Insights For Success

Strategy, Innovation, Leadership and Security

General

What is Bitcoin?

GeneralEdward Kiledjian

Bitcoin is a decentralized digital currency, without a central bank or single administrator, that can be sent from user to user on the peer-to-peer bitcoin network without the need for intermediaries. Transactions are verified by network nodes through cryptography and recorded in a public distributed ledger called a blockchain. Bitcoin was invented in 2008 by an unknown person or group of people using the name Satoshi Nakamoto, and started in 2009 when its source code was released as open-source software.

Bitcoin is often called the first cryptocurrency, although prior systems existed. Bitcoin is more correctly described as the first decentralized digital currency. It is the largest of its kind in terms of total market value.

Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoin as payment. Bitcoin can also be held as an investment. According to research produced by Cambridge University there were between 2.9 million and 5.8 million unique users using a cryptocurrency wallet, as of 2017, most of them using bitcoin.

What is proof of work?

Proof of work is a system that is used to secure the Bitcoin network. Miners are rewarded with bitcoins for their work in verifying and committing transactions to the blockchain. Proof of work is also used to ensure that new blocks are added to the blockchain in chronological order and not randomly.

In order for a new block to be added to the blockchain, miners must solve a complex mathematical problem. The difficulty of this problem varies depending on the total amount of computing power that is being used to mine Bitcoin. When more miners join the network, the problem's difficulty increases, and vice versa.

Why do environmental groups have a problem with proof of work?

Environmental groups have a problem with proof of work because it requires a lot of energy to power the computers that are used for mining. In fact, according to one estimate, the amount of energy required to mine Bitcoin is more than the annual energy consumption of the country of Ireland.

This has led to concerns that proof of work is not sustainable in the long term and that it could have a negative impact on the environment. However, there are some proposed solutions to this problem, such as using renewable energy to power the computers used for mining or using proof of stake instead of proof of work.

What is proof of stake, and can it solve the environmental problems?

Proof of stake is an alternative to proof of work that is used to secure the Ethereum network. Miners are not rewarded with bitcoins for their work but instead earn a share of the transaction fees that are collected by the network.

This system is seen as more energy efficient than proof of work, as it does not require powerful computers to run the mining process. However, proof of stake is still in the early stages of development, and it is not yet clear if it will be able to scale to the same level as proof of work.

Review of Quip's toothbrush as a service

GeneralEdward Kiledjian

This blog article is not advertising and is not a sponsored post.

Quip is a new entrant in the competitive and packed electric toothbrush space. Unlike many of the larger bulkier electric toothbrushes, Quip is a sleek, shiny and well designed modern looking toothbrush.

Like all modern electronic works of art, it comes in different colours, finishes and materials.

It also has the seal of approval from the American Dental Association Seal of Acceptance. The ADA website explains it as "To this day, dentists and consumers recognize it as the gold standard for evaluating safety and efficacy of dental products."

So what how is the Quip compare? Quip is a simpler toothbrush that delivers the basics: it has a vibrating alert timer (to measure brushing each quadrant) and has gently cleaning vibrations that won't harm your gums.

What does it come with? The basic kit comes with a pre-installed battery, brush head and a slim toothbrush holder (attaches to your mirror with micro suction cups but also doubles as a travel cover). I have had it attached to my bathroom mirror for 30 days, and it hasn't fallen off once. I have traveled with it once, rinsed it with warm water when I got back, and it stuck right back on the mirror.

How do you charge the battery? I have used OralB and Philips electric toothbrushes, and they each come with their charging bases (which are usually bulky and consume valuable counter space). The Quip uses a single AAA battery that can be changed within seconds. Since Quip is a Toothbrush As A Service, when you subscribe to their toothbrush head replacement plan, they also send you a replacement battery every three months. If you travel and run out of power, replace it with a cheap AAA, you can buy anywhere, and you don't have to carry a bulky charger.

How does it compare to a "normal" (non-powered) toothbrush? The Quip is definitely better than a normal plastic toothbrush because it offers gentle vibrations and helps with timing. Additionally, they send replacement heads automatically which means you never have to worry about timing replacements.

How does the Quip compare to other electric toothbrushes? It depends. The truth is that the newer electric toothbrushes that vibrate and rotate seem to deliver an easier and better clean. However, the Quip is less than half the cost, easier to travel with and effective when used as directed (in conjunction with flossing and regular dentist visits).

