A strange kind of holiday

It all started about two weeks ago when my wife discovered water on the kitchen floor that kept coming. The plumber who came immediately, found out that two parts of the waste pipe shifted out of each other, leaving a gap open. He told us that this must have happened two or three weeks earlier. During this time, the waste  water filled up the base of the kitchen, which turned out to be water tight. He sucked out all the water, and left one part of the base open, so that some air could ventilate. He also told us that probably we would get a giant hair drier installed to get the rest of the moisture out. Nothing happened for more than a week. The smell was disgusting, and we apologized to the guest at Levin’s birthday party. Our neighbour told us that the same thing happened to them last summer, and that they had 40° for some weeks in their kitchen as a result.

When the craftsmen came to inspect the kitchen, they discovered one giant mold fungus. Immediately, they sealed the kitchen from the rest of the flat and all the cupboards. They started to disassemble the kitchen and removed the appliances. Most of it would be replaced. They sprayed some poison to contain it. After they told us the whole flat would have to be sprayed, the house management together with the insurance decided that it would be best for us to move to a hotel for two weeks. The insurance organized it for us. It appears they asked some other hotels first which were fully booked. So we ended up in the best hotel in town, the Waldstätterhof. The breakfast is included, and it is a very nice and delicious buffet. The funniest part for us was the Prosecco bottle next to the fruit juices. We usually don’t make holidays in such exclusive places, but we know it from special events such as the Musical we go to almost every year.

The insurance even pays for the additional costs we have because we can’t cook at home. But he asked us not to eat at the noble restaurants downstairs all the time. Of course we don’t want to exploit the situation, but because Levin had a surgery the day before we had to leave home, we cannot go outside all the time. The first day we ordered some food from lieferservice.ch at seewendays.ch that I could pay with BitCoin. The second day, I bought a warm chicken in the local grocery store. For the rest of the week, Mirella organized to have the meals delivered from the hospital. I must confess, it feels awkward to walk into the lobby of a four star hotel with a hot chicken in the backpack to eat at the room. But yesterday we went to the restaurant downstairs for once. It wasn’t cheap, but delicious.

The kids enjoy the adventure, especially because we rarely have so much time to play with them. Levin got a dinosaur skeleton to excavate from Santa Claus the day we left. So we went to the big hotel terrace to carve out the artificial bones from the enclosing gypsum. He was totally excited as the bones started to get released. Yesterday, we assembled a KAKU robot. Putting the parts together was easy. I had to do most steps, but the boys could help here and there. Noah walks around full of pride with the enclosed emblem. As all the manuals and information I found are in Chinese, its not always easy to find the required information. But the programming system ArduBlocks is exactly what I have been waiting for since I learned about the Scratch programming language.

 

Categories: Family, Projects | Tags: , , , , , | Leave a comment

Fading out my credit card

Once upon a time there was no internet. When you went to a restaurant, you had to pay in cash. If you had no cash with you, you might have been lucky if the owner knew you good enough to think you were credit worthy. But what if you were in another city? Then some clever people invented credit cards. What they essentially did was telling the store owner that the person whose name was on the card was trustworthy, and that the credit card company would vouch for that individual. Obviously, owning such a card was quite a privilege. The companies issuing these cards didn’t want to pay the bills for people who would not pay them back, so they looked closely who would get such a card. But sometimes it happened, that the people spent more than they could afford, or they ran off. It also happened that people bought goods with stolen cards. So they introduced the handwritten signature as a security measure. As the fraud became a regular occurrence, the credit card companies, rather than just fight it, started to accept it as an inevitable part of their business. They calculated like insurance companies, and figured out that they could effectively make more money if they lowered the bar to entry. The honest users would just pay the bill for the occasional crook through the higher fees.

Then came the internet, and people wanted to buy stuff online. Because there was no appropriate payment mechanism, people just used what was available: credit cards. The combination of name, credit card number and expiration date was not sufficient against misuse. This information was on the front of the card, and every store owner where the card was used had the information. So they introduced a three digit number on the back of the card as a security measure. Criminals became cyber-criminals, and they liked this system very much. Now they could steal credit card numbers, and use them to buy stuff that somebody else would have to pay for. Credit card fraud became an even bigger issue. But the credit card companies don’t suffer from that as much as one would think. Customers can complain if something appears on their statement that they didn’t buy. The CC company then issues a chargeback, and demands the money back from the store. In essence, they charge fees for covering the risks, but don’t actually cover it themselves. For some retailers, those fraudulent chargebacks are a real issue.

