Blockchain summit report: Day 1 – “Enterprise cloud”


Event details

Today was day 1 of the 2 day “International Blockchain summit” presentations.
On every seat was a little bag that had 3 books about the Blockchain! Unfortunately they were all in Chinese.

free books.jpgfree book 1.jpg

Presentations summary

Whereas DEVCON2 was all about development, and leveraging the network effects of leveraging other projects in the ecosystem, the presentations today were VERY high level talks.

There was a massive stark difference between “the old guard” in the Fintech space, and the disruptors that are shaking things up.

Take a look at the BOC (Bank of China) and ChinaLedger presentations. They talk about how Distributed computing is dangerous. ChinaLedger go on to say that they need the power to be able to go in and halt transactions, modify smart contracts on the fly, liquidate accounts when they need. While also saying that they will make sure they will do everything to help privacy and use encryption… which only the Government can unlock (“Golden keys”?). It was the most centralised “Blockchain” I have ever heard of.

On the flip side I was inspired by the forward thinking of the Consensys presentation, and their long term vision for where to drive the Ethereum platform. They are helping to create open tools and platforms that will be leveragable by a multitude of projects (as demonstrated with Ujo and BHP project “Rai stones”).

consensys ecosystem.jpg
The Consensys ecosystem

After the Consensys presentation, my 2nd favourite presentation was by Wanxiang labs “10 years to build a city”, talking about how they plan on taking some land and creating from scratch a smart city powered by the blockchain and electric vehicles.  While the other old guard are squabbling about how it is going to impact their “business as usual” profits, there were the new projects out there envisioning and disrupting.

The BHP presentation was also pretty cool, a great implemenation of using Blockchain to improve a business process.


New Finance: Technical & Legal rules – BoC
He is from bank of China.
Entire presentation was him being scared and trying to justify why current Blockchain tech is an unregulated wasteland, and why there needs to be regulation from banks and government.

For Fintech they think Blockchain will not be successful without proper regulations
Blockchain finance – it is distributed.
Storing all of the transactions will take a lot of storage space. What to do once the transaction rates exceed what can be processed.
Thinks that public distributed transactions will not be more than a toy like with Bitcoin. For real FinTech they need something different for a high frequency.
Thinks that decentralisation should not be the core feature of Blockchains (due to transaction limit).
Thinks it should be decentralised, not distributed.

Should be done with private consortiums.
Needs legal rules and technical rules.
They think that self rulemaking currencies (Bitcoin) can not be regulated. So need to stop them, to prevent bad things like money laundering. This is showing the loopholes brought about by Bitcoin.
So when using digital currencies, they need certifications and tracking.

“We need more regulations and rules to facilitate the healthy development of this space. Only with support of regulations can new technology take off”.

Me: I totally disagree… (if not already apparent)

Blockchain futures & realities – CSDC
China Securities Depository and clearinghouse

He was much more open minded and forward looking. Is a pep talk for “things are going to change”, how are we going to use these new things. He said that he recorded it into English that should be able to be downloaded, would be worth watching if you are into this space.

Summary: Genie is out of the bottle, we need to embrace this and think how we are going to put the requirements of securities (“real name transactions”) in a decentralised way. And the registration and tracking of assets to real names.

People have ideals because they are not happy with reality. Due to this dissatisfaction, people are passionate about trying to make that dream a reality.
Need to play by the rules, or the market will be chaos. So now we have facilities law, regulations, etc. This forms the framework of China economic. This is very different from Blockchain. This is at odds to the distributed systems.
Seems like we are dissatisfied with this, so trying to reconcile these differences.

All securities transactions need to follow “real name” transactions, but want to do this in a decentralised manner.
Market cap is 54 trillion (of something in China).
GDP is over 70 million

They are researching Blockchain, but not just in the lab. Need to find potential applications and use cases for it. If we want to implement Blockchain technologies, we need to see what the hurdles will be, so we can get closer to the ideal.
As BoC speaker said, the number of transactions per seconds is HUGE. Daily may reach 10s of millions at its peak. How are we going to handle this with a theoretical framework.
Need to start from the reality of China. And the reality is it is a giant country with a huge population, which depends on the capital market. If you just implement within a lab it is okay. But if it is going to be put into the industry, then we need to work with the government. We can’t just get rid of the government, it is impossible (REVOLUTION!!). So need to focus on key senarios to tackle, as you can’t just apply Blockchain everywhere simultaneously. Or all your efforts will fruitless.
How to complement it initially, not replace it.

Ten years efforts to build a city (Wanxiang Labs)
Me: I reallly liked this presentation. I’ve been keeping notes for months around building this type of innovative city in Australia. I plan on rewatching this one again later.

Going to build a city in 10 years. An energy gathering city in HangZhou 10KM2.
Their US company is starting to build new energy vehicle.
900m RMB? 90k people.
Deploy the city into the cloud. Intelligent life, traffic & services. Everything will be connected. IoT, Internet, smart living, smart transport.
Once this is successful, they plan on launching it across the world. Will publish their learnings.
Launching incubators and accelerators. Their own cloud Blockchain as a Service.
Many scenarios in this smart city that could utilise Blockchain. Distribution for Solar power. ID & Vehicle registration. Intelligent community services.
Can promote a sharing economy throughout the community.
Partnering with Microsoft, IBM, Consensys, Ethereum foundation, WeBank, AliCloud

Vitalik Buterin keynote
Talking of the progress China has made in Blockchain innovation in such a short period of time. He visited China 3 years ago and visited a number of Bitcoin companies and was impressed on the scale of what China had, much more than what was happening in USA.
But all the focus was just on cryptocurrencies, not Blockchain technologies, Just mining.
2nd time, he saw some kind of experimentation happening with interesting things (like coloured coins?)
3rd time saw more interest in Blockchains.
4th? time, he did a hackathon with Wanxiang labs (event sponsor), and there were ~30 projects. The growth since then has been rapidly growing. The scale of projects we couldn’t have imagined 3 years ago. Was just theoretical, now a lot of ideas are almost reality. e.g. Self-sovereign identity, instant settlement.

Goals. Build an opensource dev focused community of communities to build a hyperledger based solution. Create a family of “etnerprise grade” open source blockchain framework, platform & libraries.

Because it is an enterprise opensource project, they need to track contributions, patent details, etc. Is part of the Linux Foundation, which has 16 years of providing governance stucture support for major open source projects.
80 project partners. IBM, Intel, Accenture, JP Morgan, Airbus, ANZ bank, Cisco, etc.
20 of the 80 project partners, are based in China. Apache license v2.

A world or many chains. There will not be only one blockchain. There will be many public chians and millions of private chains. Each may use different consensus mechanisms.


Major projects are:
Fabric: Developed by IBM. PBFT, moving to Raft and other pluggable consensus mechanisms. Written in Go.
Sawtooth Lake: Proof of Elapsed Time. Runs on secure enclaves. Written in Python.
Hyperledger explorer: GUI for navigating Fabric & swatooth lake.
Fabric-py SDK. (Java proposed later).

Smart contract engines.  Portable identities.
Will never see a “HyperCoin”. It is about making Hyperledger a standard, and a governance group.

IBM keynote – IBM Blockchain & Hyperledger
Today if you want to do something in your business on Blockchain it is difficult. Hard to scale, issues with privacy.
No Enterprise support.
Need tools to write tests for smart contracts. Need good solution patterns.
Difficult to scale up, especially around transaction rates.

Built Fabric to support “serious business”
Permissioned blockchains can’t scale. Every node shouldn’t execute every transaction.
The 2 peers that are interacting are the only ones that should execute.
IBM has implemented this internally to resolve invoice disputes with their suppliers.

All the slides were in Chinese. Difficult to follow unfortuantely.
The (original) Silk Road was important for trade. Blockchain may be just as important for trade in the future
People are debating the need of distributed systems being  an important thing of Blockchains, is it really necessiary? Blockchain should instead be focused on unblocking instead.
IBM will provide an IBM certified docker container.
IBM Blockchain.
Has a concept of a “shadow chain”?

