Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • cqwww 1:07 am on April 17, 2018 Permalink | Reply  

    I’m looking for smart phone recommendations 

    I’m not a fan of planned obsolescence, so I want a phone that will last. I currently have a Nexus 5, which is ~5 years old. Why I still like it: There are a lot of hardened kernels and tools for it due to its popularity; why I don’t like it: battery life and trustability of the Google Play Store (2/10) and general privacy of the Google ecosystem. There is f-droid as a replacement app store for Android, but it has limited options and a different set of issues.

    One of the biggest challenges today is trusting the hardware, and operating systems, in terms of threat model. This is a hard problem, that is not easily solvable. It involves pressure from nation states to backdoor the phones. In Asia, this is more likely a hardware concern, in the United States, the pressure that can come to an operating system vendor with a national security letter under the US PATRIOT Act. In Canada, our trusted Blackberry (RIM) was found to have provided the RCMP the private key for over 6 years.

    As a result, I think we should be looking to support open hardware platforms. This should solve the planned obsolescence issue, and some of the security issues.
    For example, I had the Neo Freerunner from OpenMoko, which was great philosophically but never really practical. For the hobbyist, there’s the PiPhone and ZeroPhone, but they need even more work to be practical.

    There’s the Samsung Z4, although it has hardware and operating system concerns; but the most exciting phone in the near future is the Librem-5 from This phone has hardware toggles to turn off the microphone and camera when not in use, as well as Wifi/Bluetooth, and baseband. Amazing.

    Not as open source, but a balance between ethics and solving planned obsolescence, and DIY, also check out the Fairphone 2.

    So my requirements in order:

    • Privacy & Security-centric
    • Will last longer than most smart phones
    • Ethical hardware
    • Open hardware/Open Software

    I’d love your thoughts on anything I’m missing in the comments.

    • Jason 4:41 am on April 17, 2018 Permalink | Reply

      It’s not available yet, the site says that phones and a ROM will be available in 2018 but have you looked into

  • cqwww 11:00 pm on April 10, 2018 Permalink | Reply  

    New Tech: IPFS 

    IPFS is a distributed, peer-to-peer (p2p) hypermedia protocol.

    It’s not just theoretical, you can use it now. There’s a lot to be said about the benefits. Consider for example you’re downloading an image or a video, the speed at which that transfer happens, depends on that single connection. With p2p, you’re connecting to many nodes, making the process a lot faster. Also note that every file, and ever block in every file gets a cryptographic hash. This not only means that IPFS keeps track of every version of every file, this feature allows allows it to block duplication! So instead of 1000 copies of the same movie in the cloud, as soon as one person uploads the movie, everyone is splitting that same single copy. The other big feature, of every file with every version, is unlike the web we know today, no web pages or files get lost or forgotten! This should make the archivist in all of us squeal with glee.

    Note, this is fully working, but alpha software. Also, this is intermediate level to use, meaning you should be comfortable in a terminal, and know how to untar a tarball. If this last sentence doesn’t make sense to you, IPFS is not for you. Perhaps instead, learn how to use the terminal. For those ready to dive in:

    Are you ready to give it a try? Install it now.

    Not sold yet? Spend some time going through their documentation.

    • cqwww 5:10 pm on April 2, 2018 Permalink | Reply  

      Thinking about where you’re making your DNS requests 

      Yesterday, Cloudflare announced their DNS service. They provide a good primer on DNS, and what solution they are working to resolve. There was a lot of chatter in the infosec community about this, often directed to DNS legend and friend, Dan Kaminsky.

      This was my response to utilizing this service, especially if you’re not an American:

      As I’ve said elsewhere, I won’t be recommending the American company whose main product is SSL/TLS MITMaaS, to my DNS seeking clients.

      A Canadian doing a lookup on to buy cannabis seeds would be breaking US federal law and worthy of a lifetime ban from US soil, as an example of why this is a terrible idea for non-Americans.

      While I appreciate wrapping DNS requests in crypto at the transport layer, as well as third party auditing, I’m holding out for a solution that is not American (bound by the US PATRIOT ACT), and ideally open source and decentralized.

      If you know of any fast, open source, decentralized solutions, let me know!

    • cqwww 6:36 pm on March 30, 2018 Permalink | Reply  

      If you’re in Vancouver, I’ll walk and talk with you for $5/km. 

      After watching the 60 second docs video on the People walker, I shraed the link on Facebook, offering to do the same.

      Within minutes I had my first customer, and I have 4 of them within 24 hours of sharing it. Clearly it’s serving a niche.

      One thing that stands out is a friend of mine commented,

      people are so lonely in vancouver that hey have to pay someone for companionship???!!!

      but it’s worth noting I think, that not only are there lonely people everywhere, but there are lots of other reasons to go for a walk with someone. Here are a few:

      So, if you’re in Vancouver, and want to go for a walk, I’m only $5/km; reach out. I look forward to getting more healthy physically, mentally, and social with you.

