The Great Post Office Scandal and Moxie Marlinspike's Web3 Article

Ian and Ash talk about the high price of software without ethics in The Great Post Office Scandal and dive into Moxie Marlinspike's first impressions of web3 (lowercase w, no .0)
Ian:

Hello, Ash.

Ash:

Hello, Ian. How are you?

Ian:

I'm I'm very well. Thank you. And how are you?

Ash:

Very good. Very good. Very relaxed, I would say.

Ian:

So I've heard you've got some news.

Ash:

Yes. Yes. Really exciting news, actually. And something that's taken a while to to come to fruition.

Ian:

Like one of our episodes?

Ash:

Yeah. Yeah. Absolutely. Yeah. What's our what's our personal best?

Ash:

Like, 2 years?

Ian:

Yeah. Something like that.

Ash:

So me and a friend called, Rob Meany, who works for a company called Glofox

Ian:

Mhmm.

Ash:

In Cork. We wrote a book called The Team Guide to Testability. Woah. Yeah. Yeah.

Ash:

Quite the undertaking. I learn I learned a lot trying to write this book.

Ian:

About writing a book or about, I I guess you started from knowing a lot about testability.

Ash:

Well, yeah. Obviously, as you do your deeper research, it changes what you think, but mostly about writing a book and how organized you need to be and kind of what role you need to play as well. So it was fun to write it with someone because that meant we could play to our strengths. The great news is that it's gone to print and is available in all good booksellers and some terrible ones as well.

Ian:

Hiya, Jeff.

Ash:

Insert Jeff joke. So, well, the idea for the book was that each chapter is, like, a stand alone so say if you've got a particular testability challenge, say if you've got a bunch of dependencies which are giving you problems, or you want to improve how you do deployments and releases to get more information to to feed into your testing. Then each chapter is standalone as a has a bunch of exercises that you can do in order to help you in that regard for that particular problem, or you can read it all the way through. But it's more about, like, oh, we've got this challenge. So look for the challenge you have and then pick the the chapter and the exercises you need out of it.

Ash:

So you could use it either way, really, as a book or as a as a reference.

Ian:

Well, all good booksellers.

Ash:

Yes. Exactly.

Ian:

Fantastic. Well, congratulations.

Ash:

We can put the link to the the publisher's page, which links to all the booksellers in the show

Ian:

notes. Yes. Let's do that. Yeah. Outstanding.

Ian:

So we also had a bit of follow-up after our last episode. The last two times when we've talked about the last episode, I've said, do you remember the last episode? But actually, the it was recently enough that I don't feel I need to ask that.

Ash:

Yeah. I do remember it quite vividly. Christmas Christmas special. Right?

Ian:

It wasn't wasn't too late after Christmas, was it?

Ash:

Boxing day special.

Ian:

Boxing day boxing day special. But, yes, we did get some follow-up from our last episode when I shared it on Facebook, which I guess was apt because meta, Facebook, all of that link there. But Shona MacNeil, who's a friend of mine from a long way back, pointed out that maybe I was being a bit obsessive over Facebook's version of it. And I should actually think of it in the context of Microsoft who announced something called mesh back in March. And they're both trying to outdo each other.

Ian:

Although she mentioned, and I also went on Microsoft's AltspaceVR For the tape, Ash is shaking his head despairingly. I'm not sure whether it's about me going on it or its existence.

Ash:

I just think that that's an absolutely abominable name. Abominable. It it is beyond focus group madness. I just imagine they were sat with a focus group of 1 person, and they just said, I don't know, just call it alt space VR.

Ian:

Maybe they should have called it control alt delete VR.

Ash:

Over and over again. I just I just imagine that soon Facebook will do a rebrand of, to VR space alt.

Ian:

The circle will be complete.

Ash:

No one will know what's going on.

Ian:

I'm not sure anyone really knows what's going on anyway, but,

Ash:

No. No. So the feedback?

Ian:

Yes. That was nice. Thank you, Shona.

Ash:

Yeah. Thank you, Shona. In the last episode, at the start, we said a few facetious things about the difference between the web 3 and web 3 point o. And I didn't wanna be the technologist who's just like super dismissive or, super enthusiastic about whatever, you know, the difference is.

Ian:

We're technology EOs here, remember, on this podcast.

Ash:

Technology EOs. Exactly. We're equally disinterested in all technologies. Yes. And equally, cynical about their impact on humanity.

Ash:

So, anyway, so I went away, and I started to look into this. So bear with me.

Ian:

Bearing with you.

Ash:

So let's start at the top. The semantic web.

Ian:

Oh, the semantic web.

Ash:

Which is about making Internet data all machine readable or mostly machine readable.

Ian:

APIs? Yes. JSON?

Ash:

Yes. So well, no. Well, it could be. We haven't built it yet.

Ian:

I'm not saying SOAP.

Ash:

Just you're getting into you're getting into implementation details here.

Ian:

Oh, sorry about

Ash:

that. Too early.

Ian:

Solutioning. Solutioning.

Ash:

And this is a wonderful name, which is called the giant global graph, which in my when I initially read it, I was really tired, and I was like, I'm sure that said giraffe.

Ian:

Oh, the giant global giraffe should exist.

Ash:

Yeah. Absolutely. Can you imagine?

Ian:

It'd be brilliant. It'd be like, take that oil companies and deforest us. The giant global giraffe is coming for you. Sorry.

