Category: Sector

Categories
Blockchain Supply Chain Technology

How blockchain traceability can change your organization

Businesses, governments – various entities can benefit from decentralization. However, even criminals may derive some use from decentralized operation modes and various cryptographic primitives. The goals and objectives of those three categories of organizations are different, so the way blockchain traceability can be used also varies. I’ll look at predictive markets, DAOs …and crypto anonymity.

Businesses and blockchain traceability & transparency

Businesses (for-profit organizations) owned by  groups of shareholders often value the transparency of the way the organization is run. Those organizations aren’t led by a single person, but by an elected group of directors. The most fundamental feature of businesses governed by smart contracts is that all of the transactions and decisions are stored in a publicly verifiable ledger. This sort of businesses can be called a DAO (a decentralized organization). No director can refute the decisions they make, as their cryptographic signatures can’t be forged (direct accountability).

In DAOs, shareholders or members also have a direct and immediate impact on the direction of growth and future decisions. All costs or expenses in organizations like that are accountable, including employee remuneration. In an environment like that any gender, religious, political or other biases can’t exist.

Governments and prediction markets

Governments run in a decentralized mode are a form of a larger DAO. There are some thought experiments to organize governments in the form of a futarchy. In a futarchy, the legislative branch bases on the results of prediction markets. Prediction markets are sort of like betting or voting systems, and they proved to be an accurate way of extracting value from the wisdom of crowds. Any citizen participating in nation-wide prediction markets can have an immediate impact on the bills passed. What’s more, they can easily see the impact of those bills on their own welfare. That’s probably the best form of traceability that exists!

As the decisions are transparent (and the assets/value allocation is transparent) the money allocation to projects/bills is unbiased, and the money is assigned to objectively the best contractors. We won’t see any shady connections between government representatives and their families or friends.

Criminal organizations – blockchain traceability vs. anonymity

Speaking of shady. There’s something we should be aware of. Criminals can also use the blockchain in creative ways, sadly. For example, let’s look at markets that trade in illicit goods or those offering nefarious services. The objective is to tangle up all the dealings and transactions conducted to hide both the nature and the parties to the transaction. Seems like something that just won’t work on the blockchain? Wrong. Distributed systems include, most importantly, the full anonymity of the transacting parties. These are paired with encryption algorithms of the data exchanged by the parties. This allows such organizations to reach their objectives.

Cryptocurrency systems where you can’t see the parties to the transaction or the actual amounts (but with full guarantee of the actual value transfer!) are perfect tools for organizations that value their… privacy. If those parties get caught, the deniability of the transaction is a vitally important feature. (Un)fortunately, that’s what some of the more complex cryptocurrency systems can offer. Those are the problems regulators should definitely research.

Blockchain for different needs

To conclude, various organizations have different needs. Distributed and blockchain technologies are not one-size-fits-all techniques. They can combine and match these technologies in different ways. Prediction markets won’t work for all, and neither will an anonymous crypto system. The goal is to end up with features that suit the needs of a given organization. As we can see, they can sometimes provide an answer to contradicting needs, such as both transparency and deniability.
Just so you know, I’m organizing a workshop on Stellar soon, check it out. Also, if you’re wondering how traceability (or any other feature I wrote about) can work in practice, say, in your company, write to me using the box below.

Categories
Blockchain Finance Financial Services

How to tokenize assets: Real estate ICO

In the crypto space, tokenization is the buzzword of 2018. Here in Crypto Valley, one can run into an entrepreneur tokenizing a real asset nearly on a daily basis. What’s more, many of the projects are already at an advanced stage. Therefore, it’s not unreasonable to expect that by the end of Q4 many startups from Crypto Valley will be issuing tokenized assets such as gold & silver, art, real estate, and agricultural property. Tokenization of an asset, however, is a complex process, mainly because of the tokenomics it involves. Let’s focus on a real estate ICO.

Tokenization – real estate token

The complexity of token economics can be illustrated through the example of a stable real estate token. By ‘stable’ I mean there are no large price fluctuations on the value of the token. This is a common tokenization use case in the blockchain space at the moment, as real estate is generally an illiquid asset. By tokenizing it,  it’s possible to bring liquidity to the markets. So let’s try to build a real estate ICO!

