Thursday, April 17, 2014

Cost of a DIY NSA?

A core thesis of mine these days is that citizens worried about NSA surveillance are only seeing the tip of the iceberg.  Computers get cheaper and faster every year.  This puts surveillance technology within reach of just about anyone.

Let's build our own surveillance network on a street corner, with some spy cameras, and consider how much it costs.

Data point #1: Bandwidth and storage costs for a 24 hour video feed.  We'll imagine that one camera produces 1GB/day.

Data point #2: Spy cameras such as this one.  To ensure good coverage of our street corner from multiple angles, we will place 6 spy cameras at $9.00/each.

Data point #3: Amazon cloud storage.  Inbound bandwidth is free.  We are uploading 6GB/day.  Because we are super-smart and know the NSA's secret time travelling techniques, we will store 60 days worth of video.  That caps our data storage at 360 GB.  Cost: $10.80/month.

Data point #4: Open source biometrics software.  This is free.

Data point #5: Amazon cloud processing.  Being conservative and over-estimating, we will have a 3-computer cloud processing our video data for biometrics, running 24/7.  Cost @ m3.large: $302.00/month.

Data point #6: Derived data.  The data so far is just raw video.  We want to build a database of persons, cars, etc. over time.  We'll assume a 3x expansion of data storage due to this.  That increases our data storage cost to $43.20/month.  This is a conservative over-estimation, as derived data will likely be exponentially smaller than raw video.

Data point #7: Site controller, to which all the spy cameras connect.  Just need a laptop and an Internet connection.  Cost: $300.00 one time for laptop, $60.00/month for Internet.

Total non-labor costs for our street corner DIY NSA project:
  • $354.00 initial
  • $405.20/month
For this cost, you may obtain a wealth of biometric data:  faces, license plates, associations between people, other biometric markers such as voice or gait, product usage.  Anything that may be gleaned from audio or video by simple, legal, public observation over time may be data mined for biometrics and personal data.

Folks engaged in the NSA debate often do not realize how inexpensive and accessible is this technology to local law enforcement, private corporations, and criminals.

Cheap cloud storage and data mining has implications for freedom of association and freedom of thought.  The NSA via Snowden has made this issue starkly clearly... but the media and public miss the larger point that technology itself, not NSA abuses, are leading us to global surveillance state where we will be watched by any number of public and private parties without our knowledge or consent.

Note: This post intentionally over-estimates costs by taking retail prices, not at scale, and assuming naive software implementations.  A local law enforcement agency or Google-level corporation could easily reduce these costs by large factors (10-100x).

Monday, April 14, 2014

On Amazon, bitcoin and Stan Lee

After experimenting with bitcoin in July 2010 ("the great slashdotting") and finding it to be a sound design, my thoughts ran in a predictable direction:  what are the implications of a global digital currency?  What are the engineering practicalities required to bootstrap a brand new digital economy from zero?

the Amazon, though not the one we're talking about in the articleIf you imagine a new currency being rolled out worldwide, the idea of how might implement the currency inevitably comes up.  Amazon's business has several major components that deal with payments of various types.  It is relevant to Amazon and bitcoin that we consider all of these payment types, not just the well known storefront payment flow.
  • storefront.  Buy a book, pay with credit card, etc.
  • Amazon Payments.  A bit of a Paypal clone, though they don't market it that way.  Can have a positive balance, send P2P payments in-system.
  • Handling fulfillment and payout to merchants who sell goods through their systems.
  • Amazon AWS Flexible Payments Service
  • Amazon AWS DevPay
  • In the time it took for you to read this, Amazon has probably created another cloud payment service.
While performing research related bitcoin, I examined the money transmittal space to learn which corporations maintained money transmittal licenses nationwide.  According to my research circa 2010, Amazon is one of the few Fortune 500 companies with money transmitter licensing in all US states.  Adopting bitcoin, at a minimum, probably requires Amazon to re-evaluate compliance at a time when they are also trying to lobby US states on sales tax issues.

The network effect (Amazon's size) must also be considered. today is basically "the Internet store." No need to qualify further.  With upcoming local delivery efforts, that effect is even more pronounced.

Like Google or Wal-Mart, every move by a company of this size has enormous consequences, intended and unintended.  Amazon adopting bitcoin today would have a disruptive effect on bitcoin, credit card systems, and banks worldwide.  At scale, one hopes Amazon acknowledges that great power and aims to wield it responsibly.  It is a fair and rational position for a company of that size to sit back and let the market sort out which crypto-currency to adopt.

