"blockchain" entries

Postmodern security

The real challenge going forward: we can't trust anything.

A few weeks ago, I wrote about postmodern computing, and characterized it as the computing in a world of distrust.

This morning, I read Steve Bellovin’s blog post, What Must We Trust? — Bellovin explains that “modern” (my word) security is founded on the idea of a “Trusted Computing Base” (TCB), defined (in part) in the United States’ Defense Department’s Orange Book. There were parts of a system that you had to trust, and you had to guard their integrity vigilantly: the kernel, certainly, but also specific configuration files, executables, and so on.

The TCB has always been problematic, particularly since (at least initially) it did not consider the problem of network connections. But networking aside, Bellovin argues that recent events have blown the idea of a “trusted” system to bits. We’ve seen attacks against (Bellovin’s list) batteries, webcams, USB, and more. If Andromedans (Bellovin doesn’t want to say NSA) have managed to infiltrate our disk drives, what can trust mean? And it would be naive to think that this stops with devices that have disk drives. Our devices, from Fitbits to data centers, have been pwnd even before they’re built. Read more…

Comments: 3
Four short links: 16 February 2015

Four short links: 16 February 2015

Grace Hopper, Car Dashboard UIs, DAO Governance, and Sahale.

  1. The Queen of Code — 12m documentary on Grace Hopper, produced by fivethirtyeight.com.
  2. Car Dashboard UI Collection — inspiration board for your (data) dashboards.
  3. Subjectivity-Exploitability TradeoffVoting-based DAOs, lacking an equivalent of shareholder regulation, are vulnerable to attacks where 51% of participants collude to take all of the DAO’s assets for themselves […] The example supplied here will define a new, third, hypothetical form of blockchain or DAO governance. Every day we’re closer to Stross’s Accelerando.
  4. Sahale — open source cascading workflow visualizer to help you make sense of tasks decomposed into Hadoop jobs. (via Code as Craft)
Comment

More than a currency, bitcoin is an enabling technology

The O'Reilly Radar Podcast: Balaji Srinivasan on the bigger picture of bitcoin, liquid markets, and the future of regulation.

The promise of bitcoin and blockchain extends well beyond its potential disruption as a currency. In this Radar Podcast episode, Balaji Srinivasan, a general partner at Andreessen Horowitz, explains how bitcoin is an enabling technology and why it’s like the Internet, in that “bitcoin will do for value transfer what the Internet did for communication — make it programmable.” I met up with Srinivasan at our recent O’Reilly Radar Summit: Bitcoin & the Blockchain, where he was speaking — you can see his talk, and all the others from the event, in the complete video compilation now available.

Subscribe to the O’Reilly Radar Podcast

TuneIn, iTunes, SoundCloud, RSS

The bigger picture of bitcoin

More than just a digital currency, bitcoin can serve as an instigator for new markets. Srinivasan explained the potential for everything to become a liquid market:

“Bitcoin is a platform for programmable money, programmable interchange, or anything of value. That’s very general. People have probably heard at this point about how you can use a blockchain to trade — in theory — stocks, or houses, or other kinds of things, but programmable value transfer is even bigger than just trading things which we know already exist.

“One analogy I would give is in 1988, it was not possible to find information on anything instantly. Today, most of the time it is. From your iPhone or your Android phone, you can google pretty much anything. In the same way, I think what bitcoin is going to mean, is markets in everything. That is, everything will have a price on it — everything will be a liquid market. You’ll be able to buy and sell almost anything. Where today the fixed costs of setting up such a market is too high for anything other than things that are fairly valuable, tomorrow it’ll be possible for even images or things you would not even think of normally buying and selling.”

Read more…

Comments: 4
Four short links: 27 January 2015

Four short links: 27 January 2015

Autonomous Corporations, Abstract Thought, Down Rounds, and Distributed Messaging

  1. Decentralised Autonomous Corporations — Charlie Stross’s near-future fiction of Accelerando comes closer to reality: Malice – revenge for waking him up – sharpens Manfred’s voice. “The president of agalmic.holdings.root.184.97.AB5 is agalmic.holdings.root.184.97.201. The secretary is agalmic.holdings.root.184.D5, and the chair is agalmic.holdings.root.184.E8.FF. All the shares are owned by those companies in equal measure, and I can tell you that their regulations are written in Python. Have a nice day, now!” He thumps the bedside phone control and sits up, yawning, then pushes the do-not-disturb button before it can interrupt again. After a moment he stands up and stretches, then heads to the bathroom to brush his teeth, comb his hair, and figure out where the lawsuit originated and how a human being managed to get far enough through his web of robot companies to bug him.
  2. Coding is Not the New Literacy (Chris Grainger) — We build mental models of everything – from how to tie our shoes to the way macro-economic systems work. With these, we make decisions, predictions, and understand our experiences. If we want computers to be able to compute for us, then we have to accurately extract these models from our heads and record them. Writing Python isn’t the fundamental skill we need to teach people. Modeling systems is. Amen!
  3. Let’s Stop Laughing at Groupon (Fortune) — it is much easier to survive a valuation decline as a public company than as a private one.
  4. nsq — Bitly’s open sourced realtime distributed messaging platform.
Comment

