You will not succeed in guessing the password for this site. Kindly make better use of your botnet (e.g. mine Bitcoin) and go away.
Presenting a very old game, entitled: Man vs. Machine. Or, why Man is not a Particularly Good Source of Entropy.
Phuctor is based on cutting-edge Ancient Greek technology.
If you came here via a search engine, you were probably looking for Pierre Cartier’s wonderful mini-biography of the mathematician Alexander Grothendieck – from which I shamelessly stole the title. Please go straight there. Otherwise…
“And so no one, except for two people, enters the top floor of the Aedificium. …”
The abbot smiled. “No one should. No one can. No one, even if he wished, would succeed. The library defends itself, immeasurable as the truth it houses, deceitful as the falsehood it preserves. A spiritual labyrinth, it is also a terrestrial labyrinth. You might enter and you might not emerge. And having said this, I would like you to conform to the rules of the abbey.”
“But you have not dismissed the possibility that Adelmo fell from one of the windows of the library. And how can I study his death if I do not see the place where the story of his death may have begun?”
“Brother William,” the abbot said, in a conciliatory tone; “a man who described my horse Brunellus without seeing him, and the death of Adelmo though knowing virtually nothing of it, will have no difficulty studying places to which he does not have access.”
Umberto Eco, “Name of the Rose”
In 1979, the American journalist Howard Morland fought – and won – a lengthy court battle for the right to publish a magazine article, “The H-Bomb Secret: To Know How is to Ask Why.” Morland’s objective was to infer and publish the basic facts of the famous Teller-Ulam hydrogen bomb design, drawing solely from unclassified sources.
Even a lackluster student of the 20th century ought to feel a little surprised: the article was indeed printed, and Morland even escaped with his life! Why the inquisitors relaxed their grip and turned the man loose, I cannot say. Perhaps his model of the H-Bomb’s inner workings was sufficiently wrong, and was thought to be useful as disinformation. If this was indeed so, I should hope that what follows is equally wrong – and, like Morland, I will be permitted to continue sharing my crackpot ruminations with you, dear reader. Otherwise, to the gasenwagen I shall go, where I might perhaps meet with some of you!
So, dear inquisitor: nothing found below came from anywhere other than deathly-boring, public documents, placed on the Net by American public officials, merchants, and military historians.
While we’re on the subject of disinformation: I find it intriguing that the supposed Snowden leak appears to consist entirely of minor operational details – of surveillance programs which have been known to the public, under various names, for some years! And likewise, neither the fact of the NSA supplying the world with diddled crypto – nor that of the American software industry’s collusion with the agency really qualifies as “news.”
So what would qualify as a genuinely-newsworthy NSA leak? Why, naturally, the crown jewels! These would conceivably be: facts – or at least, solid clues – shedding light on two great mysteries:
The “armchair general” community’s endless speculations, well-founded and otherwise, seem to focus entirely on the first conundrum. Yet the second strikes me as considerably more interesting.
The NSA publishes two official lists of cryptographic algorithms approved for use by U.S. government employees, known as “Suite A” and “Suite B.” Suite A consists of “classified algorithms that will not be released.” Suite B contains well-known public favorites, ones commonly regarded as strong – such as AES.
All that is publicly known of Suite A ciphers is their names; a tantalizing “WinAmp Playlist” of monikers such as ACCORDION, BATON, JOSEKI, SAVILLE, SHILLELAGH, and a number of others.1 Truly, “a country of which nothing is known but the name!” Clearly it is impossible to learn anything meaningful regarding these marvels of mathematical engineering, without stealing national secrets and paying the price. Or is it?
The traditional “folk” explanation for the existence of Suite A is that the NSA (and the NATO military establishment it is part of) has advanced many decades beyond the public state of the cryptographic art2, and knows of certain weaknesses in popular cipher systems (including those found in Suite B.) The implication is that Suite A ciphers lack these weaknesses, and are therefore considered fit to protect the most valuable national secrets.
The folk explanation is simple and convenient, but the facts – as revealed by perfectly ordinary public (rather than leaked, or “leaked”) documents 3, simply do not add up. Consider the case of the ViaSat KG-200 Inline Media Encyptor, “designed to conveniently fit between your computer’s motherboard and hard drive. In the event that a classified computer is lost, stolen, or tampered with, its hard drive remains encrypted so no classified information is compromised.” 4 Notice anything peculiar? The cipher used in the KG-200 is: AES-256. Plain old AES, aka Rijndael, known to every computer programmer on the planet. Turns out that AES is approved for “Top Secret” use. ViaSat’s other disk encryption products also rely on AES.
