Posts Tagged

Current Events

The Next Big Step For Blockchain Should Be Security

Elizabeth Technology February 18, 2022

A System of All Yes-s

The systems in place for blockchain only go forward. The decentralized nature of the storage reinforces this, because even with a write-only ledger, you can still re-write the parts you want, get to the part you don’t want, skip that, and continue forward. It’s still not easy – you’re going to have to re-do every transaction that involved the flaw – but it’s possible if there’s only one or two places this ledger exists. Meanwhile, with decentralized storage, you just sort of… can’t. Trying to do so on a big cryptocurrency is nearly impossible. If everyone needs to be updated on what actually happened, then you’re in hell.

Even that might not be the worst if the security was better and there wasn’t a need to re-do or undo transactions – however, humans being involved means there definitely is.  

The systems aren’t designed with human failure in mind. It’s very human to fall for scams or to simply misclick, for example. Almost all blockchain based cryptocurrencies have this problem. Every transaction is ‘legal’ because the system says it is, there’s just no way to undo something once it’s done – if something is transferred out, it has to be transferred back, it can’t be untransferred. While that seems like a small distinction, it’s really not! Picture cancelling an Amazon order vs. requesting a refund. Now apply it to a system where there is no centralized authority to make Amazon give you your money back in the case of services not properly rendered, like the bank could. Illegitimate transactions are not recognized as different from legitimate ones, and you can’t just yoink your coin back when somebody fails to deliver their research chemicals.

Forking Hell

When Bitcoin was small and verification was a limited resource, it was possible for forks to occur because the verifiers weren’t keeping up with demand for trades – essentially, someone spends a coin twice (maliciously or mistakenly) and one set of transactions goes on as though spend 1 was legit, and another as if spend 2 was. If these happened at the same time, getting both forks to realign is a nightmare because again, blockchain technology does not like to go backwards. Decentralization hurts here as well for the same reasons it does above – which tine of the fork is the more legitimate one, and what happens to the other one in assimilation?

The answer is complicated! The answer from crypto makers is ‘that doesn’t happen because we engineered this so good!’, but the answer from anyone else is ‘every time it happens, there’s a unique solution to the problem’, and that’s not a good thing.  

Forking also refers to updates or splits in the system itself – new species of cryptocurrencies with different rules can’t still be called Bitcoin, for example, so they get to give themselves a new name. People can choose to switch over to this new stuff voluntarily, but doing so comes with a lot of risk – Bitcoin has forked in this way a little over a hundred times, and while many of those forks are successful… they aren’t as successful as the main lineage of Bitcoin.

As a side note, the US actually used to have this problem too: each colony had it’s own dollar. Trading sucked because the people trading couldn’t readily define how well a Virginia dollar was doing compared to a Rhode Island dollar when it came time to buy stuff from the market. Digital currency with a visible market price eliminates that issue to an extent, but not completely – without fiat behind them, anybody can make a currency, and all of those currencies without fiat have no guarantee of stability. See any number of pump-n-dump schemes. Could a good, stable currency fork outside of the blockchain conversation? The answer is as of yet unclear. All of this stuff is incredibly new, and it’s disingenuous to pretend it’s not new, and that it is for certain stable.

The Wallet Number

Banks give you an account number and a routing number. To route money to or from your account outside of your login or physical presence at the bank, you’d need both of those items. Notice that people can’t give you money without your permission. With OpenSeas, a popular NFT platform, if somebody knows your wallet information, they can just send you stuff. That doesn’t sound like a serious problem – it wasn’t one when this tech was brand new. It turned into a problem when people realized they could just plant NFTs with viruses associated to them via smart contracts into someone’s wallet, rendering that NFT a landmine. If BitCoin or any other major blockchain cryptocurrency system had been made with the same care debit cards have been given, this wouldn’t be happening to NFTs, the offshoot of those blockchain cryptocurrencies.  

