Tuesday, November 30, 2021

Hidden Certificate Authorities

The security of encrypted Web traffic depends upon a set of Certificate Authorities (CAs). Browsers and operating systems are configured with a list of CAs that they trust. The system is brittle, in the sense that if any of the multitude of CAs that your browser trusts is incompetent or malign, the security of all your traffic is imperiled. I've written several times on the topic of misbehaving CAs; there is a list of links at the end of the post.

In Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure, Thomas Claiburn reports on an important paper, Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem by Yiming Zhang et al. This paper looks at what happens when, by fair means or foul, unofficial entries are added to or replace the CAs in the official list that your browser trusts. Below the fold I discuss their findings.

Tuesday, November 16, 2021

The $65B Prize

Senator Everett Dirksen is famously alleged to have remarked "a billion here, a billion there, pretty soon you're talking real money". There are a set of Bitcoin wallets containing about a million Bitcoins that are believed to have been mined by Satoshi Nakamoto at the very start of the blockchain in 2008. They haven't moved since and, if you believe the bogus Bitcoin "price", are currently "worth" $65B. Even if you're skeptical of the "price", that is "real money". Below the fold, I explain how to grab these million Bitcoin and more for yourself.

Thursday, November 11, 2021

I Confess To Right-Clicker-Mentality

"Worth $532M"
Both Cory Doctorow and Matthew Gault and Jordan Pearson have fun with the latest meme about NFTs, "Right-Clicker-Mentality". (Tip of the hat to Barry Ritholtz)

Gault and Pearson explain the meme:
what is the “right-clicker mentality”? Quite literally, it is referring to one’s ability to right-click on any image they see online to bring up a menu and select the “save” option in order to save a copy of the image to their device. In this term we have a microcosm of the entire philosophical debate surrounding NFTs.
I join in below the fold.

Thursday, November 4, 2021

Making Sure "Number Go Up"

Fake it till you make it is the way Silicon Valley works these days, as exemplified by Theranos, Uber, WeWork and many other role models. It is certainly the case with cryptocurrencies. Would you believe that an NFT of this image was worth $532M? How about nearly $1.1B? Most numbers that are quoted about cryptocurrencies are fake, in the sense that they are manipulated in order to fool the press, and thereby buy time until they become "too big to fail".

The credulous press reports make it look like the cryptocurrency market is much bigger and much more successful that it really is, further inflating the bubble. Below the fold, I provide a set of examples of the techniques that are used to fuel the mania.

Tuesday, October 26, 2021

We Are So Screwed

Last month I wrote The Looming Fossil Fuel Crash to refine my thoughts for a discussion with my financial advisers. The TL;DR was that the short-term focus and slow, corrupted decision-making process of large companies and institutions means that their response to the need to transition to low-carbon energy will be too slow and too late. The result will be a sudden crash in the value of fossil fuel and related stocks, enough to tank the whole market.

In case you think I'm panicing, the New York Times catches up with me in U.S. Warns Climate Poses ‘Emerging Threat’ to Financial System by Alan Rappeport and Christopher Flavelle:
Climate change is an “emerging threat” to the stability of the U.S. financial system, top federal regulators warned in a report on Thursday, setting the stage for the Biden administration to take more aggressive regulatory action to prevent climate change from upending global markets and the economy.
Higher temperatures are leading to more natural disasters, such as hurricanes, wildfires and floods. These, in turn, are resulting in damaged property, lost income and disruptions to business activity that threaten to alter how assets, such as real estate, are valued.

At the same time, the move away from fossil fuels could cause a sudden drop in the price of stocks and other assets tied to oil, gas, coal and other energy companies, or sectors that rely on them such as carmakers and heavy manufacturing. Such a shift could hurt the stock market, retirement savings and other parts of the financial sector.
Below the fold, an even more depressing update.

Friday, October 22, 2021

A Quarter-Century Of Preservation

The Internet Archive turned 25 yesterday! Congratulations to Brewster and the hordes of miniature people who have built this amazing institution.

For the Archive's home-town newspaper, Chase DiFeliciantoni provided a nice appreciation in He founded the Internet Archive with a utopian vision. That hasn't changed, but the internet has:
Kahle’s quest to build what he calls “A Library of Alexandria for the internet” started in the 1990s when he began sending out programs called crawlers to take digital snapshots of every page on the web, hundreds of billions of which are available to anyone through the archive’s Wayback Machine.

That vision of free and open access to information is deeply entwined with the early ideals of Silicon Valley and the origins of the internet itself.

“The reason for the internet and specifically the World Wide Web was to make it so that everyone’s a publisher and everybody can go and have a voice,” Kahle said. To him, the need for a new type of library for that new publishing system, the internet, was obvious.

We (virtually) attended the celebration — you can watch the archived stream here., and please donate to help with the $3M match they announced.

Friday, October 15, 2021

A Writer I Admire

Wouldn't it be great to write like Maciej Cegłowski? I've riffed off many of his riveting talks, including What Happens Next Will Amaze You, Haunted By Data, The Website Obesity Crisis and Anatomy of a Moral Panic. Now, in a must-read tweetstorm, Cegłowski takes on "Web3", the emerging name for the mania surrounding blockchains and cryptocurrencies. He starts from this tweet:
The replies it garnered are hilarious. Below the fold, some extracts from Cegłowski to persuade you to read his whole thread (Unroll here).

Thursday, October 14, 2021

The Great Mining Migration

China's Cryptocurrency Crackdown has been dramatically effective. The total hashrate dropped by over a half from its peak before recovering. As I write it is still down about 15% from the peak.

