Hacker News

How we recovered $300k of Bitcoin(reperiendi.wordpress.com)

998 pointsmathgenius posted 2 months ago208 Comments
208 Comments:
aresant said 2 months ago:

"I’m currently looking for work in a staff or senior staff engineering or data scientist role. If you’ve got interesting technical analysis or optimization problems, please reach out to me and let’s talk."

That is probably the best CV I've ever read by accident.

You should broaden your job hunt criteria to technical content marketing - seriously!

Very rare to possess the skill to tell a story in an entertaining, approachable and detailed technical fashion.

ogre_codes said 2 months ago:

> That is probably the best CV I've ever read by accident.

Exactly what I was thinking.

metaweta said 2 months ago:

Hahaha, thanks!

Expeditus419 said 2 months ago:

I saw this post and initially skipped it because I know how crypto threads go on HN. Then saw on LinkedIn it was from you. Can confirm, this gent is a great engineer and is actually a nice guy.

metaweta said 2 months ago:

Thanks!

hanniabu said 2 months ago:

> If you’ve got interesting technical analysis...

FYI, not sure if english is your first language or not but this should be "If you have interesting technical analysis..."

dantillberg said 2 months ago:

"If you've got" may not be formal "correct" English, but everyone understands it and it's used quite commonly in daily speech (and writing). I would wager that "if you've got" may actually be preferable to "if you have," in order to engage the reader at a more comfortable, personal level.

anyfoo said 2 months ago:

So correct, that I distinctively remember learning it from school books in English class in Germany.

dkersten said 2 months ago:

Germans tend to pronounce A's in English as if they were E's ("cat" is pronounced as "k-eh-t" instead of "k-ah-t" -- which I don't really understand since A in German is pronounced as "ah"), so I'm not sure if everything you learned in English class is correct ;-)

anyfoo said 2 months ago:

English class in Germany told me to pronounce it the "k-ah-t" way because they were primarily teaching British English, but I think a lot of exposure to US Media brings people to pronounce it "k-eh-t" (and maybe overdoing it in trying to do so).

That's another thing I distinctively remember from English class in Germany, being taught the British pronunciation that, at that young age, was much less familiar to me than American pronunciation, and some slight confusion around that.

dkersten said 2 months ago:

Definitely overdoing it! :)

I’m a native (non-American) English speaker and the American pronunciation, to me, doesn’t sound like keht at all. (German was technically my first language, although English became my main language at an early age, so I’m quite used to German accents, so it’s definitely not caused by the native accents imho)

I once (when I was ~15 or so) had an argument with a kid who simply would not believe me that the letters C-A-T aren’t pronounced keht

anyfoo said 2 months ago:

The English books seemed to teach the correct thing, however, using the correct IPA and giving the correct hints. Just like with "I've got [something]".

It's also definitely not the case that the "a" in American English "cat" is pronounced like "a" usually is in German. In that case, the "a" sounds much closer to a German "e" then a German "a". The IPA for AE "cat" is kæt, not kat (where in some parts of Britain it actually is kat).

dkersten said 2 months ago:

Thanks, that was interesting :)

jambalayaman said 2 months ago:

Perhaps it is the american accent they are taught, americans would say keht. I always thought it was strange football was fussball in german, yet they'd call in soccer in english.

dkersten said 2 months ago:

Except the American accent doesn’t say keht — maybe there’s a slight hint (cough accent) of it, but it’s very slight, while the German way sounds rather odd, I bet even to Americans.

The soccer thing is pretty funny though. :)

pbhjpbhj said 2 months ago:

FWIW "you've got" seems very US American to me (native en-gb).

YooLi said 2 months ago:

“You’ve got mail!”

mirimir said 2 months ago:

Yep, sure is.

samatman said 2 months ago:

Not only that, but in speech, the 've is often dropped entirely, like "Hey if you got a few more minutes can I ask another question?"

I wouldn't write this, but I would absolutely say it, and it doesn't carry the rough affect of something like ain't.

mirimir said 2 months ago:

I'd say "if y'all got".

samatman said 2 months ago:

To one person?

mirimir said 2 months ago:

Yes. For many, it's "all y'all" ;)

andrepd said 2 months ago:

The issue is, I think, "you've got analysis" vs either "you've got an analysis" (singular) or "you've got analyses" (plural).

Still, pretty minor thing to nitpick about.

wyattpeak said 2 months ago:

You're misparsing the sentence: "If you’ve got interesting technical analysis [or optimization] problems". "Technical analysis" is an adjective, not a noun.

andrepd said 2 months ago:

So I am. I was reading off the GP's (incomplete) quotation it seems.

Blake_Emigro said 2 months ago:

FYI, not sure if english is your first language or not but this should be "If you have interesting technical analysis..."

I'm not sure if English is your first language, but this should be, "if you have interesting technical analysis..."

Everyone can pick apart the mistakes of others, find mine!

wl said 2 months ago:

It may not be formal English, but it's idiomic language that a native speaker would use.

> Where have expresses a state rather than an event it is replaceable by the idiom have got.

The Cambridge Grammar of the English Language, 2.5.6(c).

