?

Log in

No account? Create an account
The inability of the human mind to correlate all its contents - Input Junkie
February 26th, 2014
09:59 am

[Link]

Previous Entry Share Next Entry
The inability of the human mind to correlate all its contents
Edited to add: So much for my beautiful observation. Charlie says quite plausibly that he thought security issues were too obvious to be worth mentioning.

A serious security breach was recently discovered at a bitcoin repository, and Charles Stross, who hates bitcoin engaged in some schadenfreude.

The schadenfreude link has an explanation of what it takes to do security programming for institutions that handle money-- something Charlie did for years. It's *hard*, even with the resources of a large organization.

He's entitled to gloat about the current mess, but since I'm not as convinced as he is that governments should be able to keep track of the whole economy, I remembered he'd been downright nasty about bitcoins, but I didn't think he'd mentioned anything about security problems. He hadn't.

Prediction is difficult, especially about the future, but this is an interesting case because Charlie is very smart, has spent a lot of time thinking about what's likely to happen, was looking for reasons to hate bitcoin, and had specific experience which would have given him another reason to hate bitcoin.... and he still didn't see the security problems coming. Alternate theory-- he did see the security problems, and didn't want to give a warning. I have no idea whether he's that sneaky.

I'm going with the honest mistake theory, and trying to figure out if there are ways to find out whether you've missed something important.

This entry was posted at http://nancylebov.dreamwidth.org/1035753.html. Comments are welcome here or there. comment count unavailable comments so far on that entry.

(14 comments | Leave a comment)

Comments
 
[User Picture]
From:autopope
Date:February 26th, 2014 03:45 pm (UTC)
(Link)
Hello?

Point of note: I don't hate cryptocurrencies in general. I just think that bitcoin's designers had a political agenda in mind and biased their implementation to promote it -- and it's one that I find repugnant.

As for the security issues, I thought they were so glaringly obvious they didn't need mentioning. Obviously I was wrong!
[User Picture]
From:metahacker
Date:February 26th, 2014 04:04 pm (UTC)
(Link)
Oops. Didn't notice you'd said all that already...
[User Picture]
From:nancylebov
Date:February 26th, 2014 04:17 pm (UTC)
(Link)
Fair enough. Do you know if anyone mentioned them?
[User Picture]
From:autopope
Date:February 26th, 2014 06:40 pm (UTC)
(Link)
They're obvious to anyone who's been reading comp.risks for the past 25 years. (Oops, I betray my background ...)
[User Picture]
From:theweaselking
Date:February 26th, 2014 07:33 pm (UTC)
(Link)
Risks of using Bitcoin in general? Yes, the non-reversability and the complete lack of owner authentication on transactions is mentioned in just about every article on Bitcoin.

Risks of data security when handling financial transactions in general: Uh, yes. Lots. A constant roar. Same goes for risks in web development, and in PHP use. It is extremely hard to do it right, very easy to do it wrong, and if you do it wrong once, you lose. Whereas if you do it right, you need to play again.

Risks of mt.gox specifically: Yeah. People have been complaining specifically about him, in the context of bitcoin, loudly, for years. I saw a reddit link to a complaint from 2011, for example, which went through step by step how that dude is not a safe coder at all.

And the mt.gox dude's own blog brags about the number of different things he's down, like rolling his own SSH library, in PHP, and putting it into production use on a commercial site. Which is pants-on-head-on-fire *WRONG* from every security or safety measure, bar none.


The problems were manyfold and obvious to anyone with even a slight IT security background, and well-discussed for even those without the background in many places, for years.

US-CERT is a terrifying (and informative!) place
[User Picture]
From:darius
Date:February 28th, 2014 08:19 am (UTC)
(Link)
I don't have a link handy, but I remember Mark S. Miller writing ~15 years ago that computer security would have to get very much better when real digital cash came into use. (He hoped for the better security to be ready before the digital cash, but we don't always get what we want.)
[User Picture]
From:metahacker
Date:February 26th, 2014 04:03 pm (UTC)
(Link)
Third possibility: he thought the risks too obvious to be worth pointing out. Handing your money to an unknown third party to "just hold for me" should be intuitively dangerous, but BC seems to have melted people's brains when it comes to security--believing its chain of logging allows security even when you give your money away...
[User Picture]
From:pickledginger
Date:February 26th, 2014 05:23 pm (UTC)
(Link)
Yes. An early purchase and recent but pre-scandal sale might.have been lovely, but otherwise, I'd just as soon play the shell game with a sidewalk swindler.
[User Picture]
From:sethg_prime
Date:February 26th, 2014 05:40 pm (UTC)
(Link)
It seems to me that anyone sufficiently paranoid about Big Government to be using bitcoins in the first place should be too paranoid to be depositing those bitcoins with strangers. For all we know, the NSA has been suborning programmers and sysadmins at Bitcoin exchanges.
[User Picture]
From:theweaselking
Date:February 26th, 2014 07:24 pm (UTC)
(Link)
No, no, you see, only the government is evil.

Fellow Randian Ubermensch are totally reliable. Besides, as a Randian Ubermensch yourself, you know that you cannot possibly be defrauded by anything other than coercive force, because you're too smart for that.
[User Picture]
From:whswhs
Date:February 26th, 2014 07:58 pm (UTC)
(Link)
Funny thing, that's quite contrary to Rand's own writings, which habitually pair "force and fraud," and in which many of the villains are businessmen. Not to mention that Rand pointedly rejected the Übermensch idea; there's an explicit denial that her heroes are "supermen" in Atlas Shrugged.

"It is his disciple/Shall make his labor vain."
[User Picture]
From:theweaselking
Date:February 26th, 2014 08:09 pm (UTC)
(Link)
Me: "as a Randian Ubermensch yourself, you know that you cannot possibly be defrauded by anything other than coercive force,"

You: that's quite contrary to Rand's own writings, which habitually pair "force and fraud,"

I don't think "contrary" means what you think it means.

Not to mention that Rand pointedly rejected the Übermensch idea; there's an explicit denial that her heroes are "supermen" in Atlas Shrugged.

... along with ample examples that yes, in fact, her heroes *are* superheroes who routinely do the impossible, are always correct, and who always succeed, and whose own coercive and fraudulent actions are totally okay and perfectly justified on the grounds that they're the heroes, therefore everything they do is moral.
[User Picture]
From:whswhs
Date:February 26th, 2014 05:13 pm (UTC)
(Link)
Whether governments can keep track of the whole economy or not, the prospect seems disturbingly parallel to having the NSA keep track of the whole Internet. Of course they won't use the information for any bad purpose, and none of their successors will, either. . . .
[User Picture]
From:sodyera
Date:February 27th, 2014 05:18 pm (UTC)
(Link)
So begins the pre-history of the United Federation of Planet's unit of currency, the Credit. At some point Real Soon Now, somebody's going to discover the Xerox code that will allow anybody to generate Oodles of Bitcoin and deposit them into Every bank account in the world. Suddenly everybody will have plenty of nothing, becuase the Bitcoin Xerox will credit just the same as cash. Suddenly, everyone will have everything and Nothing, and we'll all have to walk around with drawstring pouches full of Twinkies@, which will become the new gold standard. Each one will be unique and shall last forever, as long as its seals remain intact. And the price of the Twinkie shall be based on the price of its ingredients, therefore it will be commodity based.
nancybuttons.com Powered by LiveJournal.com