Blockchains, DeFi, DAO, and Web 3.0 in general, all carry the message of decentralization, and particularly of decentralizing financial systems. Decentralization means, for the most part, eliminating the trusted authorities that are involved in various types of transactions. Those transactions could be agreements (to be facilitated by decentralized smart contracts) and the transfer of funds in general (to be facilitated by Bitcoins and alike). Centralization of financial services is considered evil, because the middlemen often have their own incentives, and even when they don’t, they often charge a lot for their essential role in the system. As we move into the decentralized era, we have smart contracts, which enforce themselves using machine code, without a trusted executor, and Bitcoins, which carry value and can be transferred between people without them having to trust any specific or state-owned service provider. Nice.

This post is neither for nor against decentralization. As I see it, nothing can be said against what is essentially an option. A decentralized system is considered as such because it does not require a centralized authority, not because it does not allow one to exist. If you find that you really miss a middleman, then you can always appoint one. If you want the state bank to manage your Bitcoins, then nothing would prevent that. You get an option, and having options is always good.

This post discusses how suitable the current decentralized financial systems are, considering the world they operate in. My take, as the title may disclose, is that while decentralized systems are an excellent idea and a worthy option, their current implementation suffers from shortcomings that we will just have to fix before they can become mainstream. There are many shortcomings, of course, and who am I to even enumerate them, so I will focus on one: the decentralized systems today assume too much perfection; it’s not that they don’t work well — it is that they don’t fail well.

A few months ago I read an interesting post, which I felt compelled to write about. The post titled “Australian Court determines that an Artificial Intelligence system can be an inventor for the purposes of patent law” tells exactly what its title denotes. The case in question comes from the drugs industry, which has always been an avid user of the patent system, but one can easily see how the verdict can be applied to many (if not all) patent areas as well.

The article reads:

“In Australia, a first instance decision by Justice Beach of the Federal Court has provided some guidance: pursuant to Thaler v Commissioner of Patents (2021) FCA 879, an AI system can be the named inventor for an Australian patent application, with a person or corporation listed as the applicant for that patent, or a grantee of the patent.” [...] Worldwide, this is the first court decision determining that an AI system can be an inventor for the purposes of patent law.” [...] “The UK Intellectual Property Office (UKIPO), European Patent Office (EPO), and US Patent and Trademark Office (USPTO) each determined that an inventor must be a natural person.”

An appeal process is still ongoing, but this judgment still serves as an important milestone in the anticipated future of artificial intelligence, which bears enough resemblance to traditional human intelligence to demand similar treatment, first as art, and now also as the subject of patents.

I must admit that when I first read this article it seemed to me as a joke, and even a funny one at that. However, as I kept thinking about it, it made more and more sense. The purpose of this post is to take you through my thought process.

Just note that I am not a lawyer, not a patent attorney, and only express an opinion as someone who’s nowhere close to being authoritative on the subject.

On May 12^th, the Biden administration issued an Executive Order that was written to improve the overall security posture of software products that the government buys from the private sector. Recent events, such as the SolarWinds hack, contributed to the realization that such a move is necessary.

This Executive Order is a big deal. Of course, nothing will change overnight, but given the size and complexity of the software industry, as well as the overall culture behind software security (the culture of: “If the customer doesn’t see it — don’t spend money on it”), an Executive Order can probably yield the closest thing to immediate improvement that we could reasonably wish for. The US Government is a very large customer, and all major vendors will elect to comply with its requirements rather than cross it all off their addressable markets.

A lot has been written on how important it is for the government to use its buying power (if not its regulatory power) to drive vendors into shipping more secure products. Product security suffers from what could best be described as a market failure condition, which would call for such regulatory intervention.

To not overly repeat the mainstream media, I would like to focus on one unique aspect of the current Executive Order, and on how it can ignite a new trend that will change product and network security for the better. I’ll discuss true machine-readable security documentation.

An NFT (Non-Fungible Token) is a data structure that points at a particular data object in a unique way. See it as a way of naming digital objects, such as photos, texts, audio or video, in a way that allows referring to them with no ambiguity.

The ability to refer to data objects allows to “mention” them in transactions. This seemingly trivial ability, when combined with the ability to create immutable records of transactions (as provided by Blockchains), allows us to create immutable records that refer to data objects.

Technically, NFTs do not require blockchains. You could take a photo of a cat, create an NFT for this photo, which is essentially a unique pointer to (or: a descriptor of) it, and then go on to write a real contract on paper that says “this photo of a cat, bearing this unique ID, is hereby assigned to John Smith”, whatever this assignment means.

Blockchains and smart contract technologies allow for such digital agreements to be stored in a public immutable record that does not allow anyone to change it once it was written. The combination of NFTs and blockchain-based smart contracts thus allows us to securely record agreements that declare ownership of digital goods. If you have any file (photo, text, video, etc.), you can create an attestation that tells the entire world that you assign this file to be owned by whoever. What does this “ownership” mean? – Good question; but whatever it means, billions of dollars have already been paid towards such ownerships. Is this real? The money surely is, but is also the value?

Our digital lives are more or less governed by very few providers of products and services. Our desktop computing is almost invariably based on Microsoft Windows, our document collaboration is most likely based on either Google Docs or on O365, our instant messaging is either Whatsapp or Slack, our video collaboration is either Teams or Zoom, etc. Given the prevalence of digital life and work, you would expect more options to exist. However, all those large pies seem to each be divided into just a few thick slices each. Those lucky providers that won their dominance did so by catering to the needs of the masses while serving their own agendas, or more accurately: by serving their own agendas while giving enough to make their products preferable by the masses.

Customers appreciate ease of deployment and ease of use, and all of the dominant products excel in that. However, customers never said anything too explicit about security and customers never demanded data sovereignty. Those properties are also very non-compelling for some providers, either because they increase cost, because they prevent lock-in, or because they hinder business models that rely on using customer data. The vast majority of customers never really required, and hence never really got, anything more than ease of use and ease of deployment, along a few key functional features. For most customers, this is enough, but customers who also require security, privacy, and/or data sovereignty, face a challenge when working out alternatives.

But alternatives do exist, for desktop computing, for collaboration and for messaging and video communication. Those alternatives play an important role in our digital ecosystem, even if most people never care to use them.

The term “network neutrality” is mentioned very often lately; also in the context of FCC ruling, such as here, and here. Since the definition of net neutrality is not always clear, this topic is not subject to as much public debate as it probably should. Here is my take of what network neutrality is, and why it is difficult to regulate and enforce. I will start with my proposed technical and service-related definition of “network neutrality", and will follow with a brief explanation of why this is both difficult and important.

Many had high expectations from the SSL/TLS certificate model. At least on paper it sounded promising and worthwhile. Keys are used to protect traffic; for this to be effective, keys shall be bound to business entities; for the binding to be trustworthy by the public, binding will be signed by Certification Authorities (CAs), which the public will recognize as authoritative. Once the trusted CA signs the binding between a business entity (represented by a domain name) and a key — every user can tell he is communicating securely with the correct entity.

In practice, it got all messed up. It is difficult to form authorization hierarchies on the global Internet, this is one thing. However, the model failed also due to the economics behind it.