Bitcoin is raising some interesting questions about the value of currencies. We are intimately familiar with fiat currencies detached from precious metals. The Chinese started the first fiat currency in the 11th century and arguably the West first did it in 1971 when Nixon closed the gold window. (most reserve currencies were pegged with the dollar at the time) To me, gold value seems about as arbitrary as governmental law so the difference doesn't seem big but then again I've lived my entire life within a fiat currency world.

However, bitcoin is backed by the full faith and credit of the laws of mathematics so it is not a fiat currency. It is based in our collective agreement that there exists no reasonable back door to get around certain mathematic tests. We take that and the unfeasibility of a bad actor gaining a quorum on the peer to peer network and taking control of the currency. This could happen if a zero-day exploit was quietly introduced into the codebase that a significant number of peers runs allowing the network to sidestep the mathematical requirement.

Therefore, the value we assign to the currency is not only based in how the math works but our collective assumption that the software the majority of the bitcoin peers run has not been tainted in some way. To do that, I have to be reasonably confident that my Internet routing hasn't been altered, the DNS answer I got when downloading the software wasn't altered, the SSL certificate chain with all of it's assumptions is trustworthy and the initial peers I connect to when starting my client are legitimate. That is a long list of fairly improbable compromises, but with the bitcoin ecosystem passing one billion dollars, perhaps not totally implausible. After all, an attacker just has to compromise one of these elements. I'd suggest DNS might be the lowest hanging fruit here but I haven't fully investigated.

There is another attack vector that might allow quorum on the bitcoin network. Every time there is a significant breakthrough in computational capability, control is disproportionately in the hands of the few front-runners. This has happened a number of times in the currency's history. Initially, all computation was done on CPUs, but fairly quickly people started doing the computationally complex hashing on much faster GPUs on high-end video cards. At that jump, a relatively small number of peers controlled a disproportionate percentage of the computational capacity of the bitcoin network. More recently, FPGA mining again opened up another gap. I think there is still a little bit of a disparity here as FPGAs aren't nearly as popular as GPUs right now. (in fact, the number of CPU miners has only recently started to fall) It is happening again right now as ASIC mining becomes the norm. (see the ASIC products from Butterfly Labs and Avalon as examples) It will happen again, but in a much more massive way when quantum computing becomes practical.

This last case is where I see the biggest possibility for abuse of cryptographically secure systems such as bitcoin. (SSL, ssh, PGP and IPSec too!) Even though bitcoin scales up its difficulty factor to take on these advances in computation capability, the size of the change in the quantum computing jump will be so big that it will open up the largest opportunity ever for a rogue actor to gain quorum on the network. I don't know what the total value of the ecosystem will be at that point, but it is probably a safe bet that it will be significantly larger than it is today.

I can imagine nation states being big contenders here given the likely high initial cost of quantum computing. But large companies and independently wealthy actors might be quicker to pick up on the opportunity and commit to a project like this. Either way, it would be a troubling turn of events. The other vectors (DNS poisoning to run a dark net and zero-day code exploits) are more likely something the smaller actors would target.

So what do you think? Is there something else I'm not mentioning that might alter the trust perceived in the bitcoin network? What do you think is the most likely attack vector against bitcoin? And perhaps most importantly, do you trust bitcoin enough to keep a significant percentage of your wealth as bitcoin?

Comments

Last weekend's hack project showed up in a video on the main TED 2013 stage.



The task was to cause a phone call to hang up via a voice command so people who may be paralyzed and not have use of their hands would be able to hang up a call. While many solutions exist to dial, few seem to help with hanging a call up which can cause someone to get stuck leaving an endless voicemail message. (termed "voicemail hell") This can turn dangerous if there is an emergency and they are therefore not able to use the phone.

With the help of Twilio and SRI (the company behind Siri on the iPhone) I was able to make an application which responded to a voice command to hang up calls. While it was only a proof of concept, the TED guys arranged for a video crew and we were able to allow Gary Whitman, a quadriplegic, to hang up a phone call. The video made it's way to the 2013 TED stage as part of a presentation.

Comments

Ettus Research just released an interesting new "get started with software-defined radio (SDR) kit" called the USRP Instant SDR. It consists of a USRP, an RF board and a USB stick that boots up linux with everything you need to begin experimenting with software-defined radio. This looks like a great way to get started without the cost and complexity of some of the more sophisticated setups.

