tag:blogger.com,1999:blog-40840459540049176322024-02-28T15:44:24.918-08:00Random blatherings by JeffJeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.comBlogger55125tag:blogger.com,1999:blog-4084045954004917632.post-26369308032261400032024-01-31T08:30:00.000-08:002024-01-31T08:37:23.515-08:00On the Virtue of Unoriginality: In Defense of the Derivative<br /><h1 style="text-align: left;"> On the Virtue of Unoriginality: In Defense of the Derivative</h1><br />In the contemporary cacophony of cultural discourse, a peculiar specter haunts the corridors of creativity: the ghost of unoriginality. As we stand on the precipice of a new era, heralded by the advent of generative AI, the time is ripe to cast off antiquated notions of originality and embrace the sublime beauty of derivation.<br /><br />The current tumult over generative AI and copyright law serves as a fertile ground for this discourse. To decry these AI creations as unoriginal is to miss the forest for the trees. For what is unoriginality but the sincerest form of flattery, a tribute to the collective genius of humanity?<br /><br />We have long venerated the notion of the 'original' artist, the lone genius who conjures creations ex nihilo. Yet, this is a myth, a fanciful fabrication that wilts under scrutiny. Let us not delude ourselves: every artist is a magpie, gleaning shiny fragments of ideas, styles, and influences. We are all, in essence, sophisticated algorithms, trained on the rich data of human culture, synthesizing and regurgitating with a veneer of novelty.<br /><br />Consider the bards of old, who wove tales not from the ether but from the rich tapestry of folklore. Or the Renaissance artists, whose masterpieces were born from a fervent dialogue with their predecessors. In literature, music, and film, the greatest works are often those that deftly recombine familiar elements in new configurations. This, after all, is the essence of creativity: not the creation of something from nothing, but the reimagining of something from everything.<br /><br />The irony of the current furor over AI-generated art is that it mirrors the very process of human creativity. These AIs are trained on vast datasets of human output, digesting and assimilating the collective oeuvre of our species. In this, they are not unlike us. From infancy, we are bombarded with sensory input, narratives, motifs, and styles. Our so-called original ideas are but recombinations of these elements, filtered through the unique prism of individual experience.<br /><br />To those who decry AI as the death knell of originality, I say: look in the mirror. Are you not also an algorithm, albeit a biological one? Your thoughts and creations, no matter how novel they may seem, are built on the foundations laid by countless others. In every note of music, every stroke of the brush, every written word, there echoes the chorus of humanity.<br /><br />This is not to say that all creations are equal. There is a chasm between the pedestrian pastiche and the transcendent synthesis. But let us not conflate originality with value. A work can be derivative yet profound, familiar yet fresh. It is the execution, the finesse with which these elements are combined, that separates the mundane from the sublime.<br /><br />Furthermore, the fetishization of originality stifles creativity, placing undue pressure on artists to reinvent the wheel. In this relentless pursuit of the new, we risk overlooking the beauty of the familiar, the comfort of the known. There is a certain grace in acknowledging our debt to the past, in recognizing that we are but links in an endless chain of cultural transmission.<br /><br />In embracing unoriginality, we open ourselves to a richer, more nuanced understanding of creativity. We acknowledge the collective nature of art, the communal wellspring from which all creators draw. We celebrate the intertextuality of culture, the myriad ways in which works speak to and inform one another.<br /><br />In this light, generative AI can be seen not as a threat to creativity, but as its apotheosis. These machines, with their capacity to assimilate and recombine at a scale unimaginable to the human mind, represent the culmination of our collective creative endeavor. They are the offspring of our cultural genome, the next step in the evolution of art.<br /><br />As we move forward into this brave new world, let us cast aside our fears of unoriginality. Let us instead revel in the rich tapestry of human creation, in the endless dance of influence and inspiration. For in the end, we are all standing on the shoulders of giants, reaching ever higher into the boundless expanse of possibility.<div><br /></div><div>(This post was derived from an extended, human-authored prompt by chatGPT 4)</div><div><br /></div>Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-20206933220774627922016-11-18T12:32:00.000-08:002017-01-09T22:29:08.581-08:00Ways Sheep Can DieSource: <a href="http://martileimbach.com/">Marti Leimbach</a> via <a href="http://marginalrevolution.com/marginalrevolution/2008/08/ways-that-sheep.html">Marginal Revolution</a>.<br />
<br />
Some of the ways sheep can die:<br />
<br />
<ul>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Getting stuck on their backs and dying of suffocation</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Attacked by flies</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Eaten by maggots</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Being attacked by dogs or any other living creature</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Being frightened into a heart attack by imagining the dog is going to attack, even though it is not</span><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;"> </span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Drowning (Are we surprised sheep cannot swim?)</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Suffocating in snow (surprisingly common)</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Hoof infections that poison the blood</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">Almost exploding with grass because they have eaten too much and are unable to pass wind</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">If they get too hot</span></li>
<li><span style="background-color: white; color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif; font-size: 14px;">If they get too cold</span></li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://upload.wikimedia.org/wikipedia/commons/f/f1/Herd_of_sheep.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://upload.wikimedia.org/wikipedia/commons/f/f1/Herd_of_sheep.JPG" width="320" /></a></div>
<div>
<span style="color: #101010; font-family: "arial" , "helvetica neue" , "helvetica" , sans-serif;"><span style="font-size: 14px;"><br /></span></span></div>
Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-41061854375315318252015-10-01T02:11:00.000-07:002017-01-12T20:05:37.843-08:00Onwards and upwards<br />
I want to thank BitPay for being a notable sponsor of bitcoin core development for over two years. BitPay is truly a leader in open source, with <a href="https://github.com/bitpay/bitcore">bitcore</a> and <a href="https://play.google.com/store/apps/details?id=com.bitpay.copay&hl=en">Copay</a> being two notable examples.<br />
<br />
It was an exciting and transformative time at BitPay, and I'm now transitioning to become a member of the BitPay Advisory Board. I'll be focusing most of my time on building new and interesting things in the bitcoin space.<br />
<br />
Other members of BitPay's Advisory Board include <a href="https://en.wikipedia.org/wiki/Arthur_Levitt">Arthur Levitt</a> and <a href="https://en.wikipedia.org/wiki/Gavin_Andresen">Gavin Andresen</a>, so I'm excited to continue to support BitPay. Email <a href="mailto:jgarzik@bitpay.com" style="color: #1155cc;" target="_blank">jgarzik@bitpay.com</a> will remain active as a BitPay advisor.<br />
<div style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">
<br />
Update: FAQs <a href="https://www.reddit.com/r/Bitcoin/comments/3n389h/jeff_garzik_onwards_and_upwards/cvl75a3">answered here</a>.<br />
<br /></div>
Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com3tag:blogger.com,1999:blog-4084045954004917632.post-80376899819349084222015-09-29T08:34:00.000-07:002017-01-12T20:05:55.644-08:00Decoupling Financial Indices with Decentralized Bitcoin Fact GeneratorsFinancial indices such as the <a href="https://en.wikipedia.org/wiki/Dow_Jones_Industrial_Average">Dow Jones Industrial Average</a> or the <a href="https://en.wikipedia.org/wiki/S%26P_500_Index">S&P 500</a> are well known. In the age of <a href="https://en.wikipedia.org/wiki/Exchange-traded_fund">ETFs</a> and <a href="https://en.wikipedia.org/wiki/Exchange-traded_note">ETNs</a>, a core index is a requirement of the investment product.<br />
<br />
In the age of decentralized software, this will be further decoupled into networks of <b>fact generators</b> and verified algorithms.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf393MxjEj0Be7pSPnH47Cm-JnTxtedgNoGOcinmYDSjLuxVn5HSh492IJb6UddtKZQAkWQ6OYdKRJFbUF5ZAYhL6_VKkkBeo5rHa4hy3MGfcf1QR7STEMAr2DVTPdEH79HjVv2IzYNsF1/s1600/1280px-Portable_electrical_generator_side.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf393MxjEj0Be7pSPnH47Cm-JnTxtedgNoGOcinmYDSjLuxVn5HSh492IJb6UddtKZQAkWQ6OYdKRJFbUF5ZAYhL6_VKkkBeo5rHa4hy3MGfcf1QR7STEMAr2DVTPdEH79HjVv2IzYNsF1/s200/1280px-Portable_electrical_generator_side.jpg" width="200" /></a>Creating an index such as the S&P 500 requires two primary components: Input data (stock prices), and an algorithm (criteria for selecting stock X with proportional weight Y).<br />
<br />
Using technologies such as <a href="https://en.wikipedia.org/wiki/Cryptographic_hash_function">cryptographic hash functions</a>, <a href="https://en.wikipedia.org/wiki/Merkle_tree">merkle trees</a>, <a href="https://www.proofofexistence.com/about">bitcoin blockchain timestamping</a> and <a href="https://en.bitcoin.it/wiki/Contract#Example_4:_Using_external_state">bitcoin oracles</a>, a better, more secure, more transparent financial index system may be developed. Let's call it "Index-NG."<br />
<br />
In the Index-NG system, the algorithm - the software - that turns volumes of input data into "The S&P 500 closing price" or "current gold price at 12:01pm" would transform from a clunky Excel spreadsheet (yes, really) or proprietary S&P software into<br />
<br />
<ul>
<li><a href="https://en.wikipedia.org/wiki/Open-source_software">Open source software</a></li>
<li>Written in a smart contract language such as <a href="https://en.bitcoin.it/wiki/Script">bitcoin script</a>, <a href="https://github.com/jgarzik/moxiebox">Moxie</a> or <a href="https://en.wikipedia.org/wiki/Ethereum">ethereum</a>.</li>
<li>Secured against corruption and tampering via blockchain hash</li>
<li>If not entirely in-chain (bitcoin script, ethereum), processed by a network of oracles run by separate businesses/individuals.</li>
</ul>
<div>
This index algorithm architecture increases transparency and reduces the level of trust we place in any one organization or developer. The level of peer review is greatly increased. Auditing is a breeze.</div>
<div>
<br /></div>
<div>
To further decentralize and reduce trust required in the index algorithm, the index's input data is now considered. The <i>collection of raw data</i> becomes a key act in a decentralized world.</div>
<div>
<br /></div>
<div>
Raw field data is collected by data sensors, and securely stored in the blockchain: Stock price data, climate station weather data, air pollution data, and more. Hashing and merkle trees are used to aggregate large volumes of data into small, secure blockchain <b>anchors</b>.</div>
<div>
<br /></div>
<div>
The software and actors that collect the raw data and securely store it in the blockchain are <i>fact generators</i>. Fact generators are the second half of a decentralized financial index. Their role is best illustrated with some examples, and is central to the security of the entire system.</div>
<div>
<br /></div>
<div>
Creating an index such as that S&P 500 requires building a secure digital loop for publishing its data and algorithms:</div>
<div>
<ul>
<li>NYSE and NASDAQ publish <a href="https://en.wikipedia.org/wiki/Digital_signature">digitally-signed</a> intraday or closing prices, hashed into the blockchain. Publish this hash in the New York Times and Wall Street Journal stock sections, too! NYSE and NASDAQ play the role of fact generators, here.</li>
<li>Standard and Poor's publishes a digitally-signed S&P 500 algorithm, hashed into the blockchain.</li>
<li>Any bank, government agency, individual or machine-based <a href="https://en.bitcoin.it/wiki/Agent">agent</a> may then independently generate the S&P500 index at any time, secured against tampering, with two simple pieces of information: The hash of the algorithm, and the hash of the data summary.</li>
</ul>
<div>
Creating an ETF, then, becomes a second layer of decentralized algorithms which trigger trades in an ETF's <a href="https://www.vanguard.com.hk/documents/etf-how-etfs-work-en.pdf">primary markets</a>. ETFs can exist and be run 100% human-free. With bitcoin as the value token, both the stock price and the value exist on the blockchain as digitally provable values, ensuring an autonomous agent or DAC can prove with 100% certainty that certain trades should/should not be executed.</div>
</div>
<div>
<br /></div>
<div>
Another example is measuring air quality or climate data, a dataset perhaps more subject to manipulation (or accusations thereof). One can imagine</div>
<div>
<ul>
<li>1st layer: A network of Beijing air quality sensors or US-based climate temperature sensors securely timestamps their data into the blockchain.</li>
<li>1st layer: Satellite infrared and smog imagery is securely hashed into the blockchain.</li>
<li>1st layer: Bitcoin/USD exchange rate data is digital signed by each bitcoin exchange, and securely hashed into the blockchain.</li>
<li>2nd layer: 10 governments and NGOs around the world publish their assessments of this data - and the models/algorithms used to achieve the assessments.</li>
<li>3rd layer: IMF and other agencies run automated agents which transfer bitcoin value based on the pollution/climate assessments, modified by bitcoin/USD exchange rate to eliminate volatility.</li>
</ul>
<div>
In this example, the fact generators - air quality sensors - are mostly untrusted. A 2nd layer of software - also fact generators, generating derivative facts - achieves a consensus or quorum over untrusted data. The 3rd layer of software than acts upon that quorum of derived facts.</div>
</div>
<div>
<br /></div>
<div>
In a decentralized world, the gathering of raw data, signing, hashing and synthesizing it - fact generation - becomes the key act upon which software will automatically trigger further actions - including real world actions such as hiring humans, moving shipping containers from point A to B, delivering groceries and more.</div>
<div>
<br /></div>
<div>
Decentralized software - using secured digital facts, running on blockchains (bitcoin, ethereum) or networks of oracles - will form an ecosystem that makes the entire world operate on a more transparent, more efficient, less corruptible basis.</div>
<div>
<br />
The essence of <a href="http://gendal.me/2015/03/30/bitcoin-as-a-smart-contract-platform/">smart contracts</a> is executing a series of actions (and inactions) based on computer processing of digital facts.<br />
<br /></div>
Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com1tag:blogger.com,1999:blog-4084045954004917632.post-47598411774205717282014-12-16T10:44:00.001-08:002017-01-12T20:06:23.463-08:00Open development processes and reddit kerklufflesIt can be useful to review open source
development processes from time to time. This reddit thread[1] serves
use both as a case study, and also a moment of OSS process introduction
for newbies.<br />
[1] <a href="http://www.reddit.com/r/Bitcoin/comments/2pd0zy/peter_todd_is_saying_shoddy_development_on_v010/" target="_blank">http://www.reddit.com/r/<wbr></wbr>Bitcoin/comments/2pd0zy/peter_<wbr></wbr>todd_is_saying_shoddy_<wbr></wbr>development_on_v010/</a><br />
<br />
<br />
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpsPAyLftcUYqVJv8K8KJIQRSdNfNTumrlr5EH_2CwJOK6vHQ64FY56B2-mGAkgB6Zt8-KeMjQLLU76vKdvS2yN27iiapJD-RIyn3QTaVbSo14w7S8wX6HeHbYglxWMonfD9YjolGvdqiB/s1600/Locking_horns_-_Springbuck.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpsPAyLftcUYqVJv8K8KJIQRSdNfNTumrlr5EH_2CwJOK6vHQ64FY56B2-mGAkgB6Zt8-KeMjQLLU76vKdvS2yN27iiapJD-RIyn3QTaVbSo14w7S8wX6HeHbYglxWMonfD9YjolGvdqiB/s1600/Locking_horns_-_Springbuck.jpg" width="320" /></a><b>Dirty Laundry</b></div>
<br />
When
building businesses or commercial software projects, outsiders
typically hear little about the internals of project development. The
public only hears what the companies release, which is prepped and
polished. Internal disagreements, schedule slips, engineer fistfights
are all unseen.<br />
<br />
Open source development is the opposite.
