An open letter to the Bitcoin Foundation and Core Team

Dear Foundation Members and Core Devs,

As you are aware, GHash.io has/had 51% of the hashrate. You know this is bad, so I won’t explain it. For reference, the following is the foundation’s blog post on the issue:

Bitcoin mining has been too centralized for years, with just a handful of pool operators have controlled well more than 50% of hashing power. Recently, mining power has become even more centralized, with one mining pool (GHash.IO) likely controlling somewhere between 40% and 60% of hashing power. That isn’t good, and if you are mining with GHash.IO I would strongly urge you to try one of the smaller pools, or, even better, take the time to run bitcoind and p2pool. But it isn’t disastrous, either. Even if GHash.IO is evil and intends to destroy Bitcoin they would be able to do only two things:

The first thing they...

So UKIP cleaned up in the European Parliament, and absolutely none of the chit-chat in the popular media is talking about the actual issue here.

That issue is that a ‘parliamentary democracy’ is neither democratic nor effective…and, fundamentally I’m saddened to say, that the general population is shallow, ignorant, and generally not qualified to make decisions of such import.

Now that is not to say that I am, this is merely my take and I am happy to receive criticism.

UKIP achieved this result because of one thing, summarised in this oft-lamented sentiment:

Bob: “What? That rule’s insane! Why in the name of god can’t we do <something prohibited by EU law>?”
Alice: “It’s an EU thing.”

That’s it. The big one is immigration - we can’t kick these non-Brits out or limit their ingress because membership of the EU says we have to have open borders. There is of course a very good reason...

The inefficiency of government cannot be be understated. I need tax for my car. Handily the government have an online tool to tell me what it will cost. It probably cost the government many thousands of pounds in development costs and came with a several decade long maintenance contract.

Hmmmmmmmmmmmmmm. I would have thought this information could really be gleaned from my registration number. Let’s continue.

Who the fuck knows that about their car? What is wrong with these people?

Ok, another tactic. Let’s look at the tables and hopefully I can decipher it from that.

Who the fuck knows their car’s CO2 emission rate?! WHAT IS WRONG WITH THESE PEOPLE?

Your tax money, hard at work, making things that are utterly fucking useless. What a proud time to call yourself British.

Luckily, the DVLA have a site which takes only 5 clicks to get this information. Gosh they’ve got...

tl;dr banter on HN isn’t enough, sign up here to actually do something

So yesterday I wrote an article about the flawed security of X.509 which you can read here. When it was about 2/3 complete I showed it to my best mate and said “I hope it gets traction.”

An hour later it’s all over Hacker News, Reddit, something like 50,000 uniques, I’ve got strangers lurking in my LinkedIn (shameless plug), and strangers in my inbox.

Traction indeed.

This is all brilliant but while stroking my ego is nice, I didn’t spend a whole day writing this and dealing with the aftermath so I could have 15 minutes of fame, as hard as that may be to believe in this day and age. Instead, I wrote the article because I use the internet every day - it is my livelihood - and I do not feel safe under the protections of X.509. And crucially, because I want the people with the necessary skills to do something...

This post has moved to my new blog! Find it at http://seandoig.com/heartbleed-should-bleed-x509-to-death

I’m not a cryptographer; nor am I a hard core C guru; nor have I invented some brilliant library that gives me street cred to talk about this stuff. I’m a nobody.

But I’m a nobody who cannot help but see the blinding reality of the vastness of the hole we have dug and continue to dig for ourselves.

For the unfamiliar, X.509 is the mechanism by which your web browser decides whether or not to make your padlock turn green on secure sites. Heartbleed is a recently exposed bug that has, and as of writing continues to, leak secrets from web servers all over the world - most of them, in fact. Secrets leaked include the very secrets attackers would use to trick that padlock into turning green when it should turn very red.

X.509 is bloody stupid

Let’s just recap how this whole...