Then came the internet of money. It is called BitCoin. Just like the internet in 1994, a lot of people are confused, and don’t know what to do with it. Just like the internet liberated and democratized information, BitCoin does the same with finance. The internet didn’t just replace the fax machine, but opened a wealth of possibilities noone had even thought about. BitCoin already now offers a wealth of possibilities not imagined before. And the BitCoin 2.0 space shows even more applications for BlockChain technologies. But for the moment let’s focus on online payment. BitCoin doesn’t need no trusted third parties who could charge disproportionate fees, or could even steal or confiscate the wealth flowing through them. Transactoins are final, so there are no fraudulent chargebacks. For scenarios where both parties don’t know each other and hence don’t necessarily trust each other, there’s an arbitration model already built in, in the form of MultiSig. The arbiter can be freely selected, not like with PayPal for example that always favour the buyer.

For me, the main difference between BitCoin and cash versus credit- and debit cards is this: Either I give the amount I determine, or I give the information to get from my account the amount they want. You surely saw people hand their open purse to the cashier in a store, so the cashier can take out enough money to pay for the goods. Most often these people are retarded, can not count or read the numbers. Why should we act as retards when we want to buy something online?

Just this week, I read an article about a couple whose credit card was charged by a hotel with a $156 penalty for a bad review. Even if this is part of their terms, most people (myself included) perceive this as outright theft. Now guess what, with BitCoin they couldn’t steal from their customers at will.

With all this in mind, and after reading about credit card breaches multiple times a week, I think the time is ripe for a change. For the last two years I frequently ask if I can pay with BitCoin when I buy something online. That is mainly to build awareness, and voice against excuses such as from Amazon stating they didn’t see customer demand for BitCoin payments. I am ready to shift to the next gear. I want to get rid of my credit card in a year. But I won’t just cut it in half, and then regret it. Instead, I give my best to find and use alternatives, that at least involve BitCoin, if it is not direct. I don’t really like buying gift cards for myself, but I’m willing to go that route if I have to, at least temporarily.

I received a new credit card last month, and my first passive step towards my goal was not to register it with every service where I used the old card. That includes Amazon, PayPal, SBB, SPOT, …

The first order online after that was with dealextreme. I asked them about BitCoin payments before. In fact many people did, and I had the feeling they started warming up last year. But after the Chinese government crackdown, they said they couldn’t do it. They accept PayPal however, and since I no longer have my card registered, I wired the money to a PayPal account at a Swiss bank in advance. It’s certainly a hit in convenience, but it’s more secure still.

Then I found out that Amazon doesn’t accept PayPal, but only credit cards. That’s strange, so far, I just assumed they would. So I will have to send some BitCoin to gyft.com or egifter.com when I want to order something from Amazon the next time. I don’t really like this, but well… Ah, there are also services like purse.io where you can submit your amazon wishlist and some BitCoin. Another user who wants to buy BitCoin can then order the items from Amazon and send it to you. This option looks better to me. I’ll try it for sure.

I’m not a big fan of the security I see with PayPal neither. On this blog I ranted about password based security many times. Unlike with the credit card, at least I can change the security element (the password in this case), If I suspect somebody could have sneaked it. Somewhere I thought I read something about two factor authentication with PayPal, but when I looked for it, I couldn’t find anything.

Not everything in this post is historically researched. Rather I just tried to outline how the different system work, and how they became how they are.

Update:

Here is another story worth reading.

Categories: BitCoin | Tags: | Leave a comment

Back to Mac (nothing to do with Apples)

After I stopped flying in competitions, I also slowly stopped flying competition gliders. So I went back to my old and proven sports class glider. I meant to replace it for a long time. But as my Gradient Aspen 1 is by now more than eleven years old, there really were no more excuses.

So, I took the time to test new gliders. The first one I tried was the successor, the Aspen 5. It felt familiar and comfortable. They also have some good results in sports class competitions. So I almost bought one.

