From 8cfe887bcf70dd6a3e7e4bf20dfc356b2482084a Mon Sep 17 00:00:00 2001 From: Dan Shields Date: Sun, 15 Jan 2023 10:23:17 -0300 Subject: [PATCH] dependency attacks --- .../img/3-Blockchain/3.4-xkcd-dependency.png | Bin 0 -> 23987 bytes .../9-Unstoppable_Applications_slides.md | 47 ++++++++++-------- 2 files changed, 27 insertions(+), 20 deletions(-) create mode 100644 assets/img/3-Blockchain/3.4-xkcd-dependency.png diff --git a/assets/img/3-Blockchain/3.4-xkcd-dependency.png b/assets/img/3-Blockchain/3.4-xkcd-dependency.png new file mode 100644 index 0000000000000000000000000000000000000000..4260011aac97522639be097254ba0969f864cc34 GIT binary patch literal 23987 zcmV)gK%~EkP)uo7f20 z2-w6%z(&9(HUc&RHn9<~5in6s_=jBT%KnO{sn^?f zN`&6j*KlZjxZa<$_{7cqu71=H`;&@3$%r84Y!#42{aYOh1qfYOfRRK2f7LF@*kkDa zvS!qJcA+nI7LSR05n2eqdybE}3OUwE;4Z92C=ZSxlm(B}n=(7><_m7**PIS(k$W6! z_Hln&oaV|tjGEb#8YpPxBVaSy$pUsr!tzboC($toSK$2*K?Oo%hbqZQctZ6vKwqI@ zfLjAv4j)l#Jgj3V0+(v4T)6^@GeX~^(c<&^_e>T8fG}e#V zwi;e{*l(iu4QGeKD~>)5s2(k1x4@-#q92iY{ za*!~eHo!Leh5ukAfo3$q?Vb9-BDi|5p1PSR^6n0-qmJVaqq;x03D!9hpMn$kPbJld z1de95&4$k%_M62fG*{UQ!Phcr(BTz<8HkrIjW#OJNgLO5@;f0$EM?r6oJe5wQD^7w*bP&1ao~yu!E?9_<>ats04>`o6g;OrQ8Em>^bT_ z-`6OCA%hWr67za5+*A{2V2SUk8y2CsfT~akIM9M$C)%SXFYjh*UR0@>jTVr3`OMcQ8<8{r=e9$ z>wYYR`3K<+8MN`p@Pak9k(o2)Wx^|~Brx5cY3zrvb)qvf8$ASPI_x-B^ISZoR#R~v z^mu!Lnnf}MUbqIS)D4S!vJl+I75KBLu77YeLaozS*OE0Od=dRazvmqAUJ0qxa)jxg zl)F(^H^+bp;Mn zO@_zR)HCTY8x#l1kz16j8%%faG(CtdB8|-^`~dZa9iwQf1O&Ktwjy? zqv;XjCTz?Etly}^-$fPb$1Ky3Tii9WjJ7%gRqA;;LIJ{-Fi6Z?pXddKjDC8$8B)FjQ}-u{C{FLKxhtL0f&rMT~B5^PGHU#FX&rt}G9N=zlBppu%_0L3D)QEeXShT|(?{EuWFOlA2Ia-0WX3C~_`ggp#SlOmXBGbk9PaD*WGB&X0KA{_y$EJfx0+lVy?#+&i z=Io<~U%O-KbKGV*&naX^pcK3$Y>ol%6cO-WqZTsYDtA+7&snFre#8uF)QIH(*pHT3 zoo=+t@=&Go_T`=3dl{8pAOtTxP;|YzR(s-Dr(vgT+xV*es#|qB9PAgoHFV8qL{IXm z{qwbQ*Ql|AaIm3_K(ErURR7aIW^0UH4u0m~+!EPT^$OUsoLIa|`x)|@bMRBK&f z!R_u}wBet&*U#4t=SM6)_p#p+ctRAG4UC;JaW7JaFrngJt>|<4p}j?o9ozrdK)eI3 z-hY4Zbav(igc|c^MTXDZPfZ|O*D}hS&uUkScX>H@!c@0^^~|wDgSaekXO<05kiskY zmp!Y7gWus+)Vh7RD~?a+jr*e?5g-PFYIXqK&fFww?X~dsKaDEX+Wh)Z5N>FP-`&u>+bn8n42&_CB5)bh-OoB0Cx5HF z9}8Cr03i%|NuGchSV^yaOB{g{1}RtnQKAY5w+d=zuR6&Yf%2e2t;#rp|7-%DyplTW zytpH@qV3ud<_gE*#0ikoualfruep=^<4DXEAvBgB$Ehc8rlAuWRp&q;tED@1vlT)- zI|M%|#k9tUl2ZY>E!DK~cLdnei{I&NiYK!=Zf0Yzpi>~ER=q19Ar)gOZVeo%(RJ)C zVmh{dLm-r+QRvPtTQ{AgUExRcIHKHSnUfp-2evDij=} zKKFo8=(WSxwriD=iPssp$h=QsHQWPgd|{eII2N`t{ReK}ps~Z*ZHuX5Y+1g^bSbkqP~uln35&}cTJhMKp*gYu zTWw0dj%dE!XlX+_E1BB$3(4bZ6|%YNo-_uBYL1-6YQR=vI;4X?3ZWO%fJd!; z?39k5t$U1}`lZ7}^+}T{t0v{*>&tVVUm6!QUp@!6V zS_G(e8cI!X(0G5Qt6m0m>9kSnC1(oRiC%tjaO1Tev2(7Z7}AbznRwbiUHM_g z<8}euB!dOnsezf}-*EPPbrV*RB^+zSXKIBJrggD#0p!mLyy#P<6AwAHJ8v0lI`w*U zza)@J%^K;aKNqNFQ5M|Q^z-z};BULB7c}l%1yD8}j*_OIiQi`dacy{j9~3MXAQeTk z3()(mY#(fXPiLNyo7fF2gkJMLb9UXE7YP$_m-NnsSsbLo!!lU+;AU~r)%(r;iNI&} zdTPj|{TW)>T?EXyT}t=3_eKutq1Ywfkwtf6?