FroshKiller said 2 months ago:

Native American English speaker. "If you've got" like this is perfectly idiomatic.

projektfu said 2 months ago:

You’ve got mail! —native English speaker

mrosett said 2 months ago:

Ha! Case closed I believe.

nickysielicki said 2 months ago:

> If you’ve got the time... We’ve got the beer. Miller beer.

https://youtu.be/k_HzThfudIk

tmountain said 2 months ago:

If you’ve got the money honey / I’ve got the time. —Willie Nelson (American Treasure)

VSerge said 2 months ago:

I share your sentiment. This seems to be a great engineer, storyteller, and a person able to make a complex technical story accessible to a layperson with only minimal dumbing down (except if I'm too ignorant to perceive the magnitude of the possible dumbing down, in which case, oh well).

In any case, dear author, thanks for the write up, it makes for great reading, and I hope you receive offers for endeavors that give you as much intellectual stimulation as it is useful to society at large, and a large enough paycheck.

cptaj said 2 months ago:

Sadly its not a well paid skill on average (As in, excluding famous youtubers or whatever)

antonzabirko said 2 months ago:

What's different from other CVs? Seems similar to pitches on most personal sites.

9nGQluzmnq3M said 2 months ago:

This "CV" is the embodiment of show, don't tell: it's a lot more convincing than a bullet point saying "experienced cryptographer".

antonzabirko said 2 months ago:

Yeah but that's because you're on his site. Go on other personal sites and you will experience the same, no?

adamweld said 2 months ago:

He didn't say it was the only job pitch that he'd read at the end of an article. He said it was the best one.

antonzabirko said 2 months ago:

I didn't say it was the only one he read, i was asking how it's any better than all the other same ones lol.

sireat said 2 months ago:

The author is a very talented applied cryptographer with a very impressive resume (he is looking for new projects).

The following CV line stands out however:

Google: Software Engineer, Ads Review. June 2014– March 2016.

Angular / Java developer on the internal tool used by contractors to review Google ads for policy violations.

How did that saying about "brightest minds working on ads" go?

I am not blaming the author as I would have done the same(and I imagine author was not told when hired that he'd be working on Java/Angular ad tool).

Again it is not that Java or Angular are bad per se, but working on ad CRUD seems completely orthogonal to author's talents.

kleer001 said 2 months ago:

> How did that saying about "brightest minds working on ads" go?

The sentiment is a bit older than ads. It goes:

" I saw the best minds of my generation destroyed by madness, starving hysterical naked, dragging themselves through the negro streets at dawn looking for an angry fix,

angelheaded hipsters burning for the ancient heavenly connection to the starry dynamo in the machinery of night,

who poverty and tatters and hollow-eyed and high sat up smoking in the supernatural darkness of cold-water flats floating across the tops of cities contemplating jazz,

who bared their brains to Heaven under the El and saw Mohammedan angels staggering on tenement roofs illuminated,

who passed through universities with radiant cool eyes hallucinating Arkansas and Blake-light tragedy among the scholars of war,

who were expelled from the academies for crazy & publishing obscene odes on the windows of the skull,"

Howl by Allen Ginsberg:

https://www.poetryfoundation.org/poems/49303/howl

DavidAdams said 2 months ago:

Some might consider your post to be off-topic or worse a "well, actually" interjection, I found it fascinating to learn the source of the "best minds of my generation" framing. Thanks.

c3534l said 2 months ago:

I see no reason to think Ginsberg originated the phrase "best minds of a generation," but it doesn't appear cliche enough of a phrase to even have an etymology I could look up.

dhskdjskdhsj said 2 months ago:
c3534l said 2 months ago:

First, that's a different, much more specific variation that is clearly from Howl. I have heard the phrase "the best minds of a generation" in old movies and books before, but they would have been around 1950 so maybe Howl came first. Second, your link isn't actually about the Howl quote anyway, which makes me suspicious that you didn't even read the link you posted. The link investigates a quote from 2011 that contains a play on the first line of Howl and investigates that quote, not Howl, nor the phrase which appears in Howl that we're discussing.

sijdtjbfyh said 2 months ago:

We are discussing the quotation from 2011. See the original comment upthread which reads 'How did that saying about "brightest minds working on ads" go?'

The comment by DavidAdams to which you replied was thanking someone for mentioning the Ginsberg connection in relation to the topic under discussion, i.e. the 2011 'framing' which unambiguously draws on Ginsberg.

I think you're just making trouble, to be honest.

staplers said 2 months ago:

Yeah we shouldn't credit anyone for popularizing anything unless they were the absolute first to fathom the idea.

c3534l said 2 months ago:

I didn't say that. I didn't even suggest that he didn't create the term. I just said that there's no reason to assume, just because a phrase exists in famous work of art, that it is the origin or popularizer of the phrase. The person I was responding to said it was interesting to learn the origin of the phrase, except no one actually posted anything indicating it was the origin. It just contained it. Maybe it's the origin. I'd be interested in a good source for it. But the normal places I go to to get reliable etymologies (there are plenty of terrible sources for etymologies, unfortunately) don't have that phrase in there.

In other words, I was saying "that's a bad assumption, but I can't actually confirm or deny whether the conclusion is true."