The latest figures from the Cambridge Bitcoin Energy Consumption Index provide more detail on what happened. In May China was producing 70.9 Exahash/sec and 44% of the total, as against 75% in 2019. In July, it produced none, triggering the collapse in the hash rate.

The gradual recovery happened as the containers of mining rigs reached their destinations, which by August were mostly in the US (42.7 Exahash/sec), Kazakhstan (21.9 Exahash/sec) and Canada (11.5 Exhash/sec).

If the migration continues to favor the US and Canada, which as of August accounted for about 45% of the total, it would bring closer the ability of Western nations to turn off Bitcoin, as outlined in Unstoppable Code?.

Friday, October 8, 2021

Talk At "Blockchain for Business" Conference

I was invited to be on a panel at the University of Arkansas' "Blockchain for Business" conference together with John Ryan and Dan Geer. Below the fold are my introductory remarks.

Tuesday, October 5, 2021

Cryptocurrency's Carbon Footprint Underestimated

Back in April I wrote Cryptocurrency's Carbon Footprint about the catastrophic carbon emissions of Proof-of-Work cryptocurrencies such as Bitcoin. It now turns out that I didn't know that half of it; the numbers I and everyone else has been using are greatly underestimated. Below the fold, based on my no doubt somewhat inadequate methodology, the real story.

Thursday, September 30, 2021

The Looming Fossil Fuel Crash

In 2018's It Isn't About The Technology I wrote about Charlie Stross' concept that corporations are "Slow AIs":
Stross uses the Paperclip Maximizer thought experiment to discuss how the goal of these "slow AIs", which is to maximize profit growth, makes them a threat to humanity. The myth is that these genius tech billionaire CEOs are "in charge", decision makers. But in reality, their decisions are tightly constrained by the logic embedded in their profit growth maximizing "slow AIs".
Below the fold, I apply this insight to the impact of climate change on "the market".

Thursday, September 23, 2021

Central Bank Digital Currency

Central bank digital currency: the future starts today, a speech by Benoît Cœuré, Head of the Innovation Hub at the Bank for International Settlements identifies a number of problems that central banks face:
Big techs are expanding their footprint in retail payments. Stablecoins are knocking on the door, seeking regulatory approval. Decentralised finance (DeFi) platforms are challenging traditional financial intermediation. They all come with different regulatory questions, which need fast and consistent answers.

Banks are worried about the implications of CBDCs for customer deposits. Central banks are mindful of these concerns and are working on answers. They see banks as part of future CBDC systems. But make no mistake: global stablecoins, DeFi platforms and big tech firms will challenge banks' models regardless.

Stablecoins may develop as closed ecosystems or "walled gardens", creating fragmentation. With DeFi protocols, any concerns about the assets underlying stablecoins could see contagion spread through a system. And the growing footprint of big techs in finance raises market power and privacy issues, and challenges current regulatory approaches.
Below the fold I discuss the idea of CBDCs

Tuesday, September 14, 2021


When I retired more than 4 years ago a top-priority task to keep me occupied was cleaning out the garage. It turned out that there were a lot of other things to do, and I never made it to the La-Z-Boy, let alone the mess in the garage.

As this Labor Day long weekend approached Vicky became very insistent that that we at least start actually doing some clearing. Our first target was the many boxes of books, a good portion of which were from the eclectic collection of the late Mark Weiser. In among them we found this 1998 CD, a relic of the early days of the Web when it was generally understood that the Web's business model would be micropayments.

Below the fold I discuss the history of what Paul Krugman would probably call a "zombie idea".

Monday, September 6, 2021

Excess Deaths (Updated)

It is difficult to comprehend how abject a failure the pandemic response in countries such as the US and the UK has been. Fortunately, The Economist has developed a model estimating excess deaths since the start of the pandemic. Unfortunately, it appears to be behind their paywall. So I have taken the liberty of screen-grabbing a few example graphs.

This graph compares the US and Australia. Had the US handled the pandemic as well as Australia (-17 vs. 250 per 100K), about 885,000 more Americans would be alive today. With a GDP per capita about $63.5K/year, this loses the economy about $56B/year.

This graph compares the UK and New Zealand. Had Boris Johnson handled the pandemic as well as Jacinda Arden (-49 vs. 170), about 149,000 more Britons would be alive today. With a GDP per capita about $42K/year, this loses the economy about $6.3B/year.

A graph is worth a thousand words. Below the fold, a little commentary.

Tuesday, August 31, 2021

Economies Of Scale

Steve Randy Waldman is a very interesting writer. He has a fascinating short post entitled Economies of scale in which he distinguishes four different types of "economies of scale". In reverse order, they are:
  1. Insurance
  2. Market power
  3. Network effects
  4. Technical economies
The effects of economies of scale in technology markets, such as storage media, digital preservation and cryptocurrencies, is a topic on which I have written many times, drawing heavily on W. Brian Arthur's 1994 book Increasing Returns and Path Dependence in the Economy. Below the fold I discuss Waldman's classification of them.

Tuesday, August 24, 2021


On the 16th Tom Krisher reported that US Opens Formal Probe Into Tesla Autopilot System:
The U.S. government has opened a formal investigation into Tesla’s Autopilot partially automated driving system after a series of collisions with parked emergency vehicles.

The investigation covers 765,000 vehicles, almost everything that Tesla has sold in the U.S. since the start of the 2014 model year. Of the crashes identified by the National Highway Traffic Safety Administration as part of the investigation, 17 people were injured and one was killed.

