Blog

  • How to Buy Bitcoin

    As someone who recently purchased Bitcoin and two other crypto currencies using three different methods, I thought I’d share how to buy Bitcoin because I know there’s precious little information out there:

    Coinbase:

    The easiest way I found without leaving your computer is to sign into Coinbase.com and add your bank account. They’ll do 2 small deposits, you need to wait around 2 days for them to show up, then you verify your account by telling them what the deposits were. Once that’s done you can make your first Bitcoin buy using coinbase.

    NOTE that when buying with Coinbase, you only get to make one purchase until it clears which takes around 7 days right now. So buy whatever the maximum bitcoin is that you want to purchase on Coinbase in the next week. The good news is that the bitcoin price will lock in at the time of purchase so even though you’ll only be able to spend your bitcoin after the transaction is approved 7 days later, you still benefit from locking in the price at the time of purchase. For me that meant several hundred dollars in gains because the price was rising steeply when I bought and it continued to rise over the next week.

    The benefit of Coinbase is that you don’t need to leave your computer to do it and you don’t need to meet strangers in a dark alley (see below). The down side is that it takes 7 days before you can spend your bitcoin and you need to give them your bank account details.

    In Person:

    LocalBitcoins.com is a reputable site which is popular with the Reddit community and they have ads for people local to you who are selling Bitcoin. The sites popularity has grown enormously in the last few months and every town world-wide (including South Africa) that I’ve checked has bitcoin for sale.

    LocalBitcoins has a reputation system similar to eBay that lets you find someone who has a good reputation for not scamming folks. I found someone in Denver, Colorado yesterday and within about 30 minutes of contacting them via the site they phoned my cellphone. We arranged to meet in a parking lot outside a well known computer store. The guy was a typical twenty-something computer geek type – really nice guy actually. I was happy to give my first name but he seemed to want to go by his online handle. I handed him a rather large stack of cash and then we spent a few minutes figuring out what the best way was to send the Bitcoin. I ended up using the Bitcoin wallet for Android, he scanned my QR code, sent me the coins at the current localbitcoins.com exchange rate (which was quite good) and within 10 seconds my phone went KACHING and I had my Bitcoin. We said our goodbyes and that was it. Except…..

    PRO TIP: If you’re buying Bitcoin from someone in person, make sure they include a small transaction fee with the Bitcoin when they send you the coins. If they don’t, the coins will show up in your wallet but it may take several days until you can actually spend them. The guy I was buying from had a wallet that added zero transaction fee and I had to wait just under 5 hours until the transaction was finally completed by the network and the coins became spendable. I did a few tests later and added everything from 10 US cents to $9 as a transaction fee and it radically improved the processing time. The $9 transaction fee took 30 minutes to complete and when adding a few cents it takes about an hour. Many wallets don’t give you the option of adding a transaction fee. The Bitcoin-QT client does give you that option and I understand that the “Mycelium wallet” for android lets you modify the transaction fee but I haven’t verified this. The miners who process your transaction get the fee and they prioritize transactions with fees associated with them first.

    The benefits of buying in person are that you get your bitcoin immediately and you usually get a better price that you do if you’re buying at an exchange or a service like Coinbase. The down-side is obviously that you might get mugged or scammed. But with a reputation system like LocalBitcoins and meeting in a crowded place, there are ways to minimize that risk.

    Buying on exchanges:

    After buying bitcoin I wanted to buy some Litecoin and found BTC-e exchange which offers trading in several other Crypto currencies. Note that BTC-e is based in Bulgaria and no one knows who the owner is so it’s highly risky. You’ll notice that all crypto currencies are cheaper on this site and it’s because of the risk premium. So I send them some Bitcoin as a deposit and started trading – bought some Litecoin which has yielded a nice profit along with some Feathercoin which is still extremely cheap and new and has also behaved quite nicely since the purchase.

    I haven’t used Mtgox, but I understand that it only offers Bitcoin trading at this point which seems a little pointless because that doesn’t really make it an exchange – more of a place to buy Bitcoin like Coinbase.

    Conclusion and my recommendation:

    If you’re going to buy Bitcoin in the USA at this point, and if I buy again, I’ll definitely buy in person. It’s very fast, fun and with the reputation management that LocalBitcoins offers it seems fairly safe. If you have patience, Coinbase seems like a good option but in a fast moving market it moves a little too slowly for my liking.

    Happy crypto currency trading!!!

    Update:

    Since I posted this 6 days ago, I’m still trading occasionally on BTC-e, but only alternative crypto currencies. I do all my Bitcoin buying on Coinbase. Today there were claims on Reddit that some folks couldn’t get their money out of BTC-e. Turns out BTC-e’s email servers were down for a while, so anyone who had email verification for withdrawals couldn’t withdraw their money. Sounds like an honest bug that hit BTC-e. I’m still quite happy there although I never leave a positive balance on the system. I’ll deposit, trade and then get out. Also note that they charge 0.1 Litecoins (About $4 today) for a litecoin withdrawal and .001 Bitcoins (About $1.20 today) for a Bitcoin withdrawal. The Litecoin folks are up in arms about this.

    Since I wrote this I’ve made another trade on Coinbase on Dec 1st and am happy, although the delay to get coins is 6 days, even for your second trade. [Rather than the 4 days I wrote in the comments below]

    I’ll also note that since the writing of this article I have been trading more alternative crypto currencies including Litecoin, PrimeCoin and Feathercoin. There is a lot of “pump and dump” activity around these currencies. They’re being treated like penny stocks. A cartel of people will get together, spend a few hours either boosting or insulting a particular currency to try and generate buy or sell activity, take the opposite action, and then send the opposite message. They use forums, live chat, twitter, blogging and so on. Litecoin is getting too large in market capitalization to do this (passed $1 billion compared to Bitcoin’s $13 billion and the third place Peercoin’s $136 million market cap). But smaller crypto currency perception is being manipulated by groups of folks, so beware. I still think it’s fine to trade in these currencies, but wait for a drop to buy and ignore the intra-day noise you see on forums and social media.

     

  • Why security back-doors for governments are a bad idea

    Bruce Schneier has written yet another spectacularly lucid piece on why the the FBI shouldn’t be able to force technology vendors in the USA to add back-doors to their products.

    The current proposal which is probably going to get the backing of the Obama administration, will levy fines of $25,000 per day on technology vendors that don’t add back-doors to their systems to allow government monitoring.

    Schneier argues that history has shown that those back-doors are inevitably used by criminals and foreign governments with ill intent and leave people, the vast majority of whom aren’t criminals, less secure and less free.

     

     

     

  • What Musk and Tesla are up against

    Go now to Tesla.com and listen to Elon Musk’s portion of the shareholder meeting that occurred today from minute 49:00.

    It’s probably the best insight you’ll get into how entrenched the USA is on traditional cars and traditional sales channels. It’ll also explain why you consistently have a crap experience buying cars in the USA and why servicing your car costs so much.

    Musk gets emotional and my sense is that he is emotionally invested in his company and has big dreams that are being blocked effectively by industry incumbents.

    I just became a Tesla fan.

     

  • Personal Cybersecurity 101

    Defense Secretary Chuck Hagel used his first visit to Asia to ask China to stop hacking into and spying on our networks. You don’t need the perspicacity of Nostradamus to see that: Spending on Cybersecurity over the next few years and decades by the defense department will skyrocket and rival every other division of the US DoD. It is also a harbinger of the risks and attacks to come.

    Today cyberattacks are what we use instead of misiles to slow down a country when they’re trying to make nuclear weapons. And that was 3 years ago.

    While governments may be rapidly building armies of cyber warriors, like the US Cyber Command in Maryland, individuals are relatively defenseless and most of us aren’t even aware of the risks of being attacked in cyberspace.

    To illustrate the risk, here’s how I’d target a specific individual:

    • Create a payload designed to infect their OS X or Windows workstation. The infection would log all keystrokes and send them periodically to my anonymous email address. It would also give me remote access on demand to their workstation to peruse and download files. 
    • Leave the infection lying around their home and place of work on USB thumb drives hoping they’ll install it.
    • Mail a thumb drive to them with the Google logo on it on an envelope that appears to come from Google with a nice letter explaining how they won something.
    • If that doesn’t work I’d crack their home WEP or WPA wifi encryption, gain access to their network and run a vulnerability scanner like OpenVAS on their workstation to find holes. Then I’d fire up Metasploit and exploit and access whatever I want to.
    • Gain access to all the target’s online and offline data.
    • I’m looking for as much personal data as I can find, specifically a social security number.
    • If I’m still unable to get access to that, I’d try social engineering. I’d send them a piece of mail with a bank letterhead and logo warning that an account is about to be suspended with an 800 number that is actually my number. Authenticating themselves when calling my number would require they provide their full social security number and other valuable data.

    The point here is that if someone who knows what they’re doing decides to target you, you’re in trouble. You can use stronger encryption on your home network, use strong passwords, install anti-virus and firewall software and so on. But at some point you’re going to slip-up and they’re going to gain access to sensitive data that lets them do a lot of damage in your life.

    Once you’ve taken the obvious precautions, here’s what I suggest to help protect yourself.

    • Sign up with a reputable identity monitoring or credit monitoring service. I particularly like the feature of receiving SMS alerts when a threat is detected.
    • Get a reputable credit card like Visa Signature that reverses fraud transactions no-questions-asked and immediately issues a new card. Use this for online purchases and keep a close eye on your account activity.
    • Only use your debit card to draw cash from trusted ATM machines. Never use it for online transactions.
    • Keep your cash in several savings accounts, monitor them carefully and make sure that all authentication to access those accounts is strong. Two factor authentication where you enter a password and then also have to enter a code sent to your phone is an excellent additional layer of security.
    • Pull your credit history yourself from time to time to monitor it.
    • Dont get social-engineered. If someone calls you up, says they’re from an institution you bank with or trust and starts trying to get information from you, ask them for their full name, position and a callback number. Then don’t call it back. Instead call the main switchboard of the institution and ask for that individual. If they don’t exist, try the callback number, if they answer, hang up and call the cops with the info.
    • Never use the same password across services or websites. If you do, when one website gets hacked, your username/email and password will get out and at some point a hacker will try that combo on all other major online services. You could choose a base password, and then add something to that password that uses some attribute of the website (like the domain name) and runs it through a formula you’ve memorized. For example, you could have a base password of ‘1c00ld01phin’ and take the first four letters of the domain name, rotate the letters by one and add the position of the first letter in the alphabet as digits to the end. So ebay.com would become ‘1c00l101phinfcbz5’. That’s a simplistic formula and you can beef it up by adding letters or digits at the beginning or at a specific position within your base password.
    • If you run a website or a server on the net, make sure all software on the system is up-to-date. Install OpenVAS or Nessus, learn how to use it and run a vulnerability scan on your own system every quarter. You can also find out what your home IP address is using whatsmyip.org and use the same tools to run a scan on your home IP address. You can also run the scan from your home network to any workstation or mobile device like an iPad or iPhone on your network to find out if your own machines have security holes.

    It’s surprisingly easy to hack into someone’s life. I’ve had websites hacked and my family has been hit with identity theft (drivers license stolen from mailbox) and it’s a real pain to dig yourself out. But with a little preparation you can minimize the risk and if it does strike, catch it early and recover quickly.

  • The Chinese Wall that Isn't

    I used to work at a Swiss bank. At investment banks they have a virtual Chinese wall that exists between folks who do deals and the trade floor for obvious reasons.

    At my bank, and this is back in 2000/2001, the people who did the deals and those who traded shared elevators, lunch rooms, pubs and so on. So you can imagine the level of cross pollination.

    The US government, just another organization, has been given the green light to dig through your data if you’re storing that data in the cloud with Google using, for example, Google Drive, Google Docs or GMail. We’re trusting that they’ll keep their perusals limited to national security concerns and not tax enforcement, criminal investigation, foreign intelligence gathering or background checks and won’t leak data to credit rating agencies or anyone else. The old virtual Chinese wall.

    The latest development with Google sets a precedent for other companies and their obligation to hand over data to government employees. That includes Dropbox, Intuit and their web based Quickbooks app, Facebook and so on. The trove of data the government now has access to makes the NSA’s traditional intelligence gathering look positively pedestrian. Oh for the good old days of Echelon.

    As Google’s executive chairman once said, “If you don’t have anything to hide, you have nothing to fear.”.

    This was where I was going to end this post. But lets take this idea a little further. Lets assume underpaid government employees are rifling through our data and habeas corpus is still as optional as extraordinary rendition. If you’re like me and are, at least in your own eyes, basically a good guy or girl, what’s the best thing you can do to prevent being falsely accused of something?

    In a future world where people who have the power to accuse and convict are reading your docs, you can encrypt, encapsulate, misdirect, protest and so on. Or another approach is to provide an overwhelming amount of data on who you are, what you’re up to, what your views are, who you associate with, what you buy and so on. Remove all ambiguity on whether you’re a good or bad person. Essentially open source your life to avoid accusation.

    I’m not sure what the right approach is, but as counterintuitive as it seems, I tend to favor the latter.

  • Finding Cheap Fast Internet in South Africa

    I’ve been in Cape Town for a little over two months now and will be here for a few more weeks. I’ve hunted around for fast Internet and tried a few options. Here’s what I’ve found and maybe it’ll help you.

    I’m specifically interested in international bandwidth to the USA and my benchmarks are based on buying 1.5 to 2 gigabyte movies from the iTunes store and downloading them or transferring big chunks of data from our Seattle data center via SCP [or what you might think of as SFTP].

    • Mweb home ADSL is generally slow for international bandwidth. You’re lucky if you get 200 kbps on the 1 megabit line. This is my absolute-in-case-of-emergency option I’m using at the place I’m staying because it is so slow. 
    • The 10 megabit business ADSL option that Mweb provides is nice and fast and you’ll get 3 to 6 megabits per second international bandwidth but it’s quite expensive. A friend has this at a building where I rent office space in Cape Town city bowl. As a side note: When the Seacom cable went down recently they didn’t slow down at all even though Mweb home subscribers were horribly slow because Mweb prioritizes their business customers much higher than home.
    • Vodacom’s little USB 3G pay as you go modem is very nice and fast at around 3 to 5 megabits international bandwidth, but it’s quite expensive. They charge per gig transferred and it’s something like $20 per gigabyte. I’ve run through my Vodacom little red USB modem and won’t be refilling it because it’s too pricey, although very reliable.
    • Vodacom’s portable hotspot option if you have a pay as you go sim card and a cellphone that supports portable hotspot also performs well and is also expensive for data transfer. This is currently my backup option to my Cell C modem. Whenever I use it, it’s wicked fast but I can see the dollar signs racking up.
    • The real winner in my opinion is Cell C’s 100 Gig USB pay as you go modem. It’s horribly unreliable but I get 6 megabits per second international bandwidth at times. More below:

    Cell C has a package called Giga100 which is R2499 or $270 for 100 gigabytes of transfer which is not limited to off-peak hours. You have to go into a Cell C store and they might not have stock, so call ahead. This option gives you a little white USB modem but you need to know how to use it to get fast speeds. Here’s how:

    • Get a USB extension cable as long as you can get. I use a 5 meter extension. 
    • Put the modem at the end of the extension preferably outside and make sure it isn’t raining.
    • Try to put the modem on a ledge so it’s hanging off with space underneath it for better signal. What also works is hanging it from the top of an umbrella.
    • Another trick that works is putting it into a small metal pot with the lid off. Believe it or not this can boost signal. I think some Russian posted a video proving this a while back on Youtube.
    • Even if your software is telling you you’re getting 5 bars of HSPA signal inside or outside, you’ll still notice a better transfer rate when it’s outside.
    • When connecting, here’s the process: Connect, start transfer, if it’s slow, disconnect and reconnect and start transfer. Repeat until you’re getting a fast transfer speed. Cell C seem to have 3 subnets they allocate IP addresses from. They start with 10.*.*.*, 41.*.*.* and 197.*.*.* and you’ll randomly get assigned an IP address from one of those. Sometimes I’ll connect and an entire subnet will be down. I’ll have no connectivity. So I’ll reconnect and get a different IP address and get wicked fast international transfer. So just keep trying.

    It’s 1:20pm on Wednesday and here’s my current transfer rate downloading a movie from iTunes:

    Screen Shot 2013-04-03 at 12.52.07 PM

    My theory is that Cell C has bought a large international pipe, but their engineers are wildly incompetent and their cellphone network is spotty. The result is that unless you know how to get a kick ass signal and land on a working subnet, you are not going to get a working connection. So the fat pipe that Cell C has is underutilized and those who manage to actually get a working connection enjoy an empty international super-highway.

    To summarize: If money is no object, just buy a Vodacom USB modem and pay an extra $20 to $30 in bandwidth charges for every movie you rent from Apple. If you want a deal and don’t mind hacking the system a little and putting in some effort, get a Cell C modem and pay $2.70 per gigabyte with (when it works) a kick ass connection.

    Disclaimer: If you do get a Cell C modem and it’s awful, don’t blame me.

     

  • A thought experiment on liberty and the survival of our species

    I came up with a thought experiment a few months ago and have been testing it on the smartest people I know.

    This thought experiment relies on you agreeing with three premises:

    1. Our knowledge of the natural universe will continue to increase.

    2. Our ability to share information among each other will continue to increase.

    3. Imagine everyone on the planet has a button in front of them that will destroy planet Earth and everyone on it. You can assume that we haven’t colonized space yet. You agree that a few thousand people will rush to press that button.

    I agree with these three premises. If you don’t, please post why in the comments.

    If you agree with these three points, it would seem we’re heading towards a world where it’s likely that our knowledge of the natural world will increase to a point where we know how to develop something that can kill all humans on planet Earth. It will also become feasible for individuals to implement that knowledge.

    If you agree that information sharing will become very efficient and information will be accessible to all, the knowledge of how to create the destructor-thing that kills all people on Earth will be shared among all very quickly and efficiently.

    We then have a situation where everyone on Earth has a button in front of them that can kill everything. And you’ve agreed a few thousand will rush to press the button – or implement the destructor-thing in this case.

    So it seems our self destruction is inevitable.

    As the conclusion to this thought experiment, I pose a question: How do we solve this problem. Specifically the problem of our inevitable self destruction through our increased knowledge of the natural universe, our ability to share information and the minority’s desire to implement self destruction. 

    Thinking about this yields some interesting opinions from friends and acquaintances. These are various conclusions from different people, so don’t misunderstand and combine them:

    • Secrets are necessary.
    • A Police State is inevitable.
    • Governments will use the fear of destruction among the populace to sieze vast amounts of power.
    • Individuals will sense the inadequacy of the government to protect us from this threat and will police themselves.
    • This knowledge already exists and is kept secret which is why we haven’t seen breakthroughs of the magnitude of E=mc²

    If you run across this article I’d love to hear your thoughts.

     

  • How Leaders Influence your Reality

    During the last several years I’ve had the opportunity to see great leaders in action and the misfortune to see great deceivers at work. Both have one characteristic in common. Many would call it charisma, but I’d like to expand on what I think that “charisma” thing is.

    Pause for a moment. Think about the fact that you’re giving me the opportunity to paint a reality for you. It’s my perception of reality, but by taking it on board and fully understanding the way I see things, you’re giving me the opportunity to mould and shape your reality. If you read this whole blog entry you’re going to have devoted a full 2 to 5 minutes of your conscious thought to my perception of reality. And whether you like it or not you’re going to take some of it on-board.

    Great leaders and great deceivers are given a constant flow of opportunities to project their perception of reality and their vision for a future reality on large numbers of people. They alter the way a large group of people see the the world and the way these people think the world should be.

    Ever wondered why Germany followed Hitler? Those screaming German speeches weren’t gibberish. They were rousing calls to arms with a believable and powerfully delivered rationale behind the call.

    These speeches, or put in different terms, these opportunities Hitler was presented with to impose his perception of reality and his vision for a future on large groups of people, allowed him to influence an entire nation to go to war and eventually carry out some of the most awful atrocities in history.

    So the lesson would appear to be “be careful who you lend your ear to”. But it’s a little more complex and more difficult that simply being careful. When others acknowledge someone as a leader, celebrity, genius, as talented and so on, it has a big influence on us as individuals and our default behavior as Cialdini writes in “Influence”, is to go along with the crowd.

    “You say his a violin virtuoso, well he must be”, “You say this is a ’82 bottle of Latour’, well it must be spectacular”.

    On a side-note, a friend once did an experiment where he sabotaged an already open bottle of excellent wine by decanting it and pouring in a very cheap wine. He watched the wine enthusiasts drink the sabotaged bottle and rave about how clearly excellent the wine is.

    Social proof is a powerful phenomenon and if a group of people or respected organization acknowledge someone, they’ve given them a platform for “reality influence” or to create a “reality distortion field” if you’re a Steve Jobs fan.

    If you’re a leader, I hope you’ve gained a greater understanding of how privileged you are to have the attention of groups of people. If you’re a listener, I hope you’ll learn from history and be careful who you grant access to your vulnerable and valuable attention.

     

  • An unpleasant Herman Miller experience in South Africa

    Update: HM’s Director of Comms was kind enough to post a response here (see below in comments), Elmarie responded in the comments, today the issue was resolved when the owner of the HM distributer in South Africa called Elmarie and apologized for the way things were handled and it sounds like they’ll be working together on getting a few more Aerons for the office. Nice to see a brand that has their ear to the ground and responds to consumer feedback within 24 hours.

    My good friend Elmarie ordered her first Herman Miller Aeron chair for her office. She responded to an ad placed in Gumtree by “All Office” who are the exclusive Herman Miller agents in South Africa.

    She was pretty excited when her Herman Miller Aeron Chair arrived, as were we all, but it turns out the price she was charged was not the advertised R6995 (approx $765.50) but instead she was charged R7974.30 (approx $872.68), over $100 more.

    She called “All Office” slightly irate and was told the price she was quoted was excluding VAT (South African sales tax). For my American friends/family and anyone in a non-VAT country, one of the first principles of the South African VAT act is that you include the tax in the price.

    What really soured this experience was the following: When chatting to a manager at “All Office” Elmarie was told that if she doesn’t want to be a “good citizen” and pay the full price, then he would take the balance out of the salary of the sales person who placed the Gumtree ad.

    So after hearing ads for the Herman Miller Aeron chair by Sit4Less on National Public Radio for the last year in the States – and thinking we’d get a few for our office in the USA, I’ve pretty much done an about-face on the brand and won’t be buying any Aeron’s any time soon.

    PS: I’d like to hear from Herman Miller in Germany about this. Elmarie has emailed them and is waiting to hear back.

  • Shoutout to Bluehost

    Bluehost reached out to me a few weeks ago to say “Hi, and by the way we love Wordfence”. I was doubly stoked because they have been my favorite WordPress host for some time now. To date I still haven’t found a single performance issue or vulnerability on their platform. Their stuff just works!

    So we’ve become friends and today they gave us a very nice mention on their blog.

    We’ve been crazy busy at Wordfence with a ton of new signups and I haven’t had time to set up a blog for www.wordfence.com, so in the mean time I thought I’d post my love for Bluehost here. Wordfence blog coming soon!!

    If you’re looking for a way to secure WordPress, get Wordfence here!