reddragdiva: (geek)
2018-07-30 09:22 am

European sysadmins and devs: what have you been doing for GDPR?

I've been doing GDPR stuff at the day job.

tl;dr: Nothing about this is hard ... unless your business model is to abuse your customers' personal data. Then it might be hard.

Fundamentally: REGULATORY COMPLIANCE IS NOT OPTIONAL. Complaining on Hacker News won't make it so.

(I routinely see the loudest complainers about the onerous nature of GDPR compliance suddenly get vague or stop posting when you ask for details of precisely what bit is so hard for them in particular. So far, it seems a safe assumption that they're abusing personal data, and they know they're abusing personal data. Perhaps one day a clear exception will show up.)

There are no roving gangs of GDPR inspectors, waiting for you to slip up so they can find you 20m EUR. This year, in fact, I would say that the most important thing is to do your sincere best. That alone will put you in the top 5% of companies.

Actual GDPR compliance in practice for me so far involves fairly mundane dealing with technical debt. You need to approach this as "we have run up a pile of technical debt, we need to clear it down."

The threat model we're working to is: "querulous upset customer sends GDPR Nightmare Letter, will complain to the ICO if we don't fulfil our obligations."

The GDPR "Nightmare" Letter is not that nightmarish — and it makes a lot of sense if you read it as A List Of Technical Debt You Can Finally Get The Mgt. To Pay For. Because, you know, it actually is. That letter is a blessing.

Despite the increasingly fevered GDPR horror fan-fiction favoured by American commenters, there's no reason to panic — but there is excellent and useful material to get management to finally pay for you to do things properly. I've greatly enjoyed having a GDPR stick to wave and say "no, actually, it's illegal for us not to do this right" or saying "no" to marketing when they think they're being clever.

I must note — we're doing this by the seat of our pants, because, like most businesses, we didn't get into the heavy-duty slog of breaking down our GDPR issues until the last moment either. There's probably better ways to do lots of this, and important stuff we haven't thought of.

The universal GDPR experience is "I never knew just how many systems we had." Someone's going to need to make a proper list.

Our business's interest is to keep our users happy and thinking well of us and keep them as customers for decades. I am delighted to note that the techies are very onside with the GDPR, and what it means in terms of your responsibility as a technologist for the things you build.

The GDPR effectively mandates that you make any database with personal data in it easily redactable. Every pile of data containing personal data needs to be easily redactable — or it needs to be deleted as absolutely soon as possible. Make redaction easy for yourself.

If you decommission an application — you don't keep the final database dump around "just in case." Backups containing Personal Data also need to be deleted as soon as possible.

(I've personally taken great joy in killing a bad idea by saying "certainly, we can save that for you! I'll just tell the data protection officer that your unit's accepting redaction responsibility, and ... oh, you want to delete it? I'll get right on that.")

We've just realised that some applications will need to run (at least) two separate databases — one handling PD and one handling mundane data. Responsible businesses already handle credit card numbers separately, for instance — but you need to do this with any PD.

When we do a new project, one of the handover steps before it's allowed to go live is a GDPR assessment. Note that staff data counts as PD, e.g., employee actions — it may or may not be redactable, but you should definitely note it.

Dev/stage DBs are typically a snapshot of live. PD in these counts! We've had a redaction where we had to redact the dev and stage databases just as we did on live, 'cos updating dev and stage was very long-winded. (The proper solution is, of course, to make updating easier.)

Apache logs count as PD — they contain IP numbers, and probably login cookies. So if you want to analyse these, do it early, so you can throw the PD away and keep only the impersonal aggregate. We now keep these for 30 days on the server and in our Kibana — we're pretty confident that's legit sysadmin/security usage — and need to work out what to do with them after that. (Ops is heavily advocating Just Delete It.)

So far the only real pain point has been a redaction request for data in our Magento — and at least half of that is because the company we thankfully outsourced the horrible pile of trash to are not so great sometimes. I would be delighted if the business were to decide Magento was too much trouble GDPRwise.

All of this is sensible and obvious with a moment's thought. But the thing is — this is technical debt you had piling up for the past two years anyway. And were ignoring all that time. Personal data is a radioactive toxic waste pool, and must be handled like one.