Bitcoin is just the first app to use blockchain technology

Understanding the value of the blockchain above and beyond bitcoin.

square_Ken_Flickr

Editor’s note: Lorne Lantz is a program co-chair for our O’Reilly Radar Summit: Bitcoin & the Blockchain on January 27, 2015, in San Francisco. For more on the program and for registration information, visit the Bitcoin & the Blockchain event website.

I remember the first time I heard about bitcoin. It was June 2012, and I was invited to a bitcoin meetup. The whole time I was sitting there, I thought these were a bunch of computer geeks playing around with nerd money.

At the same time, I felt excited about the possibilities. If what the bitcoin believers were saying was true, it could become something very big. When I took a closer look, I realized why it could be so groundbreaking: decentralization.

Unlike other currencies and payment networks, bitcoin is not controlled by a bank, government, or financial institution. Instead, thousands of computers around the world verify transactions and manage a global decentralized ledger. This innovative technology is called the blockchain, and it provides a unique pathway that allows — for the first time — many computers that don’t trust each other to achieve consensus. In bitcoin’s case, they are achieving consensus on updates to the global ledger. Read more…

Comments: 6

Blockchain scalability

A look at the stumbling blocks to blockchain scalability and some high-level technical solutions.

Author note: Vitalik Buterin contributed to this article.

chain_Peter_Shanks_Flickr

Editor’s note: Kieren James-Lubin is a program co-chair for our O’Reilly Radar Summit: Bitcoin & the Blockchain on January 27, 2015, in San Francisco. For more on the program and for registration information, visit the Bitcoin & the Blockchain event website.

In a talk at CoinJar last fall, well-known bitcoin expert Andreas Antonopoulos made the following comment:

“I have no worries that bitcoin can scale, and the simple reason for that is that I know that IPv4 can’t, and yet I use it every day.”

The issue of bitcoin scalability and the phrase “blockchain scalability” are often seen in technical discussions of the bitcoin protocol. Will the requirements of recording every bitcoin transaction in the blockchain compromise its security (because fewer users will keep a copy of the whole blockchain) or its ability to handle a great number of transactions (because new blocks on which transactions can be recorded are only produced at limited intervals)? In this article, we’ll explore several meanings of “blockchain scalability” and some high-level technical solutions to the issue.

The three main stumbling blocks to blockchain scalability are:

  1. The tendency toward centralization with a growing blockchain: the larger the blockchain grows, the larger the requirements become for storage, bandwidth, and computational power that must be spent by “full nodes” in the network, leading to a risk of much higher centralization if the blockchain becomes large enough that only a few nodes are able to process a block.
  2. The bitcoin-specific issue that the blockchain has a built-in hard limit of 1 megabyte per block (about 10 minutes), and removing this limit requires a “hard fork” (ie. backward-incompatible change) to the bitcoin protocol.
  3. The high processing fees currently paid for bitcoin transactions, and the potential for those fees to increase as the network grows. We won’t discuss this too much, but see here for more detail.

We’ll consider these first two issues in detail. Read more…

Comments: 3

The 3Ps of the blockchain: platforms, programs and protocols

There is a burgeoning landscape around the blockchain’s decentralized consensus protocol technologies.

Bitcoin_chain_9179_BTC_Keychain_Flickr

Although it may be early to baptize new buzz lingo like “Blockchain as a Service” (BaaS) or “Blockchain as a Platform” (BaaP), there is a burgeoning landscape of various implementations and activity in and around the blockchain’s decentralized consensus protocol technologies.

I’ve already covered the blockchain’s sweet spot as a development platform in “Understanding the blockchain,” so it is no surprise that its landscape will be made up of platforms, protocols, and (smart) programs.

Breaking-up the bitcoin-blockchain paradigm

In a perfect world, we would have a single blockchain and a single cryptocurrency. But that doesn’t seem to be in the cards, whether it is technically feasible or not. Although wide-scale adoption and a critical mass of users aren’t there yet, the market is signaling for a diversification of choices, some based on the bitcoin currency and its blockchain protocol, and others not. Read more…

Comments: 8

Understanding the blockchain

We must be prepared for the blockchain’s promise to become a new development environment.

