Craftsmanship

“The Merge” has arrived – what is and what isn’t the most significant change in Ethereum history – Software Craftsmanship #104

The star of the week could only be one – the years-awaited The Merge Ethereum. Before we get to that one, we’ll address the security problems with Uber and Patreon and consider whether it’s possible to make Workation from Antarctica.

Article cover

PS: If you are looking for a Polish version, you will find one here. If you are reading this post from within the Vived app – Polish translations are coming back soon 😉

1.Uber hacked, meanwhile Patreon gets rid of security department

Since yesterday morning, the web has been flooded with information about the Uber security incident. I do not imply that the company would have tried to hide such a thing, but in this case, it was unlikely to happen – the attacker began to announce his achievement on the company’s channels, starting with their Bug Bounty platform. As the situation developed, more company internal systems screens appeared online. They mainly showed developer platforms such as cloud computing (GCP, AWS), Slack, or OneLogin.

I was just returning by Uber from the office, so I said goodbye with a request to initiate a search if I did not hear back on Monday.

Who attacked Uber? Those looking for sensationalism might conclude that it was one of the recently fired employees, but the story seems a little less sensational but still intriguing. The burglar claims to be a teenager who found the login data in a PowerShell script accessed on a public network resource. On the other hand, he circumvented the Two-Way Authentication layer thanks to … deceiving an employee (who was an administrator) by stating he was working at Uber IT. I wouldn’t want to be in that employee’s skin during the next One-on-One.

Such a clever generation of teenagers is growing on us. And the boomers say Gen-Z is just Fortnite and TikTok

The case is developing. We probably won’t know the full extent of the attack until early this week.

As you can see, security failures (and absolutely massive ones at that) can happen to anyone – even the biggest ones. Unfortunately, Patreon didn’t get a chance to learn this lesson when two weeks ago, it got rid of as a result of layoffs of its entire security team. The matter did not escape the attention of Soatoka, a blogger who is the author of excellent posts on security and is heavily involved in the Furry community (who knows, knows – who doesn’t know, don’t google), who is also the developer of a PHP client for Patreon. His publication Should You Delete Your Patreon Account After They Laid Off Their Entire Security Team? is a kind of journalistic investigation in which the author tries to estimate (based on publicly available sources) how risky it is to have an account on Patreon in light of recent events.

The analysis is of the honest kind – instead of shaming the company, the author takes a realistic look at the range of possible risks, from the loss of payment data to the inability to provide adequate anonymity to creators and patrons. And while he honestly admits that it’s hard to point to one specific, obvious risk, the mere fact that such an essential aspect as Security was outsourced is quite an abuse of trust. Hence his choice to delete the account. The decision is argued in much more depth, so I encourage you to look at the original post.

In addition, from my perspective, the author’s illustrations have always been a lovely added value.

Sources

Discover more IT content selected for you
In Vived, you will find articles handpicked by devs. Download the app and read the good stuff!

phone newsletter image

2. Workation from Antarctica? Now it’s possible, thanks to SpaceX

Are you familiar with such an organization as the IETF? Behind the acronym is the Internet Engineering Task Force, a body that develops Internet protocols. Quoting Wikipedia:

The IETF has no formal authority, but the work carried out by the IETF has a decisive influence on the shape of the future of the Internet. The IETF generates a particular type of document called Request For Comments (RFCs), which contain definitions of many Internet standards and protocols (such as IP, TCP, SMTP, IMAP, etc.).

So, in a nutshell, it is the IETF that shapes where the Internet itself is going, especially in that more thankless,  engineering layer. As mentioned above, the Internet is such a distributed entity that someone can dictate a specific action – in this respect, it resembles blockchains, which we’ll discuss in a moment. At the same time, however, for years, the IETF was the de-facto Web R&D department, exploring new directions. What does this mean in practice? We can find out from the organization’s annual report, which transparently presents the actions taken. After reading it myself, I feel much wiser on the subject, and the whole thing is so interesting that I decided to share it with you.

