Although blockchain technology has been tainted by scammers, the core idea of distributed consensus is relevant for certain edge applications. This episode of Utilizing Edge focuses on practical application of blockchain technology in edge and IoT, featuring Jason Benedicic, Alastair Cooke, and Stephen Foskett. Two key concepts in blockchain are the distributed ledger and consensus approach. There is a lot of work being done to apply blockchain in medical, finance, IoT, and proof of provenance. Although many applications can rely on authority or quorum, larger and more heterogeneous applications might benefit from consensus instead. The other aspect of blockchain, chain of custody and immutability of data, is potentially relevant in preventing supply chain attacks and dealing with transient devices. It’s important to remember that many of the things that have put people off blockchain, from financialization to public exposure of transactions, are not necessarily required in all blockchains.
Hosts and Guest:
Stephen Foskett, Organizer of the Tech Field Day Event Series, part of The Futurum Group. Find Stephen’s writing at GestaltIT.com, on Twitter at @SFoskett, or on Mastodon at @[email protected].
Alastair Cooke, independent analyst and consultant working with virtualization and data center technologies. Connect with Alastair on LinkedIn and Twitter. Read his articles on his website.
Jason Benedicic, Professional IT Consultant focused on Kubernetes, Cloud, and Platform Engineering. you can connect with Jason on LinkedIn and on Twitter and read more about his work on his website.
Follow the podcast on Twitter at @UtilizingTech, on Mastodon at @[email protected], or watch the video version on the Gestalt IT YouTube channel.
Transcript:
Stephen Foskett: Welcome to Utilizing Tech, the podcast about emerging technology from Gestalt IT. This season of Utilizing Tech focuses on edge computing which demands a new approach to compute, storage, networking, and more. I’m your host Stephen Foskett, organizer of Tech Field Day and publisher of Gestalt IT. Joining me today as my co-host is Mr. Alastair Cooke. Welcome to the show.
Alastiar Cooke: Thanks Stephen, it’s always a pleasure to be here and it’s always a pleasure to talk to the guests that you find for us.
Stephen: Well it’s always, it’s especially a pleasure when these are folks that we’ve known a long time and I think that we’ve really been able to connect with at Field Day events, especially. I think that today’s topic is going to strike some of our listeners as kind of a face palm moment because we’re talking about the intersection of edge with other technologies like blockchain and IoT, and I know that some people out there are saying oh no oh no not blockchain. I heard about that, my mom heard about that, but there’s more to it than that.
Alastiar: Yeah I think there always has been more to blockchain than than what was covered in the mainstream media. There’s always been potential for more. So although the title of this podcast makes it look more like utilizing buzzwords, we really are going to look at practical real world use of technology that isn’t just about producing a hype bubble that lines somebody’s market and this promise of doing real things with blockchain has been around for a while and I’m really interested to hear about what’s actually happening with blockchain and business benefit from blockchain.
Stephen: Yeah again the promise and premise of this podcast series the utilizing word means making practical use of and that’s really what we focus on and it was a little challenging I got to say when we did Utilizing AI for three seasons because at that point we weren’t yet in the chat GPT and GenAI era. It was a little challenging when we were talking about CXL because that technology was just coming to market. But we did it and we’re here with Edge in the same thing. So I’d like to welcome as our guest today, an Edge Field Day and other Tech Field Day delegate, somebody that I’ve known for quite a while. Mr Jason Benedicic. Thank you so much for joining us Jason.
Jason Benedicic: Thank you for having me, it’s a pleasure as always. Jason Benedicic as Stephen said I’m a consultant and analyst and writer are based in the UK, a big long history across sort of technology, but a more passionate focus over the last few years of Edge and Kubernetes and cloud and more recently getting into blockchain technology and let me address that, like, yes there is cryptocurrency and the NFTs and other things that you see that have made themselves into the media in a number of ways, from some good some bad, but the core technology underpinning the blockchain is a distributed database technology effectively. It’s a way of consensus computing and agreeing on what’s happened and there’s a lot of real practical use cases for this and that’s really what I wanted to to kind of talk about it is too bad because I feel like the the whole concept has been tainted by basically scammers and you know I don’t want to swear on a non-explicit podcast but people who are greedy and trying to take advantage of other people.
