
IOTA: A tangled mess - wglb
http://codesuppository.blogspot.com/2017/12/iota-tangled-mess.html?m=1
======
tasubotadas
>The IOTA source code is written in JAVA instead of C++ like most professional
cryptocurrencies are. That did not instill me with confidence.

This made me lose any confidence in a person's capabilities in evaluating the
coin. If anything, Java is way more (or any language with modern memory
management) robust choice than C++ where security is concerned.

In any case, I am highly skeptical of the IOTA as well.

~~~
planetjones
Me too. He may well have valid points but, as someone who has written mission
critical software systems in Java, this destroys the credibility of the
article for me.

~~~
acoye
He may be biased, but you may be too. Are you a Java developer (or android)?

That said, I know some great software can be produced in Java, ElasticSearch
been one on top of my mind.

If Security is the goal, nor CPP nor Java is great. Proven Haskell or Rust
might be more of a valid option.

~~~
catwell
AFAIK Cardano (ADA), which is booming (passed IOTA and became the 6th largest
coin this week), is implemented in Haskell.

~~~
mhluongo
A coin "booking" doesn't imply technical strength- that's the problem here.

~~~
mhluongo
*booming

------
nadam
IOTA is the only big cryptocurrency that seems extremely fishy to me. The
trick is that even a fairly technical person (like me) cannot easily refute it
based on the whitepaper, because the whitepaper is intentionally
indecipherable, and does not have enough information to evaluate the project
anyway. The average person sees such a whitepaper, and is amazed by the
complicated scientific formulas. A good engineer/scientist on the other hand
gets uneasy about it I think. I don't understand how a huge network of full
nodes, nodes which are small indusrtrial devices can scalably reach consensus
in a fast way. Even storing the full state is impossible, not to speak about
history. It is independnet on whether we use the DAG or blockchain. That is
why scalability plans on other networks go into the direction of sharding, or
have a smaller number of powerful nodes, or use layer 2, etc...

Crypto communities fight each other (BTC vs. BCASH, DASH vs. Monero, Ethereum
vs. EOS) but these are all serious projects. The whole community should speak
up about IOTA instead.

~~~
logicallee
>the whitepaper is intentionally indecipherable

I decided to see whether this statement is justified.

    
    
      Before starting
      ---------------
    

I am about to read the whitepaper now, but before I do, I want to set up some
standards for how I will judge that it is "intentionally indecipherable".
First, I want to think of examples of intentionally indecipherable language.

I have these examples in mind:

1\. We have many examples from marketing. If marketing just doesn't want to
answer a question but does want to write a response to something.

2\. There are examples of nonsense. I have in mind this one:
[https://en.wikipedia.org/wiki/Turboencabulator](https://en.wikipedia.org/wiki/Turboencabulator)
This reads:

>The original machine had a base plate of prefabulated aluminite, surmounted
by a malleable logarithmic casing in such a way that the two main spurving
bearings were in a direct line with the pentametric fan. The latter consisted
simply of six hydrocoptic marzlevanes, so fitted to the ambifacient lunar
waneshaft that side fumbling was effectively prevented

This is intentionally indecipherable, yet seems quite serious. It's a good
example to bear before us.

3\. There are times that important technical facts are deeply obfuscated.
While I don't have a specific example, I think if you think of white papers on
deeply unpopular features, you will get a sense of what I mean.

4\. Because you add the word "intentionally" we don't need to include crank
science in this judgment. That relieves us of a HUGE burden, as we will be
evaluating a white paper possibly outside of our experience, and it is very
difficult to tell the difference between crank and real science, totally
outside of our domain.

Okay, so the above are the standards I have in mind. How will I evaluate
whether the white paper is "intentionally indecipherable"?

    
    
      "Intentionally indecipherable" criteria, selected before reading paper
      ----------------------------------------------------------------------
    

1\. Does it use words that simply do not exist? For example, having zero
Google results, and not being decipherable from their stems and construction
of the word. Does the author offer definitions in these cases?

2\. Does the author appear helpful at any point? For example, are there
simplifications, or "other ways" to think about something offered? Do tricky
points appear to receive careful attention?

3\. Are there any clear jokes? Intentionally indecipherable writing does not
contain clear jokes, because the author is "on edge", using all of their
mental capacity to keep from accidentally communicating anything.

4\. (a big one): Are multiple synonyms used for no reason? The intention of
the indecipherable author is to keep from passing on any knowledge. If the
author can use 4-5 syonnyms, that greatly reduces the chance that the reader
accidentally looks up the word in question. On the other hand, landmark papers
use the same terminology consistently, rather than reaching for synonyms: the
author wants to convey something about concepts, and goes to great lengths to
talk about it. Papers that are decipherable have high repetition of key words.
Papers that are indecipherable have very low repetition (to keep from
communicating.)

