The Google Rorschach Test


If you’re here, I’m sure you know about the memo titled “Google’s Ideological Echo Chamber”. Not since the black/blue versus white/gold dress has the internet been so divided over a seemingly simple matter. The document was either a reasonable evidence-backed paper or a sexist Anti-Diversity Manifesto. It’s a long document, you’ll see what you want to see.

People are outraged because it pays to be outraged.

Look: A dozen years ago, Harvard President Larry Summers said something similar about differing trait distributions between the sexes.

It was not a big deal, but MIT biology professor Nancy Hopkins was attendant, and had the following reaction:

“My heart was pounding and my breath was shallow… I just couldn’t breathe, because this kind of bias makes me physically ill.”

She had to leave the room because “it was just too upsetting…I would’ve either blacked out or thrown up.”

(Lady, if that’s your gut response to basic science, you’d best get the hell out of your field.)

But see, that was her schtick. Hopkins is the author of a 1999 screed titled “MIT Study on the Status of Women,” a catalog of all the ways MIT had mistreated female faculty. Dr. Hopkins found that women had been SO terribly mistreated that she was subsequently awarded a 20% raise, an endowed chair, triple the lab space, and additional research funds. Go Nancy.

As a then-student in the Computer Science department, I would never have heard about Summers’ closed-door remarks if Hopkins hadn’t gone running to the press. Of course the statement was intentionally misrepresented. The Guardian reduced it to this bullshit headline: “Why women are poor at science, by Harvard president.”

I was invited to all sorts of Harvard women’s luncheons, where we gravely discussed our feelings and how badly they’d been hurt. I was pretty sure Larry was right, but far be it from me to deny a free lunch.

Following the calls for castration, President Summers apologized in multiple outlets in increasingly pathetic ways. “I was wrong,” he realized in a Damascene moment.

Now, Larry Summers is not a complete idiot. I mean, he IS, but he also knew that it was safer to allocate $25 million of someone else’s money to diversity interests than try to defend his point.

But you see, Larry — once you pay the Dane-Geld, you never get rid of the Dane.

As a female in Silicon Valley, I get lots of free stuff. It’s awesome. There are Women hackathons, Women dinners, Female Founders conferences. Every year, Google hosts a Women Techmakers celebration. These events typically consist of a lot of grievance-airing and self-absorption, but also a lot of free food, which is why I like going to them so much.

If you play the victim for long enough, eventually you truly believe it. That’s why there’s so much moral outrage over a document that Google could have simply ignored.

And that’s why we’ve devolved into a famously litigious culture that rewards competing acts of emotional fragility, whereby the more offended you can show you are, the more likely you are to earn a diversity job and warm approval from a populace whose free exchange of ideas will be further degraded by more speech codes and diversity departments and mandatory microaggression training.

This fair-but-frail fellow takes a page right out of the Nancy Hopkins playbook:

Oh dear, it seems an offensive tweet has rendered him a drooling flatworm for 25 minutes. Surely this constitutes assault.

Edit: I hadn’t realized that female Google employees were already working on a class-action lawsuit for gender discrimination. Why write code when you can shake down your employer instead? h/t @Provoost

A Hundred Years of Crypto Anarchy

This is an excerpt from a presentation I gave at last week’s Blockstack Summit.

This is Tim May. Tim recently gave a talk called “Thirty Years of Crypto Anarchy.”

I like that title so I’m ripping it off, but we’ll add 70 years because this talk is aspirational as well.

Crypto Anarchy has gotten a bad rap. Something about the whole idea of anarchy. We’re not trying to overthrow the establishment and collapse the nation-state here. You can if you want to, but please do that on your own time.

The government actually has a pretty important job. It creates and enforces rules that make civilization possible. Without rules we’d be a bunch of little tribes fighting each other, and life would be nasty brutish and short.

In the absence of a central authority, we can use technology to enforce rules. That’s all crypto anarchy is: Create self-enforcing rules without involving the government. They should thank us for easing their workload.

Property rights, for example.

Back in the days of the wild wild west, there was no good way to control land rights. Cattle ranchers couldn’t keep their cattle from straying, farmers couldn’t grow crops without getting trampled by cows.

Barbed wire was a big deal because it let settlers take control of their land and improve it.

Barbed wire is not a perfect solution. For instance, it’s no match against a set of wire cutters. In physical conflict, it’s cheaper to attack than defend.

This is Ft. Knox. There’s something like $200B worth of gold stored here. A game theorist might reckon that it’s economically rational to spend up to $199B to break into the vault and steal the gold.

Except that we have a $600 billion defense budget. In the physical world, whoever has the biggest weapons gets to make the rules.

This isn’t true for the digital world. Encryption is cheap to defend and expensive to attack. To brute force a 128-bit RSA key would take a million billion years with a supercomputer.

Threats of violence are useless here.

Without coercive threats, we can interact and transact as we choose.

This is Attorney General Jeff Sessions. He sucks. I don’t know if he’ll be Attorney General for very much longer. He led a campaign to take down the biggest darknet markets.