Stephen: And that’s really too bad because as you said from the very beginning it’s been pretty obvious that blockchain technology was an interesting technology with some potential use cases. As you said as well a sort of a democratic way of defining reality in a database you know what is the the consensus of this data set and that is actually a really interesting an interesting concept when it comes to uh things like Edge and IoT where you have a large set of independent entities that have to or that ought to come to some consensus but might be disconnected, they might be new, they might be old, they might come from different people, from different directions. I can see that it would be important to have that kind of consensus technology and that’s what you’re talking about right?
Jason: yeah pretty much I mean it’s a, there’s a few aspects of this. There’s as compute power is available further down the stack, we’re used to you know, from a blockchain perspective we’re used to having big miners or you know Asics and things that because it’s a very hard computational problem usually especially in proof of work. So you’re used to seeing you know, this is a fairly well concentrated into the data center piece but as things, technology evolves and I’ve been reading recently about a project called Terra Node which looks to accelerate one of the blockchain technologies into you know the highest throughput that we’ve heard about from blockchain in here in a long time. That the idea of distributing this out even further as compute power gets bigger as we can do more in different areas and you and Ispeak a lot about different emerging Technologies the way that chiplets are being designed, the way the GPU technologies and other Asics and FPGAs for kind of offloading and distributed systems are coming together really well to form you know, a whole new ecosystem of opportunity. So we’ve got the ability to spread out the blockchain processing across the edge as well as using blockchain technologies to kind of verify and secure Edge in IoT. Do there’s kind of two angles we can look at this as well.
Alastiar: I think the aspect that there are two very distinct angles here one is is that building that consensus-based distributed view of what the truth is and then separate from that is the actual Ledger idea the immutable Ledger component and these two can be used completely separately, right. You can use that immutable ledger to say we are certain that the data we’re now processing is the data that was first presented. Even if it was presented somewhere else you don’t have to have the distributed consensus to have that a ledger component but I think there’s some really interesting use cases around the distributed consensus because there’s scenarios around IoT where you have a large number of sensors, each of which has a relatively low reliability and so a consensus-based view of what reality is can be really beneficial in improving the quality overall of of that data that’s coming back from these relatively low reliability sensors. Have you seen that actually being done by real world customers Jason?
Jason: So I think what we’re seeing is a lot of research in the medical space for this. I’ve been reading some good papers recently where we’re looking at different kinds of medical devices that can be monitored whether that’s in the home or outside of a medical setting for things like monitoring of people, especially like maybe the elderly maybe you know did they fall, are they looking more unstable, and kind of taking that and using that data across maybe multiple data sets and from different sensors and then having some form of consensus on that and that the data was generated from the right, the devices that the security and the identities were correct and those sorts of things and making sure that you know we’ve got a kind of chain of custody and understanding of where the data was coming from.
Stephen: Yeah when it comes to the question of consensus, I think that one of the things, well that I would sort of ask about but also sort of insist on it certainly is possible, I mean one of the biggest criticisms of blockchain technology apart from the proof of work energy usage and the scams and everything, but you know if you look at the blockchain itself one of the big questions is why do we need consensus when we can have sort of an authority that just decides on consensus because most IT systems, most technical systems essentially work on an authority basis, not a consensus basis. In other words, if we’re building a cluster you know we need three nodes so that we can have kind of a two out of three vote that says no this is the right thing. It’s the same with raid, it’s the same with basically everything in it and it’s also the same when it comes to finance. So if you look at you know any kind of, even among peers or among the vast system that you’d think blockchain would make sense there, a lot of the times you can sort of boil it down and say no no, we can go back to Authority, not consensus you know. We can say MasterCard decides which transaction is valid we can say this medical device manufacturer is the ultimate Arbiter of which of these are legit devices and which of them aren’t. So when do we need consensus technology specifically as opposed to a centralized authority-based approach?
