* Posts by DaemonProcess

107 publicly visible posts • joined 8 Apr 2011


Here's how to remotely take over a Ferrari...account, that is


Slow improvements

Things are getting better, slowly. Remember the Chrysler vulnerability of a few years back which allowed root dbus calls directly from the internet with a default password, so that anybody could crash a car remotely?

Computer security as applied to the automotive industry is now being taught at the University technical colleges in the UK, so some cars of the future (e.g. JLR) should at least have better authentication and a chain of trust. But how much of this software development is being guided by this when the cheaper programmers are elsewhere in the world and the directors think that sales depend on features/benefits more than security?

The problem here is that most of these attack vectors involved hacking the manufacturer and getting hold of the credentials from the inside, so it doesn't matter if you have a strong password, trusted certificates or even blockchain tech, people get to your car and account through the front door with that.

So it's more a matter of if, rather than how, hence the PR efforts to prevent widespread panic about car security.

IBM staff grumble redeployment orders are stealth layoffs


the new standard

Happened to me once.

The only thing more evil than being laid off is being told you are not being laid off but there isn't a job for you any more. Basically forcing the employee to find themselves a new job without being paid redundancy severance.

Ironically I had just saved the company over a million pounds in the previous 4 months.

So I went contracting and doubled my salary for the next 15 years. Ironically my contracting roles tended to last longer than all my permanent roles... a lack of staff appraisal system is probably the reason.

Techies are bad a selling themselves, always better to have a recruiter sell you.

British Airways flights grounded due to glitch in flight planning app


Hurley burly

I saw Elizabeth Hurley tweeted at BA saying she was stuck in Antigua for 20 hours. I was about to say lucky for some but she said nobody had been given food or water or access to a hotel.

In praise of MIDI, tech's hidden gift to humanity


31,250 bps - from a Spectrum!

Hi. In case nobody said it previously, well done for getting 31,250 bits per second midi out of a Speccy! And if you kept it all in sync then even better. I struggled to send serial faster than 9600.


Re: works mostly...

I've struggled with my old Korg Trinity Pro-X - nobody makes software to talk to any keyboard that old. Korg software is only written for Apple kit. So with the increasing age and likelihood of electrical gremlins I sold it and went fully virtual. :-/

Microsoft will help trim your Azure bill to encourage loyalty


price increase

April's big price increases caused a few companies to jump to AWS. GCP also offers some good deals. Azure's growth is partly because Microsoft are forcing customers into it by putting more features into Azure AD and associated products, such as Purview and Sentinel, many of which need Azure AD P1 or P2 to get the full features. Its very hard to fight that in the Enterprise and means a lot of companies feel forced to keep at least a minimal Azure account to integrate all identities.

AI recruitment software is 'automated pseudoscience', Cambridge study finds


nasty process

I agree with the report.

Recruitment by the Tiktok generation for the Tiktok generation.

A match made in heaven: systemd comes to Windows Subsystem for Linux


kill me now

Sorry, that should be kill -9 $ME and I don't care what gets left open and hanging.

or in WSL: sudo systemctl stop $MYSERVICENAME and maybe it will stop it or maybe it will complain and leave it running.

Now if systemd could go a bit further into Windows it could improve the powershell horror

Woman forced to sell 4-bed house after crypto exchange wrongly refunded $7.2m


the amount is an issue

Crypto.com have been laying off staff.

Interesting to note that for a large sum of money they are willing to go to the court to get refunded in dollars, yet when a user of their exchange makes a mistake that loses tokens Crypto.com are unwilling to accept any liability.

For example I transferred my last 1 Eth from Crypto.com to my coinbase Eth wallet, something I had done a few times before - except that being very tired I stupidly accepted the "default" option of using the Crypto,com owned chain "CRO" which means that my Eth magically vanished from the world.

Yes I accept it is my fault for not being careful enough to assume they would try to dupe me.