Blockchain Platform @ Microsoft (Bletchley)

At Devcon1 Microsoft announced Blockchain as a Service. Rolled out DevTest Labs to allow you to spin up public, private, permissioned, and consotrium blockchians quickly. Provisoin with 1 click. Mix & match from best available blockchain tech.

Bletchley: Open infrastructure, Enterprise capabilities.
Microsoft is not building their own Blockchain.

Blockchain has some missing parts (identity, privacy, key management lifecycle, tools). Asked our partners what are the missing parts.
A database in itself isn’t an application.

(re)Announcing: Bletchley v1.
2 parts. Distributed infrastructure layer (Blockapps, R3, bitpay, parity, Eris). There isn’t going to be 1 Blockchain to rule them all, so allow you to leverage any of them.
Lots of customers were taking a long time trying to spin up private consortiums, and trying to secure them correctly. Used to take 3 weeks, now down to 8 questions and 5 minutes. Spins up a private Ethereum consortium. 4-100s of nodes.

Distributed middleware “fabric” layer. Tools that can work across many blockchain technologies.
Cryptlets are a way of doing offchain processing. Receive market data based on an event (market price daily closing, CRM event).
Need to have trusted execution of the logic, to attest that it was not tampered with.
Secure IP protected algorithms. Scale an algorithm for max performance by running it off blockchain in a secure & attested way in the cloud.
Oracles may be malicious, or they may be intercepted during transmission.
Cryptlets run on a secure host with a secure communication channel in a trust envelope.
Marketplace for publishing the cryptlets into a market for others to consume.
Azure cloud is twice the size of Amazon & Google COMBINED.

Bletchley Cryptlet Fabric. Supports Ethereum, will support more Blockchains. It is middleware that will support many.
Secure execution on demand. Standard way of publishing and accessing external resources.

BaaS roadmap.
DevTest labs, will continue to onboard more.
Bletchley v1.
Kinakuta to help improve security.
Bletchley SDK

Longer range implications of Ethereum & other decentralising technologies (Consensys)
LOVED this presentation.

Simplest view: Next gen database. Blockchain based, maximal replication,  Prevents rogue actors
Force for universal disintermediation, will distrupt every industry.
Previously it was mostly just Bitcoin. Future projects were “BitCoin 2.0”, instead of “Blockchain 2.0”.
So Ethereum project built the most powerful and capable Blockchain platform, both public (permisionless) and private (permissioned)
Deeply secure, non-repudiable shared source of truth.
Dapp is a set of smart contracts. And a user interface to interact with it.
Was important to get an initial version of Ethereum out into the hands of devs, to start thinking how to start building decentralised applications.
Ethereum has a vision for scalability, which includes sharding and state channels.
Privacy, state channels is one option. Zcash/zk-Snarks is another way.

Currently building out an ecosystem of decentralised applications.
Building core components: Identity/persona (uPort, metamask). Wallet (uPort wallet). Registries (Regis, ENS). Token Factory.
Do private enterprise Blockchains make sense? Yes, large entities can have a complex internal mix of business units, having a shared source of truth can help.
If enterprises have their own private consortium Blockchains, will be a harder target to infiltrate and modify databases.
Business processes emboided as state transition graphs.

If you plan on building your own tools or technology on top of Blockchain tech (public or private), build it on Ethereum so it can be reused in many different places by other entities running their private chains
Developed “Balance” for real time compliance, accounting auditing and monitoring. Real time dashboard for companies & regulators. Organisations using certified software wil not be able to break or bend any financial accounting rules.

The Blockchain will last for years or decades giving a persistent database. Gives a chance to do persistent portable identity. uPort self-sovereign identity.

Blockapps Announcement
Is Ethereum for Enterprise.
Partnered with Microsoft to announce Blockchain as a Service (BaaS). Over 1k projects have used it, over 300 customers.
Being released in Azure China datacentre (mooncake), and other Chinese clouds : Alibaba cloud, tencent cloud, Wancloud.
Initial China projects: Minsheng insurance, Wanxiang smart city, Qianhai smart city, Shanghai smart city.
China is going to be the country leading the world in Blockchain projects.

The Rise of Blockchain Consortia: Uniting the Banking World
One of the largest banks in Spain.
Banks are just a ledger (a very large ledger).
Each bank has its own ledger. They don’t trust each others. Which is why you need clearing houses and things like this.
What if there was a shared ledger trusted by all banks. “It’s not about the coin, its about the ledger.

New development of ChinaLedger: Forging a powerful tool for Chinese capital market in the FinTech era
Was literally the most centralised blockchain I have ever heard of. Please excuse me as I rant inline.

ChinaLedger is a consortium.
11 founders established it. Chinese financial institutions and Wanxiang labs.
“we created our own Blockchain and tools”.
Will come up with their own custom software and implementation. Will create a whitepaper and create reference architecture.
Partners will use the network to do transactions.
Need facilities to be able to freeze or take over acounts, and get access to all data. A need to be able to halt or freeze a transaction or smart contract. A need to be able to halt or freeze a transaction or smart contract. and the facility to liquidate an account or smart conract or manually change the state of a smart contract
We need to be able to stop the trading of certain stocks. Let regulators control things.
Will be fully in control of the gas.
Wants to support 100k/s and 1 ms latency.

Then ironically says tries to say they are going to put privacy into this. “Everything will be encrypted and private. Except that CCP & regulators who will have ability to read everything”. I’m SURE that won’t be abused…

you keep using that word.jpg
Blockchain, distributed ledger, privacy, encryption


Re-imagining Global Payments (For business)
Banks make a LOT of money from bank wires. So they have no incentive to come up with anything better.
The person sending the money needs to give 26 pieces of information. Don’t know when you’ll get the money, what the rate will be.
About $20 to send, $20 to receive, plus lose a few percentage through the conversion.

Their solution (for business payments). Register for an account, can use online. No fees. Transparent FX rate. Can track the payment. Uses Bitcoin in the middle.
Before international calls used to call many $s per minute. Now with VoIP (Skype) you can do it for cents.
Same thing will happen to international money transfers.

Enabling Global P2P Cash Transfers with Abra (For consumer)

Nowadays you can send an IM to anyone else in the world instantly for free. Why can’t you do the same thing with money?
Can do it locally in some domestic markets, like paytm (india, WeChat pay (China), mpesa (Africa). But not for cross border transactions.
iOS & Android. Real digital cash wallet. Send & receive globally. No FX risk. Add cash via bank or in person.
As private as paper cash. Abra tellers earn $$ (as a percentage fee).
The wallet is stored locally on the phone. So you “physically” control it. (need to back up your private key).
Use an Abra teller (someone else using the app) to exchange buy/sell cash for digital cash. Anyone can be a teller. Tellers charge a fee. Teller & user rate each other.
When 2 people send money each other via Abra, happens instantly, . No FX volatility.

Awaking the Sleeping Giant: The Natural Resource Industry and the Blockchain
Note: The presentation was in English, but I thought it was extremely considerate that he had his slides translated into Chinese as well. Every slide had simultaneous English & Chinese descriptions so that the attendees using the live translation headsets could follow along easier. If I ever present in another country again, I’ll try and plan ahead like he did. Was very thoughtful.

Why is BHP interested in the Blockchain?
They are the largest mining company in the world (natural resources mining, not Bitcoin mining. Hehe)
They are a global distributed organisation. So a distributed Blockchain

Project Rai Stones. Sample tracking of geological samples. They are highly valuable resources. Some of the wells cost $100M, and you only get 1 chance to take the sample. They currently only track the samples manually through emails & spreadsheets.
They are working with Consensys & Blockapps. Runs on Ethereum & IPFS, on top of Microsoft Azure.
1 node at BHP, 1 at their collaborator, 1 at their regulator.
3 roles in the business flow, BHP out in the field, the analysis team, and BHP corp.
They create/register a smart contract on the network for each sample.
When the person collects the sample, they go to the dashboard, click the checkboxes to say they acquired, that updates the smart contract.
They ship it off, so they put in the details of which analysis office it is being sent to, updates state from collected to shipped.
Analysis team can log in, see what samples are in transit to them to be analysed. They receive it, give it a unique Id based on their internal process.
They get trusted tracking of samples, and real time updates.

What if they could automatically operate machines, they could help avoid bad combinations of machines operating at the same time. Like a crane operating on an oil rig, when a helicopter is coming in.
Disable a piece of machinery if it is past its allowed usage before routine preventative maintenance. Disabled until it is tested, and certified as okay on the Blockchain.
Stop unqualified people from using a tool or vehicle.

Ore gets mined and put onto shipping freighters. Need to track Provenance, custodians, entire supply chain.

Need to give regulatory data to the regulators in each country the operate in. All the mines in the industry need to submit this public data to gov, it all gets aggregated, and disseminated. But it costs HEAPS to do this. What if they built a consortium chain. They can all publish the public data, ready to be analysed instantly by peers. Could make the entire industry more effienct and transparent by making the consortium not just for the 1 country, but a public one. Give a global transparent view of the entire industry.
Would help drop costs of compliance.

They started on Ethereum Mainnet & Testnet. Now they are seeing the emergence of many private chains. They will see the bridging between chains.
Seen that Ethereum plans on sharding (many chains). Forsees that there will be a global mesh of these Public & Private chains all supporting each other.

Cotricity – “a prosumer to business”- virtual energy market on the Ethereum blockchain (Consensys)
Energy meets Blockchain
Joint venture between Consensys & an energy company in Germany.
Energy sector is changing rapidly. Prosumer is someone with generative capacity (eg. Solar panels & battery storage).
Normal smart meter collects usage about production & consumption. Tracked on Ethereum. Matches up Prosumers to local community things like Schools. The local environmental and economic benefits of keeping it in the local community.

Mechanism design, “reverse game theory”.
Goal is to effectiveise the energy market and reduce costs. Means creating incentives such that the optimal strategy for every participant results in the realisation of this goal.
e.g. Help to smooth out the peak in the morning, give a small reward for not using energy in the morning

Blockchain summit report: Demo day

Notes taken on phone today. Was tired from lack of sleep, so was a little grumpy in my analysis.

Event happenings

I was able to get my hands on one of the coveted “Hard fork café” tshirts. Victor Lysenko from Acronis had brought a collection of them along, and was handing them out to for free to special people. Awwww ❤



In the evening I was able to have dinner with Vitalik *swoon*
He ended up ordering a selection of dishes on behalf of the table. He did a brilliant job and managed to do it in Mandarin. (Made me realise I need to step up my Mandarin lessons).



There were quite a few presentations delivered in Chinese today. Live translation headsets were available. I was extremely impressed with the ladies doing the live translation, they were able to handle all the technical words and kept up very well with the demos. Apparently behind the scenes they had to train themselves up by reading blog posts and researching the topic so that they understood the technical jargon.



Demo day sessions summary

Today was demo presentations to a panel of judges, who voted on and decided the winners at the end of the day.

On the negative grumpy side, there were so many similar projects (identity, stablecoins, distributed loan platform). But their were HEAPS of projects revolving around them building their own Blockchain, but never saying why their particular one is better than the existing Blockchain solutions. They always talked of the benefits of the Blockchain for business in general, but never their particular one specifically.

However on the positive side, there were many great projects that made me sit up. The most interesting ones were projects like Weifund that leverage many other existing projects on the blockchain.
Interestingly there were 17 projects that were building directly on top of the existing Ethereum Blockchain technology (both public & private) and leveraging the network effects. But strangely I didn’t see any projects building on any other existing Blockchains such as BTC or Hyperledger (beside the 2 presentations by IBM pre-demo).

Vitalik’s comment near the end of the day summed it up well for me. A lot of the demos are creating projects that aren’t really leveraging the Blockchain,  and aren’t better than the traditional version.  A lot of the solutions are also still centralized, and rely on a single company. Don’t try and create your project as a standalone solution. This is especially true with the many many identity services that are being created as new silos. Try and build something decentralised that can outlive a company and can grow.

Uport was 1st prize. Other winners were weifund, Cosmos and others I didn’t catch. I unfortunately missed uPort as I was late coming back in after the break 😦


Keynote – IBM Hyperledger
Very very high level information. Blockchain is useful. The value of a network grows exponentially with each new node
Generic slides showing “Blockchain allows people to interact via the Blockchain”.
He said that “Companies in Silicon valley are trying Ethereum and then moving to Hyperledger in droves”, sounds a bit farfetched to me (but i am biased)

Opening speech by Sinodata
Blockchain is important for the future of business. Sinodata are building things for b2b & b2c
No details.
Other companies are looking into 1.0 & 2.0, but they are more advanced.
They are willing to share their vast experience in blockchain with other blockchain companies.
“We are the creator & users of blockchain.”


During the introduction of the judges, the MC introduces Vitalik and the crowd cheers loudly. Chinese MC: “Oh… the audience is very excited about this judge, he must be very important”

Ujo music
“Fair drm”
Music consumption is at an all time high.
If consumption is waaay up, how is it artists are still hardly earning enough to support themselves. Artists have lost control
An artist has fragmented identities on Spotify, soundcloud, discography, beatport.
Difficult to keep fans up to dates on tour days
Fan remixes on soundcloud get pulled down due to copyright infringement.
Ujo gives fans a way to pay directly to the artist
Use Ujo as their kit / digital container, to be in charge of their identity
Reach piece of content is marked with their digital ID, so it can be tied to artist.
Can set policies on fair use and creative rights
Everything changes when someone dies. Difficult time, need to find the will, usually paper based.
If no will exists, then government decides.
Difficult to know where to look for wills, no central place to look.
Succesion law hasn’t been updated in a long time, isn’t up to date in a digital world.
Created “living ledger”. Wills on the ledger.
Created a smart envelope, an iot device to put will inside and then seal and out on blockchain

Unique ID on Blockchain
Seems “to do everything”: Id, lifecycle management, management portals. (no focus, which judges also commented on)
Has a chip you can embed into anything to tag it. Can put on clothes or a bag, every article has a unique Id

My thought: For those that like to show off their money & brands, now why just buy your avatar digital clothes to show off on social media. Instead now you can buy a Chanel bag, then you can prove on social media that you own own to show off.

Decentralized capital
Summary: it is a stable coin
They use DC capital to back tokens.
Use assets to purchase and back tokens.

Bubi Blockchain
Summary: they built their own Blockchain
Data sets data is centralized. You don’t own your own data. Your data is being monetized by other companies.
They provide Bass Blockchain as a Service.

Applications can use their Blockchain. Get data security. Finance. Etc etc
Can do loyalty points, games, etc
It is a Blockchain…
They have 20k transactions a week
“People should use our Blockchain. Will give you more opportunities and value”

A real stable coin
Digital gold. 1 DGX = 1 gram of gold
Each token is back by real gold in a vault,  fully insured. The certificate of authenticity is put into  IPFS
Is ERC20 token compatible
Introduction digix 2.0
Can log on and buy gold. Is implementing KYC (know your customer)

Me: I like it,  I tried to join the pre-sale, but sold out instantly.

Cosmos (prize winner)
A network of Blockchains (Cosmos hub).
Securely communicate between the chains
Uses Tendermint (which they built)
Cosmos is a public Blockchain built on Tendermint.
Could have a number of  EVM based networks,  then put a Cosmos hub in the middle to allow them to communicate with each other.
Ethereum & Tendermint work well together.

People waste lots of time trying to find answers on the Internet
Post bounty for answers
But bounties are posted on forums. How to enforce payment.
They created a decentralized bounty system
Can use the data of people who answer to create a CV “proof of expertise”.