+MaR4lJyNUvbK}{s zANqs4BZL!g#b+GvE1y4IokYC7(wN0?EQG-BzG|qFXR{qfcCOu<5zv*%dHD*njU&xr?&%2O`>@J;CEAQTHX?Hbc z$%k9V^7Bs>T{xS!sIos1=$2F*HNA}*a?&IR8<5qC%}Qw_U?X57U?V`uq=BDo1iq%U zI77XSz}J*x0Gn(CzM`~7x`z6+*a&<*IRP7wT0p#!^%5wy_jvbtAS=&Cpc|t4r&N}c zt(N^KN*{jc>M4|4+1zS`o(03w_gy{q)8q0}2Q`<^&M&T0_A3HaTPC`7ENsK}3X6)J zld@*_@ymDX8yY(4-aj7VL-b>!eV7hDJ3H|<`S_-x{(i}coOKJ6;-Uuo*mbi3I%lZlYJquvyHe>NeE%mqLvVGZE>r$tNdu#njIb5!n z7hC<#ciu^@enTZs9iZ9K!-vbY*E-N`=%nN|TeEWt&R0G$)?Gb2FrEbyE3BJ9>oyK& zX`nxojSN>aS|m<*X=x1R905~rsJ;fYRb#xdAl>auj4DobJJ5c)w7bVlR%Ki*D|KGWF^P3 zoJ^ktjCW|UMgp~v^tHb0Nw9MX>VhdpsulcUMFjHcJT+fKw!l3_Mi&S?fg{#PU=_Uo zTHjRy3W@-=7FRud*M!w?s(VK=4jDPXeW^7PnC|w~zUypvgSw^DT05$lVL ztj?pxTO)y}VPEaL#_|*j9MyrMN9C=BLbTCklYA}I8a`n1P-`SG{OiT+MujO9xtPH4 zxr&2u8zn|66szHx;REJ-TO$Gf=&wgWz!2asQ%I@tK#-tNq=1nbXPUcJ5{Ub1-!)7_ zK%&Tk7sz9=LeUoftw++qDhYhO+zotT8-WaH`pnv(P>dd6k4{j0Y zpkCy3gFr28(NAEgjX>v855F-4>aj9Mu|<;trwi&3kmw~aB-BQrbE$!YxUoVofvwbw z72OCQeha@mx?5f>m&?mb<>zF_a&vb}cjxBj4)C=R=v?Yx8`bVt9pg|lYy7;JxuFi9 zO+UExNm+5xrLsNX0D6V9YU_y?pKSz;N{cIZkOv!J;XewJhKaSk3kN5)Yw_tvWT)j9 zXHu`e_2LZ{2m~ZV$M2PmfH4`R(}qr6X{}}$Qy{w_|5ILCUUD{X>wK<1?$G{Xi*Kt( zg1SGlR(d)sZ3K*t#6v_W3x7&jDczLw$B~&#>Pu5+vQu?N-ekB*{d)`!>1=hLZ0m)L z$r;$M)ml<@(p=MIC|{?oS3)`U?+!Snv(-MyM!=YChf7+mmD4rX)9KDSZ7qgs^6xF3 ztxkzH0>)%L+|X*R0yx%{gOeO|+B%lJ6}srI3Ia#l2pE$zsL^VzQrOZZ0M&p%`$s+^=x&*!(VIyF)5q0|v*1R4N2pNd~9q05=d*h$5 z!A8JnBRc9d;$Ke)Ya7v>$k z^|wL+U3vyKL5xTk!RKN5&V^e2N+j!~X)rQjl;1a+gf4q+S_z}l=;atSG~ipN6n8XJ zVBXY&J=#{&-aK9~kLTz5twt#{Fb;e+?zUimi7%v;C|NW)#)mygC`t{1D1WE&t{mG8 z16FO>eMnYxwOXq)y0Gm3QdjOg|3IPmfn&L9xo#48Uzm5Z8#g^L8n@gAs7752hgGqs zDU8VysOx70Ug2!$le&B*6)aQ`17(*3!nsq864<7*#D3ZERB7!5iXr>Xq#%_ zo%e3ni^X*E3|xdZYeNO3rbj}9l@r(s_Z4EV&i8u=v-ju8WT)lwQu%MwAq#$?ecZ%d z{f>S@qXa5(Ar?lm;ih7hWo1zA27y(eP{a#5-|rgaw>8rlIL2N;UO9HM98<{-B<-(?mwd!Wt2PLB;Y5$&15-&}2`lI5ZLQ!$H zV67`%<# zAs{xH04rXhIBZ!pqPsz$h4d?lCg#`XVgfN9)T^XGy1hD4O-sNL99;u=ykI97Le{yR z5O~~1-~-H2C}dh|Wa}jG5++WH_5#yFbyd!ofC&GX=P(312?=kxP#}f@6GjNW3EK1! zZ)k!gMhV=8mFi<3!*YeR8zjA8aCsvR&C`3uHj&odC+Vk0qm`wgs12ehMVdrai2J42^qKa#!d;)x<1vF zqFiwHVncw+$_bouY4yaxP7kU9Ii3l5((mday%PdEm^qrJwFU@{66-=@p)k*=QJ0k%k?*o*B0$>Y=!8HS2_CR1m3rNe;jy)>i7{?4vY2g$#!NS(@9feyks zqX7Pfh4i!8W=42m)dZ9<6I(%UBQ%4trIZ*V@DU;};NY2>sw(V&UQt<;cdERYYcvgk z>TKGK$#l&=#vfxR6dNUQi5ip0FQZL`dJktZvRVS~vARATC)|!>tcT|e&V@Xp^|V+L z7z-yp0Dj{|u~DIpz+#;sTh)8{u@LaUG3md-^csQ)aSz$*9$p$ZPu zu}2tE2lMq2Fdk0KcvN8d(V1*X;us%@SJ3tVh1SwJ-+~O4T_?~CKPeR1)bFm^8Q|OR zNScTuL(`^7dRpv1Mk~t2wGo&=>tEZ&k#&$+@P=MQR3}41zy|IdA<_K{D<7vuVM$+QZI1*XZmvWn`5^%b!8 zZcWkNEg91N2R(-%D<*IockZ`gIm&}Gbd#QMbD7eWqk6TP1HwBSY3#to)o0Ks(Sm=i z&yY%`o2cJ=Mw&z-NfjrFgi(Sp0go5p>dH3EgnikX2~@)xtXU{T_lOCYdIVO$HT}D0 z>rI#L(U~8^I-;EJTxu$>%1@q@$z=b{&7ml*N}UlKB^VmciN02gteHRq1dIv-KWf4~ zmhC!dn2{Os3`KB`^QDa(#99}W!qjF z*nK_RH|}h%U+gCLj6j?f6G(NMB^HZCl#CM!$B7aaCeI3VGMwNb4HVrWfL+jgAb#Vl zm_XbQ9q#uhBkqd}?Ycui1wZwOK%~Dl6Nu<=zat_H?