The crypto space to me is really frustrating. I've seen friends become something very close to scammers, I can't have interesting technical discussions about the topic without being called doomsayer and even when I pitch an idea what to use the Blockchain for, all I get is:"let's do an ICO and raise a shitton of money!" although that doesn't really make sense towards what I'm proposing.
I feel like the nerd in class that hopes that the teacher (regulatory bodies) will pinch those bullies so we can get back to topic. I hate that feeling.
I had a conversation with a guy creating a crypto startup recently. It only took five minutes in before the thin veneer of an actual business model fell away and the real motive—free money—starting coming out.
His position, distilled: if people are stupid enough to give me money, who am I to say no?
I suggested his easy money might not be so easy if (for US investors) the SEC, FTC, CFTC, etc. crack down and claw back investor money. Maybe that's fine if you've become hugely profitable in that time, but if you haven't...
> if (for US investors) the SEC, FTC, CFTC, etc. crack down and claw back investor money
A counter argument I saw first on Hacker News and then in real life approximates “decentralised currencies make it impossible for governments to enforce laws.” (Obviously wrong, shockingly so, but appears to be a meme in the crypto community.)
I agree with your friend. Dumb people will give away their money anyway. Might as well give it to me. What's wrong with free money as long as I'm not doing illegal stuff.
If investors are giving money based on lies, there’s a legal system in place to help them recover failed fraudulent investments. I’d wager in many cases investors know exactly what they’re investing in. So I don’t see any ethical/moral conflicts in a lot of these BS cryptocurrency schemes, just a lot of wasted potential and a somewhat shameful divergence from the idealistic core tech - private, trustless transactions through a decentralized blockchain (bitcoin).
I almost didn’t write it and knew I’d be downvoted. Many folk that hang around HN are very idealistic myself included. My main point is that you shouldn’t feel sorry for cryptocurrency investors; many know exactly what they’re gambling on. Easy money and BS “tech innovation” being used to grab portions of that cash pile is the reality I see. What’s your opinion of the mkt?
> My main point is that you shouldn’t feel sorry for cryptocurrency investors; many know exactly what they’re gambling on.
This category is broader than you imagine and now includes unsophisticated individuals who can't tell the difference between the blockchain and a bike chain. Lately, I've been hearing a lot of "invest in bitcoin" talk from people who are not well-informed, and do not know what they are gambling on. What's illegal for penny stocks should be equally illegal for cryptocurrency - the Feds should crack the whip.
It's not hard to understand the high risk, high reward investment principle. There are plenty of safe index funds, blue chip stocks, and bonds available to retail investors/unsophisticated individuals. It's not difficult to understand that cryptocurrencies are highly speculative. I would never advise my parents to buy bitcoin, ethereum, or any other cryptocurrency without adding the caveat that they be prepared to lose everything in an exchange hack or some other shady behavior.
I can understand the need for the SEC to protect investors when it comes to investment into traditional companies - regular people can't read a 10k and don't sit in on analyst calls that are mandated for public companies registered with the SEC. But if you're investing in an unregulated, highly risky asset, where you don't understand any of the assets or technology the company owns...come on man.
> But if you're investing in an unregulated, highly risky asset,
A lot of people are about to find out that cryptocurrencies are, in fact, regulated. It's weird to see some techies agree with the idea that "pedestrian thing, on a computer" patents are invalid (because the "on a computer" bit is irrelevant), but when it comes to "fraud/misrepresentation on a computer", then it suddenly needs to be legally special-cased as somehow different. Intangible/abstracted assets predate cryptocurrencies - there's nothing new about crypto in the eyes of the law.
It’s not the baseline in cryptocurrency, and my point is both the ICOing companies and investors are in on the game so nobody is fooling one another. I don’t have the stomach to spew BS for money so I’m not involved in the ecosystem. But I think you need to be a bit more realistic and not view investors as just a class of people that are being ripped off - most, especially bigger/institutional are savvy with their money.
It is genuine, I appreciate your comments though. The comment I found depressing as it highlights (to me at least) the erosion of what was a community/culture I respected.
Perhaps I'm just an old fool.
