Bitcoin is Cool, but It’s not Money

The subject of blockchain technology in general, and cryptocurrency in particular, has come up a few times lately, and I’ve been doing some reading. When you look, you mostly find stuff that does a bad job describing what blockchain is, before jumping to some particular use for it – generally cryptocurrency, and why you should buy some.

But “blockchain” is the second-least important word in this discussion. “Cryptocurrency” is the least important. Blockchain is a way to achieve a utopian dream, and it’s the dream we will talk about today. The dream is the Distributed Ledger – a system where there isn’t some central institution who decides who owns what, instead that information is all kept in an encrypted ledger that we all share and maintain, and magically we can only read the parts of the ledger that are our business to read.

All the blocks and chains and whatnot are an implementation detail that is not really that important. But… later we will see that some implementation details matter a lot.

Let’s talk about the distributed ledger. Instead of some bank tracking how much money is in everybody’s account, there are thousands of copies of the ledger, spread around the world, immune to deprivations of institutions who use the ledgers to control us. It’s a pretty sweet idea. Better yet, ideally even when the ledger is spread around the world, only the right people can read the parts about you. For all the rest, the ledgers just have to agree.

To make this happen there are two key concepts: redundancy and consensus. Redundancy we just spoke of. Thousands, maybe millions of instances of the ledger, all verifying that they are the same, even if they can’t see the individual transactions.

But imagine if Ronald McDonald decides to give a Bitcoin to Mayor McCheese. He duly records the transaction and that information propagates through the network as all the instances of the ledger are updated. But at the same time, on another ledger it is recorded that in fact Ronald gave that same Bitcoin to the Hamburgler! I heard that gasp of horror, and it is well-placed!

With every distributed ledger, there has to be a way to resolve discrepancies that through sloppiness, bad timing, or malice will inevitably arise. Eventually all those ledgers have to concur about what actually happened. Therefore, the people who run the system need to make it difficult for the bad guys to overwhelm the honest transactions. They need to allocate deciding power based on some resource they control that makes the holders invested in the success of the platform.

In the case of Bitcoin, that resource is pure computing power. Solve math puzzles, get Bitcoins. Once you have Bitcoins, you will protect them. So to push false transactions onto Bitcoin, you would have to to solve those math puzzles faster than everyone else on the network combined.

That would not be easy. I read an estimate today that the current Bitcoin puzzle-solving economy, which uses extremely efficient hardware designed to solve these particular problems and nothing else, is currently chewing through the amount of electricity consumed by the entire country of Austria – at the low end. So to fool Bitcoin, you’d need about 1.1 Austrias (at the low end) of power. That’s pretty impractical, and that’s what keeps your Bitcoins safe.

Or, to defraud the system you could find a different way to generate sha256 hashes (that’s the Bitcoin puzzle). If you came up with a new way to do that calculation that took 1% of the power, you could destroy Bitcoin. Quantum computing would trash Bitcoin, but the latter will be long gone before the former arrives on the scene. Yep, Bitcoin will be long gone.

There are other ways for distributed ledgers to form consensus that are far less carbon-awful. In fact, there’s a currency that was recently announced that awards blocks (coins) for each ton of CO2 sequestered. And away from cryptocurrency, the distributed ledger promises to transform some really complex problems like adaptive energy grids and a world filled with self-driving cars. All the new cryptocurrencies are finding less ecologically-disastrous ways to manage consensus. Etherium is launching a new less-eco-awful version of their currency, and leaving their old version to the winds of fate. The power bill will eventually destroy Bitcoin.

I mentioned above redundancy and consensus. We have seen that consensus can be extremely expensive. New distributed ledgers are working to reduce that cost. But redundancy also has a cost.

All the ledgers have to share information, constantly updating each other. For the blockchain implementation, each update itself requires a great deal of computation to ensure security — digital signatures, hashes, more signatures. Recording a single transaction in thousands of ledgers eats up CPU time, to the point where processing a single Bitcoin transaction takes the juice to run your house for a week. (Actually, a German house for a week, whatever that means.)

And this is where we get to “Bitcoin is not Money”. Despite demanding the power of a European nation to operate, Bitcoin can only process a few transactions per second. Like, less than ten. How many credit card transactions take place every second? A global-scale distributed ledger makes each transaction very expensive. It is simply impossible for Bitcoin to be a factor in everyday commerce.

