Hostile Chain Takeovers

(source: Roger Ver w/ modification)

This blog post was inspired by a recent long conversation with Jay, Nicola, and Jesse about value in blockchains. In a previous post, Dillon and I explored the concept of merging blockchains. In light of this, I'd like to explore another concept in blockchains: hostile chain takeovers.

For context, most proof-of-work based cryptocurrencies (being the vast majority of them right now) have miners competing for block rewards, awarded proportionally to the amount of computational power they bring to the network. Networks like Bitcoin are some of the most profitable to mine, because of the substantial competition on the network, in part due to the recent value appreciation Bitcoin has gone through (yes it's down from ATH, but still 10x on the year ;))

This reminded me of the earlier days of Bitcoin – if you wanted to add new consensus-breaking functionality without a sidechain, you would clone or fork Bitcoin with new rules. Muneeb Ali previously worked on Namecoin, a human-readable naming system, forked from the Bitcoin blockchain. A few years later, he revealed that one mining pool controlled nearly 60-70% of the hash rate of the Namecoin network, breaking network security guarantees [0]. While that mining pool didn't do anything malicious, it showed that bootstrapping a proof-of-work blockchain from scratch is *really* difficult (and one of the reasons why Ethereum started).

And this doesn't just happen to less secure altcoins – it's happened to Bitcoin as well! In 2014, GHash.io controlled 51% of Bitcoin's network power [1], causing a worldwide scare and panic, and while they didn't do anything malicious, they definitely had the potential to. The incentive to take over the network at the time was limited to none, given if the price crash, GHash.io's expected return would be minimized.

Keep in mind, this can also happen on proof-of-stake based consensus systems – they also suffer from the same network value bootstrapping problem. PoS systems such as Casper and Tendermint have designed incentives to prevent forking in the network (whether this is good or bad). However, systems like these don't require the need for cheap electricity and commodity hardware, potentially amplifying the security (or lack thereof) by directly attaching security costs to the market price of the underlying commodity (on this note, good criticisms on PoS from Mark Wilcox [2] and Paul Storzc [3] that I recommend).

Long story short, all these events have shown that it's possible to take over blockchain networks for potentially malicious reasons, and there may be a couple of reasons for doing as so.

Motives/Attacks

Why would anyone want to take over/break a blockchain? I envision a couple of reasons:

  1. Goldfinger Attacks: Some people just wanna see the world burn (see "On hostile blockchain takeovers" [4])
  2. Governance Takeovers: An imbalance in incentives lead to the Great Bitcoin Scaling Debate of 2015-2017. Different groups of actors in the system (various miners, users, wallets, etc.) wanted to control governance of the protocol to limit/move forward an upgrade. This could happen even more in the future as various blockchains stop being maintained.
  3. Double Spend Attacks: Why not double spend? I've always wanted to create money out of thin air...

  4. Competitive Chains: Chains that solve similar usecases will ultimately compete for developers, users, investors to determine value. If incentives become perverse enough (as money tends to), we could see more attacks 
  5. Forking from Middlemen: Things like founder rewards, ICOs, premines, etc. will often create an incentive for the community to fork away, if they think the value distributed away from the network isn't worth the value brought in by the developer team
  6. Traditional Attacks: Layer this on top of all the traditional blockchain attacks researchers have discovered the past several years. These include bribery attacks, selfish mining attacks, etc.

How chain takeovers materialize

  • Infinite forking
    • Drop difficulty, market token, confuse users
    • Litecoin Silver? Litecoin Cash? lol
  • Find small chains with lower hash rate, and take over 51% of the network
    • This works by either commisioning enough hardware (even easier with ASIC-resistant blockchains) or money to control voting 
    • attempt both soft and hard forks, see what miners stick with
    • Attempt double spends
  • Rally a community that wants change (politics!!!)
    • There are a ton of projects that haven't had code changes in a while. However, these networks still have value resting upon them, and shareholders that want to increase value -> hostile chain takeover time (doesn't necessarily need to be hostile, but it often is)
    • This can probably be used to pump prices (but for the love of god, please don't. This ecosystem is already crazy enough...)
    • Populism works really effectively here (see BIP148 UASF from last August)
    • Raise money to fund a rogue crack developer team to continue development on a chain, whether its abandoned or not
    • Accelerating Evolution Through Forking [5]
    • Often there's a rent premium in certain networks (as mentioned earlier), and more idealogical users don't like the idea of that
  • Introduce some black swan event
    • This one is implied, but often happens more than you'd think
    • Example: Sia team introducing new ASIC for the community, then Bitmain bring a much more powerful alternative, ruining early fixed economics for early adopters, and community largely (and brings up moral questions) [6]
    • Find a new class of attack and let it loose on a chain: Value overflow incident