Ash:

It's alright. So the all the HTML on the Internet and it all, apparently, would be annotated with different endpoints. So if it was Ian is from Ilkley, there would be a person, end point called Ian, a a person schema, and then, like, a place schema for Ilkley. Right? And all this would be replicated all over the Internet and you would somehow have enough compute in order to crunch all this stuff.

Ash:

And then, basically, the idea is that all this data would be used for decision making, advertising probably, whatever it would be used for, and that is the semantic web, that is the dream of the semantic web that basically the Internet is machine readable. Okay. So web 3.0, so that is a a a set of changes of which the semantic web would be a part. So there are other bits to web 3.0, but kind of the semantic web and web 3.0 are intrinsically linked, let's say, in the in the dream of Tim Berners Lee.

Ian:

It sounds a bit like web 3.0 is to web 2.0 as web 2.0 was to web 1.0. Yeah. It sounds like a progression of that, doesn't it? Whereas web 3 sounds not that, but I guess you're about to say that or something.

Ash:

So from my this this is this is me looking and trying to understand what web 3 is. So there's no space between web and 3 and there's no point o, just web 3. And sometimes it's a lowercase w, but that's not the difference.

Ian:

A lowercase w?

Ash:

Often with a with a hash in front of Web 3 is the world wide web, as in web 2 point o

Ian:

Mhmm.

Ash:

Not the giant global giraffe based on public blockchains such as cryptocurrencies. And it gets a bit woolly here. So some visions are based on DIOs and something called DeFi, decentralized finance, and some on SSIs, which I think is self signed identification. So it's like identity services without the need for OAuth. So you wouldn't be, like, creating accounts everywhere with tokens and things like that.

Ash:

So some of it's based on that, some descriptions, and some for web 3, it's partially that and partially the semantic web as well, kind of. But I think I've kind of read through it, and the common factor is that you need a crypto wallet for anything that's web 3 with no space and no point or maybe a lowercase w. So the common factor is that you need a crypto wallet to take part in that world. One last thing. So when I initially when we talked about this initially before we went started recording, so the common factor is that you need a wallet for all these things in web 3.

Ash:

Mhmm. Yeah. So

Ian:

With money in

Ash:

The semantic web web 3.00 don't mention money by its nature. Web 3, you do need a wallet, and then you need ability to take stuff from that wallet and put it into your crypto wallet in order to take part in Web 3, it seems to be.

Ian:

Yes. There's a there's a cost of entry inherently.

Ash:

Yeah. Yeah. I would say so.

Ian:

Well, I feel that all of our listeners will now be in a state of deep gratitude that that you've explained that to them, because, frankly, I I didn't really understand that.

Ash:

Well, at least they know about the giant global giraffe. No.

Ian:

Yes. And who among us can turn down the idea of a giant global giraffe?

Ash:

No one. Only a monster.

Ian:

That might be the best thing about web 3.0 and web 3 is the existence of a giant global giraffe. Well, I think we should stop here. I don't think we need to bother talking about any things because we basically won the Internet with the giant global giraffe today. I suppose we should talk about things, really.

Ash:

Yeah. Let's talk about some things. I think it's my turn to go first, isn't it?

Ian:

Yes. It's your your turn to monopolize the airwaves.

Ash:

I will begin the internal external, the external internal monologue.

Ian:

Yeah. Well, at least we're consistent. What's your thing, Ash?

Ash:

So my thing is it's a well, it's a book based on, a set of events, which is still going on today, to be fair. And it was called the great post office scandal. Oh. Actually, there was a an article about this yesterday talking about the the amount of compensation that's gonna be required, like, running into, like, the billions.

Ian:

Oh my goodness.

Ash:

So it's still, like, still going on today after many, many years. So the scenario is is that about 20 years ago, maybe 25 years ago, post offices were quite complex places which provided loads of services to lots of people. So, you know, obviously, post and benefits and savings and mortgage you know, many, many things to many different people that become like these community hubs. Mhmm. And they were all essentially still paper based.

Ash:

So in terms of the post office, they wanted to bring this into the whichever century they wanted to be in, and they commissioned Fujitsu to build a point of sale system to deal with all these different transaction types and start to smooth things over. And all of these would be would be networked, so they would report centrally to the post office so, you know, they could do analysis and tracking on what each post office what its takings were and what its balance was like.

Ian:

It doesn't inherently sound like a bad thing.

Ash:

No. No. But what happened once they started rolling the system out so I guess the first thing was is that they were rolling out to post offices run by some postmasters who were not technically savvy, if you know what I mean. And used to having a paper based system. And then suddenly they were presented with this terminal to use for everything.

Ash:

And for certain postmasters, they started to see discrepancies in the balance from using this new system. So they would, like, balance up, at the end of each day or whatever their time period was. And they would say, okay. Have all the transactions that we have done on a given day versus the amount of cash that we have in our branch.

Ian:

Mhmm.

Ash:

And certain sub postmasters started to find that this was no longer balancing after many, many years of using the paper based system to actually balance. So using this new system. And over time, it got worse and worse and worse. And then because it was being reported centrally because of this new network system, eventually, the post office would get involved, and they would say, why aren't you balancing UO's money, basically?

Ian:

I guess, given all of those things you described going through the post office, that could add up quite quickly.