The goal is radical transparency. Inevitably there is private chatter
(0day bugs etc.), but the default is openness. This means that is it
normal practice to "air dirty laundry in public." Engineers will
disagree, sometimes quietly, sometimes loudly, sometimes rudely and with
ad hominem attacks. On the Internet, there is a pile-on effect, where
informed and uninformed supporters add their 0.02 BTC.<br />
<br />
Competing
interests cloud the issues further. Engineers are typically employed
by an organization, as a technology matures. Those organizations have
different strategies and motivations. These organizations will sponsor
work they find beneficial. Sometimes those orgs are non-profit
foundations, sometimes for-profit corporations. Sometimes that work is
maintenance ("keep it running"), sometimes that work is developing new,
competitive features that company feels will give it a better market
position. In a transparent development environment, all parties are
hyperaware of these competing interests. Internet natterers
painstakingly document and repeat every conspiracy theory about Bitcoin
Foundation, Blockstream, BitPay, various altcoin developers, and more as
a result of these competing interests.<br />
<br />
Bitcoin and altcoin
development adds an interesting new dimension. Sometimes engineers
have a more direct conflict of interest, in that the technology they are
developing is also potentially their road to instant $millions.
Investors, amateur and professional, have direct stakes in a certain
coin or coin technology. Engineers also have an emotional stake in
technology they design and nurture. This results in incentives where
supporters of a non-bitcoin technology work very hard to thump bitcoin.
And vice versa. Even inside bitcoin, you see "tree chains vs. side
chains" threads of a similar stripe. This can lead to a very skewed
debate.<br />
<br />
That should not distract from the engineering
discussion. Starting from first principles, Assume Good Faith[2]. Most
engineers in open source tend to mean what they say. Typically they
speak for themselves first, and their employers value that engineer's
freedom of opinion. Pay attention to the engineers actually working on
the technology, and less attention to the noise bubbling around the
Internet like the kindergarten game of grapevine.<br />
[2] <a href="http://en.wikipedia.org/wiki/Wikipedia:Assume_good_faith" target="_blank">http://en.wikipedia.org/wiki/<wbr></wbr>Wikipedia:Assume_good_faith</a><br />
<br />
<div>
Being
open and transparent means engineering disagreements happen in public.
This is normal. Open source engineers live an aquarium life[3].<br />
[3] <a href="https://www.youtube.com/watch?v=QKe-aO44R7k" target="_blank">https://www.youtube.com/watch?<wbr></wbr>v=QKe-aO44R7k</a><br />
<br /></div>
<div>
<br />
<b>What the fork?</b></div>
<div>
<br />
In
this case, a tweet suggests consensus bug risks, which reddit account
"treeorsidechains" hyperbolizes into a dramatic headline[1]. However,
the headline would seem to be the opposite of the truth. Several
changes were merged during 0.10 development which move snippets of
source code into new files and new sub-directories. The general
direction of this work is creating a "libconsensus" library that
carefully encapsulates consensus code in a manner usable by external
projects. This is a good thing.<br />
<br /></div>
<div>
The development was
performed quite responsibly: Multiple developers would verify each
cosmetic change, ensuring no behavior changes had been accidentally (or
maliciously!) introduced. Each pull request receives a full
multi-platform build + automated testing, over and above individual dev
testing. Comparisons at the assembly language level were sometimes made
in critical areas, to ensure zero before-and-after change. Each
transformation gets the Bitcoin Core codebase to a more sustainable,
more reusable state.<br />
<br /></div>
<div>
Certainly zero-change is the most
conservative approach. Strictly speaking, that has the lowest consensus
risk. But that is a short term mentality. Both Bitcoin Core and the
larger ecosystem will benefit when the "hairball" pile of source code is
cleaned up. Progress has been made on that front in the past 2 years,
and continues. <i>Long term</i>, combined with the "libconsensus" work, that leads to less community-wide risk.<br />
<br />
The
key is balance. Continue software engineering practices -- like those
just mentioned above -- that enable change with least consensus risk.
Part of those practices is review at each step of the development
process: social media thought bubble, mailing list post, pull request,
git merge, pre-release & release. It probably seems chaotic at
times. In effect, git[hub] and the Internet enable a dynamic system of
review and feedback, where each stage provides a check-and-balance for
bad ideas and bad software changes. It's a human process, designed to
acknowledge and handle that human engineers are fallible and might make
mistakes (or be coerced/under duress!). History and field experience
will be the ultimate judge, but I think Bitcoin Core is doing good on
this score, all things considered.<br />
<br /></div>
<div>
At the end of the
day, while no change is without risk, version 0.10 work was done with
attention to consensus risk at multiple levels (not just short term).<br />
<br /></div>
<div>
<br />
<b>Technical and social debt</b></div>
<div>
<br />
Working
on the Linux kernel was an interesting experience that combined
git-driven parallel development and a similar source code hairball. One
of the things that quickly became apparent is that cosmetic patches,
especially code movement, was hugely disruptive. Some even termed it
anti-social. To understand why, it is important to consider how modern
software changes are developed:<br />
<br /></div>
<div>
Developers work in
parallel on their personal computers to develop XYZ change, then submit
their change "upstream" as a github pull request. Then time passes. If
code movement and refactoring changes are accepted upstream before XYZ,
then the developer is forced to update XYZ -- typically trivial fixes,
re-review XYZ, and re-test XYZ to ensure it remains in a known-working
state.<br />
<br /></div>
<div>
Seemingly cosmetic changes such as code
movement have a ripple effect on participating developers, and wider
developer community. Every developer who is <i>not</i> immediately merged upstream must bear the costs of updating their unmerged work.</div>
<div>
<br /></div>
<div>
Normally, this is expected. Encouraging developers to build on top of "upstream" produces virtuous cycles.<br />
<br /></div>
<div>
However,
a constant stream of code movement and cosmetic changes may produce a
constant stream of disruption to developers working on non-trivial
features that take a bit longer to develop before going upstream.
Trivial changes become encouraged, and non-trivial changes face a binary
choice of (a) be merged immediately or (b) bear added re-base, re-view,
re-test costs.<br />
<br /></div>
<div>
Taken over a timescale of months, I
argue that a steady stream of cosmetic code movement changes serves as a
disincentive to developers working with upstream. Each upstream
breakage has a ripple effect to all developers downstream, and imposes
some added chance of newly introduced bugs on downstream developers.
I'll call this "social debt", a sort of technical debt[4] for
developers.<br />
[4] <a href="http://en.wikipedia.org/wiki/Technical_debt" target="_blank">http://en.wikipedia.org/wiki/<wbr></wbr>Technical_debt</a></div>
<div>
<br /></div>
<div>
As
mentioned above, the libconsensus and code movement work is a net
gain. The codebase needs cleaning up. Each change however incurs a
little bit of social debt. Life is a little bit harder on people trying
to get work into the tree. Developers are a little bit more
discouraged at the busy-work they must perform. Non-trivial pull
requests take a little bit longer to approve, because they take a little
bit more work to rebase (again).<br />
<br /></div>
<div>
A steady flow of code movement and cosmetic breakage into the tree may be a net gain, but it also incurs a <i>lot</i> of social debt. In such situations, developers find that tested, working out-of-tree code repeatedly stops working <i>during the process of trying to get that work in-tree</i>. Taken over time, it discourages working on the tree. It is rational to sit back, <i>not</i> work on the tree, let the breakage stop, and then pick up the pieces.</div>
<div>
<b><br /></b></div>
<div>
<br />
<b>Paradox Unwound</b></div>
<div>
<br />
Bitcoin
Core, then, is pulled in opposite directions by a familiar problem. It
is generally agreed that the codebase needs further refactoring.
