Software Supply Chain Attack

Joel Wallenberg interviewed me on 14^th February for his article in the 28^th February edition of Grant's Interest Rate Observer entitled Memo to the bitcoiners. Alas, it is paywalled, but among the many quotes from me Wallenberg used was that blockchain-based systems "are very vulnerable to supply-chain attacks".

Exactly a week after the interview and a week before the article went to press, we got an example, the biggest cryptocurrency heist in history. Below the fold I discuss the details.

Bitcoin's Fee Spikes

I've written several times, for example in Fixed Supply, Variable Demand, about the mechanism that causes the cost of transacting on a blockchain like Bitcoin's to suffer massive spikes at intervals. When no-one wants to transact, fees are low. When everyone does, they are high. Below the fold I look in detail at a typical Bitcoin fee spike.

Archival Storage

I gave a talk at the Berkeley I-school's Information Access Seminar entitled Archival Storage. Below the fold is the text of the talk with links to the sources and the slides (with yellow background).

The Oligopoly Publishers

Source

Rupak Ghose's The $100 billion Bloomberg for academics and lawyers? is essential reading for anyone interested in academic publishing. He starts by charting the stock price of RELX, Thomson Reuters, and Wolters Kluwer, pointing out that in the past decade they have increased about ten-fold. He compares these publishers to Bloomberg, the financial news service. They are less profitable, but that's because their customers are less profitable. Follow me below the fold for more on this.

Software Liability: US vs. EU

I have written before about the double-edged sword of software vendors' ability to disclaim liability for the performance of their products. Six years ago I wrote The Internet of Torts about software embedded in the physical objects of the Internet of Things. Four years ago I wrote about Liability In The Software Supply Chain.

Source

Last October, Tom Uren wrote The EU Throws a Hand Grenade on Software Liability:

The EU and U.S. are taking very different approaches to the introduction of liability for software products. While the U.S. kicks the can down the road, the EU is rolling a hand grenade down it to see what happens.

It is past time to catch up on this issue, so follow me below the fold.

On Not Being Immutable

Economist 2/1/25

Regulation of cryptocurrencies was an issue in last November's US election. Molly White documented the immense sums the industry devoted to electing a crypto-friendly Congress, and converting Trump's skepticism into enthusiasm. They had two goals, pumping the price and avoiding any regulation that would hamper them ripping off the suckers.

Back in November of 2022 I added an entry to this blog's list of Impossibilities for The Compliance-Innovation Trade-off from the team at ChainArgos. It started:

tl;dr: DeFi cannot be permissionless, allow arbitrary innovation and comply with any meaningful regulations. You can only choose two of those properties. If you accept a limited form of innovation you can have two-and-a-half of them.

Fundamental results in logic and computer science impose a trade-off on any permissionless system’s ability to both permit innovation and achieve compliance with non-trivial regulations. This result depends only on long-settled concepts and the assumption a financial system must provide a logically consistent view of payments and balances to users.

This is a semi-technical treatment, with more formal work proceeding elsewhere.

Two years later, the "more formal work" has finally been published in a peer-reviewed Nature Publishing journal, Scientific Reports, which claims to be the 5^th most cited journal in the world. Jonathan Reiter tells me that, although the publishing process took two years, it did make the result better.

Below the fold I discuss Tradeoffs in automated financial regulation of decentralized finance due to limits on mutable turing machines by Ben Charoenwong, Robert M. Kirby & Jonathan Reiter.

Paul Evan Peters Award

Year	Awardee
2024	Tony Hey
2022	Paul Courant
2020	Francine Berman
2017	Herbert Van de Sompel
2014	Donald A.B. Lindberg
2011	Christine L. Borgman
2008	Daniel E. Atkins
2006	Paul Ginsparg
2004	Brewster Kahle
2002	Vinton Gray Cerf
2000	Tim Berners-Lee

It has just been announced that at the Spring 2025 Membership Meeting of the Coalition for Networked Information in Milwaukee, WI April 7^th and 8^th, Vicky and I are to receive the Paul Evan Peters Award. The press release announcing the award is here.

Vicky and I are honored and astonished by this award. Honored because it is the premiere award in the field, and astonished because we left the field more than seven years ago to take up our new full-time career as grandparents. We are all the more astonished because we are not even eligible for the award; the rules clearly state that the "award will be granted to an individual".

You can tell this is an extraordinary honor from the list of previous awardees, and the fact that it is the first time it has been awarded in successive years. Vicky and I are extremely grateful to the Association of Research Libraries, CNI and EDUCAUSE, who sponsor the award.

Original Logo

Part of the award is the opportunity to make an extended presentation to open the meeting. The text of our talk, entitled Lessons From LOCKSS, with links to the sources and information that appeared on slides but was not spoken, should appear here on April 7^th.

The work that the award recognizes was not ours alone, but the result of a decades-long effort by the entire LOCKSS team. It was made possible by support from the LOCKSS community and many others, including Michael Lesk then at NSF, Donald Waters then at the Mellon Foundation, the late Karen Hunter at Elsevier, Stanford's Michael Keller and CNI's Cliff Lynch.