General recommendations included with the introductory guide are:

  • Use a pea-sized amount of toothpaste

  • Brush gently (don’t push too hard or you will injure your gums)

  • Make sure you brush every tooth from all directions

  • Brush for two minutes (30 seconds per quadrant)

  • Brush your tongue (the back of the brush head has a scraper)

  • Don’t rinse your mouth right after brushing

What are the cons?

  • The Quip is better than a plain non-powered toothbrush, but its performance is significantly worse than the modern sonic toothbrushes.

  • The Quip's bristles are better than a non-powered toothbrush, but they aren't as good as the ones on powered brushes that seem to have better reach into hard to reach crevices.

Conclusion: I like the Quip, but it isn't the most effective electric toothbrush. Not a bad offering but you need to determine what your actual needs are. I hope Quip releases another generation of their product with rotating bristles that uses real sonic pulses.

Continuous authentication is the future

GeneralEdward Kiledjian

User authentication is one of the most important and fundamental building blocks of security. Authentication is built on username, password, token, biometrics or any combination of these. Regardless of the model, authentication is performed when the user starts his/her interaction with the target system.

What do you do if you require a higher level of authentication? What if you need to make sure the user interacting with your system is always whom they say they are. This is where the concept of continuous authentication comes in. We started to see this concept implemented for the mass-market with the Apple Watch and Apple Pay. You authenticate Apple Pay once and as long as the watch stays on your wrist (validated with a pulse), you do not need to re-authenticate. Apple pay can be sure that the person wanting to make a payment is the user that authenticated originally.

Continuous Authentication is a paradigm shift moving authentication from an event to a continuous risk management process.

Dynamic risk-based authentication means the system is continuously monitoring changes to environmental parameters and can decide the trustworthiness of users continually.

The shift to continuous authentication is inevitable. Not only will it make authentication more natural for the user but it will allow security administrators to implement much tighter security models.

As an example, if the user walks away from the computer, the system could notice and freeze the interactive session. Another example is a user working on a PC is tricked and launches malware. The system could be intelligent enough to know that a rogue process is attempting to masquerade as the user and block access.

Continuous authentication is to use the full array of modern technologies and others that have yet to be released. Parameters such as keyboard typing speed and style, how the user swipes on a touchscreen device, how the user moves the mouse, the camera input (from modern day cameras), gait analysis using the accelerometer in a smartphone or smartwatch, etc.

Although continuous authentication will be easy for users, expect it to be very complicated for developers. Expect this to be a burgeoning market in the coming years, something most security professionals have to start thinking about. We expect to start seeing serious mass market products around 2020-2021.

Dramatic drop in the number of US Public Companies

GeneralEdward Kiledjian

Going public was considered the ultimate sign of success for any company in a capitalist market. It meant the company had succeeded and the founders and original investors could reap some of the benefits. Public stock also allows companies to raise money, use stocks as a means to acquire and much more.

Would it surprise you to learn that the number of publicly listed American (USA) companies has declined dramatically?

We are currently sitting at about half the number of public companies, compared to the 80s and 90s. More are taken off the market through mergers and acquisitions. In 1996, 9080 companies were listed in the USA. In 2017, that number fell to 4336 (an almost 50% drop).

We are seeing more and more companies stay private longer. Why is this? Many, like the US Chamber of Commerce, believe overly burdensome regulations like Sarbanes Oxley are encouraging companies to stay private. Going public means spending millions on compliance and executives running the risk of jail time.

The numbers show that the decline started around 1997-1998, Sarbanes Oxley was enacted iJuly 30 2002. So SOX could be partly to blame for an acceleration in the rate of decline but it cannot be the sole culprit. The other half of the decline could be attributed to the end of an era of irrational exuberance (where hundreds of unprofitable companies couldn’t find continued funding and folded).

While the number of publicly listed companies fell sharply, the value of those that remained listed grew dramatically.

In 1996, the market capitalization of listed US domestic companies totaled 8.48 trillion dollars. In 2017, it hit 32.121 trillion dollars (all the while the number of companies listed dropped ~50%).

Many market purists now complain that this illustrates an unhealthy concentration of market power in the hands of fewer and fewer companies. Perhaps there is some truth to these concerns but on the other hand, many of the winning companies did so through technological innovation and global expansion.