Blind Spots

There’s a story about a professor trying to make a code that is nearly unbreakable even with the key, and he does so by using phone numbers in the phone book. Each phone number represents the first letter of the phone number owner’s last name. He says this code would take forever to solve, and it seems like it would – ten seemingly random digits for every single letter? Even a computer would struggle with that. Depending on how short the message is, it’s entirely possible to have a unique ten-digit code for every character. And then, a student raises their hand and asks – ‘what if we just called them and asked them what their name was?’ The professor, who’d come at this at an oblique angle, didn’t think about calling the numbers. Suddenly the code is very solvable by hand.

The problem with many of these NFT and Blockchain sites is that even when they’re working to make a legitimate product, they’re coming at it from the angle of someone who already has the supercomputer, somebody who already has the money to dump into the coins and then lose it. They want to make the wheel.

Not reinvent it – they want to make the wheel.

They want to make the wheel out of different materials.

They want to make a wheel out of glass.

They’re often the types of people to show up on Shark Tank with products like the Juicero – they’re recreating something with more complicated tech, not because it improves the product, but because the tech is available and obscure and sounds fancy. Security and privacy are going to be huge issues within the blockchain, which is ironic because Bitcoin took off when it made illegal buying and selling of drugs online easier.

Focus on security and an ‘undo’ button next – please.

Sources:

https://www.investopedia.com/tech/history-bitcoin-hard-forks/

Peloton Tread+: What’s The Deal?

Elizabeth Uncategorized October 29, 2021

It seems impossible that such an over-engineered device could be missing safety features. A touch screen, fine-tuned speed controls, internet access… but no emergency brakes. And a totally exposed belt.

Safety Precautions (Skip to Treadmill Injuries if you’re not interested in Liability)

There are a couple of different ways to get to a final, safe product, and limit liability. (This is not legal advice.)

The first way, and the way that provides the most safety for the customer, is to design the product in a way that prevents the customer from injuring themselves accidentally. For example, many toasters get very hot on the outside if they’re used too many times in a row. If the toaster company wanted to prevent that from hurting the customer, they’d want to re-design their toaster casing so it doesn’t get so hot. That’s engineering around the problem.

The second way, which is often cheaper, is to include warnings. This passes the responsibility of not using the toaster too many times in a row to the customer. This has obvious problems – namely that customers don’t like to read, especially if they think they already know how toasters work – but sometimes warnings are the best the company can do. For example, you can’t really engineer a fork-proof or waterproof toaster. Many companies have tried. The best the toaster manufacturer can do is warn customers that using a fork in the toaster is dangerous.

The third way is recommending personal protective equipment. A fireworks manufacturer can suggest that their users should always use goggles when using fireworks, to prevent eye injury. Sometimes consumer products are dangerous just by their function, and the customer has to take extra steps to keep themselves safe. A toaster manufacturer would not be able to say “goggles recommended” and get away with it. If the toaster spontaneously shot a spring into the end user’s eye, the toaster maker can’t say “well, we told you to wear goggles” – that’s out of the range of normal behavior around toasters.  

Now, with all of that said, lets get to Peloton’s new product.

Treadmill Injuries

Believe it or not, treadmill accidents are pretty common, but rarely fatal. You may have seen videos of teens shooting themselves off the back at high speed on purpose, but that happens accidentally all the time too. Head injuries are a pretty common result. This is where warnings come in – the manufacturer wants to include high speeds, but they can’t control what the end user uses that speed setting for. Warnings are an answer to this problem – PPE and engineering can’t be.

Manufacturers also discovered they got sued a whole lot less if they included certain safety features, like an emergency stop key/button and back guards. Both of these are essential for keeping kids and pets safe around moving equipment, as well as the user themselves – getting sweatpants or fur caught up in the tread can cause serious injury, from road rash to broken bones. It’s very important that the machine is easily stopped. You can’t warn someone out of tripping! Engineering takes over from warnings and PPE.