On the technical side of the equation, a new payment system at is likely a major undertaking.  Amazon's software is entirely homegrown, and quite complex.  So complex that their store evolved into a web services business (AWS).  Having been recruited by Amazon myself, and having friends who work at Amazon as engineers, I know that Amazon stays at the bleeding edge of computing technology.  Integrating bitcoin -- or any digital cash -- probably requires extensive software updates throughout the system.  Digital cash, after all, does not behave like a credit card or debit card.  Those behavior differences can ripple through highly custom software, increasing engineering costs.

As a bitcoin supporter, I certainly feel the aforementioned disruptive effect is a positive one for the world.  But there are many reasons why Amazon in particular would be conservative about adopting an experimental new digital cash.  Given the above factors, my prediction -- dating back to 2010 -- was always that Amazon would sit back and let others decide the bitcoin-or-not question.

Sunday, March 23, 2014

Arthur C. Clarke on economic meltdowns and network congestion

Here is a fun passage from Arthur C. Clarke's Rama II fictional novel, published in 1989.  It presents an arguably realistic crash scenario for our [real world] financial systems.  Food for thought in the bitcoin economy or fiat economy both. We are incredibly dependent on computer financial databases.

In contrast, terrestrial affairs were dominated by the emerging world economic crisis. On May 1, 2134, three of the largest international banks announced that they were insolvent because of bad loans. Within two days a panic had spread around the world. The more than one billion home terminals with access to the global financial markets were used to dump individual portfolios of stocks and bonds. The communications load on the Global Network System (GNS) was immense. The data transfer machines were stretched far beyond their capabilities and design specifications. Data gridlock delayed transactions for minutes, then hours, contributing additional momentum to the panic.

By the end of a week two things were apparent—that over half of the world's stock value had been obliterated and that many individuals, large and small investors alike, who had used their credit options to the maximum, were now virtually penniless. The supporting data bases that kept track of personal bank accounts and automatically transferred money to cover margin calls were flashing disaster messages in almost 20 percent of the houses in the world.

In truth, however, the situation was much much worse. Only a small percentage of the transactions were actually clearing through all the supporting computers because the data rates in all directions were far beyond anything that had ever been anticipated. In computer language, the entire global financial system went into the "cycle slip" mode. Billions and billions of information transfers at lower priorities were postponed by the network of computers while the higher priority tasks were being serviced first.

The net result of these data delays was that in most cases individual electronic bank accounts were not properly debited, for hours or even days, to account for the mounting stock market losses, Once the individual investors realized what was occurring, they rushed to spend whatever was still showing in their balances before the computers completed all the transactions. By the time governments and financial institutions understood fully what was going on and acted to stop all this frenetic activity, it was too late. The confused system had crashed completely. To reconstruct what had happened required carefully dumping and interleaving the backup checkpoint files stored at a hundred or so remote centers around the world.

For over three weeks the electronic financial management system that governed all money transactions was inaccessible to everybody. Nobody knew how much money he had—or how much anyone else had. Since cash had long ago become obsolete, only eccentrics and collectors had enough bank notes to buy even a week's groceries. People began to barter for necessities. Pledges based on friendship and personal acquaintance enabled many people to survive temporarily. But the pain had only begun. Every time the international management organization that oversaw the global financial system would announce that they were going to try to come back on-line and would plead with people to stay off their terminals except for emergencies, their pleas would be ignored, processing requests would flood the system, and the computers would crash again.

It was only two more weeks before the scientists of the world agreed on an explanation for the additional brightness in the apparition of Halley's Comet. But it was over four months before people could count again on reliable data base information from the GNS. The cost to human society of the enduring chaos was incalculable. By the time normal electronic economic activity had been restored, the world was in a violent financial down-spin that would not bottom out until twelve years later. It would be well over fifty years before the Gross World Product would return to the heights reached before the Crash of 2134.

Wednesday, March 19, 2014

Bitcoin Core v0.9.0 release overview

The Bitcoin open source project has released a major new version, 0.9.0.  This update brings the usual basket of fixes, performance improvements, security enhancements and new features.  The Bitcoin Core Wallet (formerly Bitcoin-Qt) introduces a new direct-to-merchant payment method with the BIP 70 payment protocol and the workflow for receiving coins has been notably improved.  Under the hood, several improvements should reduce P2P network spam, enhance privacy and security, and improve performance.  For enterprise users, the wallet is made optional, introducing a blockchain-only "border router" mode.

