Defi : What Is It, And What Does Blockchain Do?

What is Defi (vs Centralized Finance)?

Defi is short for Decentralized Finance. What does this mean? Let's start by looking at the definition of  the two composite words. First word is finance - which is the management of money. Currently done through an intermediary. You can borrow money from a bank to pay for a car,  you have a mortgage on your house from a local bank,  from save your paycheck in a bank, loan your savings to another person via a bank to earn interest, you can  invest you savings in the stock market through your brokerage, pay your tennis fees to your friend  using Paypal, buy a Sony PS5 by paying with your credit card. The second word is decentralize - which is a control concept, where decisions are made by peers via voting, instead of a central authority. Defi's enemy is centralized finance, which is today's traditional method of finance (which is through intermediaries). Centralized because all financial activity needs these two intermediaries 1) government for fiat currency & identification 2) financial intermediaries / institutions such as banks to store your money safely and stock brokerage to store your certificates safely. This is bad because it is 1) slow (think T+2)  2) expensive (think 2.5% credit card fee) 3) limits new financial services.

How Can Blockchain Help Defi?

The basic concept behind defi is having a way (say platform) to provide traditional centralized finance - but without a government and financial intermediaries. An implicit assumption that the government and financial intermediaries provide is trust.  Trust that data entered is good. Won't be altered. Always accessible. Will be honored. So basically defi needs to get rid of the government and financial intermediaries - but still retain trust. Blockchain can provide this : a single source of data, public, and trusted. That is why most defi platforms are built on Ethereum - which is blockchain. What makes Ethereum good to replace centralized finance? Recall that the enemy of defi is centralized finance, which requires 1) government fiat currency and identification 2) financial intermediaries / institution. So how will we replace fiat currency, identification, and a financial intermediary / institution?   Ethereum can, which has 1) ledger 2) smart contract 3) native currency / token called ETH 4) ERC-20 standard for people to create their own token (fungible ) on Etheruem . For identity, an Ethereum public address will serve as your psuedo-annonymous identity (psudeo-anonymous because all public addresses and transactions to/from that address is visible to the public, but the public won't know WHO is behind that public address). The Ethereum ledger will serve as the trusted bank ledger. ETH will serve as the currency, but now digital/crypto instead of fiat. And ETH is NOT backed a government.

Hype vs Reality of Defi : FOMO?

What are some of the motivations to participate in defi? 1) defi provides to you (as a consumer) a service that you can't get from today's centralized financial services 2) defi gives you (as an entrepreneur)  a way to provide a service that tradtional centralized financial services can't provide  3) you (as a person on the sidelines) want to dabble in this hype due to FOMO 4) you (as an enterprise) want to create a buzz and want to dabble and hedge in defi - just in case it takes off.  CNBC lists Mark Cuban dabbling in defi, so does that make it legit?

 

Australian Stock Exchange (ASX) CHESS+ stock trading system modernization using blockchain/DLT

 

The Australian Stock Exchange (ASX), based in Sydney, is one of the top 20 largest stock exchange in the world. For reference, the NYSE and NASDAQ stock exchanges are the top two.

Stock exchanges basically allow stock brokers/dealers to execute, settle, and clear stock trades. Clearing and settlement is also called post-trade.

ASX will act as a CENTRAL COUNTER PARTY to be a trusted middleman between the stock seller and the stock buyer.

Stock trade EXECUTION, that is to buy or sell, happens in real time. So that the market price of the stock is captured. Let's do the deal now and figure out details later.

But stock CLEARING and SETTLEMENT happens later - in non real time. Also known as batch processing. T+2 phenomenon.

Stock trade clearing is the step to ensure match buy order from the investor and sell order from the issuer, and that the seller does own the stock, and that the buy does have the funds to buy the stock.

Stock trade settlement is the step to transfer the stock from the seller to the buyer and to transfer funds from the buyer to the seller.

 The actual stock certificate is held in a CUSTODIAN (bank). It does not need to be handed physically from the seller to the buyer.

ASX's system to clear and settle stocks trades is called Clearing House Electronic Subregister System (CHESS).

It was put into operation in the 1990. Its main goal was to DEMATERIALIZE/DIGITIZE stock trades.