For a real estate token, we would like the value to represent the actual value of the underlying asset. But how can we guarantee this? Just for the sake of example, let’s imagine that we have 100 million worth of real estate as the backing asset. We can also imagine that the ICO is capped at 100 million. Each token represents a proportion of the actual apartment, being a security token.  Let’s enter the time after the ICO has been successfully hard capped and the token listed on an exchange. We need to analyze two different things: when demand is higher than supply, and vice versa.

When demand surpasses supply

As the demand grows larger than the supply, we’ll see a price increase of the real estate token. This would be an ideal situation for a utility token or a security token of a more speculative nature. However, for our purposes that would not be ideal. The value of the token wouldn’t be backed by the real estate anymore and would start to grow. Just like in the many economic bubbles in the past.

The solution for stabilizing the price would be to allow an unlimited supply of tokens to be released to the market so that the real estate token issuers would be able to issue real estate to the markets per demand. Roughly speaking, this would mean that the token issuer would have to offer an unlimited supply of tokens to the markets.

Meeting the increasing demand brings a different problem to the table – how will the newly created tokens be backed. Will there be a pool of real estate larger than what was offered in the real estate ICO, or will the issued funds be held in escrow and used to purchase more real estate? Depending on the model chosen, and on legislation, it may be possible that issuing new tokens will require financial licensing.

When supply surpasses demand

Another problem arises when there’s a bigger supply of the token than there is demand. This would happen, for example, in a situation where a major token holder decides to liquidate their position all at once. Surely, one might argue that market forces wouldn’t lead to the price of the token going below the value of the underlying asset. However, this might not be the case – what if the market actors simply would decide to wait for a lower price and join the dumping party with the expectation to buy even lower?

We can solve this problem in a couple of ways. First, if we use an ERC-20 token, we can have the liquidity mechanism using Bancor. The tradeoff is that it will tie a large amount of the ICO capital to the Bancor smart contract. Another approach would be to directly build market makers into the exchanges that are used to trade with the tokens. However, as the number of exchanges grows, it could mean spreading the liquidity reserve in multiple locations simultaneously.

Exchanging the tokens

Another question comes to mind: where is the business model in all of this? The company could focus on growing the amount of real estate and deriving a cash flow from rental contracts. It could also consider other ways of getting income. For example, it would be possible to charge a transaction fee. Depending on the technicalities, this can be done directly on a smart contract. If a smart contract solution isn’t ideal, it can be directly implemented on a customized blockchain protocol.

This leads to the next question. Would it be ideal to use an ERC-20 token and integrate it into an existing exchange platform, or would it be better to use a customized blockchain protocol? An ERC-20 token is easy to integrate into different exchanges. However, it will have the limitations of Ethereum protocol.

Real estate ICO: What about regulatory compliance?

The final big question is how to deal with KYC/AML compliance. After all, if the token is to represent actual real estate, the investors may have legal rights to dividends and to the real estate itself. Therefore, we need to have a way to vet ICO investors. Also, the ability to invest and transfer the tokens needs to be limited to identified parties. The easiest way to solve the compliance aspects of security tokens is to whitelist the identified real estate ICO investors and use exchanges that only allow identified investors to trade. If you’re considering a dedicated blockchain, these control mechanisms need to be implemented at the protocol level.

I’d be happy to talk to you about tokenization, and your real estate ICO (or any other plans to tokenize something valuable!), if you’re planning one. Write to me using the form below!

Categories
Software Technology

Web Application Testing: Terms of Quality in Web Applications

Web Application Testing: Terms of Quality in Web Applications

The development of modern web applications is a complex process that requires the coordination of many different specialists working to achieve a common goal. One might think that all you need is a developer and some code in order to make a webpage work. And one would be correct to some extent, however, there are other aspects that have to be taken into consideration, such as quality, which is possibly the most important example.

“Quality is not an act, it is a habit” Aristole

 How to define quality in terms of web applications? This is a very wide term covering everything from the basics and particularly the importance of testing: functional checks, usability tests, requirements testing or performance testing to more in-depth subjects like accessibility testing, security tests and fully-automated tests.

To examine the subject further let us have a look at the most common test areas.