Initial support for the BIP 70 payment protocol was added to the Bitcoin Core Wallet.  The payment protocol is an optional feature designed to upgrade the security and reliability of the customer-merchant payment process.  For the case where a direct connection between the customer and merchant already exists, such as when customer is shopping on a merchant's website, the payment protocol may be used to send payments directly from the customer's bitcoin wallet to the merchant.  This has several advantages: added security, speed, and the ability of a merchant to assist the customer in getting their transaction relayed and confirmed on the P2P network. Refund ability is also included. The goal is to make the payment process smooth and secure, and lessen dependence on everyday use of the now-familiar bitcoin addresses.

A recent trend has been the use of Bitcoin Core Server (bitcoind) in a new role.  Organizations with large bitcoin architectures will use bitcoind as a "border router" while developing their own custom wallet solutions.  This role involves bitcoind running the P2P network and distributed consensus services, providing a high quality payment firewall, while the organization manages their own keys and transactions.  The wallet, in this mode, may be disabled at compile time or runtime.  Some sites have seen memory savings of 40-200MB when running in router mode.

Many minor improvements have been made to payment network operation. Transaction relay rules have been tightened further, reducing several types of spam or malicious traffic, including the recent transaction malleability issues.  The anti-spam minimum fees have been reduced, as they were set at a time when bitcoin's price was much lower. Historically, these fees are only reduced.  Future "smart fee" work is intended to eliminate the hardcoded minimums completely.  A dynamic system and open, free fee market are the desired long term goals. Unrelated to fees, a new "reject" P2P message should provide useful feedback to nodes submitting invalid transactions.  Additional DoS and privacy protections were added.

It should be noted that this fee reduction only applies to the suggested anti-spam minimums.  The actual fee paid by users is determined by what miners are willing to include in a block.  Reducing the anti-spam minimum fee should increase the chance of a transaction being relayed across the network to various miners.  This does not imply a global network fee reduction.  Transaction fees are and continue to be set by the mining market.

Automated services and websites make use of Bitcoin Core Server's programmable RPC API.  Many new, minor features were added to RPC to facilitate blockchain queries, validate blockchain data and bitcoin addresses, and other utility features that bitcoin websites find useful.

New features for bitcoin developers include a new autotools-based build system, harmonizing bitcoin development with many other packages in the open source world.  A regression test mode has been introduced to facilitate automated bitcoin testing.  This "regtest" mode features near-zero block generation times, permitting a site to simulate thousands of test blockchain scenarios in a short amount of time.

This update also includes platform-specific improvements.  Windows client is now 64-bit, enabling better performance and stabilty.  GCC's stack smashing feature is enabled on Windows, as it already was on other platforms.  Apple OSX integration was improved.  Finally, support for the older 10.5 OSX/32-bit platform was removed.

Outside of new features, this update includes several fixes and tools designed to avoid problems with zero-confirmation malleable transactions.  (Confirmed transactions are, by definition, not malleable)

Read the full release notes at

Monday, February 24, 2014

How to support bitcoin core development

After this CoinDesk article, various fora have asked how to support bitcoin core development.  Here is a quick list, in order of personal preference.  Speaking only for myself, not my employer or other devs.

1. Grow the ecosystem.  Grow your own in-house engineering expertise. Learn open source engineering. Learn the bitcoin design (PDF), the bitcoin protocol, then contribute back to the reference implementation.  Ask questions.  We love great questions from people trying to learn (though you are expected to be self-motivated enough to google for the answers yourself, first...)

2. Help with testing.  You don't have to be a programmer, just a capable computer user with attention to detail.  We are constantly starved for real testing.  If you can help write additional tests, even better.

3. Commit the resources necessary to running a full node (bitcoind), 24/7, to help maintain the payment network.  This requires sufficient disk space and bandwidth, as well as the critical need to poke a hole in the firewall, permitting incoming TCP connections to port 8333.

Edit: OK, this doesn't have much to do with development.  It does help the network, though.  Also consider seeding the blockchain torrent.

4. Donate to the Bitcoin Foundation, which supports two core developers.

5. (Shameless plug!)  Buy things from BitPay merchants.  BitPay supports open source by employing me to work on bitcoin development.

6. I'm not bitcoin-rich nor debt-free like many other early adopters, and have a donation address at 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj.  But really, if you are a starving kid in Africa, don't send money, I do more than OK on a generous engineer's salary.

We all benefit when the amount of deep bitcoin knowledge is widely distributed.  It is always helpful to grow the number of technical people with deep bitcoin understanding.

Even more fundamentally, however, it is critical to understand that bitcoin is an open source project, with all that entails.

To be successful, to continue, folks who depend on bitcoin must contribute back.  As Gavin Andresen noted during the recent T.M. kerfluffle,

Do not treat the core development team as if we were a
commercial company that sold you a software library.  That is not how open
source works; if you are making a profit using the software, you are
expected to help develop, debug, test, and review it.

