Thursday, December 4, 2014

The Attacker Mindset

Being a software developer, and specially focused in Bitcoin, made me take a specific mindset when I tackle any problem and need to evaluate any solution.

I evaluate a solution always from an attacker mindset.
An attacker is defined by "any person wanting to hijack a system for his own profit and by making a victim".
A hacker is not always an attacker, a hacker can hijack a system without any victim.

One thing is certain : an aggregate of person tends to act rationally, in other words a group as a whole, wants to profit from any system.
One particular person, for ethical purpose, or for lack of skill, might no want to hijack a system.
But as time pass, the skill required to exploit any system goes down, and a group, having so diverse code of values, will tend to hijack the system for profit.

The goal of game theory is not to prevent a system from being hijacked. The goal is to make hijacking at worst self destructive, and at best, improving the system.

This particular mindset sticks with me outside of software development.
It is my guiding rod for expressing opinions any law.
I always ask myself : how someone can benefit from such law and make a victim ?

Any flaw will tend to be exploited and morally accepted with time.

When discovered by legislators, such flaws is "fixed" with some duck tape a.k.a a new law, that will necessarily also have flaws, and so on...
The only way to fix a law, or feature of a software, is not to fix the hole, but to modify this law, eventually removing it, so there is no benefit to exploit a flaw.

The more you evaluate any law from an attacker perspective, the more you tend to be libertarian.
By reading "For a new liberty" of Murray Rothbard, I've seen the only system which can't be exploited by an attacker without acting for his self destruction.