Tech Talk iconTech Talk

null

Pro-ISIS Online Groups Use Social Media Survival Strategies to Evade Authorities

One of ISIS’ most dangerous weapons has been the Internet. The extremist group relies heavily on social media to spread news and recruit soldiers. And many “lone wolf” criminals including the couple that terrorized San Bernardino, Calif. and the Orlando shooter, are thought to have been radicalized at least in part online. 

Counterterrorism units and law enforcement agencies have struggled to fight back against these new virtual tactics. Now, computer scientists led by Stefan Wuchty at University of Miami have released the first formal survey of how pro-ISIS online groups behave. In particular, their work identifies three popular strategies many groups have used to evade censorship in social media networks. They published their work in Science on Thursday.

Read More
Virtual reality scene from a Tuscan village simulation

Dynamic Field of View Restriction Makes Virtual Reality Less Barfy

We're incredibly excited for the near future of immersive virtual reality, which will let you explore worlds real and imaginary without having to leave the house or even put on clothes. Lack of clothes will come in especially handy, since a not insignificant percentage of VR users messily end up in pukesville. The disconnect between what your vision is telling you and what the rest of your (sedentary) body isn't can be disconcerting at best, and at worse, can lead to nausea, cold sweats, tossed cookies, and a desire to never try VR ever again. I speak from (bad) experience.

This is a common enough (and serious enough) problem that the National Science Foundation is tossing money at researchers with ideas on how to fix it it, and a group from Columbia University has come up with a deceptively simple but apparently very effective method of mitigating the hurl factor: dynamically restricting the field of view displayed in your VR headset while you move. 

Read More
null

Malaysia Bets on Internet Access and Public Wi-Fi for Its Global Debut

Driving to the small public Internet center in Semenyih, Malaysia from nearby Cyberjaya is to pass from one side of the digital divide to the other. Cyberjaya was carved out of a palm oil plantation in 1997 to become Malaysia’s first “cybercity.” It forms the heart of the nation’s “Multimedia Super Corridor,” a special economic zone for high-tech businesses. Just 32 kilometers (20 miles) away in the agricultural town of Semenyih, students have laptops but no Internet in their classrooms.

As Malaysia stretches to place itself among the world’s global economic leaders, its citizens straddle broad digital extremes. At both ends, the federal government is carefully orchestrating an ambitious plan for digital growth. Since 2010, Malaysia’s leaders have invested heavily in technology, among other sectors, to land itself in the elite upper echelon of global economies.

Though it’s grabbed fewer headlines than Cyberjaya, a massive public Internet project led by the Malaysian Communications and Multimedia Commission is a key part of this strategy. Quietly, the government has installed 674 public Internet centers since 2007 and plans to finish another 165 by the end of this year.

This network is branded as 1Malaysia Internet Centres to coincide with a nationwide campaign of unity. Each center has 20 computers. The government provides the facility and pays service providers to install equipment, hire managers, and bring it online.

In Semenyih, the center operates from a modest one-story building next to those Internet-less local schools. Guests remove their shoes at the door, where rules including “No gambling” and “No pornography” are clearly posted. During a visit last week, two women wearing hijabs leaned close and laughed at a shared terminal along one side of a brightly colored room. Atop stools against the opposite wall, two young boys in headphones clicked through YouTube videos.

Policymakers see places like Semenyih as an opportunity to improve digital literacy and expand homegrown industries. The government offers free training for entrepreneurs on weekends. Anwar Bin Masood, a manager at the Semenyih center, says local women who weave baskets, mats, and jewelry have begun to sell their wares online.

Students and seniors receive one free hour of access each day, while others pay a small fee to log on. If they become members, the service is cheaper. So far, 475 of the 2,300 people who live in Semenyih have signed up since it opened in 2014. About 65 percent of the people who log on are students. The oldest member is 68 years old.

img
Photo: Amy Nordrum
Users in Semenyih enjoy Internet sessions in their local 1Malaysia Internet Centre.