Everything in the GDPR is stuff you should have been doing anyway, and you know it. That's precisely why the apocalyptic GDPR fanfic is so weird. They're going "BUT WHAT IF YOU HAVE TO DO REDACTIONS FOR THE MARTIANS" and I'm going "dude I've literally been doing GDPR and it's easy if you're not a dick."

I posted the above to LWN and got a few responses. Main difficulty is how git should handle the likely GDPR redactability of email addresses, which is a tricky one.

So! What have you been doing? Is there anything I've missed?

Apocalyptic GDPR horror fanfic is off-topic and liable to be deleted. Looking for your practical on-the-ground issues.

reddragdiva: (geek)
2018-05-06 12:34 am

book progress

I just spent 7 hours today doing nothing but going through the blog (good Lord I post a lot) and noting down stuff that would be on topic for the second blockchain book. It's been a heck of a year, hasn't it. Soooo we'll see if I get to these any time soon. I have 4000 words of notes and my goodness there are so many stories to tell. The working title is now "A Buttful of Fistcoins," just to make sure I definitely cannot use it.

Things I should do this long weekend:

  • Similar hours of notes for "Roko's Basilisk", or perhaps some prospective text
  • Script for a prospective audio book. I need to do Intro and ch 2, and note glitches in the reading of ch 1.
  • My own accounts to some degree, then they might be in usable order by January.
  • A ton of house stuff and stuff, the place is a pit. Tidy, change sheets, you know.
  • Start yet more mead off.

Things I am doing this weekend:

  • Reading books. So many books. I have Kindle Unlimited and I'm hitting the self-published punk rock books hard.
  • Reading Worm fanfic, because there is little better to waste hours upon.
  • Eating things that disagree with me 'cos I like them.
  • Sleeping more. I remember sleep patterns.


reddragdiva: (stress relief)
2018-04-24 11:39 am

What would you like to see in a book called "Roko's Basilisk"?

I would like your assistance in the eternal and vital work of increasing existential risk.

Specifically: I've written a surprisingly popular book about why bitcoins and blockchains are trash. I basically have a second part-time job now as a finance journalist, which supplies a bit of welcome cash.

But sales are dropping off - so it's time to write the next one.

The options are:

  1. The Good, The Bad and the Blockchain: For A Few Bitcoins More - the obvious sequel. I have a blog full of material to adapt. It won't be as incisive or impactful as the first one, but it should sell at least a few copies.

  2. Roko's Basilisk: A Savage Journey to the Dark Heart of the Transhumanist Dream.

I wanted to ask what you would like to see in that second one. That's one hell of a subtitle, but never shrink from audacity after all.

If you saw a book of that title and subtitle:

  • what would you expect to see in it?
  • what would you really like to see explained in it?
  • what “take that you shitheads” swipes would you be delighted to see someone finally writing up?

I should point out - this may have slight commercial prospects. Apart from the mention of the Basilisk on Silicon Valley, Tom Chivers (the science journalist) is writing one about these people too, through a real publisher. We've spoken about the topic, and basically I think both books will promote each other - one is a weirdness, two is a Thing.

reddragdiva: (geek)
2017-12-30 03:05 pm

Quick notes on how to de-DRM Kindle books on Windows 10.

Here is how to de-DRM the books you damn well paid for, and convert them to ePubs.

The Kindle software for PC doesn't work in WINE and I couldn't be bothered with the faff to set up DeDRM standalone, so I used [personal profile] arkady's old Windows 10 laptop that was sitting around spare.

You can install Windows 10 in a VM, e.g. VirtualBox! You don't need to authenticate it. Just download the ISO from Microsoft and authenticate at your leisure, or maybe never. I gave it 2GB RAM. Taylor Swift says set UAC to full.



  1. Rather than the old AZW format, Kindle now tries to download in its new KFX format by preference, so we have to nobble that — DeDRM has only just started on supporting it. Per this page, open a CMD window and run:

    ren %localappdata%\Amazon\Kindle\application\renderer-test.exe

  2. Open the DeDRM zip file. Inside that you will find a folder called "DeDRM_calibre_plugin" and inside that you will find a file called "". Get that second zip file (don't unzip it).

  3. Open Calibre. Open "Preferences". Go to "Plugins". Click "Load plugin from file". Load the "" from the previous step. Close Calibre (so that it'll load the plugin next time it starts).