So, what products are advertised as including Suite A ciphers? It appears that the latter are found exclusively in equipment intended to secure voice and data traffic in the field. SAVILLE, for instance, is thought to have made its appearance in army field radios as early as the late Vietnam War era. It – along with some other Suite A ciphers – was shared with NATO members, including the UK and Norway, and was put to use in their own radio systems. BATON, a somewhat newer cipher, was – and continues to be – used in field radio equipment, such as the “Project-25″ walkie-talkie issued to many public servants. 5 Other Suite A stream ciphers appear to serve similar purposes. VALLOR, for example, is said to be used in securing TTY broadcasts to submarines. 6 American military satellite uplinks are also known to use Suite A ciphers.
There is an apparent contradiction: if AES is judged fit to secure the hard disks of top bureaucrats, why is it placed only in radio sets issued to policemen, while those given to soldiers feature Suite A ciphers? The folk explanation would hold that Suite A algorithms are thought to be stronger. But if anything, a soldier’s field radio is rather more likely than a policeman’s walkie-talkie to fall into the hands of a hostile reverse-engineer. Military equipment is routinely taken as spoils, and often finds its way to the highest bidder.
One interesting clue is that U.S. military personnel are never permitted to generate their own cipher keys. The latter are always generated at an NSA facility, and are delivered to soldiers inside a “key fill device”. At one point these made use of paper tape; now they live in a Windows CE (!) palmtop.
By my reckoning, a most logical way to generate keys for military field radios would be a portable hardware entropy source, which would be plugged into a gang of radios connected together for synchronization inside a shielded enclosure. Standing in a commander’s tent. But instead, they choose to fly keys across the ocean… What might be the reason for taking this risk?
In his encyclopedic work, “Applied Cryptography” (1996) Bruce Schneier mentions “GOST”, a Soviet block cipher having a curious design detail. The GOST specification did not specify a fixed set of values for the cipher’s S-boxes. From this, one could infer that certain GOST users (perhaps the less loyal among the Warsaw Pact nations) were given weakened S-boxes so that they could be spied upon at the KGB’s leisure. This, however, is a rather ham-handed approach to back-dooring a cipher, and American mathematicians surely conceived of something more subtle.
Some ciphers are known to possess “weak keys” – that is to say, a certain subset of the possible keyspace will result in ciphertext which can be cracked with considerably less effort than using plain brute force. Let’s carry on with the “folk theory” and assume that NSA experts know of a class of weak AES keys, while having crafted Suite A algorithms which have strictly “linear” keyspaces. Yet AES is approved for certain “Top Secret” applications not involving radio communication. Given that all such applications use NSA-supplied key material, they would surely take care to supply only strong keys – or else, in the “KGB scenario,” could easily supply weak keys to any public servant suspected of disloyalty. Which would leave the purpose of Suite A a mystery. The folk theory holds that NSA engages in mere “security by obscurity,” hiding the proprietary ciphers in an effort to keep the public from discovering weaknesses. This sounds reasonable until you consider the official seal of approval on AES for “Top Secret” disks; while military radios are required to use Suite A ciphers.
So here comes the crackpot hypothesis, which resolves the apparent contradiction:
Suite A ciphers slowly leak keys.
NATO military doctrine famously allowed for the possibility that Soviet forces would overrun Western Europe, making liberal use of captured supplies of every kind. Even though such an invasion never took place, quite a few examples of American cipher equipment have been taken as spoils by various armies. Consider, for instance, the famous USS Pueblo: an American spy vessel taken prisoner by North Korea in 1968 – with a complete set of cipher machines, which the crew did not have a chance to throw overboard. Or the countless radios captured in Vietnam. 7
My theory: cryptographic equipment used by NATO armies leaks key bits into ciphertext. Slowly and subtly. Such that routine key swaps, at the rate supplied by the high command, prevent an enemy from gathering a complete key, even if he knew how. But if said enemy were to capture (and perhaps clone) NATO equipment, and take to using Suite A ciphers himself, he would begin to leak secrets meaningfully and continuously. It is also conceivable that NSA can supply keys which result in varying leakage rates, as appropriate to a particular military situation. And it is by no means certain that countries other than the U.S. possess the secret of extracting “dripping” keys.
Mencius Moldbug’s Urbit system appears to be public! Take the time to read his introductory materials – you will not regret it. Any regular reader of this site will probably take some interest in Urbit.
While I disagree with many of Moldbug’s fundamental design decisions, I believe that his is the first modern ab initio redesign of computing which has made it even as far as the “rigged demo” stage. Let’s congratulate him, and learn from his work! All of which, I should note, he generously placed in the public domain.