But I wanted to try at least one other model. The most obvious was to see what Mac Para has to offer. After all most of my competition gliders were from MacPara, and I still consider the Magus 4 the best glider I ever flew. The description of the Marvel sounded good, but the model is more than two years old. So I asked if the successor is imminent. Most paragliding companies don’t announce the new models in advance, as they still want to sell the old one. I still expect a successor next spring the latest. That is probably the reason why I got such a good deal for the demo glider. Since I don’t fly cross country as much as I would like to these days, I don’t need the latest and greatest. Instead a glider that I am comfortable with, and that lasts for another decade. Ah and there is another factor. I still like the design of the MacPara gliders. When I was collecting information on the Mac Para switzerland webpage, I was pleasantly surprised to see a picture of myself and my Magus 4 over the pre pyrenees at the 2006 pre World Cup.


Categories: Paragliding | Tags: | Leave a comment

MultiSig with HardwareWallets

2014 is touted as the year of multi-signature for BitCoin. It is being integrated into some wallets and services. But not quite the way I expected.

  • Electrum has an implementation that assumes multiple hierarchical deterministic wallets distributed over different machines, that know the other’s master private keys. -> This should work well for corporate environments or other organizations.
  • GreenAddress has a cool, but for my taste too obscure solution. I would recommend it for new users. But for myself, I want to be fully in control.
  • OpenBazaar, although not fully functional yet, will integrate arbitration with multi-sig.
  • and I hear more announcements almost on a daily basis…

When I first read into MultiSig, I understood it like I could combine any Bitcoin Addresses of my choosing to create a MultiSig address. If one of the involved addresses was in my wallet, it would automatically display the MultiSig address as well. And I could then partially sign a transaction with the GUI, and magically forward to the other signing parties. Turns out that is not quite how it works. To combine addresses of my choosing into a MultiSig address, I have to resort to the commandline. There are a couple of good tutorials on the net on how to do that, and also on how to spend. But it’s not like executing a few simple commands. It’s quite hardcore. There are wallets where you can add them as view only addresses, but I’m not aware of a wallet where you can partly sign a transaction in such a setting.

MultiSig brings us escrow services and a load of similar stuff that was not even imaginable before the rise of BitCoin. MultiSig is also good if you want to implement a setting where at least two of your accountants need to sign transaction in a corporate environment. What this adds is security. You surely saw movies where a few generals had to use their physical keys to launch missiles. That’s done to add security. So that the terrorists would have to steal the keys from more than one general, before they could launch a missile. The same works for bank vaults. And the same idea is behind BitCoin MultiSig, only that it goes much further.

MultiSig is just one facet of pay to script (P2SH). You can implement other rules than just MultiSig. I became only recently aware of that, when GreenAddress gave me a transaction that I could use to get my funds off the MultiSig wallet in case they went out of business. What that means, is that if too many parties loose their keys, funds on a MultiSig address are rendered inaccessible. As a measure against that, they created and signed a transaction with their key to transfer all funds, but with a time restriction. This transaction will only become valid after a certain configurable point in time. BitCoin has a stack based scripting language for expressing such rules. For my taste it’s very complicated at first sight, but it’s cool what you can do with it. That’s actually, where ethereum’s main focus is to improve. That’s all good and nice, but wasn’t it possible to program rules for a long time? Of course, but with BitCoin nobody can cheat, and you have to trust nobody. You cannot just change the system time on your computer, or buy a fake certificate to trick a system into using your timestamp server. BitCoin has a distributed consensus, that is very hard to come by.

So in essence, MultiSig is about increasing the security. This is mainly against malware that can infect your notebook and steal the files of your wallet software. There is also another cure against the same threat: HardwareWallets. I wrote about the Trezor and HW1 on my blog before. Now how about combining the two measures? That should raise the level of security up to a point equivalent as storing your gold and silver and diamonds inside a bunker in the Swiss mountains, and guard it with a Russian tank, driven by a rogue artificial intelligence. But I can tell you upfront: just like that rogue AI, it’s not going to be user friendly. While user friendliness and security are often opposing, this is an extreme case. After reading this, don’t be tempted to think BitCoin was difficult to use. BitCoin is wonderful and easy – for normal use.

