Archive for the ‘crypto’ Category

How to do cryptocurrency right

Sunday, October 8th, 2017

Proof of work tends to be inherently slow, has inherently high transaction costs, and the miner’s interests are not identical with those holding currency as a store of value and those using currency as a medium of exchange.

Proof of stake is nontrival to get right. It is a form of the infamously difficult to understand (and infamously difficult to program correctly) Paxos protocol. The Paxos protocol has the great advantage over the proof of work in that after an unpredictable and possibly large time, it announces a definite result, whereas with the bitcoin proof of work protocol, no result is ever final, it just becomes exponentially probable.

Ignore the carping that proof of stake is inherently flawed. Any implementation of proof of stake that is easy to understand is likely inherently flawed, that being the infamous nature of Paxos.

Bitcoin was genuinely decentralized from the beginning, and over time became more centralized. Big exchanges and a small number of big miners are on the path to inadvertently turning it into another branch of the oppressive and corrupt government fiat money system.

The new altcoin offering are for the most part not genuinely decentralized. They have a plan for becoming genuinely decentralized some time in the future, but the will and ability to carry the plan through has not been demonstrated.

Assume that, instead of everyone being a peer, we have few dozen or so peers, the peers distributed among several nuclear armed jurisdictions, and each peer has a hundred million or so clients, and each peer stores the entire blockchain forever.

OK, we are talking rather large peers. A terabyte of storage, a hundred dollars worth, will keep one of them going for a week. Say two terabytes for redundancy. I don’t think cost of storage is going to be a significant problem.

Scaling, however, is the hard problem. Making enormous amounts of storage actually useful and effective is the problem. The amount of storage per client is absolutely insignificant. The amount of bandwidth per client is absolutely insignificant. Having a useful connection between enormous numbers of clients and enormous amounts of storage via enormous amounts of bandwidth is the hard part.

Prompt response is another problem. It inherently takes time, and potentially large and unpredictable time, to reach consensus on the blockchain.

We can, however, have fast trust base responses followed by consensus: Since the peers are pretty big, you can trust a peer for your payment during the short time it takes for consensus to settle.

The way this would work is that every client is hosted by a peer. If his host should crash, or turn evil, he can move to another peer, though during the move he will not be able to make fast transactions. When he makes a payment, the peer hosting him testifies that this is not a double spend, and the payment is instantly flagged to the recipient as cleared – but it does not get flagged as settled, and the recipient cannot spend the payment, until it gets incorporated into the blockchain consensus, about twenty minutes later. Since the peers are big and long lived, you can trust them with your money for half an hour or so, and if you don’t want to trust them,, or you don’t trust some of them, you just wait for the transaction to be incorporated into the consensus.

A bad time to invest in Bitcoin

Sunday, October 8th, 2017

Back in 2013 I urged people to invest in Bitcoin.

Yesterday someone asked my cleaning lady to invest in Bitcoin.

Now if someone had asked her to accept payment in Bitcoin, or send payment in Bitcoin, then this would be compelling evidence that one should invest in Bitcoin.

But when cleaning ladies are asked to invest in Bitcoin, not a good investment.

When Bitcoin began, everyone was a miner, and everyone was a peer, everyone stored the entire blockchain. Which was great, but did not scale. And now people are struggling with half assed ideas about how to get it to scale.  Bitcoin can no longer deliver on its original promises, has not figured out what new promises to make, and many of the new promises are unworkable, or are scams, or are likely to turn into scams.


Monday, September 25th, 2017

Our financial system is corrupt and oppressive. Cryptocurrencies represent an opportunity to route around that system, and make lots of money doing so.

Cryptocurrency is real, and presents the opportunity to make enormous amounts of money. Also, cryptocurrency scams are real, and present the opportunity to lose enormous amounts of money. Like the dot-com bubble in the 90s, you can add the concept of blockchain to just about anything and have a ‘business’ worth millions, no matter how idiotic the original idea. The vast majority of initial coin offerings are investments in businesses that are not providing anyone with any value, have no real customers and no obvious prospect of ever having any real customers.

The successful altcoin will be genuinely decentralized, as bitcoin was designed to be, originally was, and to some extent still is. Most of the altcoins, possibly all of them except the Bitcoins and Ethereum, are furtively centralized.