EDIT : Just to say I've ensured my email is in my bio now.
A lot of my ideas for blockchain technology work a lot better using ETH for example, rather than yet another token. I think we'll need to wait a few months/years before the ICO craze dies down and we can get back to focusing on building tech on top of Bitcoin/Ethereum without the word ICO.
Humans can be kind of money motivated. Such is life. For me one of the interesting things with crypto is whether you can use that for something positive in society.
...the greatest conqueror in history, a conqueror possessed of extreme tolerance and adaptability, thereby turning people into ardent disciples. This conqueror is money.
Don't worry free market will sort it out eventually. Dump money will run out after a few big project failures. Investors will be more sophisticated. It's a new market and what's happening now is natural, it's the same as dot-com bubble. Smart regulators can help free market to get rid of dishonest projects. But the common problems with regulators is that they are not smart and they are slow to fix their mistakes if they ever acknowledge them. Bad regulation can kill the market.
If you want examples of where the free market you can look at any of the tragedy of the commons. In these situations, government helps. There is an endless list of the stupidity of the free market.
Yet there are some resources that are hard to privatise, for instance the atmosphere. Government regulation is what turns the commons (which are open to tragedy) into either tightly regulated (for example, dumping of hazardous materials) or a free market (for example, emissions trading).
Without the government interference, the market wouldn't exist. To some extent that goes all the way down to buying your groceries, because without some government, nothing would be stopping someone with a bigger gun coming in and stealing whatever groceries they want.
We tell this to "both sides" all the time, as you can check by looking at the comment history. If there was another egregious comment in the thread that we didn't chide, the likeliest explanation is that we didn't see it. We can't come close to reading all the comments.
Edit: nukeop's comment was a bad one because shallow and snide, so I'd say it was correctly downvoted. But I wouldn't say it rose to the same level of off-topicness and guidelines violation as your comments in this thread did. We're really trying to avoid generic ideological tangents here.
Even Hayek, so beloved of Thatcher and Reagan, sought to regulate and price externalities due to failures of the free market:
“Nor can certain harmful effects of deforestation, or of some methods of farming, or of the smoke and noise of factories, be confined to the owner of the property in question or to those who are willing to submit to the damage for an agreed compensation. In such instances we must find some substitute for the regulation by the price mechanism.” (From Road to Serfdom)
I think Bruce Schneier's take was particularly prescient: "In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake. It says that no one of any calibre analyzed their system, and that the odds that their fix makes the system secure is low."
The question is, though, is this going to make a difference to the people playing? Very little about the crypto space makes any sense. It's in a lot of ways just a database but harder -- so much harder -- because the community insists nobody can be trusted. In reality there are very few situations in which you really can't trust one other entity.
I’m beginning to feel that any type of gentle academic evidence of flaws in a given scheme or technology in the crypto currency space is blasted as “FUD”, so
Here’s a though exercise: if all the cryptocurrency communities call out research as paid shilling FUD, are we morally obliged to exploit weaknesses and attempt to demonstrate flaws with actual real collateral damage?
That's the world today - ignore facts that don't agree with your reconceived views and deny deny deny.
The problem with exploiting vulnerabilities for personal gain is that you're hurting more innocent investors, too. It's kinda like carpet bombing, in that you'll accomplish your goal of killing the enemy, but you're taking a lot of other people with them because they have a spurious link.
OTOH, maybe you can gain enough influence to make changes that would marginalize or punish the corrupt operators. A lot of these quasi-cryptos have a hidden layer to prevent this (Ripple, IOTA, etc.). Their coins are more like unregulated stock in the founder's company than a decentralized machine. I'm not sure if that makes them more or less susceptible to a single, strong outside force. They could simply delete your coins, but without knowing the exploit that's just temporary. You would have an actual target (other than 'the system'), which you could pressure (aka blackmail), but they could cash out immediately and walk away.
If I was running a scamcoin (and a terrible person) I'd probably bring the exploit finder into the inner circle to gain positive media (with the associated price bump), wait for the first major act of the new person and then cash out, step down, and disclose the vulnerability. Spin it as the new person trying to cover up problems they caused or improperly addressing the original problem and preventing a good solution.