That's not just isolated engineer nit-picking. However, for non-trivial
projects, refactoring is always anti-social in the short term. It
impacts projects other than your own, projects you don't even know
about. One change causes work for N developers. Given these twin
opposing goals, the key, as ever, is finding the right balance.</div>
<div>
<br />
Much
like "feature freeze" in other software projects, developing a policy
that opens and closes windows for code movement and major disruptive
changes seems prudent. One week of code movement & cosmetics
followed by 3 weeks without, for example. Part of open source parallel
development is <i>social signalling</i>: Signal to developers when certain changes are favored or not, then trust they can handle the rest from there.<br />
<br /></div>
While
recent code movement commits themselves are individually ACK-worthy,
professionally executed and moving towards a positive goal, I think the
project could strike a better balance when it comes to disruptive
cosmetic changes, a balance that better encourages developers to work on
more involved Bitcoin Core projects.<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-19857343470335816562014-12-12T08:22:00.001-08:002014-12-12T08:25:00.461-08:00Survey of largest Internet companies, and bitcoin<h2>
Status report: Internet companies & bitcoin</h2>
Considering the recent news of <a href="http://blogs.microsoft.com/firehose/2014/12/11/now-you-can-exchange-bitcoins-to-buy-apps-games-and-more-for-windows-windows-phone-and-xbox/">Microsoft accepting bitcoin</a> as payment for some digital goods, it seemed worthwhile to make a quick status check. Wikipedia helpfully supplies a <a href="http://en.wikipedia.org/wiki/List_of_largest_Internet_companies">list of the largest Internet companies</a>. Let's take that list on a case-by-case basis.<br />
<br />
<b>Amazon</b>. As I <a href="http://garzikrants.blogspot.com/2014/04/on-amazon-and-bitcoin.html">blogged earlier</a>, it seemed likely Amazon will be a slower mover on bitcoin.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNFEcXpRBcp6sdqSpDmIC9IOMiTLTZlrQcRh3oh0-KW0iOdbQ_WDwPbDGM3yJi7jU5Xp7gp19qWU9TKLwRR4nJlsze99r82wfXz8tZ-toovnSm9wneereP6YNgX2QWLx8Cs0_otAFbTSXs/s1600/Brisbane_Skyscrapers.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNFEcXpRBcp6sdqSpDmIC9IOMiTLTZlrQcRh3oh0-KW0iOdbQ_WDwPbDGM3yJi7jU5Xp7gp19qWU9TKLwRR4nJlsze99r82wfXz8tZ-toovnSm9wneereP6YNgX2QWLx8Cs0_otAFbTSXs/s1600/Brisbane_Skyscrapers.jpg" height="209" width="320" /></a><b>Google</b>. Internally, there is factional interest. Some internal fans, some internal critics. Externally, very little. Eric Schmidt has <a href="http://newsbtc.com/2014/03/16/google-chairman-eric-schmidt-bitcoin-architecture-amazing-advancement/">said good things</a> about bitcoin. Core developer <a href="http://plan99.net/~mike/">Mike Hearn</a> worked on bitcoin projects with the approval of senior management.<br />
<br />
<b>eBay</b>. <a href="http://www.coindesk.com/ebay-ceo-actively-considering-bitcoin-integration/">Actively considering</a> bitcoin integration. Produced an <a href="http://deals.ebay.com/blog/whats-the-deal-with-bitcoins-anyway/">explainer video</a> on bitcoin.<br />
<br />
<b>Tencent</b>. Nothing known. Historical note: <a href="http://money.cnn.com/2013/11/18/investing/bitcoin-china/">Tencent, QQ, and bitcoin (CNN)</a> <br />
<br />
<b>Alibaba</b>. Seemingly hostile, based on government pressure. <a href="http://money.cnn.com/2014/01/09/news/bitcoin-alibaba/">"Alibaba bans Bitcoin"</a><br />
<br />
<b>Facebook</b>. Nothing known.<br />
<br />
<b>Rakuten</b>. US subsidiary <a href="http://www.coindesk.com/rakuten-us-subsidiary-bitcoin/">accepts bitcoin</a>.<br />
<br />
<b>Priceline</b>. Nothing known. Given that competitors Expedia and CheapAir accept bitcoin, it seems like momentum is building in that industry.<br />
<br />
<b>Baidu</b>. Presumed bitcoin-positive. <a href="http://www.bloomberg.com/news/2013-12-07/baidu-stops-accepting-bitcoins-after-china-ban.html">Briefly flirted</a> with bitcoin, before government stepped in.<br />
<br />
<b>Yahoo</b>. Nothing known at the corporate level. Their finance product <a href="http://www.coindesk.com/bitcoin-goes-mainstream-inclusion-yahoo-finance/">displays bitcoin prices</a>.<br />
<br />
<b>Salesforce</b>. Nothing known. Third parties such as <a href="http://www.altinvoice.com/">AltInvoice</a> provide bitcoin integration through plugins.<br />
<br />
<b>Yandex</b>. Presumed bitcoin-positive. They launched a <a href="http://www.coindesk.com/russias-biggest-search-engine-launches-bitcoin-conversion-tool/">bitcoin conversion tool</a> before their competitors. Some critics suggest Yandex Money competes with bitcoin.<br />
<br />
By my count, 6 out of 12 of the largest Internet companies have publicly indicated some level of involvement with bitcoin.<br />
<br />
Similar lists may be produced by looking at the <a href="http://en.wikipedia.org/wiki/List_of_the_largest_information_technology_companies">largest technology companies</a>, and excluding electronics manufacturers. Microsoft and IBM clearly top the list, both moving publicly into bitcoin and blockchain technology.<br />
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com1tag:blogger.com,1999:blog-4084045954004917632.post-4601936162613460072014-11-05T05:54:00.003-08:002014-11-05T06:39:02.481-08:00Prediction: GOP in 2014, Democrat WH in 2016Consider today's US mid-term election results neutrally:<br />
<br />
<ul>
<li>When one party controls both houses of Congress, that party will become giddy with power and over-reach.</li>
<li>When one party reaches minority status in both houses, that party resorts to tactics it previously condemned ("nuclear option").</li>
<li>It gets ugly when one party controls Congress, and another party controls the White House.</li>
</ul>
<br />
<div>
</div>
<br />
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiglsbpuQ0tqv7LGAaARUa935zLa3y6WmIIhdssjW_McnXuOfRysi9D7bnDZGKo-pOoNCeTx7WAWjqVMvUWEWVkydcDI934N2Stw08RLaabdWgm9TR9I0U_eAugdBVcfugn8LFVfRtRXnSQ/s1600/democrat-republican.jpeg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiglsbpuQ0tqv7LGAaARUa935zLa3y6WmIIhdssjW_McnXuOfRysi9D7bnDZGKo-pOoNCeTx7WAWjqVMvUWEWVkydcDI934N2Stw08RLaabdWgm9TR9I0U_eAugdBVcfugn8LFVfRtRXnSQ/s1600/democrat-republican.jpeg" height="132" width="200" /></a>The most recent example is Bush 43 + Democrats, but that is only the latest example.</div>
<div>
<br /></div>
<div>
Typical results from this sort of situation:</div>
<div>
<ul>
<li>An orgy of hearings.</li>
<li>A raft of long-delayed "red meat for the base" bills will be passed in short order.</li>
<li>Political theatre raised one level: Congress will pass bills it knows the President will veto (and knows cannot achieve a veto override).</li>
<li>A 2-house minority party becomes the obstructionist Party Of No.</li>
</ul>
<div>
A party flush with power simply cannot resist over-reach. Democrats and Republicans both have proven this true time and again.</div>
</div>
<div>
<br /></div>
<div>
As such, we must consider timing. GOP won the mid-terms, giving them two years to over-reach before the 2016 general election. Voters will be tired of the over-reach, and the pendulum will swing back.</div>
<div>
<br /></div>
<div>
Predicted result: Democrats take the White House in 2016.</div>
<div>
<br /></div>
<div>
If the 2014 mid-term elections had been the 2016 election, we would be looking at a full sweep, with GOP in House, Senate and White House.</div>
<div>
<br /></div>
<div>
Losing could be the best thing Democrats did for themselves in 2014.</div>
<div>
<br />
P.S. Secondary prediction: ACA will not be repealed. ACA repeal bill will be voted upon, but will not make it to the President's desk.<br />
<br />
<br /></div>
Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-52586961150798385432014-07-07T11:44:00.000-07:002014-07-07T13:25:39.564-07:00What should the news write about, today?I have always wanted to be journalist. As a youth, it seemed terribly entertaining, jet-setting around the world chasing stories by day. Living like Ernest Hemingway by night. Taking [some of the first in the world] web monkey jobs at Georgia Tech's <a href="http://nique.net/">Technique</a> and <a href="http://cnn.com/">CNN</a> gave me the opportunity to learn the news business from the inside.<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLRhrfnv9o4DZNilq2ZApHYXfAkoP-g8iRqbSakZ3Avs6T3QruwZuuXamigM8h37ErHpTgByGxN3fAO7Nfne-LCZMpPXpF9eZ3-Cb6b4TtH_PjrhcSDQhs0uzUJMfTgwYU6u5aIShGAHz8/s1600/Writer_John.JPG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLRhrfnv9o4DZNilq2ZApHYXfAkoP-g8iRqbSakZ3Avs6T3QruwZuuXamigM8h37ErHpTgByGxN3fAO7Nfne-LCZMpPXpF9eZ3-Cb6b4TtH_PjrhcSDQhs0uzUJMfTgwYU6u5aIShGAHz8/s1600/Writer_John.JPG" height="256" width="320" /></a><br />
Fundamentally, from an engineering perspective, the news <i>business</i> is out of sync with actual news events.<br />
<br />
News events happen in real time. There are bursts of information. Clusters of events happen within a short span of time. There is more news on some days, less news on others.<br />
<br />
The news business demands content, visits, links, shares, likes, follows, trends. Assembly line production demands regularized schedules; deadlines. Deadlines imply a story must be written, even if there is no story to write.<br />
<br />
Today's news business is incredibly cut throat. Old dinosaurs are thrashing about. Young upstarts are too. My two young children only know of newspapers from children's storybooks, and icons on their Android tablets. Classified ads, once a traditional revenue driver, have gone the way of the Internet. Many "newspapers" are largely point-and-click template affairs, with a little local reporting thrown in. Robots auto-post every press release. Content stealing abounds.<br />
<br />
All these inherent barriers exist for those brave few journalists left on the robot battlefield. As usual with any industry that is being automated, the key to staying ahead is doing things that humans are good at, but robots not: creativity, inventiveness, curiosity, detective work. Avoiding herds, cargo cults, bike shedding, conventional wisdom.<br />
<br />
In my ideal world, news sites would post more news, look and feel a bit different, on days and weeks where there is a lot of news. On slow news days, the site/app should feel like it's a slow news day.<br />
<br />
The "it bleeds, it leads" pattern is worn out, and must be thrown in the rubbish.<br />
<br />
Every day, every week, when a reporter is <a href="https://twitter.com/binarybits/status/486187309478326272">met with the challenge</a> of meeting a deadline to feed the content beast, the primary question should be: What recent trends/events impact the biggest percentage of your audience?<br />
<br />
Pick any "mainstream" news site. How many stories impact those beyond the immediate protagonists/antagonists/victims/authorities involved?<br />
<br />
The news business, by its very nature, obscures and disincentivizes reporting on deep, impactful, <i>and probably boring</i> trends shaping our lives. The biggest changes that happen to the human race are largely apparent in hindsight, looking back over the decades or hundreds or thousands of years.<br />
<br />
The good stories are always the hardest to find. Every "news maker" has the incentive to puff their accomplishments, and hide their failures. Scientists have the same incentives (sadly): Science needs negative feedback ("this theory/test failed!") yet there are few incentives to publish that. Reporters must seek and tell the untold story, not the story everyone already knows.<br />
<br />
Journalists of 20+ years ago were information gateways. Selecting which bit of information to publish, or not, was a key editorial power. Now, with the Internet, the practice is "publish all, sift later." Today's journalists must reinvent themselves as modern detectives, versus the information gateways and "filters" of past decades.<br />
<br />
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com1tag:blogger.com,1999:blog-4084045954004917632.post-9449569174805735722014-06-13T08:15:00.002-07:002014-06-16T11:34:38.866-07:00Bitcoin and 51% mining powerMeta: This doesn't cover all incentives. More a high level reminder for new folks.<br />
<br />
<a href="https://twitter.com/jgarzik/status/472819987615604736">Tweet</a>: #bitcoin mining market under-studied & interesting. Where else<br />
can 50% market leaders disappear, and market adjusts in real time?<br />
#Resilient<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZuxI7BJPXnHjPdQpnu2DWRd0VwBVvC1VNkpPN8VxbS9gXXyTpjl-z7esMpXL-8CiJAO5Wzmyxxcp2FIp1ySoSqqn-hJd0B4IR6UqTxaF13HP-CN3WXB03Jm_7f1WFNm9rzZrXTiSzX6_5/s1600/mining.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZuxI7BJPXnHjPdQpnu2DWRd0VwBVvC1VNkpPN8VxbS9gXXyTpjl-z7esMpXL-8CiJAO5Wzmyxxcp2FIp1ySoSqqn-hJd0B4IR6UqTxaF13HP-CN3WXB03Jm_7f1WFNm9rzZrXTiSzX6_5/s1600/mining.jpg" height="191" width="200" /></a></div>
