Why do you believe that a JavaScript port of bitcoin is an important project? What is lacking in current implementations / why would you want to run bitcoin inside a browser / do you think it's possible to do serious crypto correctly in JS[0]?
There is no working javascript full node. I believe the future of bitcoin is brighter if there are many independent implementations of bitcoin running as full nodes.
I want bitcoin running in a browser because browsers work on every platform and can bring bitcoin to more people. Also keep in mind that reddit is primarily a website, to using javascript is a pretty appropriate first choice of language for bitcoin stuff.
Can you do serious crypto in C? Only if you know what you're doing and don't screw up. Same goes for javascript.
>Can you do serious crypto in C? Only if you know what you're doing and don't screw up. Same goes for javascript.
Overall I am sympathetic to your cause, but this raises alarms. JavaScript crypto is nonsense, you could have the implementation silently replaced with a naughty one at the hosts leisure.
EDIT: To respond to all of you at once - everything I've seen so far says that he was aiming for JS in the browser. Did I miss something?
That has nothing to do with javascript-the-language, but rather the way the web works. Obviously even with https, javascript delivered by a web server has a vulnerability whereby the web server may be compromised, which is outside of the users control. Any javscript delivered by a web server should be executed with that understanding. i.e., delivering a wallet from a web server is probably not the right thing to do. Note that javascript can also be run in the form of a browser extension, server-side node, node-webkit, apache cordova, etc. Javascript-the-language is not intrinsically vulnerable to a compromised webserver.
It's fair to say that JavaScript-the-language is not intrinsically vulnerable to this, but how else are you planning on delivering the JavaScript to clients? I may be misinterpreting your goals.
A usable browser implementation of a wallet could be secured fairly well and if it gained any popularity would put pressure on browser makers to deliver better solutions.
That's also true of C with an auto-update framework. That's also true of closed-source C.
There are plenty of ways to avoid that particular trap of JS crypto (or more specifically web crypto). Bundling it inside an extension comes to mind.
All that said, I'm not even convinced this attack is within the threat model of Redditcoin, given that it's resources for a specific website that is also the JS origin.
Yes exactly. I think people who are not whatsoever involved in the javascript world assume that javscript means "delivered by a webserver", which is just not necessarily true.
Bitcoin's cryptologic is open-source; it doesn't have to be secure from tampering in the same way a videogame console has to be secure. A videogame console doesn't want you modifying game code or running your own code on the hardware. Nobody cares what you do to your bitcoin client; you'll just lose your coins in some invalid[1] transaction or maybe you find some amazing flaw in bitcoin's math - which you could have found in any other programming language anyway.
That said, a browser-based bitcoin client does expose its user to potential XSS exploits 'n such; especially if the private key is in the browser's memory.
Yes, that is the primary concern. "We" in the bitcoin community haven't yet figured out how to write 100% correct alternative implementations of bitcoin. We will have to figure out how to do that first before I would ever recommend anybody actually run an alternative implementation as a full node and rely on it for seeing the blockchain.
That's a fair point, except that (contrary to "Nobody cares what you do to your bitcoin client"), I would suggest that most people do not have their own bitcoin client, and are in fact running code written by somebody else. Those users will likely be very upset if a client loses all their coins.
So why create a new bitcoin derivative to do something like creating a divisible bearer reddit stock certificate held in trust vs. something like open transactions or a webservice? Especially since it would be a relatively small network easily taken over by some large mining pool if it ever became useful. Your prone to the US legal system requirements in this case since I'm guessing reddit is a US corp.
Had I been consulted before "reddit is issuing shares on a cryptocurrency" was announced, I would have suggested doing something with less legal headaches first. It would take a $100 billion dollar company, much larger than reddit, to actually make such a project legally possible.
It's been said many times since the beginning, including in this article:
>Announced in September 2014 as part of a fundraising round that raised $50m from VC firms including Andreessen Horowitz and Sequoia Capital, Redditcoin was a key part of an audacious plan by Wong to give part of the company’s equity back to users.