Ettus features a video of mine on their page where I demonstrate a GSM cellular network using OpenBTS. They also use a clip from it in their video:



I have two videos featuring Ettus products, this one on OpenBTS:



and this video about tunneling IP networks over the air between two Ettus radios:



You can do the same with the Ettus USRP Instant SDR - give it a try!

Comments

Scott Barstow and I just released the 50th Episode of 350 Third, our humble podcast covering the impact of the Internet on business. However, in celebration of the 50th episode milestone, we instead discussed the impact of the Godfather movies on our collective psyche. Of course we decided to record the show on the Godfather and The Godfather, Part II without actually internalizing how long they are. After over 6 hours of viewing, we reminisced for a while on the movies which, as it turns out, neither of us had seen in 15 years! Good movies both, the decision is split on which film is better but we'll leave it to you to decide. Listen in online or subscribe and follow.

Comments

I've just updated http://RunDumper.com animating the maps. (RunDumper lets you download your http://RunKeeper.com workout data) If you don't have an account, try anders94 and click on one of the runs to see it animate.

Comments

I had imagined if Hollywood were to do a movie about killing Bin Laden, it would have been 2 hours of hard-core "seal team gets ready" and then the "Go! Go! Go!" scene. Close to the 2 hour mark, I thought for a second, "we haven't really seen the seals yet!". The fact that all of that garbage is muted and you are not even quite sure when Bin Laden is killed makes this film very unusual. The female lead never gets into a relationship either - imagine that! Instead, I found it a very compelling "on the edge of your seat" CIA drama. This is a fantastically well done film because it doesn't lean on what you might expect to be great yet it still is.

Note: I don't watch trailers.

Comments

Typical PCs retail around $400 and Microsoft gets roughly $35 for the OS. Above that, they probably average $80 for Office. The OS in the tablet market is not a billed item. In the case of Apple, it is subsidized mostly by the hardware and app purchase and in Google's case, by apps and advertising. There isn't room for Microsoft's OS purchase model in the tablet market. Therefore, the only cash-cows remaining for Microsoft are apps - particularly gaming and productivity. Microsoft as of yet hasn't transitioned their Xbox and Office user bases to the tablet. Where a user used to be $50 or so per year in value to Microsoft, they are now essentially worth nothing. So how do they sustain their core business? If they make inroads, at best they can hope for is in the range of $5 per user per year. That means they need to have an order of magnitude more customers than they do now!

Comments

I have open-sourced pub-sub-map, a node.js driven web application that presents a map and lets you subscribe to real-time location markers. As marker positions get updated, the new location is pushed to all web browsers subscribed to them in real-time.

How could this be useful? Coupled with an iOS application I'm writing, you could follow a number of runners in a marathon, or see where all the taco trucks or taxis are. Scraping data from various mass transit systems, you could have a realtime display of where all the trains and busses are. Or you could track a model rocket or stratospheric balloon project to see where it lands. Basically, pub-sub-map can be useful for anything that moves where any number of people want to follow in realtime. It is an expansion of what you can already do right now with http://EyeZo.com.

I use express as a web framework running in node.js with jade templates to render the web frontend. I don't use polling to push location information. Instead, all location updates are pushed to subscribed browsers via socket.io also running in the same node.js application.

Here's a video of pub-sub-map in action.



pub-sub-map is the next-generation engine I am developing for http://eyezo.com. Give it a try and let me know what you think.

Comments

My latest project, SwitchCoder, allows you to write voice and SMS applications in JavaScript and have them run from inside the phone company. Check out our intro video:



Getting up to speed is easy. Here's a video showing how to create a group SMS application using SwitchCoder.



You can invoke SwitchCoder scripts three ways: by calling a script, sending an SMS to a script or invoking a script over the web. Here's how that works:



Sign up now. We give you $10 of free credit so you can buy numbers and try it out. Be sure to let me know what you think about it!

Comments

To those of you who were getting Rails errors trying to test out http://RunDumper.com, I have pushed a new rev of the code that should address that. Also, the maps take a little time to download, so if it isn't giving you access to your public map data, come back in half an hour and you should see complete data.

http://RunDumper.com lets you download your public http://RunKeeper.com data in a variety of formats including Excel and Google Earth. It's free - enjoy!

Comments