EDIT: In fact, bitcoin intentionally adjusts the difficulty of adding a block to the chain so that one 1MB block is added every ten minutes, so that transactions can be “digested” and shenanigans rooted out. This puts a very hard limit on the number of transactions that can be added to the chain, and as computing power increases, the difficulty of adding a block to the chain increases with it. Bitcoin by design cannot handle the transaction rate of an actual currency.

(Although I have to say that since you can know the entire history of each coin, you could, for instance, simply refuse to accept any coin ever touched by a company that dealt with blood diamonds, effectively making their money worth less. That is the true power of the distributed ledger. Someday it will be real.)

When it comes right down to it, our current attempts at the distributed ledger are way better at things that aren’t money – things where there is value in decentralizing, but they don’t move as fast as we need money to move. Or things that move fast but in a smaller context, like an office or a company.

Or, God help us all, Non-Fungible Tokens. A topic for another day.

When you hear about the ways blockchain technology will change the world, quietly, to yourself, substitute the term “distributed ledger”. That is the idea that has the power to change so many things for the better, and it’s a lot easier to fit in your head. Blockchain is an implementation of that idea, but it’s got warts big enough to mostly obscure the magical toad underneath. Moore’s Law may finally get us to the promised land, but computers will literally have to be a million times faster than they are now to turn blockchain-based cryptocurrency into actual money. My bet is now that we have seen the value of the distributed ledger, we will find a better way to accomplish it. And that’s pretty exciting.

2

Just Another Commute in Silicon Valley

Today as I used public transportation to go to work, I saw five robotic cars, operated by three different companies.

Three of the five cars were Urban Automated Driving vehicles operated by Bosh and Daimler, running (human monitored) robot taxi service along the same corridor my bus takes. The Mercedes c-class vehicles are equipped head-to-toe in lidar units (lidar is like radar… with lasers!) and if I loaded the app I could ride in one. Which… is tempting, for purely journalistic reasons. My biggest question: How bored is the human monitor? Super-bored means things are going smoothly; super-bored also means that the human will never spot the emergency in time.

The second company was Nuro. The vehicle was a Toyota or whatever with sensors all over it, but what the company is actually developing is an autonomous vehicle that doesn’t have seats in it at all. Their dream: order your groceries and have the robot bring them to you. The vehicles are electric and since there is no need to account for human comfort, they could theoretically be much, much cheaper. It is easy to imagine that many companies that sell stuff would be interested in having something like that. Nuro’s Web site doesn’t have a lot of information, except for a pdf with a major discussion of safety (that I didn’t read).

There was a third, but my most humble apologies, dear readers, I don’t remember the company name painted on the car. It was not Google; I haven’t seen one of those in a while. Apple, should they even still have experimental cars, would keep them anonymous (which, as I think about it, would be just as definitive as putting a neon logo on the side — no other company would operate vehicles with a bunch of extra gear strapped on without missing the chance to brag about it).

As cities go, San Jose and the rest of the unplanned, disorganized sprawl that is Silicon Valley is… meh. And the cost to live in meh is staggering. But one thing I do enjoy is that it feels like we are just a little bit closer to the future here. And there’s nothing like Bay Area traffic to make you really, really, look forward to the day when people are not in control of giant deadly machines.

The Guy on the Corner

I grew up in a small town, but one of my first visits to a large city carries with it an enduring memory. A man, skinny and bedraggled, on a street corner, shouting obscenities into his hat. I was just a kid back then, and didn’t understand the tragedy that man represented. I was just perplexed. I learned, somehow, later, to be afraid of people like that — maybe the reaction of the people around me that day informed that fear. Which is awful.

Yesterday, walking down the street in San Jose, there was another man standing on a corner shouting into the air, a stream of profanity. I just assumed he was on the phone.

3

Two Things I Learned Today

  1. MapQuest still exists!
  2. MapQuest really sucks.

I learned the former when using the Web site to report for jury duty in Santa Clara County. Links to the locations of the courthouses take you to MapQuest.

For a brief explanation of the latter, MapQuest is overrun with intrusive advertising, and the “get directions to a place” feature does not include public transportation.

My next post is likely to be observations on the Wheels of Justice. Oh boy!

1

Took My Data Privacy Training Today

The European Union is enacting a new policy concerning the way companies treat the personal information of their customers. Today I went through the training to make sure I understood what those rules meant to me.

Spoiler: nothing new. But there are a lot of other companies in this neighborhood that are probably scrambling. I’ll name names later.

The new privacy training was pretty much exactly the same as the previous data privacy training I have gone through, with the exception that there is a new report to fill out to make the decision process on using customer data visible to the outside world. There is also a new portal so people can see all the data my employer has collected on them, and request that that data be deleted.

But overall, the new privacy regulations in Europe might have been written by my company, they match our existing policy so closely.

Remember back when Google was “accidentally” collecting information about open home WiFi networks? Accidentally in this case means accidentally creating database tables and queries to store that information. I mean hey, accidents happen. That was a while ago, but that shit is really not going to fly now.

Hey! So much for “later”. I’m naming names.

The regulations go something like this:

  1. You have to spell out what you will be using the data for BEFORE you collect it.
  2. You have to protect that data.
  3. You have to let people see the data and tell you to delete it.

The Google thing was years ago. (There are plenty of current investigations, however.) But hey, remember last week when an Android user discovered Facebook was recording the recipient and duration of all his phone calls? Yeah, the beat goes on. In the aftermath of that I downloaded my own information and there were only a couple of surprises, none shocking. Hint: I don’t use Android.

At Google they must HATE Facebook for being so damn sloppy and leaking data all over the place, rather than just efficiently selling it. Regulators are swarming! Maybe now Google might consider putting in place basic security measures to prevent apps from rooting through shit that is none of their business.

My Facebook information was mostly unsurprising, but I suppose it’s possible that in the last few days Facebook has decided that fraudulently withholding some of the data they have collected on me is better than confessing to all of their shenanigans. Ironically, the ability for people to download their information was probably implemented by Facebook to comply with the new regulations. Sadly for them, the more people who download their personal info, the more trouble will arise for Facebook.

I encourage everyone to request a data download from Facebook. And from Apple, and from Google, and from Amazon. Probably Ebay, too, and the list goes on.

For the rest of this episode, I am full-on partisan. Just so you know. But there’s nothing I’m going to say that is not easily documented.

Google has a vast amount of data on you. If you use Google Wallet, downloading your data might be downright scary; if you use ApplePay instead you will find a big empty nothin’ concerning your spending habits. Apple built it so that it was not possible for them to learn anything about you from your spending. It was not easy to do.

I work for Apple. I am proud that my company puts privacy over profit — that HomeKit is slow to be adopted because it protects privacy and home-gadget manufacturers want to profit from personal data (and the hacking-resistance of HomeKit is more expensive to implement — something I’m also fine with), and I am proud that ApplePay was first out of the gate but isn’t growing as fast as the competitors because privacy requirements make it harder for banks to join in. Apple is losing money protecting privacy.

Unless protecting privacy becomes law. Then, suddenly, my employer is in the catbird seat, having built its information structure around privacy from the get-go. Apple has put a lot of systems in place to make sure they cannot collect large categories of personal data. Currently that data is an asset that they are failing to exploit. In the future, that data will be an onerous responsibility for any company that holds it. I hope so, anyway.

2

Assembling an iomega Mac Companion Enclosure

One of the big-ass hard drives we use for backup has started to make scary noises. Not the kind of sounds you want to hear from a drive that holds important data for our family and for a few of friends around the country as well. It was time to start looking for a replacement drive. One thing I wanted to do was have a clear upgrade: with the new setup I will not have to fear the catastrophic consequences of a single drive failing.

A note on levels of catastrophe: some might think that losing backup data is an inconvenience. In the same way you could think that losing the co-piolot of an airplane is an inconvenience. But with the backup compromised, risk of disaster has gone up exponentially. At Muddled Ramblings and Half-baked Ideas we take that shit seriously as we skulk in our secret bunker, buried deep beneath a trailer park next to a sprawling cemetery, ready for the Zombie Apocalypse to begin.

There are fancy enclosures that hold several drive units and use a variety of schemes that fall under the general acronym RAID to protect data from the failure of a single drive. Most of those enclosures have loud fans, and all of them cost a lot of money. Where does a cheap bastard go when he wants RAID 5, quiet and cheap? He buys a bunch of inexpensive but high-quality disks, puts them in inexpensive but high-quality quiet enclosures, and uses SoftRaid to turn them into a single virtual disk with reasonable protection from disaster.