I don't know where you or other people responding to me got the idea that I was saying anything other than exactly what I said. I'm not sure where the breakdown in meaning has occurred.

kleer001 said 2 months ago:

I can only claim to know the previous iteration. I'm sure the sentiment is actually as old as civilization its self.

clwk said 2 months ago:

Fuckin' Moloch.

lozaning said 2 months ago:

"Out of all the things I have lost, I miss my mind the most."- Ozzy Osbourne

said 2 months ago:
[deleted]
metaweta said 2 months ago:

Yeah, and it's why I left that job for something else.

theblueprint said 2 months ago:

Thank you for your work on PRTK. As a forensic practitioner during your time at AD, it was always an invaluable tool in my kit.

metaweta said 2 months ago:

Glad to hear it!

john_alan said 2 months ago:

Just wanted to say that was such a fantastic read. Incredible stuff. I aspire to be as talented in Applied crypto.

aeontech said 2 months ago:

What's the best way to reach you? I know a few people who might be quite interested and interesting to work with.

metaweta said 2 months ago:

metaweta@gmail.com

jodrellblank said 2 months ago:

> How did that saying about "brightest minds working on ads" go?

I think it goes something like the Open Source saying "that person doesn't owe anyone their intelligence to work on so-called important problems for free, just because it might be nice if they did".

Want smart people to solve important problems? Find a way to pay more for that, than for ads, or find a way they don't need to earn money to live at the standard they want.

joosters said 2 months ago:

Never going to happen. Look at other important jobs - doctors and nurses can have very low wages, while professional footballers earn millions. We all know which one is more important, but there's no way the medics will ever get paid comparably.

wolco said 2 months ago:

Some top doctors can earn at least nba coach level figures. Frontline workers testing people will never make that amount because the skill level is lower so more people can do the work. If everyone refused and only a handful of people were left they couldn't reproduce the same impact anyhow and the program would close instead of paying them millions. Together they have a big impact and one on one they have a big impact but a single first responder doesn't have the attention or connection of millions. Would you put a poster of Jill, Nurse 56 from Grandrapids who works in the covid wing cleaning sheets? Probably not, even though the job is extremely important.

pbhjpbhj said 2 months ago:

>Some top doctors can earn at least nba coach level figures //

Ethically?

wolco said 2 months ago:

Sure everything from plastic surgeons to heart specialists. Not everyone has to be a doctor to the stars or go on shark tank to make millions. Does your local walkin clinic doctor make that? No, but would make 500k before expensives.

banads said 2 months ago:

>Want smart people to solve important problems? Find a way to pay more for that, than for ads, or find a way they don't need to earn money to live at the standard they want.

This is essentially the Nuremburg Defense, but it's "just following money" rather than "just following orders".

Unless we reach some magical Utopia, we will always have the choice between making money through ethical or unethical means, with the former being beneficial to society, and latter being more lucrative to the individual.

TACIXAT said 2 months ago:

This is the tragic thing I think. There are some really cool things that I want to work on but very few people paying for it. Awesome doesn't necessarily mean valuable.

lonelappde said 2 months ago:

OP actually did a lot of bright minded work on the side of the Ads stuff.

said 2 months ago:
[deleted]
andrepd said 2 months ago:

"You want doctors and researchers to be paid more than football players? Just find a way to make them more lucrative than ads."

It's a rather reductive and defeatist view. There's nothing more harmful than looking at a specific state of affairs and going "eh, that's just the way the world works", as if our current economic system was an immutable law of nature.

jodrellblank said 2 months ago:

I don't know how you get from "find a way to change things" to reading "the current state is immutable", but I meant exactly the opposite, it's changeable and dynamic and changing.

The brightest minds are working on ad-tech, not as an immutable law of nature, but because that's where the incentives are, and if the parent commenter wants that to change, whining about how the OP isn't more charitable won't solve it, like whining that open source developers don't work on what users want instead of what they want won't change it; If it's all about incentives, we [1] should look towards finding a way to incentivise the more desired outcome.

[1] parent commenter alone, or society generally.

TrackerFF said 2 months ago:

Getting paid $300k / year to work on CRUD apps seems pretty nice to me.

brailsafe said 2 months ago:

Working in easy or boring stuff for a lot of money is nice if you need it, but miserable if you're an intrinsically motivated person.

_se said 2 months ago:

Being bored for 10 hours a day when you have the capability to do so much really is terrible. Couldn't agree with you more.

brailsafe said 2 months ago:

I'm kind of in this situation now, and it doesn't feel super great to be sort of trapped in a golden handcuffs kind of situation. The effect would be less intense if it weren't an entirely mental exercise.

joncrane said 2 months ago:

I have two thoughts:

1) I generally take the higher paying gigs but mostly so I can accelerate retirement 2) Even in the crappiness of high paying jobs (I often think I'm essentially being bribed to put up with all the BS) I can generally maneuver myself into doing interesting work. It takes about 1.5 years of concerted effort, but once I understand how stuff works, I can generally start nudging stuff in the right direction, and can eventually find some form of fulfillment amongst the BS.

dkersten said 2 months ago:

I'm only commenting on 1, not on the rest of your comment:

> I generally take the higher paying gigs but mostly so I can accelerate retirement

My problem with this outlook is that sacrificing my current well-being for increased future well-being is risky. I don't know how long I will live or what my health will be like. I have to make the best of the time I have now (without sacrificing too much future well-being, of course!)

