Four short links: 19 December 2014

Statistical Causality, Clustering Bitcoin, Hardware Security, and A Language for Scripts

  1. Distinguishing Cause and Effect using Observational Data — research paper evaluating effectiveness of the “additive noise” test, a nifty statistical trick to identify causal relationships from observational data. (via Slashdot)
  2. Clustering Bitcoin Accounts Using Heuristics (O’Reilly Radar) — In theory, a user can go by many different pseudonyms. If that user is careful and keeps the activity of those different pseudonyms separate, completely distinct from one another, then they can really maintain a level of, maybe not anonymity, but again, cryptographically it’s called pseudo-anonymity. […] It turns out in reality, though, the way most users and services are using bitcoin, was really not following any of the guidelines that you would need to follow in order to achieve this notion of pseudo-anonymity. So, basically, what we were able to do is develop certain heuristics for clustering together different public keys, or different pseudonyms.
  3. A Primer on Hardware Security: Models, Methods, and Metrics (PDF) — Camouflaging: This is a layout-level technique to hamper image-processing-based extraction of gate-level netlist. In one embodiment of camouflaging, the layouts of standard cells are designed to look alike, resulting in incorrect extraction of the netlist. The layout of nand cell and the layout of nor cell look different and hence their functionality can be extracted. However, the layout of a camouflaged nand cell and the layout of camouflaged nor cell can be made to look identical and hence an attacker cannot unambiguously extract their functionality.
  4. Prompter: A Domain-Specific Language for Versu (PDF) — literally a scripting language (you write theatrical-style scripts, characters, dialogues, and events) for an inference engine which lets you talk to characters and have a different story play out each time.

Clustering bitcoin accounts using heuristics

In this O'Reilly Data Show Podcast: Sarah Meiklejohn on analytic applications for blockchain and cryptocurrency technology.

Editor’s note: we’ll explore present and future applications of cryptocurrency and blockchain technologies at our upcoming Radar Summit: Bitcoin & the Blockchain on Jan. 27, 2015, in San Francisco.

A few data scientists are starting to play around with cryptocurrency data, and as bitcoin and related technologies start gaining traction, I expect more to wade in. As the space matures, there will be many interesting applications based on analytics over the transaction data produced by these technologies. The blockchain — the distributed ledger that contains all bitcoin transactions — is publicly available, and the underlying data set is of modest size. Data scientists can work with this data once it’s loaded into familiar data structures, but producing insights requires some domain knowledge and expertise.

Subscribe to the O’Reilly Data Show Podcast

iTunes, SoundCloud, RSS

I recently spoke with Sarah Meiklejohn, a lecturer at UCL, and an expert on computer security and cryptocurrencies. She was part of an academic research team that studied pseudo-anonymity (“pseudonymity”) in bitcoin. In particular, they used transaction data to compare “potential” anonymity to the “actual” anonymity achieved by users. A bitcoin user can use many different public keys, but careful research led to a few heuristics that allowed them to cluster addresses belonging to the same user:

“In theory, a user can go by many different pseudonyms. If that user is careful and keeps the activity of those different pseudonyms separate, completely distinct from one another, then they can really maintain a level of, maybe not anonymity, but again, cryptographically it’s called pseudo-anonymity. So, if they are a legitimate businessman on the one hand, they can use a certain set of pseudonyms for that activity, and then if they are dealing drugs on Silk Road, they might use a completely different set of pseudonyms for that, and you wouldn’t be able to tell that that’s the same user.

Read more…


What you need to know for the hardware-software convergence

Core competencies and essential reading from hardware, software, manufacturing, and the IoT.

As I noted in “Physical and virtual are blurring together,” we now have hardware that acts like software, and software that’s capable of dealing with the complex subtleties of the physical world. So, what must the innovator, the creator, the executive, the researcher, and the artist do to embrace this convergence of hardware and software?

At its core, this is about a shift from discipline toward intent. Individuals and institutions — whether they’re huge enterprises, small start-ups, or nonprofits — must be competent in several disciplines that increasingly overlap, and should be prepared to solve problems by working fluidly across disciplines.

To use Joi Ito’s example, someone who wants to develop a synthetic eye might begin to approach the problem with biology, or electronics, or software, or (most likely) all three together. Many problems can be solved somewhere in a large multidimensional envelope that trades off design, mechanics, electronics, software, biology, and business models. Experts might still do the best work in each discipline, but everyone needs to know enough about all of them to know where to position a project between them.

Below you’ll find the core competencies in the intersection between software and the physical world, and our favorite books and resources for each one.

Electronics for physical-digital applications

  • Practical Electronics, by John M. Hughes: To know what’s possible and where to start, it’s essential to understand both the analog and digital sides of electronics. This is O’Reilly’s authoritative introduction to both analog and digital electronics, with information on circuit design, common parts and techniques, and microcontrollers.
  • Raspberry Pi Cookbook, by Simon Monk: The Raspberry Pi is rapidly becoming the standard embedded computing platform for prototyping and experimentation, with enough computing power to run familiar interpreted programming languages and widely supported operating systems.
  • Arduino Cookbook, by Michael Margolis: The Arduino microcontroller offers a fluid interface between digital and physical; it’s highly extensible and accessible to people with no prior experience in either electronics or code.

