Wild West Mail Delivery in the Age of Bitcoin

If you saw me talk at ManhattanJS you know I have a dream about a decentralized mesh network that supports decentralized applications that cater to our decentralized behaviors.

There are a lot of parts to this dream, the hardware, the network, the software, the apps, the critical mass. All sorts of things. A ton of things. So I have to start somewhere. hackerchat should be the app with some plugable network backends. The two backends I have are one that works on the local network, and one that works over mesh’d xbees.

Say later we figure out a way to have a truly decentralized network. Say a cellphone to cellphone alternative radio network. (GoTenna seems to be doing this btw.) Maybe bluetooth to bluetooth? I like these ideas, they get us a Mobile Ad Hoc Network. We’ll need a routing schemes that incentives efficient delivery and one that tolerates extremely high latency all while keeping security in check.

I’m going to start with incentivizing efficient delivery by leveraging a crypto currency (like bitcoin or namecoin) and it’s blockchain.

I posted this to the bitcoin stackexchange.

The problem

I’m exploring having a bitcoin (or any blockchain) backed a distributed secure messaging system.

This is a peer to peer network that would pay for transport. In essence, it’s the wild west, your key pair is your wax seal, and you’ve given someone $10 to deliver your letter back home to New York. I want to use Bitcoin to hold that $10 in escrow until the letter has been delivered.

I know Bitcoin can do multi-signature transactions but I’m not positive Bitcoin can do what I want, so I turn to this community.

Bitcoin gives us public and private keys for secure message delivery.
Bitcoin gives us the ability to pay people for transport.
We have 3 parties involved. A courier, sender and receiver.
We also have two transactions. One of the message from sender to receiver (or a key for said message), and one of the payment from sender to courier.
I’d like to ensure both transactions happen simultaneously. Without trust.

The Answer?

I got a cool answer but it required some trust. Over dinner I came up with a possible solution.

Seth wants to send Martha a message and is willing to spend 10 BTC to see it delivered. Charlie is happy to deliver it from South Dakota to Michigan at that price. Seth would like to ensure the message is delivered and Charlie wants to ensure he gets paid for his trouble.

They could do the following;

  1. Seth signs and encrypts the plaintext message (m1) to Martha into a cyphertext message (c1) using Martha’s public key and his private key.
  2. Seth further encrypts the cypher text message with a nonce (n1) into a new cypertext message (c2)
  3. Seth builds a bitcoin transfer (t1) and adds the nonce (n1) to the transfers comment section and signs it. (t2)
  4. Seth then encrypts the signed transfer and nonce (t2) with Charlie’s public key into a new message (t3).
  5. Seth then encrypts both the encrypted transfer (t3) and the nonce encrypted message (c2) with Martha’s public key. This final package is good for shipping (c3)
  6. Charlie takes our package to Martha, it’s a long trip but the 10btc is worth it.
  7. Martha decodes the package (c3) into it’s parts the encrypted transfer (t3) and nonce encrypted message (c2)
  8. Martha gives Charlie the encrypted transfer (t3)
  9. Charlie decrypts the encrypted transfer (t3) into the a signed transfer and nonce (t2)
  10. Charlie tells everyone on the plant about the transfer (t2) including Martha. He wants to do this so people know he has the money.
  11. Martha takes the transfer (t2) and extracts the nonce (n1) and uses it to decrypt her message (c2) into the signed message (c1)
  12. Martha then decrypts the message (c1) again with her private key and gets Seth’s letter (m1)

Lets see if I can make this a truth table;

(m1, seth_pk, martha_pub) => c1
(c1, n1) => c2
(t1, n1, seth_pk) => t2
(t2, charlie_pub) => t3
(t3 + c2, martha_pub) => c3

(c3, martha_pk) => t3, c2

(t3, charlie_pk) => t2

(t2) => t1, n1
(n1, c2) => c1
(c1, martha_pk) => m1

The major problem I see is that this isn’t composable. Charlie couldn’t give the package to someone else and offer to pay them a smaller sum to complete the delivery. But I think we could switch this up so it could be composable. I also need to look into Bitcoin Contracts. Which gives a ton of power to a bitcoin transaction and might negate the need for as complex processes.

I keep thinking about the Diamond Age, it had some cool stuff about crypto and networks. Back to dreaming!


My thougts on the kindle and techonology advancing past books

I write more for other people’s blogs then I do my own.