Jason: I mean in things that are highly regulated like you mentioned Finance. There if we have a centralized approach let’s just say that this information was going back into a database for example, I can, a rogue actor could go back and change a database record but when we look at immutable Ledgers and consensus and a lot of the, there’s a lot of talk about you know, being public and that this is public records but that what you can use and what a lot of use case of the blockchain is for is for taking hash records so it’s a time stamped proof of what you said happened happened and everybody can agree on it and the good thing about the way the hashing and those things, those technologies work is that even if I change the smallest bit of data, that hash has changed. So if I change the case sensitivity, if I uppercase, if I add a full stop, if I add a space somewhere else, if the data had changed, I’ve got that record. I can say if I hash this again it doesn’t match the hash that was there and that everybody agreed on people. It gives you ways to prove provenance, it gives you ways to you know highlight when things have changed and selectively disclose information. I actually watched a an interesting piece from one of the prominent researchers in this space talking about how we can work on systems for storing data where you can selectively disclose, especially like in government or areas where you know, they have to redact certain things. So you can say we can attest to the fact that there was a group agreement that at the time this document was written. This is what it said. And you can then check that even if you’ve been given a redactive piece of that information, that the redacted part of the information you were given is still true to that provenance and that’s really powerful.
Stephen: Yeah I think that indeed those are the kind of applications I think that benefit the most from blockchain’s consensus approach is you know when you really don’t have authority or quorum and you really need to get somewhere and to me it’s about having a lot of heterogeneous systems that don’t all trust each other or can’t all be trusted all interacting. So from in terms of blockchain consensus you know, if you look at the mess that is IoT that makes sense to me because essentially you have tons of manufacturers working on tons of different devices with all different software, it makes sense that consensus may be valuable in that scenario and it’s the same with a lot of other things. And the provenance question is important too because that’s I think to me on the other side of blockchain the sort of distributed Ledger and sort of the the proof of reality providence is to me the most important application of that technology I need to know for sure that this hasn’t been mucked with and how can I do that. Well a good way to do that is to have mathematical checksums or some authority that tells you that’s how it is. But you know the blockchain provenance has actually has been fairly well proven even despite all the cryptocurrency and NFT stuff right?
Alastair: Yeah I think this is one of the things I want to come back to is is Stephen’s definition of master versus consensus and a three-node cluster that reaches a majority decision as a form of consensus. The form of authority would be in an IT sense would be Windows PDC emulator that has the authority to issue identities and the sole authority. It doesn’t require anything else to confirm those identities so absolutely the separation of authority from consensus is an important aspect and very useful way of using blockchain but I think that a mutable governance of data that non-repudiation of changes. Essentially the chain of custody of data is probably the most business valuable part of this that the medical device that’s monitoring a patient hasn’t been tampered with by a bad actor, hasn’t been tampered with by the person who’s being monitored to produce a better result so they have to pay less for their insurance. There’s that’s a whole chain of custody of data is becoming I think more important as the data is being generated in places that we trust less and so that again that chain being rooted on something we have more control of quite separately from the consensus piece. We can still have that Central Authority and I saw this first come up when AWS started offering services. There quantum Ledger database has a central source of authority but has that chain of provenance on the data that solves a bunch of business problems and so it is quite clear that there are two different sets of business problems that can be solved and in the use cases that we’ve seen of the crypto bro use cases that the two have been used together but they don’t have to be.
Jason: Yeah yeah, that’s very true that there’s a whole number of underlying technologies that make up the, I know they commonly often refer to as like the web 3 stack, but you’ve got a whole number of things around. So the immutable Ledger is a part the way that consensus works and there are other things that are coming out. So we see it a lot in like the consumer side with what they call wallets where you store things but if you look into that a bit further where you’ve got like distributed identity services and is this person really who they say they are and can we validate their identity based on a surf encryption keys. And so there’s, it’s kind of like a whole series, a whole set of layers of technology that are underpinned here that all have a really large benefit for moving forward I meanum I like to think about some of the things that could happen with distributed identity. I can prove who I am consistently and you know through that majority consensus of and not have to keep signing up to things or have to prove myself to a government or a body or you know employment checks or other things like that. There’s some really nice things there that can work. And I was back to a previous thought about when we’re talking about IoT and that the other thing about that consensus or that provenance is also for things that have kind of sporadic connectivity or things that can get slightly altered. And how I think about this from an edge is I can, I’ve got local connectivity to my to my Edge from IoT devices and I can make all my checksums, I can check everything was good there and then that data goes back to the cloud. I can then compare it like was there anything, was there a lot of transmission was there, did the data get you know had adjusted in flight or did we lose some of it and you’ve got that whole like layering it together. It really worked well in this kind of Edge and IoT world.