  4. Open the Kindle app, log yourself in, download your books. (You need to log into the Kindle app to generate your DRM key that DeDRM then uses.)

    Go into Tools->Options->General and untick "Automatically install updates when they are available without asking me."

  5. Open Calibre again, ready for the next step.

  6. Open Windows Explorer. Under your username, you should have a folder "Documents\My Kindle Content". This should have several folders, each with an ebook in them. Go to the search box at top right, and search here for ".azw", which will conveniently list them all.

  7. Select all the .azw files, and drag them to the Calibre window. This should load them all, readably.

  8. If you want to convert to ePub: Select all the new books in Calibre. Right-click, select "Convert books->Bulk convert". Just use the defaults, you can do it again if you want to fiddle with stuff. If not: You can leave the de-DRMed books in .mobi or .azw format, as quite a lot of ebook readers are fine with these.

You now have a pile of .epub/.azw/.mobi files in various subfolders of "Documents\Calibre Library". You can search for ".epub" or whatever here if you want to select them all and drag them to some convenient place.

Microsoft's new Edge browser turns out to have a purpose in life: it's a usable ePub reader.

If you're on a Mac, try this page (and this one to fix the KFX problem). If you're on Linux, I don't know what to do while the Kindle app doesnt run in WINE.

reddragdiva: (nice cup of tea and a sit down)
2017-11-12 05:22 pm

Andrew Hickey: The Basilisk Murders (A Sarah Turner Mystery). Good book, get it.

"I was already having a bad week, and then the murders started."

A tech journalist goes to a Singularity conference, full of transhumanists and "techbrolibertarians" -- the people from Silicon Valley who want to rewrite your life and "disrupt" your world. Then they start killing each other off.

This isn't a worldview-shifting literary steamroller. It's a light and enjoyable read that knows what it is, and does that well. It supplies a thoroughly readable cosy mystery with which you can enjoy playing detective and enjoy as a story on subsequent reads.

And it's also a shot aimed directly at the LessWrong "rationalist" subculture and its offshoots. I know this subculture entirely too well, and cackled my way through.

But you don't need to know the players to recognise the type, nor their big plans for everybody: "the type that doesn't like to believe there's anything that can't be ordered by a rational mind."

The Safe Singularity Foundation is based on the Machine Intelligence Research Institute, whose forum site LessWrong came up with "Roko's Basilisk", the most famous idea to be associated with them (even as MIRI repudiate it) that the "Basilisk" of the title is based on: the idea that the coming Artificial Intelligence to rule humanity will be so good for humanity that it will be ethically obliged to punish those who knew it was possible but did not contribute to its creation.

Andrew did spend some time on LessWrong:

Yeah, I was on LessWrong for quite a while, in a very low-key way. My period of time there basically went “These are people talking about interesting stuff. Admittedly they have a few odd beliefs like the cryonic thing, but interesting people.” “…apart from this virulent racist who keeps talking about IQ…” “…and all these people who keep talking about being ‘Pick-Up Artists’…” “my God, this place needs to be burned down and the earth salted!”

The ideas are the actual stuff from the subculture - e.g., the weird notions about AI that Elon Musk starts on when he isn't talking about cars or spaceships. None of this is exaggerated. And the story leverages the ideas well.

(He takes a moment to get stuck into Bitcoiners too.)

The book doesn't get bogged down in the abstruse concepts. You will be able to play detective on the first read, and enjoy the story on the second. I read and commented on an early draft (I'm in the acknowledgements), bought it the moment I saw it was available and am most pleased to have done so. I'm also looking forward to the second Sarah Turner mystery, where she find herself dealing with a reunited rock band who all hate each other.

It's on Kindle, Kindle Unlimited and Lulu paperback. UK, US.

reddragdiva: (geek)
2017-10-11 11:32 pm

How do*you* record Skype audio on Android?

I have an Android phone and tablet. The sound quality is eminently usable, and I have Skype to call people on!

How the arsing fuck do I record it?

There appears to be no standard option. Skype itself has no facility for recording calls. There are assorted extremely dodgy apps that claim to do the job, none of which I want to go near. I can Google for dodgy apps as well as you can — I’m not asking you to do a quick Google for me. What I want to know is — has anyone reading this done this personally, recording a Skype call? How do you do it? What do you use?