NHTSA says it has identified 11 crashes since 2018 in which Teslas on Autopilot or Traffic Aware Cruise Control have hit vehicles at scenes where first responders have used flashing lights, flares, an illuminated arrow board or cones warning of hazards.
The agency has sent investigative teams to 31 crashes involving partially automated driver assist systems since June of 2016. Such systems can keep a vehicle centered in its lane and a safe distance from vehicles in front of it. Of those crashes, 25 involved Tesla Autopilot in which 10 deaths were reported, according to data released by the agency.
On the 19th Katyanna Quach reported that Senators urge US trade watchdog to look into whether Tesla may just be over-egging its Autopilot, FSD pudding:
Sens. Edward Markey (D-MA) and Richard Blumenthal (D-CT) put out a public letter [PDF] addressed to FTC boss Lina Khan on Wednesday. In it, the lawmakers claimed "Tesla’s marketing has repeatedly overstated the capabilities of its vehicles, and these statements increasingly pose a threat to motorists and other users of the road."
These are ridiculously late. Back in April, after reading Mack Hogan's Tesla's "Full Self Driving" Beta Is Just Laughably Bad and Potentially Dangerous, I wrote Elon Musk: Threat or Menace?:
I'm a pedestrian, cyclist and driver in an area infested with Teslas owned, but potentially not actually being driven, by fanatical early adopters and members of the cult of Musk. I'm personally at risk from these people believing that what they paid good money for was "Full Self Driving". When SpaceX tests Starship at their Boca Chica site they take precautions, including road closures, to ensure innocent bystanders aren't at risk from the rain of debris when things go wrong. Tesla, not so much.
I'm returning to this topic because an excellent video and two new papers have shown that I greatly underestimated the depths of irresponsibility involved in Tesla's marketing.

Thursday, August 19, 2021

Optical Media Durability Update

Three years ago I posted Optical Media Durability and discovered:
Surprisingly, I'm getting good data from CD-Rs more than 14 years old, and from DVD-Rs nearly 12 years old. Your mileage may vary.
Two years ago I repeated the mind-numbing process of feeding 45 disks through the reader and verifying their checksums. A year ago I did it again.

It is time again for this annual chore, and yet again this year I failed to find any errors. Below the fold, the details.

Tuesday, August 17, 2021

Zittrain On Internet Rot

I spent two decades working on the problem of preserving digital documents, especially those published on the Web, in the LOCKSS Program. So I'm in agreement with the overall argument of Jonathan Zittrain's The Internet Is Rotting, that digital information is evanescent and mutable, and that libraries are no longer fulfilling their mission to be society's memory institutions. He writes:
People tend to overlook the decay of the modern web, when in fact these numbers are extraordinary—they represent a comprehensive breakdown in the chain of custody for facts. Libraries exist, and they still have books in them, but they aren’t stewarding a huge percentage of the information that people are linking to, including within formal, legal documents. No one is. The flexibility of the web—the very feature that makes it work, that had it eclipse CompuServe and other centrally organized networks—diffuses responsibility for this core societal function.
And concludes:
Society can’t understand itself if it can’t be honest with itself, and it can’t be honest with itself if it can only live in the present moment. It’s long overdue to affirm and enact the policies and technologies that will let us see where we’ve been, including and especially where we’ve erred, so we might have a coherent sense of where we are and where we want to go.
In our first paper about LOCKSS, Vicky Reich and I wrote:
Librarians have a well-founded confidence in their ability to provide their readers with access to material published on paper, even if it is centuries old. Preservation is a by-product of the need to scatter copies around to provide access. Librarians have an equally well-founded skepticism about their ability to do the same for material published in electronic form. Preservation is totally at the whim of the publisher.

A subscription to a paper journal provides the library with an archival copy of the content. Subscribing to a Web journal rents access to the publisher’s copy. The publisher may promise "perpetual access", but there is no business model to support the promise. Recent events have demonstrated that major journals may vanish from the Web at a few months notice.
Although I agree with Zittrain's big picture, I have some problems with his details. Below the fold I explain the issues I have with them.

Tuesday, August 10, 2021

The Economist On Cryptocurrencies

The Economist edition dated August 7th has a leader (Unstablecoins) and two articles (in the Finance section (The disaster scenario and Here comes the sheriff).

The leader argues that:
Regulators must act quickly to subject stablecoins to bank-like rules for transparency, liquidity and capital. Those failing to comply should be cut off from the financial system, to stop people drifting into an unregulated crypto-ecosystem. Policymakers are right to sound the alarm, but if stablecoins continue to grow, governments will need to move faster to contain the risks.
But even The Economist gets taken in by the typical cryptocurrency hype, balancing current actual risks against future possible benefits:
Yet it is possible that regulated private-sector stablecoins will eventually bring benefits, such as making cross-border payments easier, or allowing self-executing “smart contracts”. Regulators should allow experiments whose goal is not merely to evade financial rules.
They don't seem to understand that, just as the whole point of Uber is to evade the rules for taxis, the whole point of cryptocurrency is to "evade financial rules".

Below the fold I comment on the two articles.

Tuesday, August 3, 2021

Stablecoins Part 2

I wrote Stablecoins about Tether and its "magic money pump" seven months ago. A lot has happened and a lot has been written about it since, and some of it explores aspects I didn't understand at the time, so below the fold at some length I try to catch up.

