Tag Archives: nerdy

How to really trade a Casascius physical Bitcoin for U.S. dollars

It appears Coinbase paper wallet private keys are in a proprietary format, so my “easy” method won’t work. Here are instructions to really trade your Casascius physical Bitcoin for U.S. dollars.

  1. Obtain the private key. Carefully remove the hologram sticker from the back of the physical coin. A bunch of letters and numbers are printed on the back (example). Those letters and numbers comprise the “private key” for a Bitcoin wallet containing some amount of Bitcoin(s). Whomever possesses this private key may send any fraction (as little as 0.00000001) of the wallet value to another wallet.
  2. Create a wallet on Blockchainhttps://blockchain.info/wallet/new
  3. Import the Bitcoin to Blockchain. In your Blockchain wallet, click “Import / Export”, then paste the mini private key from your Casascius physical Bitcoin under “Import Private Key” and click “Add Private Key”.
  4. Sign up on Coinbase. Use this referral link and I’ll get $5 after you exchange 1 Bitcoin.
  5. Send the Bitcoin to Coinbase. On Coinbase click “Send/Request”, then “Request Money”. Leave the form blank and just copy the address. In your Blockchain wallet click “Send Money” and use the address you just copied.
  6. Sell your Bitcoin for USD. This part is pretty straightforward. Click on Buy/Sell to sell your Bitcoin and transfer the USD to your bank account.

What’s the proper way to treat spam/phishing mail from a friend’s compromised account?

If a friend’s email account is compromised and used to send spam or phishing emails to my gmail address, should I click “Report spam” or “Report phishing” for those emails in the gmail web interface?

I’m thinking I should, but I’m worried it will mess up my friend’s email score/reputation/whatever and make it painful for them later if they recover their compromised account.


Then again, maybe that’s a fair consequence for letting their account get compromised. Unless of course their email provider was compromised, which would mean it wasn’t their fault (unless they chose a notoriously bad email provider).

(side note: when I notice a friend’s email account is compromised, I immediately contact them via some other means–for example: call them–and let them know)

Web Framework Flavor of the Month

I’ve been playing with Meteor a bit lately. It’s a “kitchen sink” system for writing web apps, complete with a database (MongoDB), server-side (Node.js), and client-side stuff. It’s all JavaScript.

It’s pretty fun for little experiments. I can imagine certain kinds of websites it would be good for (web-based chat, HTML5 games, collaborative editors, and one-webpage apps — same stuff I think vanilla Node.js excels at) and some it would not (mobile, CRUD with an RDBMS). I’m wondering if it would/should work well with larger web apps.

I’m afraid of JavaScript, but I think it’s finally time for me to overcome that fear. What better way to do so than to use JavaScript everywhere (database, server, client, APIs)?!

Meteor isn’t the only game around, it’s just the one I’ve looked at.

You are NOT a Software Engineer!

I enjoyed You are NOT a Software Engineer! by Chris Aitchison. It’s a fun analogy. Writing software certainly does feel more like something roughly planned and growing organically or evolving rather than something perfectly specified and executed. And I think this is OK.

Another thing we coders often forget: we are also authors. We write code for humans (others and our future selves) to read. I want you to be stoked when you read what I write! And coding is writing.

Avoid trivial merges with github pull requests

I like a clean, boring git history. I prefer this:

* 6ca186e Someone set us up the commit
* f55bcf8 Initial commit

to this:

*   494c94e Merge pull request #1 from kormoc/pr_test
| * 6ca186e Someone set us up the commit
* f55bcf8 Initial commit

The latter includes 494c94e, a technically unnecessary commit. I call it a trivial merge, other folks call it a merge bubble.

By default, github will preserve trivial merges when you use the “Merge pull request” button.

If you don’t want these trivial commits in your history, you have to pull (fetch/merge) locally. When someone creates a pull request for you, github sends you a handy email with a command you can cut and paste to perform the merge locally.

You can merge this Pull Request by running

git pull https://github.com/kormoc/pulltest pr_test

Or view, comment on, or merge it at:


Recall that git pull does an implicit merge. If you merge locally and there are no conflicts, the trivial merge will be omitted.