Types of Web Application tests

Manual tests are the cornerstone of each successful project, each functionality has to be tested –and often for many devices/browsers – whether it meets the specification requirements, each edge case needs to be tested thoroughly to prevent an end user from exploiting any security threats or causing a web page crash. Many of those manual tests can and should be automated in order to reduce the amount of time required for testing. Test automation is a development branch that requires special tools and frameworks where each test is fundamentally a script, so a skilled automation engineer should also follow all good code practices and standards.

Another area are performance tests which can be divided into several subareas and strategies. A very common approach is to just test the application response times, however, more detailed tests check things like: How does an application respond if there is high traffic? How many users can enter the page simultaneously before it crashes?

Does application performance degrade over time which implies some memory leaks? What is the page load time in Hong Kong in comparison to Atlanta? Thorough performance tests can provide answers to those questions and help find potential problems and bottlenecks.

Security tests are meant to find as many potential security issues as possible. They are conducted in order to locate and fix security vulnerabilities which could result in hacking the site, sensitive data being stolen or crashing the servers. They usually consist of the use of various automated tools that check for the most common threats but may also need some manual tests which require the tester to think as a hacker and predict possible issues.

There are some other testing approaches as well, accessibility testing focuses on adjusting the application so it is usable by people with issues like hearing impairment, color blindness, infirmity and old age or other problems; usability testing focuses on testing how easy and intuitive the page is; and regressions tests which constantly ensure that none of the already existing functionalities breaks and that quality does not deteriorate.

Requirements for successful Quality Assurance

As you can see testing web pages consists of many areas that often require a specialist to be able to prepare and conduct a valuable set of tests. In order to test application security one has to be up to date with current threats, be an expert in the area of system architecture and proficient as a developer as well. In order to provide a successful test automation a skilled developer with test experience and devops knowledge is a must.

Finally the testing requires effort from the whole team in order to be successful. This is very often overlooked and people think that simply adding the testers to the team is enough to improve application quality. However what everyone needs to be aware of is that it also slows down the development process due to the fact that it now incorporates testing.

So every new feature has to be manually tested, all defects need to be documented and fixed, also the automated tests need to be recorded and maintained as well as regularly updated to match the latest changes in order to produce benefits. Any additional testing activities will also usually require new testing environments and will further delay the release date. However, there is a huge advantage of doing these kinds of tests and I will discuss this in the next part of this article.

The Benefits of Testing

So what are the actual benefits of testing and should it be done? Well, let me give you an example. Let’s say that you have ordered a brand new car that you expected to be the best in all areas and you have just received it. At first glance everything looks fine but after one day of using it you notice that the top speed and acceleration is actually much worse than with your old car.

Moreover the door only occasionally locks which makes it very prone to theft. There are also a few issues inside the car, the gear box does not work properly, the radio is broken and in order to use the turn-signal you need to press 2 buttons that are located on the backseat of the car because someone thought that this may have been a good idea despite of what the standard is.

In fact this is not an extreme example, because some web pages look more like a car that could never even start its engine, never mind drive and yet there they stand, proud members of the online community. The benefits of testing affects both the team and the business-side. Testers will increase the team’s confidence before release and test automation constantly ensures the developers that their code changes do not introduce new issues.

Testers also make sure that the new functionalities are consistent with requirements and make it much easier to introduce all kinds of bigger changes in the application (technology stack updates or application changes) due to automated tests. From the business perspective the end-product is of higher quality, the risk of introducing a defect into the production environment is much lower, which is the same as the possibility of weak performance or security issues.
 

Summing up

If you don’t have time to do it right, when will you have time to do it over?

Without proper tests development costs rise over time as many features have to be done again or completely changed due to bad design decisions. Moreover software becomes more bug-prone, the usability suffers and the overall quality deteriorates which in some cases may lead to huge exodus of the application users.

To sum up quality assurance is crucial in web application development and it has been present in the industry almost since its beginning and is growing each year, being present in all informed companies development processes.

See also:

Categories
Blockchain Software

Utility token vs. security token explained

Utility tokens and security tokens represent the two main categories of the ICO token. People easily get confused about their differences and use cases. I’ll go through a quick presentation of their key characteristics and dig deeper into the security token topic. Let’s highlight the benefits to investors and the trading aspect of those tokens.