=JG~4uK{}?hye~or*1zz<5E2 z`*ojfc=sVcbcaA4tm+YgdDa}w8XcslDLa#wwR%a?)R9B{UGYe~&+zUZdWTeybT-}1 z>Jb64H514J_qJ7!{o=Kov$tm&DO=B(X~f0N$TP6oM!=A?tlfCMHRDp@FUrM$|+udy%yhkP#!wkL0jBM~viA*PoiHQvzoM z5ff+4ozSsuzxD7QIA;2S1xwPmX6-ssD9<~3^7w@dY+!#sIx$u#09k$g!|K|1$m$7{ z5f`e_#EKgT5RhcZ|A#k0FM(MmT_qj7W0RLI*(%N1IBUkVxrxI)v@&>T$pc8Hy;*ic z1+qZt4uNY>h7BW;xX*^dT?rsHbn7V0*U`id!Io+k50i zSFmG95&VVoL*Ryd4su1U!OU@idS|1ZrMFS*l&-cvaH-xJT9xX_YpDs52^LMD$d2^I zq3_Wd95Q#0ZN%MShs z_fS4O!2YsQvU)0~etX9atp{f7BQV^g>t&G#O-HI=tDYSjAWa=pxz@S~3@3gMo8dl1 zfCLR3VhCI_=pqOy`Us3L>3Z263xQtOOW+Y~P!q_oZUVl9KnB#)1g;R%BqmU9C^oNI ze>wtzN!Qb3;ry@Oq4uVFB)+Q`kQEW&ZdDT~z~ewIEMW-TG!(?tr0yTuc^O8UaydPb zGh6k#{8p%y7{vz1BWod$LA##UP;((%g@;rp#{{ah=0dI4FKOwCV42>zkVzSn_je>P zo24(KPP1Kj>3_2_ei3?DW(@+<2{^B%UC*o06_WadD4DC_vZ79lzzUq*UZZ{1pPGqh z(t1Ejow>bh*7y2$eAt%IW4(0~7#gQg{Pp{6iogPx5bohhGBqi%n-nIXx=+F~T+sPao0~^qA8cl&?(LuUOx-Sp zxsq8B6gAi$SeL0z2)ik+*SHLF^%4k;GUaj$puKnEeLaOE{x`&T=c&_YOUc?{oxxZh z>mblPC(KRrz`KWz6prFEF*KfG;bRik;Sk;i*i8@Cw0I`yoeP;nAlAKO4wa7KdADG1 z+Yb9JE5%=T^g@w7zsqE@)5SOcW*ot>baP}WA(`=b)P^KuS1}K zp8ROPa?=Q@v*wR8f5!;F|rhDI<1vNU<#CJ6Kr7-q_~COX%2$mG;>e~p(|-1Tyn%7E7j4?XBqcLJKE122uN=T8@tPr{#^_0A zJbbK9wZ(L6?}Y{j?B5}m7s-z0=I)Yi%~+33x63wUtW6cq`;m`_!6$ewv{Rk;`EgD> za0U$oR7i=zkZSof^hCIcc%jdlGyCp?vkM%cUowXC#+re^cKg^c} zEN?!4v$@BX`F4Xe1$kb~drE?ktPS^Ws;LkecP^_K+x>WS~ z?JYmB|2|4662*=R0#>ok=jBji;{ zdV|J4ve#&z)gi7w5U2xfN4R#mtn%S{+nTu02!RziH;YMAB9~MnE-nqa4vqr{^ald_ z;lCZz9JUdt#02QpJ+3!`hDjOWU}A3QXN>*DPVYqX2A+FqElC_&`vHL&_S&ngb{X}K zV^5-GjEZu9TXcK}@g8a7<;v)ovN}CB;DW7(Hp1xN3gl%~q+0ad!U610A0AdUSUG|4 zfd>5FlsSoU5#ay*Fh{0h;x@y*P;F;L2-?Penm{G&>@Ws!w5C{GUKn=dX5*5X>|*OC z;Hy)bO6wU|U^h8+?xdJW1Kb!J*gC`62>vt_|Jp%HNZLikWjNgalNOe!y!=8z?zR+B zk|^ef5kjFbE^g+s&AU0Xt(yRMicTzmrpRPH3ALwF%g}WqNp4>KvJcLfc)3zKD7>&^ zHjw|Z6Z&B+B_@!lKOW``lxWKD(S_XN+zb*}3HMFB+*O)DUPqtM*RZIc5}2l+fK+4C zx&@B3)-1pvfkc+6`G1&kU`NLaR}bOe{gZ(Ic-^zfH7m0{qcBaeSIpXl7flFN7<2OQ^sg0Vk6S zG!)b6hPJ>xGzG$bULsi->kFRW)=T zb+xN>qdg3oktUfhP8BMOP{xD-`GKCzyOW zv6niP_up_>ZCvm|#t4L1`CRC|k3-mSd+4^<4-|akbkF3=WkC)dD}1$5Q;sHVh*1JV zteU`W5pg+T`Ty`!vgDTy8C#{&+}~w?$gh^)uA-%~oRU(K??HAfbucef5G|ZCOPm-Z zj1q+Mc)TDVfcc+IyPE1!-g02g{^juTSa#zD^|12DkuJD5*uY$fH_Cbmw5Ege{NIkB zDgC=Axlc}p!VHsal*L+Jb6(rV1IuTKV9Z?cI3{9bpiuw${jE69+-~@}O3`zv6`AB> z`w(FAA4OTSLY?eLZc(;3c0h9A_|2zBe?J2RT#0MZqbs-HtE`TIZ-k;(q;3@3g!%yI z;a_cs+`EO@|2YQ!_@DZ7@2LjVet13b2r~=&WMu^2YSr55nOro*!?TEltF_B2WY?A! z#M?j`B1p!|7EZ~DnT+e0^$@6qUA;s=5gK3$fh&3rjP9HOwi;!9hZlZ0=}XI|T`PvV zKeq}3m$6S`??{T#4EVH^=*t^E&_n{6gB6MmxL_1I0N_2+Xz3fvA#jjnwdobff*YM) zu1p_+?v0`tplbL15z0-U6UF2Io4xTt00c(-pe~rV+?-#s#CW8-3aoh2k$bX%z$l zf9f>?hxG=Ys$SK$XcN#=y+A8e%qW55uqSIAA&@G<1Ws860f+g$Mj#Dtbv%EHH-JZ5 zSbPp#)I%WMGy<=2tUbTtg8cR@&!k1Edb4v`9s$=my#?U3Tacdhs{4ZC9IZLhW_`S+x4@RP4~oSS*2Rg|S3u1_+eH9)xzm5$$c4V1rcIUq&^9E1|Mha;Or(O@@@jUTSx)pr1ZMuA^BE!Ay zZ4z5ylz^*#0++DrG_4&yySbK6;O)kNbkn);!Xkvi7^>Z=rWFk2xlxVkKXCNalvTgw z9y=qyT3%6guXEkpt&$>{Om=V#DB3O&Dpjl*(Drt!t8oIHX?jmB$0@&-wX6OS5^V7V zD!C9M&dR@V{$i~zG|dhd{G|QXPaq9vs)%I7^dt%2EmB;9z+($RoDe(OKv# zS^3*9j|dv&blc>#$Gn8Lw%QZx+Ii zyN{)&dr0@`m7LBqqnAijqLPHGXjh2x*B zqZe8TkIX|ryOb><5Ef^Q!0pZn$TXfQJ8_}~YZ-}GL6vz3XqU2$!