5\. Are there vague references which are avoided being mentioned directly?
This is common in marketing spin, but also in case of wanting to keep from
communicating something. If something is included by reference without taking
a parenthetical two words to explain what will be included there, this is
another good indication of intentional indecipherability.

Okay, now I've set up the standards. Let me dive in and read the white paper!

    
    
      Reading the paper
      -----------------
    

I am using this link:

[https://iota.readme.io/v1.2.0/docs/whitepaper](https://iota.readme.io/v1.2.0/docs/whitepaper)

Oh, I forgot to add but clicking that link reminded me: if it seems that
sentences are made more tricky by editing after the fact, i.e. if they are not
a natural way to form a sentence but seem specially edited for greater
complexity, that seems a good indication. (This will be criteria 6.)

The whitepaper is linked with the words:

> The IOTA Whitepaper which describes the main technology behind IOTA - the
> Tangle - is available to read online. It goes into greater detail about the
> structure as well as the security of the Tangle.

This seems extremely focused on imparting real information. It is written in
an extremely accessible, simplified style (failing indecipherability criteria
1 & 2). It does not seem unnecessarily complicated (failing indecipherability
criterion 6). It actively mentions something rather than alluding to it, by
mentioning "the Tangle" within dashes -- failing indecipherability criterion
5. It seems to fail criterion 4 as "the Tangle" is already mentioned twice.
This sentence is written in an extremely simplified style, containing no
jargon at all. It does not seem to contain any joke or lightheartedness,
though it is only two sentences.

On to the paper! I clicked
"[http://iotatoken.com/IOTA_Whitepaper.pdf"](http://iotatoken.com/IOTA_Whitepaper.pdf")
to read the paper.

I did not need to read more than 2 pages to arrive at a judgment. My judgment
based on the criteria selected beforehand, is that it is absolutely clear that
the whitepaper is not intentionally indecipherable.

The author goes to _extreme_ lengths to impart knowledge. The entirety of the
Introduction goes to very carefully convey real knowledge. The author repeats
himself again and again:

>The genesis transaction sent these tokens to several other “founder”
addresses. Let us stress that all of the tokens were created in the genesis
transaction. No tokens will be created in the future, and there will be no
mining in the sense that miners receive monetary rewards “out of thin air”.

There is a measure of humor, such as the naming of the word "an iota". But the
discussion is extremely serious, the author is extremely earnest. Not only
does the author not use any made-up words, but goes to extreme lengths to
enable the reader to read them.

See footnote 26, for example:

>This is a consequence of the so-called Large Deviation Principle. See the
general book [13], and Proposition 5.2 in Section 8.5 of [14] for a simple and
instructive derivation of the upper bound, and Section 1.9 of [5] for the (not
so simple) derivation of the lower bound.

It is heart-breaking that the author goes to such incredible lengths to
attempt to convey knowledge, they are doing everything physically possible,
only to have someone who does not understand them fail to apply the principle
of charity and claim that it was "intentionally indecipherable."

    
    
      Concusions
      ----------
    

My conclusions, with the above methodology.

1\. We set out to judge whether your statement was justified when you stated
the paper is "intentionnally indecipherable." It is absolutely not a justified
claim. We thought carefully about judgment criteria before we ever opened the
paper. The paper failed every crtiterion for "intentional indecipherability"
that we could think of.

2\. More to the point, I feel you should have started by applying the
principle of charity. Rather than saying "I could not follow the paper" or "I
found logical inconsistencies", you made the claim that it is intentionally
indecipherable. This goes too far. It's, in fact, heartbreaking, when it is
clear that the author put so much time and effort into making the presented
work accessible. This included finding footnotes to instructional concepts
that the author felt there was any chance would not be understood.

We can go farther. This claim that a lovingly crafted paper that was read,
reread, and reread, with an acknowledgment section reading:

>The author thanks Bartosz Kusmierz, Cyril Gr¨unspan and Toru Kazama who
pointed out several errors in earlier drafts, and James Brogan for his
contributions towards making this paper more readable.

would be "intentionally indecipherable" shuts down science and progress.

On a personal level, it makes me question whether I would ever publish
anything under my own name and for a wide audience, when no matter how much
effort is put into it, even the best communities on the planet will have
someone come forward and say that my careful work is "intentionally
indecipherable."

So we have completely rejected your statement. It fails every criteria that I
carefully set up to evaluate it. You should not make such statements in the
future, about anything.

(Please note that when I started this comment, I was prepared to write the
opposite opinion, and agree with you.)

-

[EDIT]

\- I lightly added the above

\- In addition, just to be clear I have absolutely no relationship with the
project or white paper. I haven't evaluated it besides deciding whether it is
intentionally indecipherable.

~~~
le_zonzon
> I only read 2 pages.

So you are evaluating the quality of a 28 pages paper by reading only the
introduction ?

Are you intentionally retarded ?