Stock trades have typically been physical paper based. 

Dematerialize turns physical paper documents into digital form.

CHESS has worked well, but in need of modernization. Speeding up post trade (clearing and settlement) from T+5 down to T+2.

But CHESS is now 25 years old. Time to update or replace it. The system to replace CHESS will be called CHESS+. 

CHESS+ will use blockchain/DLT from VMware, and the Daml smart contract programming language from Digital Asset.

VMware Blockchain will provide the blockchain DLT platform that will serve as 1) storage - single source of truth 2) compute - to execute smart contract programs. The smart contract programming lanauge

What is driving the modernization? Pain point (T+2, unify systems into single record). Vision driven (jump on DLT). Want to differentiate (be the 1st to DLT).

A stock exchange will have multiple participants, on both sides of a trade. The seller can be an ISSUER of a stock (as part of an IPO). The buyer can be an INVESTOR.

So for CHESS+ to be successful, its participants (investors, issuers, etc) must be able to connect and interact successfully with it.

As of December 2021, CHESS+ is anticipated to go live April 2023. Before going live, it has to be tested. Testing will be performed in two phases. In the first phase (happening now), called ITE1,  the ISV software providers be testing CHESS+. In the second phase, called ITE2, user participants will join in its testing.

BFT in a Distributed Compute and/or Storage System - A Simple Introduction

Distributed Systems - physical

Distributed systems is breaking up a large computer/storage (the slash means and/or) into smaller ones. The smaller compute/storage is called a node. Distributed systems can make an entire larger system safer (no single point of failure), more powerful (break up a big compute task into smaller ones), scalable.  Apache Hadoop, where storage is spread across a wide network of storage nodes, is an example of a distributed (storage and processing) system.

But these nodes need to be in sync (aka consistent). And if the nodeA and nodeB have differences in opinion on what the final state of the system is, who is right?  In a space capsule example - two computers are computing the exact time to fire thrusters. ComputerA says 10:01, ComputerB says 10:04. Who is right?

This is why distributed systems have a consensus, or voting, mechanism.  And BFT is the science behind making voting mechanism. BFT is a voting mechanism that allows for multiple nodes to reach a consensus.  BFT can help to make a distributed system 1) failure tolerant - so that if a node on the distributed system fails, the other working nodes can take over quickly 2) malice tolerant - so that if a node on the distributed system is injecting wrong information, it will be voted out by other good nodes.

Decentralization - control 

Decentralization is a CONTROL concept, not a physical concept. So distributed is a physical concept. In a network that is responsible for control, decisions needs to be made and agreed upon. What is the final state of Joe's bank account? Should the reverse thrusters be fired at 10:01 or 10:03? BFT is critical in a decentralized network - to ensure that far away nodes can make decisions.  BFT needs to handle both failure and malice. Malice can come in many forms : from sending the wrong data (Joe owes me $1,000 instead of $1) to jamming the network. Examples of the latter include email DDoS - remedied by asking the sending to do some work first before the sender's email is read by the receiver. 

BFT in Blockchain

Blockchain uses several different ways to keep its distributed nodes in sync (consistent). BFT is one. Another way is to use Proof of Work (Nakamoto Consensus) used by Bitcoin. Rather than using BFT, Bitcoin wants to see proof that the node did work before its vote is accepted. The work that a node needs to perform is very compute intensive, using up much energy and is frowned upon as a way to solve a consensus. Proof of Stake is slated to replace PoW.

Blockchain Refresh

- append only, making it immutable

- time stamped

- consensus 

- hashing : compress transactions, SHA256

- digital signature : private key (held secretly in a wallet) and public key (forms public address)

- chain : a block of data contains multiple transaction hash; and the following block has a hash of the current block so that changes to the current block will impact all blocks 

- store efficiently : in Merkle Tree (hash)

Conclusion

BFT is the science and art of making nodes in a decentralized environment stay sync (consistent) by providing a consensus (voting) mechanism that works robustly (failures are handled) and safely (malice proof). BFT is used in blockchain.

Hashcash : Before you get to vote/say, you need to work for it - to prevent noise/spam

Hashcash 

--- Email DDoS ---

Email is an essential tool in both business and personal life. XX% of small businesses still use email for order management (because they don’t want to setup an e-commerce site using Shopify, etc).  And YY% of people use email as the primary mode of communication. 