Thursday, July 29, 2021

Economics Of Evil Revisited

Eight years ago I wrote Economics of Evil about the death of Google Reader and Google's habit of leaving its customers users in the lurch. In the comments to the post I started keeping track of accessions to le petit musée des projets Google abandonnés. So far I've recorded at least 33 dead products, an average of more than 4 a year. Two years ago Ron Amadeo wrote about the problem this causes in Google’s constant product shutdowns are damaging its brand:
We are 91 days into the year, and so far, Google is racking up an unprecedented body count. If we just take the official shutdown dates that have already occurred in 2019, a Google-branded product, feature, or service has died, on average, about every nine days.
Below the fold, some commentary on Amadeo's latest report from the killing fields, in which he detects a little remorse.

Tuesday, July 27, 2021

Yet Another DNA Storage Technique

An alternative approach to nucleic acid memory by George D. Dickinson et al from Boise State University describes a fundamentally different way to store and retrieve data using DNA strands as the medium. Will Hughes et al have an accessible summary in DNA ‘Lite-Brite’ is a promising way to archive data for decades or longer:
We and our colleagues have developed a way to store data using pegs and pegboards made out of DNA and retrieving the data with a microscope – a molecular version of the Lite-Brite toy. Our prototype stores information in patterns using DNA strands spaced about 10 nanometers apart.
Below the fold I look at the details of the technique they call digital Nucleic Acid Memory (dNAM).

Tuesday, July 20, 2021

Alternatives To Proof-of-Work

The designers of peer-to-peer consensus protocols such as those underlying cryptocurrencies face three distinct problems. They need to prevent:
  • Being swamped by a multitude of Sybil peers under the control of an attacker. This requires making peer participation expensive, such as by Proof-of-Work (PoW). PoW is problematic because it has a catastrophic carbon footprint.
  • A rational majority of peers from conspiring to obtain inappropriate benefits. This is thought to be achieved by decentralization, that is a network of so many peers acting independently that a conspiracy among a majority of them is highly improbable. Decentralization is problematic because in practice all successful cryptocurrencies are effectively centralized.
  • A rational minority of peers from conspiring to obtain inappropriate benefits. This requirement is called incentive compatibility. This is problematic because it requires very careful design of the protocol.
In the rather long post below the fold I focus on some potential alternatives to PoW, inspired by Jeremiah Wagstaff's Subspace: A Solution to the Farmer’s Dilemma, the white paper for a new blockchain technology.

Thursday, July 15, 2021

A Modest Proposal About Ransomware

On the evening of July 2nd the REvil ransomware gang exploited a 0-day vulnerability to launch a supply chain attack on customers of Kaseya's Virtual System Administrator (VSA) product. The timing was perfect, with most system administrators off for the July 4th long weekend. By the 6th Alex Marquardt reported that Kaseya says up to 1,500 businesses compromised in massive ransomware attack. REvil, which had previously extorted $11M from meat giant JBS, announced that for the low, low price of only $70M they would provide everyone with a decryptor.

The US government's pathetic response is to tell the intelligence agencies to investigate and to beg Putin to crack down on the ransomware gangs. Good luck with that! It isn't his problem, because the gangs write their software to avoid encrypting systems that have default languages from the former USSR.

I've writtten before (here, here, here) about the importance of disrupting the cryptocurrency payment channel that enables ransomware, but it looks like the ransomware crisis has to get a great deal worse before effective action is taken. Below the fold I lay out a modest proposal that could motivate actions that would greatly reduce the risk.

Tuesday, July 13, 2021

Intel Did A Boeing

Two years ago, Wolf Richter noted that Boeing's failure to invest in a successor airframe was a major cause of the 737 Max debacle:
From 2013 through Q1 2019, Boeing has blown a mind-boggling $43 billion on share buybacks
I added up the opportunity costs:
Suppose instead of buying back stock, Boeing had invested in its future. Even assuming an entirely new replacement for the 737 series was as expensive as the 787 (the first of a new airframe technology), they could have delivered the first 737 replacement ($32B), and be almost 70% through developing another entirely new airframe ($11B/$16B). But executive bonuses and stock options mattered more than the future of the company's cash cow product.
Below the fold I look at how Intel made the same mistake as Boeing, and early signs that they have figured out what went wrong.

Tuesday, July 6, 2021

Graphing China's Cryptocurrency Crackdown

Below the fold an update to last Thursday's China's Cryptocurrency Crackdown with more recent graphs.

Tuesday, June 29, 2021

Taleb On Cryptocurrency Economics

Nassim Nicholas Taleb has a draft paper entitled Bitcoin, Currencies and Bubbles that applies quantitative finance and economic arguments to cryptocurrencies. It is definitely worth reading. Spoiler, he's not an enthusiast! Below the fold, some commentary on it.

Thursday, June 24, 2021

China's Cryptocurrency Crackdown

BTC "price"
Cryptocurrency mining in Sichuan, especially in the rainy season, is hydro-powered, so miners thought they'd be spared the Chinese government's crackdown, for example in Qinghai, Xinjiang and Yunnan. But they were rapidly disabused of this idea, as Matt Novak reports in Bitcoin Plunges as China's Sichuan Province Pulls Plug on Crypto Mining:
BTC miners' revenue
Bitcoin continued its dramatic plunge to $32,281 Monday morning, down 17.65% from a week earlier as some of China’s largest bitcoin mining farms were shut down over the weekend. The bitcoin mining facilities of Sichuan Province received an order on Friday to stop doing business by Sunday, according to Chinese state media outlet the Global Times.