Not that I don't do the same, just, it feels risky, on its own. I think the rest of your comment is super important for this reason.

brailsafe said 2 months ago:

It's a tricky balance to strike. I used to think that you should just work if it's available to you, but now I'm much more inclined to work so you can afford to not work in the near-term rather than only at the hypothetical end. If you can afford to be laid off or quit and just willingly chill and do whatever for a while, that's a good option to take.

dkersten said 2 months ago:

Absolutely. I’m painfully aware that I didn’t offer any solution either, because it is a balance that everyone must find for themselves. The main thing I was trying to get across is that sacrificing now for a reward in the possibly distant (relatively speaking) future is too risky for me since I don’t know what the future holds (and given how many people I know who have died young makes me reluctant to take for granted that I would reach retirement age (even early))

brailsafe said 2 months ago:

The sentiment is certainly shared.

khabibthyme said 2 months ago:

Having worked in startups for most of my career, I see a lot of engineers who yo-yo between high paid, boring jobs in FAANG-esque companies and burnout-inducing early stage gigs.

miguelmota said 2 months ago:

I love working at startups and hated working at a large company. You learn 10x more in a fast paced environment where you get a chance to work on a little bit of everything and talking to partners and investors compared to a large scale company where you’re tweaking a small area of the company. Startups are obviously not for everyone and I know plenty of people that prefer the corporate environment either because they like the stability, hours, or the salary.

dropit_sphere said 2 months ago:

Which is a really weird situation when you think about it! This gives credence to the theory I've heard that corporate jobs are "unsustainable" in that they will only hire "smart" people, but actively make their employees dumber.

Whether that's the particular mechanism or not, I think this bears investigation.

TrackerFF said 2 months ago:

Well, that's how it is, and that's how it's been for decades.

Entire industries are taking the "best and the brightest", and wasting them on some of the most menial jobs imaginable.

Galaco said 2 months ago:

If you already do this every day for 1/10th of that compensation with no way out, the misery and boredom are already the norm.

brailsafe said 2 months ago:

That's a part of my point. The compensation is arbitrary past a certain point where your actual needs are met, unless you're driven by the stuff you exchange the money for. For myself, it's evident even in the post necessity phase where I know I still need to bank some cash to be able to assume some future volatility, but am not in the market for anything out of my reach to buy, so the money stops having tangible value.

mistahenry said 2 months ago:

> so the money stops having tangible value

I couldn’t agree with this sentiment more. My current job isn’t the highest paying job I’ve ever had (or could currently get). But the value in what I’m learning and exposed to keeps increasing over time. I am not the smartest person in the room and super happy about that

tyrust said 2 months ago:

One can exercise motivation outside of work.

ronyfadel said 2 months ago:

It’s hard to do when you get home with 0 brain power left after working for 8-10 hours straight doing mind-numbing work

wolco said 2 months ago:

But if you are over qualified your effort is lower. Working at a startup I felt I had nothing left in the tank compared to corporate job that I could checkout easily at the end of the day go home and write more code.

brailsafe said 2 months ago:

Even more so if you're already at home.

brailsafe said 2 months ago:

No doubt, that's how most people do it. But ideally you don't want your life to be one of hating most of what you're doing and then just compensating for it in a way that keeps the feedback loop working.

marcinzm said 2 months ago:

Why be unhappy for 8+ hours a day? Life is short enough as it is, sacrificing 1/4 of it seems rather silly to me unless you have to.

akhilcacharya said 2 months ago:

(It was probably a lot more than that)

mav3rick said 2 months ago:

(Who knew you have to pay top dollar for talented people)

said 2 months ago:
[deleted]
blondin said 2 months ago:

wait what?! where are you getting these numbers from?

lonelappde said 2 months ago:

levels.fyi.

Unlikely OP earned only $300K/yr

speedgoose said 2 months ago:

I should move to USA.

Reads the news

I will stay where I live.

ur-whale said 2 months ago:

This kind of story is pretty standard at Google:

1. Hire the best of the best, typically PhD level.

2. Assign them to random crap project that have precious little to do with their specialty and strengths.

3. Assume that if they were smart enough to earn a PhD on topic X, they'll learn quickly how to do work on Y, even if X and Y are completely unrelated.

DeathArrow said 2 months ago:

I've seen some CS and math PhD grads being employed for software engineering roles where all that mattered was knowing framework X by heart, memorizing GoF patterns, TDD, DDD, SOLID, clean code and all what uncle Bob was preaching in the '90s and early 2000.

I think both CS and software engineering have their own importance but they are not the same. It's better to hire the right person for the job.

Erwin said 2 months ago:

Looks like the Google job was relaxing enough to complete a PhD in Computer Science in 2015 at the same time.

lonelappde said 2 months ago:

Had to squeeze in th PhD after

> Biosimilarity, LLC: Partner. February 2013–May 2014.

Developed a decentralized massively scalable database based on the π-calculus and a secure distributed social network

dirtydroog said 2 months ago:

Actually, being involved in ad tech can get you involved in some really cool tech. It's an incredibly fast-paced industry, lots of parallels to HFT.

And yes, everyone in the industry knows that ads don't work, you have all the ad blockers, etc.

FabHK said 2 months ago:

> lots of parallels to HFT.

Including the fact that it might make its practitioners rich, while creating nothing of social value.

sudosysgen said 2 months ago:

In the case of ads, arguably negative social value.

jimmaswell said 2 months ago:

Connecting people to goods and services they may want or need in a targeted way that tries to make them more relevant seems positive if anything to me.

sudosysgen said 2 months ago:

Good thing we have search engines. If I want to find a good or service, I'll go look up reviews or the like. Ads only serve to sell me things that I don't need, in the vast majority of cases. I think it's fair to say that making people want more stuff is socially negative.

jimmaswell said 2 months ago:

> making people want more stuff is socially negative

I don't really think so in the general case. Personally I've eaten a lot of food I found out about from ads and wouldn't have known I wanted otherwise, and I'm glad iit happened.

sudosysgen said 2 months ago:

If you want to try new foods, that's cool, I do too. Read local food reviews.