For most small currencies, it's probably fairly trivial to point some computational power at the currency, and take it over, destroying the value of the underlying coins. This also brings up a larger meta question – do miners have too much power? I'll leave you with two posts ([7] [8]) that explores this question further!


Thanks to Jay Graber, Nicola Greco, Jesse Clayburgh, and Dillon Chen for conversations and/or reading drafts of this. You can follow me on twitter here or subscribe to be notified of future posts.

Disclaimer: I'm not responsible for your blockchain breaking or getting taken over because you didn't think about security enough :). As always, this should NOT be taken as investment advice or recommendations. Finally, this post does not represent the views of my employer, Polychain Capital.

Ethereum SAT

Test your knowledge of Ethereum and its underlying technology!

About four years ago, Olaf Carlson-Wee of Coinbase released a reddit post looking for more support staff to join the company. He created a Bitcoin test with some semi-advanced questions to gauge their knowledge (you can still take it here). Looking back in retrospect, the test seems relatively straightforward, compared to how the field has progressed as a whole. I decided to make an Ethereum SAT* to test your knowledge of Ethereum internals, in spirit of the Bitcoin test. Enjoy, and happy quizzing!

Questions:

  • What do the terms "wei", "finney", and "szabo" refer to in Ethereum?
  • Name two solutions to running out of gas in a smart contract.
  • Ethereum recently hard forked, but no new coins were created. What gives?
  • What's the approximate cost to store one gigabyte of data on the Ethereum blockchain? (without solutions like Filecoin or Swarm)
  • What does maintaining state enable in Ethereum, and what fundamental data structure modification from Bitcoin allows for that?
  • What is geth's fast sync and what makes it fast?
  • What are the differences between partially light, fully light, and archive nodes?
  • What is LLL, Solidity, and Serpent, and how does it relate to the EVM? Which is the most popular of the three?
  • What's the total supply of Ethereum? What is the "ice age"?
  • What is a colored coin and how does it relate to Ethereum tokens?
  • Briefly describe how you would write a naming service in a smart contract (think something like DNS).
  • What happens when a smart contract is broadcast to the network? Who runs the smart contract?
  • What happens when multisig control of a DAO splits? (alternatively, what happens when a token forks?)
  • What happens to a DAO when the base Ethereum protocol has a network split (resulting in two different coins)?
  • What is economic finality in Casper, and what does it achieve/solve compared to Nakamoto consensus?
  • What's the difference between Casper, the Friendly Finality Gadget and Casper, Correct-by-Construction?
  • What is a slashing condition?
  • What are long-range attacks and the nothing-at-stake problem, and how are they subverted?
  • Where do the slashed Ether deposits of byzantine nodes go when not following the Casper protocol?
  • What is a "layer two" system, and how is security guaranteed without a blockchain?
  • Lightning Network is a project involving payment-specific state channels. How does this work generalize to Plasma?
  • Ethereum recently added support for zero-knowledge proofs. How does it solve the trusted setup criticism posed in ZCash? Does it?
  • What is ASIC resistance and how does Ethereum's Proof-of-Work algorithm accomplish it?
  • Describe Ethereum's "holy trinity" initiative and its three components.

Ethereum is full of lots of exciting developments (it's a living science project!), so it was only natural to create an Ethereum version of the "Bitcoin Test". Given the depth of the Ethereum Project, I wasn't able to cover everything, unfortunately. If you have an interesting question about Ethereum, comment it down below! Answers can be viewed here.


Thanks to Dillon Chen for for giving me feedback on earlier versions of this post.

*Note: "SAT" is a registered trademark of the College Board, to whom I have no relation. Please don't sue me.

