#Notes

Audits on the Blockchain

Here is how blockchain technology could offer transparent audits of transactions with various use cases and end-user benefits.

au·dit (verb)
conduct an official examination (of an individual’s or organization’s records).

Checking the Math

Audits are exercises in checking the math. Blockchains can make this an open and verifiable process, unlocking a lot of value and time.

Blockchain technology creates a distributed, open ledger that contains a record of all transactions and transformations to the chain over time. The rules are also out in the open so that we can know the process by which a transaction is confirmed and legitimate without needing to trust any of the parties.

If I keep a copy of the network’s ledger, and diligently check everyone’s math, I can be sure that everyone played by the rules when conducting their transactions.

For this kind of network to work there has to be value in playing by the rules, being a referee, and in the ability to audit all players. Users will come to these kinds of networks because of the utility they provide. Whether the rules are worth agreeing to will be a function of that value the network unlocks for its users.

Bitcoin and its blockchain so far have been valuable to any number of people as a digital, auditable record of exchange. If users play by the rules, they can confirm that a digital asset has changed owners. Miners act as independent auditors because they get a cut of each transaction they confirm first and broadcast to the network.

Everyone gets a copy of the updated ledger, and can then conduct an audit for themselves, verifying that the asset did change hands. The innovation of the blockchain is that when you conduct the audit, you don’t have to trust any of the parties. If you run the numbers, you can know they all played by the rules.

Basic digital transfers are only the first of many uses for such an open and auditable system.

Audits Today

Our current systems of audit are fundamentally opposite the kind of radical transparency offered by the blockchain. We offload most of the process to centralized third-parties, giving them our implicit trust.

In a typical month, an average individual in America will trust thousands of such organizations.

When she gets a medical bill with deductions from her insurance, she trusts that the numbers are correct. To pay the bill with her credit card or checking account, she trusts a huge network of entities to transfer and confirm the transaction.

All of her utilities are run by centralized third-parties. She trusts that the meters that measure her water, electricity usage and gas, and the various prices quoted by her energy company are correct and accurate.

Her access to wireless networks for her cell phone and wired networks for her internet connection are set by various carriers.

When she buys a piece of clothing, she trusts that the workers were paid a fair wage in humane working conditions.

At work, the process that govern her payroll, 401k investments and healthcare are handled by vendors.

When she pays her taxes, she assumes the money for Social Security, Medicare and her state and city taxes are filled, stored and dispensed with correctly.

All of the records of her savings and investments are kept by third parties.

When she logs on to any website, she trusts them with her data and privacy.

We outsource the audits of all of these processes to accountants, lawyers and civil servants. We trust these individuals to check the math for us, and to apply just penalties for breaking the rules.

It works until it doesn’t.1234

We live in a state of suspended belief, trusting these systems implicitly. As individuals, there is little opportunity for us to verify our trust in the institutions and organizations we rely on.

Audits Tomorrow

All of this offers a classic opportunity.

Compare any of the typical third-parties that you trust on a day-to-day basis. Would an auditable record of their actions be useful?

For example, it could be useful to know that your utilities are coming at a fair price. Or exactly how your tax payments are being used. Or where a public company is spending their money.

Moving any of these services to a blockchain model allows this kind of radical transparency. Software to analyze and report on transactions on a blockchain would give individuals the ability to audit the network, verifying that everyone plays by the rules.

We may find that our trust in some organizations is misplaced. It is possible, even likely, that many of these third-parties are cheating the current system.

Far superior products are coming to market that offer open and honest records of business. The utility of the distributed, record, available for anyone to audit and confirm is only in its beginning stages.

Expect to see many more interesting use cases as the technology matures.

The Return of Static Websites

Everything old is new again and static websites are making a comeback.

To start, here is some ancient history. The first website I ever coded was a static index.html, uploaded to a server somewhere and then available for the world to see.

Since, we’ve abstracted the process of creating websites to Content Management Systems. The most popular like WordPress and Drupal are dynamic systems built around a database and PHP. CMS are easy for users and allow a lot of flexibility.

But they have key downsides. The architecture can become bloated and slow, especially for simple websites. Speed over the wire becomes an issue, especially if you are working off a slower internet connection over or on a mobile device. These sites also can be security risks, and carry a large attack surface.

As other development tools have evolved, we’ve thought of ways to incorporate benefits from the CMS user experience, and combine it with the stability and security of static websites. Already these techniques are allowing large organizations to manage various levels of content. As the tools evolve, we are likely to see even more creative applications come to life.

One of my favorite examples is 1Password, who use a static site because of the high-level of security. Their documentation site is built with Hugo, a static site generator written in Go. It doesn’t stop the site from being beautiful, fast, and clear.

There is a whole cult of these catalogued at JAMStack, proving that branding is almost everything when it comes to reviving old web technologies.

Because what tools like Hugo and other static site generators do is a fancy version of that first site I coded. It is the opposite of the database-driven website.

This approach comes with a host of benefits.

The site is faster across all contexts. Files live right on the server without needing queries to the database. Over mobile and slower connections, this can make all the difference in a site experience.

The attack surface is drastically reduced. With no database and no PHP, there is little to try and exploit from the site architecture. The site is maintained within a file structure, easily checked and backed up regardless of server.

So if we’re not sacrificing on speed and security, what is the downside of static sites?

It used to be that they were difficult for users to manage, and didn’t offer the same kind of non-technical editing experience offered by a CMS. Their lack of dynamic content limited features like comments and real-time posting.

This is changing. Some of the new tools like Forestry and NetlifyCMS are providing graphical interfaces for static sites. Third-party services have stepped in with options to take care of the functionality seamlessly. Forms, comments, discussion boards, etc. are all easily packaged in SaaS applications. These technologies are still in their early days, but they will continue to evolve and grow.

In cases where we may not need the full capabilities of a CMS, we should not just settle for the familiar option. In building out new sites, we should continue to evaluate the necessary features of the tools and technologies we use against their tradeoffs.

Static sites are a viable an option for many projects. Their speed and security may win the day as their ease-of-use improves with new tools.