<br />
Explanation:<br />
<br />
Bitcoin mining pools are entities that serve to aggregate the security services provided by bitcoin mining hardware owned by individuals all over the world. These mining pools execute bitcoin monetary policy -- they are the key network entities that select transactions to be included in The Official Timeline of Bitcoin Transactions (the blockchain).<br />
<br />
The companies and individuals that own bitcoin mining hardware form a second tier in the market. These miners choose an aggregator (mining pool) to which they provide computing services, in exchange for bitcoin payments.<br />
<br />
The unique and interesting bit is that these second tiers miners all employ software that auto-switches between mining pools based on a variety of economic factors: pool monetary policy choices, profitability and fee structure of the pool, technical availability of the pool, collective strength of the pool (size of the aggregation) versus other pools, etc.<br />
<br />
Thus, a large and popular mining pool, dominating the market with >50% marketshare, may disappear in an instant. Or another pool may be more profitable. Second tier miners all employ software that switches between first tier aggregators in real time. Low economic friction vis a vis market entry implies that market leadership follows three trends:<br />
<ol>
<li>Network effects generate large marketshares rapidly.</li>
<li>
Low economic friction (low cost of entry) implies market leadership changes frequently. Every 12 months or so.</li>
<li>The market is resilient against failure of market leaders, even those with > 50% marketshare.</li>
</ol>
It is natural and expected that miners will see a pool grow large, and switch away to other pools. ETA: Standard recommendation, <b>use P2Pool</b>.<br />
<br />
Finally, remember that mining pools and miners are paid with tokens within the system -- bitcoins. It is always in a miner's interest that bitcoins maintain their value. Any behavior that harms the network as a whole will directly impact a large miner's income stream. The larger the miner, the larger the impact.<br />
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-40847685668449976992014-06-05T08:40:00.002-07:002014-06-05T09:28:26.412-07:00Why I will not be joining the NSA protest<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibxAEPYB3xA7yM8bdnrca0TWVMYVEjBukh1r7bGoaLNTuIALV3kb7vfDbPLnnEbvFT3Owh7B5UFPdB54pB41bbNzoOEJpT5VypHacVMVStJappLFs-rCrgoEPZbYWqaBgFBzi6qP3QN70U/s1600/button-nsa.jpeg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibxAEPYB3xA7yM8bdnrca0TWVMYVEjBukh1r7bGoaLNTuIALV3kb7vfDbPLnnEbvFT3Owh7B5UFPdB54pB41bbNzoOEJpT5VypHacVMVStJappLFs-rCrgoEPZbYWqaBgFBzi6qP3QN70U/s1600/button-nsa.jpeg" height="180" width="320" /></a>(copied from a <a href="https://twitter.com/jgarzik/status/474032877366439936">twitter rant</a>)<br />
<div style="text-align: left;">
<br />
Some random points about the NSA and global surveillance:<br />
<br />
Today, in 2014, paying low volume retail prices, it costs a DIY stalker $400/month to <a href="http://garzikrants.blogspot.com/2014/04/cost-of-diy-nsa.html">track every human going through a single street corner</a>. For a large government at mass scale, their costs will be 1/100th or 1/1000th of that, or lower. The costs of tracking <i>everyone on the planet</i> is falling through the floor.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Don't blame the NSA for being the first to buy a hammer off a store shelf.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Most network engineers presumed the Internet has been tapped for all its life. The Internet was not built to be secure. The original Internet protocols all sent passwords and other sensitive data over the network in <a href="http://en.wikipedia.org/wiki/Plaintext">plaintext</a>. To this day, the most popular email protocol sends email across the Internet in plaintext, ensuring at least 10 entities (routers) have a copy of your email. It was trivial for any university student to snoop your email.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
The NSA's global surveillance is a commentary on the future of tech for everyone. What the NSA
has today, other countries have tomorrow, everyone has next year.<br />
<br />
Further, we are presented with the obvious paradox: Law enforcement (LEA) needs to follow criminals, whereever they go. National defense needs to follow attackers around the world. If you build a space away from LEA, criminals go there, and LEA is tasked to follow.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Nevertheless... Freedom of [physical] assocation, perhaps even freedom of thought is threatened by global surveillance. Today's global surveillance is a natural consequence of technology, not the fault of the NSA.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b>We now live in a world where all authors, thinkers, activists, politicians, judges, attorneys are automatically recorded.</b><br />
<br />
The movement and communications of all "wired" citizens on Earth are tracked. Relevant factor is how tech advances to permit NSA to "remember" ever higher percentage of daily data. Data firehose is staggeringly huge, even for NSA.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
No matter the layers of process protections and personal honor defending
such data, access to the movements and communications of <i>everyone</i> will be abused for political or petty reasons.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Consider <a href="http://en.wikipedia.org/wiki/National_Association_for_the_Advancement_of_Colored_People_v._Alabama">NAACP v. Alabama</a> in the context of a universally tracked digital world.</div>
<div style="text-align: left;">
<br />
Globally, we must have a conversation about practical freedom and privacy limits to be placed on data collected without our knowledge. This is much bigger than the NSA, and we should not get distracted from the bigger picture of global surveillance by breathing fire at the first organization that makes use of well known techniques and technologies.<br />
<br />
My personal recommendation are laws in every jurisdiction regarding privacy, data retention, forced data expiration (deletion), decreasing use of secret evidence, and eventual notification of investigation targets. We must avoid the "pre-crime" trap, where predictive models lock society into a straightjacket based on word or thought alone. Citizens must be able to spout off. Youth must be allowed to screw up and be forgiven by society, rather than curse a person with a minor youthful transgression for the rest of their lives.<br />
<br />
We must encourage the government to be transparent, while protecting the privacy of our citizens in a global, internetworked society. <br />
<br />
<br /></div>
Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com2tag:blogger.com,1999:blog-4084045954004917632.post-5270675715275788572014-05-14T10:15:00.002-07:002014-05-14T10:18:01.349-07:00Bitcoin and the kernel-in-a-kernel security sandbox problem<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx0WnO45QE3OQSDD0c3mrpCqFzhgHYMS7HLcjbDh4OiQQfHD-4C0RGTaGIqK7ngFNFScM7N8a3ol6j1a9LlQjSmeobUpn-zjzWR8yXoBaxl_9J6IrPJGqB8bRFOhyWkcExfbEYnJP8UD_d/s1600/Sandbox.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx0WnO45QE3OQSDD0c3mrpCqFzhgHYMS7HLcjbDh4OiQQfHD-4C0RGTaGIqK7ngFNFScM7N8a3ol6j1a9LlQjSmeobUpn-zjzWR8yXoBaxl_9J6IrPJGqB8bRFOhyWkcExfbEYnJP8UD_d/s1600/Sandbox.jpg" height="163" width="200" /></a><span data-ft="{"tn":"K"}" data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body"><span class="UFICommentBody" data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0"><span data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$0:0">When considering sandboxes and security jails, the
problem space is interesting. There is an increasingly common pattern. I call it
"kernel-in-a-kernel." The problem is not really sandboxing untrusted code, but
more fundamentally, <b>sandboxing untrusted behavior</b>.</span><br data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$1:0" /><br data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$3:0" /><span data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$4:0">Bitcoin
sees this acutely: bitcoind manages the bitcoin P2P network. P2P
network is flood-fill a la Usenet, and anyone may connect to any node.
Built-in DoS protections are a must, but these are inevitably hueristics
which duct-tape one problem area, while leaving another open to
algorithmic attacks ("this P2P command runs an expensive query, that impacts other connected nodes").</span><br data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$5:0" /><br data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$7:0" /><span data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$8:0">One
comprehensive solution is accounting. Account for the various
resources being used by each connected party (CPU, RAM, disk b/w, ...)
and verify that some connections do not starve other connections of
resources. This solution is a sandbox that essentially becomes a kernel
unto itself, as the solution is not merely <i>preventing</i> sandbox
jailbreaks but at a higher level <i>limiting algorithmic jailbreaks</i>.</span><br data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$9:0" /><br data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$11:0" /><span data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$12:0">Think
about the high level economics of any computing situation. You have
limited resources, and various actors have valid and malicious needs of
those resources. What is the best practical model for balancing a set of limited resources, given potential malicious or buggy/haywire users of these resources?</span></span></span><br />
<span data-ft="{"tn":"K"}" data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body"><span class="UFICommentBody" data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0"><span data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$12:0"><br /></span></span></span>
<span data-ft="{"tn":"K"}" data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body"><span class="UFICommentBody" data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0"><span data-reactid=".d.1:3:1:$comment10203170921665825_10203170992307591:0.0.$right.0.$left.0.0.0:$comment-body.0.$end:0:$12:0"><br /></span></span></span>Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-39924310012993273432014-04-17T06:41:00.001-07:002014-06-05T08:46:22.412-07:00Cost of a DIY NSA?A core thesis of mine these days is that citizens worried about NSA surveillance are only seeing the tip of the iceberg. Computers get cheaper <i>and</i> faster every year. This puts surveillance technology within reach of just about anyone.<br />
<br />
Let's build our own surveillance network on a street corner, with some spy cameras, and consider how much it costs.<br />
<br />
Data point #1: Bandwidth and storage costs for a <a href="http://www.axis.com/products/video/about_networkvideo/bandwidth.htm">24 hour video feed</a>. We'll imagine that one camera produces 1GB/day.<br />
<br />
Data point #2: Spy cameras <a href="http://www.amazon.com/Hidden-Camera-720x480-Detector-Recorder/dp/B00CGTN2N0/ref=sr_1_4?s=electronics&ie=UTF8&qid=1397740396&sr=1-4&keywords=spy+camera">such as this one</a>. To ensure good coverage of our street corner from multiple angles, we will place 6 spy cameras at $9.00/each.<br />
<br />
Data point #3: Amazon <a href="http://aws.amazon.com/s3/pricing/">cloud storage</a>. Inbound bandwidth is free. We are uploading 6GB/day. Because we are super-smart and know the NSA's secret <a href="http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html">time travelling</a> techniques, we will store 60 days worth of video. That caps our data storage at 360 GB. Cost: $10.80/month.<br />
<br />
Data point #4: Open source <a href="http://openbiometrics.org/">biometrics software</a>. This is free.<br />
<br />
Data point #5: Amazon <a href="https://aws.amazon.com/ec2/pricing/">cloud processing</a>. Being conservative and over-estimating, we will have a 3-computer cloud processing our video data for biometrics, running 24/7. Cost @ m3.large: $302.00/month.<br />
<br />
Data point #6: Derived data. The data so far is just raw video. We want to build a database of persons, cars, etc. over time. We'll assume a 3x expansion of data storage due to this. That increases our data storage cost to $43.20/month. This is a conservative over-estimation, as derived data will likely be exponentially <i>smaller</i> than raw video.<br />
<br />
Data point #7: Site controller, to which all the spy cameras connect. Just need a laptop and an Internet connection. Cost: $300.00 one time for laptop, $60.00/month for Internet.<br />
<br />
Total non-labor costs for our street corner DIY NSA project:<br />
<ul>
<li>$354.00 initial</li>