Have any questions or comments? Feel free to comment down below or shoot me a message on twitter @niraj.

ARKit and the mainstream adoption of AR

ARKit has been getting a ton of attention recently, and rightly so. Several demos showcasing the technology from @madewithARKit have been going viral on twitter. I believe it's the most exciting thing in the AR/VR space since the Oculus Rift first came out. For some background, ARKit is an iOS 11 SDK that provides powerful, low-level access to camera/location sensor data for high-quality augmentation1. It was recently announced at WWDC 2017, and is currently available in beta preview to iOS developers, allowing them to get accustomed to the technology before the stable release this fall.

ARKit allows anyone with iOS programming experience to build AR applications on the iPhone. Typically, AR has been slow to customer adoption because: 1) expensive hardware (anything $99+) is necessary for a decent experience, 2) the lack of seamlessness and applications for the platform doesn't drive enough demand, and 3) lengthy set-up process necessary for these experiences. The beauty of ARKit is that it fixes all of these problems in a relatively cheap and effective way. 

They've decreased the barrier to entry for developing and consuming AR applications, given that any iOS developer can now take advantage of the SDK. It's compatible with iOS, which opens it up to a much, much larger community than just game developers. Remember Pokémon Go? It took the world by storm by releasing a (fairly rudimentary) AR version of their popular game, driving millions of downloads. Just imagine when the rendering prowess and quality of camera data increases – Pokémon Go gets even better.

ARKit is a fantastic entry point for future, more realistic AR/VR hardware and software experiences, with this technology almost acting like a testbed for future technology.

Why is this exciting?

  1. The technology still seems vastly underrated

    I've heard arguments that ARKit "doesn't look nearly as good as traditional AR" or won't work because "users have to download new apps" (which apparently people don't download anymore? not true). While ARKit isn't nearly the most powerful augmentation you can get on the market, it's a great balance between access, form factor, and cost. Additionally, this platform will likely usher in a new wave of applications (and consequently, app downloads). Apple is democratizing access to a future platform differentiator!2

  2. The technology adoption and readiness curves are intersecting

    The beautiful thing about ARKit is that it's at the perfect intersection of the technology readiness and adoption curves. It's not too early (and not a toy like before), meaning the technology will work fairly seamlessly, leading to an overall good user experience. It's also ready for mass adoption, as anyone with an iPhone can take advantage of apps built with the SDK.

    ARKit may signify the start of the "frenzy period" in augmented reality - one described well in this chart:


    New technology typically follows an S-curve - initially, innovation seems slow, but once the hard problems are figured out, the excitement in the space changes drastically. Just as mobile is entering the scaling/maturity phases, and consequently the top of the S-Curve, AR is entering a new excitement period.3

    Apple's done a great job of making sure the technology isn't too cutting-edge, as building great products atop these technologies in the early days is difficult. This leaves Google's Tango project somewhat behind. They've fallen plague to crazy AR experiences and specs, while Apple is focusing on experiences and shippability. Similar to the iPhone focusing more on the experience of the phone, rather than the specs, they're executing on the same thesis here with ARKit. They've played their 'last mover' advantage extremely well.

    Another good example of this phenomena in play is Snapchat's Lenses feature. Lenses, if you're not familiar, is a recently-released feature that allows users to superimpose new faces/objects into their environment, as so:


    This feature isn't the most cutting edge technology, but IT WORKS. The adoption and readiness curves intersected at a good time, allowing Snapchat to build a product with strong usability. Maybe they'll release something with ARKit next ;)

  3. It solves the problems currently plaguing AR really well

    By not requiring expensive hardware to play, it allows a much larger set of users to experience AR. While it may not be the most cutting-edge or exciting technology, it'll immediately hit a scale of hundreds of millions of people. Most plays require consumers to adopt expensive, proprietary hardware and software, while this time it doesn't. This is truly building for the masses.

    Additionally, you can take advantage of the App Store and its frictionless access to applications, circumventing the closed nature of AR apps today. I've personally tried out various applications and the experience has been fantastic - even in its current beta stage! Objects, for example, map to their environment really well.