Jeff Sessions likes to point out that people have OD’ed and died from drugs they bought off darknet markets, but look – people aren’t going to stop doing drugs. Narcotics is one of Mexico’s biggest exports.

Street drugs involve a lot of violence and extortion because they don’t have a central authority to keep things in order. Darknet markets provide a way for adversaries to compete without murdering each other.

Technology doesn’t change what people want in the world, it just removes the use of violence to get there.

Every time a market shuts down, three new ones spring up in its place. For the past few years, the biggest hidden market was AlphaBay. The day after Alphabay disappeared, vendors were posting signed messages on Reddit to prove that they were still available, and to announce that they had moved to the next market.

Public Key cryptography isn’t just for encrypting private messages. It also provides proof that the sender is who they say they are. When buyers and sellers conduct transactions, they sign messages with their private keys. The signatures become digital identifiers.

So here’s the thing with darknet markets. The platforms don’t matter. Users expect sites to eventually disappear, because no market admins have lasted 3 years without an exit scam or a raid. What matters is the users.

Even if a site goes down, the reputation and relationships remain.

For most of existence, identities were local. People could selectively reveal information depending on where they were.

Now that we have all these big data companies, there’s a stupid idea that people should have only one identity that follows them everywhere.

This is the visa application for entering the US. It asks for every email address you’ve used for the last five years, and a list of all your social media accounts. Cripes.

True Names is a sci-fi novel from the 80s, where online hackers go to great lengths to keep their legal identities secret. If the government finds their true identities, it might kill them.

This is where we’re headed. Not the killing part, but the part about separate digital and legal identities.

Keypairs aren’t social security numbers. We can have more than one digital identity.

Before we invented corporations, business owners were personally liable for any losses the business incurred. This meant that if your company sold a bum product, you could be sued and enslaved by creditors.

In the 1800s, we created the idea of limited liability companies that were legally independent of their founders. By separating the corporation from its owners, entrepreneurs could take on new business ventures, or multiple ventures, without liability from one company affecting another.

A lot of people are doing ICOs and lawyers are spazzing about whether tokens are securities. Who cares. Don’t do an ICO under your real name, duh.

ICOs have raised over $1.3 billion this year. How many investors even know who the founders are? Here’s one anonymous ICO for a decentralized name server and token exchange. The founder is trading on nothing more than a Github repository and Reddit karma.

Reputation is collateral. No one knows who darknet market admins are, but they’re entrusted as escrow. If the amount of money in custody exceeds the operator’s expected future revenue, they will exit scam. Evolution was the most highly-rated market until it exited with $12M in escrow. Don’t trust anyone with more money than their reputation is worth.

True names are a barbarous relic. The most valuable blockchain to date was created under a pseudonym.

When Tim May wrote The Crypto Anarchist Manifesto, it wasn’t a call to action or instigation of sorts. It was simply an observation. We now have the technology to create and enforce our own rules, and this knowledge cannot be stopped. We can either rail against the inevitable, or use these tools to build the world we want.

Fake Harassment News

Here’s a story about a VC who was accused of sexual harassment, except that the anonymous victim turned out to be a male business rival pretending to write as a female founder. #FakeBlogs

Right, of course that happened. If there’s one thing we’ve learned from the last few months, it’s that the uncritical masses will pounce on any opportunity to attack an alleged gender discriminator, due process be damned! Anything that can be weaponized, will be weaponized.

Now, this comes as even less of a surprise:

Mike Pence has a policy of not dining alone with a woman other than his wife. He does this to avoid any potential misunderstanding by the woman, the press, or the wife. Good for Mike Pence.

I suppose it is unfortunate but rational that VCs are adopting a similar strategy. Let’s go back to @ktbenner’s original article, which rakes VC Chris Sacca over the coals for allegedly touching an entrepreneur’s face without her consent. The purported event happened at a party in Vegas in 2009 — Sacca disputes the account, but the author ran with it anyway.

2009! If VCs are being ripped on for things they didn’t do and faces they didn’t touch eight years ago, of course they’re going to avoid women! After my earlier post, a visitor commented that his company refuses to hire female employees for this very reason. I hear the sentiment echoed on the streets as well. Sorry ladies, but Equal Employment laws don’t apply until the company has at least 15 employees.

So I blame the FakeNews media for mucking up the tech industry. I suspect they’re causing trouble because they’re bitter about their jobs. Tech reporters spend their days writing about scrawny nerds much like themselves, except that the nerds have big fat salaries and juice machines and Teslas, while the reporter gets 7 cents per click. Can’t blame ‘em for wanting to take VCs down a notch.

Tech journalists – have you considered a token sale?

The Rubber Hose Factor

The strongest encryption in the world can be broken with a rubber hose. It’s easy; all you have to do is smack the keyholder with a rubber hose until they reveal the private key. Have you ever been hit with a hose? It hurts.

Early-stage investors have a metric called the Bus Factor, the number of people who can get hit by a bus before the company dies. It’s sort of a proxy for investment risk. A startup where only one founder has industry or technical expertise has a Bus Factor of 1.