Ash:

Yeah. So, eventually, you ended up supposed to buy end up with tens or 100 of 1,000 of pounds worth of discrepancies. Oh. And people were borrowing money off family, remortgaging homes in order to pay this money back

Ian:

Oh my goodness.

Ash:

Based on the evidence of this Horizon system. And the post office, whenever a sub postmaster would say, well, this only started happening when I started using Horizon, the post office would be, well, the system is robust. There's no problems with it. You're the problem. You've been stealing.

Ash:

1 of your employees has been stealing. The Horizon system

Ian:

Oh, dear.

Ash:

Was robust and had no bugs. This was the party line and this is what was being told to all these sub postmasters who were getting into worse and worse trouble. And the post office wouldn't give access to these transactions either. So they couldn't even get access to the data in order to look at what had happened in order to try and balance it out. So all they could see was Horizon's, like, summary report, which would just have a a, you know, a big red number on it, and they would be, like, getting more and more stressed and more and more into debt to try and figure this out.

Ash:

And this, like, lack of access was a was like a a massive problem in terms of trying to to prove out what was happening. And then over time, the number of prosecutions of postmasters got increased more and more and more. And this Horizon Report evidence was being used to secure these, these prosecutions. So people were either going to prison for theft or for false accounting. Because interestingly, the Horizon system, it didn't have the ability to challenge a balance.

Ash:

You either had to accept it or not accept it. But if you didn't accept it, you couldn't carry on trading and roll into the next period. And when the Horizon chief architect was asked why that was it, he basically said, it's to keep our system neat and tidy, which I thought was

Ian:

Well, that's the important thing, obviously.

Ash:

Yes. It's just ignoring the messiness of reality, isn't it, through functionality? But functionality like that causing, like, real distress, real problems for those who were supposed to be using it. So all along, the post office continued to say that Horizon was was robust and had no bugs. Although, over time, a number of problems started to appear.

Ash:

There was a few found around, like, exchange rates, for example, and rounding errors and things like that. But the main ones were resilience. So if Horizon was offline for a time, then transactions would magically disappear. And, also, one sub postmaster so she was having some work done in her post office, So they moved the terminal to a temporary building. And there was no problem before, but once they moved the terminal, this network terminal, suddenly, balances got all out of whack, and she ended up, again, owing tens of 1,000 of pounds.

Ash:

But the interesting thing for me was, in court, the evidence that Horizon submitted was was seen as as the truth, which is weird coming from, like, me as a software tester. If you say, look at the output of this system, it's the truth. I'd be like, I don't think so.

Ian:

Well, it's it's the whole computer says no kind of thing, isn't it? It's just like we're just the computer says this. Therefore, it I mean, that you'd you'd think people would have got over that by now?

Ash:

Yeah. Yeah. Absolutely. So this is this has gone on for a long time. The first thing that that popped into my head is that is a kind of especially around how Fujitsu behaved as the as the builders of this system who kind of behaved with equal opaqueness as the post office in terms of denying everything, especially the ability to there was a there was a particularly interesting part of it, which was around how whether or not Fujitsu had remote access to individual terminals or the ability to affect individual accounts.

Ash:

And there's a very cloak and dagger story in there of 1 of the supposed masters going to Fujitsu and being taken into, like, a room, like, under the bowels of the building, and and and some Fujitsu people basically changing a branch's transactions by replaying messages and changing them. And this was like this is a postmaster's word against the behemoth of Fujitsu and post office, but it was just and then there was a an exchange about this in court where the, someone with a with a more technical outlook tried to explain this to a to a solicitor, and it was just the the difference in mindset was just incredible. Because to me, if you said, oh, well, you can just take these messages, change the headers, and replay them in that particular system. And I'd be like, well, okay. That seems like a a perfectly possible thing to do.

Ash:

Whereas in, like, the non technological the the legal sense, Basically, everyone had to stop for a lie down in order to sort of, you know, comprehend that this was possible.

Ian:

Right. I guess that's a feature of lawsuits about technology things is that half the battle is explaining it to the people Yeah. Who have to decide about it in terms that they can understand. I mean, all of our industry all industries have their own jargon, don't they? But we in the technology industry have more than the most, and we've got all these patterns that we all understand like messaging.

Ian:

But trying to see that from the perspective of someone who has no Yeah. Background in it is quite quite hard.

Ash:

So the thing that always pops into my head when I with stories like this is building software ethically. The book starts the first chapter is someone was asked to go into Fujitsu because they were working on a project which was hugely in trouble and was just an absolute mess with, like, a 1000000 people on it. And, yes, this was the, obviously, the Horizon project. And their technical practices were awful. Their testing was basically nonexistent.

Ash:

But no one could admit to any of these things because to admit to it would mean awkward questions. So, all these poor practices resulted in a rushed, poorly tested, really opaque piece of software with, minimal training being released upon a set of users who weren't ready for it, who didn't understand the premises of it. And all the way through that, I guess, the question would have popped up. Is this the right thing to do? Or maybe that question didn't pop up.

Ash:

Maybe that's the challenge there.

Ian:

I suppose the question is, in whose interest is it for that question to pop up? Because if everybody on all sides of the project that's delivering the programme of work that's being delivered for this are all determined not to ask that question, then no one's it's not gonna be asked, is it? I must say, as you've been describing this, I just feel absolutely horrified by it. These kind of large it's not exactly public sector contract, but it's close. It's certainly public sector adjacent.