To further improve access, MCMC has developed a second program called WiFi Komuniti to distribute the Internet from each center to the surrounding community. The agency uses a hub-and-spoke model to transmit Wi-Fi around the clock to a few sites within 5 kilometers of a center, which in turn re-broadcast it to homes within a 250-meter range.

In Semenyih, one of these access points (which is basically three routers strapped to a pole) is erected just outside an open-air cafe littered with plastic chairs for surfers to linger. A signature blue sign designates it as part of an official Pusat Internet 1Malaysia (or PI1M), or 1Malaysia Internet Center in Malay.

Both projects are continually revised as leaders figure out how to best serve their many new users. Coordinators recently reduced the number of spokes in the WiFi Komuniti model from five to three, to boost data speeds from 2 Mbps to 4 Mbps. Meanwhile, users at the hubs enjoy 8 Mbps speeds, and that bandwidth is re-allocated to the spokes once the centers close each night.

There are some persistent challenges. Malaysia’s lush vegetation and incessant rain absorb radio signals and generates greater than normal losses, says Siva Karan of local service provider Maxis. The company works around this by caching some websites on a local server and keeping Wi-Fi access points, Internet centers, and microwave towers that provide service within easy sight of each other.

Another major obstacle MCMC has faced is securing a reliable power supply for centers in remote areas. Also, maintenance is a high hurdle. There are 98 centers in the largely wild state of Sarawak on Borneo, more than in any other state; rotating the computers and printers there through quarterly maintenance checks is expensive.

Still, residents have welcomed the centers, and the MCMC office fields many requests from community members who want one in their town. “We can say that the 1Malaysia Centers are the one most successful project ever implemented in MCMC,” Nor Azhar Hassan, head of the infrastructure division, says.

Despite their popularity, the centers were never meant to be a permanent solution to the lack of connectivity in places such as Semenyih. MCMC hopes the projects will encourage more people to sign up for service to their homes, and persuade companies to expand infrastructure there.

“At the moment, we think of the Internet centers as a change agent,” Hassan says. “This is not meant to be a total solution.” To achieve those long-term goals, the government has built 1,000 towers and industry has installed 10,000 since 2010. Another 700 are in progress.

Hassan and his colleagues share anecdotes about the positive impact Malaysia’s Internet centers have had on residents. However, Araba Sey, a researcher at the University of Washington’s Information School, says it’s difficult to assess what, if any, boost public Internet centers such as these actually bring to communities or countries. “The question of social and economic impact is still up in the air,” she says.

In Semenyih, the most common online activity is checking social media. That’s meaningful to users, of course, but might not further Malaysia’s economic goals as much as its funders had hoped.

This quandary has run aground similar projects in other countries, which Sey says inevitably lose public funding and can’t garner enough commercial support to stay afloat. Malaysia’s Internet centers are currently funded through the nation’s Universal Service Provision until 2020.

“We shouldn’t be looking for these short term and very direct impacts,” Sey says. “You can't prescribe what specifically will happen and how it will happen and when it will happen. If you’re trying to do that, you’re missing the point.”

For now, Malaysia remains on track to achieve its goal of being recognized by the World Bank as a high-income nation (those achieving a gross national income of US $12,736 per capita) by 2020 (even while its prime minister is embroiled in a US $1 billion corruption scandal).

Back in the pair of matching towers that now house the MCMC offices in Cyberjaya, Zefe Fazilah, a deputy director for project coordination, says the strategy is working from their perspective. (The agency was unable to provide an estimate for the total cost of the public Internet initiative to date.)

They’ve heard from dozens of entrepreneurs who have expanded their reach through the centers, including one seaweed farmer who went from making RM400 to RM20,000 a month. Industry partners also seem enthused by the demand the project has drummed up in remote corners of the country.

Darrell West, director of the Center for Technology Innovation at Brookings Institution, believes Malaysia will eventually realize the benefits it seeks from its investment. He says the economic case for Internet access has been demonstrated in fishing villages and agricultural regions around the globe.

Nearby to MCMC, construction teams busily convert a vast tract of land the size of 120 football fields to “CCC” or Cyberjaya City Center. Once complete, the RM11 billion project will feature wireless sensors for virtually every possible purpose, including a “social noise meter.” One way or another, Malaysia remains determined to forge its digital destiny.