But if ads convince you to try 47 different restaurants and that otherwise you would have been perfectly happy to eat at home, then the ads did a disservice to society.

jimmaswell said 2 months ago:

Relatively nobody goes out of their way for local food reviews. If advertising was suddenly banned I feel like people would end up much less likely to try anything new and life would be more stagnant overall. New businesses would struggle to attract customers and everyone would gravitate to McDonald's and Wal Mart even more than they already do.

sudosysgen said 2 months ago:

I disagree. I and I lot of people I know go out of our ways for local food reviews, and word of mouth is also incredibly powerful.

And you must remember that for every local food ad there are 300 ads for McDonalds or Walmart, and they are just as effective, altough likely for another demographic.

RockIslandLine said 2 months ago:

Great, So when do we start?

I would love to see ads that are only relevant to my life instead of penis pills.

tonfa said 2 months ago:

I'm seeing lots of good ads for local business on instagram at the moment, e.g. local bars doing home delivery.

nicoburns said 2 months ago:

Same for HFT

saagarjha said 2 months ago:

Why work on something that you know doesn't work and makes the world worse?

Baeocystin said 2 months ago:

Some people are absolutely OK with that. Some people, it bothers deeply. Same about weapons work, or other engineering tasks of various applicable moralities. We all have to make our choices. I know I've worked on things of minimal value, just because I needed to pay for life. I've switched to other things when able.

lonelappde said 2 months ago:

There's nothing unfairly wrong with Google Ads. It's the trackers that are bad.

nicoburns said 2 months ago:

And who do you think makes the trackers?

starpilot said 2 months ago:

I'm starting to consider any company whose revenue primarily comes from ads to be immoral. It's the business of hijacking people's minds. Part of this means stimulating the worst aspects of thinking: addiction, fear, pain, all that ads seek to satisfy.

riquito said 2 months ago:

You open a business. You sell something or offer a service. Day one is "let people know that I exist". Pretty much every form this take is advertising. No business live without making its customers aware of it.

It's not immoral in specializing on how to advertise. It's immoral to overstep some boundaries when doing it.

Disclosure: I worked in a company whose primary revenue was selling tools to create ads.

abdullahkhalids said 2 months ago:

I don't think there is any way to get rid of ads from society, as you say. I don't think ads were that big of a problem historically. The problem is that the recent (20ish years) era where the fast response of internet ads (a click on the ad immediately tell you it worked), compared to a tv ad (you wait a month to infer ad effectiveness from the revenue numbers), has enabled rapid A/B testing of ad design.

What that means is that ad design is rapidly iterated upon to maximize revenue of the company [1]. We also know from first principles that ads can have negative influences on people (making people dissatisfied with their bodies or lives, or making them engage in medically harmful behavior like smoking etc etc.). Now, there is very little legal regulation of what can be in an ad, except that factual statements in the ad are true; and ad creators rarely self-regulate.

So you have one variable A=product revenue. You have another variable B=negative psychological impact on viewers of ads. The ad optimization process only optimizes A, and places almost no constraints on B while doing so. Guess what? A significant percentage of ads end up with both high A and B.

This is the problem. I am not proposing any solutions, but the problem exists.

[1]. Also the techniques learned from internet ads are applied to tv, print and billboard ads.

andrepd said 2 months ago:

Discovery is a problem that can be solved in a million other methods. If (hypothetically, somehow) ads were outlawed from existence tomorrow, a thriving industry of independent reviewers would instantly pop up to serve the need of product discovery.

Painting the advertising industry as "humble startup putting up a sign in the downtown square" is also disingenuous. Most advertisements you see are done by big corporations. What's the excuse of Coca-Cola or McDonalds to plaster the streets with psychologically-crafted pictures of their unhealthy products, then?

riquito said 2 months ago:

> If (hypothetically, somehow) ads were outlawed from existence tomorrow, a thriving industry of independent reviewers would instantly pop up to serve the need of product discovery.

Hardly. You buy a domain name, put something on it and then what, wait for an independent reviewer to monitor the registrars? And that review would be discovered how?

> Painting the advertising industry as "humble startup putting up a sign in the downtown square" is also disingenuous. Most advertisements you see are done by big corporations. What's the excuse of Coca-Cola or McDonalds to plaster the streets with psychologically-crafted pictures of their unhealthy products, then?

I have no idea how did you reach that conclusion from what I wrote.

yyyk said 2 months ago:

"If (hypothetically, somehow) ads were outlawed from existence tomorrow, a thriving industry of independent reviewers would instantly pop up to serve the need of product discovery."

By "independent reviewers", you mean bought youtube influencers, right? Because that's what's often happening in industries where external reviews plays a big role.

andrepd said 2 months ago:

You're absolutely correct, but leave it to "the market" and it will drill through your very self if it finds a dime at the bottom.

cambalache said 2 months ago:

I understand and agree with your point but I think this site overvalues CS graduates by a lot. There are bright minds everywhere, doing math, physics, literature, medicine, law and a long etc. That "some" minds, because of greed/need-to-subsistence or whatever the reason choose that path is a shame but hardly a loss in the great scheme of things. Most intellectual pursuits are already fiercely competitive as it is.

lonelappde said 2 months ago:

You might want to read OPs's CV before dismissing his brightness

said 2 months ago:
[deleted]
mister_hn said 2 months ago:

Sometimes you have no choices than working on something not fitting your skills.