@d~2Bx3~1+bVB$ zP9P5_hX2h3&m>DAklC>=Pw$AB__fh83s1Ow=NTukuQLMqaGKfUJmlf*rx&b(z-~QO z^Inl9S~UZba6xI;<;DnWOFQj}#8$fiTvdtW4)RQXI|OXCFO zZRypILy_JymckZ|?rtMa$bQr+2<+GAJ=GhMp+#T~A+TCQAXOiM<81`=f2F$`hn9NC zP}fbfd;dNDNJsGvh1kRd=zz(g+Vg@0g zDeKl<0`|0D#4fc@hToz+cP*cQp<%DbBGqzVT&Xh-Aef<#!0(+B;KtBqy>BI{OXkK- zjv2rK*6LPECs5SR^4*Kh62zmk@pg6bosF2lcN*tt7m+>_rW_kI|@e>xzfN zB}*r8!GJQp$C3*r)ah$*h`2u)i9!OXe_;7`;xa=?-Fhmt4k4R| z>wXdfGrTolEwbb8ciJjq?K8AU{GARK;AkgC^$WLj0*1`uy+|O}egh`(e~#*FM(DAO z){%Oo%p%bM0lFyG8yy4BPptPAPN3Sn1P%i`zyu!s0j_;qj)8OL z;hya=tkmi3iY=T#j=AgujE$@w(sfLicw-vq$rw9NQ@LP=rsPC>IShZ|k!!0Clp+f! zu*Y0>;-6_x^$(z3-f%nVGuG-`a{cI}{z^yTw1IPO#fl+a0w?G+zy{?*OJ66jNl$cj zugH>fbQ&I%TrZE`_R=o;?_^;ar4RD(k?3-?rybb_1;jAXi26~?&$dt5zgE#J5A zO8emZ&o8PU>r0mQ;o7mCC7O2)XA3$yM=EcqPu5u1V*;7x@)sJ;#1BlfE4f=zcr<(U zf|PX|L!5BH#WVK6%Q}A6RaKQoV3qnS{m&y>zn%Cez)>Ne-Mr3gbzWM=P%Q7ZXi}cO z90~r5r7PJH&GC3q7^<~&Q(Z_O?SL1FZ>i?2zg_wWq1GeQHdD=iG{%nFt`1Uuv4jKQ z(#Gxv30iwO6vku2(4F-|z(^-(GJ(71A@DupsC!-~Ae^ojw~xh&Oj!7o=@k_;ZYKns~-oCm?zuRA>i5;(zZhymqmyI{%w! z-TRpi4v(0Z(_lU3y#T~;e6!+uI%YWl{ir3r6}M&H4)~xJwT{Mz#0x!+d}*RhNK^F=_!HD<{Af_aK@(h zOQVKrMcR8$*_?gwX!eo(Rh;%2d)W(i96WmBLfOUZ*RL-!kk!{WQaISlJ7j#Yc4iOV z<-j8t33Hg&zH~_QOm-AmGfbi$$_h8?h-0lKURz%^bNp54Imp9Y?rANR&MkZmRcb;PmZ0E7xBi-f}1 z5h32Lj@?S8?BqAp?_2t%-FIP8aiURS-fg*=liO9K&VZZqSWG`O7fSK3-f7}SoRaGz zI|;pVhvBoGnN$>`a4dKr6V#v@?1_~kxv$V1P_^064>7M+u=BS$IzFg}QEaDZh*8x+ zR%WNp^Iw@j6=1{sY?kgQQ&)Ajy!@hEE-x-Gzf+|vmE|RJnJh0i_n=fN-IS4$u}UJ5 zq>*w#ibs_t<=5}Gou}rn((>|4dH=={#yY~|w?1LdQqQTVVZSK?%Ccd(crb)KLG$1; zLLW!j6Gg@(oaurecJ5F<^@QBic!Q<4DVlad-TN!jgcL`Kr1Fq6Rs4%BoXiwlatVbx3-N@Wp`i5jT$fD+ZU?08fJ$lWaOM3#4 zMcjzN)IY=VgA|0C*#Wx5UzL!k0Suk=EhW?B#Y0SB>n+)T3)xJpls+GGF@ z^Nz+30wGXOH|r|6kpS*8Y9&b0!-_~7e`I4{?g(bawp`QqWOpz)q(LZ&PG1dGIs_i0 zULs(g^}z3VBGLp4%}U_5xgeBEUQrqn#(?bx5;MP>b48@)>02b{atPl?m*^?m~vLr1X~DZ|6FiLwkt{ zBAHubA{gf5Sx-Y0OoJTMvYHjt5E*zM9VX!id?v8xm80j$hu61X!UWX6?OS%lHTV*w zt%FMRK?Eldi}8)2hUENCm9k%%z*ge4=r-Q01Qg%u)&`2RBWi}IVa%+CA&^4yd%f`- z%Yz^%nD89cc-pTHcX)?K;=uj+l*k$`y5TW-6^_qQhw8UXgk1G1j(() zXM~1;9L}H**S5`D^{j^kR+@>x3i4Bm8em=mZlO9iGdPy^#h^R)HR_rDR@zsr;r+9; z2{VhZKB0axv%X%%tQT|9`@-x3oXNL#ta?q2nyAMn-HlC+<;6S*K0+Nhg{cwt0hRZ~)2J=}uVJyr*q)|C#uriu_UO%!rT~$MN*BA(zBoD({gA zezTZ+h1vJ~VCrCQMoY`dB~jE;%dX+xrdgw-XXW5E#*4M%#u00cGA}E?O(XZPx)%uS z)mM$77lf|n>=0vK0=ikAGGWAl!&%|50yRuzPrxlV-vul77s63CYw~PA7~6v0_yL5R z#Dz(5PT-c2z+w~|jm{2xPwfbYnOOj#^Y;}MzIAhsT{t%aeBYvL?!f2yQT&u+@hVuI zO&Eno_W}WPMRb3Q3A}@O<|Xi}j)HPMsbTOrG#Jf-Nic~tf{2hAhb_ge+aVpzwM$>i zgQL_+1qzTd9@Yz(%(N{bSabS$D)@xbE9(#bMCDNo$KJWQ%28`GaVDF$Gj;@AX(g5! zC3{vMCIIshj^9{gUIMx~h8oE4`kwv77p(bcCH8Qn8sR#&HcqEA!B1hAVAEYwuzSmL z@MWh(LuzZ3IyZ10DJGEz{w&6gejPj|w$8%+>T*LLJtt#VSaw3X(-YbwvsVZdnukCd z@l@GoUILqR2sGh%OgY!SG8e9)H+BhBBTRIff?IVNt?