Even if you aren’t doing anything wrong then you still have much to hide.

You and I are not doing anything wrong, but we have many things to hide from the bad guys. The world is unfortunately full of people who can and do use information about us to hurt us because they disagree with us, because they want something we have, because they think we are their enemy, because they want power over us or because no reason at all (e.g. “for the lulz”). What can you do to keep yourself safe?

Case Studies.

For example, in 2014 many people who supported the cause of fixing sexism in video game culture were targeted by armies of misogynistic trolls who disagreed with them. Many people who simply expressed their belief that sexism has no place in gaming found themselves harassed online, had their emails hacked, had their personal documents leaked, had their addresses revealed, and had phony police complaints filed anonymously to their houses. This is what it looks like to have your privacy violated, and this is just the beginning of a bigger trend. The victims here didn’t do anything wrong when they stood up for their beliefs but as it turns out they had very much to hide.

Another example, in 2014 the number of personal records which were leaked had sky-rocketed up by 60%. Companies which had computer security in place, such as SONY, Chase Bank, Target, Home Depot, and several hospitals, all had their data stolen. What does this look like? 7 million dropbox accounts were hacked and people’s private photos, documents, videos, and more were accessible to everybody. Hundreds of thousands of SONY employees had their embarrassing emails leaked, and found their private, confidential communications to be on the front page of tabloids everywhere. These people weren’t doing anything wrong, but they too found out that they have much to hide.

Data brokers are buying and selling our data at an increasing rate. Currently this information is “anonymous” in the sense that it doesn’t have your name on it. Today it’s being used to serve you ads that are very custom fitted to your psychology, and to find your mental weaknesses where you can’t resist buying something. The advertising technology being developed right now is exponentially more insidious. It will be everywhere, it will follow you around on screens throughout the world, it will gamify your life to reward you for being a good consumer and will punish you (by denying you services) if you don’t respond well to ads. You’re not doing anything wrong, but you already try to hide your phone number from telemarketers, and you should start hiding everything else from whatever the telemarketers of the future will look like.

Governments are increasingly monitoring their own citizens, often without a specific warrant that establishes probable cause. History is replete with people hiding from governments because they are Jewish, socialist, have the wrong friends, voted for the wrong party, or attended the wrong protest. We learn history so that we can learn from the past: therefor we know that in the future people who have done nothing wrong will have cause to hide things from governments because this is how it has always been in history. Also, to turn the question around, if you didn’t do anything wrong then why are you being searched digitally?

What can we do about it?

After nude photos of celebrities were leaked people said “well, they shouldn’t be taking nude photos” as if it’s somehow a wrong way to express ones self intimately. After people’s emails were leaked for tabloids to read people said “well they shouldn’t have said that” as if censoring yourself in private communications is a healthy way to live your life. After gamergate people said “well they shouldn’t have said so publicly” as if standing up against injustice is somehow the wrong thing to do. It’s been said “well nobody should be using facebook” or “just keep your political opinions to yourself, don’t criticize the government, and then it doesn’t matter if the government reads your emails” etc. etc. Clearly these are wrongheaded and misguided answers.

Every human being gets naked sometimes, has intimate secrets which they share with their loved ones, has said something in private that they later realize is wrong and that they do not want to be in a permanent record about them, and every human being has a desire to speak up for justice. If the answer were “stop doing these things” then such an answer means “stop being human”. If you are human, you have things to hide. Period. So the answer is not to stop being human, but the answer is to better protect your privacy.

What you can and should do is to take a few hours to learn about how to protect your privacy in this new digital world. There is a fantastic technology called OTR which keeps your online chats confidential. Another great time-tested technology called PGP protects your emails from prying eyes. A brand new technology called ZRTP will keep your phone calls from being listened to. These technologies are increasingly being integrated into many solutions. For example 25 chat clients currently support OTR, so you can use them for Facebook chat, or google chat. The number of PGP-supporting email tools is through the roof so you can protect your emails from hackers, leakers, data brokers, and spies, in any number of ways. ZRTP is pretty new so only a handful of companies and apps provide such solutions.

You’re not doing anything wrong, but you have plenty to hide from the bad guys. You should take some time to try an OTR chat, a PGP email, and a ZRTP phone call. You may not have needed these before, but the world is changing rapidly, and you need to adapt. Protect your privacy, and thus your humanity, today.

Understanding Gluten Sensitivity.

Living in the bay area is an interesting culinary experience. I have guests over for dinner very often, and we always have to ask for dietary restrictions. It seems like everybody here is either Vegan, Gluten-Free, Lactose-Free, or on some diet (raw, atkins, etc). Many restaurants cater to these, which I love because it makes it easy to healthy. I do however like to step back and question these things sometimes.

After a batch of recent studies came out disputing the existence of Gluten Intolerance it became fashionable to make fun of people who are allergic to bread. There was Jimmy Kimmel skit where he made fun of people who didn’t even know what gluten was but who were claiming to be on a gluten-free diet.

Gluten is a protein that makes up the glue-like substance that makes bread stick together. If you’ve ever eaten the crisp and fragile bread that’s made gluten free you’ll know that it’s pretty useful. Some people however cannot eat gluten at all because an autoimmune disease causes white blood cells to attack the villi in their intestines making it difficult to absorb carbohydrates in general and gluten in particular is a problem in this situation. This is called Coeliacs disease, and it’s neither funny nor controversial at all.

Some early scientific studies appeared to show that some people who had discomfort after eating bread felt better on a diet without gluten. But recently this analysis has been put into doubt. I decided to read into it and it turns out that the latest scientific theory is that the culprit is not gluten at all, but rather fermentable oligo-, di-, mono saccharides and Polyls (FODMAP). These are carbohydrates that your small intestine can’t digest, and which when they pass to your large intestines start to ferment. As you can imagine anything fermenting in your large intestine will cause flatulence, bloating, gas, and discomfort. Everyone is affected by these things, but some more than others. It just so happens that a gluten free diet also has low levels of these FODMAP’s. So while the latest science appears to tell us that “gluten sensitivity” is bunk, it is true that gluten-free diets do accidentally provide help to people who are more sensitive to the discomfort from FODMAP’s than others. I suspect that as this becomes better understood there will be a better diet which focuses on limiting FODMAP’s, and not on Gluten.

So, how do we deal with that friend who insists that gluten intollerance is a real thing? I think many people go about doing this the wrong way. First of all, there exists a mental disorder called “Gluten Sensitive Ideopathic Neuropathy” in which people make themselves feel sick when eating gluten. It’s like a psychosomatic response once they find out they ate bread. So if the person you are saying this to is mentally ill in this way, don’t make it worse, just hand it off to a professional. Second, they could actually have Celiacs, but that’s unlikely. Finally, saying “gluten intolerance isn’t real” won’t help anybody, because people do legitimately feel better when they go on a gluten free diet, so they’ll think you’re full of shit. Simply explain that researches had made a mistake, and that correlation didn’t imply causation, and that lowering the amount of bread and gluten products they eat will make them feel better because those foods have lower levels of Fermentable Oligo- Mono- Di- Saccharides and Polyls, which it turns are the real culprit.

VPN in Ubuntu with PIA (Private Internet Access)

I had a scare when I logged into Facebook on a cafe wifi in Berkeley last week. Then I learned that if you use Linux, you should not buy your VPN from PIA. Keep reading.

Almost immediately after signing in to the cafe wifi I get a text message from Facebook about a failed login. The kind of message I get when I fail logging in to the second factor. So I check the security logs on Facebook’s settings page, and sure enough somebody on a Windows 7 computer had been trying to access my account. I live in Silicon Valley and nobody I know runs windows (yes, the stereotype is true) so it was suspect. Somebody was snooping the cafe wifi and was trying to hack into my accounts! If I didn’t have 2FA enabled then my email and my FB and other accounts would probably be compromised right now.

So when I got home bought a VPN account so that my internet connection will be secure and encrypted in the future. A friend of mine has a PIA account and recommended it. It was black Friday so I go to bitcoinblackfriday.com and find a 50% off deal and sign up anonymously using bitcoin. The purchase went fine, running their install script appeared to go fine, but every time I tried to connect it would time out. I disabled my firewall, still no connection. I searched their documentation and found a .zip file with .ovpn files. I ran those from commandline and they had TLS connection errors. Time to email tech support.

Tech support responded with an automated email suggesting that I try restarting the network manager and changing the port numbers. I spent a long time trying all the numbers suggested and none of them worked. I emailed back with my results, as well as some pretty detailed logs from my attempts on commandline. I got bumped to tier II support which gave me a new .zip file to download with new .ovpn files, and they tell me that they only support a comically ancient versions of Ubuntu. I’m not on the latest cutting edge version, I’m on the enterprise-support version: 14.04TLS. Anyway, these new configurations worked. So I deleted the previous setup from network manager and manually imported the new .ovpn files into network manager. Now, after a few hours, my new PIA VPN is up and running. When my subscription runs out I am going to chose a different VPN provider based on whether they are not incompetent on Ubuntu.

So, if you are an Ubuntu user struggling to get PIA working here is what you do: download https://www.privateinternetaccess.com/openvpn/openvpn-ip-tcp.zip and extract it into a folder you won’t delete, then manually import the .ovpn files for the VPN locations you want to use. Then manually import them into network manager by clicking “configure connection” then clicking “add” and choosing “import from config file”. Select the file you want, enter your username and password. Now you too can connect to the VPN.

If you are from P.I.A. and you’re reading this. Please, for the love of cute kittens, do not tell people that you only support Ubuntu 10.10 and 12.04  because 10.10 isn’t even supported anymore. You wouldn’t tell people you only support Windows XP. It’s easy to just update your documentation to have people import the .ovpn files with TCP that actually work. Also, please know that I would recommend anybody with Linux to stay away from your service.

Surface tension

Have you ever scoured Facebook for more posts, more information, more pics, but still felt less fulfilled, less satisfied? Have you seen all the posts there are to see on Google+ and craved for more? How about reading all the headlines (not necessarily articles) on a news site but then yearning for more news to happen?

My theory, is this happens because we are craving depth.

Think back to 2005. Facebook was just becoming a thing, and as with all new things people felt the need to criticize it. Think back to thanksgiving 2005 when you had to explain social media to an older family member. The conversation probably went like this:

Your grampa in 2005:
“This social media is going to make us all antisocial. Nobody talks to anybody anymore, they just post pictures of what they had for dinner. They’re not real friends because real friends are the ones you talk to on the phone for hours and write letters to.”
You in 2005:
“No grampa, social media is a more efficient way of keeping your friends updated. It’s not replacing other forms of talking to people, but it’s supplementing them. People criticized the phone when it first came out that it would stop people from meeting face to face, but look we’re still talking face to face over dinner, aren’t we?”
etc. etc.

Every one of us at some point had to explain social media to somebody who just didn’t get it. Today, the realizations that were so avante gaurde in 2005 are well understood by the general public. Social media is accepted as a way of broadcasting yourself, which combined with direct communications makes us more social, better connected, staying in touch longer, and keeps us more socially conscious. Whereas those who did not adopt social media are left out of events, have trouble keeping track of long-lost friends, and are often seen as so disconnected from rapidly shifting social mores so as to seem bigoted.

BUT…

But yet there is a subtle point that our curmudgeonly non-adopter did get right. Real friends are those with whom you can have in-depth and meaningful discussion. Social media is made to show a surface, but not to provide depth. Social media broadcasts a highlight reel but it doesn’t provide meaning (nor often authenticity).

AND…

And to make matters worse, it has actually diminished our use of other forms of communication. We basically never write letters anymore. We rarely write emails. Some people are still into chat, most are not. We didn’t simply add another communication tool onto our toolbelt. Social media is a communication tool so big, so addictive and time consuming, that we had to make room for it but putting down other communication tools.

Which brings us back to why we are searching for more updates on facebook, and why we’re so unhappily addicted to the surface-level updates from “friends” whom we met once or twice at a frat party years ago. Previous forms of communication did not have teams working on “stickyness” or reasons for you to keep coming back. They did not employ psychology to turn their communication methods into something addictive. Literally addictive. They didn’t have billions of dollars of VC capital to make their communication method pervasive into every aspect of daily life, or have it interact with every element of your daily life. Social media had all of these things and we are now presented with the end result: Internet addiction.

We live stressful lives, so the kind of mindless browsing that social media gives us is more appealing to our brains that it would otherwise. Ironically, the psychology of happiness tells us that having long and deep conversations with a few trusted friends is much more conducive to happiness than lots of small conversations with strangers.

After a long day at the office where we probably wrote some 50 emails, the last thing we want to do is write a long email to a friend. But that’s exactly what we should do if we want to be happy. Email is a long-form kind of communication which you cannot get from chat, or from replies on facebook. In fact, you’re likely to feel guilty for email-length posts on social media. After talking to our clients and our remote development teams on the phone we may not feel inclined to call up our old friend from elementary school. But that’s exactly what we should do if we want to be happy. An hour on the phone with a friend about a topic will help us think through a matter and give us a really satisfying feeling of having talked to a human that we trust. Having shared things with them makes us happy.

Social media is a great form of broadcast communication that everybody should participate in, but it’s just not good for these kinds of deeply fulfilling things. You’re actively prevented from getting into too much depth in social media. The form factor just isn’t conducive to it. The form fields are too small. Long posts are ignored and short ones upvoted. The character limit may even be only 140 characters. Too much is happening at anybody to slow down for something bigger. So if we try to go deeper (as our brains want to do) then we meet this resistance. In science when an object attempts to penetrate something fluid and there is pressure pushing back this is called “surface tension”. I’d like to coin the phrase for this property of social media which prevents depth: “surface tension”.

It’s a fitting name, because social media surface tension also causes actual tension. We feel stressed out by the lack of depth when communicating with our friends. It’s hard to say this is our fault for not using older, more long-form methods of communication, because as we discussed earlier social media is designed to be addictive so that we use it more and use other communication less.

Having discovered and named “surface tension”, I’ve made a resolution to practice more in depth communications with my friends. I’m not going to give up social media or delete my facebook or G+ accounts, that would be stupid. I am however going to consciously keep it proportional to my overall communications (or at least try). The end result I am looking for here is increased happiness. I’ll let you know how that goes.

D3-tip was borked in require.js, “undefined is not a function”. GGRR

Dependency management is pretty critical in development. If you write javascript you should be using requirejs or something similar. If you want to make pretty charts using D3 and give them tooltips using the d3-tip library then you may experience some pain. The current AMD code for D3-tip may not work for you. d3.tip() may give you an error “undefined is not a function”.

There was a fix submitted for this long ago by alanhamlett but for some reason it was not merged. This ticked me off just enough to re-submit the patch, and to offer my fork with the patch as a service to others. Please view the pull request here: https://github.com/Caged/d3-tip/pull/81

To use the fix in bower, please replace d3-tip in bower.json with this:
“d3-tip”: “https://github.com/hendrixski/d3-tip.git#0.6.5_bower_fix”

You can run bower install https://github.com/hendrixski/d3-tip.git#0.6.5_bower_fix –save   to have this added to your bower.json for you.

If you don’t use bower, then please consider using it. You can git pull the code directly from the above-mentioned repo as well.

You probably already have this included in require.js, but just to  show you how I did it, add the following to paths and shim:
paths:{ “d3-tip”: “../bower_components/d3-tip/index”}
shim: { d3-tip: [“d3”]}

Cyber Crime is on the rise. What are you doing to protect yourself?

In these last few months celebrities had their private (and nude) photos hacked and leaked online. Regular people (like you and me) had their credit cards, addresses, social security numbers, etc, sold in online black markets after hackers stole terabytes of data from hospitals, banks, large store chains, small mom & even pop shops. I bet that your entire identity is probably on sale *right*now* on Silk Road 2.0 for pennies.

Last year there was a lot of focus on governments and social networks invading your privacy. But that’s not really scary to most people (except journalists, activists, gamblers, and tax evaders). This year however, there is a lot of focus on everyday criminals invading your privacy and how much it costs you in both time and money. Such concerns apply to EVERYBODY, not just paranoid libertarians.

So here is what I do to protect myself online.

  • I change my passwords for *everything* regularly. As well as my credit card numbers.
  • I avoid putting my credit card number and personal information for online purchases. Instead I’ve started using digital cash (e.g. “bitcoins”) when I buy things online. This is also good because no criminals can intercept my information over wireless (actually a very common problem in cafe’s).
  • I check my monthly statements from my credit union regularly to check for bogus charges.

I have the following plugins on my browser:

  •  HTTPS-Everywhere (which forces a secure connection if the option exists), Adblock (blocks ads, many of which track your online activities). I do not store a single password in the browser itself because that is unsafe.
  • Flashblock (which blocks flash unless you allow it, because much malicious software is actually Flash),
  • and LastPass (which allows me to keep a separate and complex passwords for every website, easily).
  • I use DuckDuckGo instead of Google for web searches.
  • I surf and buy in Private Browsing Mode so as limit how many cookies follow me around online. But honestly, this doesn’t do a whole lot for security.

Sometimes, I use TOR for browsing. But honestly, I don’t need to. I should just get a VPN for like $30/year. Some people however do legitimately need to use TOR (mostly in authoritarian countries), and the more people use the network the better it works, so perhaps it’s worth the occasional use.

Additionally I have a very long and complex password for my computer. I’m making encrypted backups of all my files. I’m encrypting my harddrive this weekend. I also want to get in the habit of encrypting emails. Nothing nefarious, but if my email is ever hacked then I don’t want someone rummaging through it to find private details, or any financial information that I share with friends and family.

On my phone I have a strong password, I’m setting up TextSecure and RedPhone to encrypt my text messages and phone calls with friends and family. It is *very* easy for anybody to listen to a cell phone call. So if you ever talk about finances with friends and family over the phone, then you would be a fool not to encrypt your call so that some punk down the street doesn’t hear it on a scanner and then go online to basically rob you.

So… this is a few hours of work to set up and learn, but once it’s in place then it maintains itself. Cyber crime is on the rise, so this stuff will become more and more important. If you are interested in setting up any of these tools then give me a buzz and I’d like to help. Also, if you want to encrypt your email as well then let me know and we can sign each others public keys. I hope this was helpful to somebody.

Bitcoin’s benefits to consumers.

It is a widely held belief that bitcoin benefits the merchant but that consumers don’t get any benefits from using bitcoin. This if false. My hope here is to create an article that can be pasted in response to posts/tweets/blogs/questions that perpetuate the misconception about bitcoins advantages for consumers.

First of all, there are obvious benefits to entice merchants to accept bitcoin:

  • No chargeback risk
  • No credit card fees
  • Instant payment
  • Reach international customers easily
  • Micropayments
  • etc.

I won’t explain these benefits because they are analogous to the benefits of cash, plus the benefits of the internet. Combined. It’s a “no-brainer” that merchants want these benefits.

There are also many great benefits to consumers for buying with bitcoin. I’ll list some and then explain them in order.

  • Discounts
  • No surcharges or merchant fees
  • Privacy
  • Lower risk of identity theft
  • Splitting the bill
  • International
  • Easy to use

Did you know that you can get discounts for paying with Cash? This applies to digital cash as well. Next time you’re at a gas station ask about a discount for paying with cash. Ask a taxi driver persistently and they’ll give you a discount for cash as well. 3% or 4% is not uncommon because merchants will gladly pass along the savings to their customers. Here’s a benefit: Many online merchants will give you discounts and credits for shopping with bitcoin.

Have you ever calculated your tip at a restaurant so that it ends with .00 cents? Then when you checked your credit card statement it was magically no longer ended in zeros? That restaurant added a charge to your payment after the fact! This is called a surcharge, or a merchant fee, and it is 100% legal in 40 US states (and is contractually OK as long as a merchant applies it to all their customers equally). Local merchants in 4 out of 5 states can (and frequently do) charge you the consumer extra for using a credit card. Here’s a benefit: You will not get surcharged when paying with bitcoin.

A father once called Target, and yelled at their representatives, because Target had sent his young daughter advertisements for pregnancy and motherhood products. What kind of sick individuals would send that to a young girl. He later called Target again to apologize because he found out that his daughter was in fact pregnant. Turns out that Target knew his daughter was pregnant before her dad did because her online buying patterns were found to match those of other pregnant women. Now, that’s just creepy! Here’s a benefit: if you shop with bitcoin, semi-anonymously, then some computer algorithm will not be able to data-mine disturbing personal details about your life.

If you shopped at Home Depot, Jimmy John’s, Target, or certain hospitals, in early 2014 then you should check your credit card for bogus charges. These companies had massive data breaches resulting in millions of credit card details being leaked. Now their customers’ payment details are for sale online. But, if you pay with bitcoin then your information cannot be used by anybody else. No mystery charges on your monthly statement. Granted, bitcoin can be stolen just like cash can be stolen from your pocket, but bitcoin cannot be used in identity theft after a data breach at a merchant. Here’s a benefit: Shop with bitcoin and don’t worry about identity theft.

Venmo is a popular way to split bills when a large group goes out to a restaurant. One person pays the bill then everybody clicks send in venmo. It’s free for the guy/gal who is being paid back to receive the money. But if you are paying your friend back, venmo charges 3%. If your venmo account is connected to a credit card then the credit card takes 3% plus $0.20. So if you owe your friend $13 then you’re paying a full $1 for the convenience to send money to their facebook account on your phone using Venmo + a credit card. The same convenience exists with bitcoin but you pay 0% for it. You can send bitcoin to your friends social media account using onename.io, or by tapping your phone against their phone, or by scanning a barcode, or any number of fun and easy ways. And it doesn’t cost a dime. Here’s a benefit: split the bill, pay your friends back, and don’t overpay.

SWIFT sucks! It’s a network of banks that facilitate sending money across borders. Each bank in the network can charge a fee for sending and receiving, $40 for each is not uncommon. The only fees that you know about are the fee charged by the bank sending it and the fee charged by the bank receiving it, and the multiple-percentage spread on their currency conversion. Every other middlemans charges are a mystery that you won’t know the charge until the order is done. There are exceptions, like Citi global transfer, but generally sending money abroad is a very very expensive endeavor. AND IT TAKES SEVERAL DAYS! And you can’t send on weekends! This makes it very difficult for consumers to buy things internationally. For example, gambling sites will often not accept credit cards and thus you have to transfer money into their bank accounts. Who pays those fees? You the consumer of course. Here’s a benefit: No mystery fees because Bitcoin is free to send oversees, and often the spread to convert it to a local currency is 1% or less.

The final benefit is ease of use. Coinbase has a new feature for online purchase. Simply select bitcoin in the shopping cart and their popup asks which bitcoin wallet you want to pay with. Click OK and you’re done. You don’t have to enter credit card details (and lengthy personal information) into yet another website. No, here’s a benefit: buying with bitcoin can be faster and easier than paying with a credit card.

So to recap, some benefits to consumers include:

  • Discounts (when merchants pass the savings on to the customer)
  • No surcharges or merchant fees (even in the 40 US states where credit card surcharges are legal)
  • Privacy (No creepy algorithms analyze your life)
  • Lower risk of identity theft (nobody steals your details from a place where you bought something once).
  • Splitting the bill (faster, more fun, easier, and costs less)
  • International (No SWIFT fees)
  • Easy to use ( Can be easier and more hassle free than some common alternatives)

I’m sure there are more benefits to consumers buying with bitcoin. But these are the ones that came to mind immediately. I hope you have found this informative, and I look forward to you sharing it in situations where somebody asks whether there are benefits to consumers buying with bitcoin.