To counter that, the exploit finder could condition their involvement on releasing the hidden layer's source as a matter of transparency, but really be working on a way to fork without the hidden layer or replace it with a democratized layer. Now you can claim the founders were greedy and didn't want to fix the exploit, and that your working solution was rejected because it took away their ability to manipulate the market. Turn it into an announcement of the new 'fixed' coin.
It'd be a fun movie plot, but probably terribly boring to watch.
As an aside, is there anyone else extremely disappointed with the quality of discussion over at /r/cryptocurrency? This conflict over IOTA has been unfolding for a long time and the guys on that subreddit defend it fanatically, accusing DCI of "FUD"ing IOTA. I am not sure if the subscriber base is technically illiterate or users that hold a given coin have a strong incentive to dismiss any criticism.
As someone fascinated by the technology in the crypto space but very skeptical about the real-world usefulness of many of these projects, I wish I had a better forum to read beside the odd HN post.
> This conflict over IOTA has been unfolding for a long time and the guys on that subreddit defend it fanatically, accusing DCI of "FUD"ing IOTA
It's not just IOTA. It's more or less any of the top 10 / 20 (by MarketCap) Crypto-currencies on the respective sub-reddits. It's especially bad on r/Ripple where anything critical of Ripple / XRP is instantly deleted by the mods in the name of F.U.D (Fear, Uncertainity, Doubt), and even a small +ve news is posted several times in a day, even trials of Ripple that doesn't even use XRP for the transactions.
From what I've observed on r/Cryptocurrency and related coin subs on reddit over the past month or two, Reddit is being carefully manipulated by whales and scam coin creators to attract bag holders and manipulate the markets for a quick profit. And many of the mods engage in circle-jerk postings, maybe they are in on it too. Who knows.
Usually you can trust ~50% of the information in popular 'specialty' subreddits, but the crypto subs are straight up useless beyond major headlines. Even then, the discussions are 90%+ trolls and shills and 10% memes. Steem and Bitcoin Forum have been better, but all around the larger problem is that things move so quickly that the information you're looking for is probably no longer accurate.
The chaos is one of the most interesting factors for me. It reminds me of the internet circa 1995 - you have to do your own research, estimate/predict larger trends in information flow, and have a finely tuned bs meter. The biggest barrier to entry is that no one is trustworthy, so even your tools need to be properly vetted or self-made because unlike the 90s internet, the thrill of finding a vulnerability may carry a substantial reward.
I do think there is a legitimate opportunity in the crypto space and 'believe' in the underlying tech. You just have to ignore all the folks building their rockets out of lead and toilet paper while rofling about their moonshot, sneak past the whales, and slip between the trading bots.
One other interesting aspect I don't hear mentioned often is how this comes on the heels of the Russian election meddling and the similarities in tactics. If crypto has any real immediate use for the average person, it's a good way to gauge how susceptible you are to propaganda. Invest (enough to sting if you lose it all) and see if you can turn a profit. Force yourself to put part of that money into an obvious scamcoin and keep track of how you relate to discussions surrounding it. Crypto can be a psychological playground if you let it.
There may be people in on it, but I wouldn't be surprised if it's overwhelmingly just people defending their position. I've seen the exact behaviour I see at r/cryptocurrency in video games. No Man's Sky pre and post launch was exactly the same. Sensible people casting doubt on what it is you actually do with the game, being shouted down by those who are convinced it's going to be the greatest thing ever. Then lots of defensiveness against all the post-launch signals that it's a mess.
People who have bought into something will become more entrenched in their views because doing otherwise will cause a "loss of face." It's understandable really, nobody wants to admit to being duped.
you have a severe case of hindsight bias. nms has perhaps the most outspoken hatred of any game launch ever. heck how long ago did it come out? Year+? and you're still whining about it.
Do you (or anyone here) have any recommendations regarding subreddits for technical discussions regarding blockchain/cryptocurrency tech? I've seen /r/CryptoTechnology recommended in the past, but I haven't seen too much interesting discussions there yet.
I've also been looking but haven't found any better communities. A cryptocurrency StackExchange has been suggested [1], but hasn't happened. Bitcoin.SE and Ethereum.SE do have some good general content, but you have to filter through a lot of BTC/ETH specific content to find it.
