Search on TFTC

Issue #536: Trusted 3rd parties are security holes

Jul 29, 2019
Marty's Ƀent

Issue #536: Trusted 3rd parties are security holes

In case you freaks missed it, late last week the world became aware of the fact that GitHub has begun shutting down user accounts to comply with a fresh set of sanctions on countries the United States does not like. With Iran being high on that list, a number of Iranian GitHub users have found that they are no longer able to access their code repositories hosted on the site.

For those of you who may not know what GitHub is, it is a hosting service that allows software developers to house their code repositories. Users can easily leverage and utilize Git, an open-source version control system for developers that allows them to keep track of their codebases and how they've evolved over time. A vital tool for software development and deployment. GitHub has essentially built a pretty interface on top of Git and made it extremely easy for developers to build projects, track changes and reviews, push code to production, and communicate with other developers. GitHub is so good at what it does that it has amassed a crazy network effect, so much so that it is the single largest host of source code in the world. GitHub's success has made it one of the biggest centralization risks that exist in the world of software development. And last week's actions prove that they will be coerced to act however the US Government wants them to.

If anything, these recent actions should serve as a wake-up call to software developers working on critical infrastructure around the world, and especially to those working on subversive open source projects like Bitcoin. Make sure your system is not vulnerable to this attack vector. As we know all too well in this world of Bitcoin we find ourselves in, trusted third parties are security holes. While I believe GitHub is one of the most important companies in the world when it comes to the enablement of building and deploying software, no amount of good intentions and corporate ideals can withstand the strong arm of a government with an agenda.

As Bitcoiners, we must encourage the use and development of decentralized tools that allow us to build the distributed system we are so focused on. If a government can go to a company like GitHub and demand they stop allowing code pertaining to the Bitcoin stack to be hosted on their servers while no alternatives are being used, we are dead in the water. Luckily, many Bitcoin devs have the foresight to recognize this and have mirrored Bitcoin-related repositories on self-hosted alternatives. However, these fail-safes could be better and, ideally, the standard way Bitcoin's code is hosted.  

Always vigilant!

Final thought...

Waze doesn't work.


Current Block Height

Current Mempool Size

Current Difficulty