>Wong wrote in a blogpost: “The investors in this round have proposed to give 10% of their shares back to the community, in recognition of the central role the community plays in Reddit’s ongoing success.”
The only people that cared about this guy were the bitcoin fanatics and the those who where hell bent on making fun of the bitcoin fanatics. No one else on the site talked about it because it didn't affect them.
On Reddit, in my opinion, spin and the degree of transparency matter long after the fact. This is everyone who cares to know right now. What happens when there's a front-page TIL post or relevant blog post in a few months? Reddit and PR can be a time bomb.
What would you have had them do? Make a full blog post for every single employee they hire or layoff? Have the entirety of the site (which is already hypercritical of the admins) mull through and critique every single personnel decision?
They didn't try to hide the fact that he was laid off, and he's now obviously free to come talk here and on twitter about the circumstances surrounding his departure from the company, I really don't see how this is a transparency issue.
Yes, agreed. I don't think there is necessarily anything bad or wrong about what happened. Writing a blog post about "we're cancelling cryptocurrency and firing the enginer" would have made it into an even bigger deal than it is. The way it is happening, people who care about it hear about it, and people who don't care don't have to bother.
That's a good question and point. The thing is, you're right: It's not a transparency issue in the real world and it wouldn't be for any other company. But Reddit's not the real world. Reddit's much angrier and much more conspiratorial, especially when it comes to things that ostensibly are about the "community" and "giving back" on behalf of the admins.
Yes, but that's hardly reason to purposefully feed the flames of reddit conspiracy theorists by making a more high profile announcement. And if there is a /r/TIL post down the road that starts a witch-hunt it's not like they have a ton of fuel, the guy who was fired talks about it in a very calm and non-accusatory manner.
Sorry, but again, what would you have rather had them do? I don't see anything wrong with the admin's choices on this
Another piece of drama that happened last year was that reddit let a former employee go, who made an AMA about it, and then Yishan publicly criticised the former employee. The new leadership is probably very, very hesitant to say anything about anybody who was let go - they don't want to repeat that mistake.
Why isn't what being brought to the reddit userbase? That they fired me? That reddit notes is now paused? They are probably waiting for the right time to make an announcement I guess. They probably didn't realize that by firing (or letting me go, whatever) that they would draw the interest of the media.
Sorry - it's really all of the above. To be more clear, I will break this into some sub-questions that are hopefully less obsequious.
The "reddit is giving 10% of its shares to its users" thing was very positively received. My understanding was that redditcoin was part of that effort. Is the 10% thing still going to happen in some way? If not, why not?
Regardless of the answer to the question above, hearing that redditcoin is being cancelled would likely lead members to conclude the new leadership doesn't want the community shares system that was so touted previously. Is that the case, if you know?
And then the final, more meta question is: Why would Reddit's staff, of all people, think they could do something involving Reddit quietly?
> The "reddit is giving 10% of its shares to its users" thing was very positively received. My understanding was that redditcoin was part of that effort. Is the 10% thing still going to happen in some way? If not, why not?
I think they intend to make the 10% thing happen eventually, although the project is currently paused. I estimate 1+ year before any aspect of the project resumes. However, I am not privy to the conversations the executives have had about it, so I don't really know.
> Regardless of the answer to the question above, hearing that redditcoin is being cancelled would likely lead members to conclude the new leadership doesn't want the community shares system that was so touted previously. Is that the case, if you know?
I don't know.
> Why would Reddit's staff, of all people, think they could do something involving Reddit quietly?
AKA The Fappening, the massive celebrity photo leak/hack last year. Just in case anyone else didn't pay enough attention at the time to have heard of both terms. Apparently Reddit was in a bit of a pickle because subreddits were created to spread the photos and not all of them were strictly against the site's terms.