The fact that the same target wallet address on the cro chain isn't owned by anybody individually means that Crypto.com have my Eth by default and will not send it back.

You cannot reverse crypto transactions. It's also very hard to get support from any crypto exchange and harder to start legal action when they are based offshore.

Some good advice came from someone above, always test transfer the minimum amount and check it gets there before you send the rest.

In other advice, I'm right out of crypto now, back into shares - caveat emptor.

AI detects 20,000 hidden taxable swimming pools in France, netting €10m


Re: If it steers boots on the ground to double check

No it's 2 different organisations in France with >2 times the consequential bureaucracy. For them to communicate directly would be far too simple for the French - who would audit the data etc.

The detail required in the forms for the two types of property tax in France (fonciere and habitation) is unbelievable. Unchecked rampant snooping to counter a culture of personal secrecy. They want the size of all the rooms, corridors, number of bathrooms, size of attic space, cellar, square metres of patio area - yes they charge you for that, size of pool, whether an inflatable pool can be considered permanent, number of outbuildings and purpose of each one, size and purpose of all land, whether you have a terrestrial TV aerial which is I suppose their version of a TV licence tax.

NASA's Lunar Orbiter spots comfortably warm 'pits' all over the Moon



So now we know where to put Robot Daneel Olivaw.

Near-undetectable malware linked to Russia's Cozy Bear


insistently dumb

Every week I hear of users who _demand_ to open any email and attachment they receive. Regardless of all the security training they get. Then they say it's our fault for allowing malware through. The question is... what legally constitutes enough protection these days - 3 different AV scanners, sandboxes, what else?

China’s top court calls for blockchain to record vast number of transactions



As stated it will be bring proof that a transaction has taken place. Hopefully a weapon against fraud and corruption by officials and private individuals. But only if it has been designed properly with no single control over the chains.

The 1 party system puts all the power in 1 place with 1 single version of the truth, including re-writing history.

VMware customers have watched Broadcom's acquisitions and don't like what they see



I dont understand why Broadcom think VMWare has a future. I heartily agree that it will probably be stripped of cash, geared up to the point of no investment and used as a means to deprecate non-Broadcom chips in the VMWare market. Medium to long term WMWare are going to be replaced by a mixture of cloud, HyperV, Docker and HCI. In my opinion engineers starting now should start with infra as code such as Nutanix and Terraform along with cloud qualifications.

Seriously, you do not want to make that cable your earth


Re: almost whoops

Yes I've seen that too - 9-12 inches of solid cable under floor. They could barely get the tiles down on the top layer. At the bottom of it all was the 40 year old analogue phone system and alarm. At least that building was being powered down and decommissioned.

As opposed to the 2 electricians I once saw arguing over 3 black cables connected to my shiny new HP Superdome (64 kilowatts) arguing over which black cable was the blue phase....

Google cancels bi-annual performance reviews, shifts to GRAD system


hate them

what a total waste of time. Embarrassing. Hurtful. Stressful. Darwinian. Only the most persuasive survive. Large employers only run them to quantify who to lay off with some data that they think can stand up in a tribunal. No other reason. Same for 'objectives'. If you do your job and your manager is happy there doesn't need to be anything else. Its when your manager isn't happy that they want data to kill you with.

Don't hate on cryptomining, hate the power stations, say Bitcoin super-fans


Re: Just ban it already

Its not anonymous at all - people who have stolen crypto and tried to launder it or wash it through privacy tokens and split it through thousands of small transactions have been fully traced and caught.

As is often the case with new tech, the scammers online who are selling false promises are giving the whole base a bad name. I they are selling trading education then it means they aren't making any money doing it. As for NFTs and metaverse pseudo-land, I'd rather trade a 90s Tamagochi. Who remembers Linden Labs 2nd Life? That was centralised and still went unfashionable.

So 2% of crypto transactions are reckoned to be fraudulent but against 5% of banking transactions it seems to me that the banks need to be stopped from assisting criminals more than crypto exchanges.