Mr. Moldbug will be giving a public demo of his work in San Francisco, on Sept. 25. If any of my readers are able to attend, I would enjoy hearing their impressions.
Your kitchen is alive with vermin! Who is to blame? The cruel forces of nature? Or, might it be you – the fellow who scattered delicious crumbs everywhere; spilled honey a thousand times without picking up a mop once; and kept a mountain of old newspapers around for rodents to chew into nest liner? Your friends come over for tea, and turn out to be less-than-pleased to meet the roaches floating therein. Feel free to explain that your home is a year-round restaurant for vermin because you live under a curse. Blame the pests, blame the devil – anybody but yourself.
Now perhaps your kitchen is cleaner than an operating room. Yet the above applies to you just the same, unless you are reading these words in a museum, on a resurrected Lisp Machine. Or on a lowly Soviet BK-0010 microcomputer, wired to the Net through some eldritch wizardry. Or some other rara avis which gives the operator a useful window into the real-time doings of the CPU.
Every once in a while, journalists, activists, and political busybodies of all stripes descend into a self-pitying whining orgy about the electronic escapades of spy agencies. Those dirty crooks, we are told, have the audacity to break codes, spread malware, and – as luck would have it – sabotage security products, open1 and closed-source alike.
The kind of shenanigans we’ve been hearing about lately2 aren’t the least bit new. Crypto AG supplied the entire planet with diddled cipher machines for decades – and continues to do brisk business! Microsoft’s crock of shit masquerading as an operating system was ham-handedly back-doored in the ’90s.3 People whose money, freedom, or even lives appear to depend on keeping snoops and snitches at bay continue to run Windows. If they don’t care, why should anyone else? Nations openly hostile to the United States eagerly run their defense industry (and, by some accounts, even weapons systems) on Microsoft’s turdware. They purchase silicon designed by American engineers, route their packets – often without bothering with crypto of any kind whatsoever – over American networks. They almost literally beg to be pwned. They demand, plead, wheedle: “Please, please intercept our email and telephone conversations! Please supply us with Trojaned operating systems and network hardware! Please sabotage our nuclear fuel refineries!” These words are not spoken out loud, but they are certainly heard – by the “walls that have ears.” And dollars speak louder than words in any case. They speak very loudly indeed.
The naïveté of bean-counters and bureaucrats may be excusable; that of seasoned academics and engineers isn’t. Mr. Torvalds eagerly hitched the security of the Linux kernel to Intel’s Trojaned wagon. And now the fun which can be had with diddled random number generators is finally getting some press, but the underlying idiocy of the Unix architecture (and all other conceptual foundations underlying today’s computing systems) – to no great surprise on my part – isn’t. And won’t. Educated persons who read Ken Thompson’s “Reflections on Trusting Trust” throw up their hands in stoic resignation, as if they were confronted with some grim and immutable law of nature. But where is the law of physics which tells us that any computation must be broken up into millions of human-unintelligible instructions before a machine can execute it? Not only is it possible to build a CPU which understands a high-level programming language directly, but such devices were in fact created – many years ago – and certainly could be produced again, if some great prince wished it. It is also eminently possible to build a computer which can be halted by pressing a switch, and made to reveal – in a manner comprehensible to an educated operator – exactly what it is doing and why it is doing it. Can you buy such a computer at your local electronics store? Of course not. The Market, that implacable Baal, Has Spoken! – it demands idiot boxes. And idiot boxes are what it will get.
We are told that spies are reading SSL-encrypted messages at their leisure. We are also told that saboteurs have infiltrated international standards committees for the purpose of weakening crypto systems. This gives you indigestion? Don’t rely on security systems designed by committees! PKI is – and has always been – a sham. A cheap sham, at that. Consider the fact that Bitcoin, for all of its faults, gets by perfectly well without anything resembling PKI. Loudmouth activists, who put up such a ferocious fight against outright key escrow in the ’90s, ended up buying the very same wine in a different bottle with SSL and every other PKI-based faux-security system currently in use – where you are stuck with relying on a handful of con artists not to cough up the master keys to whomever they please.
Let’s go back to your kitchen. It is squeaky-clean, you say, because nowhere in your house do you make use of Microsoft’s miserable imitation of an operating system. Guess what, the mounds of garbage are still there, stinking brazenly; the mice leap, they play without fear, because virtually all of your cryptographic needs are serviced by some variant of OpenSSL. What a monstrous turd of a library! Have you read and understood it – any of it? Do you personally know a single living soul who has done so? Dare to contemplate the very idea of plowing through these megabytes of gnarly crapola. But let’s examine the reason for the bulk. The idiot ‘C Machines,’ and the few operating systems commonly used therein, are, one could almost say, criminally negligent in failing to provide any real support for most of the basic building blocks of modern computing: from bignum arithmetic to garbage collection. Authors of libraries like OpenSSL are to be applauded for their feat of creating something useful on top of this obscene Babel. But the result is always and inevitably a pile of garbage – comprehensible4 by no one, with plenty of hidey-holes for creepy crawlers of every species. Get the conceptual foundations right, and the vermin scurry away.
I for one am greatly surprised to see respectable men of science like Bruce Schneier calling for lawsuits and parliamentary hearings to rein in the snoops. The very notion of limiting the authority of a secret police agency via laws and regulations is laughable. Quis custodiet ipsos custodes? Who is going to bring down the law upon these fellows? You? Your neighbor? Mr. Schneier? The Pope? The Grand Inquisitor? 5
On top of it all, I fail to grasp the public’s anger at our cloak-and-dagger friends. It is much like hating the Public Executioner for chopping heads. It’s what he’s paid for! If you don’t care to be separated from your head, take some measures. Said measures could be political (bow in eternal fealty to your beloved Führer) or technological6. The one measure which is guaranteed not to work is whining.
Civilized society traditionally privileged certain professions – medicine, law, the priesthood – in return for certain obligations. A priest takes an oath not betray the seal of confession, and in return he is trusted with the most damning secrets. The doctor swears not to harm his patient, even when the latter has committed terrible crimes. The lawyer tries to defend miscreants he knows to be guilty. One clever soul suggested applying this doctrine to yet a fourth profession, creating a kind of “programmer priest.”
Perhaps one day there will indeed be someone you can trust to pronounce – truthfully and competently – that a crypto-system is strong, that a protocol has not been diddled, that your computer serves only a single master. But don’t hold your breath; today’s digital shaman will not help you; he is on the king’s payroll, and will speak the words he was ordered to speak by his liege-lord. And no seal of confession seals his lips. So if you want security, you will have to achieve it on your own: by using systems which you actually understand. All the way down to the silicon. These do not presently exist, but could be made to exist.
Bringing the comprehensible computer into existence is no easy task – but it is surely a considerably-easier (and ultimately more rewarding) task than trying to persuade the headsman to put down his ax and leave your head on its shoulders merely from the kindness of his heart (or because a piece of parchment, written long ago, proclaims that your head ought to stay attached.) Clean up the kitchen – banish the vermin. While you still can. Or learn to live with the squeaks, the ruined food, the dung.
Douglas Engelbart – perhaps the last of the great American inventors – is dead. The newspapers are keen to remind everyone that Engelbart invented the computer mouse, but they are largely silent on the matter of his having personally created almost every one of the concepts we think of as part of the standard human-computer interface, including the very idea of an interactive graphical workstation. This is because a silent army of dutiful piss-ants is, by unspoken agreement, always given credit for the bulk of their betters’ accomplishments.
The video clip below is the opening segment of what has long been known as “The Mother of All Demos.” If you have not seen “The Mother of All Demos,” your education in the history of computing is woefully incomplete:
Who among those living today could hope to produce something equaling the pure novelty – the sheer intellectual audacity – of just a single one of the things which appear in “The Mother of All Demos” ?
Consider this oddity:
from: Sydney B. Kirklen <email@example.com> to: censored date: Thu, May 9, 2013 at 3:05 PM subject: Is Loper-os.org For Sale? (Website Not Just Domain)
My business partners and I would like to present you with an offer to purchase loper-os.org. We promise not to take up much of your time. Would you be interested in selling if the price was right?
Sydney B. Kirklen
Being a chump, I replied, thinking it might be an actual human:
from: Stanislav Datskovskiy <censored> to: “Sydney B. Kirklen” <firstname.lastname@example.org>
date: Thu, May 9, 2013 at 4:03 PM subject: Re: Is Loper-os.org For Sale? (Website Not Just Domain)
No. Go Away.
Turns out, it was probably a script. Although it isn’t clear to me what purpose (other than address harvesting) it might serve. What happens if you actually agree to sell your site to the spammer? What exactly is the point, from the spamming scum’s point of view, of purchasing a “human” site to turn into a link farm? Presumably, your readers will make the mistake of loading the turd exactly once, after which they will curse your name for all eternity.
“I can’t assure with 100% certainty that the all the black dots are owned by Satoshi, but almost all are owned by a single entity, and that entity began mining right from block 1, and with the same performance as the genesis block. It can be identified by constant slope segments that occasionally restart. Also this entity is the only entity that has shown complete trust in Bitcoin, since it hasn’t spend any coins (as last as the eye can see). I estimate at eyesight that Satoshi fortune is around 1M Bitcoins, or 100M USD at current exchange rate. I’m sure there will be plenty of people that will carefully analyze the source data set and come up with the exact figure, which will be very close, but nevertheless they will scream at me again.”