It's pretty simple. I was hired by Yishan and reported directly to Yishan to lead the cryptocurrency engineering wing of reddit. This was his idea - and I was happy to lead it. Yishan then suddenly quit, and new leadership took over. The new leadership is not interested in pursuing cryptocurrency at the moment.
Well I'm not really sure, because it felt extremely turbulent while I was there for my brief 4 month tenue. I think the culture will change. I think the culture was a little more loose, autonomous, and with little management before. I think it will be more hierarchical and managed moving forward. However, please realize that I have extremely limited experience at reddit and may simply be wrong about that.
Yeah $50m is a lot. We would have hired several more cryptocurrency engineers. Not any more. I'm not exactly sure how they are going to allocate resources moving forward, but you can see who they are hiring here:
I think "laid off" is probably the better term. The new executives are not interested in pursuing bitcoin or cryptocurrency at the current time. I was going to be the lead engineer of the cryptocurrency engineering wing of reddit, but they have let me go, and removed the other "cryptocurrency engineer" positions from the job page. The executives have their hands full with things like mobile and improving reddit.com infrastructure. Not to mention the legal difficulties of reddit notes.
> HN has rate limited my responses so I can't respond to questions.
Your account definitely isn't restricted. Can you shoot us an email (hn@ycombinator.com) and tell us what you're seeing? We'd be happy to try to fix it.
So, this is literally the post where I find out that my account has been restricted in some way, and that is why I keep having conversations cut short because I can only reply to a half-dozen or so things in a day. (I had assumed that this was a new thing that applied to everyone, since to my knowledge there is no reason for you to be restricting my account in particular, this way.)
Why the secrecy? Why not just tell people all the various passive-aggressive BS you perform to degrade experience for certain users? If you don't want me posting here, why not just tell me or ban me or whatever? Bonus points if you give an actual reason, but that might be asking for too much.
How many different bans do you have in the toolbox now, is there a list somewhere? Is there a way to check which ones apply to my account, aside from finding out second-hand?
edit: https://news.ycombinator.com/item?id=8964992 <- several posts here I wanted to reply to, it was an interesting discussion. I was not able to apparently because I caught the wrong admin on the wrong day in the wrong mood? And of course I have no idea what post of mine caused this... Despite whatever 'efforts' you're putting into this site, moderation here is bad and steadily getting worse.
I was about to edit my comment to mention that: HN delays showing the "reply" link on deeply nested comments. It's an ancient flame retardant. You can, however, get around it by clicking "link" on the comment you want to reply to.
You can always click the "link" button fer the specific comment and then you'll see a reply button -- it's nothing account-specific, it's just one weird trick to slow down flamefests proportionally to comment depth.
Thanks, that's exactly what it was! That's why the "reply" button was not appearing, and I thought I was rate-limited. This very thing happened to your comment - I am replying by visiting the permalink.
I'd just like to say that I don't like the idea of limiting people just because of low karma or whatever. A lot of people do get downvoted just for having ideas that don't "go with the group" even though they're well thought out.
Turns out I wasn't rate limited - I wasn't seeing the "reply" button because of a completely different mechanism on HN that makes the reply button not appear for some comments that may be involved in a flaming or something.
Hacker News is the most poorly maintained forum I've ever seen. Too bad the original creator left and the new maintainers can't make any significant improvements. Just empty promises from the guys who took over, who have no real authority to make any major changes. Too bad.
I've had a registered account here for just shy of 7 years now, and you're not giving the current moderation team nearly enough credit. dang and company have resolved a lot of long-standing user complaints, they are proactive on policing the site, and they are generally exceedingly fair and even-handed.
I didn't read the post as a criticism of the community but rather a criticism of the technical workings of the site. Which is correct, HN is lacking a lot of things that make even the most basic modern forums more user friendly. The site performs poorly on mobile, you can't collapse comment threads, the reply button disappears sometimes unless you click "link", etc.
