Web Excursions 2023-02-19
The SEC Comes for Crypto Custody
Roughly speaking the way the US stock market works is that all of the stocks are in one place.
The place is called DTC, the Depository Trust Company, which in some sense owns almost all of the stocks.
If you own a stock,
what you own is an entry on a list at your brokerage,
saying that you are entitled to some of the stocks that it is holding onto for clients, and
what your brokerage has is an entry on a list at DTC,
saying that it is entitled to some of the stocks that DTC is holding onto.
(And what DTC mostly owns is entries on lists at all the companies, or their transfer agents, saying that it owns the stocks that those companies issue.)
When I buy some stock from you, the way we settle that transaction — the way you actually deliver the stock to me — is by updating DTC’s list.
We tell DTC about the transaction, it increments the stock in my account (really my broker’s, who increments my account) and decrements the stock in yours.
This is far more efficient than if, for instance, you owned your stock in the form of paper stock certificates, and to settle trades you had to courier those certificates over to me,
which is pretty much how things worked in the olden days.
Another thing this means is that DTC is an extremely important weird market utility, highly trusted and so heavily regulated.
“DTC is a member of the U.S. Federal Reserve System, a limited-purpose trust company under New York State banking law and a registered clearing agency with the U.S. Securities and Exchange Commission”
practically speaking the way that a lot of crypto works is more like the stock market:
There is some central intermediary, much like DTC, that holds onto a lot of crypto for a lot of investors;
we can call it the “depository.”
The investors agree on a trade — you agree to sell me some Bitcoin — on an exchange, and then we settle that trade by updating our accounts with the depository.
There are some differences, though:
The depository is normally also the exchange:
This is different from the stock market, where the exchanges — NYSE and Nasdaq and so forth — are separate from DTC.
There is normally one depository per exchange
unlike in the US stock market, where you and I can agree a trade on NYSE or Nasdaq or wherever and then settle up using DTC.
The exchange is less trusted by US regulatory authorities than DTC is
To be clear, DTC is very trusted by US regulatory authorities;
it is a centerpiece of modern securities markets.
the effect of [SEC’s] rule is to ban registered advisers from trading crypto on most exchanges: To trade crypto on most centralized exchanges, you need to deposit the crypto on the exchange first, which destroys custody.
You can trade stocks on the stock exchange because the stocks live at DTC and you own them through a qualified custodian,
but if you trade crypto on Binance then the crypto lives at Binance and the SEC might have concerns.
This approach to custody appears to mask a policy decision to block access to crypto as an asset class.
about the SEC’s creativity.
The SEC does not “regulate crypto.”
In US law, at least some cryptocurrencies — the big ones, like Bitcoin and Ether — are classified as commodities not subject to SEC jurisdiction.
But the SEC has launched a pretty comprehensive offensive to take over crypto regulation:
The SEC argues that when a crypto project issues tokens to fund its development, those tokens are almost always securities:
Other than a few grandfathered tokens like Bitcoin and Ether, most tokens are going to be securities subject to SEC jurisdiction.
The SEC argues that interest-bearing crypto accounts — lending and staking products — are always securities;
if a crypto exchange holds your Bitcoin for you and pays you interest, that’s a security subject to SEC jurisdiction.
The SEC here is using its authority to regulate investment advisers to indirectly regulate crypto:
Investment funds are subject to SEC regulation, so the SEC will tell them what to do with their crypto, even if that crypto is not a security.
How Rust Went From a Side Project to the World’s Most-Loved Programming Language
In 2006, Hoare was a 29-year-old computer programmer working for Mozilla
The software inside devices like elevators is often written in languages like C++ or C, which are famous for allowing programmers to write code that runs very quickly and is quite compact.
The problem is those languages also make it easy to accidentally introduce memory bugs—errors that will cause a crash.
Microsoft estimates that 70% of the vulnerabilities in its code are due to memory errors from code written in these languages.
Returning home to his apartment in Vancouver, he found that the elevator was out of order;
its software had crashed.
This wasn’t the first time it had happened, either.
But Hoare decided to do something about it.
He opened his laptop and began designing a new computer language, one that he hoped would make it possible to write small, fast code without memory bugs.
He named it Rust, after a group of remarkably hardy fungi that are, he says, “over-engineered for survival.”
Seventeen years later, Rust has become one of the hottest new languages on the planet—maybe the hottest.