Stephen: Yeah I really like the idea of that chain of custody too as when you’re talking about again IoT or remote devices, you know something that has come up on our conversations is the well the necessity to have zero-touch administration of systems and the reality that in many cases those systems may pass through different hands and so it would be nice to know sort of or sure is this exactly what I think it is. And I don’t necessarily just mean like a server or something like that. I mean I’m thinking you know sensors, intermittent connectivity, I could see a scenario where we could have, I don’t know, attacks against these systems that would involve replacing components and you’d have to make sure that you could have you know, repudiatable or non-repudiatable, I don’t know which way it is, but you know that you could make sure that the component that you’re getting this data from really is who you think it is and it’s been in the right hands and so on. I’m not sure how that works but it seems to me that that would be a good application.
Jason: Yeah and I kind of seem to remember like I added some work in Kubernetes at the edge a couple of years ago with with GigaOm and I remember talking to one company I can’t think of who it was off the top of my head but there was talking about like attestation that the hardware is what it says it is by checksums and block you know bios level information and TPMs and those things. That’s you know really interesting that I could from manufacture write that information to a blockchain and people could check it every step of the way and say this device hasn’t been tampered with, the firmware checksums check out, the software here nd5 checks out. Everything checks out across the whole life cycle of the device created with the grave. That’s really good for thinking about supply chain attacks and things like that.
Alastiar: Yeah and I think we saw some of this from ZEDEDA at Edge Field Day about that hardened device and using cryptographic verification. I didn’t pick up whether they were going through the entire life cycle of the device or just doing a point in time because of course you know verifying that all of the checksums all match up right now is one thing but knowing that every time those things change it’s in a way that we’ve controlled and that’s what the blockchain would give us. I wasn’t clear whether ZEDEDA had gone there but it seemed like a logical place to be going because over the life cycle of that device at the edge, there are going to be changes to the device and you want to be certain that those all of those changes were made in a way that is governed by Central IT. That’s the sort of use case where you do one Central Authority but you definitely want then that that amusable ledger of change. It’d be interesting to see that go even further into having the the things like container images or the layers in your Docker images and although they’re they’re check summed that’s not quite the same as having that attestation that they’ve never been modified along the way. You could very carefully craft an attack layer in that image to match the same checksom but if you’re using a full crypto, it might be a little easier to protect.
Stephen: Yeah exactly and and that’s a really interesting thought because I’m trying to get my hands around a really protect practical application here and container images is a great idea because it passes through various hands you know and it has various stages and you want to be able to go back and look at the Providence of that image so if those of you listening aren’t aware of how this works I mean basically I blame Docker but essentially most containers use sort of um an overlay file system which says basically here’s the file system and then and if you make any changes to it, that becomes a new or you check in, chain you know, a set of changes that becomes a new layer and think of that layer as sort of a card with holes in it so you can see the previous layer through the holes and you can see the new data on the card and then another card with holes on it is overlaid and another one is overlaid and that’s fundamentally how a lot of container images work. And if you can think about it that way maybe it would be good to know the prominence of each of those layers, Now currently we do know that because we have checksums and we have a central Authority called GitHub that verifies that layer, is the layer that I think it is but I think that there’s a world beyond that sort of Microsoft will tell us if this is okay kind of world right?
