Browse Source

Website redesign

sn0w 3 months ago
Signed by: sn0w <> GPG Key ID: DDEDFB9D3FA15727

+ 1
- 0
.gitignore View File

@@ -0,0 +1 @@

assets/hmmm.flac View File

+ 15
- 0
assets/style.css View File

@@ -0,0 +1,15 @@
body {
background-color: #000;
color: #ccc;

max-width: 786px;
margin-left: auto;
margin-right: auto;

font-family: monospace;
font-size: 14px;

a {
color: #20c1d5;

+ 52
- 0
build.zsh View File

@@ -0,0 +1,52 @@

set -e
set -o pipefail

render() {
echo "#> Rendering ${1} as ${2}"

cat ./partials/header.html > "${2}"
pandoc -t html "${1}" >> "${2}"
cat ./partials/footer.html >> "${2}"

# Drop last build
echo "#> Cleaning up"
if [[ -d _public ]]; then
rm -r _public
mkdir -p _public/blog

# Build pages
echo "#> Making pages/posts"
for page in ./content/**/*.md; do
file="$(echo "${page}" | rev | cut -d/ -f1 | rev | sed 's/\.md//g').html"

if [[ "${page}" =~ "blog" ]]; then

render "${page}" "${target}"

# Build blog index
echo "#> Making blog index page"
cp ./partials/ ./_public/blog/
echo "" >> ./_public/blog/
for page in ./content/blog/*.md; do
file="$(echo "${page}" | rev | cut -d/ -f1 | rev | sed 's/\.md//g')"
echo "- [${file}](/blog/${file}.html)" >> ./_public/blog/
render ./_public/blog/ ./_public/blog/index.html
rm ./_public/blog/

# Copy media
echo "#> Transferring media"
cp -r images _public/images
cp -r assets _public/assets

echo "#> Done!"

+ 272
- 0
content/blog/ View File

@@ -0,0 +1,272 @@

TL;DR of this post:<br>
Never use IOTA.
The developers broke every "good practice" they could find and built
a coin that's centralized and insecure by design.
Please be *extremely* careful when investing your money.
Do not spend more than you're willing to lose.


# Intro

Cryptocurrencies are popular like never before.
I've been following Bitcoin and some of it's offsprings since early 2012, but this year was just
amazing. It seems like more and more people finally understand that
"magical computer money" can (and should) have real-world value.

One of the coins that surf on this hype-wave is [IOTA](<br>
If you don't know this coin yet [click here](

# Backstory

A few weeks ago a coworker told me about IOTA.
He said it was a new, fancy, revolutionary coin that will disrupt the market.
It was apparently partnered with major companies like Telekom, Microsoft, Fujitsu and more.

Then he went on:<br>
"It has zero fees".<br>
"Also no need for mining".<br>
"They use a better blockchain"<br>

I was shocked and excited at the same time.<br>
This IOTA-thingy *did* sound pretty cool,
but the "upsides" my coworker mentioned raised some pretty big questions for me:

- How does a decentral system partner with a company/sponsor?
- Who verifies transactions when there is no mining?
- Who "prints" new money if not the miners?
- What is so special about their "fancy" blockchain?

You get the gist.<br>
This coin just seemed too good to be true.

# The "Tangle"

Before talking about concerns, let's explore how IOTA (basically) works.

The Tangle is a directed acyclic graph (DAG).<br>
"Directed acyclic graph" sounds horribly complicated, but it's basically nothing more than a graph
that follows a certain "flow" (hence "directed") and guarantees that "walking" along the paths
and connections will never end up in loops ("acyclic").

Let's take a look at an example-tangle:


As you can see, the Tangle is basically an "exposed blockchain".
Instead of wrapping multiple transactions into blocks which point to the parent block (hence building the "chain"),
they just insert the transactions directly and make them point to two other (random) transactions.
This generates the ever-growing "ledger-tree" over time.

When a node has chosen two previous transactions, it verifies them by checking
their proof-of-work hash and making sure that they don't build upon a double-spend.
To choose which branch to attach a transaction to, the node uses a [MCMC-based]( algorithm. As long as the majority of other nodes does the same, the tips will then diverge into the same direction.

Ok, cool concept.<br>
But does it work?

The answer is: "kinda". With a *lot* of strings attached.

# Concern #1 - Missing dev knowledge

*This is probably my most important point.*

It seems that the IOTA developers did not think very much about
the network that will power the coin on the long run.