Ian:

But there are these huge inflexible organisations banging together and then people being completely just individuals being completely destroyed by it. And I mean, that that that's quite horrifying because people who are just doing their job and getting on with it and doing a high quality I mean, no doubt, not everybody involved was perfect on the sub postmaster side and all the rest of it. But basically, they had all, I think, largely been operating sub post offices with without incident for probably years in in some cases anyway. And, suddenly, the the whole the whole operation is being called into question. Their integrity is being called into question.

Ian:

And they've got literally no ability to to challenge it.

Ash:

When you hear the stories, it's like, this was their dream a lot of the time as well to have their own business. And a lot of these were very successful businesses as well until Horizon came along, which kind of makes it all a sadder because they've gone from having acquired the lifestyle and the business that they wanted and found a, you know, a place in the community that they in a way that they were really proud of. To go from that to Yeah. Being accused of false accountancy and theft and even going to prison for it is just amazing. It's just the it's kind of the the neglect is terrifying.

Ash:

And I think also you mentioned it being, like, public sector adjacent. So the government are culpable in this as well because they use the well, the post office is a private company now owned by the government, so we're going to stay away from this. We're gonna keep it at arm's length. So a succession of ministers, MPs, not all to be fair, a lot of them did fight quite hard for some postmasters. Due to use the, it's a private company owned by the government to keep it all at arm's length and not really do anything about it until much, much later in the process.

Ash:

And as I said, at the top, now that the, you know, the compensation is now running into over £1,000,000,000 that the I

Ian:

can see why.

Ash:

The taxpayer will then have to give to the post office in order to pay the compensation. I often think of this as, you know, as a tester, you might say, what's the worst that could happen? And when I read this book, I was like Yes. I couldn't dream of that being the worst that could happen. You know?

Ash:

Yeah. This is like this is like beyond my wildest nightmares of what the worst that could happen based on a piece of software is. People have taken their own lives as part of this, so, you know, I think I I just found it absolutely absolutely unbelievable. I think big consultancies so I don't know. I've done a bit of public sector work, and I'll tell you what happens.

Ash:

You go into a a public sector organization. I often go in as part of a smaller entity than one of the bigger consultancies, you know, the, the Cap Geminis and all that of this world and the Accentures. And you go in, you look at the thing you've gotta build, and then you say, right. What's nearby to this? What do we depend upon?

Ash:

And then it'll be, it's this thing that, you know, x consultancy built 30 years ago, which is hard to change, is an interoperability nightmare, and we all have a good laugh about it. You know? Because it's always the same. But the thing is, it's not funny, though, is it?

Ian:

No. It's a kind of hollow laugh at best.

Ash:

Yeah. Yeah. Absolutely. So to me, in the public sector, a lot of the time it's accepted that the big consultancies are in there because of their bigness, obviously, not because of their skills and abilities. Obviously, there's individuals within those big consultancies who were very good, and I would never deny that.

Ash:

But the relationship is not about that. It's not about quality or making the user happy. It's more about cost and deniability. And this kind of shows between the post office and Fujitsu because they would invariably, like, needle at each other for whose fault it was. And then also in terms of rushing out this thing that obviously wasn't ready, that's had this massive impact on so many people's lives, it's so the post office could blame Fujitsu for it not being ready.

Ash:

That's why you engage with these consultancies so you can, like, deny and obfuscate and say, well, okay. Well, I've handed over responsibility for building this system to this company. And now when minister x says, why isn't it ready yet? I can say, well, it's their fault. I've paid them really well, and, they haven't delivered, which results in really bad things being delivered, which don't meet the user's need or haven't even really engaged with the user's need.

Ian:

You're right. I think that the government does engage because of the bigness in the sense that if the government wants to do a large programme, then either they have to employ a lot of people and then manage them and manage their work and be responsible for the outputs of them and then somehow scale them back later when the thing's done, and it moves into an operating mode. Or you just get a company that already has all those people and pay them to do it. And you're right. Then you get that kind of, that slight remove of of responsibility.

Ian:

So you you're the the question you have to answer when you've done that is, was it reasonable for me to hire this company at the time when I hired them, rather than has the thing been delivered? I'm just trying to imagine what a good version of it could look like. What do you think a good version of this would have looked like?

Ash:

So a good version of this would have started with the user need and looked at who they were, as in, you know, a lot of them were close to retirement. And at the time, technology was not that prevalent. You know, obviously, smartphones were mobile phones were starting to pick up. But even an EPOS terminal was seen as, you know, relatively revolutionary. So look at the people who are gonna use it and find out what they need.

Ash:

And, also, I think more domain knowledge from those who are going to be building it. The post offices provided many, many, many services, like tons of them because events over time, everything had consolidated into the post office, like the benefit system and things like that. So it was really complex.

Ian:

It's an outpost of the government in your town, isn't it?

Ash:

Yeah. Yeah. Absolutely. So, can you imagine trying to build a system for that level of complexity? It's gonna be hard.

Ash:

Mhmm. So, you know, having it based on the user need, a very gradual rollout rather than the the vast speedy rollout that they went with in order to hit the date.

Ian:

The very big bang.

Ash:

Yeah. Also, just looking at the amount of training that would be required in order to use this, because, essentially, what you were talking about was a revolution in the way that post offices worked, not a gradual evolution you were talking about, like massive, like, sea change in how everything worked and all in one go.