So let’s begin with the commandline fu. I won’t repeat every step from the gist from atweiden, but concentrate on the special parts:

You don’t need to create any wallets. I assume, the hardware wallets are initialized and ready to use. Read more »

Categories: BitCoin, Software | Tags: , , | Leave a comment

Visiting the doctor after 20 years

My wive usually rolls her eyes, when I tell her: “No, I don’t need that medicine. My immune system can cope with that, and needs to be trained.” or “No, I don’t need that painkiller as long as the headache is not overwhelming. My body reminds me that I should not shake my head too much at the moment”. But last week I had a flue that didn’t improve even after three days in bed. Usually flues weaken me for a week, the strong ones put me in bed for a day. But this was different. For the first time in twenty years (not counting vaccination for travel, and the dentist), I felt it necessary to visit a doctor. He gave me antibiotics, and indeed I started to recover. Would be nice if it took another 20 years until I need a doctor again…

Categories: Family | Tags: , | Leave a comment

electrum server on a cubox

I don’t even remember if there were alternative wallets available when I started with BitCoin. I used the reference implementation exclusively for a long time. Now there is a wide variety to choose from. They fall in three main categories: full node, light client and web wallets. They are nicely listed and explained at bitcoin.org

full node

Every hardcore bitcoin enthusiast should run at least one full node. That’s how the system was envisioned. It expresses the peer to peer nature. A full node maintains the complete history, and can verify transactions. It has lots of connections to other nodes, and helps propagate the transactions and blocks through the peer to peer network. The downside is that the size of the blockchain has grown so large to make it impractical, especially for mobile devices.

light client

Most mobile wallets fall into this category, as well as my favorite: electrum. The main reasons why I prefer electrum are that it has been in the apt repository for a while, and it has good support for hardware wallets. Light clients communicate with servers that in addition to the blockchain of the full node also maintain an additional database. This is required to serve requests for addresses, that the full node doesn’t have in its wallet. The client is responsible for managing the keys, and thus signs the transactions locally before distributing them.

web wallets

This is mainly for new users that don’t know how to secure their private keys.

electrum server

The main downside of light clients compared to full nodes is that there is a layer between your light client and the peer to peer network. You depend on these servers to be available. The server you connect to, could connect your BitCoin addresses to your IP address. They theoretically could also selectively filter transactions. But what they have no way of doing, is steal from you. As I understand it, electrum talks to multiple servers not only to protect your privacy, but for various reasons. There are about 7’000 publicly reachable full nodes, but only about 20 electrum servers. To protect your privacy, you can run your own electrum server in your basement. That’s what I do, but it’s more to support the system then out of paranoia. There is a strong incentive to mine BitCoin, but the incentive for running a full node or an electrum server is not monetary. Still I think it is very important to have many of these around.

I had a cubox small quad core arm box around that already ran a BitCoin full node and p2pool as well as some smaller stuff. It had some more capacity, but I didn’t know if it was enough to run electrum server. As it is not really apt-get installable, I didn’t want it on my main server. Electrum server uses a leveldb to keep track of all the information that it needs in addition to bitcoind. At the moment this database has about 11GB. Building it from scratch can take a long time, so they advice to download it form the foundary, and grow it from there. It didn’t work out initially, so I tried to build it from scratch. After computing for a week it slowed down too much at the blocks of mid 2012. So I downloaded from the foundry again, and this time it worked. For about two weeks I tested it in private. Then I had to enable IRC to make it public. You find the public servers in the #electrum IRC channel,  they start with E_. My electrum server is probably one of the slower ones. The cubox is a cool device, but not a typical server. It has performance comparable to a smartphone. Sometimes it lags a few blocks, but in general it keeps up quite well. I can see hundreds of clients connect to it.

Categories: BitCoin, Software | Tags: , | Leave a comment

Hello Kitty

Since she was a kid, my wive dreamt of having a pet, preferably a cat. Our kids also said they would love to have a cat or a bunny or a turtle or… I grew up with animals. We had cats and dogs and sheep and goats and chicken and once even a pig. We even had newborn cats and dogs and chicken in our house. Out of all these animals I like dogs best. They are a lot more social and intelligent then any other animal we had. But for our family, even I have to agree, that having a dog would be too big a commitment and responsibility. So after reviewing bunnies, turtles and guinea pigs, we settled for a cat. Mirella surfed the web evening for evening for weeks searching for cats. Then I saw a poster in a cablecar station when doing some tandem flights. Somebody uphill wanted to give away some young cats. They looked cute. So I took a photo of the poster.