Email inbox can be flooded to the point it is full and cannot receive any more new email. So an email inbox that is full can disrupt business (orders are not received), disrupt personal lives (invitation to a birthday party is not received).

Evil people can easily disrupt a business or person by flooding their email inbox. So from a single computer, the evil person can automate sending thousands of emails an hour, with the goal of flooding the email inbox of the business or person. This is essentially free – there is no cost to create and send email. In the cybersecurity world, this is considered a Denial of Service (DoS) attack. If the evil person uses multiple computers to simultaneously send out thousands of emails per hour, this type of attack is call   ed Distributed of Denial of Service (DDoS).

There are several ways to reduce email inbox DDoS attack. 1) A firewall into the receipient’s email can be used to block a flood of email that is coming from the same email address. 2) Another method is to use a novel scheme created 30 years ago before firewalls became popular. It is called “Hashcash”. Hashcash, proposed by Adam Black in 1997, is a method that requires the sender to do some work before the sender can send an email.  Here is how it works (I think!)

• Sender sends email to recipient 
• Before sender accept recipient’s email, recipient sends a number (say 10) to the sender
• The sender takes the number (10), creates a random number (called nonce), computes the hash digest of the noonce, checks to see if the first 10 digits of the hash digest are 0s... if not, randomly create another nonce... until the first 10 digits of the hash digest are 0s
• guess NONCE1 -> HASH -> HASH_DIGEST_1; compare 1st 10 digits of HASH_DIGEST_1 to recipients request of 10 zeros; results is no
• guess NONCE2 -> HASH -> HASH_DIGEST_2; compare 1st 10 digits of HASH_DIGEST_2 to recipients request of 10 zeros; results is no
• This will take a while… and CPU resources … for the sender to compute 
• Sender sends the output (hash of data ABCD) to the recipient
• The recipient can easily verify that the hash is correct, and that the sender did do work 
• The recipients accepts sender’s email 

So asking the sender to do work before the recipient will accept the email should and will reduce spam.

--- Bitcoin Proof of Work ---

--- Amazon Retail E-commerce ---

Blockchain for capital markets - finally

Blockchain has now arrived at the commercialization stage after years of exploration and experimentation. It is one of  the de-facto technologies that can transform the traditionally  risk average and highly regulated capital markets. For example,  the World Economic Forum published a report titled “Digital Assets, Distributed Ledger Technology, and the Future of Capital Markets” (1) that in great details outlines how blockchain DLT can positively impact capital market usecases in the equity markets, debit markets, derivates, and more.

Today’s enterprises' and financial services' operating models are highly centralized, where transactions between two parties (say buyer and seller of an asset, or producer and consumer of a service) need to pass through several intermediaries (middleman). Examples of these intermediaries include stock brokers, banks, clearing houses, exchanges, which add costs, delays, and even mistakes into transactions. Decentralization will remove the intermediaries, which in turn will lower costs, reduce errors, and speed up transaction, as well as offering new services not possible with traditional centralized services. In addition, decentralization will remove single points of failure, potential censorship/disruption/corruption by a single (nefarious) actor, and creating trust where all transactions are recorded, verified, and replicated. Blockchain can decentralized enterprise operating model by providing a single source of trusted truth, augmented with the power of smart contract. 

(1) https://www.weforum.org/reports/338ea2d9-654a-45a0-a09b-7ca3cd8f248c

 

Decentralization vs Distributed

 Decentralization vs Distributed

Decentralization is a concept that pertains to HOW DECISIONS ARE MADE.  Examples are "decentralized decision making". So if a decision needs to be made, instead of asking a central authority (which might be SLOW, CORRUPT-ABLE, EXPENSIVE), you can spread the decision out for a CONSENSUS (via voting, etc).  So to make decisions in a decentralized manner, we need a way for peers to reach a consensus - perhaps via a voting mechanism. The Apollo-2343 had multiple parallel computers that needed to agree on the final state of the system, so a consensus machism was needed. Voting can be an IMPLEMENTATION of a consensys. 

Benefits of decentralization over centralization : Today’s enterprise operating model are highly centralized, where transactions between two parties (say buyer and seller of an asset, or producer and consumer of a service) need to pass through several intermediaries (middleman). Examples of these intermediaries include stock brokers, banks, clearing houses, exchanges, which add costs, delays, and even mistakes into transactions. Decentralization will remove the intermediaries, which in turn will lower costs, reduce errors, and speed up transaction, as well as offering new services not possible with traditional centralized services. In addition, decentralization will remove single points of failure, potential censorship by a single (nefarious) actor, and creating trust where all transactions are recorded, verified, and replicated. Blockchain can decentralized enterprise operating model by providing a single source of trusted truth, augmented with the power of smart contract. 

Distributed is a concept that pertains to COMPUTE. If you have a workload (say processing a movie that requires heavy compute), you can run it on your laptop, which is not distributed. Or you can run that same workload on a distributed compute environment, where multiple computers work in parallel to speed up the workload. The workload needs to be friendly/amiable to being broken up into smaller parallel workloads. As such, that is why the general type of technology that Blockchain derives from is called "Distributed Ledger Technology", or DLT.  

"Consensus",  usually brought up in the context of distributed systems, discusses how distributed systems (compute, storage) agree on the state of compute or storage.  

• Malice/bad tolerant (BFT) : 
• Paxos 
• PBFT (derived from Paxos)
• asynchronous
• leader (view), rotates
• need 3f+1 nodes to deal with f failure
• Crash tolerant : 
• Raft, an alternative to Paxos

New found love for IoT

As an EE who has worked on multiple facets of microcontrollers for longer than I care to admit, I thought that IoT (Internet-of-Things) will finally make microcontrollers sexy. Historically, microcontrollers have been relegated to performing the dirty work of task oriented compute - running inside washing machines, factories, and even spacecrafts. Hundreds of millions of units sold per annum easily - but no one knows or cares. So I switched to EDA (electronic design automation), to be closer to SW and away from HW.

My interest in IoT revived when I joined Oracle to promote their supply chain cloud emerging technologies group - including IoT. Looking at IoT from the enterprise angle made it much more attractive - almost sexy. Combining OT (operational technology) data with IT (information technology - such as ERP) suddenly propelled IoT into the minds of business leaders (in my case, supply chain business leaders) instead of  gEEky embedded controller guys. At Oracle, IoT had its own apps : Asset Monitoring, Fleet Management, Worker Safety, and Manufacturing. Doesn't take much imagination to know why IoT will help. The magic that Oracle brought to IoT is that we spent time to make the IoT apps attractive : status, control, analytics and AI are all natively shown. It was almost sexy - but not enough to see a strong demand. Perhaps we were talking to the wrong audience. Perhaps we were too expensive (Oracle treats IoT as a SaaS - so a subscription is needed). Perhaps the brand did not resonate. So again, I left IoT.

But what is rekindling my interest in IoT again? Home automation. Specifically a garage door app. 

With Chamberlain "myQ" garage door app kit, IoT can digitize the old tired "analog" world of a garage door, and can directly provide consumers with:

1) peace of mind : How many times have you wondered (in horror) if your garage door is opened or closed? Even if you are just upstairs to the garage, that trek downstairs to check on the garage seems so unnecessary.  

2) security : You want control over the garage door - when to close it, when to open it. From anywhere. You can even set a rule to close the garage automatically at 11PM.

3) insights : Right now, the data this provides is fun. But in the future, as you give others access to your garage (tenants, Airbnb, Amazon delivery, kids), insights will be more than just fun.

4) convenience: Voice control. Turning on the hallway lamp when the garage door opens. Lots of things can be triggered just by simply opening or closing a garage door.

Is IoT now sexy? Maybe not. But definitely not in buried in a washing machine. 

Why Blockchain Is Good For Financial Market Infrastructure

Financial market infrastructures (FMI) is the technology that enable trillions of dollars of capital to move globally on a nightly basis. Some of the infrastructure still runs on systems designed in the 1970s, including mainframe and COBOL. Blockchain is now starting to be deployed as a solution to modernize these systems, after years of trials and proof-of-concepts.  A key reason for blockchain adoption is that it  provides a single, decentralized source of truth, data verifiability and programmable assets to an ecosystem of market participants that currently maintain siloed ledgers.  In this session, we will share how financial services have deployed blockchain in order to enable new services, achieve greater efficiency,  and improve client service delivery.