~~~
logicallee
I didn't evaluate the quality of the paper. I only evaluated whether it's
intentionally indecipherable.

I did glance through some more of the paper, though I did not read it
carefully.

I didn't find anything that tripped any of my criteria, mentioned beforehand,
for whether it's an intentionally indecipherable paper: did you see anything
like that?

Please note that this is not an endorsement of the paper.

------
akerro
IOTA wallet is full of really bad bugs, just look how bad it is on first
pages, the more pages you skip, the worse it is. It still doesn't work on
Linux, for many users wallet crashes or shows green screen and nothing more.
Doesn't work through Wine either.
[https://github.com/iotaledger/wallet/issues](https://github.com/iotaledger/wallet/issues)

Issues on github have no responses from developers since early November and
there were no commits since than, what's surprising, there were a lot of blog
posts on their domain and many subreddits how great they are (!!??)

BitFinex two week ago had problems paying out IOTAs, payouts were cancelled
without any reason. Didn't try again since that time.

A lot of domains explaining how to buy IOTA look dodgy, like they were made by
14yo in '90s. There are dozens of domains like supportiota, forumiota,
iotasupport.com, howtobuyiota.co.uk ? Why do they all exist and duplicate
content?

Watch out out there.

~~~
jayjay13
As far as I know there are no bugs in the wallet it's just not completly self
explaining. tbh from my view there are just the wrong people in the whole
space... 95% of the people are here to get rich quick and not for the
developement and it's excatly these people who have problems with Key reuses
and so on.. the people have to do their research in such a young space..

~~~
akerro
>95% of the people are here to get rich quick and not for the developement

You're saying that application and developers came completely unprepared for
the market?

~~~
jackstraw14
No, the market was unprepared for an application that is still in alpha.

~~~
ultraluminous
Still in alpha but accepts real-money deposits in the tens of thousands. I
think the market was unprepared for anyone being that brazen.

~~~
jackstraw14
Who is accepting deposits, and why tens of thousands? Real money is deposited
into exchange accounts to buy crypto assets. No one is making fiat deposits
into an IOTA organization.

You should examine your reality if you think developers of alpha software have
any obligation to provide non-technical folks with a way to use it. It's open
source, nothing is stopping you from building your own wallet if you want
something better. But they don't owe you anything on the basis of the protocol
simply existing. Ask yourself, why do you expect that?

------
cromwellian
Why do people persist in the idea that a deliberately deflationary _currency_
is a good idea. It might be a good investment, but as a currency, it doesn't
promote commerce and trade, it just promotes hoarding.

Much of crypto-currency holders today either seem to be people seeking to get
in at the top of the ponzi pyramid and sell before collapse, or people who
need to avoid some legal issue, be it capital controls, drug laws, etc. Many
people are using it as an investment vehicle mainly, and rarely as a exchange
of value mechanism for payments, except where they actually need to. But would
pay Uber with BTC, or buy a coffee? Why? if you simply way a few days, you'll
make a lot more money not spending it.

A deflationary currency to replace fiat currency or centralized banking and
credit seems like a contradiction. I mean, if my cash is growing at 10%-1000%,
but my Visa fee is 3%, and my inflated USD is 2% inflation, I'm gonna go with
the fiat currency or Visa fee.

~~~
afpx
The deflationary aspect is the number one reason I’ve never bought into a
crypto currency. I have serious ethical and moral issues that prevent me.

In addition to hoarding, deflationary currencies (like gold) cause people to
spend lots of money and effort trying to get other people to buy into them
too. For me, it’s a very sad thing to watch unfold. It’s like when the ‘buy
gold’ commercials started appearing on Fox News, and I saw my grandparents
buying gold.

If someone has to spend lots of time and money advertising how useful
something is, it’s probably more useful to them than me.

~~~
dnautics
I don't understand why that's an ethical dilemma. Do you not have a problem
with disproportionately increasing the cost of living for the poor[0] or
forcing the mddle class to subsidize big corporations [1] or creating an
economy where corporate survival is tied to consumption, leading to
innovations in "disposable product strategies"?

[0] let's say you're spending 90% of your income on cost of living and there's
10% inflation. That's way worse than in you're spending 20% of your income on
necessaries and there's 10% inflation.

[1] in order to preserve wealth in an inflationary regime, the middle class is
encouraged to put money into the stock market, which basically becomes a
mechanism to socialize the costs of corporate r&d while the Lions share of the
gains go elsewhere (the scraps are thrown back at the middle class, enough to
keep them from seeing the inherent problem with the system)