As for miners - yes its got far too energy intensive due to large corporations trying to hoard all the minted tokens. Proof-of-stake is the way to go. I like the idea of a publicly auditable proof of transaction as a cure for the banker's fraudulent ways.

ZX Spectrum: Q&A with some of the folks who worked on legendary PC



Bless these guys for my 33 year career in IT, I would probably have been digging holes in roads otherwise.

Ex-Googlers take a stab at building 'general intelligence' that makes software do what you tell it


Re: Autopilot

There have been PhDs in formal knowledge elicitation undertaken since 1988 afaik....



So they are trying to make the computer reason at a meta level and maybe meta-meta level. Just as Tesla discovered with early versions of Autopilot, you can make it see things at face value but unless you combine that with additional context from short and long term memory (ie what just happened and previous experience), with rules/laws etc the NN is not going to be able to drive flawlessly. And it isn't just a case of adding those contexts alongside what you have.

TMC tried to create these meta rules 25 years ago but got stuck in between rules, too-slow computers and the inefficient ML algorithms of the day.

Not sure I want chip sentient intelligence, droid slavery, droid armies and general unemployment starting with programmers.

ZX Spectrum, the 8-bit home computer that turned Europe onto PCs, is 40



The basic editor and interpreter was written in a short period of time by 1 hero, who had to code for small memory rather than performance. As such a few ideas were sub-optimal for performance, such as number arithmetic, goto/gosub searches, functions, stream i/o, etc. I found a compiler was a good idea and there were several available. It all started my 30 year IT career and I've been coding on and off as an amateur for 40 years.

Microsoft plans to drop SMB1 binaries from Windows 11


ID theft

NCSC recommend stopping SMB2 where possible, also. Unfortunately it shares Windows internals with SMBv3 so cannot be disabled in your registry without also clobbering SMBv3. I don't know if NFSv4 is any better, but a lot of devices won't support it out without re-configuration.

Now that 1gbit broadband is becoming more common, a lot of these home NASs will be replaced by Cloud storage. The only thing stopping me at the moment is the pathetic 1.2mbit/second uplink speed.

Your home NAS may also photos / scans of your passport, driving licence, utility bills and bank statements someone in your house once needed to apply for something.

Yes it needs to be secure, encrypted and protected from all access. I use a mirrored pair of USB drives on a raspberry pi with nft protection.

Preferably behind a 2nd firewall because you shouldn't trust the broadband provider's router/firewall to be right up-to-date with patches. I just discovered my Sky Q router has a 2nd non-visible set of firewall rules that we cannot see - for example try blocking both ways and then point your browser at it - yep it still works and sends you out to the internet. There's no way of knowing if that is a second chain or forward/pre-routing rule, or what else they have hidden from us. I don't even know if my rules to stop UPNP are worthless now, because it don't have anything that uses it.

Any fool can write a language: It takes compilers to save the world



The gnu version of yacc is bison - flawless open source pun.

UK arm of Sungard Availability Services goes into administration


high cost and accounting

The Sunguard place near Heathrow is basically a huge American design. I can't believe they did a sale and lease-back on their own design. Given the huge amount of debt these companies happily run, they would have been better off owning it under a commercial mortgage. The building would be worth more and their balance sheet would be much better, but accounting principles....

Also the nature of the recovery business isn't helping them - they have to own and operate old kit - many items are off mainstream support now and they are not power-efficient - e.g. small capacity spindle disk drives and old slow CPUs.

As for barbers - the town centres have been gutted by Amazon and Ebay - only service industries such as beauty and food remain, where you have to be on premise. Ok I will make an exception for estate agents but that's only because their profit margins are obscene.

The wild world of non-C operating systems


cryptus cunning lingua interruptus

Go back far enough and the idea of purchasing an operating system for your computer was optional. The manuals described the hardware architecture, processor registers, i/o processing, data storage formats, switch functions etc. You could purchase an o/s or write your own in any language you could write a compiler program for.