> I am not sure if the subscriber base is technically illiterate or users that hold a given coin have a strong incentive to dismiss any criticism.
Both of those are highly representative of the demographic that want to discuss such things on reddit. Others are often even moderated against from some of what I've seen and thus discouraged from discussion. I don't know about that specific sub-reddit, but it certainly happens in some. It's an important echo chamber for exuberant hype so people have a vested interest in protecting that in the mostly unregulated market.
> I am not sure if the subscriber base is technically illiterate or users that hold a given coin have a strong incentive to dismiss any criticism.
Why not both?
Most of those crypto currencies smell like MLM schemes for people who scoff at housewives doing the same with physical products. Get rich fast at the expense of the late comers, you can do it! Start by getting your family and friends in it.
The old goals of making a decentralized money to fuel revolutions disappeared fast once the only users ended being pure criminals.
I think that if half of their ideas could actually work and be secure, it would be a good thing. If IOTA was a real thing for example I would happily be apart of that community. Unfortunately it's a total waste of time. I remember avoiding IOTA early on due to the arrogance of the founders, I really didn't like their tune.
I know most of Hackernews hates Ethereum, but I really like Ethereum and their ideals, although I am mostly anti ICO. I'd prefer most of these DAPP ideas to be using ETH and not yet another token.
Even though I'm also more of a cryptocurrency-skeptic (though mostly in regards to their utility vs. the environmental cost of proof-of-work), one thing I appreciate about Ethereum is that its design decisions and the building blocks of the system seem to be well-documented on their Wiki and have at least some academic rigor to them. This already differentiates them from stuff like IOTA.
It does? I admit I'm pretty ignorant of the nuances of all the little alt coins, but I know Ethereum has something to do with distributed applications, with a VM, and I've always thought that cool in the abstract. (though I have no idea what I'd do with it.)
Just probing for information, not trying to have any "tone", do you know what the distaste for Ethereum is rooted in?
I never got the impression that HN “hates” Ethereum, but I will say that the primary language used for writing smart contracts on the Ethereum blockchain has some disconcerting properties.
It is still not entirely clear to me how much of these things are problems with Solidity (name of said language) only, or if any of those issues are core to the Ethereum Virtual Machine (EVM) itself.
I remain hopeful that other languages targeting the EVM will bring to fruition the full potential of Ethereum in a safer manner.
Also some people dislike the fact that Ethereum is executing every program for every message on every blockchain node. I agree that it would be better if it didn’t have to do so but I don’t know how it could be avoided in a distributed trustless system.
Name say, four of these smart cities they've built with IOTA, those would be real things. In contrast, even though the city council is a real thing, and candidates for city councillor are real people, and the leaflets through my door are real pieces of paper, the pictures of a would-be councillor "Yogic flying" do not mean that it's actually possible to levitate using the power of your mind. Yogic Flying is not a real thing in the sense we mean.
Yes. Tweet appears to have been deleted in the last few hours.
The reddit shill story I linked to is also showing as [REMOVED], but someone in this thread found the archive.is link for that shill story and posted it in this thread.
I certainly am disappointed. I'm not entirely sure why I expected more from reddit, I mean, comeon, it's not twitter! ;-) My guess is that it's a mixture of illiteracy (innumeracy?) and invested interest.
I agree. It feels impossible to find a cryptocurrency forum that's not filled with shills.
Someone should train an AI to detect shilling and use it in the comment ranking algorithm of a forum. Of course they'd probably release a whitepaper and do an ICO.
The amount of brigading by IOTA community also shows how toxic it is. Just look at the comments on the ieee article. Or the some of the tweets. They were also spamming the /r/MIT subreddit about the DCI.
Just watching this all unfold is making me realize how toxic parts of the cryptocurrency community is and it's making me really sad.
> The researchers disclosed to IOTA that the hash function they were using, which was an in-house concotion called Curl, was broken.
Classy. Not only do they keep their cryptocoin proprietary, they did use a proprietary hash function too.