Read more…

Four short links: 18 December 2014

Four short links: 18 December 2014

Manufacturer Rootkits, Dangerous Dongle, Physical Visualisation, and Cryptoed Comms

  1. Popular Chinese Android Smartphone Backdoored By ManufacturerCoolpad is the third largest smartphone builder in China, and ranks sixth worldwide with 3.7 percent global market share. It trails only Lenovo and Xiaomi in China and is the leader of China’s 4G market with 16 percent market share. Coolpad outsells Samsung and Apple in China, and has said it plans to expand globally with a goal of 60 million phones worldwide. For now, its high-end Halo Dazen phones are the only ones containing the backdoor, Palo Alto said. Backdoor enabled installation of other apps, dial numbers, send messages, and report back to the mothership. The manufacturer even ran the command-and-control nodes for the malware.
  2. USB Driveby — dongle that plugs into USB, and tries to root the box. Specifically, when you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them. The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight/Alfred/Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.
  3. Physical Data Visualisationsa chronological list of physical visualizations and related artifacts. (via Flowing Data)
  4. Dissentan anonymous communication substrate intended primarily for applications built on a broadcast communication model: for example, bulletin boards, wikis, auctions, or voting. Users of an online group obtain cryptographic guarantees of sender and receiver anonymity, message integrity, disruption resistance, proportionality, and location hiding. And a pony.

An ecosystem of connected devices

Our biggest opportunities as designers and product creators lie in a context-driven approach to designing user experiences.

Editor’s note: This is an excerpt from our recent book Designing Multi-Device Experiences, by Michal Levin. This excerpt is included in our curated collection of chapters from the O’Reilly Design library. Download a free copy of the Experience Design ebook here.


Download a free copy of the Experience Design ebook here.

We have entered a world of multi-device experiences. Our lives have become a series of interactions with multiple digital devices, enabling each of us to learn, buy, compare, search, navigate, connect, and manage every aspect of modern life.

Consider the hours we spend with devices every day — interacting with our smartphones, working on our laptops, engaging with our tablets, watching shows on television, playing with our video game consoles, and tracking steps on our fitness wristbands. For many of us, the following are true:

  • We spend more time interacting with devices than with people.
  • We often interact with more than one device at a time.

The number of connected devices has officially exceeded the seven-billion mark, outnumbering people (and toothbrushes) on the planet. By 2020, this number is expected to pass 24 billion. This inconceivable quantity not only attests to the growing role of these devices in our digital lives, but also signals an increasing number of devices per person. Many individuals now own multiple connected devices — PCs, smartphones, tablets, TVs, and more — and they are already using them together, switching between them, in order to accomplish their goals. Ninety percent of consumers use multiple devices to complete a task over time (PDF). For example, shopping for an item might entail (1) searching and exploring options at home on the PC, (2) checking product information and comparing prices in-store using your smartphone, and (3) writing product reviews on a tablet. Eighty-six percent of consumers use their smartphones while engaging with other devices and during other media consumption activities. Read more…


Regulation and decentralization: Defending the blockchain

Andreas Antonopoulos urges the Canadian Senate to resist the temptation to centralize bitcoin.

Editor’s note: our O’Reilly Radar Summit: Bitcoin & the Blockchain will take place on January 27, 2015, at Fort Mason in San Francisco. Andreas Antonopoulos, Vitalik Buterin, Naval Ravikant, and Bill Janeway are but a few of the confirmed speakers for the event. Learn more about the event and reserve your ticket here.

We recently announced a Radar summit on present and future applications of cryptocurrencies and blockchain technologies. In a webcast presentation one of our program chairs, Kieren James-Lubin, observed that we’re very much in the early days of these technologies. He also noted that the technologies are complex enough that most users will rely on service providers (like wallets) to securely store, transfer, and receive cryptocurrencies.

As some of these service providers reach a certain scale, they will start coming under the scrutiny of regulators. Certain tenets are likely to remain: currencies require continuous liquidity and large financial institutions need access to the lender of last resort.

There are also cultural norms that take time to change. Take the example of notaries, whose services seem amenable to being replaced by blockchain technologies. Such a wholesale change would entail adjusting rules and norms across localities, which means going up against the lobbying efforts of established incumbents.

One way to sway regulators and skeptics is to point out that the decentralized nature of the (bitcoin) blockchain can unlock innovation in financial services and other industries. Mastering Bitcoin author Andreas Antonopoulos did a masterful job highlighting this in his recent testimony before the Canadian Senate:

“Traditional models for financial payment networks and banking rely on centralized control in order to provide security. The architecture of a traditional financial network is built around a central authority, such as a clearinghouse. As a result, security and authority have to be vested in that central actor. The resulting security model looks like a series of concentric circles with very limited access to the center and increasing access as we move farther away from the center. However, even the most outermost circle cannot afford open access.

Read more…