When I think of the Kindle, I think of an awesome device (the big one is wonderful to use) with a free data connection that needs to be hacked to be useful. Hacked to remove the ability to remove books. Hacked to allow browsing of the web. Hacked to allow my own content to be freely placed on the device. The hacking negates the free data plan because the device no longer functions along Amazon’s business model, but it’s your device – so you can use it how you like. You should be able to get your own data plan. ($20/month)

I don’t see why “E-Readers” would have to remove community behind books and libraries. I can argue that “social networks” could work around the devices and books. Especially around trading books – I’ll get into the legality of that–how authors could still get paid and the usefulness and harmfulness of DRM Encryption in that situation–some other time.

I can also argue that libraries are a place for more then retrieving books. You have librarians who are paid experts and curators of knowledge. A Kindle may have a library of books, but it doesn’t have librarians. On a side note, they don’t have quiet work areas or comfy chairs either.

But even though I have a library down the block from my house, I haven’t had the need to be in one for a long while. I have my own comfy chair, and don’t read books that often.

One thing the Kindle does facilitate that a library can’t is that I could write a book and publish it on the Kindle for free, and distribute it worldwide without cost and with an excellent margin. Sites like Lulu allow me to make print copies, but their costs are non-trivial (good rates, but not cheap). That kind of freedom is liberating. I wont argue that publishing companies are worthless, as they are not, but they’ve had a monopoly on publishing for a long time. Devices like the Kindle allowing for self-publishing make me very happy.

In my head, preferring a paper book over a kindle is akin to preferring a small black and white TV over a larger color one. I don’t see the technology being the problem; it’s a tool like any other, and it can be just as enabling for you and me as it can for companies like Amazon and BookSwim.


MJ Had A Patent

Michael Jackson died yesterday prompting a DDOS attack on the worlds news orginizations and Google. Whatever became of him doesn’t change the fact he knew what he was doing when it came to putting on a performance and singing a song. I’m going to share one my favorite facts about him, he had a patent for shoes.

Method and means for creating anti-gravity illusion

Smooth Criminal Lean

No wires just shoes.

It’s fascinating to watch these videos, but boy is he ever weird.

Windows update fails

I had a problem this week. I actually had the same problem lots of times. It was fustrating as hell.

I had quite a few Windows XP instalations to do, with new employees soon to arrive at work, new laptops arriving with Vista, and some old desktops that needed ‘decrufting’ in their OSes. I have a slipstreamed windows xp cd with sp2 that I like to use. I haven’t bothered updating it to sp3 because I haven’t made the time and for a while I didn’t think it was worth it. SP3 seems more for microsoft then it does for the users. I do have a new xp disk with ie7 and a few other updates, but I haven’t tested it so much. So I tried it out and it seemed ok but I hit a problem.

Windows Update would fail to install every single update after sp3 was installed.

And once you hit Microsoft Update (which you should) it would fail to install the office updates too. No error codes, no event log messages (well maybe but I didn’t look too closely) nothing useful. I figured it was my new disk so despite spending all the time reinstalling windows (my disk does make it easier, setup the partitions and walk away for 20 minutes and you have windows waiting for you when you get back) I tried with my older trusted disk. Same problems.

It took me a while to figure out it was sp3.

Well I have a fix. Run these commands.

::http://support.microsoft.com/kb/943144 for details use on 32bit winxp only
net stop wuauserv
regsvr32 %windir%\system32\wups2.dll
net start wuauserv

Put that in a batch file or just run it and it will re-register the new sp3 windows update dll file and all your problems will go away. So in an effort to take pride in my work I decided to fix it twice. Once for the problem and again for the cause of the problem. According to the knowledge base article I found to fix it, if you update windows update (which is common after a reinstall) and don’t restart before installing sp3 then sp3 will ignore the updated windows update and there will be a version missmatch when you try to update. So restart early and often when installing updates. I haven’t tested it but in the back of my head there’s a voice saing “I think other updates might cause this problem too!” so maybe even something other then sp3 can cause this, but I don’t feel like collecting proof.

That would involve “fixing it” 3 times and twice is enough for me today.


UPDATE: So far this has only applied to new installs for me, but if you’re worried you wont hurt anything by running those commands.

Yearly GPG Key

My GPG key for the next year can be found at his address.


I’ve had a few others for my roborooter.com address over the years, but somehow I always loose them. The private key that is. It’s usually because I don’t use them that much. There are only a handful of people out there I communicate with that know what gpg is, know how to use it, want to use it, and most importantly need to use it. That’s actually a tall order to fill.

So what happens to my keys that I loose? Well lets look for the public counterparts.