=9n0yh4E?}N*kaDM`@(^Y63 zU(*s*)RPd+7Q@v`B}$^}u13lNC;t0YaI#?Ogp?=L^Kgb33<6_F9>ZF-(XvMb%oS5l z2o&^Qtv^HKfcBK-4J}U$SRV_%Ie6zy$L9E`ci2MP?iHf;JO@X(Pac z>dk$;Hs5G?3d>MbBoeb99ffp4ppun9ZKGr(+{#oNhP4Phc>77)v{nT3Js?)&4N(hO zBZ=|tKCJSI3F9{Obpn~>ri#DhdZ31y-dy&uFH^A>5#OP~C_WI?u#&SN3ln(i;qWj7 zyG=fE8A)|W%#m?^?F__P1j?GzAd-3rh!^;FxG2OHd)0K-1IMH?5UI+Icn$Xv0{I5A zW%c5kSleTy8ct9@Raft7$Rg%pR>N#3gyuj9`!ZZsWOLbtD1+*nt_L_iXfw#qbnHNY z8mvFn$Uj}e*fOab$q1(g<|>CFs+DjDwXOz9Gc~PEg$>7z7sdR#1Zt>d5gv(U<|d%6 z7kWr~g>w)~S0_CIXV-!fJ#>bcyTmbzTK&Ea0w?ges^to{6LHO%E*1`OZ1&dKpEQrP*ej(`at>!?XkOEh@0Ui4i8^jxUu%Mxh7K1v9Ux33`9 zs}I|r-P-aQp*vaipL3UPFC)r|#@&l^@O=M5=m)i-{Egbln|9Mp1aORAystvpAbdqu zWJg=p`Tz{MgO3UTzn!1ZHH`Y5sLkQNCj`!zi@;(+;J@Z2FkiP0kmNT0_a3(^!F@Z_ z-YK7}=!fC+qbE99qspnxpP#EWfbVI)B;u9*u~#&6`DTjbvr8hbHo4{{kl6EDSnq4Q zb5JkpM$M&_Aey-{a}yZnYWY@5GZWZvUILMP8-Y#;WSf_OV2F)?Q39oqV`c&oHUdTo z+<_lu=V(iDP1Wu4idyYG{=QLq_UM1IGSX7SOEWU0`(!d%AucK^lgs7jWwOJ&w`MFB zi+>hTGEcH1bNBDEBKgJgavj$Wf#V~S8sqJQ{zrgIDsIfiCZ#|g?|Y_%F?WzaFg%Rs z(Y=r|Cg$(EsGk;ZlwwJ@W8K%jnHEF!`Qml_ias^be(5cZJumS6GCwQlMxP|WBaZn` zeT}y!%h`W`V3@E?;zd)0qlCgJfgoBqMI;iA8pI0~2nGbYexvtz2VM2>QfgSBjl`8> zX_w|VTZ#I5DYTxJrc4m{4SC*rF4hh>n-F>)#|F;$0=x)No!-Gj|Gh5Qn)?)?ZP@If zB1*Z34Q=OtbhFK+w1Q~%a!63<%f4u#8HA&>kdT#_B3UM8WWHFuSR#?E|M!MnxhLfE z@>}=2q-v@t%G)f#(S50711Wgh?p!Qxm)$9ei{1q$(@TA#m_VoK2!k}(24FvA{H*l% zvtjW1ys_{m&)#KA-Won$yMKzKo~#pi!Mq52Lk~u;u-kg|Ko=$Y5DT0%&66S_=_03R zAf)gI?}u3NG2+^r2UmLZ44gC5ns^NH8)g4!rXjfMXoy|MC_0M3H6T{7GA7pj6mUNf zzoiT)B}?8bI1E5F&aQDUNu8-0>wt}6DHQ?EuTje=n0@i-?J86Zg{qx)z7^QDJS7I^ zsn^KUaV(9BH5;K=Ryu0}LeZY@`>bAQ9O-#oe>B@PXswvmhY?3adk**0bGa&;cJ8%>?X7-6G6tDUl>d* zap~w5ETf*QyJ%Qo%cs}%%05XzM3lZ6)_?;xqm(cN^1#Xc9o2M!r(b#a!_Y7pf6MY0`ayH-!K}C$}J{z*J`JO-g6eQ0S zH?3g3;hRZ5xBsH*lpFvV!>U%`9_e!RW_gANp4{#k9 zH$DtOmi>Dn#^Gp)dS2R4fhhK_HY^!L2`(z>W}cS86Tps#YPTu1K?y}yRZzrvL33C%898N*c9Tv6jInOcW_mx(4uB+ zcc3dgeq=AiBMIc6g&CPklET%F8h6_VmUoH3P59M}1Y+IHMj%0tVmgkG|9kG{->4># z4j<5bI09QWW&lC}g$6gljFB*adMXyO=^1}iFmsksu8AB}>g?M<@q0-7Attd-h%#0_xrF?3T#)^n0u8X=5+N+yy$u8lK&=edJ-ry9)W>T0Hy<(mLywFx9 z+$$`lr@A#r#slZ2%{^KVASd%o7}t=5Fm~o!52WgO2CzRfS){6p)IBrls+7u>(f-lt z2QQUXG`HT!T%6UGm@6UhV%vG%o!GGb8r8vEA`|@ApPO_C`_?i&nE^lbbWMzc%##9$ z&TDDL6&cAv-E(z{ntL zAu!TBgXJDVAWUF30)h~0Au!R)EDaVw_4wP5dvA}iL&^elr%TfM2nJp#4)wK zJUV^kDz=F|+LaVHeN!{4&D*#rY5tB68j~y?cGhy|PJi$Qbk*M-_t@p=(f~yhgiB`1*hDE`ihL zF_OthyZPH{I*jvAip|+i6C7oJ+I_s5a&W`7np9hS^9N z=$`{C35W-Hr<1U2G^+srI7z(tE{NQA=J>%KD3|4!dSLZF)oAvnn+;7$T;RO!0@2oe zj)9VHKLchmQ|6NNk$khQ2R4G9;?Vpggg%U7--q3dx^n>YK{~kCY4t(~#XF$)+3(0F zcc~xYNt9q;k9Gh~Nu3X8A&6w5lhP47>5QJWiWNzc9AAQ!O|-|+Tsx&|BKt0CU4jAj zF#>djo(R6V2rScA367uCS}`29)s#mGqepL;xi7DQ4>gVry8=FHsPS@ zZY@*~w4QqH>#w2+~?jfHJ zK#a2c1df|0fPkKjPI5OFfh5qQk>vCJ!D$~I)f!Cf^eg7L>KrZNzRg%WSz8r|FB`;JX5Z9B+LHQzV(W4EB9YL;iYuB^q zm65UTojpW0^=vkJ)f_GK3mL`q)_&_9Zy0?U=J-i9TLU4z8gl9Pm*5gTUAzicaLJ$* zng=Hy6IgJ${&PAsEg_-Bbs*gY&la#AXTwoAc8eX-h9*}fdWX;@>Niga&u@H#I z=sp7lxlAQ+$YAB89-6T5&5F!NfP)N-#3P|t9cf+8_%2e7SfmOI_%Pi|W6unr2vie) z#@4|k2tnmGHyi5j!