Thursday, August 22, 2013

Bitcoin exchanges: "Flying Under the Regulators Radar"

Regulators searching for Bitcoin exchanges
I think some of the most exciting advances in BTC Trading Technology and Exchanges are doing their best to remain "under the radar" due to intense fears about their "legal status" as money-service's businesses, etc. 

Read an interesting piece today about the 'rent vs. own' aspect of becoming a MSB and how CoinX (July's winner of best start-up pitch at Light Squared Ventures Bitcoin Night, which I attended) is obtaining their own MSB license in every-state they want to operate, instead of going the 'rent' route. 


http://www.paymentssource.com/news/in-money-transmitter-licensing-is-it-better-to-own-or-to-rent-3015198-1.html 

So that explains why they're so quiet...don't splash the pool well your trying to swim across. At the same time are they sacrificing 'first mover advantage'? 

Some foreign exchanges like HK based Bitfinex (full disclosure: I'm a user there) - have gained volume and the financial strength to push forward with licensing in the US. The unanswered question is: are they doomed to go the MtGox route and have accounts shuttered at the slightest sign of indiscretion

At the same time, those chasing 'First to Market' with professional market features like NYC based Coinsetter are in private-beta, and paper-trading mode, presumably why they wait to clear regulatory hurdles. 


There's also Atlanta, based CampBX, whose live market is begging to show signs of life inspite of a rather uncertain regulatory environment, they maybe the most active real-money BTC exchange in the US...

Others maybe just going for it, like Australian(?) based BTCSX 

http://www.zdnet.com/startup-opens-bitcoin-only-margin-trading-platform-7000019715/ 



So I want to propose a question: Are all Bitcoin Related Businesses the same?

The recent New York State financial regulation probe not withstanding. Should regulators consider separating "Exchanges" into a separate category than "Broker/Dealers" or "Payment transmitters" based on the types of financial services they offer? 

Early exchanges (MtGox for example) offer payment processing APIs and other features that more closely resemble a blended service like a traditional banking institution, but we've seen the last days of the "Non-banking Entity" fade on Wall St. and if history is any mean, I think Bitcoin's history is like the 200 years of western banking compressed into a few short years! 

It certainly still seems like the Bitcoin Exchange Game is one of a 'baby deer' lost in the regulators 'woods', and for those hard-core Bitcoiners' it's easy to forget: Bitcoin itself maybe pretty resilient, but, as one of the speakers at Bitcoin 2013 pointed out, it could be regulated until it becomes inconsequential.  

Mentioned Exchanges: CoinX (www.coinx.com), Bitfinex (www.bitfinex.com), Coinsetter (www.coinsetter.com), MtGox (www.mtgox.com), BTC.sx (www.btc.sx) and CampBX (www.campbx.com)

Sunday, August 18, 2013

Technology VS. Religious Zealotry


pig on hackernews posted: We need an NRA for privacy. And it got a lot of play. That's good. As the majority of techie's are left-coast liberals whom regard the NRA as a manifestation of everything that's wrong with the world: "the NRA is a bunch of violent, ignorant, bigoted, religious zealots". 

The underlying subtext of what pig's question was: "How could a bunch of ignorant bigots control such a powerful lobby capable of shaping the destiny of America's collective will in the 21st Century", and how could such an important concept: "digital privacy", have so few people lobbying, shouting, and voting this contempt of the laws as they exist today?

I propose: the idea of "independent progressive thought" that rejects "group think" - "religion" - "blind faith in ideals", and embracing "independence", "revolutionary ideas", that has so long guided the tech-minded, maybe they're rejection of religious zealotry will be their own undoing.

The NRA is powerful not because it's ideas or members are so intelligent, or well thought out, or devoid of glaring hypocrisy: they're powerful because religious zealotry is powerful...blind adherence to a set of ideas of principles in-spite of ALL logic, is more powerful than any degree of independent thought will ever be.

Don't believe me. Tell that to the Monks whom set themselves on fire to protest the Roman Catholic Church, the Indian Religious Shaman whom starve themselves and live a life of adjunct poverty in the streets rank with disease, the holy warriors of the Mujahideen, or the Zen Buddist whom rejects worldly possessions.

Hates the Catholic Church.

"If a man also lie with mankind, as he lieth with a woman, both of them have committed an abomination: they shall surely be put to death; their blood shall be upon them." (Leviticus 20:13 KJV)

Rejecting consumerism?

Thinking for yourself.

Probably gonna have a hard-time getting another job because of religious beliefs.
Gave up a pretty cushy life to live a cave. Ultimately martyred living in a mansion.  Probably doesn't want starving followers to know about that one.