**One extremely important part of developing a decentral system is that an average user
should be able to fully participate in the network at all times.**

This means that your system should expect to run on low bandwidth,
slow CPUs, low memory and "small" harddrives.

**A very common** misunderstanding of Bitcoin is that it only has a 1mb blocksize because
it's running on old technology and/or lead by stubborn developers and pool operators.
In reality this blocksize is a self-imposed limit to stay in the the aforementioned restrictions.

**This is also the reason why BIPs, SegWit and Hardforks related to blocksize or transaction limits are so controversial.**

Bitcoin has used this limit for many years and the only thing consumers need to
fully participate in the network is ~150GB of HDD storage. Storage is extremely cheap.
The decentralisation promises still stand.

Cryptocurrencies that disrespect these basic rules are very prone to centralisation because they will
inevitably reach a point where the average consumer can only use "light wallets"
which don't actually participate in the network.

Back to IOTA:<br>
The Tangle does not come with any rules regarding the transaction influx or size.
It is thus safe to assume that IOTA will require *very* fast internet and CPUs
(in addition to a lot of HDD space) once it's adopted by more and more people and devices.
It will thus become more and more centralised to some few "full nodes" over time.

Also keep in mind that IOT devices are usually connected to the net with low-data cell connections
or low-priority shares of consumer-level ADSL.
This means that the **TARGET AUDIENCE** of IOTA will never be able to run a full node.
That is a **HUGE** design fail and should be a red flag for any user.

# Concern #2 - Security

*IOTA is utterly insecure on a small scale*

The way the Tangle works means that IOTA needs at least
[67% of "honest full nodes"](
in it's network at all times.
Once an attacker manages to get more than 33% of the network's hashrate,
he can build a sufficiently large and correctly linked "sub-tangle" that may double-spend money.

**The IOTA concept does not have a *good* solution to this obvious problem.**<br>

Their current workaround is "The Coordinator"

It's a *central* point of trust (and failure) in the network
that's run by the IOTA Foundation.
It centrally directs the path of the DAG by creating "milestones" that all nodes
blindly treat as a "everything before this is valid" entry.

This should be another **HUGE** red flag.

The IOTA Foundation could (in theory) double-spend their ICO-share
or any other balance because all nodes will blindly trust the Coordinator which they control.

If the private key of the Coordinator is **ever** leaked, anyone can do this.

# Concern #2.1 - The Coordinator

_IOTA is actually insecure and centralised **by design**_

Even though IOTA announced that the Coordinator will become optional at some point,
there is no chance that they will ever be able to actually do that.

Quote of IOTA co-founder ([link](

> Digital signatures are verified by every computer in IOTA network,
> if a signature passes the verification routine then it’s, PROBABLY, valid.
> To make sure that the signature is indeed valid the computer waits for the transaction
> containing the signature to be referenced by a milestone.

This is bad. REALLY bad. But it gets worse:

> I changed the number of rounds to allow practical collisions.
> With Coordinator, IOTA’s security depends on one-wayness of Curl-P.
> Without Coordinator the security depends on collision resistance.
> IOTA is unaffected by collisions in Curl-P, scam-driven clones are.

**If IOTA ever decides to shut the Coordinator down, the "copy-protection"
of Curl-P will start to work against them by enabling hash-collisions until
they invent a new crypto that isn't intentionally insecure.**

It also shows us how IOTA devs think about open-source.
They do not want to be forked and do everything in their power to prevent code-reuse.
It's basically a "look but don't touch" project.

# Concern #3 - Bad technical judgement

*404 - real world not found*

One of the first things you'll learn when exploring IOTA is that they use
a base-3 numeral system (-1, 0, 1) instead of binary (0, 1).
The authors frequently claim that this decision was a good choice and have various
arguments they'll throw at you if you question them.

It basically boils down to:

- Ternary processors are more efficient
- Certain math-functions can be implemented more cleanly on ternary

In the context of IOTA, these arguments are bullsh\*t.

IOTA claims to be the "backbone of IOT".<br>
The IOT consists of millions of existing devices and will not
switch away from cheap binary processors for forseeable amounts of time.
Also the *whole* internet works with binary communication on the lowest level.

Devices running IOTA will **always** need to convert back-and-forth multiple times
when computing anything remotely relevant.
IOTA has thus decided that a coin that's ***DESIGNED*** to run on small,
limited and legacy IOT-devices should be developed with a higher focus on
tidyness than performance.