It will use, or at least offer the option, of Zooko type wallet names, as Bitcoin and Ethereum do.

It will be scalable to enormous numbers of transactions with low transaction costs, as Steemit and Ripple are, but Bitcoin and Ethereum are not.

It will support sidechains, and exchanges will be sidechained.

It will be a blogging and tweeting platform, as Steemit is, and will be a decentralized blogging and tweeting platform, as Steemit is not.

Every website reporting on the altcoin boom and the initial coin offering boom has an incentive to not look too closely at the claimed numbers. Looks to me that only Bitcoin and have substantial numbers of real users making real arms length transactions. Maybe Ethereum and Ripple also. The rest are unlikely to have any significant number of real, arms length, users. The white papers don’t tell you the qualifications of the people running the operation, or what they are going to do, what milestones they hope to reach.

The crypto coin business is full of scammers, and there is no social pressure against scammers, no one wants to look too closely, because a close look would depress the market. There is no real business plan, no very specific or detailed idea of how the coin offering service is going to be of value, how it is going to get from where it is now, to where it is going to usefully be. It is very hard to find out how many real users a crypto currency has, and how much stuff is available denominated in that crypto currency.

Most of the alt currencies are just me-too copies of bitcoin, not adding any substantial value, and/or they cannot scale, and they are deceptive about how centralized and how vulnerable to state attack they are. Nearly all of them are furtively centralized, as Bitcoin never was. They all claim to be decentralized, but when you read the white paper, as with Waves, or observe actual practice, as with Steemit, they are usually completely centralized, and thus completely vulnerable to state pressure, and quite likely state seizure as an unregulated financial product, thus offer no real advantage over conventional financial products. When you buy an initial coin offering, you are usually buying shares, usually non voting shares, in a business with no assets and no income and no clear plan to get where they will have assets and income, as in the dot com boom.

The numbers show that Bitcoin is number one, ethereum number two, ripple number four, and number eighteen, but my wild assed guess is that Bitcoin is number one, steemit number two, ethereum number three. I have absolutely no idea where ripple stands. No one is providing data that would enable us to estimate real, arms length users.

Bitcoin exchanges are banks, and banks naturally become fractional reserve institutions. Bitcoin exchanges are furtively and secretly investing customer deposits, without reporting the resulting term transformation.

Genuinely free market banks, and bitcoin exchanges are genuinely free market banks, have a financial incentive to engage in term transformation – borrow short, lend long. Which is great for everyone until a rainy day comes, rains on everyone, and everyone withdraws their deposits all at the same time, and suddenly all those long term loans cannot be liquidated except at a loss, whereupon the banks exchanges turn to the state, and so begin the transition from a backed currency to a state currency, ceasing to be free market banks.

The trouble with fractional reserve is that free market banks, banks trading in a backed, rather than state, currency, tend to deny, understate and misrepresent the term transformation risk, making them slowly, and often unintentionally, drift into becoming scams. If the reserve fraction is visible to customers, then we could rely on caveat emptor. Right now, however, every bitcoin exchange is drifting into becoming a scam.

We need, and we could easily have but do not have, a system where the amount of bitcoins owed to customers by an exchange is knowable and provable, and the amount of bitcoins owned by an exchange is knowable and provable, so that the reserve fraction is visible, whereupon the exchange would have to provide information about the extent and nature of its term transformation, or else would likely lose customers, or at least would lose large, long term customers. This would involve the decentralized cryptocurrency making each exchange a sidechain operating a centralized cryptocurrency backed by the decentralized cryptocurrency. Which would also help mightily with scaling.

Bitcoin and ethereum is truly decentralized, in that it is a protocol that any entity can use, and that in practice lots of entities do use. If the government grabs some hosts, or some hosts do bad things, they can just be ignored, and the system continues elsewhere. They also use Zooko type identities, which in practice means your wallet name looks like line noise. This is outstandingly user hostile, and a reason so many people use exchanges, but it provides the core of resistance to state power.

Unfortunately, Bitcoin and Ethereum face scaling limits. Maybe ethereum will fix its scaling limits. Bitcoin does not seem to be fixing them. This makes Bitcoin and Ethereum transactions inherently expensive, which is likely to prevent them from replacing the corrupt and oppressive US government controlled financial system. has a far superior design which does not result in scaling limits – although we have yet to see how its witness election system will perform at scale – as the system scales, money holders have less incentive to vote, less incentive to vote responsibly, and voting will inherently cost more. is also highly centralized. The altcoin that will win will be the one needs to be scalable all the way to Visa and Mastercard levels, and needs to be visibly decentralized, visibly resistant to state seizure, and needs to have a mechanism that makes the fractional reserves of exchanges visible to exchange users.

Bitcoin was genuinely decentralized from the beginning, and over time became more centralized. Big exchanges and a small number of big miners are on the path to inadvertently turning it into another branch of the oppressive and corrupt government fiat money system.

The new altcoin offering are for the most part not genuinely decentralized. They have a plan for becoming genuinely decentralized some time in the future, but the will and ability to carry the plan through has not been demonstrated.

I like the steemit design. The witness system is scalable, the witness election system has problems which may be fixable, or may be inherent.

But I have a suspicion that investing in steemit is only going to profit whoever owns, not the owners of steemit currency.

According to Steemit documentation, it looks like a well designed cryptocurrency that deserves to replace Bitcoin, because it is more scalable, more user friendly, and more immediately usable.

Well, that is what it looks like. Except its front end is the website, and any one website can easily be seized by the feds. If actually decentralized, it should be a bunch of websites using a common crypto currency and a common identity system,

Remember usenet: A common protocol, and an internal name system. The particular host through which you accessed it did not matter all that much, because all hosts had to behave much the same. Steemit should be something like usenet with money, and it is not.

The way usenet worked, anyone (meaning anyone’s computer and his client program) could join as a client by having an agreement with a host, and anyone (meaning anyone’s powerful and well connected computer system) could join as a host by having an agreement with a few existing members.

A successful altcoin needs to be a blogging platform like Steemit, but it also needs to be a federation, like Usenet or Mastodon. Many of the blogs will be offering goods or services for cryptocurrency.

Then one could be more sure that success of the federation currency would benefit owners of the currency, rather than owners of a single central website.

Needs to be Mastodon with the ability to support a blog like post, and like Steemit, and unlike Mastodon, to send and receive money. is with the ability to send and receive money.

Bitcoin has a decentralized name system, rooted in Zooko style names that are not human intelligible. Its resistance to state power comes partly from the fact that there are several miners and anyone can be a miner, and partly from its decentralized name system.

Steemit has a communication and blogging system. But if I hold steemit currency, connects that to my phone number, which the government connects to my true name. All that handy dandy data that the government would like all in one place that you can serve a warrant on or mount a raid on. Or just sell for profit.

Need a decentralized communication, identity, name, and blogging system, unlike’s centralized communication and blogging system, and a name system that is resistant to government intervention and control, like Bitcoin’s name system. Thus the blogs offering goods and services for crypto currency will be resistant to regulation or seizure by the state. When a ruler meddles as much as our state does, he gives dangerously great power to those dangerously close to him. The regulatory state inevitably drifts into anarcho tyranny, or, like Venezuela, into violent and chaotic anarchy.

But we also want human readable names. How can we square Zooko’s triangle? (As Aaron Schwarz famously asked, and then infamously gave a very stupid answer.) I will give my answer as to how a crypto currency can square Zooko’s triangle in a following post. (The answer being, much as namecoin does it.)

Censoring the internet

Saturday, August 26th, 2017

Racist sites are being taken off the internet. Expect “racist” sites to follow.

The internet is built to resist censorship, and it is time for alt tech that takes advantage of this. patronize, duckduckgo, hatreon, and, assuming that they are still up by the time you read this. If they are not, namecoin and tor.

The bitcoin crisis

Thursday, June 29th, 2017

There can only be one.

There can only be one money, at the root of all others. Money is a measure of value, a store of value, and a medium of exchange, and you want to uses the same medium of exchange and measure of value as everyone else.