Fundamentally at a low level, the o/s language needs to able to cater for operations direct in CPU registers with specific hardware instructions, shared memory segments, the ability to read from / write to direct memory addresses, indivisible (test+set) instructions, interrupts,volatile latches or semaphores at known (fixed) addresses. Most languages these days try to abstract all this away from the possibility of harm. As CPUs these days are gaining more high level instructions (e.g. AES, TLS) then the number of languages to support it all reduces.

The right to repairable broadband befits a supposedly critical utility


Big sparks

I personally witnessed a 3 foot spark between the phone line and the central heating when our house was struck by lightning. Surge protectors are fine for protecting you when someone else in the area has been struck but not much use when you yourself are struck.

The surge down the phone line blew up much of the green junction box before the line was broken/vaporised. I guess electricity can flow along liquid metal for a microsecond. A strike is several 3-15 consecutive rapid strikes down and up as the potential balances out between ground and sky. All this time it is seeking other ways to find ground. I witnessed plasma glowing up the standard lamp and it also blew our land line phone right up the stairs.

The question now is whether anyone has had a strike blow up the diode on the end of their fibre connection. If it sits in a metal box which is earthed I guess the answer is yes and if situated close to ground then a constant stream may also melt the thin fibre strands at point of connection. I once got one of those stuck in a finger - worse damn splinter ever due to brittleness. Dont ever breathe them in.

Local Wimax had been installed in our old French village for those people STILL stuck at equivalent to isdn speeds on their adsl. It works well, but would be even better if the church would only allow the aerial to be moved to the side of their steeple.

I certainly feel for the people in rural Australia and USA who are stuck with monopoly suppliers and terrible customer service. Starlink is a disruptor if you can also afford battery backup and that isnt fried. A solar panel and Powerwall set-up would be useless after a strike, which would start by blowing up the control circuitry and then fry wires in all of the panels. Our strike travelled 30 metres down the shielded electric cable through the garden and took out the light in the garage on it's way to the remote earth connection.

FAA now says 5G airports may interfere with Boeing 737s


Re: Out of band power

Thanks for that info, I'm generally ignorant of this tech - it is a bit like doppler but with EMR instead of sound?

Another ignorant teenager's question along the lines of tin foil hats, couldn't they just fit upside-down metal umbrellas on top of the 5G transmitter towers near to airports..

The Japanese method seems more power efficient to me anyway.

Verizon / Comcast / whoever's board is penny pinching a couple of million in spend when their accounts report in billions.

UK's National Savings & Investments bank looks for new IT partner in £172m deal


Re: Ernie's real purpose?

I wondered that, also whether government had their own separate implementation stuck in a Faraday cage somewhere. If not then why not - would that mean Ernie was discovered to be not as random as first advertised?

FBI seizes $3.6bn in Bitcoin after New York 'tech couple' arrested over Bitfinex robbery


Monero not so secret

The fact that they tried to hide behind the ultimate privacy coin Monero and were still found out tells you something about the crumbs you leave behind and watching out for the big picture, not getting too confident in your mathematical cryptography.

Maybe the size of the trades. It may also be related to a reverse audit of the found BTC - get the details either side and dont worry about what went on inbetween.

In the UK you can be forced to reveal the source of your sudden wealth or have it seized. Other countries just take it or torture you and your family until you hand it over.

HMRC: Contractors, don't worry about IR35 reforms in private sector 'cos it all went so well in public sector



One key difference between private and public sector contracting is the public government sector VAT effectively goes in a loop - outside IR35 contractors in government charge VAT from the government (through an agency) which is re-paid (minus the purchase VAT which isn't much for contractors).

For the private sector the government effectively gets new money out of VAT, therefore more income from the economy.

Therefore the gains from IR35 inside government world are limited to increased PAYE (tax/ni) less a reduction in dividend tax, which Sunak increased recently.