Jason: That’s a really interesting use case, now you’ve got my brain really going into overdrive. It’s like this could be used for distributed software builder material checking and other things like you know, to ensure that CVEs have been patched like this you know historic Ledger that’s immutable and you know agreed upon that we’ve you know, we know that there isn’t a central actor that can go back and change the record as it was. This checks I’m real and you know when you’re, because if you’re going to be doing like a supply chain attack or something and that wasn’t consensus centralized sorry system without the consensus, you could attack that part of the supply chain as well and change the checksums and you’ve got no way of knowing the history or where that changed. Whereas if you start to bring this into a blockchain in that immutable Ledger you’ve got history. Did that checksum really change at that point or not? And that looks like a really good use case.
Alastair: Yeah particularly as we’re seeing this rise of, I can’t remember the phrase for it, but setting up public repositories that match the name of private code repositories and that that’s one of the attack vectors that are being used to get hostile code inside your application. Again if we were using I’d rather have a good hash than just a checksum but have have a chain of hashes that identify that this is still the latest version of the repo I’m expecting to use rather than some hostile repo that’s come in and made changes that aren’t validated, you know have would be a huge benefit to be able to identify that and close out one of those attack vectors.
Stephen: I’d also point out that unlike you know, how the application of blockchain and in cryptocurrency and NFTs and so on, blockchains don’t necessarily have to be public. They can be private and yet still but visible to anybody that’s participating in that blockchain because one of the things I think that people have sort of I don’t know, learned about cryptocurrency is if you send somebody some Bitcoin everybody knows that you sent that Bitcoin unless you do some nefarious thing to mix it and and merge it but even there you know they apparently can kind of track through and figure it out to some extent. That may not be desirable in a distributing system images or verifying IoT devices or something you may not want everybody to see the entire history of the Ledger but you probably do want everybody that’s participating in that community to see that and I think that that’s I guess maybe a limiting factor toward using this technology, that sort of public aspect.
Jason: So there’s a few ways that you can kind of do that in the, usually we do have private blockchains and there’s quite a number of them out there and AVR every rest of them. Microsoft have them, IBM have got some and yeah for some of those use cases you may want a private hidden away Ledger. Something that you know you want to keep to a certain community or whatever else. But there’s also ways of you know working with the prior the public ones and still preserving some level of secrecy or privacy that you need, it could be that you encrypt the data before it goes to the chain and only supply the keys to the participants, it could be that you’re you’re using and something that I don’t know huge amounts, but it gets used a lot in the discussions is like Merkle trees and local proofs and you are only supplying one part. So you supply the root of the Merkel tree the hash from that and you and the amount of the positions in the tree. You supply that data but not all of the data and you can and see if any part of it changed from the route but you don’t know the underlying data necessarily. And then there’s something else that I’ve recently started reading about and it’s a kind of a new, to me, technology but I believe they use it in sort of AI ML and those things as well. It’s called homomorphic encryption, where you can encrypt the data and someone can work on it without decrypting it and I think that’s probably got a huge place in these public systems in the future at very early stages from what I understand. There are some, it’s used in some places it’s only been around for a few years, a guy from IBM one of the people first to bring it to market. But I think we’re just at this great inflection point of technology where so many things are changing and coming together that we’ve got a really bright future for securing software for securing industry and things like that.
Alastair: I think it really is important as we start thinking about this era of using blockchain in real IT is to try and throw off some of the stigma that came to blockchain with cryptocurrencies and NFTs and the various bubbles that came along and look at it as an enabling technology that’s going to disappear under the covers. Eventually it’s going to become boring and at that point it’s actually going to be really useful. These things are often quite tightly coupled together but it does seem we’re fairly early on in adoption and that a lot of the larger enterprise organizations don’t necessarily view it as a necessary solution to problems. I think we’re increasingly seeing but there are problems that it can solve very well that are hard to solve in any other way. So I think you’re right Jason that there’s quite a lot of future in blockchain as a solution to real world problems rather than just a get rich quick scheme.