Illustration of LISA Pathfinder in space

LISA Pathfinder Sets the Stage for a Gravitational Wave Hunt in Space

A diffuse clutch of spacecraft fly through space, connected only by the laser beams that register tiny changes in position across the millions of kilometers that separate them.

This basic vision for a space-based gravitational wave observatory, which those planning a European mission generally call the Laser Interferometer Space Antenna (LISA), is about 30 years old. And it could be 20 years more before we see it in action. But results released today by the European Space Agency’s LISA Pathfinder team suggest it’s possible to achieve the sensitivity needed to build it. Such a space-based observatory would use a technique similar to its Earth-bound cousin LIGO—which announced the first direct detection of gravitational waves earlier this year—to detect slight ripples in the fabric of space-time. But the quarry would be gravitational waves in a frequency range that’s inaccessible here on Earth, one that includes sources such as merging supermassive black holes in the heart of colliding galaxies. 

LISA Pathfinder, which launched late last year, contains a small pair of gold-platinum “test masses” and a laser interferometer to measure changes in the distance between them.  The mission, a shrunken-down version of what in LISA would be an “arm” made by two spacecraft, isn’t designed to detect gravitational waves. Instead, it’s intended to test out some of the basic technologies required to do so and show that a spacecraft can have low enough noise to be sensitive to passing gravitational waves. A big part of that is creating an environment where the test masses are in near-perfect free fall, protected from the confounding nudges of forces other than gravity and floating free of the rest of the spacecraft.

The results, published today in Physical Review Letters, indicate that LISA Pathfinder exceeded its requirements. At the frequencies gravitational wave scientists are interested in, the spacecraft can discern an acceleration between the test masses of less than a femto-g, or one millionth of a billionth of the acceleration due to gravity on the surface of the Earth. Says principal investigator Stefano Vitale: “The closest thing to a force on the test masses corresponding to a femto-g is the weight a bacterium in your hand.”

“This paper is a green light for LISA,” adds Vitale, a professor at the University of Trento in Italy. “For us it’s an enormous sense of acheivement."

The results must also be an enormous relief for Vitali and his colleagues. The LISA Pathfinder mission was originally set to fly in 2006, but it ran into technical hurdles. “There were a number of technologies that appeared to be relatively easy [that] turned out to be significantly more challenging once people got into it,” says Fabio Favata, who coordinates the science program at the European Space Agency. The team had to change direction when it came to the thrusters in the spacecraft’s micro-propulsion system, Favata says. These are used to gently reposition the spacecraft, a key technology needed to make sure the test masses never come in physical contact with the surrounding spacecraft. The caging mechanism, which secures the test masses during launch so they don’t rattle around like a bowling ball in a washing machine—and then gently releases them—also proved a challenge.

In the end, it all came together. The test masses, the team says, have achieved a new record for free fall. Accounting for and curbing the many non-gravitational phenomena that could perturb the masses and swamp a gravitational wave signal was no easy task. Housed inside the spacecraft, the test masses are protected from the pressure of solar radiation. But other potential sources of acceleration remain. Magnetic fields can have an effect. So, too, can the buildup of charge on the test masses created when cosmic rays pass through the shielding of the spacecraft, as well as the collision of residual gas molecules. “Our error budget is a book,” Vitale says.

System engineering is critical for this sort of experiment, Vitale adds. The mass in LISA Pathfinder, for example, had to be carefully distributed to prevent the spacecraft’s own gravity from preferentially pulling the test masses in any particular direction. “This is a single flying instrument,” he says. “It’s not a satellite carrying an instrument. The entire system is an instrument.”

“The results reported by the [LISA Pathfinder] team are, quite simply, a tour de force in precision measurement,” David Reitze, the executive director of LIGO, wrotin a commentary accompanying the team’s results, which were published on Tuesday in Physical Review Letters. “These results bode extremely well for the future LISA mission.”