(Last time I did it on a Linux desktop — I had to run Audacity capturing the microphone and Audio Recorder capturing the speaker, then put the two recordings together. Hideous and stupid and I don't want to do that again.)

reddragdiva: (party)
2017-09-18 10:44 pm

A query from a self-published pundit.

My Bitcoin pundit career is going great guns! I got to go on BBC Newsnight and call cryptocurrency garbage. Don't ever buy into cryptos, btw, they're a car crash. Trust me, I'm an expert.

Soooo I just got a note inviting me to speak at a seminar, about why blokechain is pants, to a small number of people who have money. I'm gonna charge for my time of course, but I can sell books there. Which means physical paperbacks I bring in a box.

Now, one of the great things about this self-publishing racket in TYOOL 2017 is 0 capital expenditure. Has anyone here done this, or anything like it? Was it worth it? Did you end up with a box of books under your bed forever?

The books are $3.03 each to print, but all author copies come from America (because Createspace is dumb), at some ruinous shipping rate to the UK. Assuming Kindle and CreateSpace pay promptly I'll have a pile of money on September 30, but I sorta don't right now.

Does anyone have suggestions as to how to approach this? Doing a talk with a box of nonfiction books - good idea, bad idea, no idea?

(I'll no doubt do a pile of flyers for people who haven't got cash on them right there. Who carries cash in the UK these days? Less people than you might think.)

reddragdiva: (Wikipedia)
2017-08-27 08:46 pm

I wrote a college textbook.

In a small way. But gosh!

Also, the print version is gorgeous. (If you're in the US, that's the link to tell people, 'cos I get the most money from it.)

the paperback art )

I've turned the book site into a sceptical Bitcoin blog. Because punditry is my life now. That and trolling bitcoiners on Twitter, of course.

The book is doing shockingly well for a self-published work without any money spent on promotion. About 800 ebooks and 100 printed copies in a month. People who read it love it ... so I need to get the word out. Please tell everyone you know!

(how the hell do I get journalists to look at an ebook.)

reddragdiva: (Default)
2017-07-29 05:05 pm

Attack of the 50 Foot Blockchain: OUT NOW on Kindle and SmashWords.

Kindle: (edit URL for your country if you can't get to it from there)

Smashwords: — includes back cover image

Print: trundling through the CreateSpace process. It's gonna be gorgeous, though. EDIT: Monday 7th August.

See the website for press coverage etc. Did an hour-long Financial Times podcast that came out Thursday, that was fun.

reddragdiva: (Default)
2017-07-04 10:47 pm

Attack of the 50 Foot Blockchain: pre-orders up, release July 24!

My book Attack of the 50 Foot Blockchain is up for pre-order (available worldwide, that's just the UK link) and will be released Monday 24 July 2017!

(so I'd better finish it by then, hey)

Here's the art, by the wondrous Alli Kirkham:

(click for large version)

Back cover to follow, when I work out the paperback dimensions and aspect ratio ...

I've just posted a new excerpt, ICOs: Magic Beans and Bubble Machines, in case you ever wanted to know what on earth ICOs were and how they worked.


reddragdiva: (geek)
2017-06-19 12:40 pm

How to manage security for spring boot apps?

Dear Lazyweb! How do you manage keeping spring boot applications up to date?

We run an arseload of Java webapps. Our devs have taken a strong liking to spring boot, where everything including the Tomcat is uploaded as a JAR. A delight for them, but somewhat of a concern for the sysadmins who are the people first dealing with security issues.

So I've been asked to come up with recommendations to deal with this, and I haven't a clue as to how to do this other than laborious iterative checking, or automated versions thereof. Nor can I find recommendations.

Has anyone else got this problem or one like it? (Where applications are uploaded as a package that then runs.) What do you do?

reddragdiva: (rocknerd)
2017-06-01 02:17 pm

Book-blogging, and a year of intense Rocknerd.

Over on my Facebook, I'm posting drafts of basically the whole of the blockchain book for critique by the collection of querulous nerds I call friends. It's being fabulously productive and has already improved the draft tremendously! And quite a lot of work. I really want the book out ASAP and I haven't even got a front cover yet. I need to set up preorders ASAP though. Posts are public and comments are open, come and be querulous.