+a^#3l&ivR!l2*He(uNPDg&}dtq%lZQfm)Pn(e|)i$1P61b~V zvaQ!7nvKV%IJ1odGvJec0%#9xQ#V<)x=znkYG!sErrC=%1cEgL-ZJx;k%DY$OEN1G z&f&wBz+U(1jFEDWs;L#BQWvU2Q;l@m$fDK&pC__vWjJvQNrBuW0-v2nnW2GhvWfL| z9{X=I5m>CxVVMv}fI`?o^BOUFjnUV6=$s*uT3p>HeG7pz?Pg7w-y}SL+vLskbogps2 zU{7pe4+)?J=E!pW=i{2n^76`_DFip`BM^dHWOO4c z-FN2RE9wheWwB#(ZeaadLw8hbtq0?$EXk{BeL)5QYC6;`+fhv74Jz_!kM;Vh>PM=c zYUWVuRPYn$6jxMLRbDwGJC>`Ff(w_f*K{3DUCGHLjy)4sB4c^(QM(L1sQmAa^^2#C z^kGUVvE9BO6#dhp&A-blyYAESvpz$8^{&2guUpEhQfdE$5 z7W+9wC8lr5&ONj(BO_z2!U)0l z9_((M*DJZ+x(FcTJ*MN6UUj2fehx=Bo|IEkB$FMXevZFMe_btEFjY8g01rzL^*n@! z3nz)h63M!ZjBQfs&fMI5*_q<<8&yn@(xWnYxzY5~Ro5@!=t-&r+#}7R@GqqwF7iNN z`FF;S9E|M%ejM_C%V5t$mLOduz%_5>uwIqH0oF($bg<_R;~7a~2hMECNYJexbFY1>8r8jH((MJWzZ`)%u9ib!w2z^?VCLq{ z61x!y6*{q&Q?t=~h3Ze2I;_XVhuw$8Z;l0)E4ERlGjrMo7DPae839hvP;VC$gOl(ky0$9IiFSDfK;TZl(ZpVmT7Z=i1yF{L zWVPa|y4ibD&@(nE&@|5l?E}B9H(tN4IQiwCfhA_H6wr(E@SAxCZej#@yreoG0c5R) zH!Gn;Im)gcrNQ%CbO=T!?>m~xsP$HF+XakgA+`A+c_!hkS`FKsqGwe7v`a*)2ZiT9enA53;V(-eP(Yl)^hqORDo+(tzv7p$J{oJN*nyCC49fCh z0=6`!fr@JC-DnR$_}t}roH^(PtgnF6tKr5S$X^3Z7omVXoqB+VqtV`~W7yo^_~i&J zG+)$XZ%YdnvI}l_dN)zC4Qx6tKyfa_x)T|InqYYu zT&w3yD+3wTM-@S}nDqn~E#3+@-rsAHYij0x0RkdtO97x*0?!QgLQMC440hmT29$`| zXP|Hs)XPAE5*=`URk_NU)W|_A;gu2=UZEzWNvtd=%7j-1P;(1bqJZ(#>@cTF48*%&9b+Qi0SDpWQuxq1o>eq-Fm}$Ve1$#Z2&RjOom2#OPz}o& zDx~l@A0DG|P7Rz{RC}=Rp?a@i)t4g>%d;2)F&>6)Vm~nJ-wc>TS45}QT*qL;Y)6FZ zy&di1@PzfBS|(+BHRPZW(P?aK69GIq2oH`?uP;Lk?#rs#zF9o>>9~MTZo5$W)_m+o_tbs7s>bKl9jE&^ zS3B_tD)a(x`InrHnla|Cw?$ykJXW)XnLb{g8M>BH5$$PiVmhrR;)|{|!EC@P*5b&| zYE2$v+1y0?PJFCs`Lgzb36?{^l=vmp*R&9Ki-4QRatMsD2m?)*p8?Au5D{!6@O7n6 zmxb;Z1b$*$B>_mV7y@FtE?bX9b@$98BOibK(geg7LqN9xQ#+~NzI;>r2s33#rM^9f z0kE+i>B6|#bhaDi(Piga(dWE$$=sMBE)exa3A9=i0fY9dH&aO##FqLhX2ba72)!Bs zumwFovNJt7E=8l%Q+V>vRLzD;RPPMnj1j#Z3~WelRXT!$=fL4C1G&r0_6%^QSp$Ko zkW!<1sX$3Qv~et6P(d1M8NxofgLTCnCkprGYf^s@&aWAL9_@0i zc^d3RN@|JLG#ci9w2j1FCQu0r=@(I9$RBV~ZCHx7V`an<8LX+-j=8QUQC3xumygpS z7l0Jy;v})}1O2hncf)YVXtm9S49PNs1h&Dw)_cd!e@6T$WCw$(He@F?I}^`}+wDS) z>Qiak?2S-dpIF5UX$=}nTl4Qz0EV!3*=D20=0YC~+(b4^55hqft)8(hz`}+cZqg}Q zUs??diptu%+O-bhJ*M;JE{97bks>O>TJ7;LVB6{DFHFGQk_Z^OiC06};nJH)P{*3n z0JE^ck(;!f4m7C7Lo~15{zqW%8QS2M4NK@024~HflK|@pL0);IKaK zG@OU!bs$Y*{X-EDxiIFlvQKN};2zAfoL)n{kfF=K6OpPdSI#)&mAa z{jzbY--h@NgS%{ky=gW+|9m4HY(X8v#&_Qg*GdW919&1%_pn3#e1`Rd>1_(G9 zxQFIcGJ#Bodyt7EQsX&~+>*rXcQk=b?RQVdR^?+PZAUF9;Q$G(%%VUsW`RY}Xd|Fs zem2w#-5^B=S^@^X2gw0!{$)qPfN?uBMq{z%-+b6!;Y}@J(SSylZNZHFSOfq%jk`zuixF=-;5gCDf;$0V=_y6XeG980zFn7 z8<)3*yYgRr={503m}xNt7Q+i<3DPwJk70$y5Xgi(R!HEonF<1#L!@xi3JDy6lNLmv z+7uh4#Su7fK?Lq~enTI;8ZC>!1qOmF66g$qI|h%gfaz=Buukm*0N;MG0IrCEPl{M?rXBhk#n7kSQgZ z&WNOn6Q@Q6J9Nx5=H&W~);m{MUYI~2h!BdBmMjvduH1xkVr3teXSC0-+J(P-{E)c?*@&UD4LZnEhy3Ea@3UBXg1VX zEP-?