The exact shape of that mission is still up in the air, says ESA’s Fabio Favata. There is a plan in place to launch a gravitational wave detecting mission in 2034, he explains, but the exact specifications have yet to be decided. Favata says the plan is to issue a call for mission proposals soon, perhaps later this year. A report (pdf) issued earlier this year by the curiously acronymed Gravitational Observatory Advisory Team (GOAT) recommended using laser interferometry (the technology used by LIGO that has long been on the table for a space mission) for the 2030s mission. 

But a good amount of technology development still needs to be done, Favata says. In particular, he cites the laser systems and the telescopes that would be used to aim those lasers across the millions of kilometers between spacecraft. The GOAT group said that much of the technology development that needs to happen isn’t dependent on the particulars of the laser interferometry mission. “This allows us to begin technology development in advance of the mission concept,” says Favata. That work, he adds, has already begun. 

null

Haptic Taco Helps You Navigate By Feel

Using technology to navigate around an urban area completely monopolizes, at minimum, one of your senses. Either you're staring at a map on your phone or the car’s center console, or listening to spoken directions through headphones or the car speakers. If you're truly inept at navigating, you might need to see and listen at the same time. Unfortunately, your eyes and ears come in handy for other things, like not smashing into lamp posts or avoiding getting plowed into by other vehicles.

Adam J. Spiers, a member of the GRAB Lab at Yale, has been developing small haptic peripherals that are designed to help drivers navigate using touch alone. He presented his latest research last month at the IEEE Robotics and Automation Society’s International Conference on Robotics and Automation in Stockholm, Sweden. In a paper titled Development and Experimental Validation of a Minimalistic Shape-Changing Haptic Navigation Device, he and several collaborators described the “Haptic Taco,” a little cube that expands and contracts in your hand to lead you straight to your destination.

Read More
Picture of a star in the Alpha Centauri system

How Do You Fly to Alpha Centauri in Just 20 Years? Ride a Laser Beam

In the 1960s, the physicist and space futurist Robert Forward proposed a radical method of sending a spacecraft to the stars. Roughly speaking, the idea was to attach the spacecraft to a large light sail, and then push it by illuminating the sail with an enormous laser. Forward suggested that a powerful laser could accelerate a spacecraft to a large fraction of the speed of light, allowing it to reach some of our nearest stellar neighbors within a few decades.

Until very recently, this idea remained solidly within the realm of science fiction. But today the outlook is beginning to change. In April, the physicist-turned-internet-billionaire Yuri Milner, together with Stephen Hawking and other notable scientists and engineers, announced that the Breakthrough Foundation would begin funding work on the concept of a laser-propelled starship, with the long-term goal of reaching the closest neighboring star system to our own, Alpha Centauri. Their initiative, dubbed Breakthrough Starshot, is a Silicon Valley take on Forward’s vision that imagines shrinking the spacecraft down to a mass of a few grams. A fleet of such “nanocraft”, each tethered to a light sail a few meters wide, could be economically launched into space and then accelerated toward Alpha Centauri with a terrestrial laser system. Illuminated by tens of gigawatts of laser light, the miniature spacecraft would reach 20 percent of the speed of light in about 4 minutes.  After a 20-year cruise, they would zip through the Alpha Centauri system in a few hours and send data and images back to Earth from the brief encounter.

Read More
null

Exoskin: a Programmable Hybrid Shape-Changing Material

Programmable matter isn't a thing that we have a lot of experience with yet. It's still very much a technology that’s slowly emerging from research labs. MIT is one of those research centers, and Basheer Tome, a masters student at the MIT Tangible Media Group, has been working on one type of programmable material. Tome’s “membrane-backed rigid material,” called Exoskin, is made up of tessellated triangles of firm silicone mounted on top of a stack of flexible silicone bladders. By selectively inflating these air bladders, the Exoskin can dynamically change its shape to react to your touch, communicate information, change functionality, and more.

Read More
null

This Mobile Security Feature Will Annoy You, But It Will Also Protect Your Phone

If you look at your smartphone right now, there’s a good chance it’s covered in smudges. We’re not judging, just letting you know that those oily fingerprints are a security liability. Cybersecurity experts have shown it’s possible to read smudge patterns on a smartphone screen to determine which keys an owner presses most often. Knowing this, a hacker could guess a passcode with relative ease.