After some back and forth and some planning and buying equipment, we went to get one. I quit work early last Friday. After I came home, we drove to Flüelen together, and took the cablecar to Eggberge. The boys were totally excited. We had to walk about half an hour uphill to reach the farm. A boy fetched the cat we had previously selected. They didn’t ask a specific price, but just wanted something to cover their expenses. Our boys could choose a name for the cat. They came up with “Simba”. Simba didn’t like the walk in the box too much, so she started to purr when we stopped at the cablecar. The ride with the cablecar as well as with the car didn’t look too pleasant to her.

But at home she came out of the box, exploring our flat and cuddle. It turned out even though she grew up on a farm she is not shy at all. It’s clear that the kids on the farm spent a lot of time playing with the young kitten. She doesn’t seem to care if our boys drive their RC cars close by her. We try to teach our boys not to carry her around all the time, and watch for the signs if she likes something. Eventhough you can tell if she doesn’t like it sometimes when they play with her, she never hurts them.

Categories: Family | Tags: | Leave a comment

HW1 tiny BitCoin hardware wallet

While the trezor is certainly a great device for securing BitCoins, I’m also interested in alternative hardware wallets. Even in my very first discussions about increasing the scurity of BitCoin we talked about SmartCard solutions. After all, that’s also how I secure my GPG keys. But a regular SmartCard alone only protects the keys. If the computer is malware infected, it could sign another transaction than the one you initiated, and thus spend all your coins at once. The trezor solves this problem nicely with displaying the transaction details on the screen, waiting for a button press to confirm. Then came the HW1, a tiny BitCoin hardware wallet, based on smartcard technology with some extras. Since it has no display nor buttons, I was ready to get somewhat reduced security compared to the trezor. But in fact they are also very clever, and it turns out the security is just as high at the cost of a bit of convenience. But as I understand it, that level is configurable. I just opted for the more secure option.

So, If I want to spend some Coins from my HW1, I plug the dongle which is smaller than a regular key on my keychain into an USB port on my computer. Then I start up electrum, and send the coins. Now the HW1 has to sign the transaction. It asks me to remove the dongle and plug it into another computer, that is preferably not connected to the internet. If I don’t have too much funds on this wallet, I can also plug it into the same one again. A text editor should be opened beforehand, and it should have focus. The dongle then acts as a keyboard, typing the transaction details along with a TAN code to validate the transaction. Next I remove the HW1 again, and plug it into the former computer. I type the TAN code, HW1 signs the transaction, and electrum distributes it to the BitCoin network. That’s it: simple and secure.

Just as electrum itself and trezor, the HW1 uses a deterministic hierarchical wallet. To be sure I can trust the device and the method in general, it was not enough for me to test that I can spend from it. I wanted to also be sure I keep my coins in case the device gets damaged or lost. That means I have to be able to restore it from a seed. The seed is generated when I first initialize the dongle. And like the TAN code it is printed out in HID keyboard mode. If you have it print it on a machine that could be compromised, there would be no point in using a hardware walled in the first place. So have it print the seed to an air-gapped secure computer. If you already initialized your HW1, you can’t restore another seed onto it, unless you reset it first. I couldn’t find any documentation on how to reset it though. A developer told me to enter a wrong PIN three times to reset it. After that, don’t choose restore, but initialize. In the BTChip personalization manager that follows, you choose restore. I did this on a machine where I removed the harddisk, and booted from a fresh USB stick. Getting electrum usable with all the required plugins and libraries was the most work. Before typing in the seed, unplug the network cable and disable WiFi. After the seed was typed in, and the dongle restored, I issued “sudo dd if=/dev/random of=/dev/sda” and waited for the kernel to go belly up. That’s for making sure no sensitive information remained on the USB dongle. Don’t do this on your regular computer.

In conclusion, I can say that:

  1. The security is just as high as with the trezor, if you let it type the TAN on a computer that is temporarily offline. But the convenience obviously suffers.
  2. If you only use it to store medium value funds, you can have it type on the same device, at reduced security. In that setting the convenience is about the same as with the trezor.
  3. Where the biggest difference lies for me, is restoring the device from a seed. Preparing a fully equipped air-gapped computer to securely restore the dongle from a seed proved to be quite some work. While with the trezor, you don’t need an additional computer. Luckily that’s a task that is required infrequently.