<li>$405.20/month</li>
</ul>
For this cost, you may obtain a wealth of biometric data: faces, license plates, associations between people, other biometric markers such as voice or gait, product usage. Anything that may be gleaned from audio or video by <b>simple, legal, public observation over time</b> may be data mined for biometrics and personal data.<br />
<br />
Folks engaged in the NSA debate often do not realize how inexpensive and accessible is this technology to local law enforcement, private corporations, and criminals.<br />
<br />
Cheap cloud storage and data mining has implications for freedom of association and freedom of thought. The NSA via Snowden has made this issue starkly clearly... but the media and public miss the larger point that technology itself, not NSA abuses, are leading us to global surveillance state where we will be watched by any number of public and private parties without our knowledge or consent.<br />
<br />
Note: <b>This post intentionally over-estimates costs by taking retail prices, not at scale, and assuming naive software implementations.</b> A local law enforcement agency or Google-level corporation could easily reduce these costs by large factors (100-1000x).<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com1tag:blogger.com,1999:blog-4084045954004917632.post-64255947363673952572014-04-14T14:30:00.000-07:002014-04-15T08:16:04.589-07:00On Amazon, bitcoin and Stan LeeAfter experimenting with bitcoin in July 2010 ("<a href="http://news.slashdot.org/story/10/07/11/1747245/bitcoin-releases-version-03">the great slashdotting</a>") and finding it to be a sound design, my thoughts ran in a predictable direction: what are the implications of a global digital currency? What are the engineering practicalities required to bootstrap a brand new digital economy from zero?<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBilNpYPxUSqIw6COC6qH7zo8xWJ3KMulyzmeeKLtlV-zmJxAmcUJ3piyD7TzfD04TyqPskjINoylFGvgR0qbobpOiJ2P0m1L3CEkOihuTiNrgtIk7WJSXiYzuQOtAcTFEl4qoGZRUz_ZY/s1600/Aerial_view_of_the_Amazon_Rainforest.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="the Amazon, though not the one we're talking about in the article" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBilNpYPxUSqIw6COC6qH7zo8xWJ3KMulyzmeeKLtlV-zmJxAmcUJ3piyD7TzfD04TyqPskjINoylFGvgR0qbobpOiJ2P0m1L3CEkOihuTiNrgtIk7WJSXiYzuQOtAcTFEl4qoGZRUz_ZY/s1600/Aerial_view_of_the_Amazon_Rainforest.jpg" height="122" title="the Amazon, though not the one we're talking about in the article" width="200" /></a>If you imagine a new currency being rolled out worldwide, the idea of how Amazon.com might implement the currency inevitably comes up. Amazon's business has several major components that deal with payments of various types. It is relevant to Amazon and bitcoin that we consider all of these payment types, not just the well known storefront payment flow.<br />
<ul>
<li><a href="https://amazon.com/">Amazon.com</a> storefront. Buy a book, pay with credit card, etc.</li>
<li><a href="https://payments.amazon.com/">Amazon Payments</a>. A bit of a Paypal clone, though they don't market it that way. Can have a positive balance, send P2P payments in-system.</li>
<li>Handling fulfillment and payout to merchants who sell goods through their systems.</li>
<li>Amazon AWS <a href="http://aws.amazon.com/fps/?nc1=h_l2_as">Flexible Payments Service</a></li>
<li>Amazon AWS <a href="http://aws.amazon.com/devpay/">DevPay</a></li>
<li>In the time it took for you to read this, Amazon has probably created another cloud payment service. </li>
</ul>
While performing research related bitcoin, I examined the money transmittal space to learn which corporations maintained money transmittal licenses nationwide. According to my research circa 2010, <b>Amazon is one of the few Fortune 500 companies with money transmitter licensing in all US states</b>. Adopting bitcoin, at a minimum, probably requires Amazon to re-evaluate compliance at a time when they are also trying to lobby US states on sales tax issues.<br />
<br />
The network effect (Amazon's size) must also be considered. Amazon.com today is basically "the Internet store." No need to qualify further. With upcoming local delivery efforts, that effect is even more pronounced.<br />
<br />
Like Google or Wal-Mart, every move by a company of this size has enormous consequences, intended and unintended. Amazon adopting bitcoin today would have a disruptive effect on bitcoin, credit card systems, and banks worldwide. At scale, one hopes Amazon acknowledges that great power and aims to wield it responsibly. It is a fair and rational position for a company of that size to sit back and let the market sort out which crypto-currency to adopt.<br />
<br />
On the technical side of the equation, a new payment system at Amazon.com is likely a major undertaking. Amazon's software is entirely homegrown, and quite complex. So complex that their store evolved into a web services business (<a href="http://aws.amazon.com/">AWS</a>). Having been recruited by Amazon myself, and having friends who work at Amazon as engineers, I know that Amazon stays at the bleeding edge of computing technology. Integrating bitcoin -- or any digital cash -- probably requires extensive software updates throughout the system. Digital cash, after all, does not behave like a credit card or debit card. Those behavior differences can ripple through highly custom software, increasing engineering costs.<br />
<br />
As a bitcoin supporter, I certainly feel the aforementioned disruptive effect is a positive one for the world. But there are many reasons why Amazon in particular would be conservative about adopting an experimental new digital cash. Given the above factors, my prediction -- dating back to 2010 -- was always that Amazon would sit back and let others decide the bitcoin-or-not question.<br />
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-18258823003942000452014-03-23T12:37:00.001-07:002014-03-23T17:57:29.327-07:00Arthur C. Clarke on economic meltdowns and network congestionHere is a fun passage from Arthur C. Clarke's <a href="http://en.wikipedia.org/wiki/Rama_II_%28novel%29">Rama II</a> fictional novel, published in 1989. It presents an arguably realistic crash scenario for our [real world] financial systems. Food for thought in the bitcoin economy or fiat economy both. We are incredibly dependent on computer financial databases.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjVsBlgpAW2Fv8dxLw84crwqYOnTO-MyGd1Ej4ldkI-dy5BHXkcaOwUeHqCzLn7lSb3WxmatTCQ3becs7zyWa42l26AGZdRYNMaG8KqHPtZ5zpWSloqIOmjbNp_gWBvTDw8lcQS9se1r61/s1600/market-crash-300x228.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjVsBlgpAW2Fv8dxLw84crwqYOnTO-MyGd1Ej4ldkI-dy5BHXkcaOwUeHqCzLn7lSb3WxmatTCQ3becs7zyWa42l26AGZdRYNMaG8KqHPtZ5zpWSloqIOmjbNp_gWBvTDw8lcQS9se1r61/s1600/market-crash-300x228.jpg" /></a></div>
<br />
<i>In contrast, terrestrial affairs were dominated by the emerging world economic crisis. On May 1, 2134, three of the largest international banks announced that they were insolvent because of bad loans. Within two days a panic had spread around the world. The more than one billion home terminals with access to the global financial markets were used to dump individual portfolios of stocks and bonds. The communications load on the Global Network System (GNS) was immense. The data transfer machines were stretched far beyond their capabilities and design specifications. Data gridlock delayed transactions for minutes, then hours, contributing additional momentum to the panic.<br /> </i><br />
<i>By the end of a week two things were apparent—that over half of the world's stock value had been obliterated and that many individuals, large and small investors alike, who had used their credit options to the maximum, were now virtually penniless. The supporting data bases that kept track of personal bank accounts and automatically transferred money to cover margin calls were flashing disaster messages in almost 20 percent of the houses in the world.<br /> </i><br />
<i>In truth, however, the situation was much much worse. Only a small percentage of the transactions were actually clearing through all the supporting computers because the data rates in all directions were far beyond anything that had ever been anticipated. In computer language, the entire global financial system went into the "cycle slip" mode. Billions and billions of information transfers at lower priorities were postponed by the network of computers while the higher priority tasks were being serviced first.<br /> </i><br />
<i>The net result of these data delays was that in most cases individual electronic bank accounts were not properly debited, for hours or even days, to account for the mounting stock market losses, Once the individual investors realized what was occurring, they rushed to spend whatever was still showing in their balances before the computers completed all the transactions. By the time governments and financial institutions understood fully what was going on and acted to stop all this frenetic activity, it was too late. The confused system had crashed completely. To reconstruct what had happened required carefully dumping and interleaving the backup checkpoint files stored at a hundred or so remote centers around the world.<br /> </i><br />
<i>For over three weeks the electronic financial management system that governed all money transactions was inaccessible to everybody. Nobody knew how much money he had—or how much anyone else had. Since cash had long ago become obsolete, only eccentrics and collectors had enough bank notes to buy even a week's groceries. People began to barter for necessities. Pledges based on friendship and personal acquaintance enabled many people to survive temporarily. But the pain had only begun. Every time the international management organization that oversaw the global financial system would announce that they were going to try to come back on-line and would plead with people to stay off their terminals except for emergencies, their pleas would be ignored, processing requests would flood the system, and the computers would crash again.<br /> </i><br />
<i>It was only two more weeks before the scientists of the world agreed on an explanation for the additional brightness in the apparition of Halley's Comet. But it was over four months before people could count again on reliable data base information from the GNS. The cost to human society of the enduring chaos was incalculable. By the time normal electronic economic activity had been restored, the world was in a violent financial down-spin that would not bottom out until twelve years later. It would be well over fifty years before the Gross World Product would return to the heights reached before the Crash of 2134.</i>Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-14359796440357623922014-03-19T13:17:00.003-07:002014-03-19T14:56:01.157-07:00Bitcoin Core v0.9.0 release overview<br />
The <a href="http://bitcoin.org/">Bitcoin open source project</a> has released a major new version, 0.9.0. This update brings the usual basket of fixes, performance improvements, security enhancements and new features. The Bitcoin Core Wallet (formerly Bitcoin-Qt) introduces a new direct-to-merchant payment method with the <a href="https://github.com/bitcoin/bips/blob/master/bip-0070.mediawiki">BIP 70</a> payment protocol and the workflow for receiving coins has been notably improved. Under the hood, several improvements should reduce P2P network spam, enhance privacy and security, and improve performance. For enterprise users, the wallet is made optional, introducing a blockchain-only "border router" mode.<br />
<br />
Initial support for the BIP 70 payment protocol was added to the Bitcoin Core Wallet. The payment protocol is an optional feature designed to upgrade the security and reliability of the customer-merchant payment process. For the case where a direct connection between the customer and merchant already exists, such as when customer is shopping on a merchant's website, the payment protocol may be used to send payments directly from the customer's bitcoin wallet to the merchant. This has several advantages: added security, speed, and the ability of a merchant to assist the customer in getting their transaction relayed and confirmed on the P2P network. Refund ability is also included. The goal is to make the payment process smooth and secure, and lessen dependence on everyday use of the now-familiar bitcoin addresses.<br />
<br />
A recent trend has been the use of Bitcoin Core Server (bitcoind) in a new role. Organizations with large bitcoin architectures will use bitcoind as a "border router" while developing their own custom wallet solutions. This role involves bitcoind running the P2P network and distributed consensus services, providing a high quality payment firewall, while the organization manages their own keys and transactions. The wallet, in this mode, may be disabled at compile time or runtime. Some sites have seen memory savings of 40-200MB when running in router mode.<br />
