be a good way to remove any attacks described earlier
Sure, that would be where we want to be, eventually. It’s just not going to be our first solution to load balancing, because it would mean no load balancing at all for the couple of years it takes to implement all of that.
So we’re going to start off with a more manual process and go from there.
It’s a layer 2 solution. It would be interesting to explore how to implement something similar.
Perhaps increasing the node specifications within a subnet might be sufficient.
Currently, the suggested path for scaling involves moving canisters around and, as @levi mentioned, we could eventually reach a point where everyone wants to be part of the same subnet.
Right now, afaik, I need to decide which ledger I should move my dapp closer to.
I guess it’s the eternal sharded vs monolithic discussion.