"There is no single development, in either technology or management technique, which by itself promises even one order-of-magnitude improvement within a decade of productivity, in reliability, in simplicity." -- Frederick P. Brooks, Jr.
Meme narratives like this are really tiresome in a post-CVE-2018-17144 world.
— Pierre Rochard (@pierre_rochard) October 3, 2018
Bitcoin is not too secure to fail, especially if we become complacent and do not direct resources towards Bitcoin node software development. https://t.co/5YMgHk2IM2
Two weeks ago Bitcoin Core fixed a critical bug by issuing a quick software update. In the past decade Bitcoin as an ecosystem has experienced a tremendous amount of growth, and every day there are new endorsements from institutions and high-net-worths. The media attention might create the impression that Bitcoin is a mature and highly developed product. The emergency update is a sober reminder that it's not.
Cryptocurrency systems are incredibly complex, comprising concepts from distributed systems, networking, cryptography, and psychology. Nobody has a clear understanding of how these systems will evolve, and nobody can confidentally guarantee these systems are fully secure. If someone claims they can, they're selling something.
In Frederick Brooks's famous paper No silver bullet - Essence and accidents of software engineering, he separates "accidental difficulties" from "essential difficulties". The former arise from the production process; and the latter from the inherent complexity of the tasks at hand. In Bitcoin's case, both "accidental difficulties" and "essential difficulties" are prevalent. Take it from Matt Corallo, one of the most active Bitcoin contributors:
I'd hope it has a goal of at least retaining some properties, like censorship resistance. These things can work for some time then suddenly break. Getting to where we're confident it won't is a long project. https://t.co/Ungg8ZSWtW
— Matt Corallo (@TheBlueMatt) October 1, 2018
From pizza to lambos: charting Bitcoin's first decade
(Bloomberg, by Eric Lam and Lauren Leatherby)
"Here’s a look at how the purchasing power of that original transaction has changed over the past eight years, running the gamut from iPads to Lamborghinis (or Lambos, in industry parlance) as early adopters, true believers, Wall Street financiers and retail investors all jumped on the Bitcoin rollercoaster."
Technical Updates
Code reusability vs. accidental commonness
(Hugo Nguyen)
"In software there is this grand vision of software components being perfectly modular as their physical engineering counterparts. Like that laptop charger or USB wire, you don’t have to carry a different charger or USB wire everywhere you go.
So there’s always a strong push for code reusability. Writing redundant code is often frowned upon. Why do the same work twice when you can do it once?"
Argument against scaling the block size
The total size of the Internet, give or take a few MB. This includes IPv4 and IPv6.
— Melik Manukyan ⚡️ ludvigart.com (@realLudvigArt) October 1, 2018
sh ip bgp ipv4 uni sum | i total bytes
BGP using 205560814 total bytes of memory
sh ip bgp ipv6 uni sum | i total bytes
BGP using 69169288 total bytes of memory
~275MB.
Digital signatures
(Scaling Bitcoin Tokyo 2018, by John Newbery)
"The prover signs a message m as follows: set z as the leftmost bits of H(m) (the hash of a message). He then picks a random nonce scalar k. He sets K = kG and r as the x coordinate of K. So K is a point on the curve and he just picks the x coordinate, and then he sets s as the inverse of k multiplied by (z + rx). The ECDSA signature is the pair (r, s)."
Prof. Andrew Miller on how cryptographers model attacks
In cryptography, we would never assign a probability to an attack occurring, instead we'd use randomness so that even conditioned on the attack occurring, the success probability would be very low. Sampling is to frequentists what key generation is to cryptographers
— Andrew Miller 🦓🦓🦓 (@socrates1024) October 3, 2018
Creating money out of thin ether
(Decrypt Media, by Tim Copeland)
"Etherdig, the mining pool capitalizing on the loophole, has mined over 1,250 blocks in the last three months, without validating a single transaction. As a result, it’s received 3,750 ETH ($862,500) in mining rewards. Instead of gathering transactions, confirming them and including them in blocks, it has been creating blocks that just contain the phrase, 'Interim Global Authority,' a reference that appears to be related to the popular computer game, Colony. Etherdig did not reply to queries from Decrypt seeking comment."
News & Commentary
"While some cryptocurrency market data providers estimate the daily trading volume of Bitcoin to be around $4 billion, according to ShapeShift’s Coincap.io, which filters out inflated volumes and cryptocurrency exchanges suspected of utilizing bot trading, the real volume of Bitcoin hovers at around $2.7 billion."
With rambling Clinton keynote, Ripple is sending a clear message
(CoinDesk, by David Floyd)
"Not only does it seemingly vault Ripple into a small circle of establishment firms that book Clintons: Goldman Sachs, Moran Stanley and Deutsche Bank. It simultaneously distances Ripple even more emphatically from the world of fly-by-night ICOs, dark web markets, Ponzi schemes, tokens, sectarian hard forks and meat-only diets – the 'crypto' scene that Ripple clearly wants nothing to do with."
Why I'm worried about Google
(Slate, by Matthew Green)
"In short, I fear Google is well on the way to becoming a different kind of company, and it worries me. This is not because I inherently love Google—it’s a profit-making entity, and its shareholders will always come before me. But I worry that it is increasingly trading away my trust for short-term benefits. Even worse, this course change indicates that companies’ self-interest in maintaining user trust may not be a match for the business pressures that drive them to become more intrusive."