Defending your spiritual homeland.
Religion is about faith, religious zealoutry is about adherence to an interpretation of a belief system to a degree that one would sacrifice him or herself for that cause. 

A citizen contemporary society, I know quiet the opposite is true. We sacrifice alright: morality for modernity, the spiritual for the earthly, the humble for the heathonistic, and the private soverign of our lives for the convenience of information at our fingertips. The platform to broadcast the most asinine vanity egos in exchange for all seeing eye of society to judge our leaders and heros by the content of the tweets. #awesome

I'm no different than the next person. I'm a digital lab-rat. It'd take all of 2-3 seconds for Jack Black to geo-locate my caffeine addicted ass and have me targeted for round-the-clock surveillance. Hell I'd probably "Check-In" at Starbucks and the 4-Square API would have an easier time finding me than my GPS tracker in my phone (read soon to be implanted under skin). 


Progressivism idealizes the independence of the self from institutions and rejection of conformity to traditional doctrine (religion). Arguing that the benefit of the many redounds to the empowerment of the few. As opposed, to say, conservatism, which argues the greed of the individual is to the benefit of the many. 

The totalitarians and communists downplayed symbols of religion and tradition as threats to the hegemony of control, the association between religion and conservatism not withstanding. 

More contemporarily, or at least in the Western World: Liberals dogmatically attack religion in state institutions weather it be a Christmas Tree at the capitol, the Ten-Commandments on the court-room wall, or a preyer at a public high-school graduation. They argue the fundamental separation of church and state in the US constitution is sacrosanct, just like constitutionally protected freedom of speech. Are they defending the constitution or Progressivism against against the oppression of religion? (And while they're so keen on defending the 1st, 3rd, and 4th amendment to the constitution I guess the 2nd is just well...ummm?)

"The voice of God is government." - Greg Graffin, Bad Religion

What I'm getting at here is, humans aren't infallible, institutions are even less so, and religions and social norms are even more susceptible to the immorality of group think. So why assume that a state / an institution / a government / a society that doesn't take it's morality from a religion is any more capable of making moral decisions.

And... 

Dare I say it, god, irony, or karmic balance, whatever you want to call it has a way of making fools of us all. 

So doesn't it make sense that the self-impowering nature of the internet and technology to break down the barriers of to freedom of information, to empowering people to stand up for their liberties ("Twitter and Facebook are the reason the Arab Spring happened!" - CNN, "Mark Zuckerberg should get the Noble peace prize!" - Another asshole on MSNBC) might have a darker more sinister side to it?

Evangelized by the very people whom so zealously believed in freedom, self-empowerment and rejecting religiosity, might need some religious zealotry to save them from themselves?

"Life in the modern world...so far out of reach...desperate souls in this electric sea...It's a tale about the end of the world...encrypted in the heart of us all. I don't wanna hear, I don't wanna say, I don't wanna know, I don't wanna prey... We are the dark. We are the light. We are the voice you hear at night. We are the architects of void. We right the wrongs, we built the bombs, we put the heavens in the sky" - Strung Out, City Lights. 

PS. I just liked the Strung Out song because (1) It's punk (2) The lyrics mention religion, the modern world, the world "void" (common in programming) and encryption... smiley face emojii

Monday, August 12, 2013

PGP Privacy 2 Go


So if your like me, seek help.

I mean seriously. These morbid delusional fantasies about the future of war and technology? Staying awake all night writing software to trade internet funny money (read: Bitcoin)? You get the picture. Your fit for a straight jacket.

Or you need a vacation. Which means it's time to hit the road without your trusty "security hardened" laptop. Your machine is security hardened right? You haven't been using those 'cloud based' services have you!? You host your own email, file sync, music streaming, calendar, and social network from a server under secure lock and key on a redundant internet connection to your condo right?! Not. The cloud is a convenient solution for all of this, unfortunately, it's also an extremely convenient solution for the government to spy on you.

Lets leave the politics of it out here. That's not the point of the post. You want to use Gmail. I get it. I use it. It's fast, reliable, it's servers are these crazy shipping container lego-blocks that can be shipped by train into Mexico in the event of nuclear war...making your email more safe from radiation poisoning than your sorry Starbucks sipping ass. Jordan searches frantically for his stash of iodine tablets but only discovers used Starbucks gift-carts. 

So the next best thing before you go-ahead and upload your email messages to the Utah Data Center for NSA perusal, is to use PGP, which if your reading this I'm relatively confident your already familiar with. If not, it's not hard to understand, but next to retarded difficult for your everyday operating system manufacturer, or email service provider to include with their services.