Does this concentration mean newcomers are starving for funding? The answer is a resounding no. Look at the company everyone loves to hate, Uber. According to Crunchbase, Uber has raised 24.2B$ through 21 rounds of funding. The same can be said for dozens of other companies.

Innovative startups are still able to secure critical funding to build, grow and expand.

Aren’t public companies more transparent? The belief is that private companies are more opaque because there are less disclosure requirements and in most cases the company is managed by a small number of investors. Although government regulations like SOX impose a higher burden on public companies to be transparent, the truth is that a select group of large investors hold the majority of the shares for most companies (think hedge funds, pension funds, etc). So if we agree that public and private companies can be controlled by a select group of large investors, then the only difference is forced transparency through government regulation.

In addition to being VP Information Security for a large tech company, I am also responsible for many of the company’s compliance activities. Would I love the compliance burden to lighten? Of course, but the truth is that these compliance requirements instill a certain level of trust in the market. It is this forced transparency that makes the Western Markets so attractive to investors. Additionally we saw that the US attempt to lighten the regulatory burden on early-stage companies, through the 2012 jobs act. The JOBS act was designed to encourage smaller companies to go public. The argument was that these organizations were delaying going public because of overly-burdensome government regulations. The JOBS act dramatically reduced this burden hoping to spur a mad dash to IPO-heaven for companies under 1B$ in annual revenue. 12 months after go live, the number of companies that IPOed were just 63 which was down 20% from the previous year. It didn’t really help companies improve their performance and it didn’t spur a mad dash to the public markets as anticipated.

None of the available data shows that a reduction in government regulation or control would lead to a statistically significant increase in the number of IPOs

Conclusion

The moral of the story is that the USA is still a world leader in free markets and has the most valuable public companies of any country. Part of this success is due to the perceived transparency USA government regulation creates and hurting this in any way could undermine US public market leadership.

US pubic companies are raising more money than ever before, US public companies are larger than ever before. Foreign companies looking for cross-border listings are overwhelmingly choosing US markets.

The US remains the most attractive public equity market in the world.

Although there are fewer IPO companies today (compared to 20 years ago), modern companies are more stable, are raising more money and are considerably more sustainable.

What is a Progressive Web App

GeneralEdward Kiledjian

Over the last 18 months, I have seen more and more sites prompting me to "Add to Home Screen" from websites I have been browsing. Then you add this site, it installs itself in the background and is now accessible like a native app from your smartphone.

What I have just described is the wondrous workings of a fairly new technology called Progressive Web Apps. This technology (called PWA) works even when you are offline and behaves like a "normal" smartphone app.

What are progressive web apps?

PWAs were created by Alex Russell and Frances Berriman. The technology driving Progressive Web Apps isn’t new. What was required was a new recipe to make Progressive Web Apps behave like native apps. This means that a progressive web app will work (as long as the platform supports it) on an iphone or Androis smartphone, a chromebook or ipad, on Windows or Mac.

True cross platform applications without needed to join an app store with super restrictive controls (I’m looking at you Apple).

Why Progressive Web apps

Like many of you, I live in a world with abundantly fast internet. This simply isn’t the reality everywhere. Even in my own backyard of Ontario (Canada), there are communities where internet is delivered via very slow ADSL,

PWAs, once installed, cache the content locally which means they will respond quickly even for those on slow internet connections.

Statistics show that users still prefer native apps to web pages. There are a tone of reasons for this from convenience (single click from your home screen), ability to get push notifications, etc. The web simply doesn’t offer the same bells and whistles.

PWAs offer most (if not all) native functions. They startup with a single click from the home screen and can hook into most native features. PWAs can even offer notifications (like a native app) and therefore remind the user to open and engage with the app.

What is required to build a progressive web app?

This is not a technical instructional article but you need 4 elements to build a Progressive Web App:

Google Firebase Web App Manifest Generator

  1. Web App Manifest - It is a JSON file with meta data about the web app, It contains information such as the icon, background color, app name, etc.

  2. Service Workers - Even driven agents that work in the background. They perform tasks like updating the web app or its content.

  3. Icon - You need an icon to represent the Progressive Web App on the home screen

  4. HTTPS - The app and its content must be securely delivered over a TLS session.

Progressive Web app examples

You will find new PWAs every day but here are a couple of cool ones to get you started: