Hey guys, today we get to hang out with Ben Laurie who is one of my all time favorite geeks. You’re running code right now that Ben wrote. He built ApacheSSL, which is probably like half of the web servers on the internet that are secure running that code. He maintains OpenSSL, which is in everything else.
Ben is one of the few folks who’s a true coder and cryptographer. And there are very few people who really understand both sides of that and what it really means to write secure code and how hard that is. So if you’re interested in hacking, if you’re interested in computer security, if you’re just a coder of any description this episode is absolutely for you.
Beyond that, our conversation goes deep into the philosophy behind cryptocurrency. Ben has pretty counter views on Bitcoin to all the currency speculators out there. There are super interesting to hear. And if you want to learn about how to think about the crypto toolkit and what’s possible there I highly recommend spending time listening to this episode.
I couldn’t be more proud of the chance that I had to pick Ben’s brain for a couple of hours. I’ve known Ben for 20 years. He’s a member of the Shmoo Group, which is nonprofit think tank for computer hackers. He also is on the board of the Apache foundation. He’s a principal engineer at Google and was at DeepMind for awhile as well. Ben developed a program at Google for certificate transparency, which is a really important way of understanding what’s possible using the crypto toolkit to change the way that we provide accountability around data and how it’s handled.
I think you’re going to learn a lot. I really hope you enjoy this and definitely reach out with questions for me and for Ben and I’ll try to get to them next time we chat.
Pablos: One of the things that is super unique about you, in my estimation, maybe there are 100 people on Earth who both understand cryptography and know how to code. That 100 people is not a lot, especially these days. In some sense, for the first time, we’ve got a lot of interest in the crypto tool kit because of Bitcoin. I want to ask you a bunch of questions about that stuff. Certainly, we both have had an interest in cryptography. Mine goes back many years. Yours is probably even more than that. You have a super deep math background so I’ve always thought of you, of all the people I know, as one who has the deepest understanding practically of what it means to implement this stuff, how hard that is to get it right and how easy it is to get it wrong.
We have this situation where because of Bitcoin, people have gotten excited about what they call crypto, but what they mean is currency speculation. Everybody likes to gamble and this has been the most winningest gambling that’s been going on. It seems to me anybody who has any knowledge at all about crypto is tied up making some alternative to Bitcoin or some other blockchain-related project. I’m curious what you think about that stuff. We don’t have to talk about the mechanics of blockchain or Bitcoin. That’s been done to death, but I’m curious what you think of the state of society and the frenzy that we’re in over blockchain. I’m going to try not to jump in with my opinion here.
Ben: There are lots of things to say about blockchain, but the first thing to say about blockchain is that I don’t think anybody knows what they mean when they say blockchain. Blockchain is like magic math stuff that’s going to make us all rich. It’s going to equalize society. This is all nonsense, but one of the things I like to say around Bitcoin is that there are two things going on. There’s one incredibly stupid thing and there’s one sensible thing. The incredibly stupid thing is I’m going to take a $100 bill and I’m going to burn it. I’m going to bottle the smoke and you should believe that that bottle is worth $100. There was a second thing going on which is, I’m going to produce this verifiable ledger of stuff. That verifiable ledger has cryptographic certainty of loyalty. Those verifiable ledgers are useful. In fact, what I’ve done for the last years is trying to build a sensible part of the verifiable ledger and that’s what the Certificate Transparency is.
I’ve resisted calling it blockchain for a long time because as soon as I say, “I’m doing blockchain,” everyone’s like, “Now, you like Bitcoin.” I don’t like the idea of Bitcoin, but I do like this idea of verifiable ledgers. I think the interesting question is, “What is interesting about verifiable ledgers?” A lot of people are like, “You could take Bitcoin or almost any blockchain project and say, “I got a database and you’ll be doing the same thing.” What’s the difference between a database and a verifiable ledger? The difference is that it’s a thing that not only can you say, “Here is a database of stuff,” but also, “Here are cryptographic proofs that the stuff is in the ledger and the ledger has this appending the property.” You can go back and lie about what it used to say or what it does say.
If you ever do, then you get checkable proof that you have lied. Certificate Transparency, in a bit of ancient history. In November 2011, the certification authority, the people who are responsible for issuing certificates for SSL. When you go to Amazon, you get the little padlock that says, “You are in Amazon,” the reason you get padlock is because a certification authority has said, “This public key corresponds to Amazon,” and then the site you connected to proves that it has possession of the private key that corresponds to the public gate. Now, you have a secure connection with Amazon, but you’re relying on that certification authority to get it right and not let some other person claim to be Amazon.
In November 2011, it became apparent that the certification authority had issued 500 certificates for websites that they should not have issued certificates for. Those were all of the popular websites, Amazon, Google, Microsoft, Yahoo! and Facebook. Those were then used by the Iranian government to do manual attacks on civilians. Two things were interesting about that. One is that the attack existed in the wild for two months without anybody knowing it was going on. That was bad in itself. The second thing was that nobody ever knew what the complete list of certificates that they had issued. The aftermath was the certification authority has issued all of these certificates that they shouldn’t have done, what do we do about it?