You may miss the trivial commits because they include a reference to the pull request on github. I won’t. I might ask the patch submitter to refer to the pull request by name/link in their commit log message.

If you want to prevent anyone from pushing trivial merges, more work is required.

Update 2013-06-25

I now prefer what GitHub’s merge button does, namely: preserving the merge history for pull requests.

Science Fiction

I like Science Fiction because it scares me. It opens my mind to new ideas.

And sometimes the fiction becomes reality.

Just the other day I finished Robopocalypse (a great read!). Today I thumb through my news feed and hear that California just joined a couple other states in legalizing self-driving cars and Toyota continues to make progress with domestic helper robots.

I don’t see the singularity coming any time soon, but it’s easy to see our tools evolving rapidly. Our responsibility towards each other must grow commensurate with the evolution of our tools.

Amped is great so far, too. I just happened to watch The Hunted lately, which also explores the theme of technology-enhanced individuals being rejected by mainstream society. Like Dr. Steve Mann’s beating in France. Discrimination is certainly old news; I believe we love the familiar, and it follows the unfamiliar generally is harder to accept. But this challenge is exactly what makes the unfamiliar awesome.

3 Reasons Why You Should Never Use Enlocked

Enlocked advertises easy, secure email. Sounds good to me! My current solution (Thunderbird+Enigmail) works, barely, but it is a big pain in the tukhus. I’d go for something better. Heck, I’d pay for it. And Enlocked is free!

I gave their Chrome plugin a try. Installation was a breeze and it worked exactly as advertised. It integrates almost seamlessly into GMail (when replying, quoted text is still encrypted, but they’ll probably fix that soon). It really was friendly enough for anyone! But I’m not dusting off the old blog just to tell you that. No ma’am.

Unicorn and Cow (and sentry)

1. They encrypt and decrypt using their own key.

If you’ve ever spent the not-insignificant time to learn and use PGP yourself, you’ll know that one point of going through all the trouble is complete, end-to-end encryption. You don’t have to trust your email handlers. Any of them. And there can be many! So, uh, you just never give your private key to anyone, ok? Everyone gets their own keys (there are plenty for everyone, and they’re free!). That’s the way PGP works.

I should say that I’m not positive Enlocked uses their own key. It could just be a key they generate using some secret they securely get through you via OpenID or something fancy like that (even so, they’re free to brute force your secret day and night since they have the key). But without knowing for sure, you might as well assume it’s their key and they can decrypt your messages anytime they darn well please. Or if someone forces them to decrypt messages (like a government, or someone with lots of power or money), same result.

2. They encrypt and decrypt on their servers.

From their How it Works page:

The systems at Enlocked only have access to your messages for the short time we are encrypting or decrypting them, and then our software instantly removes any copies.

This is really more of the first reason (no end-to-end encryption), but it’s just another place where their inevitable security breach could occur.

3. Their software is closed-source.

If you know me you know I’m a Free² Software zealot, so you expect this kind of propaganda from me. But transparency is really important where the actual encryption and decryption takes place. They must at least make their client-side code available for review.

Sorry Enlocked, nobody serious about security will adopt your software until you address these issues.

Disclaimer: I’m no security expert. But Bruce Schneier is. If you really want to get schooled on security, read anything he’s written. For instance: Secrets and Lies: Digital Security in a Networked World.

Auto-update bind 9 zone database serial numbers

This post is helpful for configuring emacs to automatically update the “Serial” in bind zone databases. I wanted to do the same in Vim, but the solutions in the comments of that post didn’t work for me. Here’s a version that does. It’s yours for free under the Affero GPL v3 (or any later version, at your preference):

function s:BindZoneSettings()
    function s:UpdateBindZoneSerial(date, num)
        if (strftime("%Y%m%d") == a:date)
            return a:date . a:num+1
        return strftime("%Y%m%d") . '01'
    function s:ReplaceBindZoneSerialLine()
        :%s/\(2[0-9]\{7}\)\([0-9]\{2}\)\(\s*;\s*Serial\)/\=UpdateBindZoneSerial(submatch(1), submatch(2)) . submatch(3)/g
    autocmd BufWritePre /etc/bind/db.* call ReplaceBindZoneSerialLine()