Monday, January 20, 2014

blackbox: Bitcoin-enabled, decentralized cloud

Rethinking data centers, one node at a time

Bittorrent and bitcoin have proven the power of peer-to-peer, decentralized networking.  Amazon Web Services and Rackspace Cloud demonstrate the market desire for cloud storage and cloud processing. Why not combine these into a single package?

The storage system Tahoe LAFS demonstrates how the data center may be inverted, making the end user the ultimate provider of data storage services.  Continue this idea writ large, and apply it to cloud storage, cloud processing, and other cloud services.

Now, boil cloud services down to their primary components, and consider a user interface that anyone, even largely computer illiterate, could manage.

blackbox: core components

Ultimately, computers provide resources.  These resources may be enumerated, and resold on the free market.  For cloud services, these resources are
  • CPU cores
  • Temporary memory (RAM)
  • Persistent memory (SSD, hard drive)
  • Internet bandwidth
To make these resources usable, further meta-resources are required,
  • Amount of resource available
  • Time window when resource is available
  • Bitcoin address for payments
  • SIN or other decentralized identity
Given these few metrics, we can conceive of "blackbox" software that connects to TradeNet, offers the above resources on the free market, and receives payment when the resources are utilized.

The user experience is as simple as it gets:  Turn on your computer, run the blackbox, and get paid.

Automated service, cost routing

blackbox is not a new idea.  These sorts of ideas are decades old.  The new twist is adding an efficient digital currency (bitcoin) with online, automated, decentralized markets.

Computing jobs, be it 24/7 real-time services ("run my website") or periodic batch processing ("balance today's accounting and sales records") will be layered on top of blackbox's low level cloud services in precisely the same manner as cloud services are used today.

Based on your service needs, nodes will be selected based on cost, reliability, reputation, geolocation, speed, and many other factors.  Requests for service will be matched with offers for service.  Contracts will be agreed upon, perhaps lasting only 24 hours, or an hour, or 60 seconds.  Payment terms may be guaranteed through multi-signature transactions, with reputation, escrow and arbitration ensuring that all parties have incentives to deliver.

Keep us online and honest

The two primary weak points of a decentralized, generalized cloud network are resource accounting and network defense.

Resource accounting includes issues such as ensuring that participants X, Y, and Z all deliver their contractually-promised resources, or are highlighted for lack of delivery.  Service delivery fails for any number of reasons:  malicious action, hardware or software failure, human error.  Ultimately the reasons for service delivery failure are not important. Nodes will develop a reputation for good or bad service over time.

Network defense will involve associating and disassociating with various parties based on their reputation.  As in Tahoe-LAFS, most consumers of computing services will communicate with layers of software 1-2 layers removed from the low-level blackbox software itself.  This offers privacy for the provider, as well as shielding blackbox users themselves from many attacks.  Other defenses will depend more on the precise P2P technologies involved in TradeNet and blackbox.

Mesh network writ large

Mesh networks provide an example of a large, useful service collectively built from tiny components.  TradeNet takes the concept further, imagining a mesh of markets.  blackbox is simply the next logical extension of thought:  once easy, automated, anyone-can-join markets exist, it becomes easy to resell one's own computing resources using modern software that combines those computing resources into a greater collective whole.

Once these P2P cloud services are available, developers will create more useful software layered on top:  web hosting, email services, video processing, all the services one can perform in the cloud today.  Presumably, with the free market at work, costs would be lowered for many, while utilizing computing power that would otherwise be sitting around idle.

With blackbox, a user enters their bitcoin address, and tells the software to make use of the computer, when the owner is away.  Computers inside data centers will run blackbox 24/7.

blackbox 2.0

All of the above may be implemented, in theory, given today's technology.  Improving the system further involves additional data, permitting additional price discovery.

Recent hardware trends have included a focus on efficiency and power usage, a welcome change from decades of counting CPU cycles/second.  blackbox 2.0 would examine local electricity prices, and determine if contributing a resource is economically viable, considering the power usage involved.

Sunday, November 24, 2013

Our future: Population control through data mining

Our collective future will be dictated by statistics, cheap cloud storage and data mining, not politicians. NSA's PRISM is a symptom, a natural result of current tech. In 10 years, your average tech startup will have access to as much generalized CPU and storage as 2013-era NSA. Anyone with Google Glass, not just the NSA, will use facial recognition, gait recognition and other biometrics and identify every person they see on the street, every car they see driving down the road, in real time.