~~~
ultraluminous
What you did is point out a few real problems in our current economic reality
of which _inflation_ is one part. In no way does this say anything about how
_deflation_ solves any of them, or even leads to worse scenarios.. Think about
the issues you mentioned - wage stagnation, unsustainable expectation of
growth in corporate profits, systemic inequality etc. - Now ask yourself "how
will removing monetary inflation and replacing it with monetary deflation
affect these systemic issues, in which direction will it drive them, how and
why?" If you still come out on the pro-deflation side, I'd be happy to hear
your perspective.

~~~
dnautics
real wage stagnation is a social policy, not an emergent phenomenon.
Politicians are concerned about unemployment numbers, and there is this
bogeyman that "sticky wages" of lower classes gets in the way. The prescribed
way around this is to decrease the real value of money and incrementally
dislodge the liability of employing lower classes.

Systemic inequality is generated, by deliberate inflationary policy[0], it is
not a "universal constant of the universe".

[https://krugman.blogs.nytimes.com/2010/02/13/the-case-for-
hi...](https://krugman.blogs.nytimes.com/2010/02/13/the-case-for-higher-
inflation/)

"Even in the long run, it’s really, really hard to cut nominal wages. Yet when
you have very low inflation, getting relative wages right would require that a
significant number of workers take wage cuts. So having a somewhat higher
inflation rate would lead to lower unemployment, not just temporarily, but on
a sustained basis."

[0] I do, for what it's worth, think that liberal economists aren't acting in
bad faith, they're just _clueless_ , mostly because if you're a liberal
economist (or almost any economist, really) you've probably never been poor.

------
DyslexicAtheist
I've been tracking the IOTA controversy in the LinkedIn 'IoT Security' group
in this thread[¹]. The centralized nature of the technology is a worry
especially because they position themselves as a decentralized solution for
IoT.

Many other currencies suffer from implementation problems (buggy wallets, etc)
but at least in BTC the used cryptography is well tested. In IOTA's case they
managed to both reinvented the crypto (e.g. "Curl" / "Kerl" hashes) in a
broken way AND made some very dangerous assumptions in the meaning of
"decentralization".

[¹]
[https://www.linkedin.com/groups/4807429/4807429-634451121504...](https://www.linkedin.com/groups/4807429/4807429-6344511215041015812)

------
runeks
As I understand it, the problem with IOTA is that — in order to execute an
attack — attackers just need to verify more transactions than all honest
participants combined.

So, in other words, honest participants have no incentive to verify more
transactions than required (because they don’t profit from it) while attackers
have an incentive to verify more transactions, in order to successfully double
spend.

~~~
sandGorgon
And to deal with this problem, they have "trusted supernodes", with a promise
to turn them off when the network is self sustaining.

It introduces a high degree of centralisation - and we don't know the how
network shapes up as a consequence.

And the second problem is obviously the unaudited,"quantum resistant"
function.

~~~
kbwt
> And the second problem is obviously the unaudited,"quantum resistant"
> function.

Don't forget the ternary SHA-3.

------
rootsudo
I went to the IOTA meetup in Chicago, which was hosted and presented by the
IOTA team.

Never before did I see an entire audience be wowed by a women engineer.

They ignored the whole Microsoft partnership idea; anyone that asked just was
given the answer "it'd be explained in a future PR release."

The drama was IOTA lied about microsoft partnership and deemed hosting on
azure == partnership with microsoft. In talks with different microsoft teams
== sending support tickets on azure for different services.

~~~
djm_
>Never before did I see an entire audience be wowed by a women engineer.

What do you mean?

~~~
rootsudo
Whenever she talked, the crowd went "wow!" sort of like the laugh track on a
90's sitcom.

The crowd was 99.9% men. I'm a man too, and I will admit she is attractive.
But what she demonstrated was nothing new, about the Tangle network which was
discussed in the whitepaper, on youtube, bitcointalk, 4chan /biz/ and reddit.

Seeing IOT devices communicate by sending and receiving packets is nothing new
or that exciting.

It was the same as if someone was showing you a bitcoin transaction.
Literally, some tech babble, look at the pretty picture (girl in this example)
and go wow.

When someone took a picture of her,a public figure of the IOTA team, other men
with dates decided to white knight and tell the guy off "Don't take her
picture." It almost escalated when one white knight went for his phone. Guy in
question was taking pictures of presenters all night long yet no one
complained.

I'm not an expert in any of these matters, but just witnessing the crowd
reaction was really depressing as it goes to show Cryptocurrency is now
mainstream (Good), alot of gender bias still exists (bad) and people do judge
intelligence/authority on gender and age (double bad.)

Still the IOTA team is blah for lying about the MSFT partnership and the
audience that night in which I was able to witness was double blah.

------
syllogism
Maybe the best strategy for designing a cryptocurrency today is actually to
make it really stupid? It's kind of like the scam logic, where you only want
to get good marks in the door from the start.

If your cryptocurrency is really stupid, then only the true believers buy in,
and then they all hodl. You don't want anyone too influential, and you
definitely don't want people to say "okay I was tricked, I fodl".

------
AJRF
The new UCL wallet is even worse. It’s supposed to be launched within the next
few weeks. It made me lose $2000 worth of iota because of a loop in the code
that resent transactions if you put the app in a background state. You know, a
violation of the one canonical rule of using iota, I.e reusing an address.

The iota foundation is a nefarious and bad intentioned bunch of crooks.