At the very beginning, I said the trouble with bitcoin, as originally designed, is that it does not scale. Everyone, to be a peer, to be an equal participant, has to store and process everyone else’s transactions, thus the cost of each transaction increases with the number of peers. I estimate the current cost of a transaction to be about a thousand dollars, most of which is carried by people speculating in bitcoin, hoping that as the USG empire collapses, bitcoin, rather than gold, will replace the dollar.

Bitcoin is reaching, indeed has substantially exceeded, its inherent limits. For it to become the one, it has to get away from a system where everyone processes everyone’s transactions, and stores everyone’s transactions.

The sidechain proposal is a way of getting away from that without a hard fork, so that your transactions are not seen by everyone, merely by enough people, and not stored by everyone forever, but only by a very small number of people forever.

Altcoins are hard fork proposals, which if they fix the scaling problem could become the one. At present the total value of altcoins is roughly equal to the total value of bitcoins.

At present, the true cost of bitcoin transactions is so outrageously high it cannot possibly become the one. It must die, and everyone invested in bitcoins will lose all their money, unless the sidechain proposal provides a forkless path to a world in which the true cost of bitcoin transactions is reduced to something reasonable.

But the interest in crypto currencies is so very great, the amount of money invested in crypto currencies is so very great, that one shall succeed. The amount of serious money invested is so very great that it looks overwhelmingly likely that as the USG empire falls, crypto currency, rather than gold, will replace the US$.

And that one shall be one that allows low, rather than hidden, transaction costs. Likely an altcoin rather than bitcoin, because the weight of special interests in bitcoin makes it hard to get to there from here.

But the wise investor should invest in gold, should invest in bitcoin in the hope that the scaling problems can be fixed without a hard fork, and should invest in an altcoin that has solved the scaling problem. And the last time I took a good look, none of them had actually solved the scaling problem, though many of them were hoping to solve it, claiming they had solved it, or had plans for eventually solving it.

The sidechain proposal has been kicked around for three years, and bitcoin’s transaction cost has been getting rapidly worse all this time.

Anyone who invests in bitcoin, is investing hoping that scaling can be fixed, for if scaling is not fixed, bitcoin will surely die. The current true cost of bitcoin transactions is absolutely unsustainable.

Tor compromised

Wednesday, July 20th, 2016

It has long been known that much of the resources for Tor are provided by US spy agencies. Which is not necessarily a bad thing, since they might want a means for communicating that no one can spy on.

However, Lucky Green, a key figure in the privacy community, has issued a warrant canary – what you issue when you are forbidden to tell people you have had a warrant served on you.

The canary fails to tell us that a US spy agency is inside his servers in a way that tells us that a US spy agency now is inside his servers and a many other Tor servers.

In a warrant canary, you say what you are forbidden to say by failing to say things that you would otherwise be expected to say.

This inclines me to Moldbug’s solution, assuming his interpreter and compiler can be sufficiently small and self contained that one can make sure that everyone runs the same one. But if the interpreter and compiler exceed sixteen thousand lines, then defending them against this sort of attack becomes difficult.

Against urbit

Tuesday, April 5th, 2016

The world is moving to cloud computing – which means that the world is moving to giant megacorps that are excessively cozy with the government owning all your data.

Which, as general David Petraeus discovered, can be really bad for you. Google tipped off his enemies, not by reading his email, though they did read his email, but by tracking where he was when he logged in to gmail. Which is why Hillary likes to keep her email server’s database on a thumb drive that she personally controls. Supposedly this is bad for national security, but I am pretty sure it is mighty good for Hillary’s security.

Urbit is intended to fix this:

Your urbit is a personal server: a persistent virtual computer in the cloud that you own, trust, and control.

Unfortunately urbit is also a language, a rather weird language, and a language that is interpreted rather than compiled.

A compiler can compile itself, and usually does. An interpreter cannot interpret itself.

Urbit, as a language, is kind of like Haskell as a language.   Except that Haskell has a compiler, which is a huge advantage.

Let us suppose you want to multiply two times three in Haskell:

Well if you multiply two by three in C++, the compiler generates code that loads the number two into a register, loads the the number three into another register, multiplies the registers together, then stores the result where you tell it to store it.