Imagine those with a university degree working at McDonald's serving menus

blazespin said 2 months ago:

Wasn't Einstein a patent clerk? Can't imagine working on glue code at Google is all that bad.

beamatronic said 2 months ago:

”Until a man is twenty-five, he still thinks, every so often, that under the right circumstances he could be the baddest motherfucker in the world. If I moved to a martial-arts monastery in China and studied real hard for ten years. if my family was wiped out by Colombian drug dealers and I swore myself to revenge. If I got a fatal disease, had one year to live, devoted it to wiping out street crime. If I just dropped out and devoted my life to being bad. Hiro used to feel that way, too, but then he ran into Raven. In a way, this is liberating. He no longer has to worry about trying to be the baddest motherfucker in the world. The position is taken.”

55555 said 2 months ago:

Thanks for this quote. I've added Snow Crash to my want-to-read list.

metaweta said 2 months ago:

Lol thanks!

aazaa said 2 months ago:

> Recovering the key was usually instantaneous, but to help people feel like they’d gotten their money’s worth, we’d put on a little animated show like a Hollywood hacking scene with lots of random characters that gradually revealed the right password.

and later ...

> I’m currently looking for work in a staff or senior staff engineering or data scientist role. If you’ve got interesting technical analysis or optimization problems, please reach out to me and let’s talk.

I can't help but wonder if this write-up (which is fascinating) may not be one of those little animated shows to help propspective employers feel like they'll get their money's worth.

hippich said 2 months ago:

Slightly offtopic, but I always laughed at these types of animations in hacker movies. Until one day I made a tool to extract strings (mostly passwords or hashes, purely for academic purposes!) through SQL injections in SQL Server when the error message did not return anything useful. I scanned each character bit by bit and depending on the value, I would either return control immediately or delay the response by a couple of hundred ms. That allowed me to reconstruct the string bit by bit, and as new information was acquired for each character - it would change on the screen. It looked exactly like some of these hacker movie scenes... =)

metaweta said 2 months ago:

That little animation was put there by the guy who hired me. We got rid of it in the Password Recovery ToolKit that combined all the modules I'd written into a single tool. In that one, we had a big list of any encrypted files we found and their passwords. With enough modules, it was entertaining enough to watch the list grow. And it was very satisfying when the user reused a password on something trivial to crack that let us open a Word 97 file.

DangitBobby said 2 months ago:

That's an incredibly cynical take.

logarhythmic said 2 months ago:

Right? Jesus...

Thorrez said 2 months ago:

The animated show isn't useful. This article is useful because it actually reveals information about the author.

Also even if you're not interested in the author, it has useful information about cryptography, cryptanalysis, and optimization.

afiori said 2 months ago:

the animated show is useful, it is part of the UX and it can be focal in communicating the intention and expectation behind the software.

it is not part of the main business logic but neither are well designed icons.

njsubedi said 2 months ago:

That animation was 20 years ago. The author probably has different priorities now?

said 2 months ago:
[deleted]
jodrellblank said 2 months ago:

@metaweta: The technical side is interesting, but seems like the admin side would be too; how did the administration and contract side play out?

Someone needed to front an estimated $100k of GPU costs, without being sure it would work - and then pay for your work on top; who risked that? You had no proof the claimed Bitcoins inside were real, or as many as claimed. You're in New Zealand(?) and the customer is in Russia - you need the file to study it and if you crack it then you have the Bitcoins as well - how did they become comfortable that you wouldn't steal them and say you couldn't crack it? Did it worry you that the owner might not be able to convert them to cash, e.g. if the Exchange was shady and there was very little recourse?

How much work did it take to convince your partner to stop what they were doing, and write GPU code for a crack which might not work?

metaweta said 2 months ago:

I'm in the USA. He paid us for some work up front and agreed to pay the rest on delivery of the key. He expected to spend most of the $100K he'd budgeted on GPU costs, so we got much less than that for the work; we took the job because it sounded like fun. We didn't need the information in the archived files, just the encryption headers, so he set most of the bytes to zero. I couldn't have spent the coins even if I wanted to.

jodrellblank said 2 months ago:

Thank you, that is interesting; he's wealthy enough and technically capable enough to make that all go a lot easier. (I guessed from going back to check on the process ID on his laptop that you must have had his laptop, and didn't know you could do that with just headers).

Abishek_Muthian said 2 months ago:

Not only are the cryptography skills of Mr. Mike Stay is obviously impressive, his presentation of things which happened 20 years ago in a vivid yet subtle manner seems extraordinary to me.

Especially since, I can't remember what I did 2 weeks back to write in my blog.

Can you give us the secret of your documentation/notes workflow Mr. Mike (@metaweta)? Please don't say that you recalled from your memory!

metaweta said 2 months ago:

I kept a Cryptonomicon!

said 2 months ago:
[deleted]
WheelsAtLarge said 2 months ago:

I always assumed that the encryption used on zip files was relatively trivial and could be broken given the right software and hardware.

Well, it looks like it's a lot harder than I thought. You still need the right software and hardware but you also need the right person to do it.