~~~
degif
One of the developers for the UCL wallet here. Can you elaborate more on how
did you lose money using a wallet that is not released publicly yet and is
available only for a closed group of alpha testers who all have been
instructed not to use the wallet with their accounts holding significant
amount of iotas?

------
andr
It's pretty understandable that fanboys are badgering skeptics on social
networks. If I had a few hundred thousand pop out of the blue from a
cryptocurrency fad, maybe I would be doing it as well. And that's a big
problem, because mainstream journalists are guilty of that as well.

MIT Technology Review, to pick one example, wrote an article about IOTA,
mentioning their partnerships with mainstream companies, even though IOTA
refuted the partnership notion the same day. Clearly, the author didn't reach
out to any of those companies for confirmation.

I can't help but think that many of those articles are written by people,
influenced by their own cryptocurrency assets. In fact, this conflict of
interest for journalists could be one of the key driving forces of the bubble.

------
wyldfire
Bruce Schneier had this to say about IOTA:

> In 2017, leaving your crypto algorithm vulnerable to differential
> cryptanalysis is a rookie mistake. It says that no one of any calibre
> analyzed their system, and that the odds that their fix makes the system
> secure is low

~~~
Ballie
How is it vulnerable to differential analysis?

~~~
nhooyr
Google "MIT finds vulnerability in IOTA".

------
knocte
While I agree with the majority of the criticisms of this post (I also posted
a criticism here[1]), one has to recognise that it's perfectly possible that a
cryptocurrency requires no-address-reuse. This may not be a bug but a
limitation which is a consequence of its design. I know other cryptocurrency
that suffers this problem: Mimblewimble. But I sincerely hope the wallet
developers of mimblewimble are smarter enough to never expose addresses, in
order to prevent the user to make this mistake (yes, it can be done requiring
QR-code-pairing everytime you want to both send and receive funds).

To finish, let me state that I'm not defending IOTA, which I still think is a
joke. Maybe I'm wrong but I cannot tell if I'm wrong or not until they shut
down the coordinators (the very thing that makes IOTA centralised).

[1]
[https://news.ycombinator.com/item?id=15860046](https://news.ycombinator.com/item?id=15860046)

~~~
tromp
Mimblewimble doesn't have addresses [1]

[1]
[https://github.com/ignopeverell/grin/blob/master/doc/grin4bi...](https://github.com/ignopeverell/grin/blob/master/doc/grin4bitcoiners.md)

~~~
knocte
Well, see? mimblewimble developers hid this characteristic in a "no addresses"
fashion, because they are smarter than IOTA devs. When they say "transactions
have to be built interactively, with 2 (or more) wallets exchanging data with
one another" this is what I meant when I mentioned QR codes for every amount
reception/sending.

------
ricardobeat
> as if this was a JavaScript some 12 year old was writing for his homebrew
> website.

Who can tell the difference?

> Look, let's be very clear. IOTA is a live cryptocurrency with a market cap
> in the billions of dollars. Real people have large amounts of value tied up
> on that network. It is hosted on several exchanges.

This is a naive misconception, and one of the most dangerous aspects of
cryptocurrencies right now - these are NOT FINANCIAL ENTITIES, there are no
bank guarantees or fiduciary rules, no technical standards or oversight, no
clear liability (especially when authors/network owners may just be virtual
characters). There is 100% risk involved and nobody to blame but yourself.

~~~
TFortunato
I'm missing what the misconception is in this quote? I don't see him saying
they are regulated / guarenteed or anything like that, only that people have
poured a stupid amount of money into this thing.

~~~
ricardobeat
He implies that being “live” with “real money” and a billion dollar market cap
means something. It doesn’t. He says:

“You do not release financial software to the general public in such a buggy
state. You do not blame the victims for your software failing to function.”

When in fact, you do _whatever the hell you want_. This is not “financial
software” in the original sense. The fact that people put significant amounts
of cash in these altcoins is astounding. You only have [some] guarantees where
the system itself enforces them, like BitCoin, and even then no one entity is
liable for your losses because of de-centralization.

I own bits of four cryptocurrencies, and take the risk of 100% loss as a real
possibility.

~~~
nebulous1
There's still no misconception, and you can't redefine "financial software" on
the fly. He didn't state anything about there being a regulation against it,
he's just implying an ethical "can't release in a buggy state".

I'm not sure why you're arguing with him though, you seem to be in agreement!

------
dangero
I also recently wrote an article about IOTA and got a crowd of negative flak.

[https://medium.com/@thedrbits/why-i-also-find-iota-deeply-
al...](https://medium.com/@thedrbits/why-i-also-find-iota-deeply-
alarming-99d4f2da3282)

~~~
wslh
There is an army of trolls connected to IOTA. You can find them very easily
because they cannot defend their position. Here in HN there are plenty also.