I wanted to predict the inevitable fall of the currency but realized that the enterprise might just turn into a bank. If they are the gatekeepers to every transaction, they are already sort of a bank. An unregulated bank. With their own bank notes.
Is there any (valid) reason why someone would want to use their own hash function? Secure hash functions, as far as I am aware, are pretty established and widely available and really easy to use..
that knowledge while widely available within the engineering community isn't a given outside that circle. We're kind of arguing in a bubble. From a marketers pov they can sell it as "revolutionary proprietary PQ-proof, AI resistant and other made up bunch of words", and the masses buy it and don't care about it as long you tell them it's safe.
The market today isn't controlled by engineering or common sense but by whoever shouts the loudest. And once people/companies commit to a certain technology (ideologically and/or financially) it'll be even harder to convince them of them betting on the wrong horse. Why bother with any solid (expensive) engineering practices when you can just raise money based on a whitepaper, entice the first investors by pointing to a hoard of shills all backing your warez, then use the noise generated by ICO promises to ward off any critics. So all you need to do is make your tech political and you can get away with anything thanks to the noise.
Rolling their own broken crypto wasn't the only problem that made infosec community get outraged. Bypassing peer-review processes and then threatening with litigation and insulting researchers ("Hi Neha, are you drunk?") was all part of why nobody wants to touch them with a 10ft pole now. The worst of it is that none of this will stop IOTA from continuing on this road and they'll just play the same game that Trump plays with his hardcore supporter base. Forget about arguing with technical arguments because they'll just wear you down as the discussion with Matthew Green has shown. When their lead engineer thinks that a hash function doesn't have to be collision resistant then there is simply no point in wasting your time trying to make them see the problem (they won't)
if you understand the Math and agree that whatever you do needs to go through a proper peer review then why not. Saying "nobody may research the subject because you'll fail" is bad science. If you work in this space, know your Math, and don't rely on your invention to be put into production this year then why not study the problem space and innovate by following the established best practices!?
Problems arise when someone thinks they should now turn this invention into a money-cow or label it "proprietary magic" (under the pretext of protecting IP/copyright).
> if you understand the Math and agree that whatever you do needs to go through a proper peer review then why not.
Because crypto is really hard and you can't prove your new algorithm is secure. Only after being a popular high value target for years can you have much trust in your new hash. Even SHA2 might have flaws nobody knows about - that's the main purpose behind having SHA3 standardised - as a backup.¹
If you are not the designer of the algorithm it's even worse, because an exploit could be put in intentionally by proper choice of constants which are in some cases undetectable.
Well, as IOTA targets embedded devices (I guess the reason Bosch is interested) they should have enough knowledge to form an opinion about transaction sizes:
"transactions in IOTA are 10KB (in contrast, Bitcoin transactions are on average 600B)" [1]
I abandoned it after hearing about the Curl debacle, and trying to abandon it (and selling all of my $100 worth of IOTA) just validated my decision. The wallet couldn't show the right balance unless I "reattached" a bunch of times, and, get this: In order to validate a monetary transaction, the wallet transmit zero-amount "validation" transactions that refer back to the original one, essentially validating itself. Such secure.
I appreciate how the example collision (page 18 in the email dump) uses the lyrics of "Push it to the limit" by David Hasselhoff. The number 9 seems to be appearing a lot both in the collision raw text and previously when they refer to the bleed. I guess it has something to do with the function being based on trinary logic - could there be another flaw there related to this?
Also kind of amusing seeing the different sides of the IOTA team: Sergey is antagonistic and difficult to communicate while David tries to smooth things out and get everyone to play along nicely.
My favorite part was the IOTA folks insisting that their 'higher level' protocol would fix all their rookie mistakes. (Yes! We intentionally built our castle on quicksand! But look how hard the walls are!)
It's a great example of why you need to start from sound foundations.
My favorite part is that they don't seem to understand the concept of hash collisions at all! ("ONE collision, nah that's nothing" [1]) and when JP Aumasson explains a possible attack the response is basically "Who would do such a thing?" [2]
Irrespective of whether IOTA has issues or not their constant hostility is surprising to say the least. If you run something in public domain there are going to be people coming after you. And people need to learn to adapt which IOTA is sorely lacking.