Miraculously (and disgustingly), these smudges often persist even after you slip your phone into your pocket or purse. Though smudge attacks haven’t been widely reported in real life, research on their feasibility highlights a potential weakness in mobile security. To fend them off, students from the Universidade Federal de Minas Gerais in Brazil, led by advisor Leonardo Oliveira have developed a security feature called NomadiKey (because the keys act like nomads, wandering across the screen).  

NomadiKey shrinks the passcode entry keys on a locked smartphone screen to about one-fourth of their original size and scrambles them into a new arrangement every time a user tries to unlock their phone. By mixing up the keys, NomadiKey essentially distributes oily smudges more evenly across the screen, leaving a would-be hacker puzzled as to which keys a user actually pressed.

There is one major drawback to this design, however. Logging in with NomadiKey takes at least 1.5 seconds longer than typing in a PIN on a classic keyboard. Since heavy users unlock their smartphones up to nine times per hour, this delay can add up.

Artur Luis de Souza, a member of the NomadiKey team who is an undergraduate student studying cybersecurity, demonstrated the software last week at the IEEE International Conference on Communications in Kuala Lumpur, Malaysia. “People are more concerned about it being simple or easy to use than it being secure,” he admits.

Luis and his collaborators evaluated the security of NomadiKey against four other authentication methods. They tested the classic PIN code, an Android option that traces the pattern of a user’s finger across the screen, a random keyboard generator, and the new Knock Code system, by South Korean electronics company LG, that detects a specific sequence of taps anywhere on the screen.

As a measure of security, they compared the number of possible guesses it would take to unlock a smartphone using each authentication method if the phone were subjected to various hacks including smudge attacks. NomadiKey bested all except the random keyboard generator.  

However, NomadiKey is unlikely to catch on if users aren’t willing to trade a bit of convenience for extra security. Case in point: iPhone users can set the length of their passcodes to be between four and six digits. More digits is inherently more secure. Still, one small study found that the average passcode spans just 4.5 digits (Apple has since changed its default passcode setting to six digits).

To make NomadiKey slightly easier to use, the scrambled design keeps each number in the same position relative to its neighbors. For example, the 1 always winds up to the upper left of the 5, and the 3 is always above the 6. The shrunken keys make it possible to obey this rule and still arrange the numbers in clumps scattered across the screen so that oily smudges are broadly distributed to obscure the true passcode. 

To gauge usability, the team asked 18 people (mainly their friends and family members) to test their system against a classic keyboard and the random keyboard generator. The classic keyboard was by far the easiest and fastest to use, but NomadiKey was 40 percent faster than the random number generator. The students say it offers the best mix of security and usability of the methods they tested.

The group also noticed that over the course of unlocking their phones five times with NomadiKey, users logged their fastest speed on the fifth run. This means the delay may be partly due to a learning curve that users can overcome with time. “When people see it for the first time, it’s overwhelming and people are confused,” Luis says. “But over time, as you get used to it, it gets faster.”

Luis says that, in addition to smudge attacks, NomadiKey could protect against vision attacks in which hackers record a video of a user unlocking his or her phone. By subjecting this recording to digital pattern analysis, hackers can figure out where the user was touching the screen and make a reasonable guess at the PIN. Cyber experts who have carried out smudge attacks in the lab were successful at unlocking phones up to 92 percent of the time. Vision attacks were up to 91 percent effective.

The group has toyed with design elements for NomadiKey aimed at improving security and ease of use. In one version, each of the keys was wrapped in a colored band in an attempt to more clearly associate those that share a row (such as 4, 5, 6). But that just seemed to confuse people. At one point, they tested an iteration that required users to not only choose the right key, but swipe it in the correct direction. They quickly abandoned that idea, too.