Ian:

All in one go. You know?

Ash:

So what would we do now? We'd probably take some target branches and say, right. Okay. Well, let's try this for a few months and see how we get on. So once I finished the book and and thought about it a bit, I was mad.

Ash:

It made me angry. I want to believe that that technology is a Yeah. Is and can be a force for good. But technology here has been used and purposefully misunderstood in order to to cause real pain. And once I'd got over the being mad about it, there's a chap called Alan Bates, one of the sub postmasters, who organized everyone in order to, you know, come together to fight.

Ash:

And I just thought Yeah. He's one of those amazing people who is he says no. He says, this isn't right. He wasn't crazy about it. He was just like, once the post office told him about the discrepancies, he was like, give me the transactions and I'll reconcile them myself.

Ash:

Obviously, they wouldn't do that. But, you know, some people just have that innate ability to say, no, this isn't right, and then begin to fight. And I was like obviously, there's lots of sad stories in there. Yeah. But that was one particular person where I was like, wow, you're amazing.

Ash:

If the world was full of more review, we would have a much more just society around us.

Ian:

Well, we shall raise a mug of tea to him. Yeah. So Indeed. That's an amazing and also horrifying tale. You mentioned a book.

Ash:

Yes. So the book is called The Great Post Office Scandal, and it's by a chap called Nick Wallace, who's a investigative journalist. There's also a Panorama episode and a BBC Radio 4 series around this. And you probably see it cropping up in the news as well, so just just kinda keep an eye out for it because it's there. I would I can't recommend it enough, I think.

Ash:

If if you're a technologist and you care about ethics in technology, there's so many lessons in here to be learnt.

Ian:

Well, just having a look, I just found an article on The Register from last April in which the quote is that from lord justice Holroyd said that the one time state monopoly had, by representing Horizon as reliable, effectively sought to reverse the burden of proof, leading to criminal defendants having to prove their innocence Yeah. Instead of the post office showing they were guilty. I mean, it's just beggars belief.

Ash:

Very serious thing.

Ian:

I think that was a very interesting thing. I think it makes us I mean, as technologists, we must do better.

Ash:

Yeah. I think so.

Ian:

I think a lot of time we do, but

Ash:

Yeah. I think so.

Ian:

Not all the time.

Ash:

I wouldn't wanna tarnish every project with the Horizon Fujitsu brush.

Ian:

No. No. Not at all.

Ash:

But I think because of the the nature of how governments engage with consultancies, there's always the potential for this to happen. So I think there's loads to be learned there, but it's not uniform. I just think we should pay attention to this example is a really good cautionary tale about building technology in a, for large organizations, especially in a public sector context.

Ian:

Well, we should at least use it to inform our answers to the question what's the worst that can happen.

Ash:

And the answer to that is pretty bad stuff.

Ian:

Yeah. I'm almost not quite speechless.

Ash:

So that was my thing.

Ian:

Wow. That that was an epic thing.

Ash:

It was an epic thing. It's an epic story. You know?

Ian:

Well, we'll include a link to the book Yeah. And to all of those other things. I know you mentioned the radio and panorama. Good. Well, I've got a thing.

Ian:

My thing is about web 3, which we may have mentioned a couple of times recently, perhaps in a certain skeptical tone. But, you know, as technology eos, we must maintain our reputations, obviously. So my thing is actually around an article that I recently read about web 3, which I thought was very interesting. And it's written by Moxie Marlinspike. That's an alias.

Ash:

It's a better name than alt space VR. I'll I'll say that.

Ian:

Yes. You agree that his name passes your very low bar that you just outlined for him?

Ash:

It's not my bar. It's Microsoft's bar. It's all marketing ever bar.

Ian:

Yes. Indeed. Well, Moxie Marlinspike, as I shall call him because that's the name he published the article under Mhmm. Is the just former CEO of the encrypted messaging app signal. And so he's got quite a lot of credibility in terms of cryptography and security and associated things like proving who did something by signed messages and all that kind of stuff.

Ian:

Sure. And actually, I recommend Signal as an app. I think it's a really, really good end to end encrypted messaging app. Yep. He's decided to do a bit of a technical deep dive into web 3.

Ian:

So he's basically made a few distributed apps or dapps, as I think we call them.

Ash:

Yeah. Indeed.

Ian:

And he's made an experimental NFT, stuff like this. So he's basically pointing out some things, which I think, without doing this sort of tech more technical deep dive, are not really apparent. And certainly, I had not appreciated them Yeah. Myself. And I haven't done that that kind of deep dive.

Ian:

I think you've done some stuff, haven't you?

Ash:

Yes. I built a simple voting app. It was just like a a React front end. You would vote on something, and then that would be committed to the blockchain that was running locally. So, yes, I've done a using MetaMask as a as the broker there between the front end and the and the blockchain.

Ian:

So was it your own blockchain as well? It wasn't Ethereum or something? No.

Ash:

It wasn't. It was just just running on my it worked on my machine.

Ian:

Well, there you go. That proves it. I haven't done anything like that myself. So it was quite interesting for me to kinda read about his experience. And he starts off with a couple of assertions that he goes back to, and I think they're quite interesting to talk about.

Ian:

So one of them is people don't and never will want to run their own servers. It kind of harks back to when the Internet started and every everybody was gonna be a publisher. Everyone was gonna have a website. And what's actually happened is that it centralized a great deal into these massive platforms like Facebook. So everyone's a publisher on Facebook.