Interesting that after much bad news on IOTA, the market is still pricing IOTA well https://www.coingecko.com/en/price_charts/iota/usd
market is ignorant, uninformed, or its all none total speculative
Everything about this project is weird. I started looking into it since I do IoT stuff and there was so much hype.
Then you find out about the curl issue. The unnecessary ternary. Read the white paper and all issues with tip selection was "solved" with hand waving. Then you find out it doesn't even have a client that works on a typical IoT device... Reading the email chain made it ultimately clear: these people have no idea what they're doing. They just threw a bunch of random ultra cool sounding tech together ("post-quantum crypto", of course) and started hyping, while the code never worked. Obvious scam.
Sergey appears to have attitude issues and the IOTA team have serious damage control issues, but the MIT team also, maybe wisely, appear obstructive at certain important points. In paticular the probability of attack in the wild seems a valid question that was never dealt with by the MIT team? (Disclosure: I'm not invested in IOTA one bit, nor is anyone I know)
What I witnessed after reading through all those letters is a common clash I see over and over of two types of cryptanalysts: Those whose knowledge grew in resource expansive environments (internet/cpu space) and those whose knowledge grew in resource constrictive space (e.g. satellite broadcasting). In particular they clash on the idea that there can ever be a valid use case for a less-than perfect security schema, so-as-to provide certain desired resource benefits, while still being sufficiently secure for a specific use case.
Cryptographers dance around who has perfect security at heart, never getting down to the issue: that they disagree on necessary trade-offs. By the time they do get to it, one will disengage entirely from conversation and assume the other is just stupid. That has happened here (both sides I think). It's a common outcome.
(Disclosures: I worked as a software+hardware reverse engineer, not cryptographer, in the satellite TV space. So I'm not anything close to an authority on the topic but was around these debates often.)
You don't need code to prove that a vulnerability exists, it is sufficient, especially for crypto primitives like hash functions or cipher rounds, that there is a mathematical vulnerability that can be potentially exploited.
discussing vulnerabilities is misleading since it's in this case not something you can put into a PoC. It's not code that's vulnerable¹. The whole argument is that the math is wrong but more correctly should be that the behavior of Curl has never been defined. You can't proof something doesn't behave the way it should when it was never defined what that behavior is in the first place.
Somehow I doubt kind of people buying IOTA are going to abandon it just because the core team is incompetent.
And to be honest they may be right. Because crypto offers instant liquidity, unlike in venture the people who are going to make the most money aren't necessarily going to be the best at picking the winners.
IOTA has seemed questionable for quite a while, and I'd also urge people to stay away from it, but is it just me or is Green's conduct here pretty out of line?
He says:
> If you want a postcard summary of why you should avoid the Iota project — with your brains and your money — this conversation is it.
but if you read the conversation he's referencing, he doesn't come off as reasonable in it either.
I am a researcher in cryptography who just read the full email transcript posted at [1]. I found Ethan and Neha's email responses to be patient and sincere.
In contrast, the IOTA team members Sergey and David have no idea what they are talking about. The IOTA constructions were broken, and instead of understanding that, they made bogus points and tried to attack the four DCI researchers in various ways.
In that context, I think Green's tweet represented a bit of frustration at the way public rhetoric is being misused.
It doesn't surprise me that IOTA followers are toxic considering the founders are toxic individuals. I find it interesting how IOTA founders are the complete opposite of Satoshi and Vitalik.
I am an avid follower of the current crypto space and I cannot grasp how unprofessional and immature the IOTA team handles their issues. It's almost as if 75% of the crypto space as of late is ran by children/teenagers/adults which cannot grasp the basic concepts of being civil to one another. This is all very unfortunate for the overall growth and perceptions of the crypto community as a whole
that's what happens to people when they feel like they're competing in a closing-off market. want to see a similar level of people clawing at each other's throats, being petty & antagonistic, competing for scraps? look no further than the music industry, especially the amateur scenes. more beef than an industrial cattle farm.
I feel like the nerd in class that hopes that the teacher (regulatory bodies) will pinch those bullies so we can get back to topic. I hate that feeling.