The difference between a utility token and a security token

Utility tokens provide their holders with an access to the company’s services and/or products. Yet, they aren’t issued in the form of an investment asset. That means that the purchase of a utility token doesn’t have to comply with securities laws at this point.  A utility token has a certain use case inside a project, but it isn’t designed as an investment. It ‘s not a company share. However,  this can still be profitable In fact, the price of a utility tokens can grow over time if the demand for the service or product increases. So, buying a utility token that brings value may bring profit to its holder.

A security token is quite different. It gives its holder a right of ownership and is subject to securities regulations. In the US for example, the SEC has ruled that security tokens are subject to the same federal laws that regulate traditional securities. This brings a limit to the type of investors that can invest in security tokens. Therefore, their trading is also extremely limited and restricted.

The main problems for ICOs using utility tokens:

The rise of ICOs in the last 18 months has brought some major issues in the market. Investors are getting more and more cautious after numerous scams have been widely publicized in the media.

One other major issue has been brought to light when it comes to ICOs using utility tokens. Regulators all over the world (especially the SEC in the United States) are investigating tokens according to their actual usage, as opposed to how they were intended to be used. This is very important because a utility token might actually be considered as a security token. A very high number of ICO tokens are expected to rise in value over time. Therefore, investors are holding on to them as an investment, instead of actually using them within the project. This is where the regulators see a problem, and that’s why they consider those tokens as securities. The SEC chairman, Jay Clayton, even said: “I believe every ICO I’ve seen is a security” . Though, to be fair, he did also say that not all ICOs are scams.

This is why a lot of companies have decided not to let US-based investors invest in their ICO, or look into building a project with security tokens instead of utility tokens.

Why is a security token so appealing?

Issuing security tokens during an ICO is seen by a lot of industry professionals as more efficient and less expensive compared to using utility tokens. It reduces legal risks and brings safety for companies in the long term.  On the other hand, a lot of ICOs still try to avoid using security tokens because as I mentioned earlier in this article, it brings about the restrictions about who can invest and trade the tokens, which limits the potential of fast and wide adoption.

Strong ICOs backed by very solid teams are using security tokens more and more often these days. The reason is simple – they don’t want to risk any issues with the regulator. What’s more, they often don’t have any problems raising funds from accredited investors. Plus they’re able to operate on the US market.

You’ve been warned

As we mentioned earlier, a company issuing utility tokens that are later considered as securities by the regulator could bring huge potential liabilities. So, it’s natural that founders are becoming more and more aware of this.

The bottom line is that if you are a company founder dedicating all your time and resources to building a massive business, you want to be sure that your ICO is compliant with ever-growing regulations. Otherwise, it leads to liabilities. On the same note, if you are an investor in an ICO, you’ll definitely want to invest in a token that brings you maximum protection. A regulated security token is often the best way to achieve this.

I’m not saying that utility tokens are good or bad. Or that security tokens are the best way to go. However, as a company founder or as an ICO investor, you’ll probably need to take the elements I’ve mentioned into account. Those two types of tokens have very different aims. As you could see above, security tokens are designed to represent shares of the company, while utility tokens represent access to the company’s product or service. It should also be noted that sometimes, a security token is the only way to go. For example, a lot of projects promise buy-backs of their tokens which makes them a security to the regulator.

The trading of security tokens is its major disadvantage:

The major issue with a security token is that only accredited investors can invest.
The requirements include the following. Only one of these elements needs to fulfilled):

  • An annual income of over $200,000 as an individual or $300,000 with a spouse.
  • Net assets of more than $1 million excluding the primary residence of the investor.
  • An institution with more than $5 million in assets.
  • An entity fully owned by accredited investors.

Meeting the criteria above is fairly hard for most investors. This is why a lot of companies go for a utility token: to attract the largest number of investors without being limited to their net worth or geographical location. Using a security token enables an organization to provide token holders with benefits like dividends, voting rights as well as profit shares. This is something a lot of investors are looking for. Also, a security token can still have a utility use case. It can be used within the project’s service or product as a native transaction value.

If you’re still not sure how to handle your ICO, write to me using the form below, or see my contact at the bottom of the page. I’m sure I can suggest something.