  4. Lots of initial entry applications

    The first popular AR company may not be an AR company at all:


    Existing applications can leverage their data and user engagement advantages to build AR experiences in-app (if they make sense, obviously). This begs the question of what will be built past the initial wave of obvious applications – which is where this space gets really exciting. A few examples of applications I would love: trying out products from an online retailer, more intimate gaming experiences, and more personalized, higher-quality academic instruction.

  5. It's right around the corner
    Sometimes we forget how long stable technology takes to get built. However, ARKit won't fall prey to the 'perpetual beta' syndrome for the foreseeable future – it's available now. The stable release of iOS 11 is coming up in September! Anyone with an A9/A10-equipped device (such as an iPhone 6S or newer) will be able to experience ARKit in their devices.4

  6. Open-source technology drives commoditization

    Traditional AR plays have largely been closed source. Independent game and application developers want to keep their app sources private, and rightly so. The amount of quality AR developer talent is extremely limited, which is where ARKit can capture a lot of developer attention. Now that ARKit is available as an iOS SDK, and the iOS community has a strong culture of open-source software, we'll see a ton of cool applications built atop the technology. This makes the barriers to entry super low.

    Additionally, Apple is building out a strong platform for developers to capture even more attention in the app store, such as pairing ARKit with existing Apple SDKs (Metal, SpiteKit/SceneKit) as well as new ones (CoreML).

  7. "Hacking" new functionality into mobile

    The beauty of technologies like mobile phones, is that while being relatively simple hardware-wise, they incorporate a ton of features into a small package. See:

    (source)

    A good example of this is the many heart rate sensors on the app store. Instead of needing to buy a complex heart rate monitor or counting beats manually, these apps utilize your camera + flashlight to track your heart rate. While this may not be the most accurate system, it still works quite well and all fits into one small package. Ditto for sleep tracking, GPS, crowdfunded maps, and sending data through the audio port. The iPhone (probably) wasn't designed with these applications in mind, but the platform is modular enough to allow them.

    ARKit similarly holds this same potential for interesting non-traditional use cases. I'm excited for simple measuring tools (who carries around a ruler with them???), placement of shopping products in your home, and even more intimate guided city tours. See:

Demos

This post wouldn't be complete without some cool early demos showcasing the power of the technology. Here are some of my favorites:


If you're working on something with ARKit, or interested in building something with it, shoot me a message. AR is about to fuel a new wave of interest in consumer tech and ARKit is the lighter fluid!5

Special thanks to Will RobbinsViktor Makarskyy, and Jay Bensal for reviewing this essay. I can be reached on twitter @niraj.

The Commoditization of Machine Learning

I recently saw a tweet from Ilya Sukhar that particularly resonated with me:

I've been interested in this space for a while. A broad prediction I have for the coming years is that, as a developer, you won't need to be proficient in machine learning to take advantage of its power. The technology is becoming increasingly democratized and opening up access to millions of new developers. Eventually, you won't even need to know how to program to perform data analysis with ML. In data warehousing, data analysts using old, traditional BI stacks will have access to a powerful new set of machine learning tools. In fact, in the future, using ML may be more about manipulating data, rather than hard mathematics or statistics (h/t Wiley for the comparison). We're moving away from obscure mathematical derivatives to teaching surface area to 4th graders.

A close comparison of this advancement is the proliferation of web development as we know it today. The development of a web application looks a whole hell of a lot different than earlier in the internet days. Before, you needed a strong knowledge of TCP/IP, Solaris servers, Oracle databases, etc. to build a web application. Eventually, these tools were abstracted into frameworks (Perl, Ruby on Rails, Bootstrap) and tools (AWS, Heroku, Parse), making the process of building, deploying, and scaling much easier. Taking it one step further, tools are even being built for non-developers to build apps (Treeline being a good example).

In the machine learning world, we're moving away from the TCP/IP days into the Ruby on Rails days. With limited ML background, it's now much easier to build ML applications than it was even a few years ago. With the rapid development of new open source toolkits, we're truly seeing a rapid commoditization of the technology:

This helps match the rapid growth of the field: 

Publication dates of almost 15000 Machine Learning conference papers scraped from IEEExplore [1]

The Ruby on Rails of ML is toolkits like Tensorflow, Caffe, Theano, and convnetjs. I recently worked with a friend on setting up a TF development environment on an AWS EC2 instance, and the process was a breeze. No need to build your own neural net from scratch anymore!