We have no alternative other than to say, “We have to distrust every certificate issued by the certification authority.” As it happens, the Dutch government CA were also issuing all these certificates that the Dutch government used for various things. When we shut them down and distrusted all these certificates, this was bad news if you’re a Dutch. There were a bunch of knock-on things. The three that I happened to know about, whether you could no longer buy or sell cars because you couldn’t register the sale anymore in Holland. The ability to electronically clear customs went away. Bottle imports stalled because you couldn’t play the customs. They also lost the ability to buy and sell electricity on the international markets. This was a mess. The question arises is, “What could we do about that now?”
As it happens, we started Certificate Transparency and this is not a story I could tell because the underlying reason for us thinking about this was a secret. Google was making it difficult to see. We had decided internally that if we were going to do this, we should make it transparent. We should publish all the certificates that we issue so the people could check that we had issued them correctly. I proposed that we could not only publish it, but we could do it in an improbable way, so we will use the verifiable ledgers. We could commit the certificates that were issued. We could even close the loop so the brands are checked, that we had committed that there wasn’t the log. We couldn’t issue a certificate that was accepted by a browser that had not been published.
The cool thing about publishing it and these verifiable logs was that you could make the claim that if you saw a certificate and you had approved that it was in the log, then you also knew the owner of that domain could see it in the log as well. If it had been incorrectly issued, they would have an opportunity to notice that and they could revoke it. Suddenly, you are not in this position that there could be these things floating around in the wild that you didn’t know whether it was Amazon or Google or not. We’d had this idea for our own CA prior to DigiNotar. When it happened, I went to my bosses at Google and said, “We could do this for every CA.” They were like, “That’s a good idea. Off you go, make it happen?”
Several years down the line, we’ve done that and we’ve got all of the CAs to sign up to it. From April 2020, Chrome, IE and Firefox are all going to require that every certificate that they see has to be published in one of these public logs. That’s interesting in itself. If you imagine a world where DigiNotar occurred after we had done that, DigiNotar was hacked and that’s an issue. There were two months between them getting hacked and anyone becoming aware that this had occurred. We would bring that down to one day instead of two months, plus instead of having to shut down the whole CA, we would have a complete list for all those certificates that were issued.
We’ll be able to say, “These are all the ones that were bad. We could just blacklist those. The rest will continue to function.” We would not have caused all that chaos, like in the Dutch ecosystem. Another thing that’s interesting is that publishing these logs caused this ecosystem of analysis around certificates that had not occurred before. Even though you could write that in public, you can crawl in that list of people who’ve done it before in the certificate authority observatory, but we haven’t done much with it. It wasn’t until we did CT that people started to go, “We can look at all of these things and find out other stuff that’s going on.”
Decentralization is an impossible dream. Click To TweetWould you characterize this as an alternative, not currency-related use of what we call “blockchain?” Essentially, this is a different application. I like to characterize it as one of the tools in the crypto toolkit because where you and I come from, there’s a whole bunch of them going way back. Now that people are starting to clue in, the blockchain is the first one they heard about, but it’s the last one added to the toolbox and we have so many. What I imagine is that because of the success and in some sense of Bitcoin, it’s attracting a bunch of attention to blockchain, which is then getting people into the crypto toolkit. Hopefully, we’ll get a whole generation of coders out of this who are thinking with these tools and designing and engineering with these tools. They’ll be able to build things that we’ve always imagined would be possible. Since there weren’t very many people around to do it, it was very difficult to design products around those tools.
To some extent, yes. One of the interesting things about CT is that it uses tools that were invented a long time ago. There’s nothing new in that toolbox. We’re not using it for what they were originally thought to be useful for. The reason I’m not so sure is that they say much further around this idea of cryptocurrencies and decentralization, which is an impossible dream. People are blinded to the true importance of these things. They are excited about what is effectively nonsense.
They’re excited about currency speculation.
If you look at Bitcoin or any of these cryptocurrencies, there’s a huge amount of fraud, theft and stuff like that. If you look at the history of money and the history of people doing business with each other, that’s exactly what happened. You started off with where we invented money and then people started to figure out how to rip each other off. People started to go, “We should have some rules around this stuff.” Gradually, we ended up with the restrictive “regime” around what you’re allowed to do money censorship, as people like to call it, which means controlling how you spend money and making sure it’s done in a lawful way. I think 99% of the people who are excited about Bitcoin or this kind of crypto anarchist dream and not about the interesting new prophecies that you can get by using these things in a sensible way.
What I think about it is there seems to be a bit of a maturation process that at least we have gone through and probably other people too, who first spent a lot of time thinking about these things on the cypherpunk’s email list in the ‘90s. I feel like we’re living out a lot of what we were discussing and thinking about in those days. Personally, I have a lot of those dreams of decentralization in me. They’re probably tamer now. Why do you think that this is an impossible dream?
I published a proof of why decentralized consensus is impossible.
If it’s been proven, I would like to know.
One of the slippery notions in this is, “What the hell do you mean by decentralized?” I think that the core idea that I can somehow figure out what some unknown group of people has agreed is fundamentally flawed for a reason. This obvious reason is that, if I don’t know who the totality of everyone is, then I don’t know whether I have captured enough of that unknown group of people to know what their decision is. I’ve got to imagine myself being in this position where I’ve captured enough, but there’s somebody else that I don’t know who sees some other portion of that decentralized group that has captured some other idea of what the outcome was. One of us must be wrong. I don’t know that I’m the wrong one or they are the wrong one. Any argument that says there’s some way you can make those two things always converge somehow has to rely on us not being decentralized. I still rely on this to be more distributed and decentralized. That’s all my proof says in a mathematical way.
I’ll presume that’s true. The thing I’m curious about is I feel like what was happening at least in my experience back with the cypherpunk days was we believed that we could embody our values in the protocols. We believe that crypto was giving us the tools we needed to do that. Specifically, the values were to ensure that nobody got an asymmetric advantage on the network and to make sure that everybody got an equal level playing field. Not only that’s what TCP IP did, at least compared to other network protocols at the time. Building on that, what we wanted to create and part of the reason for so much of the attention going into cryptocurrency in the late ‘90s was that we knew we needed a way to exchange money, where nobody got an asymmetric advantage on it.
When you have a centralized mentor or somebody issuing the currency, then they get that advantage. That was the point of trying to emulate some of the properties of cash, the unanimity. What a lot of the ideas in those days were about around bearer currencies, where we would make it, so whoever held the pile of bits had the money. It’s like holding cash. What we ended up with instead of going from double-entry bookkeeping to single entry, we went to triple-entry, which is what blockchain gives us. We’ve got this currency that nobody controls. It’s not the value that people are getting out of it now, but in the long run, I still imagine and believe that that’s important. Because of these technologies, the crypto toolkit, we’re going to end up with some currency that’s decentralized in a sense online that nobody has an asymmetric advantage on and that’s important.
The idea that you can do this purely through protocols is fancy. I think it’s true, but it carries a lot of disadvantages with it. I can take a dollar out of my pocket and give it to you and we’re done. On the other hand, you can lose cash. It can fall out of your pocket. It can fall into the ocean and they can all get wet. In terms of putting all of my available assets, something that is so easy to lose is not a great idea. This is why we invented banks and checks.
That’s exactly what’s played out. People have these Bitcoins, they don’t even realize that you can download them, put them on a floppy disc, stick it under your mattress and call it good. They’re putting them in a bank online, which is absurd to me because those guys keep getting hacked, but that’s the model.
The disadvantage if they put it on a floppy and stick it under their bed is if their bed burns, then it’s gone. I want to tie up significant portions of my asset and something that’s so fragile and it’s even worse than that. I don’t want to put it under my bed unprotected because then my teenager can come in and spend my millions. That’s not a good plan either. I probably want a group and be protected and then I forget my password. That’s happened.
I know I probably have millions of dollars in Bitcoins because I was mining in 2007 or 2008. I have no idea how to get that money back.
This is the reason that we invent all these institutions around safeguarding the value by making it so it isn’t in this bearer thing so you can easily lose or destroy it.
Fair enough, but the option is still mine. The point is I can still choose if this is the same argument for any data protection scenario. You have to consider your threat model, your adversaries are, how well-endowed they are and what the actual threat is. It’s a risk management problem, but the point is I have the freedom to choose what’s appropriate for me.
The point is that if I have a system where I can hold the central authorities to account, I can see everything that they’ve done. If they ever break the rules, I can produce cryptographic proof that they have broken the rules. It seems to me that it is as good in practice even though you probably want to have those. You probably want to have ways to get things back that you’ve lost. The fact that you can produce these cryptographic proof means that centralization is okay, but the center is powerless because you have this evidence that they cannot argue with that shows what they have and haven’t done.
If a government were to issue a cryptocurrency in a fashion where I could always see how much was issued, it would essentially eliminate their ability to secretly inflate the currency. That’s interesting.
The price you pay for Bitcoin, people have made sensible suggestions to allegedly decentralized systems. If you want to put my decentralization, it is impossible going into a Bitcoin framing. The cost of doing that is burning insane electricity. It’s 0.5% of global energy production. That is ridiculous. When you contrast it against the alternative, which is to keep trees, doing hashes, it is cheap. I haven’t done the Bitcoin, but having done the equivalent some for CT, if reproducing the entire Bitcoin ecosystem in a verifiable, but not the decentralized way. I’d be surprised if the hash would cost me more than 1 or 2 CTs, instead of 0.5% of global energy.
To put my previous arguments about not knowing whether you were in the right or wrong consensus. The argument is that there’s an economic incentive for people to play along with whatever is the consensus. The argument says that Bitcoin mining is at such and such point and the ledger says, “We’ve all got such and such money.” I went out mining the next block, wasting energy to show you that where you can chain on to whatever has gone on so far. The idea is that nobody would want to go back five blocks and mine five blocks, which is going to cost you five times as much energy to get a longer chain because they might as well mine one block on top of the existing chain. The problem is, “Why are you mining five blocks? Other people are mining one block.” You have to do it five times as fast.
My counterargument to that is two things. One, not everyone is motivated by economics. You’re basically saying, “You would only mine the sensible block because mining the other block would cost you more.” It’s not necessarily going to explain why I mine blocks or why I might want to undermine Bitcoin. Another thing is that if you take this to the limit, the argument that, “If I do enough mining, I could own all the money in the world. I could go back and everything that you think you’ve done, all of these transactions, all this money that you think you mined, you didn’t mine aby of that. I mined it all. I now own all the money.” It’s a pretty strong economic incentive. That’s where we’re spending a lot of electricity on.
With Bitcoin, in particular, it seems that the technical challenges that come up have to be dealt with by the people developing the protocol. They’re advancing the protocol. You could imagine at some point even migrating Bitcoin to another design that got rid of mining or got rid of the current scheme for mining and get that energy consumption down. Do you think that thing will happen?
Censorship means controlling how you spend money and making sure it's done in a lawful way. Click To TweetYes. There’s the idea of currencies that are exchanged in a purely virtual way, where you have cash anonymity, but in a purely electronic format. They’re good ideas. The bad idea in Bitcoin is if you take $100 bills, burn them and bottle the smoke and that’s $100, that’s dumb. Saying, “I have a ledger of stuff so I can make strong cryptographic statements,” is a good idea. There are examples of theoretical systems, but not wildly speculative theoretical systems.
Things that just need some work.
They don’t need work. We know that they will work, just use hash functions and public-key signatures and nothing spectacular. RS coming is an interesting example by some people at UCL and centrally banked cryptocurrency. You fear money, but on a verifiable ledger of stuff. That’s cheap, but it still gives you all the prophecies of cash if you wanted to. It gives you verifiability, whatever you want from a cryptocurrency other than, “I can get rich by doing an ICF.”
A theory or the idea is we’re going to do smart contracts. As far as I can tell, nobody’s doing that, but it has served as a platform to do things like watching ICOs and those things.
People have done smart contracts and there’s the DIA. That was awesome.
What’s that?
DIA, which is done on that, it is a mega smart contract thing that had a bug in it and somebody immediately extracted the DIA. That caused the split in Ethereum in a way. One folk is weird, met the bug in DIA, junk all her money went to the person who found the bug. The other one was I know we backed off time, but before that, we did a revised version of the contract. We live in a smart contract entirely.
I had blinders on to so much of this because I can’t stand the noise floor of currency speculators. It’s been difficult, but now I have to pay attention because it’s too far gone. The point I was trying to make is with something like EOS, which is meant to be a next-generation Ethereum, where they want to solve some of those problems technically. They imagined creating a platform, an operating system in the cloud where that database of the shared ledger enables a whole bunch of decentralized applications. I think people imagined using that as a kingpin, they’re going to be able to take some of these walled garden services that exist on Facebook, Instagram and all these places where it’s not the internet we dreamt about. I can’t get my data. I can’t do anything other than what Facebook wants me to do with it. I think what, at least some of the more fringe radicals now, are imagining is that the thing that kept us from decentralizing that before it was that we didn’t have this shared database. I’m curious what you think about those notions.
I think that makes sense. Certificate Transparency is an example in a small microcosm way. You can apply these ideas to take a system that was countable and slightly broken. We’re broken that you were relying on random people who would race to the bottom end cost to maintain them.
It’s like 1,000 root certs in your browser. It’s like having your 1,000 nearest neighbors have a key to your front door and you are saying, “It will probably be secure.”
It turns out that mostly it is, but sometimes it isn’t and you don’t know quite what happened to your front door. I certainly think that this whole idea of verifiable databases, there are lots of interesting things. Not only that but you can democratize things that have traditionally required some central authority. It’s not going to central aggregation or you can have these distributed ledgers where you all agree on truth, then you publish it, and it’s not going back on it. I think you can do those quite cheaply and there is an interesting feature there.
There’s a bunch of different things that are going on here. One of them is people are looking at blockchain as a way of taking back, if nothing else, at least spiritually, it’s acting as a marker for people wanting to take back the internet from these huge established players who built wall gardens where they control your data. They control the whole experience. That’s not what was going on in the ‘90s when we were all building web apps. Everybody had an equal footing and nobody has an equal footing anymore. Almost everything you do online, you’re beholden in some way to Facebook, Google, Amazon or Apple.
One of the fascinating things was we used to be able to view source on a webpage and see how they did it. This is always true on BSD or Linux or wherever you’re going to go see the source of anything. For learning how to make things, it’s like opening the hood of a ‘57 Chevy and you could observe it and figure out how it worked. Now, so much of the code is in the cloud. You’re never going to see that. Even in the ‘90s, I could buy software and I could look at the binaries. I could at least observe the stuff I was running. Now, you can’t buy anything. Everything’s owned by someone else. It’s running on their servers. I can’t attack anything.
I used to go buy a Cisco router and attack my Cisco router and figure out, “I’m not breaking any laws. I’m not missing anybody stuff up.” Now, everything is in the cloud. You can’t go attacking Facebook or Google or anything because it is their stuff, not mine. It’s a different world that we live in. I grew up with Apple II. My daughter has an iPad and it’s a radically different experience. Hers is a billion times better, but she never gets to see how it works. I’m discombobulated about a bunch of stuff here, but we grew up in a world where we can learn through this observation and trial and error. I think both of those things have been eroded in the world. You can’t observe how things work. You can’t get away with trial and error.
That’s not just true for cars. That is true for everything with all the software, computers and iPad. The cloud collectively takes those features of the world away from most of the things we’re using. We can’t learn them through observation. There’s this meaningful spirit behind things like EOS, where we imagined we’re going to take back Facebook Messenger and make our own that we control. We’re going to take back Facebook’s event thing and make it something we control. We are going to take back that feed that Facebook used to elect the wrong guy. We’re going to take that back and we’re going to make our own that we control. Probably, there’ll be a market failure for a long time and we won’t be nearly as useful as actual Facebook, but that’s the sentiment.
I feel like in some cases, we’ve been winning. Cypherpunk brought BitTorrent. It is 35% of the internet. You can’t make it go away. It’s a decentralized. It uses that crypto toolkit to give us something that we felt was important. The whole dark web, you could argue about the merits of that, but that’s cypherpunk’s making tour. That’s descendant of things like Mixmaster, remailers and those things. That was embodying our values in the protocols. I don’t know what percentage of the internet is dark web now, but it exists and it’s here to stay. You can’t get rid of it. I don’t want to make a case for WikiLeaks, but the same community brings you those things. Most certainly Bitcoin. On a long timescale, we are winning a bunch of these battles. All the things that we tried to imagine in those days are coming to pass on a longer time horizon and decentralized. This is why I questioned your arguments about making things decentralized.
There are multiple pieces there. One piece is around complexity. The web has not changed in the sense that it still runs in my browser in terms of the bit that is involved in rendering. When you get down to it, those backend systems pretty much stay spaces. One of the giants, they say you can’t Google is that Google program’s job is taking one protocol and converting it into another protocol because that’s what happens on the backend. All the interesting stuff happens on the frontend, where you render stuff. What has changed there is that has become enormously every way become super powerful. They have incredibly fine-grain control on how exactly things look. I know if I open a modern web page and say, “Web page, what are you up to?” I get a megabyte of JavaScript, HTML and CSS. It’s a little compressed that it is super hard to understand what it’s doing, but that’s true.
As you are talking about that, I was thinking that in some instances, generations of this stuff, in the ‘60s, ‘70s or ‘50s, you could take apart a car and you can fully understand how the car worked. You can make a piston at home or any useful part of an engine. There are probably some belts and things like that that I can make my own version of. I couldn’t make an engine, but on the other hand, there’s off the shelf part I can put it together. We’ve gotten to a stage where we’re in this permanent end state or whether it’s an intermediate state where suddenly we’re exposing the items. We were like, “There are little items in this thing.” It is hard to understand how all of these items work together. Maybe there’s a future where these things are super complicated, but they become building blocks. It’s like, “There’s a piston. I can’t make a piston, but I know how to make an engine.”
That’s certainly the case. You could go get a Computer Science degree now without ever learning what a chip is doing or even learning to read hexadecimal because it’s Lego bricks. In an IDE, you are sticking Lego bricks together.
I grew up in an era where mainframe computers were great bulky things that took up whole rooms, but they weren’t sophisticated. Microsoft was just starting to come out. They were at a stage where I could still imagine a bunch of transistors, the thing that the Micro did. If I learned to program an 80/80, I can stick a logic analyzer on it and I could see exactly instructions and so forth. I stuck a Logic Analyzer on a Pentium II. There was no way to know what was on the chip because of all of the caching. What came out of the chip, almost no relationship with what was going on inside it. I did this because I was trying to debug a program.
One of the interesting things about that is that Intel will recognize this as a problem and you could switch all that shit off. If you wanted to debug a hardware, you could say, “Please stop all the caching so I can see what you’re up to.” Suddenly, it became comprehensible again and you could get your Logic Analyzer to disassemble, and all sorts of stuff. With it switched on, it was gibberish and I had no idea what’s going on. I sometimes think it comes from the last generation of software engineers who could see the whole stack if you think about transistors and chips, assemblies of these things.
As we were discussing it, the speed of CPU has come from spectrum meltdown. It’s the ability for them to do these almost magical things with speculative execution, branch prediction, caching, and all of that stuff. You can no longer observe the outside of the chip and have any idea what’s going on inside the chip. You could argue that back in the day where I understood transistors, I probably didn’t understand how a transistor worked. They probably do better now than it did then. It’s a thing and it works, but I don’t know what’s going on inside. It’s a question of where you draw your boundaries and what are the building blocks and what you understand about the building blocks.
Not everyone is motivated by economics. Click To TweetI think that’s fair. Truthfully, the trend has always been that you spend some of this extra computational ability on making things easier for whoever’s building with the blocks. I keep thinking about, in those days, especially on mainframes and on the early microcomputers and stuff, you had to make everything efficient because you didn’t have cycles to waste. You had to engineer everything perfectly. You had to test it end to end. It’s the way we do so much engineering. We try and design things that are perfect and you look at biological entities like you and me, we’re like 99% error correction. Cells are dying off all the time and somehow it mostly works and you’re still here. I think of that as probably the transition we’re going through.
Now that we have a surplus of computational ability, we’re getting to a point where we’re wasting a lot of it on error correction. We’ll probably get to a point in the future when computers are mostly error correction and they’re mostly going wrong all the time. It generally steers us in the right direction. A lot of the things we have are like that. I remember loading the software to drive an HP printer. It’s like an inkjet printer and I’ve got 600 megs of shit loading on my computer to run the printer. It’s got every piece of software on demand. There are a database and a web server and all this stuff that’s running in the background on my machine just to print. It’s because it was easier to grab these gargantuan building blocks for whoever was making the printer software than it was to think about what was needed. I think there’s a full copy of Apache installed with every HP printer.
Google started to realize that maybe that’s not such a great idea because you’re exposed.
You can get all those security flaws too. There’s no system update for it.
As you stand in the line, the printer is 100% vulnerable.
It is certified pre-owned.
When you get this cycle of simplification, it’s cheaper for me to maintain the simplified software even though I do have to customize it more. I have to think more about what goes into than to deal with the aftermath of deploying this giant massive crap. There are cycles in all of this stuff. There’s a little cycle around what you consider to be the building blocks. We start to get things but that’s insane. Why would you want to run down to the server? If I ignore all of the frameworks that I’m having to load, these ten lines of JavaScript do some quite useful stuff and I understand fully what it does. That’s a shift on what you consider to be the fundamentals. I consider the fundamentals to be set 80 instructions. I included this library that does a thing. I know exactly what that thing is. I can forget the internal workings of that library and look at the thing that I see.
The building block is like a VM. It’s like, “If you need to sort, here’s a VM that does sort via this pretend Rest API.”
Every time you go up the stack, there’s always a piece that’s going to say, “Don’t worry about that because that’s the mechanism,” and the interesting bit is what you did with the mechanism.
What do you think are the cool things that we could build with the crypto toolkit that is under-appreciated or underrepresented or that nobody’s talking about?
The thing I’m obsessed with is the Certificate Transparency as I said. This whole idea of using verifiable ledgers, which is a boring tool of Bitcoin. Bitcoin is half fun and half craziness. You can use those to build a record of the behavior of people in the system. You can have rules about how people ought to behave. If you construct carefully what it is you put in the ledger, you can determine whether people have abided those rules or not, and you can have strong cryptographic proof so that whether they did or didn’t behave, you can then use them to hold them to account.
The interesting thing is you start to care a lot less about authorities. This comes back to our conversation. We want to not have an asymmetric advantage. Nobody in the system should have an asymmetric advantage if we know the rules. The people who nominally have the asymmetric advantage have to follow the rules. They don’t have advantages anymore. That’s what I mean by verifiable transparency is this ability to check that people have done what they’re supposed to do and hold them to account when they don’t in a way that can’t be disputed. It’s now a matter of opinion. Did you abide the rules or didn’t you? It’s like, “Here’s my cryptographic proof.”
It needs to rearchitect a lot of the things that we do online with this structure that brings that.
It’s figuring out what it is you can put into those pages, how you close that loop, and how you make those proofs water tight.
With the Certificate Transparency, you have a working model of one case where this has been done. What are good candidates for where else to go?
Money is another one but I think there are all sorts of things. One of the things that we heard about a while back in this blockchain frenzy, almost anybody says, “You should put it on the blockchain.” I think there’s a candidate for this stuff. There are things like a land registry. These are particularly in less first world places. There’s a lot of fraud around those kinds of things. The difficulty with those frauds is not so much that they occur, but you don’t discover them until it’s way too late to do anything about it. I think a lot of these things will be much more tractable. As soon as it happened, you knew that it happened because you can do something about it.
Doing things on your house anymore is not all that useful in those environments. Whereas if I knew like five minutes after the official tip of a bribe that somebody had taken a bribe, then I have some chance of doing something about it. That thing is where this stuff ought to be going, which is funny because it’s the opposite of the crypto-anarchist rule of law. Mass is everything. Mass gives you a system that is internally self-consistent, but when it doesn’t obey the rules, then what do I do? I go to the masses.
One of the things I get asked about a lot is the so-called cyber security. Whenever hackers use the word “cyber,” it’s such a dumb word. Nobody who’s legit at all will use that word, but we’ve lost that battle. We’ve had all these security problems. When you’re working on security, part of your job is to become a paranoic and imagine everything that could go wrong. Imagine every attack that could come and every threat. In some sense, it’s sad. It’s turned a lot of my friends into obnoxious, paranoid people. They’re not very happy. With that said, what I’ve seen play out over decades is all those things we imagined have come to pass.
All the failures that happened with DOS and everything else, we saw that coming. We were right about all of them, but in almost every case, what’s happened as far as I can tell is shit hits the fan and then we reboot, run system update, kick out the bad guys, patch things and life goes on. I remember with Mirai, the biggest botnet in history at the time, 1.2 terabytes per second of bullshit traffic. It brought Netflix down for twelve minutes. That’s our poster child for catastrophe and it’s not so bad. It was probably a net gain for the society that people couldn’t watch Netflix for twelve minutes. We’ve had all these scary stories, like hackers could get in and control of the power grid and shut it down.
In 2019, they did in Ukraine. They rebooted. They did some clever stuff where they rewrote the firmware on this Serial to Ethernet Converter so they couldn’t reboot. The point is the power grid came back. It’s fine. There’s a little bit of damage, but people have this almost paralyzing relationship with computer security. It keeps them from doing things. I don’t have that. I feel like I’ve seen it all before. I’m not worried. We’re full scale “cyber warfare” between nation states. This stuff is going on and it’s all significant. It does matter. It feels to me like you build comfort with it in a sense and you get a sense of wisdom about it, where you know that it’s not the end of the world, but people are still treating it as if it’s going to be. What do you think about that?
Like you, I’m not that worried. One of the reasons I’m not that worried is that I worked in security for a long time. I worked for Google where we get attacked a lot. I’ve seen pretty frightening things. You figure it out, clean it up and carry on. There are two things going on. One is the decisions of building things that are falling apart on a regular basis, regardless whether they’re being hacked or not. That happens all the time. We’re always in this position, this thing that we thought to be reliable that isn’t. It comes and is patching up after it’s fallen apart. Sometimes it’s because somebody attacked us and sometimes it’s because we’re shit at programming. The reality is that you figure it out, patch things up, reboot, carry on and it’s all good.
Sometimes you get some advantage in the house never that bad. The down the line concern is that they could be an outage that is hard to recover from and for security is that we build a stack of software that’s complicated that when it goes wrong, we can’t figure out how to fix it. I think we’re a long way from that because we’re bad at building it. There’s micro-scale all the time. Little bits of stacks always falling apart. We’re always like, “That bit fell over and it corrupted these discs over here and we lost that data. We’ll figure it out.” What worries me more is if we get to the point where it’s like 99.99% good, and then you hit the 0.1%, and then we’re fucked.
Mass is everything. Mass gives you a system that is internally self-consistent. Click To TweetI remember it was such a problem in the ‘80s if your computer crashed at the wrong time. We solved that because computers crashed all the time and now, they never crash. I don’t worry about it because I know that no data is going to be lost. We solved that a long time ago.
That’s part of my point. One of the reasons it was a pain in the ass in the ‘80s, you couldn’t autosave. Your work is going away for five minutes.
You can’t type and save at the same time.
That is the trend that will continue to rebuild this layered defense against unreliability, mostly because it’s unreliable. It saves us when it’s insecure as well. We are getting better at being reliable and having less bugs and maybe there is this future where we’re good at it that when a bug does hit, it’s horrific or it’s in pieces of software that have been untouched for years. Everyone is like, “There’s nobody around software anymore.”
Dan Kaminsky goes, “Who knows how DNS works anymore?” I get lots of questions from kids all over the world who think they want to be hackers. Probably because my job seems cool and they want that. I don’t know what to tell them.
Tell them hacking is easy and fixing things is way harder. That’s the interesting thing to do. This is one of the things I’ve been trying to do, “Don’t bring me attack.” Any fool can attack a system. If you must bring me an attack, bring me a defense. Even better, bring me a defense that is clever for that so I can move across systems and isn’t a defense against your particular attack. It was a defense against that whole class with attacks for a whole class or software, not just the one that got attacked. Speaking of asymmetric advantage, the attack has always had a nice advantage. That’s defending a piece of software. I have to fix every bug. To attack it, you only have to find one. If you want to be one of the cool kids, then you should figure out how to stop things from breaking, not how to break them.
What about before that, where to start and how you learn?
I’ve never been much of an attacker on the system. I’ve always been a defender. People often say, “The only way to learn is by breaking things first so you can fix it.”
I think that might be what I said.
You can learn by asking how it works than actually doing it. How would I stop that thing from working? You have to find novel attacks, interesting things to worry about. You can think about, what if I admit that we don’t know how to stop the attacks? What could I do about that? That’s interesting. It’s the principle of least authority and strong compartmentalization. There are interesting things that you can do that’s beneficial here after their hands to attack the things that were inside the boxes, you’ve got to know how to build the boxes and made those boxes useful.
What about high school kids who don’t know what to do with themselves, but they’re interested and computers? Can you think of where they should start? Should they start learning math, coding? If you had to give some advice.
I think the think about coding in general, even leaving aside security, attacking or defending is a lot of work. I’m going to decide one day that I’m going to take a block of metal to build a car, then the tech to do that. It’s hard to learn to do this stuff without having some problem that you want to solve. The main barrier to getting into this stuff is having something that you want to do. Once you’ve got something that you want to do, we’ll find ways to do things that you need to learn exactly. I think the main challenge is finding things that you want to do that are worth expanding all that effort because writing any serious piece of code. It is multimodal piece of work. There are even little toys that take at least a day or two. The last one is your experience. It’s having a thing that interests you. I suppose the funniest thing that you can get into these days that provides lots of challenges are things like machine learning. It’s relatively easily these days to get ahold of little kids that help you along the line. You can get fun things out. It’s all about reward.
That’s the thing that people miss out on is that brains are optimized for learning things they’re interested in. Find something you’re interested in and you’ll learn a lot. It may not be what the school is trying to teach you, but you’ll learn something.
The other thing is to understand that you’re going to fail a lot and you’re going to be frustrated. If you’re going to learn, the way you’re going to learn is by fighting through that frustration or satisfaction or banging your head against the program for days and at the end of it, solving it. It is incredibly rewarding. On the other hand, the days leading up to that reward are extremely annoying.
You earn the reward. What are the hard problems left that interests you?
What are the interesting frontiers in software engineering? There’s a bunch of stuff I’m interested in. I still think that the business of how do you defend against flaky software. That’s not going to have a chance. What do I do about the fact that flaky software, I am trying to run it? The damage is minimized. If you want to get on to more advanced topics. This is a purely selfish software engineering perspective. If you look at user interfaces, user interfaces for all users, except programmers have changed radically over many years. As you were saying, you had some crappy micro when you procreate. Your kids have iPads. We have amazing games and with Twitter and Facebook or whatever the kids probably have done exactly.
That’s one of the interesting things is as a software engineer, you improve the life of software engineers. Make them more productive and make them come up to the standards of interfaces than everyone else. Machine learning a lot of is people’s neural networks. I think this case is a false impression and they have something to do with that in your brain. There’s nothing to do with brains all. There are reasonably effective and they’re in their infancy. If you look at what’s happened in the last years in terms of how people would move forward on machine learning, they’re screwing around with the fundamentals of it, putting things together in different ways, putting more it together, applying more CPU, and getting surprisingly good results that. I think that’s a huge territory, what you do with these things, how you put them together, what problems do you apply that and it’s a ton of fun to be had there.
Is there anything interesting that we didn’t talk about that comes to mind? Do you have any questions for me?
I think the one thing that we haven’t debated on is if we’re going to talk about security. We’ve talked a lot about crypto and building blocks and what can we do with all of these things. We’ve talked about any defending against bad programming and stuff. People get very obsessed with an attack. They’re counting crypto that we can use in cycles. One of the things I realized probably years ago is that most of the barriers to being good at security and not technological. They’re about the interface between humans. I think we’re still incredibly bad. Having people understand what the hell is going on and the traditional reaction of technologists to get to those stupid users should be better educated. “They should understand my system better,” and that is wrong.
It’s fun to make fun of users though.
It is fun to make fun of, but the thing is that we’ve done a terrible job matching the machine to the human and the human to the machine. The user-interface is the only serious problem we have. All of the technical stuff we can do is as nothing compared to making it easy to use.
It’s interesting to hear you say that. I don’t think of user interface is something that you work on much. That’s great to hear. My fundamental experience was that I got one of the first thousand Macs ever made. In those days, it went from the command line to the Windows and that it became graphical. Mac took the responsibility for making it easy for the users. The first computer that did that. On a command line, you can type any junk you want. On a Mac, you can only give it the commands that are in the menus. That was a way of simplifying it for the user and saying, “Here’s the available options. If they weren’t available, they’d be great out or missing.”
Hacking is easy; fixing things is way harder. Click To TweetThat was a way of bridging that gap and saying, “We’re only going to give you the things that you can do instead of a wide-open command line where you could do anything. That’s probably going to destroy your hard drive. That has always stuck with me. That was the first computer that I tried to operate the way people work instead of teaching people to operate the way the computer works in computer security like that lesson. A lot of times, there’s so much bullshit you put up even on an iPhone. I can’t believe how much time I spend putting passwords into an iPhone.
The Chrysler, we gave back quite a lot of white-collar rates, the security, the cypherpunks and all that kind of stuff we’ve talked about. What still excites you about computing?
The way I think about it, I got ahold of an Apple II. At the time, it was a piece of shit. I loved it, but it had an eight-bit processor. That was one kiloflop. I think I could do math faster with a pencil, but it lit up my imagination. I could imagine that someday I’ll have a faster processor, someday have more memory and someday it was going to be useful. I was trying to convince everyone of that. I had the Apple II and skateboard and people were conflicted about which one was a bigger waste of time. I got lucky the computer turned out to be useful. They did get faster. They did get more memory. They got to the point where we could use them for all things, but I’m still living in that. I’m still trying to find new things that we could do with a computer. I never ran out of steam on that.
To this day, I’m still looking, what’s going to be technically possible? What problems can we solve? What can we do better with the computer that I’m and what does it change? That’s driven me my whole life. I don’t see any end in sight for that. I find different things to aim and what’s great is I know a lot about computers. I don’t know a lot about anything else, but I feel entitled to go take the computer and try and apply it to things I don’t know anything about. I spent half of my time trying to learn about the state of the art with new technologies and around computers, what they can do. I cram that in my head. I spend the other half of my time trying to learn about problems and cram them into the other side of my head. I imagine there’s a Rubik’s cube in there that sometimes matches them up.
That’s literally what I think invention for me is. I’m collecting the tools and I’m collecting the problems. Every day you get new technology, you get a new chip, you get a new algorithm, you get a new sensor, you get something. You get to ask yourself, “Does this change anything humans have ever done?” That’s what keeps me going. I think security and hacking was a great place to start the irreverence of hackers. They don’t give a shit what anyone else thinks. They’re not reading the directions. They’re breaking things. They’re discovering what’s technically possible and that to me is the seed of invention.
That’s why I cherish them. That’s why I still hang out with hackers, even though I don’t care about the security. Those are the minds that I am inspired by. It was a great place to come from. I’m thankful that I learned so much about computers because going deep into something, it helps you respect the depth of knowledge that other people have in their area. It helps me, so I can communicate with them. I keep trying to stay up on what computers can do and use that as my tool. Thanks, Ben. It is great hanging out with you.
About Ben Laurie
Extremely proficient programmer (over 30 years experience) and system designer. Security, cryptography, privacy and civil liberties are my passions.
Specialties: Security, cryptography, open source/free software, the Internet, privacy, civil liberties, writing, OpenSSL, Apache