|sV}Iztp;`P?xo{61KdG6J>upJEUT&KXF=@ffjn0i4%NKAJf1)>QYid!%&^L*BLjZB~T3lv3SYy70Xkm#EL|*A<@D~B9VBJ zWZiN}My7O6?qQjnmU3E3@#{-fRfh8u)!eT5Q+`Hv`m9WLXuot@#>&NFE%{lLAWoG? z{=FHeHO`ZrlV6dS-qCxWg(lB$-n;jKsPAqQKpP#qndY10>c!)S3*+XbE}&X=Nve4I z_)*mCzx{434x7bc#62j&*V~nY-Klg|b}UyvCad+RnM;2?URqw;B`1k(rYNxcE&-%! zMJ-2&mX2Dn`U}R3D48S_MhxZQC9GY$1|5)h{P?kb`*v;Jn7(4c&y%AC!EU5+UA?`% z!+sc_n4G@lw*%)-96xjI`t|FTwT~KGkg~nQPs@jUM;oedRmkNBq(71`}!akizox>27MH9fX6V}`@(5YbM4Ygt_lF9N9X8oTplgz63Ma0U=`t`SM zT)1#HCwtwZL_6SIGwHxj5v&`?;t51?O{~6A8|K<#mK%7_o^K}w$h&_etQE$W-GD+0wH0hFOwtY7nv(0zY@fd*q^7?qCrR+hmNh?o_8h*l}IfT$~;R?6~4q zWHkhQhIEC1+$?vHP7@gIr``U!elX#c&TcP?Hczkzh?G7qU@p6=3j_+yatAAD z0^x0U@$q;t48;%Jr`Oe23iGnoEu0#PODuYe3tpiBhL6Se&TvJB}Vft4^}lJJK?-X{2CxteDfKtDQ=UjR?ow&`Q(D(b$5T(DjOAD>@4 zmYuaaO*}o+bi)jbH&HZo*y>)t1A#wHAWnC4b!NbFt0kcHWBjLGz6%xzr;0>BC5h+H zU7aP($vrMRN82V(%6|WkbgeKpX=#Qur-163_NI%5@?2n8Z{L9G+cA0xP+zmfdI_*Y z|5H?PtG4S#^tz#(-X0A8ACvCIX&SOj=~ge~+3gy+DLu`Hq-Q#|j97rw`4jsG0e-g$ zY=g>PzJcek(&T6XDEc03<5aWf_9p_|nC=od2YJ1H2ZO(-9j5vHiGcm&?h+{OJhGXS+Pulp13frw+GUaB;yomKqUa|P zBMZ{gw`8PKvT5tqtbGTLpDr#ekQe6c`z;pl?=jeJNPccMk>f>|Z&yEQY_?(o=ZKF= zbyZbW-R*050etbye-G`FN~KvD>DU!iJY6K3CB}ZXlJv~&2WidRZmIM?xw!}6C%OEO z<9S)X%ofE&M-Tqqi#UTaI^;oPCe2y4hK|r&A{PHNRX9qZmLQ(Ht6De)6d(5Z!!~zT zXYPO@JE{RL;_ zCD*&O#C}v&QTAs^iM*Kc%r3v972jHSx4iVc>~QX`wX4=H6b!k<&D?5sxgyV(ynfbHy z?iY>jE?dtMTQ-5Ski2!j?9yH4h8|bwa~7?+CYNdCr2IS zo(>*Et|k#|Lz-9urc%gS0|9%>)w)ImOv&$<#P|JL;@B$DJ=@j?MF&{aG8t}BsO{@#=`_S;wlV*wkC0Vs@qcr>Q z+2R|fhOsS&XO=~vae=Q-*)-3*$Go!oeX zghG*6yiD>hY|fk^5=|8fh2cYZJU1q9F3XJ<7QzeV@d8|3U0LmOw|WnmB>Gt^$<}O9 zyl|9YfOos>z2Cax98V;fG9|->Q|2sLosp5TMj}}{EjHZ4l|MXA^z%$-R}1TfGGSEQ zP}=hAbYgaA`+hGNBa9dQoU&@i@285(t2#4K-oH_L=8uYYUEANc%m0+0&CM;4 z$xdCYG?q2zK~?2d`I)1;veruGi$$VwLSZ!HQ8AQf;LFBbsHUX$pJy$WL0}q=40?R+ zkNsK8rcV$GC;s%WRPi+Nj8sX+)_r-oxxZ!pDm{>wS0Fos?e5pA`qrpha|?HiH>#>` zm6yp24{e?w6Yi!RO*Ldvl6dikw6wI@aZyq6eKh<1sP7flB{f%1%Ve_r-=rA}<0FII ziO115T;5QDgJ<6)Fd|sdPh=7N(8F0T(5{T3I zbL^WVag0xYAt3CdbD;#+{z4#}-!}=&>^B60hWAYZao+uffa{FDNg%f0j03K-`X+%? z*4=(WfE(903GDb<&eD%a!uF~MT{`Fa$;WM&dAbLh9^GXZ}9w_TgLaGk+3IAmnpw0V+@%*{9+b=$hNnY655mL!Ua z3g>%s-N3%BsDuNT%jXY^8Z}WQmaNRo+>MXP)X4fYN>Y=O;^X2*;_ow<&*ukox$R9r z{2%9whr{MRYNb3schSLfSMNTpzh8E-^kPvvDJiS0u2$67KWoC$4S&Gqrl!XF`lk;Y zo4S&PPgz%8T~lA*)YRRKtt~H~J*=)MEjqbBd;97Xp&tvpmo@cK0{uf;`$87Reoeq~ zd?jpRBVZ$76B_{=0h`ze*a+CfM!-hECN=^#0yeP`uo19{jew1SO?sUGhi{XwCmet= eV3V&YWBxydt7F~736W_40000 What is an unstoppable application? - -