After a little research, I found the right drives (Seagate bulletproof datacenter-rated blah blah blah) and the right enclosure: the iomega Mac Companion. What is great about this enclosure is that it has TWO firewire connectors, so you can daisy-chain them and connect many drives to a single firewire port on the host computer. Music to cheap-bastard ears, and not found on other enclosures at any price. Plus, you can buy them cheap on eBay in any quantity you might want, while supplies last.

There’s a catch, of course: iomega is defunct, and never officially sold this enclosure without a drive already installed. The packaging looks as though they might have been planning to sell empty enclosures, but the documentation (and even some of the text on the box) is clearly written with the assumption that the drive is already in there and everything is assembled.

So, you have packaging clearly designed to contain an empty, partially-disassembled hard drive enclosure, and instructions clearly for a pre-assembled unit. Weird. Perhaps some last, desperate attempt to sell an inventory of enclosures the company could no longer afford to fill. The only intern left to handle the packaging had no idea what to do about the instructions. We’ll never know the whole story.

But there’s a glut of quite capable hard drive enclosures out there now, and I bought some of them. As for assembly, there are no instructions. Not in the box, not online. You’re on your own, buddy. Until now! By my third enclosure, assembly was actually pretty easy. As a public service to anyone else who might have jumped on this deal, here are step-by-step instructions. You don’t have to thank me, it’s what I do.

Step 0: Survey the stuff.
When you open the box you will see parts in two groups: the top and the bottom. The bottom section includes the plastic base, the metal housing, and the circuit board, which is attached to the bottom of the aluminum inner shell. The top section has an aluminum inner shell top and the plastic lid for the enclosure.

Let’s take a moment to visualize the final product. A hard drive mechanism, inside a protective metal inner shell, inside a sturdy enclosure with lights on the front. With that in mind, we will be building from the middle out. (Yes, I thought of Silicon Valley when I wrote that.)

Step 1: Start by disassembling the bottom parts even further. Carefully pop the plastic base out of the outer metal housing, then slip the circuit board with inner shell off the plastic base. This is the step that took me three tries to learn. After this, everything is actually pretty obvious.

Step 2: Set the hard drive onto the white shield over the circuit board and slide it forward onto its connector.

Step 3: Slide the top inner shell over the drive unit with the little pigtail cable sticking out the slot in the side. At this point, you have something that looks like this:

IMG_0420

Step 4: If you look at the picture, you will see a screw holding the drive in place. The enclosure does not include the screws, but they are a standard size. I’m not sure what size, because I had some in my hardware collection, but you can figure that part out. In fact, in the first drive I assembled, I didn’t use any screws at all. I resolve to not use that drive as a maraca, and all will be well. But if I had it to do all over again, I’d screw those bad boys down.

Step 5: Slip your well-shielded hard drive assembly back onto the plastic base. Fiddle with things until the connectors line up with the holes in the base.

Step 6: The circuit board on the end of that pigtail cable hanging out the side actually has four LED’s on it. The tiny circuit board fits into a slot in the plastic base. Note that there is a wee indentation in the board at one end; that part goes DOWN, where it seats neatly on a plastic fin:

IMG_0415

Step 7: Now it’s time to put the outer metal housing on. There’s an odd plastic bit you set aside earlier with four little shafts sticking out. Those go into the holes in the front of the housing, and as you put the housing down over the plastic base the odd plastic bit will slide into the holder directly in front of the circuit board from step 6.

IMG_0422

Step 8: At this point, everything is connected and should be functional. Before passing the following Point of Maybe-No Return, I plugged in each unit and made sure it spun up happily.

Step 9: Snap on the lid. You’re finished! Woo!

I have no idea how to remove the lid again; and hopefully I’ll never have to learn. Now I have a lot of room for data. Setting up my poor-man’s RAID will likely have to wait until next weekend, and hopefully will be simple enough that I don’t need to write a how-to. In the meantime, I hope this is helpful to those who find themselves with a question mark hovering over their heads as they stare at the parts they have just received.

9

mmfnuckin?

My spelling correcter just changed m’fuckin’lord to mmfnuckin’lord. It does not change m’fuckin’ to mmfnuckin; the lord part is apparently important. I’m sure there’s something to learn from this.

So close…

About to purge the last of the Windows from the house, and say goodbye to the flimsy crap Asus laptop. The last task: getting it to talk on the network so we can move everything over.

It worked on the network two days ago. It has all sorts of other problems, far too many to enumerate here, but at least we were able to move files.

