Reprise24OCT17

Transcript

1. Blockchain meets Object-capabilities Reprise by Clive Boulton Entrepreneurs meetup @thenetworkhub

   Vancouver, BC 10/24/17

2. Who has access? Examples

3. 90% Researchers find current online applications maybe vulnerable to hackers.

   Ransomware...

4. 143 million impacted… Equifax appears to have 618 domains, spread

   across 493 perimeter hosts on ipv4

5. Object-capabilities at Splash 2017

6. Leverage both Blockchain and Ocap paradigms? Current blockchain systems synthesize

   a single VM with a single global state among all agents on the network. Is it possible to abstract and apply this virtual machine synthesis to a network of any number of agents running any defined network protocol? Can the Ocap model allow interoperation between disparate contracts, functions, and virtual machines, with a programming interface that feels like standard imperative programming.

7. bitcoin, blockchain, ethereum, smart contracts

8. ICO Crypto-coins...

9. Cryptocurrencies surged $30bn to $160bn in 6mos Dozens of companies

   have launched in recent years to trade cryptocurrencies, fuelled by the dramatic rise in the value of bitcoin and other virtual currencies as well as an explosion of startups funding themselves via “initial coin offerings”. The market value of all cryptocurrencies has soared. However, banks are keeping their distance, worried by fact that cryptocurrencies are commonly used by criminals to trade illicit goods on the “dark web”. ” Jamie Dimon, chief executive of JPMorgan Chase, predicted earlier this month that governments around the world would “crush” bitcoin before long ... https://www.coindesk.com/events/invest-2017/

10. On scaling throughput during an ICO Blockchain meets Object-capability event

    at Berkeley, CAL via @ecsa_team pic @iC

11. Mark S Miller Mark S. Miller is the main designer

    of the E and Dr. SES distributed object-capability programming languages, inventor of Miller Columns, a pioneer of agoric (market-based secure distributed) computing, an architect of the Xanadu hypertext publishing system, a representative to the EcmaScript committee, and a senior fellow of the Foresight Institute. https://research.google.com/pubs/author35958.html

12. Smart contracts - Public vs Private Nick Szabo Public smart

    contracts. Short duration transactions (finance, “bit gold”). Bitcoin paper by Satoshi Nakamoto. Distributed blockchain, POW. Vitalik Buterin, Ethereum, ICOs (global block) Consensus-based solves Byzantine Generals. Bitcoin 7 tps. Ethereum 15 tps. Mark S Miller Private smart contracts. Long duration transactions (vulnerable to computer security) Miller’s E programming language. PhD Thesis on Robust Composition. Caja, JS(ECMAScript). OCap Hyperledger POCs / Gravity (unblocks the lock) Capabilities-based solves the Confused Deputy. Fabric 1000 tps. [PayPal 11,600 tps]. [Visa 56k tps]

13. Least Privilege Roles • Primitive roles ◦ Owner, Editor, Viewer,

    Billing Administrator • Curated roles ◦ List of permissions: get, list, delete, start, stop, • Custom roles ◦ Policy set: Set of roles and members (if parent policy less restrictive, overrides more restrictive).

14. Hackers love to find unintended permissions Replace youtube in the

    video url with youpak. Here's an example: http://www.youtube.com/watch?v=oWtDipSSAU8 In the next example, you will not get the country restriction notice. On the link https://www.youpak.com/watch?v=oWtDipSSAU8 It works only by clicking the link; it won't work on an embed.

15. Allow access to what...

16. Apple Root Password Vulnerability The bug meant anyone with physical

    access to a Mac running High Sierra could get admin access to the machine. https://twitter.com/lemiorh an/status/935581020774 117381

17. Capabilities Capabilities-based ‘crypto-commerce’...

18. What are capabilities? A capability is single thing that both

    designates a resource and authorizes some kind of access to it. Capabilities solve “The Confused Deputy” problem in Windows, MacOS, and Unix derived OS Linux, Android, etc. A first class move from ACL (access control lists) by closing the loopholes bad actors are exploiting in e-commerce. Posit smart contract moves to POLA (principle of least authority) . Object capability: Smart contact blockchain capability-based.

19. Object-capabilities can provide specific access instead of access control lists.

    Example: Passport vs Car key. Assume my identity vs grant you access to my car.

20. Permission (ACL) or Object-capability (token)

21. Pull request

22. None
23. None

24. strict mode: ECMAScript 2015, ES6 https://devfestseattle.org/ https://github.com/GDGSeattle/h overboard

25. None

26. Dr. SES - Distributed Resilient Secure EcmaScript Talk presented at

    the July 2017 TC39 (EcmaScript committee) meeting. https://www.youtube.com/watch?v=YQFPAyCgOlI ES2015 ES6 ES7 lands OCap...

27. Frozen Realms API TC39 https://github.com/tc39/proposal-frozen-realms Maximum modularity / least coupling

    (as close as practical, remove destructive behavior)

28. Demo Fed Wiki

29. Doing business with strangers Hard to hold strangers accountable, crypto-commerce

    gets us closer. http://ward.bay.wiki.org/view/agreeing-with-strangers

30. Ward Cunningham Ward Cunningham is the main designer and pioneer

    of Wiki technologies an influential computer programmer, and leads the new Federated Wiki project. He was previously Nike's first Code for a Better World Fellow and is recognized for coining and defining technical debt. https://en.wikipedia.org/wiki/Ward_Cunningham

31. Federated Wiki... Ward, does wiki deliberately avoid global locks by

    design? page Clive, yes, wiki enables collective behavior without any synchronization at the application level" page

32. Let’s compose (Sharepoint)

33. Federated Wiki

34. Code Implementation

35. None
36. None
37. None

38. Summary Cryptocurrencies boom makes sense when computer security in operating

    systems and programming languages were designed for private networks. Yet commerce now operates over public networks. Work scaling blockchain technologies perhaps proxy for securing crypto-commerce. By addressing process, trust and access. • Smart contracts can enforce procedures within the company. For example, say, ‘user A can only access X document with approval from user B and C’. • In respect to trust, it allows companies to ensure that procedures are being executed in compliance with regulation. • Web developers can implement JavaScript strict-mode now to improve current apps (more object-capabilities slated for ES7).

39. Contacts Clive Boulton is fostering crypto-commerce ... https://www.linkedin.com/in/cliveboulton/ Tweet me

    at: twitter.com/iC