...sysadmins and toolmakers. Short story: it's not good. The wave of second and third-order consequences is huge and destructive and coming to a beach near you.

Hi. I'm Jon Fedor and this is InCyber Regular, edition eleven. I took an unplanned absence last week but I'm back. Hi!

Here at InCyber Regular, I talk about cyber security issues and awareness for smaller enterprises, the cyber-curious, and the security-conscious. Today is a little bit different. We're talking about an important polemic from the operator behind sourcehut and a really cool learning resource!

Aside

This is why I love Twitter (and Reddit but that's a different story).

I stumbled across this strongly-worded, open-letter-to-the-world (slightly better than a blog post) on Twitter.

@ajmaus quote-tweeted a screenshot of the article.

@davidgerard quoted one of the more notable lines from the letter in a tweet and linked to the original:

"Cryptocurrency has invented an entirely new category of internet abuse."

Link to the original letter from Drew Devault, open-source programmer extraordinaire. I know that opinions tend to fly thick and fast in the open-source community as a whole but I think this one is worth taking a moment to consider.

Even if you end up disagreeing.

Here's where Drew's going:

"Cryptocurrency is one of the worst inventions of the 21st century. I am ashamed to share an industry with this exploitative grift."

Quick disclosure

I own 68 Doge. It's currently worth $18.71 and I bought it for significantly more than that.

Who doesn't love riding a hype train every once in a while? But actually that's kind of the point.

Crypto as ponzi

Drew argues that crypto:

1. Isn't a currency
2. Doesn't provide any of the real benefits of a currency, especially stability
3. Is just a hype tool to make the rich richer
4. Enables abuse of legitimate services (more on this later) and
5. Is merely a vehicle to arbitrage internet / celebrity hype into extra bucks

Specifically, he asks the question that's kind of been on everyone's mind this entire time:

"What “value” does solving fake math problems actually provide to anyone?"

Ok, but how does it enable abuse of legitimate services and tools?

"Free" compute isn't free

One of Drew's central points is that crypto miners (the folks that actually "mine" crypto) are nefarious wolves scouring the internet for any pockets where they can get free compute power to load mining programs and run them on someone ELSE'S dime.

Drew runs a continuous integration platform called Sourcehut. It's an open source platform that people who write software can use to package and launch and distribute their software easily.

They've had a free tier forever that people who are running small projects or are just getting started can use.

No longer. Turns out this feature was being abused-to-heck by crypto miners looking for free computing power to solve their endless SHA-265 cryptographic hashes.

So what?

So this is happening everywhere. Any free tier of Azure, GCP, AWS, and the cascading Other 80% of cloud and internet function providers across the world who provide legitimate services are seeing this.

Far be it from me to feel bad for sysadmins but here's the thing: if their time and talents are being soaked (and I do mean soaked) up as they try to combat the surrounding cypto-mining wolves, we who use these platforms are less secure.

Our processes, our projects, our identities, and much more are in jeopardy when the gatekeepers are consumed fighting meaningless battles against abusers who don't stop abusing.

To quote Drew at length:

"Cryptocurrency is one of the worst inventions of the 21st century.

I am ashamed to share an industry with this exploitative grift.

It has failed to be a useful currency, invented a new class of internet abuse, further enriched the rich, wasted staggering amounts of electricity, hastened climate change, ruined hundreds of otherwise promising projects, provided a climate for hundreds of scams to flourish, created shortages and price hikes for consumer hardware, and injected perverse incentives into technology everywhere. F**k cryptocurrency."

Something else not about crypto

I stumbled across an AWESOME resource last month: Security Zines.

Security engineer, Rohit writes these amazing visual break-downs of security topics like SQL injection, web authentication authorization methods (like OAuth and JWT etc), and more.

It's a growing project and has a good amount of traction so I wanted to help spread the word. Check out these great resources!

If you're interested in any of them and want to learn more, use this link.

Thanks!

I love writing this thing for y'all and I want to keep doing it. And I want it to get better weekly. So let's make it happen already.

Have a good'un, Good Lookin'.

~Jon Un-Crypto Fedor