Recently, Makoto Koike, an embedded systems engineer in Japan, noticed that his parents spent a lot of time sorting and categorizing cucumbers on their farm. The process was just as complicated as growing the vegetable itself. He wanted to automate this process to save his parents from the added manual labor. Although he had limited computer vision background, he used Tensorflow, OpenCV tutorials, and a hardware + camera setup to automatically detect the quality and size of cucumbers grown on the farm - to a relatively high degree of accuracy. Fascinating case study

Obviously for more complex needs, you'll need a deep knowledge of the technology and will need to implement most special cases yourself, but such is the case with web applications as well. Tensorflow still, however, covers a wide variety of general use cases. Even experts in the field will use technology like Tensorflow for prototyping efforts. 

Back to Ilya's original tweet, I think there's an opportunity for a startup that liberates basic development with ML. Parse was a great product because it abstracted away the rough edges of building mobile backends. This precise model can be transferred to AI applications:

A good example of a company doing this is Clarifai. They make a dead simple image/video recognition API - and it works really well. I imagine something like this for a few more use cases - categorizing text, voice recognition, intent creation and fulfillment, etc. It's what Shivon Zillis likes to call "'Alchemists' Promising To Turn Your Data Into Gold". Possibilities are endless. Shoot me a message if you're working on this - I'd love to try it out.

______________

[1] https://www.reddit.com/r/dataisbeautiful/comments/4kjivw/publication_dates_of_almost_15000_machine/

Thanks to Ritwik for looking this over. I can be reached @niraj on twitter or by email.

The Ecosystem Effect

Notice: This post was updated into a longer-form, more complete post here.

Helpful Pre-reading:

  1. Network Effects (a16z) and Data Network Effects (Matt Turck)
  2. Full stack Startups (Chris Dixon), Full Stack Startup Index (Anshu Sharma)
  3. Stack Fallacy: Why Big Companies Keep Failing (Anshu Sharma)
  4. Disruption’s Long, Slow, Complex Journey (Steve Sinofsky)
  5. Disruption is not a strategy (Jerry Neumann)

What is the ecosystem effect?

The ecosystem effect is how to build unstoppable companies. As a company grows out from their initial product offering, they vertically and horizontally integrate (“move out”), to continue growing the company.

It’s how big companies become big.

Companies typically enter the level of the stack at the path of least resistance (easiest go-to market strategy). Build that piece well, monetize, and use money to build out long-term vision and strategy of company from there.

Building out and owning more of the process create a scrabble “double points” effect - effectively, the sum of the parts are greater than the individual parts alone (1 + 1 = 3). Building out creates defensibility in a product. This is where the ecosystem effect comes in - it’s the “lock in effect", because the experience of having all the software on platform is much better than piecing together multiple pieces of software. Creating a network of products has greater value than the products individually.

When venturing out into new markets, companies usually have solid product market for their original product, and likely have enough recurring revenue to fund "moonshots" (not the best term to describe, but it's understable). Moonshot teams get resources to build out new, innovative products from scratch. At Google, many popular products today were built during 20% time, effectively their "moonshots" of the day. Originally it targeted horizontal integration, but now that it's effectively maxed out, it's targeting diagonal and vertical integration (hence all the products [x] is working on).

There are different types of network effects. We’ve seen a few:
  • Social network effects (FB, Snapchat)
  • Data network effects (Uber, Palantir)
(social usually leads to data network effects, but that’s a different conversation)

A third is being proposed:
  • Ecosystem network effects (Google, Uber, Netflix): This is a higher-level version of the full-stack startup (defined by Chris Dixon), if you will. This is how you create data network effects on a platform itself. Original thought leading to conversation: Companies that rebuild an industry, rethink the experience, collect a bunch of data, then use this in product decision to improve their offerings and beat incumbents.
Vertical integration is understable, but doesn’t explain the ecosystem effect fully. This is vertical E2E integration.

TODO: List out assumptions (this works best for software startups, think of hardware ecosystems potentially), then explain why they were right assumptions to make.