<br />
Many minor improvements have been made to payment network operation. Transaction relay rules have been tightened further, reducing several types of spam or malicious traffic, including the recent transaction malleability issues. The anti-spam minimum fees have been reduced, as they were set at a time when bitcoin's price was much lower. Historically, these fees are only reduced. Future "smart fee" work is intended to eliminate the hardcoded minimums completely. A dynamic system and open, free fee market are the desired long term goals. Unrelated to fees, a new "reject" P2P message should provide useful feedback to nodes submitting invalid transactions. Additional DoS and privacy protections were added.<br />
<br />
It should be noted that this fee reduction only applies to the suggested anti-spam minimums. The actual fee paid by users is determined by what miners are willing to include in a block. Reducing the anti-spam minimum fee should increase the chance of a transaction being relayed across the network to various miners. This does not imply a global network fee reduction. Transaction fees are and continue to be set by the mining market.<br />
<br />
Automated services and websites make use of Bitcoin Core Server's programmable RPC API. Many new, minor features were added to RPC to facilitate blockchain queries, validate blockchain data and bitcoin addresses, and other utility features that bitcoin websites find useful.<br />
<br />
New features for bitcoin developers include a new autotools-based build system, harmonizing bitcoin development with many other packages in the open source world. A regression test mode has been introduced to facilitate automated bitcoin testing. This "regtest" mode features near-zero block generation times, permitting a site to simulate thousands of test blockchain scenarios in a short amount of time.<br />
<br />
This update also includes platform-specific improvements. Windows client is now 64-bit, enabling better performance and stabilty. GCC's stack smashing feature is enabled on Windows, as it already was on other platforms. Apple OSX integration was improved. Finally, support for the older 10.5 OSX/32-bit platform was removed.<br />
<br />
Outside of new features, this update includes several fixes and tools designed to avoid problems with zero-confirmation malleable transactions. (Confirmed transactions are, by definition, not malleable)<br />
<br />
Read the full release notes at<br />
<a href="https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.9.0.md" target="_blank">https://github.com/bitcoin/<wbr></wbr>bitcoin/blob/master/doc/<wbr></wbr>release-notes/release-notes-0.<wbr></wbr>9.0.md</a>Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com5tag:blogger.com,1999:blog-4084045954004917632.post-67281018569628819432014-02-24T14:28:00.000-08:002017-01-20T15:31:10.543-08:00How to support bitcoin core developmentAfter <a href="http://www.coindesk.com/bitcoin-core-development-falling-behind-warns-mike-hearn/">this CoinDesk article</a>, various fora have asked how to support bitcoin core development. Here is a quick list, in order of <i>personal</i> preference. Speaking only for myself, not my employer or other devs.<br />
<br />
1. Grow the ecosystem. Grow your own in-house engineering expertise. Learn <a href="http://en.wikipedia.org/wiki/Open-source_software">open source engineering</a>. Learn the <a href="https://bitcoin.org/bitcoin.pdf">bitcoin design</a> (PDF), the <a href="https://en.bitcoin.it/wiki/Protocol_specification">bitcoin protocol</a>, then contribute back to the <a href="https://github.com/bitcoin/bitcoin/">reference implementation</a>. Ask questions. We love great questions from people trying to learn (though you are expected to be self-motivated enough to google for the answers yourself, first...)<br />
<br />
2. Help with testing. You don't have to be a programmer, just a capable computer user with attention to detail. We are constantly starved for real testing. If you can help write additional tests, even better.<br />
<br />
3. Commit the resources necessary to running a full node (bitcoind), 24/7, to help maintain the payment network. This requires sufficient disk space and bandwidth, as well as the critical need to poke a hole in the firewall, permitting incoming TCP connections to port 8333.<br />
<br />
Edit: OK, this doesn't have much to do with <i>development</i>. It does help the network, though. Also consider seeding the <a href="http://garzikrants.blogspot.com/2014/02/how-to-support-bitcoin-core-development.html">blockchain torrent</a>.<br />
<br />
4. <a href="https://bitcoinfoundation.org/donate">Donate</a> to the Bitcoin Foundation, which supports two core developers.<br />
<br />
5. (Shameless plug!) Buy things from <a href="https://bitpay.com/">BitPay</a> merchants. BitPay supports open source by employing me to work on bitcoin development.<br />
<br />
6. I'm not bitcoin-rich nor debt-free like many other early adopters, and have a donation address at 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj. But really, if you are a starving kid in Africa, don't send money, I do more than OK on a generous engineer's salary.<br />
<br />
We all benefit when the amount of deep bitcoin knowledge is widely distributed. It is always helpful to grow the number of technical people with deep bitcoin understanding.<br />
<br />
Even more fundamentally, however, it is critical to understand that bitcoin is an open source project, with all that entails.<br />
<br />
To be successful, to continue, folks who depend on bitcoin <i>must</i> contribute back. As Gavin Andresen <a href="http://www.coindesk.com/gavin-andresen-bitcoin-companies-support-open-source/">noted during the recent T.M. kerfluffle</a>,<br />
<br />
<blockquote class="tr_bq">
<pre>Do not treat the core development team as if we were a
commercial company that sold you a software library. That is not how open
source works; if you are making a profit using the software, you are
expected to help develop, debug, test, and review it.</pre>
</blockquote>
Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-14247377740751035172014-01-20T14:43:00.005-08:002014-01-20T20:36:11.311-08:00blackbox: Bitcoin-enabled, decentralized cloud<h3>
Rethinking data centers, one node at a time</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMhtz4kvcDorcW_eyXREf5UA2ao9Jvv-wD4vvcR2cyMFSpTq4jUPDlje018XlKYp2FQbTT1AYcnwfPYE0Vi230YDfw2-iuh5CwIFsOYc0ohmJ1EdRKlWnlSh7QVXWooxvqv4XxnUqsDOiK/s1600/The_black_box.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMhtz4kvcDorcW_eyXREf5UA2ao9Jvv-wD4vvcR2cyMFSpTq4jUPDlje018XlKYp2FQbTT1AYcnwfPYE0Vi230YDfw2-iuh5CwIFsOYc0ohmJ1EdRKlWnlSh7QVXWooxvqv4XxnUqsDOiK/s1600/The_black_box.jpg" height="251" width="320" /></a>Bittorrent and bitcoin have proven the power of peer-to-peer, decentralized networking. Amazon Web Services and Rackspace Cloud demonstrate the market desire for cloud storage and cloud processing. Why not combine these into a single package?<br />
<br />
The storage system <a href="https://tahoe-lafs.org/trac/tahoe-lafs">Tahoe LAFS</a> demonstrates how the data center may be inverted, making the end user the ultimate provider of data storage services. Continue this idea writ large, and apply it to cloud storage, cloud processing, and other cloud services.<br />
<br />
Now, boil cloud services down to their primary components, and consider a user interface that anyone, even largely computer illiterate, could manage.<br />
<br />
<h3>
blackbox: core components</h3>
Ultimately, computers provide resources. These resources may be enumerated, and resold on the free market. For cloud services, these resources are<br />
<ul>
<li>CPU cores</li>
<li>Temporary memory (RAM)</li>
<li>Persistent memory (SSD, hard drive)</li>
<li>Internet bandwidth</li>
</ul>
To make these resources usable, further meta-resources are required,<br />
<ul>
<li>Amount of resource available</li>
<li>Time window when resource is available</li>
<li>Bitcoin address for payments</li>
<li><a href="https://en.bitcoin.it/wiki/Identity_protocol_v1">SIN</a> or other decentralized identity</li>
</ul>
Given these few metrics, we can conceive of "blackbox" software that connects to <a href="http://www.youtube.com/watch?v=Pu4PAMFPo5Y">TradeNet</a>, offers the above resources on the free market, and receives payment when the resources are utilized.<br />
<br />
The user experience is as simple as it gets: Turn on your computer, run the blackbox, and get paid.<br />
<br />
<h3>
Automated service, cost routing</h3>
blackbox is not a new idea. These sorts of ideas are decades old. The new twist is adding an efficient digital currency (bitcoin) with online, automated, decentralized markets.<br />
<br />
Computing jobs, be it 24/7 real-time services ("run my website") or periodic batch processing ("balance today's accounting and sales records") will be layered on top of blackbox's low level cloud services in precisely the same manner as cloud services are used today.<br />
<br />
Based on your service needs, nodes will be selected based on cost, reliability, reputation, geolocation, speed, and many other factors. Requests for service will be matched with offers for service. Contracts will be agreed upon, perhaps lasting only 24 hours, or an hour, or 60 seconds. Payment terms may be guaranteed through <a href="http://bitcoin.stackexchange.com/questions/3718/what-are-multi-signature-transactions">multi-signature transactions</a>, with reputation, escrow and arbitration ensuring that all parties have incentives to deliver.<br />
<br />
<h3>
Keep us online and honest</h3>
The two primary weak points of a decentralized, generalized cloud network are resource accounting and network defense.<br />
<br />
Resource accounting includes issues such as ensuring that participants X, Y, and Z all deliver their contractually-promised resources, or are highlighted for lack of delivery. Service delivery fails for any number of reasons: malicious action, hardware or software failure, human error. Ultimately the reasons for service delivery failure are not important. Nodes will develop a reputation for good or bad service over time.<br />
<br />
Network defense will involve associating and disassociating with various parties based on their reputation. As in Tahoe-LAFS, most consumers of computing services will communicate with layers of software 1-2 layers removed from the low-level blackbox software itself. This offers privacy for the provider, as well as shielding blackbox users themselves from many attacks. Other defenses will depend more on the precise P2P technologies involved in TradeNet and blackbox.<br />
<br />
<h3>
Mesh network writ large</h3>
<a href="http://www.wired.com/opinion/2014/01/its-time-to-take-mesh-networks-seriously-and-not-just-for-the-reasons-you-think/">Mesh networks</a> provide an example of a large, useful service collectively built from tiny components. TradeNet takes the concept further, imagining a mesh of markets. blackbox is simply the next logical extension of thought: once easy, automated, anyone-can-join markets exist, it becomes easy to resell one's own computing resources using modern software that combines those computing resources into a greater collective whole.<br />
<br />
Once these P2P cloud services are available, developers will create more useful software layered on top: web hosting, email services, video processing, all the services one can perform in the cloud today. Presumably, with the free market at work, costs would be lowered for many, while utilizing computing power that would otherwise be sitting around idle.<br />
<br />
With blackbox, a user enters their bitcoin address, and tells the software to make use of the computer, when the owner is away. Computers inside data centers will run blackbox 24/7.<br />
<br />
<br />
<h3>
blackbox 2.0</h3>
All of the above may be implemented, in theory, given today's technology. Improving the system further involves additional data, permitting additional price discovery.<br />
<br />
Recent hardware trends have included a focus on efficiency and power usage, a welcome change from decades of counting CPU cycles/second. blackbox 2.0 would examine local electricity prices, and determine if contributing a resource is economically viable, considering the power usage involved.<br />
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com6tag:blogger.com,1999:blog-4084045954004917632.post-36595034863202206292013-11-24T17:30:00.001-08:002013-11-24T17:31:27.701-08:00Our future: Population control through data miningOur collective future will be dictated by statistics, cheap cloud
storage and data mining, not politicians. NSA's PRISM is a symptom, a
natural result of current tech. In 10 years, your average tech startup
will have access to as much generalized CPU and storage as 2013-era NSA.