Problems with centralized lending platforms, include hacking and high costs.
Their solution connect distributed members with borrowers.
Lenders can send funds to smart contact to participate in a loan.
Borrower repays the loan, gets distributed to the lenders
Borrower creates a new EtherLoan. Can customise the terms. If lenders like it, they fund it. Can negotiate the interest terms
Is currently a PoC. Only supports simple loans with single repayment. Integration with unorthodox. Reputation system.
Future : compound interest. Integration with credit score & risk management systems

Yet another Blockchain? They built it on incentive PoS. Can bring regulators &  government.
They want compatibility with Bitcoin &  Ethereum.
Pluggable consensus. Public & permissioned Blockchain.
Supports EVM. EVM 2.0
Can apparently do anything that any other chain can do because you just code it in.
Support for oracles.
Integrates with  KYC/AML
Can run zcash in here.
“does everything”

Vitalik gave A LOT of feedback after the talk for it trying to do too much with no focus.

Like a next gen The DAO,  but the funds are for non profits?
Platform for distributed organisations.
Pooling funds is hard
Let individuals decide how to use their own funds
Commonwealths are distributed non-profit organisations.
What problems should you propose to solve to achieve a commonwealth objectives (and get funding)

Zhong Tou Bang
Lots of pollution and health issues in China
Most Chinese people don’t have health insurance
Health insurance of on Blockchain
Problems of privacy,  how to protect it.
User identity

Trusted key
Secure trusted identify
Online id systems don’t attest to a real world identify.
Currently each online service (e.g. Airbnb) had their own verified user system which is not transferable.
Using identity documents like drivers licence. Take photo of documents, take a selfish.  Submit it. Once verified the proof is attached to identify.
Can later provide proof the parts of the proof you want to share (name, age, gender
Can then later cryptographically sign documents, like bank documents with your digital signature

Coral legacy
Creating a direct link from various to consumers. For wine.
For $100 you can purchase a grape vine at a vineyard. You get the wine created from that vine.
The vine is tokenism on the Blockchain. Your wine is in Blockchain, tied to your vine. Date, history,  etc.
Vine is $100. Administration is $10 / year. To make and record the wine is $30 / year

Location based  Blockchain service
Organiser can drop a prize anywhere (geocache ?)
People gather around a prize, one enough people have gathered, prize is distributed.
Encourage people to gather at a point for an event eg. Mall opening
Simple command line,  put geo coords, number of people required to trigger, and total amount of ETH to distribute.
Can try and counter GPS spoofing by using GPS & beacons. While also tracking user to detect anomalies, like jumping from USA to China in 5 minutes

Judges (and attendees) were more interested in the anti-GPS spoofing technology, than their blockchain Dapp

BioT. Blockchain IoT
Like Slock.It
IoT device with a light client that can connect to the Blockchain
Can send ether to trigger the IoT device (like a vending machine, or smart meter).
Can have a mobile SIM in it.

Weifund (prize winner)
Nick Dodson
Make crowd funding an easy and simple thing to do. Decentralised kickstarter
Crowdsales are not an easy thing to code yourself in a smart contact. They have put a lot of effort into security in their solution.
They will have many types of campaigns, like presales.
Supports many types of currencies.
Is built fully decentralised, distributed via IPFS.
Uses Metamask & uPort for identity

Platform for financial operating network for global trade. Very enterprisey.

Chinese Blockchain startup
Digital wallet, mobile app. “digital assets wallet”
Light wallet.
Looks very clean and slick. Trade tokens,  use Dapps.
Alipay app is popular here in China. They hope to be as popular for digital. Built a Ethfans &  carbon vote integration

Token factory
Create something that would allow people to experiment. Make easy to create and distribute your own token.
Issue any token on any Ethereum network
Simple wallet interface. Follows the token ERC20 standard
Works with Metamask uPort Mist my ether wallet

Stabl Coin
Literally just another stable coin

Alta apps
Another Blockchain with their own platform

Another Blockchain
Other Blockchains take too long to confirm. Bitcoin can take an hour
Theirs is better because of lower block time

ANX international
Abs Blockchain services. Provide Blockchain services. Have their own platform.
Provide a white labelling service of wallets,  tokens

DEVCON2 report: Day 3 – Final day

Link roundup

Question: the 3 days of devcon are over. Are people interested in reports on the next 3 days of international Blockchain week (demo day + 2 days of global Blockchain summit)


The buzz during the day was around the “stick puzzle” that Bok Khoo was giving out to people. It is just a stick, with a loop of string. He gets you to turn away, he uses “the trick” to put it onto your bag and then you try to get it off.

The WeChat channel was just filled with everyone asking where they can get it, and the screaming that they can’t figure it out. Only about 5 people reported they were able to solve it (I haven’t yet)




I’m biased, but I thought the announcement from Microsoft with the update of cryptlets was a big deal. The morning sessions covered a few different oracle systems, the afternoon had lots of IPFS sessions.

Microsoft – A Lap around Cryptlets

Microsoft was a sponsor of Devcon1 & 2
Ethereum is a 1st class citizen
Support for community & partners – Bizspark, Meetups, Workshops

Bletchley v1
Distributed Ledger stack
V1 is a private Ethrerum consortium, that you can spin up for your own enterprise / group


Cryptlets are being developed to help with security, identity, etc.
How do you get trusted external data feeds injected into the Blockchain?
Doing things on a specific interval (every 15 mins)
When price of something hits a threshold (oil goes above $40/barrel)
Secure IP protected algorithms, but still share with blockchain network.
Use libraries for common platforms (.Net, Java, etc)

Cryptlets vs Oracle
Cryptlets will have a marketplace on Azure that will allow you to purchase and utilise

Use case: Trigger on an event
Wake up on 4pm, if market was open that day, then give me the price of gold for that day.Get signature of attested server, attested sender.

Use case: Control
Using smart contract like a traditional DB. Declare data you are keeping track of, and the functions/”stored proc” to update that data.
Cryptlet runs off chain, and can be scaled up.


Utility cryptlet. Use an attribute in solidity contract with cryptlet details
Developer references at design time the cryptlet they want the contract to call
Contract cryptlet, deploy the cryptlet at same time as contract.

Why would you want Azure to do this?
SGX allows you to create “secure enclaves”, can have complete isolation on the hardware chip where it is not modifable.
Provides a secure enclave at the CPU level. Can give full attestation right down to the silicon.
Will be provided as a enclave container on Azure.
Will be released for .NET core CLR first, then other languages.
Can create cryptlet libraries that you can scale and put into the Azure marketplace.
An ecosystem for developers & ISVs to consume and publish.

Bletchley v1 released today will let you spin up a private consortium.
Before today, it took a long time to try and deploy a private consortium (can take weeks to read doco,
Now takes 5 minutes to deploy!
Creates a private consortium, puts each member in its own separate subnet


Mist Vision and Demo
I was too busy sharing the release posts of Microsoft project bletchey v1, missed this talk.
It did look interesting, I will watch this one later.
Idea: Reward for bandwidth. Providing connection could replace mining as entrance point for desktop computers. Allow you to have a trickle so you can trigger smart contracts.
Standardised backends, so that you can swap out the underlying node between geth, blockapps, etc.

Etehereum JS API
Smart conracts are EVM opcodes,
Helps translates calls to JSON RPC calls. Helps do the ABI encoding when sending data from JS to EVM
It kept on growing, many different utility functions being thrown in. Is time to clean it up and be refactored.

They are now building a NEW web3.js
The communication will be socket based, will enable subscriptions. Everything will be based on promises to subscribe to events, like log events.
Bunch of other newer cleaner methods and ways to do things like deploying contracts.

Smart contract security
Was a very good postmorteum of The DAO and things that could be done to mitigate it in the future.

An issue with The DAO was trying to do a massive jump from centralisation all the way to full decentralisation. Meant no one could step up and make a decision on how to save it. We need to make smaller steps towards full decentralisation as we learn as a community how to do this.
Same security patterns as yesterday’s talks: check invarients, beware 1024 call stack depth, reentry exploit (update state BEFORE executing calls), timestamps are manipulatable.
Updateable contracts. Who can update it? Community multisig?
We need better rools: formal verification, compiler warnings, improved IDEs, trusted libraries, excape hatches

Conclusion: It is still very early days in this space, be careful.

A Provably Honest Oracle Model: Auditable Offchain Data Gathering & Computations
Oracalize is the most widely used oracle (until everyone starts using Microsoft Azure cryptlets 😉 )
Contract calls Oracalize contract with the data they want, off chain they see this get the data, Oracalise then trigger their contract externally, which does a callback to your contract with the data.
Can use external notary servers.
Can get proof from multiple external services to get a higher level of confidence about data (e.g. stock price from a few feeds).
Off-chain (auditable_ computation)
AWS sandbox 2.0.
Put the execution package onto IPFS, AWS gets it and executes it, signs it. Fully Distributed Cloud Thanks to the Ethereum Blockchain 
Provides blockchain based execution environments
Global market for computing resources.
Idea is to do what we did before with “grid computing” use the idle capacity of computers. But this time do a trickle of micropayments. Allows people to harness this global power to execute their tasks in a global “distributed cloud”.

The Final frontier: The company smart conract
Helping companies to incorporate on the blockchain.
Having a charted company

Smart oracles
Connecting to external resources is difficult. Hard to try and use external currencies (like a bank account / fiat money) to make transactions. Could hook in paypal, HSBC, wells fargo, etc.
Can provide your own payment services as an API to a smart oracle for smart contracts to consume.
Do off chain data storage by calling smart oracle API
Roadmap: more data sources & more payment methods

IPFS & Ethereum: Updates
IPFS is AMAZING, seriously go watch the full 1 hour talks Juan has given in previous years.

Current web has current issues. Centralisation, etc.
IPFS is a new hypermedia transfer protocol
Content can be retrieved not from specific servers, but instead via it’s hash so that it can come from anywhere in the network (maybe from the person next to you who has cached it).
It is highly modular, all of the transfer protocals, routing, naming, etc. are all swapable
Is available as GO-IPFS & now JS-IPFS
Means now you can run IPFS in the browser
IPFS was great for static content, but not so great for dynamic content. Low latency pub/sub protocol will help with dynamic data.
Created a distributed peer to peer chat app using this new dynamic content protocol.
IPLD a common link-tree hash format
Will be able to use IPFS to retrieve ethereum blockchain blocks DIRECTLY
Can use IPFS as a package manager to retrieve them in a distributed manner.

Many projects are using Ethereum & IPFS Uport, Digix, Infura, Ujo, Eris, Blockfreight.
Filecoin was created as a way to try and incentivize nodes to keep files longer time.
People rent out hdd space to earn filecoin. Exchange bitcoin/filecoin. Use filecoin to store files in network.
Filecoin is going to be built on top of the public Ethereum blockchain, as a virtual blockchain / token.

IPFS Libp2p & Ethereum networking
Network connectivity between any 2 nodes can be difficult. Censorship, bandwidth, network issues, etc.
Having to deal with different networking topologies and access.
Libp2p & Devp2p is different. Devp2p is for Ethereum. LIbp2p is modular, can swap out components to change network access, encryption methods, etc.
Can build up a MEGA mesh network, by utilising traditional wired internet, radio, bluetooth between some nodes.
Web browser using web socket, to a node, which routes across network, to zigbee to a IoT device.
Libp2p & Devp2p could merge and augment each other. Could create the libp2p components to replace the devp2p bits
Any 2 nodes that speak the same protocol can communicate and be a part of the network chain.
Experiment. They took the browser based version of EVM. Then used Libp2p to talk to the Ethereum network. Had a complete ethereum node running in a browser.

Universal identity platform
Current challenges: key management. Ux for average person. Dapps via mobile. Identity and data ownership.
How do you keep a consistent identity, even if you lose a key.
Have some multisig contracts that you can use to keep track.
Social recovery, use your friends to attest it is really you.
Keep private key on mobile, do transactions on the desktop, scan a QR code to sign the transaction on your phone and send it off.

A Deep Dive into the Colony Foundation Protocol
It is an open source governance protocol built on Ethereum
Problem with voting is how to prevent Sybil attacks.
Votes are weighted by a reputation score.
Reputation is non-transferable that can only be earned.
Total weighted voting helps mitigate this.

Chain orchestration tooling & smart contract package management
Eris is tooling for developers.
Package manager to build your own blockchain.
Can compose a chain, e.g. geth + tendermint consensus.
Init, install, do.
Can easily install on Mac/bew, linux/apt-get, Windows/choco

The Golem Project: Ethereum-based market for computing power
Anyone can make an offer to sell computing power. e.g. Distributed rendering
Want to create a standard framework that anyone can use to submit and process jobs.

Status: Integrating Ethereum Into Our Daily Lives
Want to get ethereum everywhere. “Mist for Mobile”
Everyone is using their mobile phones for everything, but mostly using instant messaging.
What would Ethereum in a IM window look?
Created a IM mobile app that has a local geth node. tart up, it asks you to create a password, it generates a pub/private pair.
Then can send messages via whisper, and the messages are signed with your public key.
Can load Dapps up in the local webview and interact with them.
Allows you to create “chat Dapps”, that you interact with via text. Like chatbots

Maker Ecosystem Overview
Dai: seeking stability on blockchain.
Stablecoin engine: smart contract that holds collateral reserves and controls the Dai lifecycle.
MKR: open source community managing risk of the system
In the last year, investing in a solid technical core. More slow and audit things. Moving into the next phase of stablecoin development.
Their latest project is the “Simplecoin project”
Meeting Thereum community’s need for stability. An independent platform for creating centrally administered simple stablecoins.
Issues create their own rule sets: Collateral types, participant whitelists, security parameters.
Example: Shrutebucks. The only people who own it are Dwight, Jim & Pam. They backed it with 1/3 ETH 1/3 DGX 1/3 DUSD.

Orbit. A distributed peer to peer app on IPFS
Created a full distributed chat room, itself distributed through IPFS.
It is integrated with uPort for identification
Using uPort allows you to verify that you are talking to the correct person in the chat channel. All their messages are signed with their public keys
He also created a full distribited twitter clone, using uport for the identity as well.
Orbit-db key value store DB that stores its data on IPFS. Eventually consistent
Appends data to the DB, an event is sent to those subscribed on pub/sub so they can see the latest root hash. Based on CRDT
Ethereum + Pubsub + CRDTs + IPFS = super power primatives to build dynamic distributed apps

Development considerations with distributed apps.
Need to ensure that apps work offline.
No centralised servers.
No data silos.
Provide integration path.

Future work: could you use uPort for ACL like permissions?
Mobile use cases, how to make it work nicely on mobiles

Building scalable React Dapp architecture
React + Ethereum
He has a configured boilerplate template.
Has contract scaffolding. Enforced contract Linting/testing. Wallet generation/identity. Preconfigured web3 instance.
UI: Mature react arhitecture “react boilerplate”. Prices listed in USD with ETH/btc via kraken api. A basic multi-contract example Dapp. Offline first, dapp runs without internet.
Uses Redux. State models in UI & blockchains work well.
PostCSS, CSS Modules, sanitize.cs. Redux, immutableJS, reslect, redux-saga, i18n, redux-router.
Web3, ethdeploy, dapple, solium, eth-lightwallet, chaithereum, ethereumjs0-testrpc
Enforced contract testing in 2 languages.

Ethereum for Enterprise (BlockApps Strato)
Trying to make sure that Ethereum stays relevent to enterprise development.
Why do you need a blockchain WITHIN an org, shouldn’t they trust each other? Well different departments may not, they may reconcile differently, and can help automate/orchestrate between them.
Blockchain is the “killer app” for cloud financial services. Legacy infrastructure, batch prossing, etc are all restricting fintech from progressing. Blockchain can happen in real time, can replace legacy.
Ethereum is very flexible and programmable, works well. There are others based on Bitcoin (like Hyperledger).
Ethereum + Blockapps = Extreme productivity + Proven Technology.
Blockapps is extending Ethereum for Enterprise.
Runs very well on Azure
Enterprises don’t want all their data exposed on public chain. Blockapps helps solve data privacy and scaling with multichain fabrics.