Now, not so much. Along with this happy message:

A problem is preventing the troubleshooter from starting.

Yay Microsoft!

Will the World Break in 2016?

Well, probably not. The world isn’t likely to break until 2017 at the earliest. Here’s the thing: Our economy relies on secure electronic transactions and hack-proof banks. But if you think of our current cyber security as a mighty castle made of stone, you will be rightly concerned to hear that gunpowder has arrived.

A little background: there’s a specific type of math problem that is the focus of much speculation in computer science these days. It’s a class of problem in which finding the answer is very difficult, but confirming the answer is relatively simple.

Why is this important? Because pretty much all electronic security, from credit card transactions to keeping the FBI from reading your text messages (if you use the right service) depends on it being very difficult to guess the right decoder key, but very easy to read the message if you already have the key. What keeps snoops from reading your stuff is simply that it will take hundreds of years using modern computers to figure out your decoder key.

That may come to a sudden and jarring end in the near future. You see, there’s a new kind of computer in town, and for solving very specific sorts of problems, it’s mind-bogglingly fast. It won’t be cheap, but quantum computers can probably be built in the near future specifically tuned to blow all we know about data encryption out of the water.

Google and NASA got together and made the D-Wave two, which, if you believe their hype, is the first computer that has been proven to use quantum mechanical wackiness to break through the limits imposed by those big, clunky atoms in traditional computing.

Pictures abound of the D-Wave (I stole this one from fortune.com, but the same pic is everywhere), which is a massive refrigerator with a chip in the middle. The chip has to be right down there at damn near absolute zero.

d-wave_exterior

The chip inside D-Wave two was built and tuned to solve a specific problem very, very quickly. And it did. Future generations promise to be far more versatile. But it doesn’t even have to be that versatile if it is focussed on breaking 1024-bit RSA keys.

It is entirely possible that the D-Wave six will be able to bust any crypto we have working today. And let’s not pretend that this is the only quantum computer in development. It’s just the one that enjoys the light of publicity. For a moment imagine that you were building a computer that could decode any encrypted message, including passwords and authentication certificates. You’d be able to crack any computer in the world that was connected to the Internet. You probably wouldn’t mention to anyone that you were able to do that.

At Microsoft, their head security guy is all about quantum-resistant algorithms. Quantum computers are mind-boggling fast at solving certain types of math problems; security experts are scrambling to come up with encryption based on some other type of hard-to-guess, easy-to-confirm algorithm, that is intrinsically outside the realm of quantum mojo. But here’s the rub: it’s not clear that other class of math exists.

(That same Microsoft publicity piece is interesting for many other reasons, and I plan to dig into it more in the future. But to summarize: Google wins.)

So what do we do? There’s not really much we can do, except root for the banks. They have resources, they have motivation. Or, at least, let’s all hope that the banks even know there’s a problem yet, and are trying to do something about it. Because quantum computing could destroy them.

Eventually we’ll all have quantum chips in our phones to generate the encryption, and the balance of power will be restored. In the meantime, we may be beholden to the owners of these major-mojo-machines to handle our security for us. Let’s hope the people with the power to break every code on the planet use that power ethically.

Yeah, sorry. It hurts, but that may be all we have.

A Secure, Undisclosed Location for my Stuff

I take a bunch of pictures. Each image is many megabytes. It adds up. I have a big-ass hard drive or two, but each image should be on multiple hard drives, and not all in one room.

Then there’s DropBox. That’s a service that makes one folder on your computer also exist out there in what the kids are calling the cloud. Which is cool from a redundancy standpoint, but what I’d really like is to not have to keep the files locally at all. I want something that looks to my computer exactly like a hard drive, but is really some gee-whiz redundant storage solution out there somewhere.

There are a couple of requirements:

  • It really does act just like a hard drive
  • It is encrypted with a key that I generate; the provider does not have that key. No one has that key but me.
  • There is a plan and escrowed funds so that if the host goes belly-up, I get my data back.

I don’t even know where to start looking. Suggestions?

Billion-Person Problems vs. Individual People

I read an article today idolizing Larry Page, head honcho at Google. I have to confess, reading Larry’s quotes, I was pretty damn impressed. Some of his goals are downright “holy fuck, that’s awesome”. If even a small percentage work out lots of people will be helped. Larry calls them his billion-person problems. But…

Can you solve billion-person problems while exploiting a billion individuals?