Ian:

You know, people go log on to it. They they write something, and they they hit return. Yep. And so his argument is the reason for that is that people don't want to run their own servers, And I I think there's probably reasonable evidence for that. Yeah.

Ian:

Although it's then gets a bit hazy in terms of what what is a server. You know? Could someone, Yeah. I think a server has to have an advertised address.

Ash:

Yeah. I think for the purpose of this, that's probably like a good definition to to meet around, isn't it?

Ian:

Yes. In some in some sense. Yeah. Yeah. I mean, I've always wanted to run my own servers, but then I'm probably an antinoble person.

Ian:

No. That's that's not right, is it? I'm not against normal people. But I don't always feel as I'm one of them.

Ash:

Yeah. So the whole decentralization point with Web 3 here, the the point made here and my general thought is, like, so where do we decentralize to? Is I think this is the point, isn't it? Because essentially what you're saying is you want more. So Web 3 wants less consolidation with large centralized brokers, if you like.

Ash:

Whereas I'm just generally, well, where do we decentralize to? Are these are are the current large, large technology providers gonna gonna break up? Are they gonna how would that happen? So I just don't see that happening either. But

Ian:

But that's the blockchain's promise, isn't it, that the blockchain is basically giving you a decentralized database to run all these things on top of. And the way that you can decentralize it is that you have this kind of zero trust model between the the servers that that run it, but they are servers.

Ash:

Yeah. So if it's all running on AWS, then it's it's like, yes, you still got peer to peer communication, but it's still all running in one place. Right? So I guess that's No.

Ian:

Well, there's an interesting the big cloud provider thing is a whole other Yeah. Idea as well, isn't it? Yeah.

Ash:

Yeah. Absolutely.

Ian:

But but he makes this assertion people don't want to run their own server Yep.

Ash:

I think that's

Ian:

which he then bases his further arguments on. And the other assertion he makes there is that protocols move more slowly than platforms.

Ash:

Mhmm.

Ian:

And I'm a bit more I mean, he's got a compelling example because mail email runs on something called SMTP, which stands for Simple Mail Transfer Protocol.

Ash:

Yep.

Ian:

And email is not end to end encrypted, and there's no infrastructure for it to be. And SMTP has been around since the eighties, I think. Yeah. I think since the eighties. Whereas, he's talking about WhatsApp, which moved from unencrypted to end to end encryption in about a year.

Ian:

Yeah. And, obviously, protocols based on standards, you know, there's a lot more people involved in that and a lot more organisations and a lot more different points of view Yeah. Than a single organisation that's trying to, you know, that's that's building a platform.

Ash:

Yeah. So like SMTP, there's many implementations of SMTP servers out there. So that's already decentralized. Right? Mhmm.

Ash:

So therefore harder to change. Whereas obviously WhatsApp, they control their protocol so they can change it. So decentralization makes things harder to change or slower to change or however you wanted. So that's what I took

Ian:

from them. No. I exactly so. And so he's kind of brings this to his point is that blockchain is all about servers. There are no clients in in blockchain.

Ian:

It's about it's about servers. And effectively, what's happened then is that for convenience, all interactions with block chains have basically been centralised through a small number of companies. Yeah. They are OpenSea, Infura. Oh, there's another one.

Ian:

Yes. Etherscan? Yes. So these small number of companies provide APIs that people can then use to interact with the blockchain. And if you use MetaMask, which you mentioned earlier, which is, is that like the biggest cryptocurrency wallet, the most the widest used one?

Ash:

Yeah. I I think so.

Ian:

I think so. It's pretty widely used anyway.

Ash:

Yeah.

Ian:

And that effectively interacts with the blockchain through APIs, which which really don't it's interacting with the block chain through APIs, which really are almost unauthenticated and don't have any strong cryptographic assertion so that if you use the OpenSea API to access your NFT, that's not assigned Yeah. Message from OpenSea confirming that that that exists. Now his main point is that actually, despite the promise of decentralization, actually, because nobody wants to run their own servers, it's all centralized around these companies that are growing up Mhmm. For convenience sake. And he's kind of proved this by making an NFT.

Ian:

And because an NFT is not stored in the blockchain as as its whole self, because that would be too expensive in terms of computation and all the other things. So an NFT is stored in the blockchain as a link to the actual resource. So he made an NFT where he produced one that basically changed depending where you viewed it from. Yeah. And if you looked in the blockchain, you viewed it as a, a poop emoji.

Ian:

I thought showed a sense of humour. Uh-huh. But effectively, OpenSea decided that his NFT was in breach of something or was not right.

Ash:

Was it in the spirit?

Ian:

In some way, they didn't like how he'd done it. And so they removed it from their system. And, of course, it's not removed from the blockchain. You can't do that. But since everybody accesses the block chain through these APIs, including OpenSea's API, it effectively disappears and doesn't appear in his wallet even though actually on the blockchain, it's still there.

Ian:

Yeah. So it really changes the kind of complexion of of that idea of a decentralised database. And the other thing that he kind of he talked a bit about was the the use of cryptographic kind of support for those APIs. And he speaks with authority about this because of his work on signal. Really, it seems to leave quite a lot to be desired.