The Sichuan Provincial Development and Reform Commission and the Sichuan Energy Bureau issued an order to all electricity companies in the region on Friday to stop supplying electricity to any known crypto mining organizations, including 26 firms that had already been publicly identified,
BTC Hash Rate
As the "price" chart shows, the crackdown is having an impact. The result of this is that miners' revenue has taken a hit. The result of this is to squeeze uneconomic mining out of the mining pools, decreasing the hash rate. The result of that is that the network has to adapt, by reducing the difficulty of mining the next block in order to maintain the six blocks an hour target for the Bitcoin blockchain, averaged over time. Below the fold, more details and graphs.

Tuesday, June 22, 2021

DNA Data Storage: A Different Approach

Last month I continued my blogging about storing data in DNA with an update on the work of the University of Washington/Microsoft Molecular Information Systems Lab (MISL). They are not the only group working on this technology. John Timmer's A DNA-based storage system with files and metadata discusses Random access DNA memory using Boolean search in an archival file storage system by James L. Banal et al from MIT and the Broad Institute. Their abstract reads:
DNA is an ultrahigh-density storage medium that could meet exponentially growing worldwide demand for archival data storage if DNA synthesis costs declined sufficiently and if random access of files within exabyte-to-yottabyte-scale DNA data pools were feasible. Here, we demonstrate a path to overcome the second barrier by encapsulating data-encoding DNA file sequences within impervious silica capsules that are surface labelled with single-stranded DNA barcodes. Barcodes are chosen to represent file metadata, enabling selection of sets of files with Boolean logic directly, without use of amplification. We demonstrate random access of image files from a prototypical 2-kilobyte image database using fluorescence sorting with selection sensitivity of one in 106 files, which thereby enables one in 106N selection capability using N optical channels. Our strategy thereby offers a scalable concept for random access of archival files in large-scale molecular datasets.
Below the fold, some commentary on this significantly different approach to accessing DNA databases.

Thursday, June 17, 2021

Mining Is Money Transmission (Updated)

In How to Start Disrupting Cryptocurrencies: “Mining” Is Money Transmission, Nicholas Weaver makes an important point that seems to have been overlooked (my emphasis):
The mining process starts with a pile of unconfirmed digital checks, cryptographically signed by the accounts’ corresponding private keys (in public key cryptography, only the private key can generate a signature but anyone can verify the signature with the public key). Each miner takes all the checks and decides which ones they are going to consider. Miners first have to make sure that each check they consider is valid and that the sending account has sufficient funds. Miners then choose from the set of valid checks they want to include and collect them together in a “block.”
Below the fold, I look into the implications Weaver draws from this.

Tuesday, June 15, 2021

Mempool Flooding

In Unstoppable Code? I discussed Joe Kelly's suggestion for how governments might make it impossible to transact Bitcoin by mounting a 51% attack using seized mining rigs. That's not the only way to achieve the same result, so below the fold I discuss an alternative approach that could be used alone or in combination with Kelly's concept.

Sunday, June 13, 2021

Meta: Apology To Commentors

I thought that the blizzard of spam comments had miraculously stopped, but no. What appears to have happened is that Blogger stopped sending me mail for each comment. Although this greatly helped my peace of mind, it meant that actual relevant comments sat in the queue being ignored along with the spam. I've put a reminder in my calendar to check the queue every few days, and rescued some comments from purgatory.

Tuesday, June 8, 2021

Unreliability At Scale

Thomas Claiburn's FYI: Today's computer chips are so advanced, they are more 'mercurial' than precise – and here's the proof discusses two recent papers that are relevant to the extraordinary levels of reliability needed in long-term digital preservation at scale. Below the fold some commentary on both papers.

Tuesday, June 1, 2021

Unstoppable Code?

This is the website of DeFi100, a "decentralized finance" system running on the Binance Smart Chain, after the promoters pulled a $32M exit scam. Their message sums up the ethos of cryptocurrencies:
Governments around the world have started to wake up to the fact that this message isn't just for the "muppets", it is also the message of cryptocurrencies for governments and civil society. Below the fold I look into how governments might respond.

Thursday, May 27, 2021

Storage Update

It has been too long since I wrote about storage technologies, so below the fold I comment on a keynote and three papers of particular interest from Usenix's File and Storage Technologies conference last February, and a selection of other news.

Thursday, May 20, 2021

Elon Musk Disrupts Cryptocurrencies?

Recently there has been a regrettable failure of Bitcoin and most other cryptocurrencies to proceed in an orderly fashion moon-wards. I had great timing. As I started work on this post Tuesday Bitcoin was at $43,629, down 27% from its high of $59,592 on May 9th, already down 8% from its all-time high of $64,899 on April 14th. Yesterday, I woke to find it had bottomed out at $30,000, down 49.7% from the peak. It bounced back to $42,434 before sliding again to $38,914 and recovering to $41,899. On April 21st the average fee per transaction spiked to $63.78. There is no way this makes sense as a store of value or a medium of exchange, only as a vehicle for speculation.

As Jemima Kelley notes in Crypto bros take the fight back to Elon as prices tank the speculators aren't happy and they know who is to blame:
Up until recently utterly enamoured with the self-stylised technoking, the brodom has become incensed after Musk sent the price of bitcoin sliding by tweeting first that Tesla would no longer be accepting bitcoin (because of its environmental impact), and then sent it down further over the weekend after appearing to suggest that Tesla would dump its bitcoin holdings because of the way he was being treated by the bros. (He later clarified that Tesla had not, at this point, sold any bitcoin.) Of course, he also found time to boast about his superior knowledge of money due to his time at PayPal.
Below the fold, I try to dispassionately assign blame for this flaw in the natural order of things.

Thursday, May 13, 2021

It's The Inequality, Stupid!

