Security comes from evolution, not revolution

The O'Reilly Radar Podcast: Mike Belshe on making bitcoin secure and easy enough for the mainstream.

locks_Steven_Tom_Flickr

Editor’s note: you can subscribe to the O’Reilly Radar Podcast through iTunes, SoundCloud, or directly through our podcast’s RSS feed.

In this week’s O’Reilly Radar Podcast episode, I caught up with Mike Belshe, CTO and co-founder of BitGo, a company that has developed a multi-signature wallet that works with bitcoin. Belshe talks about about the security issues addressed by multi-signature wallets, how the technology works, and the challenges in bringing cryptocurrencies mainstream. We also talk about his journey into the bitcoin world, and he chimes in on what money will look like in the future. Belshe will address the topics of security and multi-signature technology at our upcoming Bitcoin & the Blockchain Radar Summit on January 27, 2015, in San Francisco — for more on the program and registration information, visit our Bitcoin & the Blockchain website.

Multi-signature technology is exactly what it sounds like: instead of authorizing bitcoin transactions with a single signature and a single key (the traditional method), it requires multiple signatures and/or multiple machines — and any combination thereof. The concept initially was developed as a solution for malware. Belshe explains:

“I’m fully convinced that the folks who have been writing various types of malware that steal fairly trivial identity information — logins and passwords that they sell super cheap — they are retooling their viruses, their scanners, their key loggers for bitcoin. We’ve seen evidence of that over the last 12 months, for sure. Without multi-signature, if you do a bitcoin transaction on a machine that’s got any of this bad stuff on it, you’re pretty much toast. Multi-signature was my hope to fix that. What we do is make one signature happen on the server machine, one signature happen on the client machine, your home machine. That way the attacker has to actually compromise two totally different systems in order to steal your bitcoin. That’s what multi-signature is about.”

Read more…

Comment

Fixing what’s wrong with hardware start-ups

Five pointers to increase the odds of engineering a great hardware start-up.

It is an amazing time to be a hardware entrepreneur: Companies like Arduino and ElectricImp are abstracting away tedious device and back-end development; Shapeways (disclaimer: my firm Lux Capital is an investor) and Advanced Circuits are turning around beautiful prototypes in days; while AngelList and IndieGogo are democratizing access to sophisticated investors, which in turn facilitate access to money, partners, and amazing talent.

In their rush to introduce the next Jawbone, Beats, Nest, FuelBand, GoPro, and Dropcam, many fledgling hardware start-ups — and their investors — seem to be simply rolling the dice. Rather than truly understanding the dynamics of their prospective markets, they are producing marketing videos that could otherwise pass for Super Bowl ads. Rather than understanding their competitive landscape, they are producing designs and out-of-box experiences that would make Steve Jobs proud. Many aspire to achieve Oculus’ visibility, and the acquisition offer that ensued. This puts incumbent consumer electronics companies in an enviable position: free market research and product experiments with an option to acquire any breakaway company. Although there is always an element of luck in every start-up, here are a few pointers to increase the odds of success. Read more…

Comment

Products are now platforms

With remote connectivity and remote updates, companies are able to iterate and add value to products customers already own.

Editor’s note: this is an excerpt from our recent report, When Hardware Meets Software, by Mike Barlow. The report looks into the new hardware movement, telling its story through the people who are building it. For more stories on the evolving relationship between software and hardware, download the free report.

The Internet of Things doesn’t presage a return to the world of smoke-belching factories and floors covered with sawdust. But it does signify that change is afoot for any business or activity related to the information technology or communications industries.

“Not everyone will become a hardware designer,” says Joi Ito, director of the MIT Media Lab. But many students, software engineers, and entrepreneurs will see the advantages of learning how to work with hardware. “It’s never too late to learn this stuff,” says Ito, “if you decide that you want to do it.”