Editor’s note: this post originally published on the author’s website in three pieces: “The Blockchain is the New Database, Get Ready to Rewrite Everything,” “Blockchain Apps: Moving from the Jungle to the Zoo,” and “It’s Too Early to Judge Network Effects in Bitcoin and the Blockchain.” He has revised and adapted those pieces for this post.

There is no doubt that we are moving from a single cryptocurrency focus (bitcoin) to a variety of cryptocurrency-based applications built on top of the blockchain.

This article examines the impact of the blockchain on developers, the segmentation of blockchain applications, and the network effects factors affecting bitcoin and blockchains.

The blockchain is the new database — get ready to rewrite everything

The technology concept behind the blockchain is similar to that of a database, except that the way you interact with that database is different.

For developers, the blockchain concept represents a paradigm shift in how software engineers will write software applications in the future, and it is one of the key concepts that needs to be well understood. We need to really understand five key concepts, and how they interrelate to one another in the context of this new computing paradigm that is unravelling in front of us: the blockchain, decentralized consensus, trusted computing, smart contracts, and proof of work/stake. This computing paradigm is important because it is a catalyst for the creation of decentralized applications, a next-step evolution from distributed computing architectural constructs. Read more…

Comment

Security comes from evolution, not revolution

The O'Reilly Radar Podcast: Mike Belshe on making bitcoin secure and easy enough for the mainstream.

locks_Steven_Tom_Flickr

Editor’s note: you can subscribe to the O’Reilly Radar Podcast through iTunes, SoundCloud, or directly through our podcast’s RSS feed.

In this week’s O’Reilly Radar Podcast episode, I caught up with Mike Belshe, CTO and co-founder of BitGo, a company that has developed a multi-signature wallet that works with bitcoin. Belshe talks about about the security issues addressed by multi-signature wallets, how the technology works, and the challenges in bringing cryptocurrencies mainstream. We also talk about his journey into the bitcoin world, and he chimes in on what money will look like in the future. Belshe will address the topics of security and multi-signature technology at our upcoming Bitcoin & the Blockchain Radar Summit on January 27, 2015, in San Francisco — for more on the program and registration information, visit our Bitcoin & the Blockchain website.

Multi-signature technology is exactly what it sounds like: instead of authorizing bitcoin transactions with a single signature and a single key (the traditional method), it requires multiple signatures and/or multiple machines — and any combination thereof. The concept initially was developed as a solution for malware. Belshe explains:

“I’m fully convinced that the folks who have been writing various types of malware that steal fairly trivial identity information — logins and passwords that they sell super cheap — they are retooling their viruses, their scanners, their key loggers for bitcoin. We’ve seen evidence of that over the last 12 months, for sure. Without multi-signature, if you do a bitcoin transaction on a machine that’s got any of this bad stuff on it, you’re pretty much toast. Multi-signature was my hope to fix that. What we do is make one signature happen on the server machine, one signature happen on the client machine, your home machine. That way the attacker has to actually compromise two totally different systems in order to steal your bitcoin. That’s what multi-signature is about.”

Read more…

Comment

Security principles of bitcoin

The core principle in bitcoin is decentralization, and it has important implications for security.

Editor’s note: this is an excerpt from Chapter 10 of our recently released book Mastering Bitcoin, by Andreas Antonopoulos. You can read the full chapter here. Antonopoulos will be speaking at our upcoming event Bitcoin & the Blockchain, January 27, 2015, in San Francisco. Find out more about the event and reserve your spot here.

Securing bitcoin is challenging because bitcoin is not an abstract reference to value, like a balance in a bank account. Bitcoin is very much like digital cash or gold. You’ve probably heard the expression “Possession is nine tenths of the law.” Well, in bitcoin, possession is ten tenths of the law. Possession of the keys to unlock the bitcoin, is equivalent to possession of cash or a chunk of precious metal. You can lose it, misplace it, have it stolen, or accidentally give the wrong amount to someone. In every one of those cases, end users would have no recourse, just as if they dropped cash on a public sidewalk.

However, bitcoin has capabilities that cash, gold, and bank accounts do not. A bitcoin wallet, containing your keys, can be backed up like any file. It can be stored in multiple copies, even printed on paper for hardcopy backup. You can’t “backup” cash, gold, or bank accounts. Bitcoin is different enough from anything that has come before that we need to think about bitcoin security in a novel way too.

Security principles

The core principle in bitcoin is decentralization and it has important implications for security. A centralized model, such as a traditional bank or payment network, depends on access control and vetting to keep bad actors out of the system. By comparison, a decentralized system like bitcoin pushes the responsibility and control to the end users. Because security of the network is based on Proof-Of-Work, not access control, the network can be open and no encryption is required for bitcoin traffic. Read more…

Comments: 3