DEVCON2 report: Day 2 – More session notes & photos

Link roundup

Day info

In the evening there was a party up on the rooftop of Bar Rouge

It had a beautiful view over the Shanghai bund. Many people there, but plenty of space to fit everyone. There was some lovely very striking Chinese artwork on the walls (more in the album)



During the day Ethereum Tshirts were made available for sale. But less than 30 minutes later most sizes were completely sold out!



Lots of formal verification sessions in the morning. The afternoon was more dev tools. I was excited about Truffle

Smart contract security
Showed the 1 line mistake that caused The DAO re-entry attack.
Pro tip: tag your untrusted accounts in the contract. e.g. Name the variable something like _untrusted_account

Prepare for failure. Be aware that unknown exploits can be found. Put in escape hatches / kill switches
Roll out carefully and test “The strongest swords are forged by continuously putting them in the fire”
External calls to other contracts: Try to avoid calling untrusted contracts (one written by someone else). It only takes 1 mistake in an external contract to expose you. Either from a bug, or from your external contract then calling another malicious contract.
Use send(), avoid call.value()()
Handle errors in raw calls. Raw calls do not propogate exceptions.  e.g. if(!address.send())
An attacker could construct a call to max out the call stack, so that when your contract tries to make any calls they fail.
Favour PULL over PUSH for payments

Visualising Security
How can you spot smart contract vulnerabilities
Static analysis can help analyse the code without executing it (like checking for null, then using a variable anyway). Builds up an AST (Abstract Syntax Tree) which can be explored.
Created solgraph to do this
Dynamic analysis is done by running unit tests (e.g. you can use the Ruby test runner from yesterday’s presentation)


Ethereum Security Overview
Can try to manage risk by reducing the likelihood or impact.
Security concerns include things like wallets, gaming the system, denial of service

End users wallets isolation: Can reduce your impact by using a hot wallet with a small amount in it. Cold wallets to hold more of it securely
There are some hardware based wallets can help secure your wallets
Then frozen wallets to keep them offline.
Ethereum valut by @Arachnid. Multi sig wallets can help reduce the likelihood

Contracts: When calling another contract, if they use randomness WHERE do they source it from? Can it be gamed? Can anyone access it before you?
Sybil attacks (attacker using multiple identities) to game against you
Can anyone rage quit and lock up the contract by not interacting with it any more

Someone could inject malicious JS that will modify your DAAP and redirect payments to another address.
Have an upgrade path (for both code and data).
Check invariants, use escape hatches / emergency breaks
Many potential contract vulnerabilities (see previous talks)
Favour PULL over PUSH for payments

Formal verification for Solidity
Writing code correctly is hard.  It is easy to test for desired behaviour (the happy path). Hard to check absence of undesired behaviour.
Formal verification can help find undesired behaviour.
The specifications are usually compiled down to why3 or f*
Showed a Why3 GUI that shows your code and highlights lines that are not passing (e.g. because a line doesn’t satisfy the conditions that it can’t integer overflow.

Microsoft released a research paper allowing the conversion of Solidity & EVM code to f*.

Parity’s innovations
Written in Rust (type safe. Memory safe).
Is modular, you can tweak it or use preset config files.  High transaction throughput. Low latency. Low footprint (suitable for IoT devices).
Unsafe APIs are disabled be default.
Advanced eafutures like state trie pruning (redued disk space) snapshotting, warp sync, private chains including PoA

Imandra Contracts: Formal Verification for Ethereum
Completely tuned out for this. It was very much like a sales pitch, just talking itself up. annual summary
Released Ethereum Studio. Is available on Azure as an easily deployable Virtual Machine
Will help you write unit tests. Spin it up, execute, tear down.
A partnership with Santander. Ethereum Cash. You can tie an Ethereum account to a bank account. More info at
Created a virtual accelerator

Metamask – Bridging ethereum to browsers
Ease of adoption is their core goal
User flow. You download, generate a vault (with a deterministic keyphrase).
Enter phone number, credit card details, and you can get Ether directly into your metamask account.
Done 33 releaes. 12k users.
Extension currently runs on chrome. Is ready to be pushed to opera, firefox & Edge
RPC requests to a trusted node. Intercepts the RPC calls within the DAPP to redirect to Metamask
Feature Requests: Multiple account types (e.g. uPort, remote key stores), make the browser a light client

Building the Light Client Ecosystem
Quick sync (up to 0k headers/sec) 30 secs – 5mins for a full sync (dependant on CPU)
Low resource requirements (DB <100mb, RAM < 500mb)
RPC interface compatibile with full nodes. Mist already works with it
Because light clients rely on full nodes and put higher workload on them, there are some thoughts about having a basic throttled “free” service, and a paid priority system that will give more resources.
There are difficult future concerns around scalability. In a future sharded world, may need multiple full nodes to cover all the shards.
Future work: do complex operations on server side. Define a “SuperCM” that can answer any question about the chain. Generalised off chain computing for accessing data.

Import Geth: Ethereum from Go and beyond
Geth is one of the 3 origin clients. Evolved throughout the Ethereum prototyping. Needed to include everhtying to develop on top. Followed the Geth -> Mist -> Dapps architecture.
Using Geth as a library isn’t a good option at the moment. has started to collect technical debt, from prototypes being rapidly iterated on.
Geth 1.5 is a concentrated effort to make Geth a library. Client side account management, Remote node APIs, native bindings to contracts, in-process ethereum client
Chain exploration, state querying and event subscription over IPC, HTTP or WebSocket.
Native contracts. Can generate a Ethereum ABI GO binding that GO code can use? Can create a solidity wrapper for go?
In process nodes lets you hose a node within your app. Saves you telling someone to “please go and install an ethereum node”.
What about supporting this on iOS & Android? Geth 1.3 already ran on mobile platforms. Released an embeddable library in Dec 2015, but is really a proof of concept. Mobile in-process nodes. Easier to call API locally now.

Developing Scalable Decentralized Applications for Swarm & Ethereum
Web 2.0 has issues around scaling & centralised control.
When moving to Web 3.0 we need a general purpose distributed backend (swarm/bzz). Said there MAY be interoperability with IPFS. They hope that it will share a lot of the underlying principals with IPFS. I HOPE this happens! Well leverage network effects from IPFS.
Logic being pushed to clients (logic in JS in browser, in native mobile apps)

Swarm high level API.
URL begins with the collection root hash (like IPFS)  bzz://<crypto hash>/imgs/example.jpg
Can do root hash registration to a friendly name (like IPFS’s IPNS) bzz://
Put static and dynamic data within swarm. Put global state changes onto the blockchain. Local client side only state changes can be stored locally (and optionally backed up to blockchain/swarm)
Execute logic locally, but verify it on chain.

Example Dapp Distributed photo album. Webapp resources & data hosted in swarm. Current root hash of collections published to blockchain.
Optimised image, thumbnails, etc. are generated client side before uploading (just like facebook, etc. do)
Possibility to instead do delegated computation, put the files in swarm, get someone else to process it.

Dapple Dev Workflow
Dapple looks like a critical thing to integrate into your development suite! If you are into devops, I definitely recommend watching this vid later to see how you could integrate testing flows.
EVM Dev Multitool for helping with Dapp developments. Has EVM extensions
Has a shared data model “Dappfile”. Is a package/dapp descriptor format.
Shared global runtime environment blurs line between code packages & deployed code objects.
Can chain fork, to help you when testing contracts.
Can find dependencies. Custom linker
Test harness to use a contract to test other contracts
Use the chain forking in your tests. Take live chain, fork, insert your test contract, fork before you call each test method.
Deploy: Wallet side scripting. Hijacks call and create, and redirects to side chains. So you can do some dry runs.