Examples of Companies Exhibiting “the Ecosystem Effect”

  • Google
    • Initially built the search engine, on top of previous innovations in computing (mainframe, OS, internet browsing).
    • Built on top of the search engine with AdSense, ad tools to help grow and scale their ad business and revenue
    • Expanded horizontally with Gmail, YouTube, Drive, Music. In the process, built OAuth and single-login to all apps as well as slick integrations between products (ie easily embed Drive docs in Gmail). 
    • Eventually went back and rebuilt layers of stack below them (rebuilt the browser - chrome, rebuilt the OS - ChromeOS, rebuilt the PC - Chromebook, the internet - Fiber.
    • Building below and horizontally are usually moonshot projects, that with traction, become full-blown projects (ie Gmail, Trends, Adsense)
    • Google is going into other industries and verticalizing their new products
    • "No One Ever Got Fired for Buying Google" is the new "No One Ever Got Fired for Buying IBM" (credit to Zach Hamed for the comparison)
  • Netflix
    • Originally started as a DVD rental company through the mail. After seeing the potential of streaming, started investing in scalable cloud technology to efficiently deliver video over the web.
    • Now that some previous content licenses are expiring, Netflix is investing in buying shows, some new, some old, and offering them as original content (one level down in stack).
    • Eventually, Netflix will run their own studio (another level down in stack) and produce a good majority of their content.
  • Uber
    • Most recent example (company is getting to the stage where it’s becoming LARGE)
    • They started off with a simple goal - fastest way to take you from A to B. Expanded product offerings vertically with uberPOOL and uberEATS.
    • Now are integrating up to autonomous vehicles in Uber, the step to eliminating human labor from their system. After Otto acquisition, it seems as if they’re integrating on that horizontally (autonomous uber, but for commercial trucking)
    • As per Semil Shah,
      it can apply those resources [from Uber China - Didi deal] to technologies “up the stack” for a world in which your Ubers are autonomous — that could be pods or cars, sensors, robotics, mapping technologies, deep learning, and a host of other requirements to make a fully-integrated self-driving network a reality. With 80% of each fare you pay going to your driver, the company has a huge incentive to bite into that for its next big meal. [1]
  • Salesforce
    • Why did they buy Quip? Why did they buy Heroku? Seems unrelated from sales software, but they’re building an ecosystem of products.
  • Apple?
    • Apple seems to be creating an ecosystem of brands. With the recent Beats acquisition, Didi investment, and potential McLaren purchase, they want to create a collection of brands with potential collaboration between them. Apple might power the software in the McLaren, that is exclusively on Didi, and has Beats-branded audio in-car. 

Case Study: Dropbox vs. Google Drive

Why are more customers choosing Google Drive over Dropbox? Look at their individual product offerings:
  • Dropbox
Paper
Core
Carousel

  • Google
Drive





Browser (Chrome)





OS (ChromeOS)





Computer (Chromebook)





Internet (Fiber)

Notice how seamless Google’s product offerings are. Since they control almost every level of what we interact with, there’s more opportunity to offer niceties and a supreme UX. Take this example: “I used Google+ to schedule a live stream on Google Calendar, presented on YouTube using my Sheets presentation in Chrome. I didn’t once have to leave the Google Ecosystem”. This builds up a large dependency graph from the core product - the more nodes (in this case, products) you add to a graph, the more valuable the network of products become (Metcalfe’s Law). Dropbox may have some horizontal integration, but not the strong vertical (Chrome, ChromeOS, Chromebook, etc.) and horizontal integration (Drive, GMail, Analytics, Calendar, Handouts) Google has.

You could take this from a physics perspective and think of the stack as a hill. As you get to the top of a hill, potential energy increases, and kinetic energy starts to decrease. After you pass the monument of building lower in the stack (at the bottom of the hill), you’ve built up enough potential energy to build horizontally from there, since the previous infrastructure already exists. When Uber created UberEATS, a lot of work was already done, since a network of drivers already existed on the road (rather than having to build from scratch).  

Wiley and I recently recorded a podcast on this phenomena where we explain the idea in more detail + clarity:


--

Please reach out with any feedback or questions! I can be reached on email or @niraj.