Stick Another Fork in Bitcoin

Here we go again. Come the Ides of November, some subset of Bitcoin nodes will switch to an incompatible protocol that doubles the block size while retaining the compacted data structure of segregated witness, also known as segwit. (Back in August, a BitcoinCash fork was created for bigger blocks without segwit).

The upside of a decentralized currency is that no one can ever agree on anything, making it difficult to engage in shenanigans like open market operations and debt monetization. The downside of a decentralized currency is that no one can ever agree on anything.

If everyone collectively decides to change the rules, it’s consensus. If a subset of the population decides to change the rules, that’s collusion. Every user has a different threat model, and hence a different threshold for what constitutes consensus.

If your chief concern is the ability to spend money overseas, then the only consensus that matters is between yourself and the person you wish to pay. Your threat model is customs and border control, which can be thwarted using concealed private keys. Actually, you don’t even need private keys when fleeing the country. Just take your Coinbase password. Or a Visa debit card.

If you also worry about things like consensus rules and the monetary policy that governs your block chain, then you need the help of full nodes. Your threat model is miner collusion. As long as full nodes perform block validation, Bitcoin miners can control all the hashpower in China and still have no ability to change the rules of the network – full nodes will drop invalid blocks.

If you don’t trust yourself to secure a private key, then your threat model is your own unreliable self. You probably have an account with Coinbase, BitGo, Bitfinex, or some other service. The nodes run by exchanges and wallet providers are economically important, because many people rely on them to participate in the network.

But maybe you don’t trust the economically important nodes either.

Maybe Goldman Sachs gets into the business of trading Bitcoin. Maybe they go long on Bitcoin credit default swaps, get in over their heads, their counterparty goes bust, and now they want a bailout. Maybe Lloyd Blankfein is buddies with the CEOs of Coinbase, BitPay, and all those other economically important nodes. Maybe the CEOs and miners gather for a secret meeting in New York, and agree to hard fork a bailout.

If your threat model is everyone but yourself, and you would rather adhere to consensus rules than follow the economic herd, then you need your own full node.

(And if you would rather follow the economic majority regardless of preconceived rules, then go back to the US dollar.)

Press Release

SEC Charges Itself With Violating Fair Disclosure Rules


Washington D.C., Oct. 3, 2017—  The Securities and Exchange Commission today charged itself with violating rules requiring fair disclosure of information when it failed to establish cybersecurity policies and procedures in advance of a breach that compromised nonpublic corporate filings.  

Regulation FD requires material nonpublic information to be disclosed publicly in a broad manner and not selectively.   An SEC investigation found that the SEC violated Regulation FD and Rule 30(a) of Regulation S-P during an unknown period when it failed to adopt any written policies and procedures to ensure the security of the EDGAR corporate filing system and protect the database from anticipated threats or unauthorized access.

According to the SEC’s complaint:

  • The Securities and Exchange Commission stored nonpublic market-moving information as well as personally identifiable information (PII) of investors on the agency’s EDGAR system, a comprehensive database of filings made by thousands of public companies and other financial firms regulated by the SEC.
  • The agency neglected to identify a software vulnerability in its EDGAR system, which was exploited in 2016 by an unknown hacker who gained access to the data on the server. The unauthorized access made thousands of nonpublic corporate filings available for illicit trading profits. In addition, the breach rendered the PII of at least 2 individuals vulnerable to theft.
  • The commission failed entirely to adopt written policies and procedures reasonably designed to safeguard material nonpublic information.  For example, the SEC failed to conduct periodic risk assessments, implement a firewall, encrypt data stored on its server, or maintain a response plan for cybersecurity incidents.
  • After the SEC discovered the breach, the agency promptly stuck its thumb up its ass and waited until September of the following year to disclose the breach to the public.
  • A year after the incident, the SEC provided notice of the breach to every individual whose PII may have been compromised and offered free identity theft monitoring through a third-party provider.