Happy birthday, Windows Vista: Troubled teen hits 15


harder to use more features

I started pre-Windows, used Windows 1.0 (program manager or file manager camps and Mah-Jong appeared), then 2.0 (a bit more colourful and more fonts), then 3.0 (big changes because you got the Smartcache under DOS 5 which really helped it move, then 3.11 which was more business focused.

After that I think Bill realised that he had to start taking stuff away at the same time as giving new features, so that something that used to be simple to change required 2 sub-menus and an Advanced button press. He needed to keep giving people a need to upgrade to keep the cash rolling in.

I downloaded Linux at that point in 95 ( 13 hours over a 33k modem with X11 ) and have been running them both side-by-side.

I liked XP especially for games, but it was 32 bit and a half with that annoying 3GB memory limit (why not 2 or 4 signed or unsigned I don't know).

The other feature of Vista of course was the very annoying double-confirmation pop-ups, which was thankfully fixed in 7. I liked 7. 10 I think was a step backwards and my jury is still out on 11, apart from of course yet more things being unconfigurable in Control Centre.

Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them


Re: Does it go through brick walls?

I have 2' thick river stone and mortar walls holding up my chateau, internally as well as externally. Running 40m of cat 6+ along the attic from end to end with wifi repeaters is the only way to reach down to the ground floor.

Planning for power cuts? That's strictly for the birds



Do ensure that all of your essential systems are covered by the UPS, DR processes, backups, even documentation...

I did once hear of heartwarming successful UPS tests, building power-cycles and application recovery tests for a company - BUT when the power to an office building cut out they discovered one particularly important infrastructure server was still sat under somebody's desk from 15 years previously and had been forgotten about. Bringing down everything else had never tested this part because up until that point it had stayed operational.

As for loud bangs and flashes, our house was once stuck by lightning. The land line phone was blown right up the stairs as was one neighbour's phone. Clocks blew up as did the TV. I saw plasma glowing around bedside lamps. There was a 3 foot spark from the phone system to the central heating system, which told me that simply switching off or even unplugging probably isn't enough. I even distrust lightning surge protectors now, although to be fair if someone else's house in the street is hit it may help. Our strike even blew up somebody's expensive HiFi valve-based amplifier which was left on permanently - he lived 6 houses away. What saved us was the cast iron Victorian guttering to ground. The only building infrastructure to need replacing was a vertical line of roof tiles from ridge to gutter.

New submarine cable to link Japan, Europe, through famed Northwest Passage


Resurrect Goonhilly

We should never have chopped Goonhilly in Cornwall. Putin is already threatening to chop our internet cables and our gas over Ukraine.

Of course, these days, it would be better to have 1000 micro-Goonhillies communicating over Starlink or similar.

WSPR anyone? :-)) We will soon be back to short wave and the Lincolnshire poacher.

Azul lays claim to massive efficiency gains with remote compilation for Java



Well I have seen large (300%) gains from optimisation, partly from profile-based and partly by letting the compiler go to the max and also enabling linker optimisations. Most developers go for fastest compilation, put whatever is working into test and then nobody wants to change anything for production.

Some optimisations can even effectively re-write source code so that +3 and then +4 gets turned into a single +7 machine instruction.

What cannot improve though is dependency on i/o. A single stream will not go any quicker; - but you will probably be able to run more processes in parallel and have them all blocked on i/o... This is have also seen, but not since 20 years ago.

So, yes, I can believe gains in non-i/o bound cpu-hoggers, such as ML learning in memory, but not for anything much else.

After deadly 737 Max crashes, damning whistleblower report reveals sidelined engineers, scarcity of expertise, more


1 vs 3

Airbus - 3 sensors - more cost - but a far more reliable quorum.

Boeing - 1 sensor - cheap - Donald Ducked.

When my car window had a short-out the polarity (hot-cold) of my heater controls was reversed. Weird things can happen when electrical parts go bad.