Most of what I read was above my understanding but it was good reading anyhow. Good job on the recovery and good job writing about it.

spopejoy said 2 months ago:

You're not alone, wikipedia for zip says

> ZIP supports a simple password-based symmetric encryption system generally known as ZipCrypto. It is documented in the ZIP specification, and known to be seriously flawed. In particular, it is vulnerable to known-plaintext attacks, which are in some cases made worse by poor implementations of random-number generators. https://en.wikipedia.org/wiki/Zip_(file_format)#Encryption

IMO the fact that the author was able to recover the password at all indicates weakness. Something encrypted with AES-GCM would presumably be all but impossible.

naveen99 said 2 months ago:

Wonder if he tried hashcat first: https://hashcat.net/hashcat/

We won’t really know the true value of bitcoin until options are widely available on retail exchanges like fidelity or at least tdameritrade using people’s normal brokerage and ira accounts.

metaweta said 2 months ago:

Thanks!

hirundo said 2 months ago:

This may be the plutonic ideal of a Hacker News story. It's also sort of a Travis McGee story but the salvage consultant is a cryptographer.

saagarjha said 2 months ago:

Perhaps you meant platonic; plutonic has to do with rocks ;)

SlowRobotAhead said 2 months ago:

It got me with SoftIce. Although I never thought to print them out; I needed to watch all the registers change as I was doing similar work or reverse engineering encryption schemes.

hippich said 2 months ago:

I did not have a printer at that time. Notepad with a lot of addresses and registers' values... Also, did not realize one can print from the SoftIce directly, as I assumed it run at the lowest level before all the printer drivers. Certainly, it would be super useful!

lwb said 2 months ago:

I've always wondered what the development process looks like for these type of algorithms. If you have to run the program for a year to know if it will work, how can you have any confidence that what you've written is going to do the trick?

saagarjha said 2 months ago:

Perhaps you try it on smaller, "test" data to see if it works?

metaweta said 2 months ago:

Exactly. We created some zip files we knew the password to and then checked that our code found the right one. Each stage would generate a bunch of files with different candidate ranges, so when testing the next stage, we'd choose the one file we knew had the correct key in it.

xakahnx said 2 months ago:

It brings interesting trade-offs for program design. You can write the code one way which may be 10x faster but harder to reason about, or another way which is more straightforward but takes an extra 5 days go execute. How confident are you in your code or debugging ability? How many iterations will you need? I'm assuming this was written in CUDA based on the block/thread ID mix-up.

milesvp said 2 months ago:

Funny this. Back when I had more time on my hands I liked to do project euler problems. I'd start with the dumbest brute force method to find the answer, and let that run. Then I'd see if I could figure out the math and implement it correctly before the brute force finished. I'd say I had about an 95% success rate at beating the dumb brute force (course it really depends on the problem search space).

What was interesting, is that implementing the brute force solution and running it probably saved me time in the long run, because it managed to turn off a part of my brain that worries about wasted time. As long as I knew the brute force was potentially making progress, I didn't care if I ended up with false starts, or took a long time trying to understand the math, so it was easier to focus on the smarter solution.

tomlagier said 2 months ago:

This is part of the reason why the software industry's decision to use algorithm problems as time-bounded interview questions is so frustrating.

Right away, you have to make a choice between doing it the reliable way (brute force) and taking a gamble on being able to out-smart the problem and doing it the math-y way. This adds a ton of pressure, no matter which path you choose.

If you choose to start with brute-force, you're stressed that you look stupid because you don't know the trick. If you spend precious minutes looking for the trick, you're stressed because there's no guarantee you'll crack it in the given time.

I've just gone through a gambit of software interviews and this is the biggest thing that determines whether I'll enjoy solving a problem or not. If they start with "find an efficient solution" or "the data set is in the millions" or something along those lines, I know I'm doomed if I don't recognize the form of the problem. If they encourage me to get to a working solution first, and _then_ figure out the trick, I'll typically do well regardless of whether the question is familiar or not.

sheikheddy said 2 months ago:

Does anyone have links to stories that are as good as this? I want to binge blog posts that teach and entertain at the same time.

mleonhard said 2 months ago:

I've been learning Rust. Reading "The Rust Book" and "Rust By Example" gave me a similar feeling as reading this blog post.

mianos said 2 months ago:

The Soul Of a New Machine is a book that seemed similar to me. A non-fiction story about the creation of a computer.

schemescape said 2 months ago:

I kept expecting to read that the password on the zip file turned out to be “password123” or something like that.

ape4 said 2 months ago:

I want to know the password too. If it was machine generated looking at that algo might have been useful.

prtkgpt said 2 months ago:

NEARProtocol.com is hiring. Please have a look. https://nearprotocol.com/careers/#openings and I can connect you with our recruiting team. Thanks :)

metaweta said 2 months ago:

Looking, thanks!

louwrentius said 2 months ago:

You are smart beyond my comprehension. Your article was amazing.

Although blockchain technology fits your skillset, I hope you will choose to do something [actually|more] worthwhile to our societies.

ddrt said 2 months ago:

"I knew of one place that ran the software for nine months before finally getting in."

And what a beautiful new baby password crack it was.

tiborsaas said 2 months ago:

Attacking the wetware would have been worthy try :) Would hypnosis work to recover the forgotten password?

metaweta said 2 months ago:

He actually tried that without success.

ur-whale said 2 months ago:

Any reason why a dictionary based attack wasn't tried first?