My company has something called the Rubber Hose Factor, a measure of security risk. How many humans have to be coerced before an account is compromised? Single rubber hose attacks are to be expected, a double attack conceivable, a triple Rubber Hose would require extraordinary circumstances and a really long hose.

To launch a nuclear strike, two out of five ICBM squadrons must simultaneously turn their launch keys. So, an unintended nuke would require two rubber hose attacks. Don’t worry, the squadrons are located in distant underground bunkers and surrounded with physical security layers as well.

How many successful rubber hose attacks are required to disable the Ethereum Network? Two.

Ethereum hashrate distribution

What about Bitcoin? Ostensibly four, but possibly just one.

Bitcoin hashrate distribution

It’s easy to overestimate your Rubber Hose Factor. Ethereum’s Parity client comes with a built-in multi-signature wallet, where outgoing transactions have to be signed by multiple account holders. That’s the right idea, except that no one ever looked at the wallet source code.

It only took one person to introduce a bug and another to merge the changes. That was enough to get a backdoor deployed to thousands of users, which was later exploited to the tune of $32 million in ether. Perceived Rubber Hose Factor: Many. Actual Rubber Hose Factor: 2.

I don’t mean to give Parity developers a hard time; users are responsible for their own free software. But it’s worth pointing out that every Bitcoin Core update is reviewed by at least twelve eyeballs, and those eyeballs are connected to a half-dozen brains. The last thing you want is for users to believe that the Rubber Hose Factor is higher than it really is.

Funny story: Last year, the central bank of Bangladesh got hacked and $81 million was sent to the Philippines. Bangladesh Bank officials insisted that it was SWIFT’s fault, because they had a super secure computer system that required six different bank managers to place their palms on a touch screen before a transaction could be authorized. Turns out the touch screen was connected to a single malware-infected computer, which issued fraudulent transactions without any authorization at all. Perceived Rubber Hose Factor: 6. Actual Rubber Hose Factor: 1.

Don’t worry about those who get hacked in Ethereum. When life hands you lemon socialism, make lemonade.

Ethereum’s Eternal September

Every platform undergoes a tipping point on the journey to mass adoption, and the results are not always nice. In the early 1990s, Usenet was obscure and inaccessible enough that the only participants were tech-savvy mature adults. Every September, college freshmen would get brand new internet access, jump onto Usenet, and generally act like twits for a month until they were properly acculturated.

In 1993, AOL messed it all up. After Congress passed Al Gore’s bill for commercial internet use, Usenet access was granted to AOL’s entire customer base. What used to be a brief annual nuisance turned into an onslaught of AOL n00bs, who overwhelmed Usenet’s cultural institutions and turned the newsgroup into a noisome wasteland. Veteran users fled to gated communities, and September 1993 went down in history as the September that never ended.

4chan, Reddit, and Digg were all once well-kept gardens of polite discourse until Eternal September set in. Facebook set the scene for its own demise when Zuck extended signups to our parents. bleahhh.

Ethereum, on the other hand, was born into an Eternal September.

Whereas Bitcoin toiled in obscurity for years, Ethereum was announced at a conference. The founders went on a marketing spree and raised over $18 million by pre-selling ether tokens for the blockchain they planned to build.

A foundation was created and partnerships were formed. Banks and enterprise software vendors signed on. Instead of seeking out a beachhead market, Ethereum went straight for the masses. Bitcoin’s first release was a wonky Windows executable, but Ethereum had a colorful browser called Mist. If downloading a browser was too much work, MyEtherWallet offered a web page where you could simply paste in your private key.

In terms of mass adoption, Ethereum has been a wild success. Every week I get a half-dozen emails from people asking how to buy “etherium”. Anyone can use it; you don’t even need to know how to spell it.

But there are some downsides to having a nonstop stream of n00bs.

Yesterday, a bug was discovered in a widely used smart contract. A hacker ran off with $32 million yoinked from four major projects. The day before, someone hijacked a web site during a crowdsale and tricked buyers into sending $10M to the wrong address. Before that, there was a Canadian exchange that accidentally trapped $13M in its own broken contract.

I’m just talking about technical issues here; I can’t even keep up with the ICO scams.

Today marks the anniversary of the DAO fork, a fissure that occurred when influential Ethereum leaders decided to bail out a smart contract after losing $60 million. Ethereum Classic is the minority chain that was left in its wake.

People often forget that Ethereum Classic exists. That’s okay — At this stage, low visibility is a good thing. Smart contracts have the technological maturity of Bitcoin circa 2010, which is not very mature at all. There are a million ways to lose your life savings, and nothing gets regulators moving faster than a critical mass of humans who hurt themselves.

While Ethereum struggles to contain its Eternal September, Ethereum Classic developers are hard at work on a lot of cool things. Toiling in obscurity is a blessing. When September eventually sets in, we’ll be ready for whatever they throw at us.

Happy Birthday Ethereum Classic!