Of course using ternary instead of binary required the IOTA devs to
reinvent the most basic things for their system, like cryptographic functions.
The basic rule to cryptography is: [NEVER roll your own](
Yet they felt confident enough to break this rule.
Not much later [a team of researchers broke the algo](

This all makes IOTA look like a project of some students who have
absolutely zero knowledge about the real-world situation they're developing for,
with no slightest bit of insight or openness to more experienced people.

# Concern #4 - Money Origin

*IOTA does not "need" mining because it is 100% premined*

Yes you read that right.<br>
Every single one of the 2,779,530,283,277,761 IOTA that can ever exist
has been premined in the genesis-transactions.
They were then all sold in an "Initial Coin Offering" (ICO).

You cannot get IOTA without buying them from someone else.

# Concern #5 - The Code

*The mainstream is good, right?*

IOTA's reference implementation is written in Java.<br>
I repeat: JAVA.<br>
For a thing that needs to be **fast** and **secure**.<br>

Oh and the wallet is an Electron/NodeJS "app".<br>
It's [a single JavaScript file]( with ~2.5k lines of code.

It also features a whopping 500+ open issues related to magically disappearing IOTA balances
or coins that got "taken custody" by the foundation.


There are no styleguides or tests in either repo and every single
CI build has failed because they don't care to write a correct `.travis.yml`.

So yeah. That's that.<br>
Final rating: 💩/10.

# Concern #6 - Marketing

IOTA uses misleading marketing strategies to convince the "broad mass".

You'll frequently see "concepts" like [this]( or [this](
If you're looking at them without rose-tinted glasses, you'll notice that
all of these fancy "machine to machine" things work with ANY form of non-physical money.

Yes. Any.<br>
You could even realize this with goddamn PayPal.

IOTA also likes to announce "partnerships" with major tech companies.
As it turns out, these major companies never really partnered with IOTA.
They are just ""interested"" in the IOTA Marketplace where sensor-data
can be sold and bought. Not more, not less.

As it turns out, the most important purpose of IOTAs marketing is to keep up the hype bubble.
Sadly this seems to work quite well.
The community and markteing are actively working against criticism by declaring
negative opinions as FUD. They even have a `#anti-fud` channel on their Slack
where such opinions get posted to "warn" the fans.
I wonder if my post will pop up in there :thinking:

# My Reaction to all this


# Conclusion

You should not use IOTA.<br>
Even if you don't care about centralization or security,
please keep in mind that using the "hype-bubble" of IOTA to make money
supports this utterly flawed coin. We're better off without it.

Stop this madness.<br>
Invest in something safe.

+ 43
- 0
content/ View File

@@ -0,0 +1,43 @@
Hi, my name is

.d888b, 88bd88b d8888b ?88 d8P d8P
?8b, 88P' ?8bd8P' ?88 d88 d8P' d8P'
`?8b d88 88P88b d88 ?8b ,88b ,88'
`?888P' d88' 88b`?8888P' `?888P'888P'

welcome to my website!<br><br>

I'm a programmer who tries to survive in a world of broken, inefficient, and bloated software.
When I'm not writing or reversing code, I love managing servers, drinking more coffee than any
sane person would ever drink, and listening to metal.

I sometimes write about things in my [blog](./blog).<br>
Check it out if you're into that stuff.

If you want to contact me you can:

- Shoot a mail to `c24wd0Bwb3N0ZW8uZGU=`
- DM ``
- Write `FADED#0001` on Discord

Using PGP is encouraged.<br>
Use `D3D00F7849C07268ADA947BBDDEDFB9D3FA15727`.



Up for a little challenge?<br>
Take a look at [this](/assets/hmmm.flac).<br>
I feel like the number 666 might be helpful.


Proudly built with markdown and some shell scripts.<br>
Repo with sources [here](<br>


images/any.gif View File

images/nojs.gif View File

images/notepad2.gif View File

+ 12
- 0
partials/ View File

@@ -0,0 +1,12 @@
[<< Back to Homepage](/)

# Blog

Welcome to my blog!

This is where I write about stuff that's on my mind.<br>
It's posts are usually rather long and uploaded infrequently.

Look around, and feel free to leave comments on Fedi.


+ 2
- 0
partials/footer.html View File

@@ -0,0 +1,2 @@

+ 9
- 0
partials/header.html View File

@@ -0,0 +1,9 @@
<!DOCTYPE html>
<meta name="encoding" content="UTF-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>

<link rel="stylesheet" href="/assets/style.css"/>