Ian:

So I thought his experimentation was very interesting Yeah. In terms of what he what he did. But it's kind of in the the most powerful thing is this idea of is it decentralised, or is it centralising around these these companies?

Ash:

Yeah. And I think the interaction between OpenSea and MetaMask, for example, is just like, well, that sounds like any other client server relationship that we have.

Ian:

Exact well, yeah.

Ash:

Like a web 2.0 and a web 3 mixed model, isn't it? So you have some with a a minimal amount of decentralization, if any. So I did like the example that was built. It was kind of I described it as deliciously mischievous because it was well within the rules of of, you know, what an NFT can be. It possibly pushed those rules a little bit.

Ash:

The OpenSea still took it down. So someone has applied some kind of value judgment there to what an NFT really is, because there was nothing wrong with what was implemented. And as as you rightly said, it was like, well, it was still a valid part of the blockchain that was was no longer visible. So it's like, well, actually, a lot of things have happened within that, haven't they? You've built something which is, say, probably maybe a little mischievous, but well within the bounds of what is valid.

Ash:

But then someone, somewhere has taken a a view that it's not. I think, to me, that suggests the confusion within web 3 around what is the relationship with the client. The entire discourse is around server to server, but the reality is if if any of these technologies are gonna get picked up and used en masse, then there's literally gonna be 1,000,000,000 of clients, isn't there? Yeah. As as described in the article.

Ash:

Yeah. It suggests that there's a gap in the thinking and in the documentation if you like, as in what is the relationship with the client whether that be the, you know, mobile or a web app or whatever. So at the moment, essentially, you've got a blockchain which aspires to decentralization and and peer to peer working, but then it's all funnelled up through, like, say, these APIs and then outwards into all these clients. And, it's that relationship where you'll start to see the centralization just to make it easier. You know?

Ash:

And that's where OpenSea comes in.

Ian:

Yeah. Absolutely. And he's not taking a pop at these companies or or even at at web 3. I like to see people taking a neutral tone in some of these more polarizing and polarized debates. And, you know, all the people who think web 3 is the best thing ever and the worst thing ever Yeah.

Ian:

Think it's really great to see that more measured tone. But based on actually having done something rather than necessarily having an agenda Yeah. Or it being just another hot take.

Ash:

You can come at web 3 from a philosophical point of view, right, in terms of decentralization versus centralization and and those types of debates. But then also, you can actually try the technology as well and and see how it works. I think he describes it as kind of fun to work with, but as an experienced technologist, he kind of sees the the challenges that are in there. It's not a takedown sort of article, is it? It's more of a, I've built this thing and this happened, and this is interesting.

Ash:

But I think it was good how the article put it, like, in the wider context of, like we said, near the top of, does anyone really wanna run their own servers nowadays? And, you know, the protocols do tend to change more slowly than platforms. So I think it was kind of interesting to put it in that that context as well.

Ian:

Yeah. He made a bit of a a cheeky comment, didn't he, about this thing that people say, oh, it's early days. Yeah. And he says, well, based on the maturity of the technology, yes, it is early days, even though it's actually been about 10 years.

Ash:

Yeah. Yeah.

Ian:

I think there's that sense of adventurousness from early days that's still there, isn't there, and clunkiness also.

Ash:

Yeah. Yeah. Absolutely. I still get the sense of web 3 searching for a problem to solve because it's been used it's been associated with with crypto Cryptocurrencies quite early on, I think it might be stuck in a bit of a mode. That's kind of how I feel about it.

Ian:

Yeah. Although I start to wonder whether it'd be nice if the post office had had some sort of immutable database when they were doing Horizon. But,

Ash:

Yeah. True.

Ian:

They want to be frivolous about that.

Ash:

I mean, I guess, But the thing is we're still sort of programming. Because it's gonna be a blend of, like, web 2.0, as in client systems, speaking to an API, which is in the web 2.0 mode to to a blockchain. You still got the challenges of bad actors and bad systems there, don't you?

Ian:

All the time.

Ash:

In the same way that the post office insisted that Horizon was a robust system. You know, you see people insisting that their block chain is robust and immutable, but it's not, is it? Because it takes inputs from somewhere and can be forked and, I don't know, can go in different directions.

Ian:

There's a, a website I've started following their RSS feed called web 3 is going just great, at web3isgoinggreat.com. And one of the things I particularly enjoyed on this website was a recent story about Ozzy Osbourne, who had made some NFTs. Ozzy Osbourne's NFT project, CryptoBats, changed to a slightly different Discord URL sometime after the new year, but they forgot to take down a tweet mentioning the previous URL. And scammers set up a new server at that location, which users were signing into with their wallets Oh. Which then removed all of the cryptocurrency.

Ian:

And so they stole 1,000 of of dollars and 1,000 of Ethereum or something. Yeah. That's right. Ethereum.

Ash:

Ethereum. That's real that's really sad, isn't it? There's parallels as well, isn't there? So an NFT is essentially given that it's just a web address to a a thing, it's just a pointer, isn't it? Yeah.

Ash:

So it just it just reminds me of doing, like, object oriented programming where, you know, you have it, you know

Ian:

I've copied this object. Yeah. Oh, wait. No. I haven't.

Ash:

Yeah. Yeah. It just reminds me of that and I just think it will probably have, like, all the similar trappings of I've got a pointer to this object, but I don't have the objects itself and I'm gonna access the pointer, and then the objects no longer gonna exist. Oh, well, they've been garbage collected. Yeah.