 As a result, these safety features became industry standard. The treadmill company can genuinely say in a civil court that they did their best, and any accidents were a fluke and/or the customer’s fault. Even Peloton had safety keys on this latest model, even though it was missing everything else. Peloton’s decision to remove the other things and not put in anything to replace it speaks to poor management, or poor safety testing – warnings are not suitable for every danger on the device.

Preventing It, In Writing

I mentioned those manufacturer liability ideals at the top for this reason. Many treadmills choose the engineering route, meaning they try their best to child-proof the device so that people and their loved ones can’t be hurt by a simple mistake. Something as easy as leaving the keys in the same room, or letting their cat get too close. These are things that Peloton has compensated for in the past – why now, with the Tread +, did they choose to leave these factors as warnings, instead of testing for them and correcting them in the design room?

Peloton did not include the classic back tread guard on their 4,000$ machine. That alone could have saved the child that got sucked into the treadmill. Their warning manual says not to use the machine around kids, and not to leave the safety keys in the device, and not to let pets or kids get to close to the back of the machine… but the safety engineering that could stop that (and the same engineering that other brands use, which includes a back guard on the tread and a shielded underside) was, for some reason, dropped in favor of just warning about these newly made dangers in the manual. This thing is overengineered as it is, the least they could have done is left the safeties in place! Why would you remove something that worked?! Was it an issue with the weight? Cost? Who knows!

And now regulators want it recalled! It’s obvious that the warnings aren’t good enough to prevent accidents – the Peloton Tread + has killed a child and injured 39 people, far more than it’s fair share of the statistics, as this is written in 2020.

Potential Solutions: From Computers

Assume that Peloton removed the back guards for a functional reason, or left the entire belt exposed for a functional reason, whatever that reason may be. (Keep in mind that this has a 32 inch touch screen with internet access, and costs over 4,000$.)

The belts along the bottom are exposed, meaning that once something gets sucked under, it’s going to get torn apart by the friction between the belt and the ground as it attempts to keep rolling.  Most treadmills use something like a safety key – Peloton does too. However, that’s not much help from the back of the machine, where most of the injuries are happening. Once something is behind or under the Peloton, they would have to be strong enough to lift it to free themselves or reach the stop keys, but nobody but an adult is going to be tall enough to reach those keys while also caught by the machine. A shielded underside would have fixed that, but let’s say that’s not an option even though it definitely was. (Again, 4,000$ device).

What would help? What would keep the end user safe even though most of the safety items are gone?

Easy – a resistance detector. Garages use it. Vacuums use it. All sorts of devices use it – resistance detectors keep people from being crushed to death, and they also keep the motor from burning out, something that the Peloton Tread + could do to itself if it sucks up something like a rag and doesn’t stop. This machine’s ticket price is definitely high enough to tack on some extra R&D for a resistance brake. There are issues with it, yeah, but if Peloton wants to be cutting-edge enough to take out all of those safety features, maybe it could be the cutting-edge of new safeties that make this smaller treadmill feasible and safe. Attach a warning to the touch screen that’s already there, maybe. Maybe it could take voice commands. That’s still not great, but the other answer is nothing. Nothing is between long-haired pets and kids who can’t read yet, and getting dragged under forcibly if they step just a little too close and get caught. We have technology, other treadmill brands have already been through this!

In an already overcomputered device, there’s no reason not to add a couple more, or even just keep the old safety guards. Sure, the Peloton + needs to tilt, but it can do that with a shielded bottom. Sure, it wanted to be thinner, but it didn’t need to be. Warnings are obviously not sufficing, but they refuse to do a recall anyway – more warnings aren’t going to solve a fundamental lack of protection around the back of the device.

This is a simple matter of too many computers for the user’s enjoyment and not enough for safety.

Sources:

https://www.findlaw.com/injury/product-liability/defects-in-warnings.html

https://pubmed.ncbi.nlm.nih.gov/29601218/