Once your email is encrypted with PGP, short of obtaining your private key from your physical machine (more on that later), it's extremely cost prohibitive, if not impossible, for anyone but it's intended recipient to read it while it sits for eternity on a hard-drive in central Utah.

The issue for most people whom have taken this precaution, is that the tools are inconvenient. For example, they, unlike your modern email client (Gmail) aren't as portable. Take for example, GPGMail, a reliable and improving tool for managing for managing PGP messaging with OS X Mail on top of OpenPGP. Great already hard enough. At least it grabs public keys attached to emails from your comrades, and stores them for future use.

You see what I'm saying, no wonder no one uses this stuff. Too fucking hard.

In that case... what happens once you've got some encrypted communication going on, and you want to read / send encrypted emails on the go with Gmail? Enter Mailvelope. A handy browser plugin, that allows you to PGP encrypt your webmail as your composing and reading on the go. With Chrome Browser Sync, once you login to your browser, this plugin should be made available to you where-ever you go. As inconvenient as it might be, the last little bit is to hang-on to your private key. I'll leave that part up to you.

Mailvelope Homepage
The issue I ran into was, I had already generated my PGP Pub/Priv key pair on my home machine, and wanted to use it while I was on the go.

Nothing abstract here.

Just a little demo of how to use the same private key to read your encrypted emails using Chrome.

Ok, so first we need to "export" our private key out of our PGP Keychain. Go ahead and open up the keychain in OS X (I usually type "Keychain" in the Spotlight search).


Go ahead and cmd-click, your key-pair, and choose "Export".


Make sure 'Allow secret key export' is checked. Once this is done, the text-file you create will be your "key to the kingdom" so to speak, as it will include a public and private key-pair. 


Doesn't look like much. But there is a lot of information here. Most importantly, your private key should only be placed and left on a browser on a machine you trust won't be compromised.

 Next, lets install the Mailvelope plugin on our Chrome Browser:


Once installed, go ahead and open the plugin (from it's setting's button on the top-right corner of the browser), and than choose the "Import Keys" menu.

This was kind of confusing for me, as I didn't realize you could also import private keys here. I gave it a shot, and it worked. So good on you Mailvelope. 


Paste the entire text of the Pub/Priv key-pair file you just exported into the text box.

Ok, now your good to go. 

Next, open up Gmail and start to compose a mail, and you'll notice a new little button, click it to open a PGP Mail composer from Mailvelope. Hit the "Lock" button.


And than choose your recipient (I'm sending this message to myself to demonstrate).


Your message is encrypted using the public-key of the recipient.


Now the message is placed in the composer as a PGP encrypted message, safe and secure, ready for upload to the government (:


Last step, receiving, and decrypting PGP encoded mail. I hit send, and the message appears in my inbox, as I was the intended recipient. The message is encrypted, but Mailvelope adds a button to my Gmail editor window to decrypt it. I click it, and am asked to unlock my private key (the private key passphrase is sort of a security of last resort to keep others from reading your messages)

And walla, your message is decrypted and has a "water-mark" behind it which has some significance, though I didn't read that far into the Mailvelope documentation.


PGP encrypting security tends to break down around "Physical breaches" of your private key. If you carry it around on an unencrypted USB-stick, or it's stored on your "secure machine" (read: laptop protected with your ex-girlfriends favorite nick-name for your penis as a password), there is a pretty good chance it can be compromised. 

There is more here, consider using a public-keyserver. These servers allows others to grab your key, and encrypt messages to you without you handing them your public key via a message. It also allows you to, in theory (I believe), issue a certificate with a key that allows you to "expire" the key-pair periodically, in-case of theft. Though that is beyond the scope of this blog post, I will be looking into that more in the future, but lets keep it simple for today.

As for physical security, I recommend a gas-powered AR-15 Platform rife, and a few hundred hours of close-quarters combat training. If you don't have this, maybe a mean dog, and a deadbolt. We're all susceptible one way or another...at least now your a little less so to government intrusion into your email box.

Saturday, August 10, 2013

Evangelizing "MEAN STACK"


Any self-respecting "Brogrammer" like me knows how to program in Javascript. When startups try to test your skill set in "lingo" like: "Backend" (and by backend I mean...you an ass man, bro?) Your typically response is: "a whole bunch of stuff that isn't Javascript." 

Guess what: with MEAN STACKNot anymore dude. Yeah, you just went from alert('Hello World'); monkey to full-stack developer...HIGH FIVE.