MIT PGP Public Key Server Search Results for wizard-roborooter.com

Public Key Server -- Index wizard at roborooter.com

Type bits /keyID Date User ID
pub 1024D/C556B1A8 2008/09/02 Francis Gulotta
pub 1024D/2B74810B 2005/01/27 Francis Gulotta
pub 1024D/C6677DA7 2002/01/08 Francis Gulotta

The first one I ever published was back in 2002 (Unless I submitted one earlier elsewhere, damed if I know – but a blog search tells me no different – I need a better search). And if I had the tools with me today I could tell you when it expires if at all. I was probably brash and didn’t think I’d ever loose the private key. It’s not that hard to make a new key so once a year if I’m going to use it, I can. I can even sign it with my old key (if I still have it) to keep the chain of trust.


PS Looks like I’ve discovered a bug in how wordpress automatically makes email addresses hyper links

Story Arcs and my failed attempt.

I had a plan.

  1. Make the Hacker Crackdown Available as a torrent file. (You can just grab the full download if you like.)
  2. Educate about what comcast was doing (blocking torrents)
  3. Complain that while the torrent’s flowing nicely a bunch of specific people had trouble torrenting it. Specifically the Comcast customers.(Not a complete lie, the torrent had about 250 downloads as far as I could tell and at one point 17 seeds. But if you were a comcast customer using torrents you knew what was going on and wouldn’t complain to me.)
  4. Come clean, off the full download via http and remark that I actually do have the bandwidth to spare to host a large file. Probably enough to spare to host 10 full and popular audio books, but probably not 100, where torrenting could go into the 10,000’s easily. If people were so interested.

For the record as of right now the torrent is still on The Pirate Bay and has 2 seeders neither of them are me.

I had goals.

  1. To spread the hacker crackdown by Bruce Sterling.
  2. To try to do a story arcing blog post.
  3. To educate people about torrents and Comcast.
  4. To be crazy like that.

I had poor execution.

  1. I got distracted
  2. I told people what I was up to and then no longer felt like I had to do it. Almost like success.
  3. I didn’t do it all at once – I’m not sure if that was practical but it would have gotten it done while I had the drive.
  4. I never wrote down my plan until now.

For the record even without my help (ha!) Comcast got smacked around by the FCC. It’s not law (and we’ll have to fight to make it law) but it’s a big first step towards net neutrality.

Video From H2K2

(The video player wont load from the rss feed. So if you’re reading from there, you’ll have to click though to the post. Also I ditched the crappy flv version – never mind this is crappy quality anyway, it’s using some quicktime foolery so it should even be nice on an iphone – unless you’re on edge, in which case your iphone will request the extra crappy version)

The Last Hope

The Last Hope

I just registered for the three day computer security.. well Hacker Conference “HOPE: Hackers of planet Earth”. So far they have a few keynote speakers listed including Adam Savage and of course Kevin Mitnick. Adam Savage is well known as a Mythbuster, maker, and lover of wonderful things. I even saw him at last years Mermaid Parade. I’ve emailed him to find out what he’s doing at The Last Hope, because while I’m sure he’ll find it cool, I don’t know why he’d be a keynote speaker.

Also presenting is a very interesting guy named Barry Wels who when not professionally testing locks for security flaws, (I’d be lying if I said it was about the money for this guy) writes for his blog Black Bag and runs a group called Toool. The saying goes that to get good at lock picking you have to practice over and over and over again. The 3rd O is for that extra “over”. Even more noteworthy, he got his government to hold off on electronic voting because of how obviously easy the machines were to hack. The mayor of Anderdam took notice of his groups efforts and made it illegal to use the flawed machines. Bary is another person I widely admire.

Hope isn’t as large as Def Con the Las Vegas based annual convention. But I couldn’t afford to goto that anyway.

So I’ve got 3 days for my $75 and I’m sure I’ll enjoy the crap out of it. I probably wont spend all three days there, but until they release a schedule I’ll have to just assume everything will be interesting and plan for that. I’m going to bring a mostly empty laptop and my camera, and maybe a bag of tricks.

While I’m sure I’ll meet people there, is anyone interested in going with me? We’ve got a home field advantage, most of the people there are staying 7 to a room at the cheapest hotel they can find. We’ll be well rested, well fed and not scared of New York.

At least not anymore then we should be.

Adam Savage wrote back to me. He’ll be speaking about

Obsession. The nature of. Subset mine.

Go figure.


Hitachi Hard-Drive Project

I found this piece of music a little while back. You can click the little play button to play it now.
Noriko Version

It was made for a Gizmondo competition by “Noriko” – Composed with sounds of a failing Hitachi hard-disk. I lost his link, but you can probably google for it. It’s really quite beautiful and peaceful. Though once I was diagnosing a laptop and this song came on and freaked me out. You never want want to hear these sounds coming from your computer.

Oh and if you ever do hear these sounds coming from your computer, turn it off (pull the plug) and call me. ;-)