Luis hopes NomadiKey can live on, even if it’s only ever adopted by a small number of zealots who are hyperconcerned about keeping their phones safe. Right now, the feature is not yet available to the public. The team has installed a prototype on a few phones but hopes to catch the eye of, say, a handset maker or a security team to further fund its development.

null

On Second Try, NASA Manages to Blow Up Inflatable ISS Module

On Thursday, astronauts on board the International Space Station were scheduled to spend about 45 minutes inflating the BEAM (Bigelow Expandable Activity Module), a room made out of fabric designed to be blown up like a balloon with air from inside the ISS. It sounds like a simple enough process, but as with everything in space, it isn't, and it wasn't. After BEAM stubbornly refused to balloonify itself on Thursday after a couple hours of intermittent manual inflation, NASA decided to stop to try and figure out what was going on.

Today, the process resumed, and after about 8 hours of stop and go pressurization, BEAM has finally reached its final (and pleasingly round) shape.

Read More
null

Ethereum’s $150-Million Blockchain-Powered Fund Opens Just as Researchers Call For a Halt

At 9 a.m. GMT this morning, funding closed on an entity called The DAO. It’s a blockchain-enabled financial vehicle that’s structured kind of like a cross between Kickstarter and a venture capital fund and which now runs autonomously—no humans needed—on the fledgling Ethereum network. The DAO (short for decentralized autonomous organization) raised over US $150 million worth of the bitcoin-like cryptocurrency, Ether, during a feverish, 27-day sale.

The DAO’s launch is a feat that should surely stand out as a feather in the cap for the Ethereum network, as it is the most successful crowdfunding campaign yet documented anywhere, ever. 

But yesterday, just hours before The DAO was scheduled to open for business and begin taking project proposals, three blockchain researchers published an article outlining multiple flaws in the governance structure of the organization that they say could be used as vectors for attack. The researchers are asking everyone involved with The DAO to temporarily halt funding activities and fix the critical problems.

“The attacks are quite real. So, somebody has to do something about them,” says Emin Gun Sirer, one of the authors of  the article and of the blog where it was first published.

The DAO is the first iteration on the Ethereum network of an idea that has been floating around the crytpocurrency space for a few years now, which is that you could take all the functions of an investment vehicle—fund storage, project vetting and approval, fund disbursement, and profit allocation—and handle it on a blockchain, thereby creating what is effectively a corporation without jurisdictional anchors. Equally attractive to some is the fact that a blockchain-enabled organization is completely transparent and does not rely on a managerial class with high salaries to complete its functions. Everything is done by the code, which anyone can see and audit.

What investors who jump on board do rely on, however, is the expertise of the people who write and audit the code. They have to trust not only that the software is secure but also that the  governance models work the way they are intended.

This second part is where Sirer and his co-authors, Vlad Zamfir and Dino Mark, say the DAO creators have failed.

Here’s a brief explanation of how The DAO is supposed to work. It’s first created as a contract written into an address on the Ethereum blockchain. The code for the contract specifies all the rules of the game. This was done by a few well-known people in the Ethereum community.

In order to play the game, you send Ether (the native currency on the Ethereum network) to the contract address and you get tokens back in exchange. These tokens signify your proportional ownership over the mass of Ether poured into the contract. 

That period just ended. Now, in order to unlock the funds people will present project proposals and the DAO owners will vote on whether the projects are worthy of investment. For example, the same people who wrote the DAO contract are also planning to solicit investments from the organization to fund Slock.it, a project that is hell bent on decentralizing the sharing economy and replicating corporations like Uber and AirBnb as user-owned entities. 

At first the voting sounds simple. But there are a few notable details that complicate any game theory analysis of the governance structure.

  1. Voting is not a DAO participant’s only power. If I have DAO tokens, I can also decide to split from the larger DAO and create my own smaller one. 
  2. I can also sell my DAO tokens to anyone who will buy them.
  3. If I vote on a proposal, I lose my right to split and I don’t get it back until the polls have closed. Nor can I sell my tokens while voting is in progess.
  4. In order for a vote to count, a quorum must be reached. The size of the quorum depends on the amount of funds requested in the prposal.
  5. There actually is a managerial class with very limited duties. There are 11 so-called “curators” who read proposals and vet them for basic flaws and scamminess. They also manage the status of the payment addresses on the funding proposals. In order for an address to recieve funding it must be whitelisted by the curators.
  6. The DAO can vote to fire and replace curators. 