GoogPut another way: here’s a billion-person problem that Google is central to: the erosion of privacy in the modern age. For instance, Google has taken very seriously securing your information as it travels from your computer to their servers. But once that email hits their hard drives, it’s fair game! As long as no one else can get at your info (well, except governments with leverage over the Goog), all is well with the world.

Before I get too deep in this rant, let me say that the Internet would suck a lot more without Google’s search engine. I use Duck-Duck-Go to exploit the power of the search without yielding up my personal info. I realize that’s kind of like getting sushi and not paying; if everyone did that, search engines would have to start charging for their services and people would be faced with putting a monetary value on their privacy.

And, I think there’s a lot to be said for the way Google runs their company, they way they commit to their managers rather than just making the best engineers the bosses of other engineers. I give them big props for that. That comes from the very top and Larry Page deserves credit.

But now, on with the rant!

What Google knows when you use their payment system (Google Wallet):

Google Wallet records information about your purchases, such as merchant, amount, date and time, method of payment, and, optionally, geolocation.

What Apple (my employer) knows when you use their payment system (Apple Pay): Nothing.

Apple Pay was designed from the ground up so that Apple could not get your personal information. This made it way more complicated to implement and added hardship for banks as well, but it was a fundamental tenet of the system. Apple gets enough aggregate information back from the banks so they can get their fees, but none of your personal information is in that data. In contrast, Google (not just their wallet) has been built from the ground up to collect and sell your personal information.

Of course, the banks still know, and the merchant still knows, and Amazon tells advertisers what’s in your wish list… So it’s not just Google here. But Google has access to information you never intended to be known — a lot of it — and they have a unique opportunity to make meaningful change on this front.

Nest, the hot-spit thermostat/smoke detector company was bought by Google. I was discussing it the other day with a co-worker who is a (mostly) satisfied customer. It sounds like a pretty cool system, but I mentioned there was no reason for the damn thing to be in the cloud just to be operated from my phone — it just needed to be part of a personal network that could talk to all my devices. My friend, who has a buddy who works at Nest, shrugged and said, “they have to collect and aggregate data to make the service work right” (or something like that). I accepted that at the moment, but later I realized: NO THEY DON’T. I want my home automation to be based on ME, not some aggregate of other people. And, if they made the data collection voluntary, I might even opt in if it looked like it would help the collective good. It’s something I do.

I voluntarily share personal information all the time. I share my bike rides (but suppress the exact location of my house). I share my image on Facebook. I share biographical data right here on this blog. I probably share more personal information than I should, but I make a big distinction between voluntary sharing (Facebook) and involuntary sharing (having my emails read by a corporation). Even though I don’t use a gmail account, my emails are still read every time I send a message to a gmail user. Does it matter if I’ve agreed to their terms of service or not? No. No, it doesn’t.

Microsoft took a couple of shots at Google a while back, promoting their email and search services as being more privacy-friendly than Google’s. But, amazingly, Microsoft kind of half-assed it (they had a produced-by-local-TV-station look) and they failed to deliver the message effectively, the way Microsoft is wont to do. Still, at least they tried.

If Google would do one thing, a thing that is in their power to do, I will take back everything else I have said about them. If they provide real encryption for their emails — encryption all the way to their servers, encryption they won’t have a key to unlock, so only the intended recipients can read it, I’ll believe that they care about me, and the other billions of people in the world. And it would be a hell of a selling point for gmail.

Calculating Calories is Hard!

I’ve been using both MapMyRide and Strava to track my bicycle rides recently. In addition, I’ve been using the activity app on my slick new Apple Watch. Each estimates how many calories I burned on my ride, but the numbers are very different. For example, on my ride to work yesterday morning:

MapMyRide: 814 Calories
Strava: 643 Calories
Watch: 757 Calories

Dang – those are quite different numbers, especially when you consider that MapMyRide and Strava are using pretty much the same data and coming to very different conclusions. What gives? CAN I EAT THAT DONUT OR NOT?

Strava and MapMyRide use speed and (maybe) elevation change in a formula with the rider’s weight to come out with an estimate of how many calories the rider burned. Strava lets me set the weight of my bike; I don’t know what MapMyRide assumes. I’m pretty confident that neither really uses elevation changes well. And headwinds? Forget it.