Also, in late May 2016 I thought "I have a shitload of ramblings about music on my Tumblr, why don't I post any of that to my literal music blog." So I started. One a day where possible, though it's stretched to every second or even third in some circumstances. Still, hitting 100 readers on a good day! Yeah, it's a fanzine. I get records in email now instead of the post. Largely industrial, prog, metal or industrial prog metal. I don't know why.

I had a recent bout of tinnitus from Hell with hyperacusis which meant I literally couldn't listen to music for a week or so, which is approximately the record nerd's worst nightmare. Turns out all the old people telling me to wear earplugs were right! Hyperacusis is better now, though the tinnitus remains bad. Mostly above 10kHz though.
reddragdiva: (stress relief)
2017-04-22 12:36 pm

Breakfast with Danese, blockchain book.

Danese Cooper swung through London as she periodically does, so we met for breakfast at Gail's and I got a pancake. Grumbles about how people are a problem, bragging about children and (step-)grandchildren.

Still trudging through the book-shaped albatross. Looked at the site on Danese's phone and went "FUCK," it looks like a web page for ants. So I'll be installing a WordPress on that today then. Yet again doing the thing I tell everyone else not to, i.e. self-hosting WordPress. Bah.

The cover is the big blocker right now. I know what I want now, big block "business book" lettering and a coupla Sergio Aragones style silhouettes. Main blocker is my complete lack of artistic talent.

Also, I posted a rough draft of the Bitfinex section to Reddit /r/buttcoin and ... Mark Karpelès of Mt. Gox bought me Reddit Gold. :-O

reddragdiva: (gosh!)
2017-04-10 07:21 pm

oh hello old world

I'm here and not over there. Hello to everyone coming here from there! I post here extremely rarely, basically when I remember. It's mostly Facebook and Tumblr of late.

Um, I'm still trying to finish this bloody book before the entire contents are outdated. Suggestions welcomed for the next one, I suspect having multiple things to procrastinate on may help.
reddragdiva: (geek)
2017-01-12 11:52 pm

how to make the scroll bar work properly and not annoyingly in gtk+3 apps.

you know that thing that firefox on linux does, where if you click on the scrollbar it doesn’t just take you up or down a page like every scrollbar in the past thirty-odd years, but instead moves the scrollbar slider to where you clicked?

this is a gtk+3 thing, because GNOME’s UI team are relentless desktop innovators.

workaround: add this to ~/.config/gtk-3.0/settings.ini :


then restart firefox.

this being GNOME they will doubtless tch at people evading their superlative user interface vision and break it. until then, though, gtk+3 apps will work properly once more.

HT [ profile] psych0naut

reddragdiva: (stress relief)
2016-11-29 12:07 am

Bitcoin book draft: first unlicked lump of words sent to betas.

Went down pub last night with a laptop with a book on it. Much help right there and then. I can see people getting into this.

I have the unlicked lump of words ready to send out to beta readers. If you would like to participate, please email me,, and I’ll send you a link to the .odt and .docx of the rough drafts.

(This is not the prerelease review version, it's the "how am I doing" version ... we'll see how it goes.)

There's more excerpts up if you want tasters:

reddragdiva: (flame war)
2016-11-06 09:53 am

Bitcoin/Blockchain book page and sample.

The book progresses. Current total: 17,472 words of body text. My target is about 500 usable words a day, so today I have to top 18,000. I expect it to make 20-25,000, at which point it gets edited and will probably end up 15-20,000. Amazing how much work one can put into a Kindle Short.

If you want to watch my ranting progress, it's on Tumblr with bits on Facebook. Here's a rough outline and to-do list.

I have a rudimentary page up for the book, with rough draft excerpts!

(it'll also probably end up actually for real being called "Attack of the 50 Foot Blockchain" because I was sitting in bed with [personal profile] arkady, who is an artist and got all inspired with pulpy cover art ideas. I may even need to do a pulp cover and a sober business cover.)

Answers to Frequently Asked Questions

A. Sadly, Amazon Kindle only accepts conventional currencies.


You just learned chemistry and the first thing you built was a giant bomb and you can't understand why it blew up in your face.