How many U.S. dollars / bricks of cocaine / alpaca socks are there, in total, circulating in the Bitcoin economy? How many of them does one man deserve to be able to vacuum up at his pleasure? Evidently, if you ask Bitcoin users: all of them, and then some…
A reader from Romania, one Mircea Popescu, asked me to try out his MPEx, a stock and futures exchange working entirely in Bitcoin. He presented me with a free account  containing one bitcoin, operational from Dec. 21, 2012 to Feb. 5, 2013.
What exactly did I do with my demo account on MPEx? I am afraid the answer is rather boring. Given that a single bitcoin is rather short of what one might need as collateral funds in futures trading, I focused solely on stocks. That is to say, I picked the two best-performing stocks on MPEx and bought a small quantity of each. These were, unsurprisingly: MPOE (MPEx’s own stock) and DICE (Satoshi Dice, a kind of casino.) In the end, I ended up with ~1.4 BTC. Popescu’s service works exactly as described.
Mr. Popescu’s company is still in business and doing rather well. Though apparently not quite as well as before.
I admit that I’ve sometimes wondered who else might have been asked to review MPEx.
Behold, we have (one) answer:
I’ve lived my life so far without the vaguest idea as to who Scott Locklin might be. It turns out he’s an ex biker/factory worker who lately fancies himself some sort of financier, scientist and whatnot – practically speaking yet another Kludge. I don’t happen to particularly care, the world is full of people toiling under the burdens of unwarrantedly high self esteem.
Our paths on this Earth crossed about an hour ago, when my PR asked for permission to tell him off, which resulted in my review of their communication so far. It’s an amusing little adventure, which I’ll retell presently, but first allow me to give a little context.
To : Scott Locklin
Date: Thursday, December 20, 2012, 7:15 AM
Would you be interested in publishing a review of MPEx, the Bitcoin securities exchange? Compensation is available. You wouldn’t be expected to write anything other than the truth.
Let me know.
Mircea Popescu: “How to fail – the Scott Locklin method.”
Looks like Locklin, an ex-physicist and occasional reader of this site, was also contacted by Popescu’s slave girl.  I am certain that he will be a bit surprised – and entertained – to learn that he had in fact spent his life toiling away in a factory.
The slave asked of Locklin the very same thing she asked of me, in the same words, and on the same day. And personally, I have no problem with reviewing various oddities, so long as the oddities are interesting. And, having experimented with Bitcoin in various ways (not involving spending money) since 2010, I had quite a bit of fun trying out MPEx and writing down my impressions thereof.
But it turned out that Locklin isn’t much of a Bitcoin enthusiast:
From : Scott Locklin
Date: Fri, Dec 21, 2012 at 3:00 AM
I’m not a huge fan of bit coin. Can’t think of any real purpose to trading them held in escrow. If you had exchanged backed contracts, it might be a different story, but it appears you don’t.
Bit coin escrow I do not care for I have to ask me, what’s it there for?
Mircea Popescu: “How to fail – the Scott Locklin method.”
Whether Locklin is an overall cryptocurrency skeptic, or simply isn’t ready for the Brave New World of trust-free electronic commerce, I cannot tell. But the fact remains: he wasn’t terribly interested in playing with Mr. Popescu’s service, except as part of his day job.
And, learning this, Popescu proceeded to reason from the assumption that Locklin is an idiot – which he isn’t. Instead he is a skeptic and a “zoological” hater of anything which stinks of trendiness, in much the same way I am. Were I not an amateur cryptographer with a fairly good mathematical understanding of Bitcoin and its technological implications, I am not certain that I would find it the least bit appealing.  Certainly not in its present state: that of being covered head-to-toe in trendoid piss.
One interesting detail is that Popescu is worth (by his own – quite believable – admission) around $200M (U.S.) He sees himself as royalty, and truly does pity us poor buggers who work for a living:
Since we (by which I mean MPEx in this case) have a lot of money at our disposal, and since I’m one of those weird types who still believes money should be used to promote socially valuable projects (as the monthly MPEx reports do attest), I’ve ordered a number of fringe bloggers be approached with an offer to discuss MPEx and make a little change for their efforts. The idea is that poverty and unemployment in the anglophone world and the United States especially being at record highs, and centripetal forces in the anglophone world and the United States especially being at their strongest in many years, it may be salutary to give a little rope to those least apt to survive on their own, which is to say those outside of the corporate and governmental mesh which compose the emerging new socialism.
I’ve never reviewed the list, I’ve never reviewed the exchanges, I’ve never reviewed the results in any systematical manner. I simply never cared. This to my detriment, because lo and behold what sort of gems I’m missing out on…
Mircea Popescu: “How to fail – the Scott Locklin method.”
And so it turns out that the ~1.4 BTC I got from MPEx wasn’t quite equivalent to a free video card which a computer magazine might receive in exchange for a review. It was really something else:
“The problem with this is, of course, that he [Locklin] wasn’t being offered money for his opinion. He was being offered money for charity. There is a difference, even if the aforementioned burdens of unwarrantedly high self esteem demand it not be recognised.
This would have normally been the end of it, my prominent position in the most important thing to happen since electricity (yes, Bitcoin is more important than the semiconductor) makes me the target to a lot of confused communication from a lot of confused individuals, which in ninety nine cases out of the hundred go exactly nowhere.”
Mircea Popescu: “How to fail – the Scott Locklin method.”
Make no mistake, I am rather fond of Popescu, whether or not he imagines himself a Napoleon; and I am glad that he lives. (How many people are there with whom one could have a conversation like this one?) I don’t even believe, at the present time, that he is a scam artist, or even a potential scam artist. In fact, I fully agree with this customer’s colorful comment:
“Shady ROMANIAN character opens up unregistered bitcoin options exchange (complete with HTML from 1993) on his personal website (which also hosts porn) and charges exorbitant fees just to join, while constantly accusing pretty much everyone else in the bitcoin community of being a scammer, and, along with his (possibly virtual) -PR lackey, acts like a loudmouthed douchebag … but apparently scams no one.” (yet?) Thank you Mircea for your services to the bitcoin community and for apparently being an honest and trustworthy entrepreneurial businessman. (Making you perhaps the only honest and trustworthy Romanian I know.)”
(Quoted by) Mircea Popescu: “The Bitcoin Drama Timeline.”
But, my dear readers, I will have you know that today I sent back Mr. Popescu’s 1.41421096 BTC. Not because I dislike him (even if I did, this alone would not be reason enough: pecunia non olet and all that) – and not because I like him – though I hold him in some esteem: he’s rather unlikely to notice an extra BTC or two.
Instead, I did it because I would like to teach a little something to the man who does not believe that anyone else (and certainly anyone not worth >=$200M) has anything left to teach him. Popescu might have an atomic icebreaker, while I would then have only a rowboat. But the rowboat does not need anything from the icebreaker. Not everyone is a charity case , and not everyone who disagrees with a clever man is an illiterate idiot.
“Anyone who plans to waste the shareholders’ money can undercut the competition. The easiest thing in the world is to charge too little, it is just as easy as spending too much of other people’s money. Customers will flock to those who do because they are giving away some, if not all, of the value for free. Somebody may even pick up the underpriced goods and sell them at a profit when the stupid company ceases to exist or raises prices to try to survive after all. People of very limited intellect just _love_ “free” stuff. That is how they can be lured into bad and costly deals with free offers, miniscule chances to win some “prize”, and other marketing techniques aimed at the non-thinking. And then there are the cynics, who do not understand that by only taking the free stuff and not buying anything else, they are making everybody else lose, so that free stuff is no longer goodwill to honest people, but reduced to free crap for the fools. When something _must_ be widespread in order to be used, the only option may well be to give it away to lots of people until you have enough market share that those who want on the bandwagon later will be willing to pay for it, but then you need to be damn certain that you are able to keep your customers and not provide free marketing for your competitors, who do not need to recover those marketing costs. Fax machines, cellular phones, even operating systems, have been sold with this technique. Many other products have failed to gain the required market share and have lost all the shareholders’ money. Remember all the web sites that used this trick to cause people to use them, but who were left behind when the _next_ outlet for free goods and services sprung up to waste new money.”
Erik Naggum: comp.lang.lisp. Thu, 17 May 2001. (Emphasis mine.)
“The MPEx registration fee has been in my estimation very successful at selecting high quality, competent and intelligent investors, the sort of which a company benefits from. Consequently it will never be either reduced or waived. While currently it is at a level which I judge adequate, it may be the case in the future that further increases will be warranted. In general it is reasonable to expect that by the time MPEx exceeds in size NYSE, the cost of a seat at the table will also exceed the NYSE.”
“in _every_ field I know, the difference between the professional and the mass market is so large that Joe Blow wouldn’t believe the two could coexist. more often than not, you can’t even get the professional quality unless you sign a major agreement with the vendor — such is the investment on both sides of the table. the commitment for over-the-counter sales to some anonymous customer is _negligible_. consumers are protected by laws because of this, while professionals are protected by signed agreements they are expected to understand.”
Erik Naggum, comp.lang.lisp. Feb. 16, 1997.
“You can find a job at a hamburger joint without any skills whatsoever, but if you want to look at how you produce equipment used in hamburger joints that should be simple enough that any unskilled person can operate it without causing himself damage or produce bad food, you look at the end of the market that Common Lisp is good at helping — you don’t see many ads for hamburger joint equipment designers, either.”
Erik Naggum: comp.lang.lisp. May 1 1999.
MPEx presently derives two-thirds of its profit from registration fees. And its own stock is among the best-performing. Does this, by itself, make it a scam? I do not think so. There is nothing devious about operating a bubble, so long as the participants are made to understand exactly what they have become involved in. In fact, in some countries, traditional pyramid schemes are legal, so long as they advertise themselves as such. Do Popescu’s clients understand their place in life? Given their level of investment, I should like to think so. The Popescu bubble is not my problem, and it won’t become your problem unless you choose to make it so.
My problem with MPEx lies elsewhere, and serious students of Bitcoin would do well to give it some thought. MPEx is an example of just the kind of thing I spoke of when I wrote that Bitcoin is a microscope being used as a hammer. Bitcoin is an elegant jewel of mathematical engineering because, for the first time in the entire history of money, it makes it possible to conduct commerce without trusting anyone. Or, more precisely, without trusting any particular person or small group of people. It is even possible to construct a stock or futures exchange in this manner. Or a universal reputation-tracking system. One must simply build on top of the mathematical foundation of Bitcoin, creating a fully-decentralized system secured by strong cryptography – rather than a conventional organization made up of fallible human beings. The problems of interfacing such a system with the world of physical commerce and fiat currencies are genuinely hard – but not unsolvable.
Is Popescu interested in converting MPEx into a peer-to-peer system which does not require you to trust a Romanian businessman – and could not be shut down by a well-placed lawsuit or bullet? Yes and no. Let’s ask him:
“In its current incarnation MPEx is a centralised system. This is not happenstance, all markets are by their very nature centralised affairs and financial markets especially, as trust is the only required ingredient to their continued operation. Decentralisation will occur, if and only if the environment makes it impossible for MPEx to be operated as is, but it will probably not exactly take the form of a blockchain-based system for reasons already discussed.”
21. What happens if your domain(s) or server(s) are confiscated ?
In case the domain is confiscated or otherwise lost MPEx will move to a different domain, in a different jurisdiction. Should the same happen again, MPEx would move to what will at the time be a solid alternative for a free Internet, be it the TOR network, namecoin or some equivalent DNS or any comparable solution. No government will ever be able to stop the Internet, in general. We’re prepared to show this in the particular. Should the systems be confiscated or otherwise lost the service will failover to different systems, possibly on bulletproof hosting if need be. If sufficient pressure is put on this side MPEx will be recoded as a p2p system.
I admire the man’s optimism, but to me it reads a bit like: in the event of MPEx being thrown off the roof of a skyscraper, we intend to invent the parachute on the way down. I understand Popescu’s reluctance to discuss details of MPEx’s contingency plans within earshot of the enemy, I really do. But the tight lips and inexplicable bravado ought to raise some eyebrows.
I do not, at present, believe that Mircea Popescu is a dishonest man. His creation operates more-or-less exactly as described, and he takes great pains to ensure that everyone who decides to trust him with money understands what he is getting into. Yes, there are a great many off-putting aspects to MPEx. Its home, Romania: the land of countless spammers who have never seen the inside of a jail; the fact that its relationship with traditional meatspace commerce and law is quite murky (Is MPOE incorporated? Where? What are its liabilities? Has anyone won legal redress from it for any perceived wrong, in a traditional court?) But none of these things are secrets. Although certain features of Popescu’s behavior are rather worrisome. I am not, of course, referring to his disdain for idiots. (I enthusiastically share in it.) Instead I mean things like this:
“Legally MPEx will continue to promote the correct view of BTC, as a game currency not in any significant way different from any other game currency. This stance can not be changed through Internet chatter, mass delusion no matter how widespread or court rulings, whatever jurisdiction they may be issued in. Specific legislation alone may change things, and we will certainly lobby against such nonsensical legislation should it come under consideration anywhere. I would imagine we’d not be in any way alone.”
Mircea Popescu, Feb. 3, 2013: “So, What’s the Plan with MPOE/MPEX?”
So, either BTC is a “game currency” and MPEx is a toy (and children ought to be able to purchase time on it with their lunch money) or BTC is serious adult business, fit to displace the New York Stock Exchange when its hour comes. Which is it? I understand that the above is intended to keep the hordes of predatory lawyers and bureaucrats at bay. Unfortunately, governments bent on confiscating wealth (and, more importantly, retaining control over the basic mechanisms of commerce) are seldom stopped by one man’s Talmudic arguments, no matter how clever. When American bureaucrats finally decide that Bitcoin is a threat to their hegemony, cryptocurrencies might continue to exist. But will MPEx? At times, it seems to me that Popescu has declared war on traditional meatspace institutions: banks, stock exchanges, courts. What are the rules of this war? What other aspects of mainstream society is Popescu at war with? This kind of thinking is not by itself damning, but these are questions which I would like to see some clear answers to before I give a man serious money.
Popescu insists that his contigency plan will allow MPEx to operate regardless of what any government might do. It will, he insists, carry on as a massively distributed peer-to-peer system. What interest might Popescu have in a fully-decentralized Bitcoin stock exchange? Well, presumably he will own it, and reap the profits. But I confess that I am rather unclear on the concept of how a genuinely peer-to-peer system could have an owner. Ah, but it must have an owner. Popescu and his friends have to eat, after all. Well, in that case it is not peer-to-peer. Anything with an identifiable meatspace owner can be destroyed by a bureaucrat in the blink of an eye. If MPEx were owned and operated by the ruler of North Korea – or some other organization which might stand a chance against a modern army and a real blockade – I might be willing to believe that it could weather the wrath of the U.S. financial overlords. Otherwise it looks like a bit of a long shot, to put it mildly.
Popescu posted some very insightful criticisms of the peer-to-peer Bitcoin stock exchange concept, but studiously ignored the most obvious one: a decentralized MPEx would have no room for an owner, any more than the Bitcoin network itself does.
In conclusion, I would like to reproduce one unusually-insightful comment from the peanut gallery.
“he should not be trusted. here’s why: a person with his attitude, believing that idiots should die, may not be a scammer today but could easily be one tomorrow. just like that. because a scammer is essentially exploiting “idiots” (by his own definition at least) and he can easily rationalize his actions (at least to himself) and even think he’s doing humanity a service. so by extension you would automatically be an idiot if you trusted him.”
Popescu patiently explains that bamboozling his clients would not be in his best financial interests. This is well and good, but it can be turned around, and one could reasonably ask whether he will betray, should it ever be in his best interest to do so. Among technologists, a disdain for “human” emotional mishmash is almost a universal. Yet it remains a character flaw. By rejecting the seemingly-irrelevant world of human trust-building (beyond strict adherence to promises) one asks to be thought of as a mechanism. That is, to be reasoned about game-theoretically. And reasonable people will sit around and try to predict exactly when and in what manner you, the master of reasoned thought, will betray them. To his credit, Popescu appears to be making this tradeoff consciously. The disdain of Internet chatterers neither picks his pockets nor breaks his bones. But at some point, when the MPOE gravy train comes to a halt, MPEx might find it necessary to stop ignoring these aspects of public relations. 
At present, Mr. Popescu is genuinely and truly loaded, and does not need my (or anyone else’s) advice on how to do business. Right now there is a never-ending supply of people eager to purchase shovels in his gold mine without asking too many questions. But should this gold rush end, the crowd of wealthy risk-takers who ask few questions might give way to a considerably smaller crowd of somewhat poorer ones, who do ask questions. Should this come to pass, Popescu may need to rethink some of his choices (or retire to writing books. I’m quite in favor of that.)
If you have a hundred thousand dollars stashed between your sofa cushions, by all means invest it in stocks and futures on MPEx. But make sure they aren’t the last hundred thousand in your sofa, as you may well lose them. Contrary to Popescu’s claims, if American bureaucrats should decide to give MPEx the “full WikiLeaks treatment,” he will run into nontrivial problems – not necessarily limited to legal ones. I, for one, will wait for the fully-decentralized systems. 
Once again, Mircea Popescu could very well be an exceptionally-honest man. I, for one, have little reason to think otherwise. He might even have the moral integrity given to few, and will one day stoically face the firing squad, taking his PGP private key passwords to the grave to protect his clients. Such men do exist. But I would like to point out the obvious yet important fact that MPEx relies heavily on the future honesty of a small handful of people. We take this for granted in our meatspace dealings, as “the cost of doing business.” Yet there is no reason for Bitcoin users to make permanent peace with this constraint. Bitcoin makes trust-free systems thinkable, if not immediately practical. And they are a worthy goal, because the world has a way of turning honest men into, well, other kinds. With money, or with firing squads.
 ~630 USD, at the time of this writing.
 It is possible that Popescu, being a clever fellow, invests the bitcoins he holds in trust in some conservative way.
 Private communication.