------
matthewbauer
The post mentions the psychology today article but I’d like to say it’s
actually a pretty okay article:

[https://www.psychologytoday.com/blog/mind-in-the-
machine/201...](https://www.psychologytoday.com/blog/mind-in-the-
machine/201712/how-fear-is-being-used-manipulate-cryptocurrency-markets)

(Author should disclose if he owns IOTA however)

~~~
jeffwass
That's an interesting article into the psychology and mind-tactics of crypto
fans.

Not sure why you've been downvoted but the article is worth a look.

~~~
jackstraw14
I think this is so much more interesting than all the yelling about these
currencies that are not even being used like currencies. Why do people feel so
personally and emotionally invested?

I mean here in this thread l’m running around trying to correct toxic
misinformation, but what’s making me doing that? And what’s making the guy who
brought up Cardano casually mention the rankings on coinmarketcap as if that
means anything except to instill FOMO. I hope we see more articles on the
psychology and sociology behind fear cycles in crypto.

------
chris_wot
From the white paper:

“As a transaction receives additional approvals, it is accepted by the system
with a higher level of confidence. In other words, it will be difficult to
make the system accept a double-spending transaction. It is important to
observe that we do not impose any rules for choosing which transactions a node
will approve. Instead, we argue that if a large number of nodes follow some
“reference” rule, then for any fixed node it is better to stick to a rule of
the same kind4. This seems to be a reasonable assumption, especially in the
context of IoT, where nodes are specialized chips with pre-installed
firmware.”

Is this for real?

------
fiatjaf
These days it's absolutely impossible to get any serious conversation about
any of these cryptocurrencies. Maybe you can do something with Bitcoin and
Ethereum, but for any of the others all the foruns and chats are just flooded
with crazy people.

~~~
pimeys
Tell me about it. I need to follow the tech and communities as part of my job,
and sometimes it's seriously hard to have any discussions e.g. in IOTA's Slack
channels.

On the contrary, Monero uses IRC for their communication and maybe because of
that I've seen more adult discussions in their community. Of course lots of
money being on the table, things can get pretty sour everywhere.

~~~
Gargoyle
It's a shame, quality conversation can help a coin project in the long run.
But it's clear that right now IOTA is in the pump-or-you're-a-fud-shill phase
and communication is impossible.

~~~
degif
Communication is possible if you talk to the right people. Keep in mind that
the people who are actually working on the technology itself or it's
adaptation and implementation are not hanging all day around on reddit or
#speculation channels. I'm running an iota network statistics page, so people
assume i'm more educated about iota and I receive clarification, technological
or simple development questions on Slack on daily basis. I do answer all of
them as best as I can, a lot of them have been evolved in pretty long
discussions and I have received the same attitude from other iota community
members.

------
hidiegomariani
I can just totally agree with the author. I had more or less the same
experience.

IOTA is totally immature in terms of development, technology and PR (see fake
partnerships and absence of public statement for the network status).

Apart from this it just look like a nice and interesting white paper but that
does not actually work in reality yet

------
chvid
Honestly this article tells more about crypto currency investors in general
than about this particular crypto currency.

------
steve_taylor
> RULE 3: ALWAYS wait for a transaction to be confirmed before sending
> anything else.

> Rule #3 is just another admission of a broken network. Really not much else
> to say.

It sounds like an admission of vulnerability to double-spending.