If you multiply two by three in Haskell, the interpreter first creates a function to multiply any number by two, then applies that function to the number three, and it does not store the result. Which means if you have any non trivial program, it is pretty hard to figure out what the program is actually doing and how much time and memory space the task is going to take. Except that you can be pretty sure it is going to take more time and more memory space than doing it in C++.

Does anyone actually use anything written in Haskell?  All alleged successful uses of Haskell are in-house usages – the man who uses the program is the man who wrote the program.   We don’t see someone writing something in Haskell, and then large numbers of other people using his software.  If you google any standard language, you get lots of hits of people wrestling with vast amounts of data used by vast numbers of people.  If you google functional languages, you get academics playing interesting and clever games for the entertainment of other academics.

I rather suspect that no one except Yarvin is likely to be able to write any large efficient program in Urbit.

In order for Urbit “your personal server on the cloud” to be useful, your personal server needs to provide tools that are the functional equivalent of blogging, tweeting, reddit, facebook, Github, email, the pirate bay, the silk road, ebay, and such.  Tools whereby you can use your personal server to securely interact with other people.

Not seeing specs for such tools.   Such tools seem like a lot of work.

The huge advantage of a language such as Urbit is that the cloud is inherently massively parallel, and Urbit is designed to be inherently adapted to massive parallelism.  Your personal server on the cloud can scale – enormously.  Which is more of an advantage if you are a giant corporation.  And even so, giant corporations do not use such languages, because they are hard.

Something like Urbit is the right way to do things in a massively networked environment.  But it is an enormous and difficult task.  Writing a compiler would not be such a big job compared to all the other jobs that have to be done to make Urbit useful.

Urbit is a bright idea.  It is a correct idea.  But it is a really big job.


Bitcoin crisis

Friday, January 15th, 2016

Back in the beginning, I argued bitcoin would not scale.

The counter argument was that we could muddle our way through somehow with ad hoc solutions, which could be sort of true, in principle.

The scaling problems started to bite in 2013.  They are now biting really hard.

The scaling problems are now well and truly here.  Downloading the blockchain is slow and expensive.  Doing transactions is slow, unpredictable, expensive, and unpredictably expensive.

Any solutions hurt, are partial, incomplete, unsatisfactory, and will  disadvantage some people financially.   Civil war in the bitcoin community has ensued over which people it is to be.

That outcomes are determined by weight of computing power (the miners) rather than weight of bitcoins owned has led to problems.  The miners don’t face the same incentives as the people trying to do bitcoin based businesses.

Bitcoin has grown to about as large as it can get.  It is doing about as many transactions as it can do, arguably rather more transactions that it is really suited for doing.  Any fixes are at best small tune ups to get a little bit more performance out of the system, are at worst just burden shifting and burden hiding – hence the civil war. I have been trying to design a coin that could scale, by having a dispersed blockchain, where no one entity has to keep all transactions.   You keep your own transactions, and summary information about entities you transact with, and summary aggregate information about all transactions, and the chain of hashes that links the ownership of your money and your transactions into the global hash, which chain would only grow as log of the total number of transaction, rather than grow with the total number of transactions. This means that parts of the blockchain will get lost temporarily or permanently, and the problem is to create a method for dealing with such losses that does not give anyone incentive to cause such losses, apart from the general deflation that such losses cause.  Have been trying to design this for some time.  Not making much progress these days.

Another solution, compatible with existing bitcoin is to have account based money built on top of bitcoin, bitcoin backed banks, analogous to gold backed banks.  People are talking about this solution, but not actually implementing it, even though it seems a good deal easier than the solution that I proposed.

Tim Cook “I am proud to be gay” spys on Mac users

Saturday, November 8th, 2014

In the recent release of the Mac operating system:

If you set up an email that does not belong to Apple, the OS phones your email domain home to Apple to help them dox you.

No matter who you use a search provider, the browser reports your search strings to Apple

Silk Road 2.0 goes down

Saturday, November 8th, 2014

“This hidden site has been seized”

We are going to need a heavily decentralized solution, so that if a relatively small number of nodes get shut down or taken over by law enforcement, the network continues to function correctly, and, because no single node is central, no single node has traffic patterns that make it stand out.

The Tor hidden site system will always fail if a hidden site generates too much traffic for too long. We need a non Tor solution for publishing and curating reputations and performing transactions.