Financial services has become one key application category for blockchain. Specifically, the benefits are seen in the backend machinery that powers financial services. The backend machinery for financial services is also called financial market infrastructure. Depending on the sub-category, the backend machinery can be paper based (no digitization), or multiple digitized systems running in separate siloes, with its own database.

Blockchain is transforming the infrastructure for financial market because it provides several key ingredients : a single TRUSTED source of truth, the intelligence of smart contract, and auditability.  That’s the power of blockchain -  providing multiple  transformative value in one technology adoption.   The repurchase (repo) market  is only the start. Any intra and inter enterprise transactions systems that passes through multiple siloes before completing a transaction process is now ripe to  be done in a fraction of the time – thanks to blockchain. 

"ls" on macOS : Simple commands to make looking for files easier

Looking for files (by size, date, type) can be made easier if you know a few simple Unix commands - as opposed to using a GUI file manager such as "Finder" on macOS. Here are some commands that I use on my Macbook Pro.

machine type : 

   Darwin Kernel Version 20.4.0: Thu Apr 22 21:46:47 PDT 2021; 

   root:xnu-7195.101.2~1/RELEASE_X86_64 x86_64

   macOS 11.3.1 (BigSur)

-ltr : newest on bottom (reverse time order)

       $ls -ltr

       drwxr-xr-x+   4 albchi  staff        128 Jul  5  2019 Public

       drwxr-xr-x  186 albchi  staff       5952 Jun  5 05:05 Txt # <- newest on bottom

-lt : oldest on bottom

      $ls -ltr

      drwxr-xr-x  186 albchi  staff       5952 Jun  5 05:05 Txt

      drwxr-xr-x+   4 albchi  staff        128 Jul  5  2019 Public # <- oldest on bottom

-l : alphabetical z on bottom, long format

     $ls -l

     drwxr-xr-x    9 albchi  staff        288 Aug 24  2020 0DevVersionMacos

     -rw-r--r--@   1 albchi  staff       3033 Feb 27  2020 xindex.html # <- alphabetically, z at bottom

-lr : alphabetical 0 on bottom, long format

      $ls -lr

      -rw-r--r--@   1 albchi  staff       3033 Feb 27  2020 xindex.html

      drwxr-xr-x    9 albchi  staff        288 Aug 24  2020 0DevVersionMacos # <- alphabetically, 0 at bottom

-p or -F : directories with slashes

     $  ls -F or ls -p

     Attic/ migrations/ truffle-config.js

     contracts/ test/

-d -- */: directory name only

     $ls -d -- */   # JekyllGithubNetlify/  JekyllRubyBuildWebSites/

-Slr : biggest on bottom

       $ls -Slr

       -rw-r--r--@   1 albchi  staff                0 May 13  2020 index_mini.html

       -rw-r--r--      1 albchi  staff  167905792 Oct 30  2020 Txt.tar # <- largest file on bottom

Cybersecurity 101

A quick introduction to cybersecurity

(note : I am writing this in a "top-down" approach; i.e. from business, risk management, to finally the role of cybersecurity. This duplicates the approach ISC2 took for its CISSP certification.)

Business Portion 

• Businesses (that have the luxury to think ahead) have a team and process to plan for risks, because risks can bring business to a halt
• The plan to address business risk is called a Business Continuity Plan (BCP). 
• The goal of the BCP is to secure (protect) assets, including such as people, equipment, building, and data - all needed to run a business. 
• BCP starts with ACCESSING the value of your assets : to do this, need to catalog all assets, and calculating the RISK impacting your business RISK = impact * probability
• Evaluate how you want to MANAGE the risk :
• accept the risk - it might happen but that's ok, loss of life is NOT OK
• mitigate the risk - reduce the risk using protection, training
• transfer the risk - buy insurance
• avoid the risk - move, don't do business
• reject the risk - deny that it will happen