Solidity for Dummies
Solidity is a higher level language. Looks like Javascript, but with types. Shame they didn’t just use TypeScript 😉 Maybe Solidity 2.0 can migrate to using TypeScript.
Solidity is compiled to EVM. Once it is in the EVM it is isloated.
Public functions are callable by anybody. That is your contract public surface area / exposed APIs.
Contract standards are beginning to emerge e.g. ERC20 interface for tokens. Having a standard for token meant that the community can do cool things, like that lets you look up tokens in the block chain, or EtherEx that is a decentralised token exchange.
Lots of IDEs & tools you can use with solidity. Ethereum Studio, Visual Studio, Vim. Solgraph, truffle, dapple, embark.

Getting started guide

New and future features of Solidity
Initial goals of solidity: statically typed. Easily readable. High level. Uses little gas.
What has happened in the last year? Build custom types. Internal library functions. Source mapping via AST, for solidity code to EVM, assists with debugging.
Future: Formal verification. Authenticated sources & binaries via swarm. Templates. Functions as 1st class citizen. New notation for parallel / async programs

How to create advanced Dapps using embark
Compatible with any build pipeline
Supports contracts TDD using Javascript
Manages deployed contracts, deploys only when needed (and dependent contracts)
Manages different chanes (e.g. testnet, pribate net, livenet)
Support for both Solidity and Serpent
Contract instances, like inheritence.
Embark 2 goals. Facilitate communication between contracts. A cool dashboard, shows which contracts have been deployed, available services (geth whisper, IPFS)
EmbarkJS futures: promises and named parameters. Automatic type conversion. Communication abstraction, allows you to plug in supported providers like whisper, etc. Storage abstraction provider (swarm, etc.)

Truffle Development Ecosystem and Future of Ethereum Development Tools

Truffle is the most widely used Ethereum development framework. 17k+ downloads
In v1 Compiliation, deployment, bootstrapping, abstractions, unit testing, quick development. In v2 Network management, Migrations, Modularity, Documentation.
Going towards Truffle v3
Ethereumjs-testrpc allows instant mining, account creation, HD wallet support, deterministic. Allows you to fork from any available chain, for a new development chain (sounds like chain forking in Dapple). Take the live chain, fork it, then try developing against contracts in the live net on your dev fork.
Solidity unit testing
Npm integratoin “npm install my-package”. Import sol contracts.
Webpack integration.
Ether-pudding allows you wo watch for events.
Futures: Solidity 0.4 support, better network management, more integrations, more boilerplate, more tutorials.

ENS: Ethereum (Domain) Name System
Why do we need “yet another name service”. To allow you to name wallets, files, etc on top of Swarm & IPFS.
Existing name servies are ironically centralised within a single place or contract.

What makes a good name service? Separation of concerns, distributed authority, forward compatibility, efficient on-chain resolution.
Components: Registrars, ENS Registry, Resolvers.
ENS Registry maps the name (hack.eth, nick.hack.eth) to the resolver
Resolver is a simple contract that lets you set the address for a name, look up names, etc.
Registrars, let people be in charge of a TLD (.eth) and then allow people to register under them (automatically through a smart contract).
Initially an auction based registration. Only names under .eth are available.

Making Smart Contracts Smarter: Oyente
Smart contracts == one-shot programs. Self executed, cannot patch. Solidity is similar but not the same as Javascript.
Original contract code is not always available (but the new solidity feature of putting onto swarm may fix this).
Too many smart contracts to manually decompile EVM and check them all.
Oyente is a new analyzer for smart contracts. Use cymbolic executions. Detects all popular bugs TOD (transaction ordering dependence), Timestamp dependence, re-entrancy, mishandling exceptions.
TOD: Observed state != execution state. The state may change between when you submit a transaction and it is executed. Someone can watch transactions being submitted looking for a critical execution, could quickly snipe and enter your own transaction into the transaction pool as well with a higher fee to try and get yours executed before the other person.
Timestamps: Can be manipulated by miners.
Oyente Symbolic execution. Can build a tree of every branch and possible execution and run over it.
Can detect bugs, test generation, and go over all possible paths.

Beyond the Bubble
Overcoming education and adoption challenges for the Blockchain industry.
He is a technical evangelist for blockchain. Last month went and spoke to US gov to advise FBI, CIA, etc.
Wants to help grow the blockchain beyond just us very early adopters.
Fintech is rapidly developing blockchain solutions.
IoT, energy & medical are looking towards adoption.
Longer term, governments & non profits.

Why do normal people care?
Internet still functions off 1970s tech: Our data is sent in plaintext, leaked by companies, our identities are stolen by hackers, our behaviour is mined and monetized by advertisers.
People are beginning to understand the need to have same privacy and security guarantees online as they do offline.
Things should be encrypted by default. “Own your own data”

Infura. Ethereum & IPFS infrastructure
How do devs ensure that users have access to Ethereum & IPFS. How to make it easier for users to jump in.
Didn’t show anything. Just talked (only had 10 mins). There was a services called Ferryman that can talk to the IPFS/Ethereum network.
Apparently being used by Metamask, uport, regis, truffle.

Testing Ethereum Consensus
There are HEAPS of ethereum clients (Geth, Parity, etc). How can we ensure that they all come to the same consensus?
By using a suite of tests. State tests, Blockchain tests,

CarbonVote: A Gauge for Human Consensus
“Machines serves human. Carbon over silicion. Consensus from community”. (use people to make a decision, not computers). Machine consensus is just a tool for human consensus.

Sikorka – Ethereum meets the Outdoors
A system that facilities deploying smart contracts in real world locations.
Enables smart contracts to interface with environment.
Provide “proof of presence” that a user is indeed in correct location.
Potential uses: loyalty programs offering discounts to people visiting specific locations.
Proving attendance in a location for official purposes e.g. administrative, corporate, AR games.
Proof or Presence: using mobile phones and software – geolocation data (can be spoofed) use a challenge question (e.g. what is the last word on a monument’s plaque). Scannable QR codes, RFID tags, beacons.
Sikorka works  by deploying contracts that follow a specific interface. Interaction with contract only happens after PoP.

Remix and Other Ethereum Development Tools
smart contract debugging
Is a NPM module. Looks very early stage. Says it can be integrated into other tools like Dapple, truffle, ethereum studio, Visual Studio, etc.).

Mango: Git Completely Decentralized
Git on Ethereum, IPFS & Swarm
Harder to take down a central repo (e.g. Github)
Proof of existence for source coode. Ethereum is a decentralised system. Its source code should be available in a decentralised manner.
Using IPFS or Swarm, the files are chunked up and stored. So if you have a large file that only changes a few bytes, it can de-dupe and only store the chunks with differences.
Git is a merkle tree. IPFS/Swarm directly store as a merkle tree/dag
(There are some good talks by Juan Bennet from IPFS talking about how you can do this)

Naïve implementation, store everything in a contract on a blockchain, would cost 50M ether

Useful implementation, store objects in IPFS or Swarm to store the data off chain. Then map the IPFS identifies to git identifiers. Save those identifiers on the blockchain so you know what to look up.

Hook it up so that a git push updates the commit hash to contract, then pushes to IPFS. Reduces gas cost to 140,000 down from 5m
Every git repo has its own contract.
Future work could let you expose your git repo via ENS (Ethereum Name Service) e.g.
Future of Mango: store release notes within git. Store issues within git. Store pull requests. Create user friendly web frontends

DEVCON2 report: Day 1

Link roundup

These are my notes from attending Ethereum DEVCON2

WeChat update
The WeChat groups were still forked (Devcon2 vs DEVCON2). However it now looks like everyone is adopting the longer DEVCON2 chain (272 vs 134). Recommendation: The groups are at capacity, so ask someone in person to just add you to the DEVCON2 group.