It’s starting to sound a bit more complicated, isn’t it? I could go on. But the point here is that the voting apparatus has a lot of moving parts. According to Sirer and his colleagues, the machine has not been properly tuned to get the desired outcome.

In general what you really want in any kind of a voting-governed structure like the DAO is you want the voters to vote their true preferences. You want them voting in line with what they want to see happen,” says Sirer. In other words, if a token-holder thinks that the proposal will yeild profits and increase the net worth of the DAO, he should vote yes. If not, he should vote no. But that’s not what we’re likely to see, according to the analysis.

“For a number of reasons it turns out that the mechanism encoded in the DAO is not in line with these principles. Certain people have incentives to behave in a strategic fashion,” says Sirer.

For example, Vlad Zamfir, one of the co-authors, who is also one of the curators for the DAO, points to a strong incentive not to cast negative votes in the organization. Anyone who votes on a proposal also loses the right to split apart from the DAO until the voting ends and the project in question is either discarded or funded. Zamfir argues that this amounts to a cost on no votes which increases the likelihood that people who would other wise vote no and stop a proposal from going through will instead wait out the vote and just split from the DAO if it doesn’t go the way they wanted. In this scenario, the yes voters get what they wanted. The people who were paying attention and disagree at least get to jump ship. It’s the people who didn’t vote and didn’t pay attention who lose the most, who are tugged along into bad projects, potentially ones that have been intentionally designed to profit only a fraction of the DAO owners.

“The people who don’t participate, the people who are just in it for the ride, who are non-active members of The DAO, they’re going to be the ones who get screwed by biases and vulnerabilities,” says Zamfir. “It’s the passive people, who are expecting this to go well because they trust Slock.it and the curators. But instead, the DAO as implemented today may just spend everyone’s money.”

The pro-yes voting bias is one of seven potentially critical scenarios that the authors outline in their paper. At the end they include options for how to fix each problem.

In order to move on a fix, The DAO would have to vote to write new code into a new Ethereum address and migrate all the funds. This would, of course, take time, which is the reason for the moratorium. 

If a moratorium does take hold, it will be most immediately relevant to the Slock.it group, which has been drumming up support for a proposal that Stephan Tual, the COO of the company, says will request millions of dollars from the DAO.

In an interview on Thursday, Tual downplayed the severity of the DAO vulnerabilities. Regarding the voting bias, he said, “First of all it’s not in the realm of technical attacks because a technical attack would be—we broke your math and we can take stuff out of the contract. This is in the realm of social attacks. But who’s the attacker in this case? This is more a case of the governance model could be improved. Well, duh. Of course it could be improved. It will be improved and that’s the whole point.”

Tual argued that the DAO, regardless of the unexpected participation levels, is still an experiment and that, even more importantly, its fate is no longer in the hands of the people who created the code, but the people who hold the tokens. 

Perhaps in concession to a growing chorus of concerned participants, Slock.it has outlined a proposal to the DAO to fund a permenant security team. But Tual says that the group will also go ahead with it’s originally planned proposal.

“We’ll see. It’s just a proposal. Anyone can go and make another proposal. That’s the beauty of the free market,” says Tual. “If we felt that there was a huge problem that we considered might happened, we would be the first to say “whoops, let’s do something about it. Let’s just address it. Let’s handle it.” But in this particular case, this is more like improvements than anything else,” he says.

If the curators chose not to whitelist the Ethereum addresses referenced in the funding proposals, then they can shut down the DAO until they are satisfied that the problems are fixed (although the DAO could always retaliate by firing them). This is what Gun, Zamfir and Mark argue is justified and are now pushing for.

“Basically, if there’s any whitelisting or proposals before the DAO changes code, then I will be very concerned. I think the current code has some pretty clear biases and problems with it,” says Zamfir.  

Advertisement

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Advertisement
Load More