Anyone with Google Glass, not just the NSA, will use facial
recognition, gait recognition and other biometrics and identify every
person they see on the street, every car they see driving down the road,
in real time.Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com3tag:blogger.com,1999:blog-4084045954004917632.post-51976412777095480302013-11-21T12:52:00.001-08:002013-11-21T14:08:21.676-08:00"Solution" to bitcoin volatilityThe Washington Post's wonk blog posted this interesting bit by Neil Irwin: <a href="http://www.washingtonpost.com/blogs/wonkblog/wp/2013/11/19/bitcoin-needs-a-central-banker/">Bitcoin Needs A Central Banker</a>. The article is tongue-in-cheek. It immediately drew sarcastic retorts from a few in the libertarian-leaning bitcoin community.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_FLVpUeIWyTHELCawYvzGPji9nkzx-vymJ-mMNFBYSIjOaiKsJ3jLvoZUU3nkcfpiakbMHqBq2GjEQbed0-aQZ-9xnC6Wl04q-i9QJ9hEkyxaCLbvr4BoJsdpvOZRPBXShAG5oLlbXcA_/s1600/bitcoin-chart-dollars.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="144" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_FLVpUeIWyTHELCawYvzGPji9nkzx-vymJ-mMNFBYSIjOaiKsJ3jLvoZUU3nkcfpiakbMHqBq2GjEQbed0-aQZ-9xnC6Wl04q-i9QJ9hEkyxaCLbvr4BoJsdpvOZRPBXShAG5oLlbXcA_/s200/bitcoin-chart-dollars.jpg" width="200" /></a>However, it is fair to address the topic of volatility. Several US Senators remarked upon it indirectly in the hearings (<a href="http://bitcoinmagazine.com/8249/us-senate-meets-bitcoin-day-1/">Day 1</a>, <a href="http://bitcoinmagazine.com/8264/us-senate-meets-bitcoin-day-2/">Day 2</a>). New bitcoin users often raise the issue as well.<br />
<br />
There are some simple, high level, underlying economic and development <br />
realities that influence bitcoin's price volatility.<br />
<br />
<b>Supply and demand.</b> This is obvious. Let's move on. <br />
<br />
<b>Bitcoin is small.</b> Although the market cap exceeds $6 billion -- over 12 million bitcoins at price $500 -- the amount of bitcoins available for trading on markets is a fraction of that. A large purchase might run up the price; a large sale will drop the price. Bitcoin behaves like a <a href="http://en.wikipedia.org/wiki/Penny_stock">penny stock</a>. Penny stocks are also volatile, for the same reason. Volatility is inherent in any system where traders may make million-dollar trades, yet the underlying commodity or stock's <a href="http://en.wikipedia.org/wiki/Market_liquidity">market liquidity</a> is small in comparison.<br />
<br />
<b>Bitcoin is young</b>. It took a decade or more to convert Eurozone nations to a common currency, including everything from banking software to cash registers to the cash in citizens' wallets. That was with the force of nation-state laws, and the economic weight of trillions of euros, behind the effort.<br />
<br />
Bitcoin had none of these advantages in its infancy stage. It is truly a grassroots effort, with enthusiasts and early stage companies filling this role. Building a currency involves many layers of financial tools and services, on top of the currency. It is important to set bitcoin expectations properly. Building a currency from scratch like this is a unique endeavor.<br />
<br />
It will take many months before common financial tools such as <a href="http://en.wikipedia.org/wiki/Futures_contract">futures</a>, <a href="http://en.wikipedia.org/wiki/Option_(finance)">options</a>, <a href="http://en.wikipedia.org/wiki/Shorting">shorting</a> become widely available. These tools will decrease bitcoin volatility, by adding information to the market. It will take months for <a href="http://en.wikipedia.org/wiki/Point_of_sale">Point of Sale</a> software to be updated to support bitcoin, and deployed into the field. Needed PoS development holds back wide scale deployment in brick-and-mortar stores around the world. Smartphone apps only fill a small portion of the PoS needs.<br />
<br />
Folks are working as fast as they can to develop these tools. This requires both technical and legal developments, to deploy legally in the US and other jurisdictions. It takes many years to build a currency from scratch like this.<br />
<br />
<b>Setting the goalposts.</b> In the meantime, perspective and proper expectations are important. What is a reasonable timeframe to bootstrap a global currency from scratch? No one knows, and perhaps we are now watching the answer unfold before our eyes, as bitcoin grows.<br />
<br />
Like a startup company, bitcoin is a startup currency. Bitcoin is high risk, volatile, and may fail. Or like many famous startups, bitcoin may succeed beyond our wildest dreams. Bitcoin's price behaves like a very early stage tech company. In my view, predictions of success <i>or</i> failure are premature, at such an early stage.<br />
<br />
<b>Question answered.</b> What, then, is the "solution" to volatility? Economic growth of the global bitcoin economy, and time. Bitcoin is simply the base layer in an entire ecosystem of services. Bitcoin itself, as wonderful an invention it may be, is not an end, but a beginning. As adoption increases, the number of market players financially able to move the market decreases.<br />
<br />
Once additional financial tools and services are layered on top of bitcoin, once bitcoin grows beyond its tiny size today, reduced volatility is quite likely, indeed. Bitcoin is an odd mix of currency, commodity, payment network and computer service. Time and field experience best inform the development of financial stability tools.<br />
<br />
<b>Updated to add:</b> Volatility is also just another engineering problem to be solved. Volatility can be ignored by the merchant, if you price in USD and use a service like <a href="https://www.bitpay.com/">BitPay</a>. Volatility is less a factor if you transfer USD -> bitcoin -> bitcoin -> EUR in a matter of seconds, as a means of rapid cross-border settlement.Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-28193375452268724892013-09-05T14:43:00.003-07:002013-09-06T13:51:17.697-07:00Speculation: Are bitcoin thieves revealing NSA back doors?<br />
Bitcoin is rather unique in that everyone in the world has a direct financial incentive for finding weak ECDSA private keys. Compromise a key, and you may steal those bitcoins.<br />
<br />
Now, recall a recent security incident: "<a href="http://www.theguardian.com/technology/2013/aug/15/google-android-bitcoin-securerandom-vulnerability">Concern mounts as Google confirms Android cryptographic vulnerability"</a><br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqcBA-qLpgtBXCONOf21rEm-s6IQ1pI_XmVdV-A6eg4zdLeewBUaxLYxMH2BhTLnmB3uec8iwsahf1VO2I8NB3DCduiSHQCj0ghJXDyQtz8aPpnzCo5pUdbaJt2rT3qaGvms54FkYJlqoq/s1600/file0001063721217.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqcBA-qLpgtBXCONOf21rEm-s6IQ1pI_XmVdV-A6eg4zdLeewBUaxLYxMH2BhTLnmB3uec8iwsahf1VO2I8NB3DCduiSHQCj0ghJXDyQtz8aPpnzCo5pUdbaJt2rT3qaGvms54FkYJlqoq/s320/file0001063721217.jpg" width="320" /></a>While there is <b>zero evidence</b> to support the following speculation, let us reconsider this Android SecureRandom bug in light of today's <a href="http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html">revelations about NSA decryption on the Internet (bullrun)</a>.<br />
<br />
Is it possible that SecureRandom() was known to be weak by the NSA, and that bitcoin thieves simply stumbled upon the security hole first?<br />
<br />
Even entirely innocent engineering bugs are likely to be discovered by anyone with the time to iterate across all known weaknesses and platforms. Random number generators are a known vector for weaknesses in the past, after all. <br />
<br />
By extension, will bitcoin -- and the financial incentive to break bitcoin crypto -- reveal other NSA backdoors in <a href="http://en.wikipedia.org/wiki/Elliptic_Curve_DSA">ECDSA</a>, <a href="http://en.wikipedia.org/wiki/SHA-2">SHA256</a>, <a href="http://en.wikipedia.org/wiki/RIPEMD">RIPEMD160</a>, and other algorithms and libraries used by bitcoin?<br />
<br />
Thieves are likely to exploit any flaws immediately, and move stolen loot to another private key. The NSA, on the other hand, is likely to avoid exploiting any weaknesses until key moments.<br />
<br />
Thus, ironically, thieves are playing a role in securing bitcoin and associated algorithms from NSA, Chinese, Russian or mafia tampering.<br />
<br />
Was the SecureRandom() bug a now-revealed NSA backdoor? It can never be known. But you can thank bitcoin for exposing the problem and leading to immediate fixes, and drawing attention to weak RNG issues.<br />
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com2tag:blogger.com,1999:blog-4084045954004917632.post-5386128889620709212013-08-30T05:02:00.001-07:002013-08-30T06:12:16.312-07:00On stolen coins and transaction blacklistsThis blog post was originally email, written in response to a reporter's questions, such as: Why can we not recover or blacklist stolen coins?<br />
<br />
As usual, the answer is not "we can" or "we cannot" but very complex, and outside the realm of engineers in my opinion. Theft of private property, and money in particular, is of course wrong and illegal in most jurisdictions.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDubDlqw7ztJ1QwTc961X4kUCjJuy9RZ_2VTMJbwcfI9SkYYamvfVpHXl_pc8GXPwTQsIWYxRh5nrBTMJRD7tTHPMVyOOJBCnOko411U7KNmnBDFJfw9VsdZtN_dXoR0pLFADOrFKK-ZEy/s1600/file000451376418.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDubDlqw7ztJ1QwTc961X4kUCjJuy9RZ_2VTMJbwcfI9SkYYamvfVpHXl_pc8GXPwTQsIWYxRh5nrBTMJRD7tTHPMVyOOJBCnOko411U7KNmnBDFJfw9VsdZtN_dXoR0pLFADOrFKK-ZEy/s320/file000451376418.jpg" width="320" /></a>First, bitcoin is a global phenomenon. It is impossible to get 100% agreement on what coins are even considered stolen.<br />
<br />
Second, Stolen coins are fundamentally a legal, not technical concept. That complicates the matter immensely. Anyone may track any bitcoin transaction via the public blockchain, but the easy part ends there.<br />
<br />
Some exchanges and payment processors already refuse to credit payments made with coins from some well known, large thefts. This is done on an individual, business-by-business basis.<br />
<br />
One key difficulty is defining a stolen coin. It is possible to claim that one's coins were stolen, yet possess the private key that spends those funds. Even if the victim is indeed an honest victim, the problem becomes one of reviewing and authenticating police reports from jurisdictions around the world, matching those up to bitcoin transactions, deciding on a technical disposition, executing that in software, and finally, gain the community's support to upgrade to your transaction blacklist.<br />
<br />
It is not the place of engineers to sort through police reports, and pronounce judgements on each transaction as "good" or "evil". The act of centrally administering a transaction blacklist is a job no one in the bitcoin community wants. A transaction blacklist is fundamentally human-driven financial censorship, a concept almost antithetical to bitcoin itself.<br />
<br />
Any one person or company administering a transaction blacklist exposes themselves to very real legal risks -- lawsuit if a blacklist mistake costs money -- as well as physical threats such as intimidation and blackmail.<br />
<br />
At its most basic level, the bitcoin protocol destroys each coin, when it is spent, and creates brand new coins for the recipient. Example: sending 1.0 BTC to me might involve destroying coin #1111 (0.5 BTC) and coin #1112 (0.5 BTC), and creating coin #6789 (1.0 BTC). Thus, beyond a single transaction, you cannot say that a coin is 100% stolen.<br />
<br />
From a technical standpoint, you can see that a coin is "related" to a stolen coin, but you cannot know how many innocent people lay in the chain after the theft. Thief Alice can give a coin to Bob, who doesn't know the coin is stolen. Bob sends the coin, along with some others, to Charlie. Charlie sends those coins, along with some others, to David. Bob, Charlie, and David are all unknowingly holding coins /related/ to a stolen coin, but from a technical standpoint, it is at that point impossible to say which coins should be blacklisted without making subjective, non-technical, human judgements. Businesses and exchanges receiving bitcoins are in the best position to know their customer, and make some sort of judgement about that.<br />
<br />
<br />
<br />
The outside observer looking for stolen coins does not see an Alice, Bob, Charlie or David or any other identity information. Observers only see coins #1110, #1111 and #1112 being destroyed, and coins #2222 and #3333 being created.<br />
<br />
On recovery:<br />
<br />
Stolen coins are, by definition, sent to another bitcoin address outside the victim's control. There are no private keys to recover. The victim's private keys are rendered useless, because the thief's private key controls the stolen coins.<br />
<br />
If a person simply loses their private keys, sometimes hard drive forensics may be able to recover the keys from a backup. Depends on what "lost" means. Keys are simply encrypted data, which may be recovered (or not) after a data disaster just like any other encrypted data.<br />
<br />
Finally, and very important to economists, is <a href="http://en.wikipedia.org/wiki/Fungibility" target="_blank">http://en.wikipedia.org/wiki/<wbr></wbr>Fungibility</a> It is important that the value of one bitcoin is the same as the value of another bitcoin. Otherwise it becomes impossible for software and average users to figure out which bitcoins they should hold, and which they should avoid.<br />
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com11tag:blogger.com,1999:blog-4084045954004917632.post-48689976739038027112013-08-20T11:38:00.001-07:002013-08-21T03:15:09.366-07:00Journalists Are The New TerroristsThe <a href="http://www.bbc.co.uk/news/uk-23769324">detention of David Miranda</a> is only the latest example of a new trend, where journalism is now terrorism, and journalists are pursued as such.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdNgi5r0NNrWErO_WLfbcPGfmCrYdKQ4KAYfx2kN3lFcb1peQLrMO5xT0xWTQrveqYqk5jfpadUAcooLQfYm1SQeTTeEpCzDC1yQ_6fFt0tXg8RfP1YMMqkSkIPJ8w3svmNgKTJT7DIAn9/s1600/ID-10022568.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdNgi5r0NNrWErO_WLfbcPGfmCrYdKQ4KAYfx2kN3lFcb1peQLrMO5xT0xWTQrveqYqk5jfpadUAcooLQfYm1SQeTTeEpCzDC1yQ_6fFt0tXg8RfP1YMMqkSkIPJ8w3svmNgKTJT7DIAn9/s320/ID-10022568.jpg" width="212" /></a>Digital technology and near-real-time global communication has reinforced the maxim <a href="http://en.wikipedia.org/wiki/Information_wants_to_be_free">Information Wants To Be Free</a>. For the cost of an Internet connection or cafe visit or $10 flash drive, one may leak an entire Library of Congress worth of digital material onto filesharing networks. Technology makes sharing so easy that keeping secrets becomes increasingly difficult -- for individuals, companies and governments alike.<br />