For example, while I was aware that the IETF operates in a working group format, it was no longer evident to me what kind of groups are working right now. In 2022 alone, nine have already been formed, touching on topics such as WebRTC (Web Real-Time Communication) and Cross-Domain Identity Management. The former, by the way, is the protocol of which the organization is particularly proud – as it devotes a whole separate chapter to it, in which it reports on progress and next steps.

WebRTC is cool – but there’s still some work left to do. Here’s how Zoom handles some of WebRTC’s problems.

What surprised me is that of all the browser companies, Google is the only sponsor of the organization. Instead, there is no shortage of significant network equipment manufacturers (such as Cisco, Ericsson, Juniper and Huawei), major network infrastructure players (RIPE and LACNIC – which broadcast IP addresses and domains or Akamai’s CDN).

And while we’re on the Internet, this one has started to go to some pretty unexpected places in the past week. I remember that somewhere back in middle school, I had the opportunity to read the book John Postgate’s The Outer Reaches of Life, which talked about the most adverse conditions where “life found its way.” Now the same is true of the Internet – there are fewer places where we cannot connect to the global network. Last week Starlink announced that the service has rid itself of the last white spots and has become available on all continents – including Antarctica. So my dream is coming true – I will soon be able to start working remotely from the land of seals and penguins.

I couldn’t find a suitable illustration, but Diffusion Bee (the GUI for Stable Diffusion described in the last edition) proved invaluable.

And it is also SpaceX that Microsoft has chosen as a partner for their Azure Space service. Instead of investing in their own infrastructure, Elon Musk’s company’s satellites will become the backbone of Azure new endeavorour. In addition to better access to Azure cloud resources in places with difficult access (like aforementioned Antarctica), the entire service is designed to improve satellite data acquisition for space facility operators. We’ve been hearing about the whole program for some time, but on September fourteenth Microsoft finally decided to release its test version to the first interested parties.

I’m waiting for the official new Azure Region: the Kármán Line

Sources

Discover more IT content selected for you
In Vived, you will find articles handpicked by devs. Download the app and read the good stuff!

phone newsletter image

3. The Merge has arrived – what is and is not the most significant change in Ethereum history?

It’s probably no secret that energy costs are rising (or are about to rise) worldwide. This topic has already become part of the ordinary discourse over morning coffee, along with subsequent inflation readings. I don’t want to pretend here that I’m an expert on the global energy market, but if the laws of supply and demand are really at work (oh me, naive), then I have good news for you – it’s going to get cheaper! There has been a major development in the world of technology – the long-awaited “The Merge” of Ethereum. Even if you are a bit fed up with blockchains already, this is one of the year’s most meaningful events from a strictly technological point of view.

Therefore, I will try to explain the whole thing in a clear way.

<Explain Like I'm Five(Days)>

I don’t want to write here about things you’ve probably heard about dozens of times already, also quickly: when we talk about the high energy intensity of cryptocurrencies, we’re talking about cryptocurrencies based on Proof-of-Work algorithms, i.e., recalculating complex mathematical operations over and over again – it was for them that powerful graphics cards were being bought up as recently as last year. Until now, such currencies included the popular Ethereum, but on September 15, we entered a new era of this project – the so-called era of reliance on the Proof-of-Stake algorithm.

What is Proof-of-Stake, and why should it significantly change the approach to consensus on the Ethereum network? We’re talking about some mix of social engineering and game theory here. Why all the Proof-of-Work in the first place? To make consensus slow and make consensus hard. Since blockchain cannot rely on trusting some central source of truth, some form of deciding who is right (mentioned consensus) is necessary. Under the assumption of Proof-of-Work, those who have the most computing power are the source of truth. The whole thing assumes that honest network participants outnumber dishonest ones, where every gigaflop of power consumed can be understood as a participant.

Proof-of-Stake is based on pretty similar assumptions, only here, instead of the computing power in question, there are so-called “market validators.” Simply put, a validator can become anyone willing to put up 32 ETH as a “sign of commitment” to the network.

Why do the validators allocate their funds? While in the case of PoW the incentive is to pay each validator with a reward for performing calculations, in the case of Proof-of-Stake, each validator gets a chance to be selected to confirm the correctness of the block. In turn, he gets a reward for doing so – provided, of course, only that he is on the Light Side of the Force. In that context, the Light Side of the Force means “voting as the majority of the community does.” It has been known for a long time that the winners are the one who write history books.

Now you are at my daughter’s level of knowledge, so we can continue.
</Explain Like I'm Five(Days)>

The Merge in the eyes of many people has grown into some outright mythical phenomenon that will solve all Ethereum’s problems. This, of course, is not the case – the goal of The Merge is solely to make the blockchain less energy-intensive and get rid of miners from the process. A potential effect could also be deflationary pressure – many people may be inclined to over-“stake” their resources in order to increase the chance of becoming a validator of specific blocks. This is one of the accusations that the crypto community makes against the Ethereum movement – that one has become much more centralized among the big players. At the moment, seven entities (validators, as in the case of PoW, can merge into so-called pools) control over 2/3 of all validation tokens.

Although, with the computing power needed to support PoW, GPU prices did not promote “commoners” either. Fortunately, those days are probably behind us.

“The Merge” will not affect another aspect of the network – its scalability. Ethereum will continue to be neither faster nor much cheaper to use. However, it doesn’t mean that there is no idea for this – the project’s architects have already laid out plans for further solutions, which will be gradually implemented to address these problems. The Merge was just the first step, now we’ll be waiting for The Surge, The Verge, The Purge and The Splurge – the next big step is the so-called DankSharding, which aims to offload the entire network and reduce the amount of data that needs to be processed on the Blockchain, moving it to the so-called Layer 2. In general, Ethereum makes sure that I have no shortage of topics to write about.

Of course, one group has been hit hard by The Merge – these are the miners who have invested masses of resources in digging equipment. Therefore, keeping with the best crypto traditions, an Ethereum fork has been created that stays with PoW. It’s called EthereumPoW (creatively, no question – but at least it’s readable), and its main argument (aside from miner profits) is an attempt to stop the potential centralization of the network. This isn’t the first significant fork I’ve seen – it will be interesting to see to what extent this type of initiative will find supporters in the age of carbon footprint reduction. Certainly, the NFT community rejoices, as they will finally stop fretting about their climate impact.

The Merge is an extremely important step for the future of the entire project, but by itself, it does not magically solve all the problems. Especially since the last month tha has brought some confusion to the regulatory layer. At the beginning of August, Tornado Cash – a so-called cryptocurrency mixer that provides enhanced anonymity of transactions – was found guilty of money laundering by the US Treasury Department, and the developers who created it were sent to a Dutch prison. As a result (in the big picture), there was a ban on operating the funds and addresses that Tornado Cash had in its possession. The role of the mixer, however, is that they “stained” a very large amount of potential coins. Cryptocurrencies don’t have a good way of dealing with this kind of problem, and there is currently a discussion about legally regulating the neutrality of the distributed registry layer, so that unsuspecting network participants can’t be accused of money laundering. Can you go to jail today for interacting with Tornado Cash tokens? This is a mightily complicated matter, and I suspect it will end only after the first court hearings.

And at the very end – it would seem that carrying out such a complicated operation as The Merge would result in an increase in the value of Ethereum as such, right? This will surprise you that in the last 72h, at the time of writing this text (7 AM UTC), Ethereum has scored sharp declines of ~20%. An accessible explanation can be found at Decrypt. Still, in a nutshell, the reasons are twofold: poor readings of the United States’ economic situation, as well as the investor tactics behind the charming “, buy the rumor, and sell the news.” The situation is somewhat reminiscent of the typical case of technology companies entering the stock market with a sizable bump in value at the entrance, followed by a sharp drop when the company’s performance begins to be analyzed coldly. In short, investors are people too and susceptible to hype. This was the case with Ethereum, which has been growing rapidly lately with announcing the following migration milestones. Now it’s time to realize those gains.

Trivia: After the transition of ETH to PoS, DogeCoin became the second largest PoW currency

Sources