- > What properties of a system make it "stoppable"? - - Notes: - Web2 context: central providers & authorities, ... @@ -97,7 +91,7 @@ We want the most robust system possible, given the _environment_ the consensus s ## Attacking Web3 - +https://xkcd.com/538/ Notes: @@ -632,7 +626,7 @@ Notes: Watch _after class_. Perhaps assigned informally to everyone to watch in the next few days. ----v +---v ## Can't vs. Wont @@ -643,7 +637,7 @@ claim you don't have the ability anymore -> negligence moral relativism -> "who's law?" -"oops clause" -> not too narrow. +"oops clause" -> not too narrow. --- @@ -655,7 +649,6 @@ OFAC has had on validator compliance because of Tornado Cash. - code is unstoppable, but platform _can_ sensor. ability -> responsibility - --- ## Democratic Systems @@ -683,14 +676,14 @@ Decentralized Autonomous Organizations ([DAOs](https://www.investopedia.com/tech ## Modeling Behavior - [Token Engineering](#next-steps) -Notes: + Notes: Mostly free education and tools to dive deeper on tokenomics. Remember, these are _models_ of idealized systems in general, real world conditions will differ! --- -## TODO +## TODO example of luna or other system collapse @@ -699,14 +692,33 @@ example of luna or other system collapse --- +--- + +## Dependency + +https://xkcd.com/2347/ + +- [Confusion](https://secureteam.co.uk/news/what-is-a-dependency-confusion-attack/) +- [Hijacking](https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware) +- [Hardware side-channel attacks](https://hackaday.com/2019/09/13/side-channel-attack-shows-vulnerabilities-of-cryptocurrency-wallets/) + +Notes: + +- yes in software and hardware, you are at risk of attack from poisoned deps through non-maintenance, up to targeted exploitation. + One mitigation is vendoring these, need systems inn place to monitor. Dependabot is not sufficient. +- Also in dependance on specific operational contexts. + For example that it is legal to operate the software for nodes. + +--- ## Unknown unknowns Notes: -We cannot usually guarantee/prove that every possible condition is accounted for in our models & system design. +Outside of the system itself, we cannot guarantee/prove that every possible condition is accounted for in our models & system design. We must expect forces outside our system & it's model may interact in unexpected ways. Assumptions about context must be rigorously evaluated (i.e. - what does finality mean in the chain this pallet or contract lives in?) +(Formal mathematical proofs reason only about the things we can and do account for.) --- @@ -714,7 +726,7 @@ Assumptions about context must be rigorously evaluated (i.e. - what does finalit - Complexity generally increases the risks of failures - Hypothesis: this _usually_ makes systems more brittle. -- "Oops clauses" may be justified, but be careful they don't undermine the system +- "Oops clauses" may be justified, but take heed they do not undermine the system. Notes: @@ -723,12 +735,7 @@ Governance/"oops clause" can help fix things, but also risk system capture. --- -## Wrap Up - -End of Module 3. -Goal is that you now have the primitives and concepts necessary to dive into Substrate and Polkadot and start building unstoppable Web3 applications. - ---- + ## Questions