~~~
nebulous1
Not really. This isn't an actual vulnerability of the network to double
spending, it's just a wallet (or wallets) issuing multiple transactions for
the same coin (he may actually just mean the same address rather than the same
coin, so that you don't come a cropper of the private key issue). This is
possible in pretty much all cryptocurrencies, and their mechanisms for dealing
with it (ie only honouring one of the transactions) is one for the core
functions of any cryptocurrency.

~~~
nebulous1
Perhaps the downvoters can explain why that isn't the case.

------
AgentME
Heh, this article barely even touches on the full insanity of IOTA.
[https://medium.com/@neha/cryptographic-vulnerabilities-in-
io...](https://medium.com/@neha/cryptographic-vulnerabilities-in-
iota-9a6a9ddc4367) has a decent rundown on some of it. It's centralized on a
central coordinator because it fundamentally can't work in a decentralized
manner. It used a homebrew hash function that was vulnerable to trivial
attacks. It uses ternary math just-because of some extremely doubtful
efficiency claims for a lot of things, including the mentioned hash function.
(Some fun not mentioned in the article: They later replaced the homebrew hash
function with SHA-3 ... wrapped in ternary.) Also, it's centralized. That
means it has the downsides of a centralized service (entirely halts if the
central authority server has connectivity issues, including from DDOS attacks,
or if the company ever decides it's not worth it to keep running; central
authority could also censor transactions) without any of the upsides of a
centralized service (centralized service could work with dollars instead of an
artificial currency; centralized services don't need to broadcast transactions
to the entire network to work; no kind of mining at all needs to exist;
basically think Paypal) because it's a weird frankenstein made somewhat in
Bitcoin's image.

When the obvious vulnerabilities about their homebrew hash function came out,
the responses on many cryptocurrency forums were disturbingly cult-like.
Plenty criticized the people making the announcement as biased. There were
many posts calling out people involved with other cryptocurrencies for
spreading FUD because they're supposedly scared of competition from IOTA's
"innovation". Apparently no one recognized _Bruce Schneier_ ; I saw posts
calling him out as a small-time snake oil salesman. I've had at least a half-
dozen people try to explain to me how IOTA is paving the way forward with
ternary computation, optimizing their software for future ternary hardware.
... Man, if you thought general fandom sites were bad with blind frothing
fans, then you should see what it's like when money is involved like this.

>My next step was to go to the GitHub repository and take a brief look at the
source code. The IOTA source code is written in JAVA instead of C++ like most
professional cryptocurrencies are. That did not instill me with confidence.

Heh, this is probably the only positive thing about IOTA I'd agree with. Using
a memory-safe language like Java makes it exponentially harder for developers
to accidentally write remote-code execution vulnerabilities, and makes it
harder for malicious developers to hide remote-code execution vulnerabilities.
Most cryptocurrencies are in C++ because they're forks of Bitcoin, which so
far thankfully seems to have developers that can keep those issues out and
review each other's work. (Granted, if IOTA were just a Bitcoin fork, they
probably wouldn't have gone through the effort of making so many insane design
choices of their own.)

~~~
syllogism
> Using a memory-safe language like Java makes it exponentially harder for
> developers to accidentally write remote-code execution vulnerabilities, and
> makes it harder for malicious developers to hide remote-code execution
> vulnerabilities.

Weeell...In currencies like Bitcoin it's crucial that everyone have the most
efficient implementation. Otherwise nobody will bother mining, if they can't
do it efficiently.

I guess IOTA doesn't depend on the proof of work in the same way. But then
again, IOTA seems hopelessly broken?

As I was reading the article and the "promises" of IOTA, I was thinking, "Okay
so they must not be using Satoshi's solution to the consensus problem". It's
not surprising to hear they don't _have_ a solution. Sure this means the
software might not have to be efficient. But that's cold comfort if it
doesn't, you know, work.

~~~
AgentME
>Weeell...In currencies like Bitcoin it's crucial that everyone have the most
efficient implementation. Otherwise nobody will bother mining, if they can't
do it efficiently.

Parts that have very critical performance, especially proof-of-work code, can
be in native code. (And if it's modularized well-enough, that code could be
sandboxed to contain the damage of any vulnerability, so any remote-code-
execution exploit can only corrupt the mining process with nonsense without
being able to get to private key data.) Or a safe-and-performant language like
Rust could be used.

------
mcguire
" _IOTA is deflationary (has a fixed number of tokens, there will never be any
more, and has no inflation at all, no issuance schedule for new tokens). All
tokens which will ever exist were created on day one and pre-distributed to
people who signed onto the project very early._ "

Yeah, I'd push that pretty hard, too.

------
hmexx
What about the other DAG technologies like the one used by ByteBall? I’m not
crypto-intelligent enough to analyze them but could DAG be a credible
replacement for the blockchain? Iota is just a very well marketed option in
that space. Their execution seems shoddy.

~~~
sdwisely
disclaimer: I own some of these so I'm not without some bias.

Thus far I've been pretty impressed with Raiblocks (XRB). Near instant (1-5
seconds depending on the wallet in my tests so far) and fee-less.

I'm pretty keen to check out the other DAG projects after this one.

~~~
rileyphone
The whitepaper
([https://raiblocks.net/media/RaiBlocks_Whitepaper__English.pd...](https://raiblocks.net/media/RaiBlocks_Whitepaper__English.pdf))
is actually very readable, I really like it. Too bad it's almost impossible to
buy right now.

~~~
wrinkl3
The author is also a LLVM engineer who's worked for Qualcomm, Dell and AMD.

------
bsamuels
why would you dump $2,000 dollars into a crypto coin you don't understand

~~~
kogepathic
The author dumped a lot more than $2,000 into IOTA.

They mention buying 26,000MI at $0.85, which would be a $22,100 investment.
Just 5,600MI was worth $28,000 at $5/MI.

Why anyone would put that amount into a cryptocurrency they don't find
trustworthy is beyond me.

~~~
dmichulke
> Why anyone would put that amount into a cryptocurrency they don't find
> trustworthy is beyond me.