At minimum, software engineers should learn as much about design and manufacturing as possible. “Buy an Arduino and start building. Everything you need to learn is on the web,” urges Jordan Husney, an avid hardware hacker who serves as strategy director at Undercurrent, an organizational transformation firm and digital think tank in lower Manhattan.

In the same way that software people will have to reconfigure their modes of thinking, hardware people will need to learn new technical skills and new ways of looking at problems, says Husney. “They will have to become more comfortable with uncertainty occurring later and later in the process,” he says. “Hardware engineers will keep things in the realm of bits (as opposed to committing them to atoms) by sharing designs using digital collaboration and simulation tools virtually, while testing multiple physical prototypes. I think we’re going to see the supply chain start to shift around these concepts.” Read more…

Comment

The DevOps identity crisis

Why DevOps needs a manifesto after all, but may never get one.

Image: CC BY-SA 2.0 Libby Levi for opensource.com

DevOps is everywhere! The growth and mindshare of the movement is remarkable. But if you care deeply about DevOps, you might agree with me when I say that although its moment has “arrived,” DevOps is in serious trouble. The movement is fragmented and weakly defined, and is being usurped by those who care more about short-term opportunities than the long-term viability of DevOps.

They are the ninety-nine percent, and nobody cares

How bad could it be? Travel back in time. It is mid-November 2011, and Occupy Wall Street is occupying the headlines. One of the major reasons is that the protestors are targeting shipping ports on the West Coast, causing shutdowns and even violence. As things are getting out of hand, parts of the movement start condemning these actions as counter-productive, hurting the 99% instead of the intended 1%. Spokespeople for the movement are quoted in the media as saying the instigators “don’t represent the movement.”

Why did the Occupy movement become a footnote in history so fast? There were several reasons: there was no cohesive agreement on its identity, values, goals, and mission; in an effort to be unlike “them,” the OWS proponents avoided anything that looked like centralized leadership; and it seemed to be entirely negative, advocating nothing to replace what it wanted to remove.

I believe a similar thing is happening to DevOps right now, for many of the same reasons. Let’s talk about some of these problems.

Read more…

Comments: 14

Self-censorship is not the way forward

Marco Arment did an excellent job of offering constructive criticism to a company that he genuinely loves.

I was disappointed to see Marco Arment say he wishes he never wrote his post on Apple’s software quality, “Apple has lost the functional high ground.”

The point he made is one I’ve tweeted about (though not written about) a number of times over the years. The big problem facing Apple isn’t a deficit of innovation, but bitrot creeping into their codebase. You don’t have to look far to see it: for example, there’s a race condition in text handling that has been there since at least OS X 10.3.

The point needed to be made by someone who knows and loves Apple, someone who is a leader in their developer community, and someone who has a reputation for being fair and even-handed. That’s Marco. He did an excellent job of offering constructive criticism to a company that he genuinely loves.

Yes, there is a risk that anything you write will turn into a media storm. That’s a risk you have to live with; it’s unfortunate, but it’s not going away. It’s also important to say what needs to be said. Self-censorship is not the way forward. Read more…

Comment: 1

The Internet of Things has four big data problems

The IoT and big data are two sides of the same coin; building one without considering the other is a recipe for doom.

Christopher_Thompson_junkyard_1_Flickr

The Internet of Things (IoT) has a data problem. Well, four data problems. Walking the halls of CES in Las Vegas last week, it’s abundantly clear that the IoT is hot. Everyone is claiming to be the world’s smartest something. But that sprawl of devices, lacking context, with fragmented user groups, is a huge challenge for the burgeoning industry.

What the IoT needs is data. Big data and the IoT are two sides of the same coin. The IoT collects data from myriad sensors; that data is classified, organized, and used to make automated decisions; and the IoT, in turn, acts on it. It’s precisely this ever-accelerating feedback loop that makes the coin as a whole so compelling.

Nowhere are the IoT’s data problems more obvious than with that darling of the connected tomorrow known as the wearable. Read more…

Comments: 10