• Security, as part of risk management, codifies how to protect people, property, data

policies : rules / law

procedures : steps

baseline : configuration

guidance : optional

• Information Security, a subset of security  : business needs a plan to protect the ALL data assets,  including physical (a printout of financial forecast) and electronic (code for the next software release), is protected against misuse and theft by governance, which entails:
• Cybersecurity, a subset of information security : focuses on electronic data at rest, in use, in motion

Tech Portion - Cyber Security

• CyberSecurity : is a subset of Information Security, and is focused on the electronic data aspect of Information Security

• What does CyberSecurity care about? the 3 CIA tenets (per ISC2):

• C = Confidentiality : keep sensitive data secret so that only authorized people can read it, usually via strong encryption; sometimes also called Privacy
• Encryption : DES, 3-DES, AES
• I = Integrity : no un-authorized changes to data, usually using hashing
• Hashing : MD5, SHA1, SHA2
• A = Availability : data can be used at the right time, right place

• Since the advent of the original CIA tenants, variants and additions, as seen from more modern interpretation of "CIA":
• Authenticity : data can be verified to be sent from originator, usually using digital signature
• Non-repudiation : sender of data cannot claim that they did not send it, usually using digital signature

• Access control follows the AAA framework
• Authentication : only allowed people can access information
• Authorization : allowed people doing allowed actions on information
• Accounting : logging of all activities centered around information 

Financial Services : Blockchain enables cost reduction and service revenue growth

Abstract 

Financial services is a considered a supersector by the U.S. Bureau of Labor Statistics. Just in the U.S. only, financial services contributed $1.5 trillion, or 7.4%, to the U.S. GDP.  But like all other products and services industry, the financial services is looking at digital transformation to both decrease cost and grow revenue. Blockchain is often one of the key technologies that elevates to the top of minds. What makes blockchain so useful in financial services? Quick answer :  it is blockchain's ability to provide a single source of truth to multiple systems, users, and places that make it powerful. 

Background

Financial services, just like any other enterprises, want to become more efficient and find new ways to make money. Digital transformation is often looked at as one of the enablers. An example can be seen here. 

Challenges in the Financial Services - Fintechs Disrupting Tradition

Financial services, due to its size, history, and regulatory constraints, is not keen to be agile and first adopters of digital transformation. However, disruption has already begun, arguably right under their noses. Some examples: 

• Payments : Stripe, valued at $115B, with a focus on on-line payments, eating potential into credit cards
• Stocks : Robinhood's offer of zero commission and its appeal to the future investors
• Savings : Bitcoin (cryptocurrency can be used as store, transfer of fiat money), elevating Coinbase

What is an incumbent to do?

Capital Markets in Financial Services

Within the financial services, there is a segment that serves the capital markets. Capital markets serve as the marketplace for 1) equity 2) debt. Like all markets, there are buyers and sellers. But instead of fruits or arts, capital markets match sellers of equity (shares of stocks) to buyers of equity, sellers of debt (loans, bonds) to buyers or debt. 

The systems used to line up sellers with buyers involves 1) process that relies on 2) financial market infrastructure (FMI) systems. The FMI system is considered critical in the eyes of the U.S. government - so much so that it is even governed. 

Focusing on the equity market scenario : a typical trade is done in three invisible steps: 1) execute 2) clearing 3) settlement. The execution step is focused on capturing the order at the exact time and price at the time of the order. The quickness of the execution step means that fiduciary checking of ownership in the underlying stock, and availability of funds, is deferred to later. that's where clearing comes in. and in the third step, the actual transferring of title of the stock to the buyer, and transference of funds to the seller, happens. This does not happen in real time : and is known as the T+2 phenomenon.  

Blockchain Value

The value of blockchain is that it will unify data that is 1) scattered across different systems 2) used by different, potential opposing, users 3) across the globe. Databases had a good start on this requirement with ACID requirements of a RDBMS system - but it was mostly designed for use by a single system, used by "one" users, and running locally. Distributed databases started to handle more of this, but did not handle "potentially opposing user". A way to handle this was via a consensus mechanism. 

Conclusion 

Blockchain can be an invaluable technology to the financial services sector because blockchain provides a single source of truth to tie multiple different systems together.  A single source of truth means that stock trades can happen at T+0 speeds, freeing up capital, offering more services into data, and keeping up with the Fintech evolution.