Both services can come up with a better wild-ass guess if you use a special crank or pedals that directly measure how hard you are working. They directly measure the output of your muscles, so the only remaining guesswork is how many calories you burned to do that work (some people are more efficient than others). There’s a Garmin setup that will tell you if one leg is doing more work than the other. I have no such device.

The most accurate way available to measure calories burned is to measure how much carbon dioxide one exhales. Rather than measure the work you did, you’re measuring how much exhaust you produced. This is impractical on a bike ride, however.

Which brings me to the gizmo strapped to my wrist. It estimates calories based on my heart rate. I have no idea what formula it uses, but hopefully it incorporates my resting heart rate (which it measures throughout the day) and my weight (which I have to remember to tell it), and maybe even my age. The cool thing is that heart rate is directly related to carbon dioxide production. When I’m riding fifteen mph with a tail wind, I’m barely working at all. When I’m pushing against gale-force breezes at the same speed, I’m huffing and my heart is thumping. To Strava and MapMyRide, the rides look the same. The watch knows the truth.

When WatchOS 2 comes out (the “features we couldn’t get perfect in time for WatchOS 1” release), Strava will be able to access my heart data. I’m interested to see what that does to the numbers.

In the meantime, I’m listening to my watch.

How Secure is Your Smoke Detector?

heartbleedYou probably heard about that HeartBleed thing a few months ago. Essentially, the people who build OpenSSL made a really dumb mistake and created a potentially massive security problem.

HeartBleed made the news, a patch came out, and all the servers and Web browsers out there were quickly updated. But what about your car?

I don’t want to be too hard on the OpenSSL guys; almost everyone uses their code and apparently (almost) no one bothers to pitch in financially to keep it secure. One of the most critical pieces of software in the world is maintained by a handful of dedicated people who don’t have the resources to keep up with the legion of evil crackers out there. (Google keeps their own version, and they pass a lot of security patches back to the OpenSSL guys. Without Google’s help, things would likely be a lot worse.)

For each HeartBleed, there are dozens of other, less-sexy exploits. SSL, the security layer that once protected your e-commerce and other private Internet communications, has been scrapped and replaced with TLS (though it is still generally referred to as SSL), and now TLS 1.0 is looking shaky. TLS 1.1 and 1.2 are still considered secure, and soon all credit card transactions will use TLS 1.2. You probably won’t notice; your browser and the rest of the infrastructure will be updated and you will carry on, confident that no one can hack into your transactions (except many governments, and about a hundred other corporations – but that’s another story).

So it’s a constant march, trying to find the holes before the bad guys do, and shoring them up. There will always be new versions of the security protocols, and for the most part the tools we use will update and we will move on with our lives.

But, I ask again, what about your car?

What version of SSL does OnStar use, especially in older cars? Could someone intercept signals between your car and the mother ship, crack the authentication, and use the “remote unlock” feature and drive away with your fancy GMC Sierra? I’ve heard stories.

You know that fancy home alarm system you have with the app that allows you to disarm it? What version of OpenSSL is installed in the receiver in your home? Can it be updated?

If your thermostat uses outdated SSL, will some punk neighbor kid download a “hijack your neighbor’s house” app and turn your thermostat up to 150? Can someone pull a password from your smoke detector system and try it on all your other stuff (another reason to only use each password once)?

Washer and dryer? The Infamous Internet Toaster? Hey! The screen on my refrigerator is showing ads for porn sites!

Everything that communicates across the Internet/Cloud/Bluetooth/whatever relies on encrypting the data to keep malicious folks away from your stuff. But many of the smaller, cheaper devices (and cars) may lack the ability to update themselves when new vulnerabilities are discovered.

I’m not saying all of these devices suck, but I would not buy any “smart” appliance until I knew exactly how they keep ahead of the bad guys. If the person selling you the car/alarm/refrigerator/whatever can’t answer that question, walk away. If they don’t care about your security and privacy, they don’t deserve your business.

I’ve been told, but I have no direct evidence to back it up, that much of the resistance in the industry to the adoption of Apple’s home automation software protocols (dubbed HomeKit) are because of the over-the-top security and privacy requirements. (Nest will not be supporting HomeKit, for instance.) In my book, for applications like this, there’s no such thing as over-the-top.

1

Another Baby Step Toward Email Privacy

Email is frightfully insecure. Anything you write can and will be read by any number of robots or worse as it bounces across the Internet. Gmail? forget about any shred of privacy. While the Goog champions securing the data as it comes to and from their servers, once it’s there, your private life is fair game.