While the experience with the trezor was smooth from the beginning, I tested a lot with the HW1 to gain confidence with it. I found some minor bugs. I had the computer freeze a couple of times. I saw lots of messages about dongles not found. I had to reconnect and start over many many times. Some things were not documented or not obvious. All these problems became lesser the more I tested it. I can only explain it that way that I grew a sense for the correct timings and steps required. In the meantime I use it without problems, but I have the feeling that it is not as robust as the trezor. It will work in the end, but you might have to try a few times before it does.

I packaged the python library that is needed for the plugin for ubuntu. Once all parts and dependend libraries are out of beta, I will also try to get it into debian. On ubuntu, you can install it like this:

sudo apt-add-repository ppa:richi-paraeasy/bitcoin
sudo apt-get update
sudo apt-get install python-btchip

Ah yes, and there’s the price difference. A trezor costs $119 while a HW1 is just $20. At the moment they have a 2 for 1 offer, so go hurry.

Categories: BitCoin, Software | Tags: , | Leave a comment

What could go wrong when ordering pizza?

For some months now it was possible to order pizza for BitCoin in our area. I wanted to give it a try since it was announced. But only last Thursday, I proposed to my coworkers to order pizza. And that I would pay with BitCoin. It was meant as a demonstration how cool the virtual currency is, and that it is actually useful in the real world. I was going to take pictures and blog about it. After all, a pizza deal was the first real use and most famous BitCoin transaction in history.

So I placed the order with lieferservice.ch for pizza’s from Angolo, where we used to go for lunch before. The website was really cool, we could order extra ingredients on top of the regular pizza. Payment was a breeze, as always with BitCoin. It was 11:25 when I placed the order, and I picked 12:30 for the delivery. The email confirmation from lieferservice.ch followed immediately. But when we all grew more and more hungry, I tried to call Angolo at 12:45 to ask where our food was. Nobody answered the phone. I tried again, and again, and again. Nothing, not even an answering machine. After 13:00 we decided we would drive to Angolo with the confirmation email, and eat our pizza in the restaurant. When we arrived, it was closed for holiday.

This is clearly not how this is supposed to work. The guy from lieferservice appologized, and told me their contractors are ment to tell them when they change opening hours. He couldn’t refund me in BitCoin, and asked for my IBAN instead. One of my colleagues was so pissed off, he said he wouldn’t go to Angolo ever again.

Categories: Work | Tags: | Leave a comment

Paracuda walk & fly

In the Paracuda paragliding club, we distribute the organization of the events among the members. So I agreed to organize a “walk n fly” event in October. Usually pilots go up with a cablecar to go flying. This saves us from having to carry the equipment for too far. But for people that want to do a bit more sport and see a bit more from the nature, there is “walk n fly”. It’s the perfect undertaking for autumn, where the thermals vanished and the temperatures retreat. The interest was stealthy from the start, but I still hoped some people would join. To my dismay, I was alone on the meeting point.  That didn’t stop me from going to hike though. The Wasserberg was covered in a cloud, and the description in the Internet described the trail as difficult to find. So I save this one for later. Instead I went to the familiar Pfaff near Glattalp. About once a year, I take the cablecar to the Glattalp, and do the half hour hike to the Pfaff. It has a huge take off area with two possible directions. After I was airborne, I headed straight to the Kupferberg with a nice little cloud atop. As I approached, the birds left, and apparently the thermals as well. So I went to the next one. This was the mountain straight on top of where my father grew up. I remember looking up the wall when I was a kid, visiting my grandmother. It looked enormous from below, but at the hilltop looks very friendly. It even spared some thermals for me. In October late afternoon it’s already very nice, if you can hold your position for a couple of minutes. After cruising around in the Bisital some more, I landed right behind my uncle’s cows. That was actually the most difficult part of the flight. There is a tight grid of power lines, and only from atop I could spot a cell big enough to squeeze into. I had a coffe at my cousin’s house, and then hiked back to the car. The signs indicated more than an hour, but actually it takes only slightly more than half.

 

Categories: Paragliding | Tags: , , | Leave a comment