When one goes bad out of a pair then it's hard to know which is right. That's why you need 3 of them.

The same is true of piezo speed sensors (Air France from Brazil icing).

Loving all the comments.

Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching


Re: Why should any language be able to load arbitrary code?

This is what made Flash so insecure - bring in anything and run it without question, features over security.

By the way, don't assume subdirectories are absolutely secure, you still have to be careful. There's the well known vulnerability of assuming your script.sh is actually being run from the right location. They just cd to their own directory and replace your script.sh, so that the top level code executes their script not yours. This is a classic escalation of privilege weakness with chmod +s.

The dark equation of harm versus good means blockchain’s had its day



Since these techs are based on 256-512 bit hashes and public/private key cryptography, I wonder how long it would take a re-programmed mining farm @ 2000 terahashes per second to actually decrypt some of these public keys so the large wallets (even off-exchange ones) are cleaned out. I also wonder whether any state has already started this effort into producing new ASICs for the purpose.

As for NFTs being useful, to me they are just like Tamagotchi or Pokemon trading cards - on the face of it useless and worthless apart from collectors and they will sooner go out of fashion. I never saw the point of it. Maybe a company will NFT it's software releases one day, to replace certificates.

The other problem I have with the Crypto ecosystem is that so much of the 'use case' is based on financial services itself - a massive house of cards.

It's ironic that some of the pegged stablecoins like Tether and co are the ones being targetted by the authorities because those surely have better integration capabilities to the real world - hopefully each government will sort out it's own digital 'denarius' (=10 asses) soon, once they have got beyond quantum decryption worries and the fact that transactions cannot easily be reversed without owning 51% of the market cap etc.

In spite of that I find the article to be full nay-saying without backing up with much evidence. To help further argument I have to point out that crypto fraud is less reckoned to be less than 10% of the value of currency fraud (e.g. trillions in tax havens, billions stolen by corrupt leaders and banks themselves laundering hundreds of billions (e.g. Danske bank 200Bn told by this guy in this youtube video /v=f8iPIV9cBAs ) Also that the banks themselves now hold hundreds of millions of dollars worth of crypto for themselves and clients.

Desktop bust and custom iPhone 13 Pro made from melted-down Tesla car for the Elon Musk dork in your life


Vertu us?

I wonder what happened to all those Vertu Nokia's that were comparatively expensive back in the day. I also wonder if the people who bought them actually care.

Boffins use nuclear radiation to send data wirelessly


so not fast enough for a bug ?

I wonder if anyone already thought of using that tech for a remote bug device. Instead of RF EMR you have radioactive particles. DIstance / rmeote source?, detection, power, bandwidth, etc...

Remember when you thought fax machines were dead-matter teleporters? Ah, just me, then


Re: Happy Memories of a first time faxer

Its worth repeating this old one, it wasn't just the secretaries but the management who didnt know how the machines worked. I once saw an RAF Wing Commander put his letter into an envelope, address it and then feed the closed envelope into the Fax machine.

Analogue tones of a ZX Spectrum Load set to ride again via podcast project



There was a Tron-like Spectrum game called Blind Alley which had the most recognisable sound on tape. I could identify that from about 3 seconds of audio, when fast-forwarding through my tape player.

One thing I did manage once was to use 2 tape recorders and a phone call to transfer a program to my mate round the corner, with a simultaneous SAVE and LOAD and some silence it worked like a non-flow-control modem.

Ransomware-hit law firm secures High Court judgment against unknown criminals


Mareva order

There used to be something called a Mareva order to freeze assets anywhere in the world that does accept UK high court judgements. So with a judgement under their belt the solicitors may be able to trace the hacker's money to an offshore location and seize it - or even attempt to seize an entire global blockchain of crypto currency if the hackers use that (probably). It would be fun to watch them try especially with a de-centralised project - 'all your mining and validator nodes belong to us now, that's 2 trillion usd' and you have to stop them all from transacting and rewind everything to yesterday morning when the order was signed. Not mathematically possible.