There are 2.8 million coders writing in Rust, and companies from Microsoft to Amazon regard it as key to their future.
The chat platform Discord used Rust to speed up its system, Dropbox uses it to sync files to your computer, and Cloudflare uses it to process more than 20% of all internet traffic.
When the coder discussion board Stack Overflow conducts its annual poll of developers around the world, Rust has been rated the most “loved” programming language for seven years running.
Even the US government is avidly promoting software in Rust as a way to make its processes more secure.
with so much control over dynamic memory, a coder can make the software run very quickly.
That’s why C and C++ are often used to write “bare metal” code, the sort that interacts directly with hardware.
Machines that don’t have an operating system like Windows or Linux, including everything from dialysis machines to cash registers, run on such code.
(It’s also used for more advanced computing: at some point an operating system needs to communicate with hardware.
The kernels of Windows, Linux, and MacOS are all significantly written in C.)
a trade-off.
They require the coder to keep careful track of what memory is being written to, and when to erase it.
In the ’90s, a new set of languages like Java, JavaScript, and Python became popular.
These took a very different approach.
To relieve stress on coders, they automatically managed the memory by using “garbage collectors,” components that would periodically clean up the memory as a piece of software was running.
Presto: you could write code that didn’t have memory mistakes.
But the downside was a loss of that fine-grained control.
Your programs also performed more sluggishly (because garbage collection takes up crucial processing time).
And software written in these languages used much more memory.
So the world of programming became divided, roughly, into two tribes.
If software needed to run fast or on a tiny chip in an embedded device, it was more likely to be written in C or C++.
If it was a web app or mobile-phone app—an increasingly big chunk of the world of code—then you used a newer, garbage-collected language.
With Rust, Hoare aimed to create a language that split the difference between these approaches.
It wouldn’t require programmers to manually figure out where in memory they were putting data;
Rust would do that.
But it would impose many strict rules on how data could be used or copied inside a program.
You’d have to learn those coding rules, which would be more onerous than the ones in Python or JavaScript.
Your code would be harder to write, but it’d be “memory safe”—no fears that you’d accidentally inserted lethal memory bugs.
Crucially, Rust would also offer “concurrency safety.” Modern programs do multiple things at once—concurrently, in other words—and sometimes those different threads of code try to modify the same piece of memory at nearly the same time.
Rust’s memory system would prevent this.
Executives at Mozilla, though, were intrigued.
Rust, they realized, could help them build a better browser engine
In 2009, Mozilla decided to officially sponsor Rust.
The language would be open source, and accountable only to the people making it, but Mozilla was willing to bootstrap it by paying engineers.
Through the early 2010s, Mozilla engineers and Rust volunteers worldwide gradually honed Rust’s core—the way it is designed to manage memory.
They created an “ownership” system so that a piece of data can be referred to by only one variable;
this greatly reduces the chances of memory problems.
Rust’s compiler—which takes the lines of code you write and turns them into the software that runs on a computer—would rigorously enforce the ownership rules.
If a coder violated the rules, the compiler would refuse to compile the code and turn it into a runnable program.
As the team improved the memory-management system, Rust had increasingly little need for its own garbage collector—and by 2013, the team had removed it.
Programs written in Rust would now run even faster: no periodic halts while the computer performed cleanup.
There are, Hoare points out, some software engineers who would argue that Rust still possesses elements that are a bit like garbage collection—its “reference counting” system, part of how its memory-ownership mechanics work.
But either way, Rust’s performance had become remarkably efficient.
It dove closer to the metal, down to where C and C++ were—yet it was memory safe.
Along the way, the Rust community was also building a culture that was known for being unusually friendly and open to newcomers.
“No one ever calls you a noob,”
By 2015, the team was obsessed with finally releasing a “stable” version of Rust, one reliable enough for companies to use to make software for real customers.
At Discord, engineers had long been annoyed that the garbage collector in Go—the language they’d used to build critical chunks of their software—would slow things down.
Their Go software would carry out the procedure roughly every two minutes, even though the Discord engineers had written things so carefully there was no garbage to be collected.
In 2020, they rewrote that system in Rust, and discovered it now ran 10 times faster.
Perhaps most crucially for the cloud computing giant, a study of Rust-based code found it runs so efficiently that it uses half as much electricity as a similar program written in Java, a language commonly used at AWS.