Typed Python with MyPy

The “The DAO” hack1 threw me down a “how safely can I write code” rabbit hole2, which has led to me picking up typed Python for my current project3.

Support for “type hints” was introduced in PEP 484 and implemented for the first time in Python 3.5. As Python is not and will not at any time in the future be a proper statically typed language, the PEP describes a method of “hinting” at types using structured comments and other syntactic sugar which the Python 3.5 compiler studiously ignores. External utilities can then interpret and enforce as they will. While in theory this allows for competition among approaches, at present there’s only one functional type checker: MyPy.

Centralization is a power relation

A thread on r/ethereum has lead me to once again realize the disconnect between my perception of the Ethereum community and its reality. The first time this happened for me was in the wake of the “The DAO” debacle. I was unperturbed by the hack, having expected exactly that sort of thing to happen with regularity, and yet others seemed surprised and distressed. This was not a inevitability they were prepared for, it seemed.

Ethereum Micropayment Channels

This is a repost of an answer I gave on the Ethereum StackExchange. It describes a simple micropayment channel implementation I’ve had bumping around in my head for the past week or so. I spent enough time writing it that I figured I’d share it here as well.

Q: What are payment channels? Can they be implemented on Ethereum?

Absolutely. In fact, there’s a project currently underway to implement an Ethereum Lightning Network, which uses micropayment transaction channels, called Raiden.

For those who aren’t already familiar with microtransaction channels, here’s a primer. Feel free to skip the next two paragraphs if you’re already familiar with the mechanism:

An RNG Method for Ethereum

Last night I was thinking about how to do random number generation in Ethereum. It’s a difficult problem, given the fact that the blockchain is, and must be, public and deterministic. Using a future block hash can work in certain applications if the properties required of the selected block are kept secret until several blocks after the block has been mined. Even in this scenario, though, it’d be possible for a powerful malicious miner or consortium of miners to just consistently skew the distribution of random values and affect the overall outcome of an RNG-dependent dapp over the long haul. This especially becomes a problem under proof-of-stake, as computing capacity that might have otherwise had to go toward mining is freed up for block hash mutation. Sophisticated users may notice the skew in such a scenario, but I expect most would not. Such a tactic might go unnoticed for a long time.

The Nexus Docker Environment

I work as a developer for Nexus. One of the things I’ve done to make it easier for new developers to come on board and start contributing code was to create a Docker image that contains a pre-built development environment containing everything a new developer might need. It also helps with being able to reproduce each other’s bugs, as our environments are all very similar. I’ve been using it myself every day now for about a month, so I figured it’s time I write a post introducing it.

Maker DAO

This blog post is based on a presentation I gave on January 4th, 2016 at the Ethereum meetup in Seattle. The slides are available, as is a video of the event.

I’ve been working with Nexus, an Ethereum-centric blockchain development shop, on a decentralized cryptocurrency leveraging and stablecoin platform called Maker. There’s a whitepaper available for it, but some of the concepts can be tricky, so I’m writing this explanation to provide another resource for anyone trying to figure it out.

To start with a summary: Maker is a stablecoin and decentralized cryptocurrency leveraging platform built on the Ethereum blockchain. It is composed of three primary pieces.


A lot of the technology that empowers people does so while simultaneously creating a large power disparity between the user of the technology and the provider of the technology. In aggregate, this can result in an unhealthy power dynamic between the technology provider and society as a whole. SovereignCyb.org is a news feed focusing on technology that empowers people while minimizing those sorts of power disparities.

Torrent This Post

Every post on this blog can now be torrented, thanks to the “BitTorrent My Blog” WordPress plugin by Maymay. (Maymay is perhaps better known for writing the Predator Alert Tool family of apps and plugins for use with social networks like Facebook and OkCupid.) If you’re using the Maelstrom browser, you will be torrenting and seeding this blog by default.

If you want to torrent any post on my blog, just add “/webseed” to the URL. For example, this post’s torrent can be found at http://ryepdx.com/2015/03/torrent-this-post/webseed.

Watching Websites for Changes in Linux

(Some of this may also apply to OS X, since it’s Unix-like.)

Edit: The general idea does translate well to OS X, but there are a few key differences which Maymay has noted in the comments.

I was digging around in my home directory today and came across a script I’d written last May during one of Github’s outages to alert me when it came back up. Yesterday I turned out a one-liner to watch a website and alert me when it changed, so I was struck by how my problem-solving approach had changed in the intervening months as I continued to learn more about the utilities available on the Unix command line.

Communications Security

This is a copy of a handout I wrote for a talk on PGP to a group of activists at a dinner on January 29th, 2015. The intent was to provide a supplement to the practical, but narrow, walkthrough I’d given for those who wanted to dig deeper into data security in general.

Basic Security Principles

  1. Your security chain is only as strong as its weakest link. Make sure you understand the strengths and weaknesses of each link in your security chain. Take care to maintain the integrity of every link in your security chain. Using encryption will not help you if you composed your message on a compromised machine.