Or did your client remember selecting something really hard in the first place?

metaweta said 2 months ago:

Yeah, he knew it was a long passphrase.

apirone said 2 months ago:

Collected the biggest archive of Bitcoin wallet.dat files with balance and lost passwords. https://allprivatekeys.com/wallet.dat The collection consists of 32 files total for 2500+ BTC. The biggest wallet 576 BTC, the most interesting wallet.dat files with pre-mined coins from 2009-2010. Let's try other wallets for a share?

carlsborg said 2 months ago:

Great story and impressive work at Pyrofex. Can you share your perspective on the crypto industry right now?

metaweta said 2 months ago:

There's no way that the AccessData job I had would exist today. Most services are online, with data encrypted in transit and stored in the cloud. TLS security has improved dramatically over the last decade in response to attacks like BEAST and BREACH and CRIME and POODLE. Google drops (? is going to drop?) your SEO ranking if you don't have proper certs installed. Nowadays, it's rare to find an attack on the connection from the browser to the server. Instead, it's either malware on the client or hacking into the servers, where the operators have terrible security practices like storing data unencrypted at rest.

The field of cryptography has grown tremendously, and there's still a lot of research being done. There have been many competitions for developing strong cryptographic primitives. There's a lot of work being done on zero knowledge proofs and verifiable computation. Cryptocurrency has encouraged lots of bright young minds to get involved.

One thing we learned from the Snowden revelations is that crypto works where it's applied, so every little bit of crypto helps. Run a Tor node if you can.

carlsborg said 2 months ago:

Thanks. Is an implementation of the Casanova and c delta blockchain papers in the works? I don’t see it on GitHub.

Gatsky said 2 months ago:

The technical proficiency on display here makes me swoon.

mianos said 2 months ago:

No one said TLDR this article, ever. This account has all the components of great book. It reminds me of 'The Soul of a New Machine'.

enimodas said 2 months ago:

How off was the 100k compute time estimation?

metaweta said 2 months ago:

I think he ended up only spending around $5-10K on compute. I'd have to check with Nash.

remarkEon said 2 months ago:

What am amazingly fun read. Beyond the obvious technical skills, OP is a great writer.

gatleon said 2 months ago:

Great story. I just wish the title was in BTC rather than USD.

FabHK said 2 months ago:

The story would be less thrilling, I think: someone bought around 35 BTC, and then later he desperately wanted access to them, because they were worth 35 BTC!

metaweta said 2 months ago:

lol yeah

said 2 months ago:
[deleted]
Geee said 2 months ago:

Nah, he just needs to update it from time to time.

Trias11 said 2 months ago:

Resume of the decade!

TedDoesntTalk said 2 months ago:

excellent story. can you share the number of bitcoins that were retrieved and how the customer lost the password in the first place?

saagarjha said 2 months ago:

> Back in January of 2016, he had bought around $10K or $15K of Bitcoin and put the keys in an encrypted zip file.

Based on the price of Bitcoin back then, it seems like this was about 30-40 Bitcoin?

qes said 2 months ago:

About 40 BTC would be in the neighborhood of $300k these days, as well.

tomglynch said 2 months ago:

Was the computer stolen or did he actually forget the password?

gwbas1c said 2 months ago:

From TFA:

> Luckily, he still had the original laptop and knew exactly when the encryption took place.

fitzn said 2 months ago:

This is such a cool story. Thank you, Mike!

samstave said 2 months ago:

That was an amazing read!

ackbar03 said 2 months ago:

This is pretty hardcore

zomglings said 2 months ago:

What a great story - a surefire cure for Dunning-Kruger. I'm in awe of this guy.

bitcoinmining said 2 months ago:

The easiest way to earn Bitcoins? Just change your browser to CryptoTab and receive payments to your balance every 10 minutes. You will get BTC for simply using it, even if just having CryptoTab browser window open. It takes less than 1 minute to start earning - Hey, everybody! Check out the brand new CryptoTab browser! You just use it like a regular browser (watch Youtube, browse websites or social media networks, etc.) and earn income in BTC at the same time thanks to its built-in mining algorithm! Hi friends! I want to share with you something totally new and incredibly simple - CryptoTab Browser, a great browser with familiar Chromium interface and nice mining feature. The best thing about it is that you can you earn Bitcoins by just browsing the web and bringing new users in. Sounds too good to be true, but it is! Try it here - https://inorangepie.biz/10323306

said 2 months ago:
[deleted]
said 2 months ago:
[deleted]
kortilla said 2 months ago:

How could you be sure you didn’t just help heist someone’s bitcoin that this Russian snatched with some malware?

DeathArrow said 2 months ago:

> Luckily, he still had the original laptop and knew exactly when the encryption took place.

kortilla said 2 months ago:

But how do you prove that? It’s trivial to replicate the hardware the file was lifted from if the malware grabbed the standard sys info. File create/modify times could also give you a pretty damn good guess as to when the encryption happened.

ngold said 2 months ago:

I don't know why, but these headlines disgust me. There is no insight. Just. Headline of greed.

maaarghk said 2 months ago:

"How we cracked a zip file" would have been pretty shitty though, right?

shanusmagnus said 2 months ago:

If some random Russian dude shows up and offers to pay $100k to crack something with untraceable digital currency inside, don't you worry about getting killed if you fail to do it? Maybe I watch too much TV.

sneak said 2 months ago:

This is racism.