– brockchainbrockshize, /r/ethereum1

Not content with their existing sales of Internet fairy gold, some Ethereum developers at German blockchain startup came up with an even more complicated scheme: The DAO (a Decentralized Autonomous Organization, with “The” as part of the name). This was a program running as a smart contract on Ethereum which would take people’s money and give it to projects voted on by the contributors as worth funding: a distributed venture capital firm.

The DAO’s Mission: To blaze a new path in business organization for the betterment of its members, existing simultaneously nowhere and everywhere and operating solely with the steadfast iron will of unstoppable code.2

Bold in original. I’m sure there are no obvious problems there that jump right out at you.

The DAO launched on 30 April 2016, got massive publicity and became the biggest crowdfunding in history, with over $150 million in ETH from 11,000 investors. Fourteen per cent of all Ether was in The DAO. It was also the most prominent smart contract of all time, achieving much mainstream press coverage. It proceeded to illustrate just about every potential issue that has ever been raised with smart contracts.

The DAO’s legal footing was uncertain (and widely questioned). Selling tokens in The DAO closely resembled trading in unregistered securities – particularly when DAO tokens themselves hit cryptocurrency exchanges – and the SEC had come down on similar schemes in the past. There was no corporate entity, so it would default in most legal systems to being a general partnership, with the investors having unlimited personal liability, and the creators and the designated “curators” of the scheme likely also being liable.

Shortly before the go-live date, researchers flagged several mechanisms in the design of The DAO that would almost certainly lead to losses for investors, and called for a moratorium on The DAO until they could be fixed.3

Worse, on 9 June a bug was found in multiple smart contracts written in Solidity, including The DAO: if a balance function was called recursively in the right way, you could withdraw money repeatedly at no cost. “Your smart contract is probably vulnerable to being emptied if you keep track of any sort of user balances and were not very, very careful.”4 This was not technically a bug in Solidity, but the language design had made it fatally easy to leave yourself wide open.

The principals decided to proceed anyway, Stephen Tual of confidently declaring on 12 June “No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery”5 … and on 17 June, a hacker used this recursive call bug to drain $50 million from The DAO. And nobody could stop this happening, because the smart contract code couldn’t be altered without two weeks’ consensus from participants. The price of ETH promptly dropped from $21.50 to $15.

(Tual posted on 9 July a hopeful list of reasons why the attacker might just give all the ether back, just like that. Because it would be in their rational self-interest.6 This didn’t happen, oddly enough.)

Ethereum Foundation principals discussed options including a soft fork or a hard fork of the code or even of the blockchain itself, or a rollback of the blockchain. The community wrangled with the philosophical issues: this contract had been advertised as “the steadfast iron will of unstoppable code,” but it appeared only one person had read the contract’s fine print in sufficient detail.7 Some seriously debated whether this should even be regarded as a “theft”, because code is law and intent doesn’t matter (unlike in real-world contracts operating in a legal system, or indeed in fraud law). Others merely argued that the integrity of the Ethereum smart contract system required that incompetent contracts, which The DAO certainly was, needed to be allowed to fail.

(The proposed soft fork solution was to blacklist transactions whose result interacted with the “dark DAO” the attacker had poured the funds into. This would have been an avenue for a fairly obvious denial-of-service attack: flood Ethereum with costly computations that end at the dark DAO. This approach could only have worked by first solving the halting problem.8)

The DAO was shut down soon after, and on 20 July the Ethereum Foundation — several of whose principals were curators of The DAO9 and/or heavily invested in it — changed how the actual code Ethereum runs on interpreted their blockchain (the “immutable” ledger) so as to wind back the hack and take back their money. The “impossible” bailout had happened.

This illustrated the final major problem with smart contracts: CODE IS LAW until the whales are in danger of losing money.

Ethereum promptly split into two separate blockchains, each with its own currency – Ethereum (ETH), supported by the Ethereum Foundation, and Ethereum Classic (ETC), the original code and blockchain – because this was too greedy even for cryptocurrency suckers to put up with. Both blockchains and currencies operate today. Well done, all.

Apologists note that The DAO was just an experiment (a $150 million experiment) to answer the question: can we have a workable decentralized autonomous organization, running on smart contracts, with no human intervention? And it answered it: no, probably not.

1 brockchainbrockshize. Comment on “Attacker has withdrawn all ETC from DarkDAO on the unforked chain”. Reddit /r/ethereum, 25 July 2016.

2 The DAO front page, archive of 22 June 2016. Yes, that’s after the hack. The page doesn’t say that any more.

3 Dino Mark, Vlad Zamfir, Emin Gün Sirer. “A Call for a Temporary Moratorium on The DAO”. Hacking, Distributed (blog), 27 May 2016.

4 Peter Vessenes. “More Ethereum Attacks: Race-To-Empty is the Real Deal”. Blockchain, Bitcoin and Business (blog), 9 June 2016.

5 Stephen Tual. “No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery”., 12 June 2016. (archive)

6 Stephen Tual. “Why the DAO robber could very well return the ETH on July 14th”. Ursium (blog), 9 July 2016. (archive)

7 There’s an amusing (if probably just trolling) open letter purportedly from the attacker posted to Pastebin (archive) that makes this claim explicitly.

8 Tjaden Hess, River Keefer, Emin Gün Sirer. “Ethereum's DAO Wars Soft Fork is a Potential DoS Vector”. Hacking, Distributed (blog), 28 June 2016.

9 Stephen Tual. “Vitalik Buterin, Gavin Wood, Alex van De Sande, Vlad Zamfir announced amongst exceptional DAO Curators”., 25 April 2016.

reddragdiva: (flame war)
2016-10-04 08:55 pm

New project: a short book on Bitcoin and blockchain hype.

sandifermessages You might try knocking together an ebook short. Aim for $2.99 and 15k words. "Why Bitcoin Is Stupid" or something.

reddragdiva :-D that's actually a REALLY good idea

sandifermessages Glad to help. :)

reddragdiva any tips? how hard should i work on this thing? how should i market it? etc etc just off the top of your head, i know 0 about this basically. i'd start with everything i've rambled on the topic in the past whatever which is huge amounts

sandifermessages I'd just market through your existing channels, and try not to spend more time on it than it needs. I'll give it a shout-out as well, obvs.

Well, I did it to him, now he's done it to me ...

So now I’m going through just my YOSPOS ramblings on the subject. In an hour I have 1200 words of abbreviated notes. Plus of course the start of a Rocknerd post on Machina Dynamica (which has nothing to do with blockchains, but I always thought if my sense of ethics left me I’d run an audiophile scam. Bitcoiners are EVEN BIGGER suckers). There’s still my /r/buttcoin and Rocknerd to go through as well, of course.

Oh good Lord this is going to eat my brain.

I doubt this will be kickstarted, I’ll just write the thing, put it up and promote it a bit. If I achieve 100 sales, I’ll call it spectacular success. If I achieve 20 I’ll be very pleased that this is possible.

Current working title:  “The False Promise of Blockchain: Bitcoin, blockchains, smart contracts and the madness of crowds”. Mind you, that's probably way more ambitious than I should actually be doing.

Ideas and suggestions most welcomed! What would you like to see covered?

(I'll probably do what Phil did and offer review copies to anyone who promises to write a review, positive or negative, and put it up on their blog. Then refine it based on those.)

Also front cover ideas. If only I had Chuck Tingle’s graphic designer.

edit: STATUS: 5000 words of notes and ideas. The resulting book would be 100k-200k words. I think I may need to focus more for the first one. There can be a series, and probably will if this turns out not to be a waste of effort.

What would people like to see in a short booklet-sized book about this general area? One person would like scam stories and why these people are annoying ... that’s a general area.

I don’t want to promise something that would need 200k. I need a small segment of that that will be 15k! [personal profile] arkady notes this is precisely the fact equivalent of breeding plotbunnies. “The last thing you need is to give the plotbunnies viagra.” I need a subsegment to start on ...

reddragdiva: (geek)
2016-10-03 11:53 am

CodeValley is a new low in sucker VC bafflegab. Fucking Magic™, but on Blockchain™.

CodeValley is the latest from the world of Blockchain™.

The "idea" is that you have a problem, so you put up a contract to fully-automated Vendors to supply the libs for a program to solve your problem. At no point does a coder have to write actual code apparently, it's all done by the machines ... somehow. All of this is paid for in penny shavings.

"This isn’t open source, and it isn’t closed source. It’s no source." (well, that's bracingly honest of them.)

Even Hacker News doesn't buy this shit. "the whitepaper reads something like what I'd imagine somebody trying to troll the software industry would write"

Here's the "whitepaper". It reads like a example of the CodeValley concept applied to marketing, or perhaps Hacker News fed to a Markov chain. (And be sure to "View Source" on that page.)

To be fair, it's reviving an old hype: "this will end programming! All you need to do is fill in a form and define the problem." This was first said about COBOL. I think the last time anyone said it quite that bluntly was The Last One in 1981.

Putting it on Blockchain™ is of course the obvious next step, and suggests a network of autonomous software vendor programs seeking out old sucker scams to put on Blockchain™.

So, what is CodeValley? It is literally code from thin air. Here is the lead CodeValleyer explaining it. Now it sounds saneish up to a point — you work out what lib-like things you need, those are contracted out to a Vendor. That's the bit where you'd expect a human would be doing the job. But no:

I just wanted to stress one last time that that trickling down goes all the way to the hardware. There is no more writing of code, as we have outsourced (and outsourced and outsourced) the design of the program until it is so detailed that only bytes need to be placed (or binary CPU instructions). Pretty cool huh?

So cool it's literally fucking magic.

Looking at how it's supposed to work, the lead proponent says:

A developer's IP — the decisions they automate their Vendor to make and the supplier that Vendor is automated to contracted — stays protected inside their Vendor program. We are not privy to how you designed your Vendor any more than any other user in the network is.

You fill in a form, and define the problem. (This is assumed to constitute a creative work you have a defensible copyright in.) Then you send this to a multilayered compiler chain that puts it together at byte level. You might think that THIS IS LITERALLY WHAT PROGRAMMERS DO, and that "do what I mean" is the entire hard bit of programming no matter how many layers it's on top of, but obviously you need enlightening as to the magic of Blockchain™.

There's a whole advertising subreddit: /r/codevalley

I'm wondering who the target market is. Sucker VCs? Developers themselves?

This sort of sci-fi (not SF, but bug-eyed monsters and special effects) approach was the sort of thing people were talking about before open source became popular, a fractal micropayments nightmare world where everything contracted to everything else for penny shavings. "Imagine if we had micropayments in open source for every lib that every lib you use uses, how much better it would all work." Except now they've automated it on Blockchain™. Left-pad on Blockchain™.

reddragdiva: (geek)
2016-09-20 09:18 am

The most hilariously, relentlessly spot-on parody of John Ringo and his terrible ideas.

One critical aspect of the plagues, though, was quickly refilling earth’s population. The Horvath had hidden a subtle genetic change in several of the viruses that were spread. The change had to do with female reproduction, especially in the “blonde” genetic subgroup. Women who were effected, and the spread had been very nearly one hundred percent, were subject to a “heat” cycle similar to male reproductive drive and pharmaceutical contraceptives were functionally useless. The Horvath had anticipated their plagues essentially depopulating the planet and wanted to ensure a steady supply of new human slaves.

Friendly Glatun medical AIs and doctors had stopped the plague from killing most of humanity but since most of the world’s population was infected by the orbitally distributed plagues, they were left with the problem of what was called “Johannsen’s Syndrome.” The only way to fix the global issue was a reverse plague. But not only were the ethical considerations against infecting people without their consent, to stop the Horvath plagues they’d immunized most of humanity with advanced nano-bots that stopped virtually any biological or nannite in its tracks. To undue the damage required multiple medical visits and advanced technology that, at that point, was fairly rare.

This left virtually every woman on the planet with so much as a trace of blonde gene as a baby factory. The first year after the plague, Germany had one birth for every reproductive aged female. Scandinavia at one point hit an average birth rate of 9.1, meaning that if the rate continued the average Scandinavian—Dane, Swedish and Norwegian—woman would bear nine children in her life. The teen pregnancy rate got completely out of control for about five years before education and cultural effects started to get a handle on the new reality.

It was all very well to say “be fruitful and multiply.” Johannsen’s made the situation simply insane. The nature of the plague meant that, in some cases, there were serial pregnancies meaning that more than one viable fetus was in the womb from multiple inseminations. Some women had three children in as many months.

There's more of this satirical Swiftian takedown here.