Torn between "I think losing $100 million when someone beats you at security research is pretty much exactly what you signed up for doing yield farming" and "Maaaaaaaybe not the future of finance you were expecting, huh."

How to put this in regular finance terms...

Suppose hypothetically you have an account at a brokerage with some valuable asset in it. You take a margin loan against that asset to fund your normal spending, or pay a tax bill, or maybe buy something at another brokerage.
For reasons known only to the brokerage, they don't denominate your loan in dollars. They denominate it in shares of a money market fund, which are worth $1 +/- epsilon and basically never deviate from that.

And you think "Hmm, I have a large equity cushion against this loan."
One day, a computer system at the brokerage reports, sorta-kinda erroneously, that the value of the money market fund is actually $1.30 per share. The equity cushion is gone. Your valuable asset is sold, at timing you didn't choose, at wrong price, to pay an inflated phantom debt
And your recourse is... probably tweeting at patio11 saying he finds too much joy in this.

Which I don't; I just feel like this is why you don't trust a CPU built out of redstone to build reliable financial infrastructure on top of.
"Hey patio11 could this happen in traditional finance?"

Ill-timed liquidations can and do, but attacking someone doing something not-risky to force a liquidation is harder, because of many built in safeguards.
One, you can actually borrow in your unit of account (e.g. dollars), and $1 = $1, so you can't convince a brokerage that a $100k debt is actually $130k.

Two, if you regulated financial institution has a goof in your data feeds causes you to mechanically disadvantage retail...
... your most likely outcome is having an internal meeting and saying "Which do we dislike more, covering their losses out of our equity OR getting our knuckles rapped by the regulators, paying a fine, then covering the losses with our own equity?" and choose door #1.
Three, it is enormously hard to pervert the most popular real markets in the world and that is a game you actually don't want to win, because the first prize is frequently go-directly-to-jail.

This is not the consensus viewpoint among engineers, who do not have good calibration.
Like if you somehow did security research against e.g. the monthly Treasury auction and somehow caused it to invert expectations around reality, that would plausibly have $X0 billion in consequences and you could make out like a bandit.
And also literally everyone you had talked to for the last several years would be taken out for tea by friendly serious federal agents.
("Do you really think that would happen?"

For the treasury auction? Oh heck yes I do. Expect a turf war between the money people and the terrorism people over who gets to lead the investigation.)
Crypto enthusiasts would probably suggest me to disagree with them on this, and I actually do not at all:

The financial system is in part of broader systems of state control. Seriously attacking it at scale would be treated indistinguishably from "kinetic" war.
"So is the state going to seriously come after crypto people then?"

While they flatter themselves into thinking they materially challenge the government, following their own logic pretty closely, if this were actually true their conferences would attract precision munitions.

More from Patrick McKenzie

There are a *lot* of software shops in the world that would far rather have one more technical dependency than they'd like to pay for one of their 20 engineers to become the company's SPOF expert on the joys of e.g. HTTP file uploads, CSV parsing bugs, PDF generation, etc.


Every year at MicroConf I get surprised-not-surprised by the number of people I meet who are running "Does one thing reasonably well, ranks well for it, pulls down a full-time dev salary" out of a fun side project which obviates a frequent 1~5 engineer-day sprint horizontally.

"Who is the prototypical client here?"

A consulting shop delivering a $X00k engagement for an internal system, a SaaS company doing something custom for a large client or internally facing or deeply non-core to their business, etc.

(I feel like many of these businesses are good answers to the "how would you monetize OSS to make it sustainable?" fashion, since they often wrap a core OSS offering in the assorted infrastructure which makes it easily consumable.)

"But don't the customers get subscription fatigue?"

I think subscription fatigue is far more reported by people who are embarrassed to charge money for software than it is experienced by for-profit businesses, who don't seem to have gotten pay-biweekly-for-services fatigue.
I like this heuristic, and have a few which are similar in intent to it:


Hiring efficiency:

How long does it take, measured from initial expression of interest through offer of employment signed, for a typical candidate cold inbounding to the company?

What is the *theoretical minimum* for *any* candidate?

How long does it take, as a developer newly hired at the company:

* To get a fully credentialed machine issued to you
* To get a fully functional development environment on that machine which could push code to production immediately
* To solo ship one material quanta of work

How long does it take, from first idea floated to "It's on the Internet", to create a piece of marketing collateral.

(For bonus points: break down by ambitiousness / form factor.)

How many people have to say yes to do something which is clearly worth doing which costs $5,000 / $15,000 / $250,000 and has never been done before.

More from Tech

A brief analysis and comparison of the CSS for Twitter's PWA vs Twitter's legacy desktop website. The difference is dramatic and I'll touch on some reasons why.

Legacy site *downloads* ~630 KB CSS per theme and writing direction.

6,769 rules
9,252 selectors
16.7k declarations
3,370 unique declarations
44 media queries
36 unique colors
50 unique background colors
46 unique font sizes
39 unique z-indices

https://t.co/qyl4Bt1i5x


PWA *incrementally generates* ~30 KB CSS that handles all themes and writing directions.

735 rules
740 selectors
757 declarations
730 unique declarations
0 media queries
11 unique colors
32 unique background colors
15 unique font sizes
7 unique z-indices

https://t.co/w7oNG5KUkJ


The legacy site's CSS is what happens when hundreds of people directly write CSS over many years. Specificity wars, redundancy, a house of cards that can't be fixed. The result is extremely inefficient and error-prone styling that punishes users and developers.

The PWA's CSS is generated on-demand by a JS framework that manages styles and outputs "atomic CSS". The framework can enforce strict constraints and perform optimisations, which is why the CSS is so much smaller and safer. Style conflicts and unbounded CSS growth are avoided.

You May Also Like