How could it possibly make sense to "pay $69M" for a link to a link to a JPEG? Follow me below the fold as I try to answer this question.

Thursday, May 6, 2021

Venture Capital Isn't Working: Addendum

I didn't find Nicholas Colin's Bill Janeway on Who Should Be in Control in time, or it would have been a significant part of Venture Capital Isn't Working. So, below the fold, an addendum discussing legendary VC Bill Janeway's views, and an interesting paper that he cites, The Rise of Dual-Class Stock IPOs by Dhruv Aggarwal et al.

Thursday, April 29, 2021

Venture Capital Isn't Working

I was an early employee at three VC-funded startups from the 80s and 90s. All of them IPO-ed and two (Sun Microsystems and Nvidia) made it into the list of the top 100 US companies by market capitalization. So I'm in a good position to appreciate Jeffrey Funk's must-read The Crisis of Venture Capital: Fixing America’s Broken Start-Up System. Funk starts:
Despite all the attention and investment that Silicon Valley’s recent start-ups have received, they have done little but lose money: Uber, Lyft, WeWork, Pinterest, and Snapchat have consistently failed to turn profits, with Uber’s cumulative losses exceeding $25 billion. Perhaps even more notorious are bankrupt and discredited start-ups such as Theranos, Luckin Coffee, and Wirecard, which were plagued with management failures, technical problems, or even outright fraud that auditors failed to notice.

What’s going on? There is no immediately obvious reason why this generation of start-ups should be so financially disastrous. After all, Amazon incurred losses for many years, but eventually grew to become one of the most profitable companies in the world, even as Enron and WorldCom were mired in accounting scandals. So why can’t today’s start-ups also succeed? Are they exceptions, or part of a larger, more systemic problem?
Below the fold, some reflections on Funk's insightful analysis of the "larger, more systemic problem".

Thursday, April 22, 2021

Dogecoin Disrupts Bitcoin!

Two topics I've posted about recently, Elon Musk's cult and the illusory "prices" of cryptocurrencies, just intersected in spectacular fashion. On April 14 the Bitcoin "price" peaked at $63.4K. Early on April 15, the Musk cult saw this tweet from their prophet. Immediately, the Dogecoin "price" took off like a Falcon 9.

A day later, Jemima Kelley reported that If you believe, they put a Dogecoin on the moon. That was to say that:
Dogecoin — the crypto token that was started as a joke and that is the favourite of Elon Musk — is having a bit of a moment. And when we say a bit of a moment, we mean that it is on a lunar trajectory (in crypto talk: it is going to da moon).

At the time of writing this, it is up over 200 per cent in the past 24 hours — more than tripling in value (for those of you who need help on percentages, it is Friday afternoon after all). Over the past week it’s up more than 550 per cent (almost seven times higher!).
The headlines tell the story — Timothy B. Lee's Dogecoin has risen 400 percent in the last week because why not and Joanna Ossinger's Dogecoin Rips in Meme-Fueled Frenzy on Pot-Smoking Holiday.

The Dogecoin "price" graph Kelly posted was almost vertical. The same day, Peter Schiff, the notorious gold-bug, tweeted:
So far in 2021 #Bitcoin has lost 97% of its value verses #Dogecoin. The market has spoken. Dogecoin is eating Bitcoin. All the Bitcoin pumpers who claim Bitcoin is better than gold because its price has risen more than gold's must now concede that Dogecoin is better than Bitcoin.
Below the fold I look back at this revolution in crypto-land.

What Is The Point?

During a discussion of NFTs, Larry Masinter pointed me to his 2012 proposal The 'tdb' and 'duri' URI schemes, based on dated URIs. The proposal's abstract reads:
This document defines two URI schemes.  The first, 'duri' (standing
for "dated URI"), identifies a resource as of a particular time.
This allows explicit reference to the "time of retrieval", similar to
the way in which bibliographic references containing URIs are often

The second scheme, 'tdb' ( standing for "Thing Described By"),
provides a way of minting URIs for anything that can be described, by
the means of identifying a description as of a particular time.
These schemes were posited as "thought experiments", and therefore
this document is designated as Experimental.
As far as I can tell, this proposal went nowhere, but it raises a question that is also raised by NFTs. What is the point of a link that is unlikely to continue to resolve to the expected content? Below the fold I explore this question.

Thursday, April 15, 2021

NFTs and Web Archiving

One of the earliest observations of the behavior of the Web at scale was "link rot". There were a lot of 404s, broken links. Research showed that the half-life of Web pages was alarmingly short. Even in 1996 this problem was obvious enough for Brewster Kahle to found the Internet Archive to address it. From the Wikipedia entry for Link Rot:
A 2003 study found that on the Web, about one link out of every 200 broke each week,[1] suggesting a half-life of 138 weeks. This rate was largely confirmed by a 2016–2017 study of links in Yahoo! Directory (which had stopped updating in 2014 after 21 years of development) that found the half-life of the directory's links to be two years.[2]
One might have thought that academic journals were a relatively stable part of the Web, but research showed that their references decayed too, just somewhat less rapidly. A 2013 study found a half-life of 9.3 years. See my 2015 post The Evanescent Web.

I expect you have noticed the latest outbreak of blockchain-enabled insanity, Non-Fungible Tokens (NFTs). Someone "paying $69M for a JPEG" or $560K for a New York Times column attracted a lot of attention. Follow me below the fold for the connection between NFTs, "link rot" and Web archiving.