Venue and ameneties

DEVCON2 is happening in Shanghai on the famous bund river. It looks beautiful at night 20160919_201337.jpg

There were people doing Taichi exercises in the lobby for show taichi

All of the hotel conference helper staff were Chinese women that were wearing these lovely dresses dress

The quality of the food during the breaks and lunch time was extremely high quality (was too busy eating to take photos) food.jpg

The only negative was the hiccup in the morning for registration. There was a line form 8am, at 9am not even 1/2 the people had managed to be registered, so the conference start had to be pushed back 1/2 an hour registration




Dapp regulations
Speaker was from Coin Center
Talking about the potential risks of Dapps / cryptocurrencies being classified as “securities”, which could get you into trouble with the US gov FCC.
Coin / token presales can get you into trouble as that can look like a security. There are ways to structure the technology and language to avoid to help keep you safer. Peter said you can contact him if you want to try and do a safer presale

Generic talks of EVMs that were expanded on much more in later talks

Directions in Smart Contract Research: A Selection
Speaker from IC3
Hackers can try and exploit bugs to earn financial benefit
Try and mitigate with formal specification & verification. Lots of research going into this in the Ethereum world right now. Use escape hatches to try and protect your contact against unforeseen bugs. Bug bounties can help

Incentive system for Swarm
Peer to peer file sharing for Dapps. Has been upstreamed to develop branch
Talked about different contracts (SWAP / SWEAR / SWINDLE) that get nodes to pay and be paid for file retrieval and long term storage.

I’m still unsure why we need swarm
Why aren’t we just using IPFS for the storage/transfer, and just putting SWAP over the top for the incentive system. Then it would get wider network effects from the greater IPFS web.
Also saves reinventing the wheel. Seems like “not invented here” syndrome.

Making the EVM scream
Made some tweaks to variable types, etc. to get some more performance. Showing benchmarks that it is faster. Same content as previous blog post
TL;DR it is faster and they want to make faster

Raiden network
They have a working prototype. Will be available “soon”.
Should make transactions instant and lower the cost of transactions, and help with transaction privacy.
Showed a demo of an IoT scenario. Consuming energy consumed tokens. Periodically during consumption it would record a transaction (was about once a second), which transferred the tokens instantly, keeping the energy flowing, until the tokens ran out
Goal is to create a general framework to build off chain Dapps

Truebit: Trying to Fool a Blockchain
Ethereum is awesome because it is Turing complete.
Means smart contracts could in theory analyse solidity code, improve itself, compile the new solidity contract, deploy new improved contracts, etc.
But too expensive to do computations on chain, so instead you can get things calculated off chain. But how to do it securely?
Created a proof of concept. Is secured by the “verification game”, where someone submits result, someone can challenge. But the honest person will ALWAYS win.

Towards Web3 infrastructure
Swarm for peer to peer files.  Again it sounds like they are reinventing IPFS. They should just let IPFS worry about that infrastructure, and should instead focus on the incentive structure on top.
Whisper is a cool messaging system. Could be used to do streaming video content

Ethcore – building the distributed future
Showing off Parity client UI. It is a clean room implementation of the Ethereum client written in Rust.
Parity will host its client as a Web UI (http://localhost:5000)
Looks like a more fly featured version of local Mist wallet. The best feature is that using other tokens (e.g. DAO tokens, Gavcoin) are treated as 1st class citizen in the UI like ETH, makes it easier to interact and trade with

State channels. Making your application practical
Very clean short explanation of state channels. Watch it if you don’t understand how they work.

Ethereum loves Web assembly
EVM is the core of ethereum. EVM has had some growing pains.
Want to rewrite it using Web assembly technology, can vastly improve execution due to the Web Assembly execution engine within browsers.
eWASM (ethereum web assembly)
Restricted subset of an web assembly VM.
Backwards compat with EVM 1
Has a tool EVM2WASM to can transpile EVM code to very fast web assembly
Allows extensibility, like putting metering off to the side of execution
eWASM ethereum exexution interface definition.  Defines ~29 instructions
eWASM contract Interface ECI. Defines structure of a contact.

To move us from PoW to PoS
Goal of consensus protocols is to make all nodes make the same decision if they follow the protocol
Asynchronous consensus is REALLY difficult.
Nodes that are behaving badly and not following protocol are Byzantine
1/3 the talk was spent just defining terms like safety, estimates, approach motivation
Rest of session he spoke too fast and kept clicking next to flick through slides (60 slides in 20 mins). Didn’t catch the information at all.

Ethereum on ruby
EVM written in ruby
Wrote a testing framework called teth. Means the tests can be run in memory in ruby EVM
Let’s you write tests with multiple actors to test complex interactions.
Alice executes a contact. Bob does something else. Check the state.

Zcash loves ethereum
Bunch of cryptography researchers came up with some new insights. All became founders of zcash. Focused on privacy of transactions.
Zcash will be released as its own blockchain

3 ways to combine privacy & programmability

  1. Add privacy to Ethereum. Baby ZoE (zcash on ethereum)
  2. Add progamability to the zcash blockchain
  3. Connect zcash & ethereum blockchain. Project alchemy

Project alchemy: verify zcash’s PoW in solidity.
Smart contacts to fulfil orders.
do a trustless swaps of coins
Would enable ethereum contacts to send & receive zcash. Means they could do transactions more privately
Zcash launches Oct 28

Types for tokens
New kinds of typing disciplines that allow you to detect behavioural errors.
Can help with formal verification systems, and drastically reduce the cost
Talked about types as being pluggable components (sounds like interface based programming)
Rholang is a blockchain based social contacting language with behavioural typing mechanism.
It can detect deadlocks and race conditions at compile time. If you convert The DAO contact into rolang you can see the race condition

Ethereum for Resource-Limited Devices
Getting ethereum onto mobiles, wearables and resource constrained devices.
Multiple threads of progress being made to reduce requirements. Runs on a Rpi model A

Designs for the L4 Contract Programming Language Based on Deontic Modal Logic
Developing a DSL for lawyers to generate verified contacts
Like SQL for writing contacts
Will compile your contacts to English PDFs

The Mauve Revolution
Ethereum is currently “slow”, doesn’t scale. Wastes lots of electricity woth PoW
Rather than spend $1000 on physical mining hardware & electricity, instead do virtual mining.  Use the $1000 to virtual mine by staking.
Uses a Casper smart contract. You register yourself as a validator.

DEVCON2 report: Day 0 – Preday meetups

List of other day’s reports:


I’m currently attending Ethereum DEVCON2

A little preday round up. Lots of people started connecting and meeting and random places around Shanghai. A LOT of it was coordinated via the WeChat groups mentioned here

Unfortunately both WeChat groups are now at capactity, so you’ll need to get someone at Devcon to scan the QR code on your phone to add you as a friend, and then invite you to the group.

There was the main fork which met up at Hyatt and moved upstairs to the Hyatt’s Vue bar. The drinks were a little pricey at standard “bar prices”, but it had an outdoors jacuzzi on the rooftop! 20160918_191922.jpgThere were about 18 people

Then there was the Devcon classic fork, being run by the “French connection” which met up at the at a restautant in another part of Shanghai. They ended up getting very food at a stick restautant

The main purpose of preday was just everyone catching up, meeting new people. I knew no one coming into this, and met a bunch of new people. It is going to be a great conference

BONUS: Stealth photo of Vitalik rocking a cat bag 20160918_164058.jpg

//build is coming to Melbourne 26 May

BUILD Melbourne includes the best content from Microsoft’s annual BUILD conference, with additional focus on enabling ISVs and App developers to get the most out of Microsoft’s newest tools and technology.

Microsoft engineers Giorgio Sardo, Pete Brown, and Shen Chauhan will deliver the sessions and demos to help you quickly familiarize yourself with Microsoft’s latest technologies. The coding sessions will be hands-on labs and you will need to bring your own device (BYOD).

Here’s a glimpse of what you can expect:

  • Keynote highlighting the most interesting new features, announcements, and demos from BUILD 2016, including what’s new for Windows apps, cross-platform development, and learning to use Azure services.
  • Network with Microsoft engineers, and other ISVs and app developers in your area.
  • Sessions to help increase user engagement and position your software business for the future, using the latest Microsoft’ technologies:
  • Places are limited, so register now! We look forward to seeing you at //Build Melbourne.