“As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this,” said Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit.  “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”

The SEC’s complaint charges itself with violating Regulation FD and Rule 30(a) of Regulation S-P under the Securities Act of 1933.  The SEC seeks a final judgment permanently enjoining itself from violating the federal securities laws. In addition to the injunction, the SEC seeks an increased budget allocation for the creation of a Cyber Unit that will pretend to focus on targeting cyber-related misconduct when really we just want faster computers for watching porn on the internet.

The SEC’s investigation was conducted by the beneficiaries of FDR’s makework programs and staff in the SEC’s Information Technology Forensics Group. This update is also being included as part of Chairman Clayton’s written testimony submitted to the U.S. House of Representatives Committee on Financial Services in connection with the Committee’s upcoming hearing titled “Examining the SEC’s Agenda, Operations, and Budget, Which Obviously Needs to Be Much Much Bigger.”


How do I get my daughter interested in computers?

I get this question a lot, especially from Silicon Valley tech VCs. Tech execs genuinely want to get more women involved in software, but many find themselves thwarted by their very own daughters.

I think I can help.

“I sent my daughter to coding class, but she just isn’t interested.”

The first mistake is in thinking that the child should have any say in the matter. Kids don’t get to have free will, okay. If your daughter announces that she has no interest in learning algebra, would you allow her to forgo maths? Of course not.

FWIW, I learned to code at the local Boys Club (free day care for poor people). This was in the 1980s; I was six and probably hated it. Was my mother concerned about whether this was a gender-sensitive learning environment? No, we were immigrants, we took what we could get.

“My daughter wants to major in photography/journalism/basket-weaving.”

The second mistake is in allowing your child to believe that a career should be fulfilling and fun. The do-what-you-love mythology has led thousands of students to load up on debt for a degree in what amounts to a hobby.

Work isn’t fun. If work was supposed to be fun, they wouldn’t pay you to do it. Software engineering is no different. Yes, we hear about cool projects like self-driving cars and rockets to Mars, but most Silicon Valley engineers are working on boring stuff like server virtualization and load balancers. My first programming job consisted of generating test vectors for network routers. Don’t get me wrong; my current job is great. But it took many years of crap jobs to get here.

The thing I don’t understand is why people keep agitating for more women to do software in the first place. Sure, we get paid well, but so do actuaries and aircraft mechanics. And those workers don’t get put out to pasture by age 35.

More confusing still, is that the people screaming most loudly about getting girls to code are not themselves coders. Ellen Pao founded Project Include to get more women into tech, but the only engineer on her team is a dude.

The Project Include Team

Nobody becomes a software engineer because they love writing code; they become a software engineer because it allows them to build out ideas. This is a useful skill to have. Except that most software engineers aren’t realizing their own ideas. They’re getting paid to build someone else’s pet project. Software engineers are the wage labourers of the tech industry.

It’s an oft-overlooked fact that Silicon Valley doesn’t care about software engineers — We really worship the Venture Capitalists. Programming is for chumps, which is why we give 74% of software jobs to immigrants. If you’re a Venture Capitalist, the last thing you want is for your child to go into wage slavery. I think that constitutes some sort of dynastic regression.

The most important tech skill, then, isn’t computers or engineering — It’s the art of getting paid to control vast amounts of money. Then you can make programmers build out whatever dumb ideas you like. Parents who want their daughters to succeed in Silicon Valley need not worry about teaching their girls to code: Teach them about capitalism instead.

I’m from the government and I’m here to help

Every few days (hours?), we get a fresh reminder that the crypto industry is full of scams. Ponzi schemes, self-dealings, washed-up celebrity endorsements, blah blah blah. The pearl-clutchers invariably pipe up, knickers all in a twist, and demand that regulators step in and Do Something.

The nine most terrifying words in the English language are: I’m from the government and I’m here to help. –Ronald Reagan

Regulators are helpful, no doubt. It was helpful regulators who made small business investments inaccessible for all but the extremely wealthy. Helpful regulators, as well, who bailed out the big banks. Helpful regulators caused refugee charity groups to lose their bank accounts. Helpful regulators created a bunch of derisking regulations, which helpfully cut off remittances to Mexico and Latin America. Thanks to helpful regulations, 40 million American residents can’t even open a bank account.