Tuesday, April 13, 2021

Cryptocurrency's Carbon Footprint

China’s bitcoin mines could derail carbon neutrality goals, study says and Bitcoin mining emissions in China will hit 130 million tonnes by 2024, the headlines say it all. Excusing this climate-destroying externality of Proof-of-Work blockchains requires a continuous flow of new misleading arguments. Below the fold I discuss one of the more recent novelties.

Tuesday, April 6, 2021

Elon Musk: Threat or Menace?

Although both Tesla and SpaceX are major engineering achievements, Elon Musk seems completely unable to understand the concept of externalities, unaccounted-for costs that society bears as a result of these achievements.

First, in Tesla: carbon offsetting, but in reverse, Jaime Powell reacted to Tesla taking $1.6B in carbon offsets which provided the only profit Tesla ever made and putting them into Bitcoin:
Looked at differently, a single Bitcoin purchase at a price of ~$50,000 has a carbon footprint of 270 tons, the equivalent of 60 ICE cars.

Tesla’s average selling price in the fourth quarter of 2020? $49,333.

We’re not sure about you, but FT Alphaville is struggling to square the circle of “buy a Tesla with a bitcoin and create the carbon output of 60 internal combustion engine cars” with its legendary environmental ambitions.

Unless, of course, that was never the point in the first place.
Below the fold, more externalities Musk is ignoring.

Thursday, March 25, 2021

Internet Archive Storage

The Internet Archive is a remarkable institution, which has become increasingly important during the pandemic. It has been for many years in the world's top 300 Web sites and is currently ranked #209, sustaining almost 60Gb/s outbound bandwidth from its collection of almost half a trillion archived Web pages and much other content. It does this on a budget of under $20M/yr, yet maintains 99.98% availability.

Jonah Edwards, who runs the Core Infrastructure team, gave a presentation on the Internet Archive's storage infrastructure to the Archive's staff. Below the fold, some details and commentary.

Tuesday, March 16, 2021

Correlated Failures

The invaluable statistics published by Backblaze show that, despite being built from technologies close to the physical limits (Heat-Assisted Magnetic Recording, 3D NAND Flash), modern digital storage media are extraordinarily reliable. However, I have long believed that the models that attempt to project the reliability of digital storage systems from the statistics of media reliability are wildly optimistic. They ignore foreseeable causes of data loss such as Coronal Mass Ejections and ransomware attacks, which cause correlated failures among the media in the system. No matter how many they are, if all replicas are destroyed or corrupted the data is irrecoverable.

Modelling these "black swan" events is clearly extremely difficult, but much less dramatic causes are in practice important too. It has been known at least since Talagala's 1999 Ph.D. thesis that media failures in storage systems are significantly correlated, and at least since Jiang et al's 2008 Are Disks the Dominant Contributor for Storage Failures? A Comprehensive Study of Storage Subsystem Failure Characteristics that only about half the failures in storage systems are traceable to media failures. The rest happen in the pipeline from the media to the CPU. Because this typically aggregates data from many media components, it naturally causes correlations.

As I wrote in 2015's Disk reliability, discussing Backblaze's experience of a 40% Annual Failure Rate (AFR) in over 1,100 Seagate 3TB drives:
Alas, there is a long history of high failure rates among particular batches of drives. An experience similar to Backblaze's at Facebook is related here, with an AFR over 60%. My first experience of this was nearly 30 years ago in the early days of Sun Microsystems. Manufacturing defects, software bugs, mishandling by distributors, vibration resonance, there are many causes for these correlated failures.
Despite plenty of anecdotes, there is little useful data on which to base models of correlated failures in storage systems. Below the fold I summarize and comment on an important paper by a team from the Chinese University of Hong Kong and Alibaba that helps remedy this.

Thursday, March 4, 2021

History Of Window Systems

Alan Kay's Should web browsers have stuck to being document viewers? makes important points about the architecture of the infrastructure for user interfaces, but also sparked comments and an email exchange that clarified the early history of window systems. This is something I've wrtten about previously, so below the fold I go into considerable detail.

Thursday, February 25, 2021

Principles For The Decentralized Web

A week ago yesterday the Internet Archive launched both a portal for the Decentralized Web (DWeb) at https://getdweb.net/, designed by a team led by Iryna Nezhynska of Jolocom, and a set of principles for the Decentralized Web, developed with much community input by a team led by Mai Ishikawa Sutton and John Ryan.

Nezhynska led a tour of the new website and the thinking behind its design, including its accessibility features. It looks very polished; how well it functions as a hub for the DWeb community only time will tell.

Brewster Kahle introduced the meeting by stressing that, as I have written many times, if the DWeb is successful it will be attacked by those who have profited massively from the centralized Web. The community needs to prepare for technical, financial and PR attacks.

Below the fold I look at how the principles might defend against some of these attacks.

Thursday, February 18, 2021

Blast Radius

Last December Simon Sharwood reported on an "Infrastructure Keynote" by Amazon's Peter DeSantis in AWS is fed up with tech that wasn’t built for clouds because it has a big 'blast radius' when things go awry:
Among the nuggets he revealed was that AWS has designed its own uninterruptible power supplies (UPS) and that there’s now one in each of its racks. AWS decided on that approach because the UPS systems it needed were so big they required a dedicated room to handle the sheer quantity of lead-acid batteries required to keep its kit alive. The need to maintain that facility created more risk and made for a larger “blast radius” - the extent of an incident's impact - in the event of failure or disaster.

AWS is all about small blast radii, DeSantis explained, and in the past the company therefore wrote its own UPS firmware for third-party products.

“Software you don’t own in your infrastructure is a risk,” DeSantis said, outlining a scenario in which notifying a vendor of a firmware problem in a device commences a process of attempting to replicate the issue, followed by developing a fix and then deployment.

