Let's talk about why the software industry is helpless to do anything about ransomware and why there's no technical solution anytime soon. (1/) 🧵
First let's discuss the scope of all software that exists, and it's nearly unfathomable. Your average Android phone runs on 15 million lines of code dating back to ancient 1970s era Unix toolchain code written by our grandparents generation. (2/)
Windows 10 contains over 50 million lines of code and no one person on Earth even fully understands in its entirety. It contains code from tens of thousands of global companies for running hundreds of thousands of devices all manufactured with different goals and standards. (3/)
Software is an inherently social process that in inexorably linked to the quirky microstructure of our markets, legal systems, and economic incentives that create it. Humans are messy and so is our code. (4/)
And the foundations of our code are creakingly old. Massive castles that are built on foundations of sand that kinda sorta work because of the tireless efforts of people maintaining critical sections that simply can never be allowed to fail. (5/) xkcd.com/2347/
A good metaphor for software is that in Japan there's a Shinto shrine from 4 BCE that every 20 years gets rebuilt from scratch as a way of passing building techniques down from one generation to the next. Software craftsmanship is not that different. (6/) en.wikipedia.org/wiki/Ise_Grand…
We're refreshing the foundations of software but incredibly slowly, because in our hyperfinancialized world having broken software that is backwards compatible and partially works is more Pareto optimal for a business than the risk of building anything from scratch. (7/)
When I used to do banking contracts we would regularly see large pieces of legacy COBOL software running on mainframes from 1970s for massive infrastructure for multibillion dollar markets. Everyone who wrote the software had died and no one understood how to rebuild it. (8/)
It's probably not incorrect to predict that in 150 years our children will still be running massive infrastructure written in Python 2.5 ( software from 2006 ) simply because nobody can incur the cost of rewriting it and it mostly still works. (9/)
Very few companies on Earth are capable of allocating resources and hiring enough people to make even a small dent in rewriting portions of our technology stack. We're talking tens of billions of dollars to replace even a small core library or a portion of an OS kernel. (10/)
And there's very little incentive to actually do that unless it impacts the corporate bottom line, so generally there's little reason to do it. Custom software at that level is insanely expensive to write. (11/)
And for most companies the IT department is a small massively underfunded cost centre of a business that have no say or control in their software, and beholden to a patchwork of greedy vendors whose interests are very misaligned. (12/)
A small community bank in Iowa or a fishing company in Nova Scotia just doesn't have budget, expertise, or resources to invest in cybersecurity because that's not how our market allocates resources. And probably never will. (13/)
The software development environment that gives rise to endless 0days and ransomware are a product of capitalism and the economic context that produces software, and there is no solution within that system. (14/)
Building correct or "high assurance software" is an open problem, and is extraordinary hard from a pure computer science perspective. Proving security properties about software is almost as hard as proving theorems in mathematics and is very slow and expensive at scale. (15/)
Now this isn't reason for complete despair. Software absolutely *does* get better on long glacially slow time scales. But it certainly isn't going improve quick enough to stave off the current ransomware crisis. (16/)
The only solution to ransomware is to stymie the darknet market that incentivize malicious actors to exploit new vulnerabilities through unregulated payment channel for extortion.
Fix the dark money payments and you make the crime unprofitable at scale. (17/)
Solving ransomware means cutting banks and payment networks off from crypto exchanges where all this dark money flows. Cryptocoins are nothing but gambling networks and shadow banking for trafficking in human suffering, a net negative for humanity.
They need to be banned.
/fin
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Let's talk about market manipulation and how the cryptocurrency exchange ecosystem is an unregulated cesspit. (1/) 🧵
A exchange business is one that connects buyers with sellers, it maintains what's called an "order book" which matches the price intention of buyers (called the "bid") with the seller (called the "ask"). (2/)
A market maker combines this price information of what a potential buyer is willing to pay with the quantity they will purchase, for that proposed price and quantity from sellers. A match between buyer and seller is called a "fill". (3/)
Lets talk about how pyramid schemes like #bitcoin have historically exploded and the public damage that happens when they do. (1/) 🧵
A pyramid scheme is a type of fraud whereby investments are solicited from the public on the pretense (implicit or explicit) of offering high returns on their investment. Normally returns far beyond that of normal markets. (2/)
The secret sauce that makes it all spin is that returns are paid to the early investors out of the funds received from those who invest later. (3/)
It's always interesting to consider that Madoff employed close to a hundred people. Many of whom absolutely either in on it or basically a turned a blind eye to what they saw.
Just normal people waking up every day, having their coffee, and going to work for a Ponzi scheme. Just like software engineers go to work for cryptocurrency companies.
The nature of the scam has change. The whole crypto investment fraud scheme is a different flavour of financial fraud but it's not significantly different. Promises of insane returns and no questions asked about where they come from.
Let's talk about why cryptocurrency is the single factor that created the ransomware plague that is ravaging our healthcare system and public infrastructure. (1/) 🧵
Malware is not a new phenomenon, it has existed since the 90s and has seen massive proliferation ever since the rise of widespread internet connectivity and home computing. (2/)
What is a new phenomenon is 'ransomware' which is a form of malware which infects a target's computer, encrypting or threatening to delete their files in exchange for a ransom to be paid to the hackers. (3/)
Let's talk about how cryptocurrencies are for all intents and purposes multilevel marketing schemes for tech dudes. 🧵 (1/)
Normal MLM businesses are a type of legal pyramid scheme in which non-salaried workers purchase products (cosmetics, health food, vitamins) out of pocket from a company at a discount to do direct sales to friends and family. They make a small commission on these sales. (2/)
The second revenue stream is by fractional commissions from any other people that one has recruited into the same scheme, called one's "downline distributors". The person who recruits people into the scheme gets a percentage of their sales. (3/)
Let's talk about the Tether scandal, why recent disclosures about it are such a big deal, and why it represents a form of systemic risk for the already shady crypto market. (1/) 🧵
Stablecoins are virtual currencies that are always supposed to have the same real-dollar value. People that day trade cryptocurrencies often want shift their unstable tokens to safe real currencies (like the dollar) because wild market fluctuations make it unsafe to hold. (2/)
However when a company transacts in dollars they have to follow the rules of the bank that holds them and by proxy the rules US govt imposes on the bank. If you're trading crypto, then you probably don't like those rules since you're probably doing something shady. (3/)