Ash:

It's just like there seems to be some repetition there. That's kind of I was the the technologies tend to repeat themselves, right, but at different levels. Yes. So it just reminds me of of that, of of, you know, having pointers to things with the promise that it's gonna be there and that it's not.

Ian:

Computers are basically now mature enough so that we can start, not learning from their history.

Ash:

Yeah. Oh, we just forget. Oh, we've never experienced it.

Ian:

So Well, that's it, isn't it?

Ash:

We don't know it.

Ian:

That that I mean, that's the thing about history repeating itself, isn't it? Because people forget, and they don't learn learn the lessons. Yeah. I particularly like his conclusions. The one that I really like was we should accept the premise that people will not run their own servers.

Ian:

But then his solution to this, we need to look at the architecture of how all this works and basically find a way of distributing trust without having to distribute infrastructure. And I think that actually is at the heart of it. It's the the blockchain has come along, and all of this stuff around it, the architecture hasn't had enough thought.

Ash:

I guess, yeah, there is a gap there, isn't there? There's a I think when we've talked about so where are we going to decentralize to is the question, isn't it? And I don't know where that is because if it's just yes. If you do have peer to peer networks, running blockchain, but it's all within one provider, then it's like, well, it's just massively centralized decentralization.

Ian:

His other conclusion I agree with this, but it's just like we should make gravity less or something. We should try to reduce the burden of building software because software projects require so much effort. And basically, the harder we make it, the let more likely it is it's gonna be clunky. Yeah. Distributed systems make things more complicated and more difficult, not less complicated and less difficult.

Ash:

So, you know, I'm I'm still not convinced that we're that good at building well tested accessible offerable web 2.0 systems. So, you know, in order to to evolve to the next level with more complexity, The same problems will follow from web 2.0 to web 3 in terms of how we build things. So I think that's, yeah, like you said, it's the the conclusion is kind of it's evergreen, but I think it's it's quite prescient given what will what will chase us. What we run away from in Web 2.0 will will still be with us, because it's it's us. Yeah.

Ash:

You know? It's part of us. You could go on holiday, Ian, but you'll still be Ian.

Ian:

Sadly sadly, yes, for everybody who has to listen to my jokes anyway.

Ash:

Okay.

Ian:

Well, that's a thing.

Ash:

Web 3 is a thing, and it will continue to be a thing for a while, I think.

Ian:

And it may be one of our things again. Who knows?

Ash:

Could be. Could be. Thanks for that, Ian.

Ian:

No. It was I think what a a meaty couple of things.

Ash:

Yeah. Definitely. Definitely.

Ian:

I mean, we've been recording for about 6 hours now, so, I'm sure we've got enough material to

Ash:

make a Two podcasts.

Ian:

Probably. Yeah. Oh, dear. So, yes. Like and subscribe.

Ian:

Like and subscribe.

Ash:

Please do.

Ian:

Hit the no. Hang on. I'm getting confused with YouTube now, aren't I? If you want to subscribe, you can look on our website, which is www.whatalotofthings.com. If you just try whatalotofthings.com, as I just have, then you will discover that that doesn't work in any way, shape, or form.

Ian:

And I think we're now increased our social media presence, haven't we, Ash?

Ash:

Yes. So now we have a LinkedIn page as well.

Ian:

Like us on LinkedIn Yes. Or something. Follow us.

Ash:

Please do. It would be great to see you on there.

Ian:

We will do something on there. We will.

Ash:

I don't know what, but we will do something.

Ian:

With that compelling piece of marketing, I don't know how any of you can resist following us on LinkedIn on our What A Lot of Things page. And we're obviously still on Twitter.

Ash:

Yes. At What A Lot of Thing?

Ian:

What A Lot of Thing. Yes. Type you Twitter username, length limit, and Instagram. I think we're just what a lot of things on Instagram.

Ash:

I think so.

Ian:

But we we haven't posted anything on Instagram for a while, but maybe we maybe we should. Well, that's a lot of promotion for something that we we don't don't really use. I think it has a cartoonified video of us doing a recording or setting up or

Ash:

Yes. I think so. Yeah.

Ian:

I remember that. From 2019. Excellent. So yes. And we will do another episode, but

Ash:

Yes.

Ian:

We can't tell you when.

Ash:

Nope. No estimates on this podcast.

Ian:

So definitely not an Easter special. Nope. Because Easter isn't for ages apart from in supermarkets.

Ash:

Yep. No forecasts or quotes either. None of that.

Ian:

No. We should resist.

Ash:

No promises.

Ian:

I feel sure there's something else we ought to say.

Ash:

Probably just goodbye, and thank you very much for listening.

Ian:

Yes. Goodbye, and thank you very much for listening. Technology Eeyore's out.

Creators and Guests

Ash Winter
Host
Ash Winter
Tester and international speaker, loves to talk about testability. Along with a number of other community minded souls, one of the co-organisers of the Leeds Testing Atelier. Also co-author of the Team Guide to Software Testability.
Ian Smith
Host
Ian Smith
Happiest when making stuff or making people laugh. Tech, and Design Thinking. Works as a fractional CTO, Innovation leader and occasionally an AI or web developer through my company, craftscale. I'm a FRSA.
The Great Post Office Scandal and Moxie Marlinspike's Web3 Article
Broadcast by