“It can take a year to fix an issue,” he said. And that’s many months too slow for AWS given a bug can mean downtime for customers.
This is a remarkable argument for infrastructure based on open source software, but that isn't what this post is about. Below the fold is a meditation on the concept of "blast radius", the architectural dilemma it poses, and its relevance to recent outages and compromises.

Thursday, February 11, 2021

More On Archiving Twitter

Himarsha Jayanetti from Michael Nelson's group at Old Dominion follows up on the work I discussed in Michael Nelson's Group On Archiving Twitter with Twitter rewrites your URLs, but assumes you’ll never rewrite theirs: more problems replaying archived Twitter:
URLs shared on Twitter are automatically shortened to t.co links. Twitter does this to track its engagements and also protect its users from sites with malicious content. Twitter replaces these t.co URLs with HTML that suggests the original URL so that the end-user does not see the t.co URLs while browsing. When these t.co URLs are replayed through web archives, they are rewritten to an archived URL (URI-M) and should be rendered in the web archives as in the live web, without displaying these t.co URI-Ms to the end-user.
But, as the screen-grab from the Wayback Machine shows, they may not be. Below the fold, a look at Jayanetti's explanation.

Friday, February 5, 2021

Talk At Berkeley's Information Access Seminar

Once again Cliff Lynch invited me to give a talk to the Information Access Seminar at UC Berkeley's iSchool. Preparation time was limited because these days I'm a full-time grandparent so the talk, entitled Securing The Digital Supply Chain summarizes and updates two long posts from two years ago:
The abstract was:
The Internet is suffering an epidemic of supply chain attacks, in which a trusted supplier of content is compromised and delivers malware to some or all of their clients. The recent SolarWinds compromise is just one glaring example. This talk reviews efforts to defend digital supply chains.
Below the fold, the text of the talk with links to the sources.

Thursday, February 4, 2021

Chromebook Linux Update

My three Acer C720 Chromebooks running Linux are still giving yeoman service, although for obvious reasons I'm not travelling these days. But it is time for an update to 2017's Travels with a Chromebook. Below the fold, an account of some adventures in sysadmin.

Thursday, January 28, 2021

Effort Balancing And Rate Limits

Catalin Cimpanu reports on yet another crime wave using Bitcoin in As Bitcoin price surges, DDoS extortion gangs return in force:
In a security alert sent to its customers and shared with ZDNet this week, Radware said that during the last week of 2020 and the first week of 2021, its customers received a new wave of DDoS extortion emails.

Extortionists threatened companies with crippling DDoS attacks unless they got paid between 5 and 10 bitcoins ($150,000 to $300,000)
The security firm believes that the rise in the Bitcoin-to-USD price has led to some groups returning to or re-prioritizing DDoS extortion schemes.
And Dan Goodin reports on the latest technique the DDOS-ers are using in DDoSers are abusing Microsoft RDP to make attacks more powerful:
As is typical with many authenticated systems, RDP responds to login requests with a much longer sequence of bits that establish a connection between the two parties. So-called booter/stresser services, which for a fee will bombard Internet addresses with enough data to take them offline, have recently embraced RDP as a means to amplify their attacks, security firm Netscout said.

The amplification allows attackers with only modest resources to strengthen the size of the data they direct at targets. The technique works by bouncing a relatively small amount of data at the amplifying service, which in turn reflects a much larger amount of data at the final target. With an amplification factor of 85.9 to 1, 10 gigabytes-per-second of requests directed at an RDP server will deliver roughly 860Gbps to the target.
I don't know why it took me so long to figure it out, but reading Goodin's post I suddenly realized that techniques we described in Impeding attrition attacks in p2p systems, a 2004 follow-up to our award-winning 2003 SOSP paper on the architecture of the LOCKSS system, can be applied to preventing systems from being abused by DDOS-ers. Below the fold, brief details.

Tuesday, January 26, 2021

ISP Monopolies

For at least the last three years (It Isn't About The Technology) I've been blogging about the malign effects of the way the FAANGs dominate the Web and the need for anti-trust action to mitigate them. Finally, with the recent lawsuits against Facebook and Google, some action may be in prospect. I'm planning a post on this topic. But when it comes to malign effects of monopoly I've been ignoring the other monopolists of the Internet, the telcos.

An insightful recent post by John Gilmore to Dave Farber's IP list sparked a response from Thomas Leavitt and some interesting follow-up e-mail. Gilmore was involved in pioneering consumer ISPs, and Leavitt in pioneering Web hosting. Both attribute the current sorry state of Internet connectivity in the US to the lack of effective competition. They and I differ somewhat on how the problem could be fixed. Below the fold I go into the details.

Thursday, January 14, 2021

The Bitcoin "Price"

Jemima Kelly writes No, bitcoin is not “the ninth-most-valuable asset in the world” and its a must-read. Below the fold, some commentary.

Thursday, January 7, 2021

Two Million Page Views!

Woohoo! This blog just passed two million all-time page views since April 21st 2007.

Tuesday, January 5, 2021

The New Oldweb.today

Two days before Christmas Ilya Kreymer posted Announcing the New OldWeb.today. The old oldweb.today was released five years ago, and Ilya described the details in a guest post here. It was an important step forward in replaying preserved Web content because users could view the old Web content as it would have been rendered at the time it was published, not as rendered in a modern browser. I showed an example of the difference this made in The Internet is for Cats.

Below the fold, I look at why the new oldweb.today is an improvement on the old version, which is still available at classic.oldweb.today