The richer you are, the more likely you'll consider 5k small change. Same
reason why the big bet poker tables have non-experts sitting there.

~~~
Gargoyle
There's a dead reply here that mentions a very, very good point.

There's a HUGE sum of money out there that people made as early bitcoin
investors. For various reasons, large portions of it are being gambled in
other cryptos. The nature of cryptoexchanges make this easy to do, and it's
without question inflating other coin markets.

It's been this way since forever, but now BTC is worth so much that the effect
is much more prominent.

------
cjhanks
This is possibly the best bug report of all time.

[https://github.com/iotaledger/wallet/issues/762](https://github.com/iotaledger/wallet/issues/762)

------
xg15
Pardon for off-topic, but the arguments he makes about double-spending (the
third "rule" from that linked forum post) made me realize I have some gaps in
my understanding how Bitcoin handles overlapping transactions.

Suppose I have an address with 0BTC balance. (i.e. I have the private key of
it on my PC. There isn't yet anything about that address in the blockchain.)

Some other person sends 100mBTC to that address. I can see that the
transaction has spread through the network but it hasn't been added to a block
yet.

Because I'm overly trusting and/or in a hurry, I _don 't_ wait until it's
confirmed but I immediately send another transaction that sends the 100mBTC to
some other account.

If a miner first picked transaction #1, added it to a block, then added
transaction #2 to the following block, both transactions would be valid.
However if a miner tried to process transaction #2 first, it would be invalid.

So what would happen? Would miners bring the transactions into correct order
and validate both, only validate #1 and reject #2 or reject both?

~~~
nebulous1
Bitcoin transactions aren't as simple as "send X BTC from address A to address
B". What's actually happening is that each transaction contains a number of
inputs and a number of outputs, all of which have unique hashes (used to
uniquely identify them in the system). Each input must either be a previous
output, or the special case of no input in the generation transaction that
each block miner gets to create (this assigns the bitcoin generated in each
block and any fees accumulated from the other transactions).

So, if I send you 2 BTC to a single address, the transaction will probably
have a single output. If you then try to send somebody 1 BTC your transaction
has to use the entire 2 BTC input (which was the output from my transaction to
you), but will have two outputs, 1 BTC with an output for whoever you're
sending it to and another 1 BTC to an address your wallet controls.

So your transaction in the above example has to refer to the 2 BTC from my
transaction by unique hash, it's not simply saying "send any 1 BTC from this
address". This is all dealt with by your wallet.

Due to this, if transaction #2 was being processed first it would be using an
input that didn't exist on the blockchain and would therefore be invalid.

~~~
xg15
Thanks for the explanation. This clears up a lot!

------
mycall
> You do not release financial software to the general public in such a buggy
> state

and there it is, the inherent confusion between public expectations and
programmers WRT cryptocurrencies.

------
JonasJSchreiber
Great post, I was wondering why transactions were disabled to
binance...appreciate the info. And the warnings.

------
jayjay13
the recent network issues are really annoying but if you run your own full
node tx are confirmed in max 20min. something that should be kept in mind IOTA
is in early beta and was always promoted as that. when people start to pump it
and without reading an announcement right, why should that be iotas fault? and
about the usability of iota, when have you started with cryptos? go back to
2011 and look for a good usable wallet (hint: you won't find anything). iri is
a reference implementation a C and Rust Version is in developement.

IOTA is clearly about to proof that their protocol works, here some brain
food:
[https://arxiv.org/pdf/1712.05385.pdf](https://arxiv.org/pdf/1712.05385.pdf)

~~~
tfha
They are about to prove their network works after making unreasonable
assumptions as prerequisites to the proof.

~~~
jayjay13
can you spot me to this unreasonable assumptions?

------
wslh
BTW, administrative issues: I wonder why my previous post with the same link
less than 1 day ago was not reused for this thread
[https://news.ycombinator.com/item?id=15935601](https://news.ycombinator.com/item?id=15935601)
is this a HN bug? Just today I tried to post an article already posted three
days ago and I was directed to the first post thread.

~~~
watoc
There is a query parameter "m=1" at the end of this URL. I guess that's why it
wasn't marked as duplicate.

~~~
wslh
That is a HN bug since the canonical page is without that suffix:

    
    
      <link href='http://codesuppository.blogspot.com/2017/12/iota-tangled-mess.html' rel='canonical'/>

------
jondubois
I think that there are still problems with the algorithm. The tangle was in a
bad shape a few days ago and I considered selling my IOTA but I decided to
hold because based on my understanding of how the tangle works, these problems
are fixable.

Until I find something fundamentally wrong with the idea of the tangle, I'm
going to hold.

------
incredimike
Where did this post go? Did the author get a takedown?

~~~
forvelin
I am also curious about that...

------
It3ration
This guy is blaming the Iota founders because he doesn't understand computer
science? Their whitepaper is organized like any other publication in computer
science. As for the Java vs C++ comment, he's simply uninformed. Not to
mention there are many ports in various languages. I wish he'd done some
research before posting bogus rhetoric.