It doesn’t have to be that way. We can encrypt the contents of our emails so that only the intended recipients can read them. I’m not sure how many more embarrassing corporate, government, and university email hacks will have to happen before people start to take this seriously, but remember, those were only the illegal hacks. Other people are reading your emails all the time already. This bothers me.

Sorting out a solution to this problem has been like having a big jumble of puzzle pieces on my coffee table, and while I’ve pushed the pieces around to get them to fit together, it’s become apparent that there’s a piece missing — until (perhaps) now. To understand the puzzle piece, it’s easiest to start with the hole it needs to fill. Some of this you may have read in posts from days of yore.

Here’s a simplified illustration of how email encryption works. Picture a box with two locks, that take two different keys. When you lock the box with one key, only the other key can open the box again. If you want to send me a message, I give you one of the keys, and you put the message in the box and lock it. Since I’m the only one with the matching key, only I can unlock it. Sorry, Google! You just get gibberish.

Of course, there’s a catch. How do I get your half of the key pair to you? If I put it in an email, any bad guy could switch the key before it got to you, and then your secret message would only be readable by the bad guy. He’d probably pack the message back up and lock it with my key and send it on, so I might not notice right away that that the message had been intercepted.

What’s needed is either a foolproof way to send my public key to you, or a way to confirm that the key you got really came from me.

If there were a foolproof way to send the key, we’d dispense with the whole lockbox thing and just send the original message that way. So until that foolproof way arrives, we are left with the need to authenticate the key I send you, through some trusted, hard-to-fake source. There are competing ways to accomplish this, and they all have flaws. This is the hole in our jigsaw puzzle.

The most common way key-verifying is done is through a series of Certificate Authorities, companies entrusted with issuing and verifying these keys. This works pretty well, as long as every single Certificate Authority can be trusted. The moment one is hacked, the entire system has been compromised. Guess what? CA’s have been hacked. There are also several governments that are CA’s, meaning those governments can listen in on any transaction on the Web today that uses https:// – which is just about all of them. Any of those entities could send a fake key to you and your software would trust it. I don’t know which makes me more nervous, that China is on the list or the United States.

So if you can’t collectively trust a few hundred companies and governments, who can you trust? There are several competing systems now where you and all your friends only have to trust one company. As long as you and I both set up with that company, they will quite effectively safeguard our communications. Your privacy is as good as the security and integrity of a single corporation — unless a jealous government shuts them down, anyway, or they get bought by a less-scrupulous company, or a pissed-off engineer in their IT department decides to drop their corporate pants. Having a single entity hold all the keys is called the “key escrow problem”.

At the far end of the spectrum is crowd-sourcing trust. There exists a large and (alas) floundering network of people who vouch for each other, so if you trust Bob and Bob says my key’s OK, you can choose to trust my key. I’ve tried to participate in the “Web of Trust”, and, well, here I am, still sending emails in the clear.

But now there’s a new kid in town! I just got an invitation to join the alpha-testing stage for a new key-verification service, keybase.io. Let’s say you want to send me a message. You need the public key to my lockbox. You ask keybase for it, and they send you a key. But do you trust that key? No, not at all. Along with the key, the server sends a bunch of links, to things like this blog and my twitter account. The software on your computer automatically checks those links to see if a special code is there, and if it is, invites you to go and look at those links to make sure they point to things I control. You see the special code on Muddled Ramblings or Twitter or whatever that only I could have put there, and you can feel pretty good about the key. You put your own stamp on the key so you don’t have to go through the manual verification again, and away you go!

There are more features to prevent bad guys from other shenanigans like hacking my blog and twitter before giving you a fake key, but you can read about them at http://keybase.io.

The service is still in the pre-pubescent stage; I’m fiddling now to see if I can use keybase-verified keys from my mail software. Failing that, there are other methods to encrypt and decrypt messages you cut and paste from your email. Kinda clunky.

Having set up my keybase identity, I have been given the privilege of inviting four more people aboard. Good thing, too, since otherwise I’d have no one to exchange messages with, to see how it works. I’d be grateful if one (or four!) of y’all out there would like to be a guinea pig with me. Drop me a line if you’re interested. Let’s win one for the little guy!

Note to Pillsbury:

It’s time to revive Space Food Sticks.

1