Jason: Yeah absolutely and I mean I was a skeptic at first when I started looking into this because I hadn’t got the technology background I had the what’s in the media. I had the what do we hear about and you know the speculative nature of cryptocurrency. It’s not very powerful some people but when I started really to look under the hood you’ve got some really amazing technology with sound mathematical concepts and sound security principles that can be applied to large enterprise use cases and even smaller enterprise use cases but they have a really good solution here for a lot of problems that maybe we didn’t realize. We had, so as we spoke about you know software builder materials or you know device provenance maybe we didn’t realize until now, we have a solution for those waiting for us.
Stephen: Yeah and I think that that’s really the root of what we’ve been trying to get at here on Utilizing Tech this whole time. I think it’s easy to get wrapped up in the hype about technologies, whether it’s AI or Edge or blockchain or IoT or whatever we want to talk about next but you know I think it’s incumbent upon technology focused people like ourselves to really sort of say wait wait wait, let’s not throw the baby out with the bath water, let’s think about what makes sense here in terms of you know, how can we use this this inappropriate way and unfortunately a lot of blockchain has been you know, tarred by people in terms of thinking of it only as a cryptocurrency scam or something like that, but that’s not really what this technology could be. And similarly I do have to bring back up proof of work is not the only technology out there. Yes it is incredibly wasteful of energy you’re right, the listener who’s yelling at me right now and you but there are other proofs so either has moved to proof of stake and it seems to be working pretty well. Chia uses proof of space and compute and time. Actually they call it space and time and that seems to be working okay though it’s kind of wasteful of something else and you know storage. But you know there are aspects that we’ve talked about here in terms of you know, the consensus concepts in terms of the Ledger, the immutable Ledger that isn’t owned by any one entity. You know I love what Alastair said about you know hey, how do you know that those checksums are right. Again it all comes down to trust. What if you can’t trust and we have to figure out a way around that. So that’s, and the other thing I’ll bring into it again, I don’t want to make it, I don’t want to excuse a lot of the crazy stuff that’s gone on with NFTs, but you know if you look at a lot of these blockchains they can do things other than pass tokens around. They can be used for compute and as well in some aspects. Now I’m not saying that we should have you know be running high performance computing on the blockchain, what I’m saying is that you can do things like smart contracts that aren’t scams and you could maybe use that in ways you know to have cryptographic security and things too. So to me it does seem like there’s, there are applications of this and I just can’t wait to see where it goes in the future. So thank you so much Jason for bringing this utilizing buzzwords to our attention and giving us a chance to sort of ponder about how this isn’t just buzzwords and how this is real and how this could be real in the future especially with edge computing. If people want to continue this conversation Jason where can they where can they find you?
Jason: So I’m still on Twitter, X, so at JBenedicic. I’m kind of Fairly active there but I also write on my own site www.thedatacenterpoint.com and obviously you can find some of the previous stuff I’ve done with Tech Field Day and you can always catch me on LinkedIn. I mean that’s probably the most important place to get me and that’s just my name Jason Benedicic.
Alastair: You can find me online as DemitasseNZ or demitest.co.nz for my website and you’ll find me in person at future events, Tech Field Day events as well as at the upcoming VMware explore in Barcelona in November and looking forward to having more conversations about real world solutions with technology.
Stephen: Yeah absolutely and you can find me here on Utilizing Edge weekly. You can find me also most weeks the On-Premise IT podcast and the Gestalt IT News Rundown. And I am very much looking forward to our forthcoming Edge Field Day event. We’ve got a really cool set of companies joining us, a lot of very familiar systems companies, let’s say, are going to be presenting there I don’t want to spill the beans too much, but it looks like we may have pretty much the whole ecosystem of server platform providers um at least interested if not committed yet and so tune in for that. Also if you’ve enjoyed this conversation we’ve had a lot of great conversations here on Utilizing Edge so go to UtilizingTech.com to find a complete list of these episodes of season five. You can also find season four Utilizing CXL and seasons one through three which was utilizing AI, just go to UtilizingTech.com for that. This podcast is brought to you by GestaltIT.com, your home for it coverage from across the Enterprise. You can also find us on Twitter or Mastodon at Utilizing Tech. thanks for listening and we will see you next week.