<br />
These mass-leaks are a brand new type of attack on the nation-state. Robbs' <a href="http://www.amazon.com/Brave-New-War-Terrorism-Globalization/dp/0470261951">Brave New War</a> describes asymmetric attacks such as these. Never before has a nation-state faced the possibility of losing so many secrets to so many adversaries in a single incident. The famous <a href="http://en.wikipedia.org/wiki/Pentagon_Papers">Pentagon Papers</a> leak is nothing compared to the scale of leaks that current digital technology enables.<br />
<br />
What, then, are a nation-state's responses likely to be?<br />
<br />
Realpolitik says that "terrorism" opens legal doors that are otherwise closed to law enforcement, making its invocation economically rational and, therefore, likely. Additional law enforcement tools including but not limited to extended detentions and searches are available, once "terrorism" has been invoked.<br />
<br />
Further, given that exposure of state secrets to the world may be seen by rational folks as an attack, a government response that engages the anti-terrorism apparatus is not unexpected.<br />
<br />
Traditionally, the leaker is considered the criminal, but the journalist receiving the leaked materials is in the clear, as if passed through a <a href="http://en.wikipedia.org/wiki/Chinese_wall">Chinese wall</a>. Some nations even have <a href="http://en.wikipedia.org/wiki/Shield_laws_in_the_United_States">shield laws</a>. That tradition is breaking down, as journalists are now as pursued as the leakers, with associated anti-terrorism forces.<br />
<br />
Leaks are always an incredibly difficult ethical boundary. Put simply, leaking has a very real chance of harming Good Guys, and enabling Bad Guys.<br />
<br />
Paradoxically, leaks also appear to be necessary to prevent <a href="http://en.wikipedia.org/wiki/Top_Secret_America">Top Secret America</a> from driving too much policy outside the view of the voting public.<br />
<br />
With the logic that leaks are attacks on the state, and therefore terrorism, any journalists associated with leaks are now terrorists. And who is to say that, next year, <a href="http://online.wsj.com/article_email/SB10001424052970204336104577094690893528130-lMyQjAxMTAxMDEwMjExNDIyWj.html">Chinese cyberwarfare</a> or <a href="http://en.wikipedia.org/wiki/United_States_Cyber_Command">US cyberwarfare</a> units will not consider journalists enemy combatants?<br />
<br />
If publishing information is terrorism, is it not also warfare?<br />
<br />
Update: The UK is defending the seizure by claiming Miranda was <a href="http://www.theguardian.com/world/2013/aug/20/david-miranda-sensitive-stolen-information">“in possession of highly sensitive stolen information that would help terrorism.”</a><br />
Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-50079956044068169242013-08-16T20:18:00.001-07:002013-08-16T22:14:38.317-07:00Original SINRecorded for posterity.<br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">jgarzik@pum:~/node_modules/libcoin$ node sin-test.js </span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">{ created: 1376709207,</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> priv: 'bc65f94b4142be3c6c0b02b33dab3775a829fc1f60e484e7d4ea64e2f421cdc4',</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> pub: '029381bcb36358e58842431981a01742d494970a245c8f5c77874bbbde8fb25a9b',</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> sin: 'je9eFspuTC29yhUqGqzEYwWmVTJRS9nWEkA' }</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">EDIT: or, perhaps, after some shed-painting,</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> { created: 1376715876,</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> priv: 'db25473a599ad99db89616da536be066ea58825a6cd9b17e90b70b824e0daea6',</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> pub: '0346891919f18000be1c9aae381b93870f7dcf807c4f581e2b64dcd547342f70b8',</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> sin: 'Tf86BqNWrnyn117U7N7Vc1sAUfKc2esd4z3' },</span><br />
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span></div>
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-43653362068115646632013-08-09T10:22:00.002-07:002017-02-20T08:31:51.313-08:00Bitcoin, free markets, and wanting your ASIC mining hardware now now now<br />
The <a href="http://www.reddit.com/r/Bitcoin/comments/1k067p/avalon_asic_update_892013/">reddit comments</a> discussing the <a href="http://www.avalon-asics.com/">Avalon</a> status update are particularly amusing, embodying signature American impatience: "I want something, I want it now, and I will rage at the injustice of instant gratification being delayed."<br />
<blockquote class="tr_bq">
<i>When it comes to Bitcoin mining, the whole idea of buying something
without having any real clue when you'll get it is absurd. It should be
like any other computer. Buy it, get it shipped to you within a week. No
more bullshit. </i></blockquote>
<br />
Producing a new computer chip requires engineers with highly specialized design skills, and enormous amounts of capital. $500,000 - $2,000,000 or more. Any mistakes in the chips cost similarly large sums of money to fix. Even with a 100% complete design, production may take months. This is simply not a <a href="http://en.wikipedia.org/wiki/Just_in_time_%28business%29">just-in-time</a> operation. Further, unexpected month-long delays are common. Any mistake or change adds weeks to the schedule.<br />
<br />
Thus, economics dictates certain realities. Namely, paying your engineers and paying for chip production. Possible funding sources:<br />
<ol>
<li>Angel investors (rich people write big checks)</li>
<li>IPO (ASICMINER)</li>
<li>Pre-orders (BFL, Avalon)</li>
<li>KickStarter (company can fail to produce, and nobody gets sued)</li>
<li>Bounty </li>
</ol>
Let's take them one at a time.<br />
<ol>
<li>In 2011-2012, no one stepped forward to write big checks.</li>
<li>ASICMINER IPO'd successfully, on an unregistered-securities exchange. Risky, but it worked.</li>
<li>Pre-orders, we will discuss separately, below.</li>
<li>KickStarter-like models do not appear to work well for >$1 million projects (statistical anomalies aside). KickStarter itself is anti-bitcoin.</li>
<li>Bounties never amount to anything more than pocket change, for real projects.</li>
</ol>
Essentially, there were two workable models that <b>the free market has shown will work</b> in 2011-2012: IPO on unregistered securities market, or pre-orders.<br />
<br />
An unregistered securities market clearly appeals to free market libertarians, as the creation of <a href="https://en.bitcoin.it/wiki/GLBSE">GLBSE</a> and other projects in the bitcoin community demonstrate. It is also a magnet for scams, as experience has shown (<a href="http://bitcoinmagazine.com/sec-files-charges-against-bitcoin-ponzi-mastermind-trendon-shavers/">Pirate</a>-related pass-through funds were listed on GLBSE). Thus, IPO is a risky endeavor, and in 2011-2012 was unlikely to be successful in producing mining chips.<br />
<br />
<a href="http://www.asicminer.co/about.html">ASICMINER</a>, through the regular exercise of [some levels of] transparency, prevailed in a difficult market. They raised capital, started operations, and have so far maintained sufficient levels of profitability to continue operations. ASICMINER survived the collapse of GLBSE, and continues to pay dividends to shareholders, despite the operator "friedcat" remaining anonymous.<br />
<br />
Pre-orders are the remaining funding model. This is another model that is fraught with scams. Indeed, there have been many copycats who set up a website, promise ASIC hardware, and attempt to collect money. How to separate these scams from the real operators? That question is the fundamental problem with pre-orders.<br />
<br />
Unfortunately, pre-orders are also the most straightforward way to fund an ASIC project, if you lack IPO or Angel money.<br />
<br />
For bitcoin, circa 2011-2012, pre-orders were the most realistic way that a computer chip was going to be produced. At the time, fewer knew about bitcoin, and it was unknown if bitcoin's price -- then under $5.00/bitcoin -- would support mining hardware. It was not obvious there would be a profit. <br />
<br />
<a href="http://www.butterflylabs.com/">Butterfly Labs</a> and <a href="http://www.avalon-asics.com/">Avalon</a> took that risk, and succeeded. Avalon was out the door first, while Butterfly Labs took over 12 months to begin shipping hardware in volume. Another effort, bASIC, failed, through the operator eventually refunded almost all the pre-order sales money.<br />
<br />
Today, mid-2013, bitcoin hardware has been proven to sell. BFL, Avalon and ASICMINER proved that hardware can be produced, that customer interest exists on the free market. Several other startups are entering the mining hardware business: CoinTerra, HashFast, Alydian, KNCminer to name a few. Existing players are shipping hardware, and working on next-generation designs.<br />
<br />
We all want instant gratification. And customers who pre-order mining hardware have a clear economic incentive to want the mining hardware in their hands ASAP -- every day lost costs money.<br />
<br />
But that must be balanced by setting realistic expectations on the mining hardware businesses. These are all tiny startups, with no existing chip production lines, creating brand new computer chips for an uncertain, volatile bitcoin market whose profitability in future months is unknown.<br />
<br />
"buy it, get it shipped within a week" is a realistic expectation for a decades-old computer market that mass-produces PCs. As the bitcoin mining hardware market matures, we will start to see this too. Many of the new mining hardware companies are learning from the BFL/Avalon experience, and competing with enhanced pricing and customer service models.<br />
<br />
The free market at work. The bitcoin mining hardware market is what it is, and could not have been accomplished any other way.<br />
<br />
Disclosures: Am a customer of almost all companies mentioned (I try to buy one of each). Missed out on the ASICMINER IPO, though, as GLBSE was not a platform I wanted to dabble with, for legal reasons. <br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com0tag:blogger.com,1999:blog-4084045954004917632.post-88457057214795832532013-06-22T15:08:00.000-07:002013-06-22T23:14:52.924-07:00Shadowrun and bitcoin's rootsSatoshi's <a href="http://bitcoin.org/bitcoin.pdf">bitcoin paper</a>, mailing list and forum discussions list bitcoin's ancestors as <a href="http://en.wikipedia.org/wiki/Ecash">ecash</a>, <a href="http://en.wikipedia.org/wiki/Hashcash">hashcash</a>, <a href="http://www.weidai.com/bmoney.txt">b-money</a> and the <a href="http://en.wikipedia.org/wiki/Cypherpunk">cypherpunk movement</a>. I'd argue that it has its roots in staple science fiction as well.<br />
<br />
Recently, strolling through my stacks of scifi books, some <a href="http://en.wikipedia.org/wiki/Shadowrun">Shadowrun</a> novels circa 1990 leapt out at me. Pulp science fiction of average quality, but some of the text particularly resonated with bitcoin today. Quoting liberally from <a href="http://www.amazon.com/Never-Deal-Dragon-Shadownrun-Vol/dp/0451450787">Never Deal With A Dragon</a>,<br />
<br />
p121, <i>Like many clubs, Rumplestiltskin's employed a Troll to handle the lines of hopefuls. ... They were still ten meters from the front of the line when Roe suddenly appeared. "This will never do," she said. Taking each one by the arm, she led them directly up to the doorman. She twirled a shiny credstick in her right hand. The four dark bands on the end of the cylinder marked it as certified for at least one hundred nuyen. She tossed it to the man. "My friends here are late for their table."</i><br />
<br />
<i> </i>p161, <i>She held out her personal comp to him. He smiled in assurance that he had regained the upper hand as he slotted his credstick and made the funds transfer. To demonstrate her trust, Hart ran a confrmation of the transfer as soon as he returned the comp.</i><br />
<i>"Your money's good."</i><br />
<i>"Good as gold, Ms. Hart."</i><br />
<i>"Better," she said hefting her comp before slipping it back into her bag. "Gold's too heavy."</i><br />
<br />
p235, <i>She stopped at a public telecom, slotted a credstick, and punched a number. She waited while the connections were made and a voice on the other end repeated the last four digits of the telecom code.</i><br />
<br />
p217,<i> These files must be heavily protected. The files turned out to be just that. It was hours before they determined that Drake had certified several credsticks through Transbank. It seemed hardly worth the effort and new headache to achieve such a dead end. A certified credstick was the electronic equivalent of cash. The money could still be traced once it reentered the financial network, but there would be no record of who had received the credstick.</i><br />
<i>"Twas a small hope that he would be so careless."</i><br />
<i>"Maybe if we can find some other transactions of the same monetary value as were assigned to Drake's certified sticks, we can pick up the trail by following it from whereever Transbank sends the funds. Sure, some of the matches will just be coincidence, but some might actually be the recipients of Drake's generosity. If we're lucky, some of the names attached to those transactions might mean something."</i><br />
<i>After two more days of data slogging, they had eliminated likely coincidences. That left three names. Each one connected to at least three transactions whose amounts equalled one of Drake's credsticks.</i><br />
<i>The first, Nadia Mirin, was no surprise. In her case, the amounts were the smallest, suitable as gifts to one's paramour. The second name was totally unfamiliar, but the pattern of intervening transactions was interesting. Each amount went through a series of transfers, all for the exact value of Drake's credstick. Each thread led to a sealed account in a Denver data haven.</i><br />
<br />
Bitcoin has successfully achieved that which was science fiction prior to 2009. The electronic equivalent of cash. The US Dollar may be the world's largest digital currency, but only bitcoin (and other crypto-currencies) may claim to be the electronic equivalent of cash.<br />
<br />
Now... where are those credsticks we were promised? <a href="https://play.google.com/store/apps/details?id=de.schildbach.wallet&hl=en">Bitcoin Wallet</a> on a smartphone? <a href="http://www.bitcointrezor.com/">Trezor</a>, perhaps?<br />
<br />
<br />
<br />Jeff Garzikhttp://www.blogger.com/profile/11664909333009539129noreply@blogger.com4