For a good time, check out: Brosciencelife on Youtube

MEAN STACK, as conceptualized by Valeri Karpov in the blog post linked above, is not new technology, and it's not even based on any new components. It's just, in my opinion, an exciting layering of existing technologies that all run on JavascriptmongoDB, ExpressJS, AngularJS, and NodeJS. And let me tell you: this bad boy cuts through your projects like a hot knife through butterRighteous swell, bro.

Lets get down to it. I'd heard the hype: NodeJs is performant, non-blocking, and easy to learn. (See pretty much everyone at GluCon), and I'd also heard the jeers, Ted Dziuba, etc. (though 
I can't find any of their posts anymore, just mentions of them ... interesting)
var express = require('express'); var app = express();
var server = http.createServer(app).listen(app.get(3000), function() {
console.log('Express server listening on port ' + app.get('port'));
});

Boom!

I know it takes more than that ... but you get the idea. Nothing new there.

So I thought I'd try an example of an operation I hadn't seen a lot of floating around on the interwebz: Streaming new DB entries in realtime out to a page via WebSockets.

This is where it gets really interesting (at least it did for me) using MongoDB's streaming cursors, with capped data-collections. To create basically a one-stop message-queue real-time to web-socket buzzword orgy of awesomeness.

First define a schema in Mongoose, and add a tailable find:
var BidSchema = new Mongoose.Schema({
    price : { type : Number },
    amount : { type : Number } }, 
    { capped: { size: 5242880, max: 1000, autoIndexId: true }});

var Bid = db.model('bidSchema', BidSchema);

var bidStream = Bid.find().tailable().stream();

I ran into some issues at first when I tried this. 
MongoError: tailable cursor requested on non capped collection
BROTIP: THIS ONLY CAPPED COLLECTIONS CAN BE USED FOR STREAMING NEW RECORDS OUT OF MONGODB.

Next we setup a SocketIO to send our results out to the page as they are entered into the database:

var ioserver = require('socket.io').listen(server);
var clientsocket = null;

ioserver.sockets.on('connection', function(socket){
 clientsocket = socket;
 var timeout = null;
 
 bidStream.on('data', function (doc) { 
  clientsocket.emit('bid', doc);
 }).on('error', function (err) {
   console.log('error: '+err);
 }).on('close', function () {
   // the stream is closed
   system.debug('close');
 });
});


Next we setup our client-side, AngularJS Controller:
    script
      var socket = io.connect('http://localhost');

      function BidsController($scope, $http, $window){
        $scope.bids = [];

        $scope.save = function(bidForm){
          $http.post('/placebid', { bid : $scope.newBid }).success(function(response){
            console.log(response);
          });
        };

        $window.socket.on('bid', function (bid) {
          console.log(bid);
          $scope.$apply(function(){
            $scope.bids.push(bid);
          });
        });

      };
And our Jade Template display:

    body
    div(ng-controller="BidsController")
      h1 Enter a bid:
      form(name="bidForm", ng-submit="save(bidForm)")
        input.form-control(type="text", ng-model="newBid.price", name="price", placeholder="Enter a price.")
        input.form-control(type="text", ng-model="newBid.amount", name="amount", placeholder="Enter an amount.")
        input(type="submit")
      table(style="border:1px solid black;")
        tbody
          tr(ng-repeat="bid in bids")
            td(style="border:1px solid black;") {{bid.price}} 
            td(style="border:1px solid black;") ${{bid.amount}}

Bam. That was easy. Like I said...hot-knife through butter...!

Now your a full-stack developer, with plenty of time to go get stacked at the gym.

So get out there and get it brogrammer!

Source: Github here

PS. The whole "bro" thing was not a knock on the MEAN Stack - I've just been watching too much: Brosciencelife on youtube, that hitting the gym all week getting rock-swol for the Denver Triathlon. 

PSS. I'm still having trouble with the streaming cursor in mongoDB returning duplicates/triplicates of the same documents. I'll update if I figure it out, or someone comes along on stackoverflow.

Thursday, August 8, 2013

Form Response to Recruiters

Dear Recruiter (Your Name here),
Thanks for your interest in Jordan Baucke ("Programming's Bad Boy" TM)
Jordan is confident that role you are offering him is probably very exciting.
Jordan is currently only entertaining offers from Top Tier Software Companies (those companies that have strong name recognition nationally and internationally), those companies that are located in the Denver Metro Area and are quoting at least $130k in salary before benefits, and those companies that are actively working with Bitcoins (www.bitcoin.org).
Thank you for your time, Jordan won't be passing your job offer onto anyone because, frankly that's your job, and he doesn't want to do it for you.
Sincerely, 
Jordan Baucke
(Dictated, but not read)