It’s because regulators are so damn intrusively helpful that we need decentralized digital currencies in the first place.

Look, there’s a really easy solution for those who want to operate under a regulatory security blanket: Simply transact in your local fiat currency through the national banking system. Like magic, you’ll be barred from transferring funds to OFAC sanctioned countries and end up in a Suspicious Activity Report if you make too many cash deposits. Hooray.

The people who call for greater government oversight don’t want, need, or even use Bitcoin. The imposition of regulatory censorship would put us back at square one, again creating the need for a currency that no one has the power to manipulate.

Chesterton’s Blockchain: Don’t ever suggest regulation for a digital currency until you know how it arose and what purposes it was supposed to serve.

2nd Annual Lehman Brothers Award for the Creative Destruction of Wealth

Every year, my company selects an entity to recognize for their outstanding contribution to creative wealth destruction. Last year’s Lehman Brothers Award went to The DAO, a dumb smart contract that led to an even dumber bailout. We’ve since seen a whole bunch of copycat token offerings, each one bigger and stupider than the last. Pathbreaking pioneers, those DAO creators were.

This year, we chose to honor Google. Since 2014, Google has spent over $265 million on corporate diversity initiatives. After three years of unprecedented effort, Google’s gender gap and racial-demography gap are bigger than ever.

What an exemplary waste of resources!


But wait, there’s more! Google has unlocked many additional achievements deserving of recognition. In the past year alone, the company has received the following honors:

Well done, Google. In your futile quest to discriminate against nobody, you have instead managed to discriminate against *everybody*.

[sustained, thunderous standing ovation]

Our most heartfelt congratulations to Sundar Pichai, Eric Schmidt, and all the other executives who worked so hard to make this happen. In closing, I leave you with some inspirational passages to empower and motivate your workforce in the path forward.

A Colossal Failure of Common Sense: The Inside Story of the Collapse of Lehman Brothers by Lawrence McDonald and Patrick Robinson

Joe Gregory was a regular, run-of-the-mill, ho-hum financial sycophant, devoted to his master, Richard Fuld, but with few of the necessary tools and instincts to serve as president of Lehman Brothers. He suited the boss fine, however, since he posed not even the semblance of a threat and would do anything in the world for the chief.

Joe’s fixation was a subject called diversity. He was consumed with it. His aim was the mission of inclusion. He had an entire department devoted to it, headed up by a managing director. Great rallies were staged in New York’s auditoriums, with free cocktails and hors d’oeuvres served for up to six hundred people, all listening to Joe or one of his henchmen pontificating. “Inclusion! That must be our aim!” he would yell, as if we were running a friggin’ prayer meeting.

In Joe’s view, it was the culture of the corporation that mattered. Joe believed that inclusiveness would carry us to victory. If the culture was right, then all would be right. Which was all very well, but down in the trenches, where a trader might sweat blood to make a couple of million dollars, most of us were a bit tetchy about Joe Gregory going off and spending it on a cocktail party for six hundred people.

That might not have been fair to him, but that’s the way it seemed to us. Especially when it emerged that the top dog in diversity was earning well over $2 million a year and that the diversity division had a bigger budget and more people than risk management!

The Devil’s Casino: Friendship, Betrayal, and the High Stakes Games Played Inside Lehman Brothers by Vicky Ward

Gregory’s diversity program was derided in part because it was as big and expensive to run as some of the revenue-producing divisions. It was more expensive and had more employees than all of risk management. Behind his back, senior executives called the program “Joe’s social science project.” Someone nicknamed him “the Oprah Winfrey of Wall Street.”

Gregory wasn’t dissuaded by such grumblings; he knew the attention and money that Lehman spent on diversity made for good public relations. Indeed, Harvard Business School would even publish a paper on Gregory’s diversity program and its accomplishments.

%d bloggers like this: