>And when people leave their home unlocked the thieves should get to keep their stuff.
That's not what happened here. What happened is that the crypto company said, "Follow this contract," and their customer followed the contract and took their money, and then the crypto company was like, "But not like that!"
Ostensibly, the whole point of cryptocurrencies is to decentralize financial control and not depend on governments for that service. If you then depend on governments the second you don't like what happens, there's no point to cryptocurrencies.
It's like building a home on a land which has no system of law because you like anarchy, and then complaining when a fellow anarchist steals your stuff.
If you can't distinguish "not what I intended" from "not what I wanted" then there is probably no reasoning with you. Luckily for the rest of us, making this distinction is a pre-requisite for becoming a judge or lawyer.
I really didn't intend that as an insult! I just find it very easy to distinguish between a case where someone followed reasonable rules and got an outcome they didn't like, versus a case where someone found absurd rules - clearly not intended by anyone - and exploited them for an undeserved gain.
If you see a case where someone exploits a badly-coded computer program to take a hundred million dollars from someone, refuses to return any of it (even when offered several million dollars for their trouble), refuses to co-operate with the judges and the rest of civilised society, and just see "waa waa baby doesn't like his medicine" then I don't see how to actually reason with you. That's just a value difference, not really an insult.
>I just find it very easy to distinguish between a case where someone followed reasonable rules and got an outcome they didn't like, versus a case where someone found absurd rules - clearly not intended by anyone - and exploited them for an undeserved gain
I think you overestimate how easy it is to distinguish between these two. A reasonable common example is people like Bernard Marantelli exploiting lotteries. The lottery does not intend for people to play as Marantelli does. You can (and people do) argue that he's stealing money, but should he go to jail for playing the lottery in a way "not intended by anyone"? I don't think so.
It's the same with card counters at a casino. The casino can throw card counters out because they can decide who plays at their establishment, but it would be unreasonable to jail card counters for playing blackjack in a way casinos don't intend.
>If you see a case where someone exploits a badly-coded computer program to take a hundred million dollars from someone
This phrasing removes relevant context to the point where it no longer represents what actually happened.
>refuses to return any of it (...)
I did not comment on any of this at all.
>I don't see how to actually reason with you
This is dismissive and denies my ability to be convinced by reasonable arguments. It is insulting, even if it's not intended that way.
I think both those cases are easy to decide, and are legitimate play. Even if they were not legitimate, I think the remedy is simple -- not jail, but at worst return the money that was taken. In this case, even if deciding the merit of the case is hard, there was a transparently reasonable remedy (return 90% of the funds, continue with your life) which Medjedovic rejected. More than just rejecting the offer, he then went on to launder the tokens through a mixer, fled the country, and has refused to put the funds in escrow while the case is decided in court. None of this is reasonable, in my opinion, and I am 100% ok with the legal system forcing him to comply.
> This phrasing removes relevant context to the point where it no longer represents what actually happened.
I don't think it does, but you don't explain why, so there is not much to argue. It is hard to get an objective description of what happened, but as far as I can tell, the liquidity pools operated by Indexed Finance are governed by a smart contract, the smart contract contained a mistake, and by exploiting that mistake, Medjedovic was able to drain them completely.
Can you explain to me in simple english how that is using the contract as intended? Note that "it's what the smart contract said" is not sufficient, for the same reason that "the web server allowed me to make that request" is not a defence against a charge of computer hacking. What the smart contract says is actually almost irrelevant. What is relevant is what it was intended to do.
Incidentally, why should I be rooting for this guy? It seems like literally the only argument in favour of what he did here is "everything that is possible is fair". His extraction of money is purely parasitic, and aside from merely identifying the bug, he hasn't done any useful work at all. I would grant that this applies to the lottery and card counting examples too. But why should I care that he's having his money taken away?
Many people disagree with you and describe what these people do as theft, so it's not as easy as you think.
>which Medjedovic rejected
I made no points at all about what he did afterward. This is all irrelevant to my point.
>I don't think it does, but you don't explain why
I did explain why further up in the thread. It's not just a badly coded computer program; it's a badly coded computer program that acts as a contract intended to circumvent government control of money. That's the context.
People agree to adhere to the smart contract instead of putting their money into a financial institution that uses contracts backed by laws enforced by governments. This guy adhered to the smart contract, and when the crypto company didn't like the outcome, they decided that none of the crypto stuff mattered and that the laws enforced by governments mattered after all.
But this makes cryptocurrencies entirely pointless. If you can use legal means to circumvent undesired smart contract outcomes, then you can just do that in the first place and not have the smart contract.
>Can you explain to me in simple english how that is using the contract as intended?
Yes, of course. Smart contracts are self-executing contracts. The agreement you make is written in the code of the contract. That is the intention behind a smart contract. It makes no sense to say that you did not adhere to the contract if it allowed you to do something. So by definition, anything you do that the contract enables you to do is using the contract as intended.
>Note that "it's what the smart contract said" is not sufficient, for the same reason that "the web server allowed me to make that request" is not a defence against a charge of computer hacking
Again, this argument ignores the context of smart contracts. Web servers don't claim that their code is a contract.
>why should I be rooting for this guy
It doesn't matter. I'm not rooting for this guy. I'm not arguing emotionally in favor of some guy who did something. In fact, I think he's a shithead.
> It makes no sense to say that you did not adhere to the contract if it allowed you to do something.
I think this is the point where I really disagree with you. I don't see how this is different for smart contracts, as opposed to, say legal contracts written in english. It is not true in general that just because a contract says something, that those exact terms are enforced. There is a whole body of law around what terms are enforceable, what to do in cases of mistakes, and so on.
I am now really unclear on what your position is. I thought originally that you were in favour of smart contracts, and that it was somehow unfair or unethical for e.g. a court to rule whether a smart contract was intended to do something different than what it did. So I am trying to understand why you think it is unethical. In this case I think it is unethical to obey the smart contract, and that what this kid did is unethical and should be illegal. Are you saying what he did is wrong, but he should be allowed to do it anyway? If so, why?
>I don't see how this is different for smart contracts, as opposed to, say legal contracts written in english
It's different because the whole purpose of smart contracts is to circumvent governmental power structures. Otherwise, people would use regular contracts.
Technologically, it's much easier to set up a payment system using a centralized database in a specific jurisdiction and have people sign normal contracts to use the system. People create cryptocurrency systems to avoid that. They put much effort into creating payment systems independent of existing power structures. If this system does not work without backup from the legal system and governmental power, then all that effort is pointless.
>I thought originally that you were in favour of smart contracts
I think they're interesting.
>Are you saying what he did is wrong, but he should be allowed to do it anyway?
Yes.
>If so, why?
Using existing governmental power structures to punish people who adhere to smart contracts in ways some system members don't like invalidates the whole system. If cryptosystems don't work purely technologically without judicial support, they don't work, period.
I think you're letting the perfect be the enemy of the good. It seems like an obvious advantage to have systems that decide the outcome automatically and correctly 99% of the time, despite requiring occasional corrections from outside. That's not the same as a regular contract, so it doesn't follow people would always either choose smart contracts or traditional ones.
What you're hoping for is, taken literally, impossible. Smart contracts can't protect people from fraud, or coercion. Since the law does protect them from these things, smart contracts cannot be totally isolated from the legal system (even if everyone wanted this, which they don't).
> Using existing governmental power structures to punish people who adhere to smart contracts in ways some system members don't like
Fine, but what about in ways that the rest of society don't like?
The problem is that Smart Contracts aren't sold as "Computer Program" they are sold as binding agreements forged in code. The code was agreed to by all parties.
I absolutely get your position, and possibly hypocritically supported the main branch when ethereum had a big fork over exactly this issue. But its also not hard to see where the "code is law" guys are coming from.
With a legacy contract, both parties typically choose which legal jurisdiction the contract is executed in.
With a smart contract, you have the option to bake in a third parties keys to sort dispute resolution. If you choose not to, I dont see why it should be litigated instead.
To my mind, the choice not to have a mediation or dispute resolution option is just as much the "Intent" as not being hacked and drained of funds.
The entire point of a home is not to escape traditional finance. It's by design not compatible with a simple "thief breaks into house" comparison, otherwise the entire enterprise is a scam and they should be criminally prosecuted for fraud the second they ask for legal dispute resolution on transactions that happened on ledger.
"Code is Law" is a profoundly immature idea, and I am surprised anyone other than children take it seriously. The law is not, and never has been, something that is read literally and taken at face value. This is the entire reason that judges and lawyers exist.
Saying "The code let me do it, so it should be legal" is a bit like if I leave a "free to a good home" sign on a plant pot outside my home, and it leans on my car. It does not mean you are permitted to take my car, no matter how "obvious" it seems to you that it should.
“Code is not law. Law is law,” Mr. Gottlieb wrote in a lengthy thread to Mr. Medjedovic on X in late October, 2021. “And what you did was not a ‘clever trade.’ It was market manipulation. It’s illegal. And people go to prison for it.”
Tech exceptionalism is eternal. It takes the occasional Napster or PirateBay failure to disabuse a generation in the tech community of the triumphalist nonsense it talks itself into believing. But then the next generation comes along and doesn't know better.
While satisfying, that quote is also hilariously one-sided in it's perspective. I imagine that lawyer in the courtroom saying something like the following:
> Yes, my client did take a stack $100 bills and leave it on the sidewalk atop an elaborate contract proclaiming that those $100 bills should be given to the very next person going by the name of "John" who found this stack of $100 bills upon the sidewalk, including specific language stating that anyone, even an unforeseen party meeting such criteria, would be entitled to that money. And indeed, my client signed and dated that document in triplicate. Yes my client did go to great lengths to write such a detailed and specific contract, and he was quite sure that such a contracts terms would be sufficient to ensure that only my clients brother, John Williams, would be entitled to the money, that same John Williams who lives across town. The brother would never find that money though, because the villainous, criminal, thief of a man John Smith stole that money from off the sidewalk when walking out of Smiths front door! Smith would have you believe that he was merely fulfilling the terms of a fortuitous open ended contract foolishly entered into by an idiot who failed to think critically about the terms said idiot entered into. That, however, is not important! I am here today to say that the terms of such a contract are not what is relevant, what is relevant is how upset my client is that he no longer has his money. I can prove that Smith stole that money, no matter what the documents signed by my client say! Those contracts are not law, only the law is law. What Smith did was not a "clever deal", it was theft. Which is illegal, and people go to prison for it.
A bit over dramatic, but that's how the lawyers statement reads to me.
I am indeed aware that in such situations, since the depositor has not publicly and loudly declared their intent to deposit that money into my account, nor informed me that they will be depositing that money into my account, nor has the depositor published a contract that I've engaged with stating they need to send me that money, that such a situation would be interpreted as an accident by any reasonable person, including the legal system.
However, we are talking about a system where a party has loudly and publicly stated that they'll move money under certain public conditions and a third party has walked up and said, "I meet those conditions, I am owed said money", and the computer dutifully agrees. We are currently looking at the foolish party who has entered into a contract trying to get out of that contract because they no longer like it's terms. Unfortunately for them, human law mostly sides with contracts, even when those contracts are represented in code.
Even allowing for such a contrived example, would it be so bad if the money was taken from John Smith? The contract writer was an idiot, sure, but John Smith is an idiot too for just taking the money and expecting to be able to keep it. To say otherwise is to say we want to encourage people to take money they didn't earn, to avoid reporting it to an authority, because they'll be able to get away with it. It is also to say that the punishment for stupidity is whatever happens to be the consequence, rather than a fair punishment reasoned out by society.
(I am against prosecution in this case, but I think he should have most of the money confiscated)
What's actually confusing in the analogy? Are you actually confused or just pretending? The point is that just because a sign says something under a literal reading, it doesn't mean that it's what was intended, or what's binding. If there's a piece of paper on my car saying "free to a good home", I probably didn't intend that you can take my car (or my house, or whatever). It's not very different to the fact that a 0-day exploit on your bank's web server does not entitle the thief to your money.
Lots of things have never been, that doesn't make them a bad idea.
Your example is in the real world where there are things like weather and other variables that can't be accounted for. It's necessary for law to be based on common sense in such an environment.
But why can't we imagine removing this element of ambiguity? In a computer system you can account for all variables and completely define the environment. This would make interpretation of the law much easier which is surely a good thing.
But this kind of thing needs formal verification to work properly, which we are not good at. Trying to do it without formal verification is silly. But the broader idea is by no means "childish".
I can't imagine removing this element of ambiguity because programs are not perfect. They are a representation of some mental process, and they frequently contain mistakes. They are also, as you admit, unable to capture states of the real world accurately. Unless your smart contract is unrelated to the real world (in which case, why bother with it?) this will be a problem.
The idea with formal verification is it would make it possible and feasible to prove a program is correct. But this is a hypothetical and until that is possible it doesn't really work. It might never be possible. So today I do agree with you. It just turns into a game of "ha-ha, you didn't read the contract closely enough!"
There's a higher monthly salary in the US, sure. However, you're expected to work very long hours (60-80 hours per week) and get basically no time off
In my current position I'm hired for an expected 37 hours per week. This can be more if I'm asked to work overtime, but my weekly hours cannot exceed 45 hours per week on average in a 3 month window without additional compensation
Additionally I have six weeks of paid time off every year plus public holidays
If I calculate my hourly salary it's better than what I was paid by US companies
That's not to mention the security of having a legally mandated termination period of minimum 3 months (in which you're, in most cases, not expected to work)
I worked 80 hours a week in medical school, depending on the rotation. From that experience I can tell you, the majority of people that say they work 80 hours a week, don't even know what that looks like.
This 60-80 hrs/week maybe a startup myth. Since Europe in general has far fewer startups than US people hear these wild numbers in Europe far less. For normal big tech worker, or enterprise workers 40 hrs is really the norm. Now many people specially in contracting, consulting can stretch hours for billing purpose or impressing upon clients thats a different matter.
I have never in 28 years across 10 jobs including one in BigTech been “expected” to work more than 40 hours a week.
It’s a bunch of copium thinking that American tech workers are working 60-80 hour weeks.
And I know it’s not the norm, but right now I have “unlimited PTO” and most people take at least 5 weeks a year.
If the average American tech worker is making 2x - 4x the average EU worker, they should be able to save more than enough to have a three month cushion.
And we are talking about Google. They have a very generous severance package. Even Amazon where I use to work gave me three months severance.
"Unlimited PTO" is discretionary in practice, and there are studies showing that it translates to less PTO on average, which is exactly why companies do it.
I'm genuinely curious if you've actually read the article you linked to, given that the line literally above the numbers you quoted says, in large font and bold caps: "Employees don’t get more time off (and may actually get fewer days away from work)". Did it not make you wonder why?
Now if you look at where those numbers come from, this article quotes another article from WSJ (https://archive.is/MVRur) which is also titled "Why You Should Be Wary of the Unlimited Vacation Perk". Hmm...
Now when you look at the survey, the problem with comparing those numbers is that they are averages for all workers. That is, 14 days without PTO is the average across all companies, not just those that had adopted UPTO. And the 16 days with UPTO is, of course, only for those companies. So the numbers don't actually tell you anything about the effect of "unlimited" PTO adoption in a given company. Those companies where 14 days is the norm are generally not the ones that decide to switch to UPTO because, well, there's no actual benefit in it for them. Companies that do adopt it, like many Big Tech firms in the past few years, are also the ones that had much more generous paid PTO to begin with - at Microsoft, for example, as a senior engineer, I had four weeks of PTO before the switch.
There are other negative aspects to it, too. For example, when you have guaranteed vacation PTO, it is wholly separate from other things like paid medical leave. But with UPTO, it's that much harder to argue for it to your manager if you have already taken medical leave that year.
Do you consider Microsoft "big tech"? It switched to UPTO back in 2023, just in time for layoffs. And I can tell you that it was a very unpopular move among rank and file.
This is not what we usually hear about employment in the US. The reason many Europeans think American tech workers are working 60-80 hours per week is not copium, but simply because that's what many Americans tell us.
I will just add another +1 to say it's not common to work 60-80 hours per week in the US tech industry. It's not unheard of, and some companies (Amazon) are notorious for expecting that of their employees. But most of the time what you will see is that most people work 40ish hours (some weeks a bit more, some a bit less), and only a handful of colleagues with an unhealthy relationship to the job will work 50+ hours per week. Management doesn't generally expect people to do that, though of course bad managers do exist and can make your life miserable.
The only time I've ever been expected to put in those kinds of long hours was in case of an emergency. Stuff like, a natural disaster hit the company's primary data center so they needed to be all hands on deck to get services restored. But it's definitely not common day to day, and even in case of emergencies the company generally gives you a little something (extra time off, a bonus, whatever) to compensate you for the long hard hours you had to work.
How can you know that? Please don't assume stuff about others just to make a rhetorical point. If you say it's not that common as it's often made out to be, why wouldn't I believe you?
Though what would also help if you had an explanation for why we tend to hear these stories mostly from the US and not from other countries.
I see plenty of stories from Europe, and they too complain about work, but never about having to work 60-80 hours. Even if it's rare in the US, it still seems more common than in Europe. Similarly, I hear stories about working 3 jobs in the US which I don't hear from Europe. I do hear people complain about managers, pay, or office politics in Europe.
yes pbly more common that europe . even i worked two jobs at one point to double my income to like 700k/yr but it was very hard to sustain that beyond 1 yr. i know many ppl who've done it for years.
How much content you consume comes from the US vs other countries? The US has a full cultural supremacy in the west. That's why you speak english and read YC.
U.S. tech worker here. The only time I’ve ever worked 60-80 hour weeks was at a much smaller company, where for a month or two leading up to a trade show a whole bunch of work that had been put off was attempted to get crammed into the product. At my subsequent BigTech jobs I’ve never been asked/required to work more than 40 hours a week. I mean, nobody was tracking exact hours, but nobody was also pinging me at 8PM or on the weekend and expecting me to be working.
My experience is limited - I work in the UK for a US company and haven't spoken to US developers from a wide variety of companies. However I've not heard any US developers talking about working such long hours.
Closest thing I've heard is for devs to sometimes work over the core hours to build up time-in-lieu for extra vacation, over and above the paltry standard 2 week holiday allowance.
fascinating. I thought the meme was that FAANG tech workers were all day and lazy and didn't have to work that hard and were grossly overpaid, but that's as much a stereotype as the next one.
What a waste of a comment. Low salaries typically imply finding a job is easier, because more potential employers can afford to pay you. Can you add any kind of evidence, argument, anything? Saying "fact" after an armchair guess does not make it one.
> Low salaries typically imply finding a job is easier, because more potential employers can afford to pay you. Can you add any kind of evidence, argument, anything?
sorry i forgot to add "typically" which apparently is a license to spout any BS .
Umm... output. Outside of hyperscalers and probably the tier below them, most EU tech companies aren't making the kind of money per headcount to justify huge salaries.
There is demand for tech workers, but the output of EU tech companies can't afford huge salaries. Lower margins.
Some of these criticisms I can understand and agree with. Direct messaging is broken and should be fixed rather than removed (since you need to share credentials in order to use a third party messaging app).
When you say "Account migration does not work" I am forced to ask "compared to what"? There are literally no alternatives. If you have a twitter account with 20k tweets, and you want to leave twitter, "GFY". Ditto if you get banned. A public, instance-independent list of banned and redirected accounts (which survives the death of an instance) could perhaps be a really useful service.
Culturally, mastodon people do seem opposed to bots. There are a lot of people who are hostile to indexing, and hostile to really any automated interactions at all. This causes a huge controversy every few months, when someone tries to build search and gets run out of the community for using a crawler to do it. It is worth mentioning that fedi socials have a pretty high concentration of trans and other marginalised users, who are burned by targeted harassment on other parts of the internet. I think the resistance to bots is part of this.
>> "When you say "Account migration does not work" I am forced to ask "compared to what"? There are literally no alternatives. If you have a twitter account with 20k tweets, and you want to leave twitter, "GFY". Ditto if you get banned. A public, instance-independent list of banned and redirected accounts (which survives the death of an instance) could perhaps be a really useful service."
I can download my entire repo in one click and move it to another PDS, perhaps one I run, or save it for later when there are more options. Or come up with my own way to transform it.
There was a post on HN a few weeks ago from the Recurse Center immigration advisor, and a decent proportion of comments were about the alarming situation in the US. I probably would have applied, but I won't travel to the US while conditions are as they are.
I don't think they do intend that. I think they intend to get free contributions from keen people who think erroneously they're contributing to a public good.
Yes, indeed. And when people leave their home unlocked the thieves should get to keep their stuff. What kind of savagery is this?
> If you end up using the legal system to remediate undesired transactions, what's the point of cryptocurrencies in the first place?
Great question, we have been waiting for answers for nearly a decade now...
reply