The magic TUPE roundabout: Council, Wipro, Northgate all deny employing Unix admins in outsourcing muddle


Quiet victory I hope/

I hope the companies don't eventually win because because they will use high court judgements to put groups of more expensive employees outside of regulatory protection. I would suggest they get their MP to ask a question in Parliament but that wouldn't change a thing with the current mob who really want to remove employment protections. Ultimately TV and other mass media may be the employees best bet. I also suggest intensive cloud training like the rest of us.

Fancy joining the SAS's secret hacker squad in Hereford as an electronics engineer for £33k?


Re: Which meillennium is this again?

more like an Aston.

Sounds like they are after an Army Q, but wanting post-grad electronics for 33k is pathetic. Also what kind of pressure are the civvies under if it's a Lt Col in command? Sounds like they really wanted a qualified soldier but couldn't find one capable of original thought.

AWS Free Tier, where's your spending limit? 'I thought I deleted everything but I have been charged $200'


unable to delete either

In the beginning I was stupid enough to try the Lightsail service of "quickly" standing up a server. ( Little did I know that its actually easier to do it all yourself and

it's easier to understand ). Then when I tried to delete it as my ROOT account it told me that I didnt have permission to do this. But...er... I'm root and can delete anything can't I? Well a few queries into the forums found some very smug unhelpful people who said that I had to do some advance IAM to grant my root account the permission to delete what it had just created. This is another way that AWS tries to lock you in for good. Cloud is more of the same old IT business of the past 40 years - vendor lock-in is top priority. I've closed the account completely now, gone to the opposition.

IBM creates a COBOL compiler – for Linux on x86


too late

Yes this was needed by IBM about 13 years ago, they would have kept more customers if they had had the vision and weren't run by accountants. The internal MF lobby high up in IBM's US management is too powerful and even today is continuing to de-relevent (see wot i did there?) the company as a whole - by saying that people still have a route back to MF if the required performance can't be met. They haven't got a clue. Desperately holding on to the 1970s. Actually in 1989 I was briefly a COBOL programmer, you kind of get into it and it can be enjoyable up to a point.


Re: [Aside] Storage media

when i was in ICL the dedicated word processor floppy disks were 10" a-hem.

Blockchain may be the machinery of mischief, but it can't help telling the truth


51% attacks, de-fi, tracing/fungibilty

For a start, the blockchains are hackable if you can get 51% of the vote to roll-back transactions and insert your own. This has happened in a couple of cases, e.g. "ethereum classic". However these are publicly available audit-logs, so everyone will know that it happened.

What is more likely is that your NFT's blockchain will simply go out of use in 10-20 years time, to be replaced by something else, so your 'provenance' turns out of be worthless by the year 2050.

Secondly on fungibility Bitcoin is a token which is fully traceable - a multi-million dollar industry has built up in tracing every transaction through every wallet. This means that if you buy some BTC off a dodgy exchange you may end up with a coin that was created and previously used in funding crime and is therefore subject to confiscation by the authorities, together with a nasty audit of yourself. They may be fungible in theory but you had better know who had it before you or else buy through one of the big exchanges that are approved by the FDA/FCA. Only the deep cryptography tokens like Monero offer the best fungibilty and many exchanges are getting out of that because that's the sort of token the dark web prefers.

On the subject of using certification (private/public) instead - the difference with modern blockchains is full de-centralisation (de-fi) which means that they aren't in theory capable of being taken-over by someone gaining control of the root CA because there isn't a root. Transactions must be approved by an accepted number of nodes. Bitcoin is terrible for commerce because of 500+ nodes need to approve everything so it takes hours to do anything. Other modern sharded chains hope to fix this in the next 2-3 years. It's still early days and largely you are betting on a lack of bugs, quality of testing and market take-up. In my opinion there is a lot of FUD being thrown around for and against this, but the tech is incoming regardless.