      • cqwww 12:33 pm on March 29, 2018 Permalink | Reply  

        Announcing: Black Tie Dinner – Vancouver on April 12th, 2018 

        Summary: Black Tie Dinner on April 12th, 2018  18:00 at the McDonalds on Main Street, one block south of Main Street Station. [Facebook Event]

        History: If you’ve not heard of it, I’ve run three (one, II, and III) Black Tie Dinners in Victoria, and they were all wildly successful, and by wildly successful I mean more than my friends showed up, and a great time was had by all. Seriously though, we usually fill at least 1/2 the restaurant, and most people are complete strangers, many whom have become friends since.


          • Wear your finest dining attire! (Black tie/tux/suit & formal dresses)
          •  Bring along your own china and nineteenth century cutlery, as well as a table cloth and formal napkins (fine dining place setting)
          •  After you order your food, casually grab the next empty table, place your table cloth on it and set the table. Remove your food from it’s packages, and place it on your china plate. Remove all evidence of McDonald’s packaging, so any pictures look like you’re in a fine dining establishment. Close up pics should like a formal restaurant. Wide angle pics should be hilarious.
          • Bonus: Sit with strangers whom are also dressed their best!
            from the first black tie dinner at McDonalds on Pandora

            from the first black tie dinner at McDonalds on Pandora


        The above 8 pictures thanks to Mark McLaughlin from BTD II

        • cqwww 1:02 pm on March 26, 2018 Permalink | Reply  

          Free alternatives to sign documents 

          If you have to sign documents once in a while, are trying to save on printing paper, and are looking for a free alternative to DocuSign, here are a few you should check out, and how many documents you can sign per month on their freemium plan:

          If you’re doing this professionally, DocuSign appears to be the leader, and there are platorm solutions I did not include, such as document signing tools that only work on iOS or Android.

          • cqwww 8:14 pm on March 14, 2018 Permalink | Reply  

            Understanding Co-dependence 

            I’d heard the term codependence many times before, and usually associated it with romantic relationships. A friend of mine mentioned she recently read a book on Facing Codependence from Pia Mellody. I did a youtube search and found a 10 minute video that I find myself recommending a lot the last few weeks. From there I’ve watched a lot of Pia’s longer videos.

            My big take away was her referring to the word abuse, and the suggestion that in our culture we usually only refer to abuse as violent physical or sexual actions. However the suggestion is that codependence is when you take any actions or behaviours that are intended to condition the other human to behave in a way you want them to behave, as opposed to how they want to behave in order to be the best versions of themselves.

            This is likely easiest to think of your parents — how many of their actions are conditioning you to be like them and how they want(ed) you to be, vs supporting you in your endeavours, no matter how polarized these desires are from their own beliefs.

            My challenge to you, is for the next week whenever you interact with another human, consider how much of your behaviour is selfless actions to support them, vs codependent behaviours.

            • cqwww 11:33 am on March 6, 2018 Permalink | Reply  

              Phone scammers pretending to be CRA 

              In Canada, there is a popular phone scam where the caller will pretend to be the Customs and Revenue Agency (CRA — Canada’s version of the IRS). A few things to remember:

              1. All phone numbers can be spoofed now. Don’t trust the caller ID.
              2. With tools like lyrebird, you can’t trust the voice on the end of a phone call any longer.
              3. CRA uses registered mail, not phone or email.

              The government of Canada set setup a page with the warning signs, and how to protect yourself, which also has a list of numbers you can call if you’re a victim. Also note there is a Canadian do not call list you likely want to get yourself on, as if you’re on this list, you have another organization you can complain to about these harassing calls. If you did receive a call that violated the Unsolicited telemarketing rules, here is the complaint form.

              • cqwww 6:19 pm on February 16, 2018 Permalink | Reply  

                What do you practice? 

                A great reminder from Prem Rawat via young Ali Sherazi.

                On top of critically thinking about which mental states we regularly practice, I have a pragmatic skill improvement personal story as well that hopefully inspires.

                Myself, I have Go and Sudoku games on my smart phone. When I have a few minutes free, I play them. On Go, I level up when I beat a level, so over time I’ve managed to now play on the hardest level. For sudoku, I no longer with an eraser enabled, I only enter numbers I’ve sure of — and I’ve made it to the second highest level in my app. I was terrible when I started both of these, but only after years of playing them, have a become better. Once I get to the top level on Sudoku, I plan on installing cognitive enhancement game, dual n back.

                • cqwww 11:15 pm on February 14, 2018 Permalink | Reply  

                  Free credit score and reports for Canadians 

                  I just came across this free credit score and report service, called They appear to respect your privacy (other than running several privacy bug trackers on their website), and make their revenue through referrals like loans and credit cards. Note, BorrowWell only uses Equifax, so read on to make a TransUnion manual request as well.

                  I recommend at a minimum of an annual credit check, as this is how many people find out they’ve been victims of identify theft — make sure all of the items listed in your report are credit items you’ve requested. By law, credit reporting agencies have to provide you with a free annual report, but charge you for an online account, so you can manually request your credit score if you don’t trust borrowwell and don’t want to pay Equifax/Transunion.

                  Once a year print of these documents: Equifax free report request form [PDF] and TransUnion free report request form [PDF]. Note that these two organizations are not synchronized, and in my experience you have issues reporting on one of them, or not the other, so make sure you’re checking both!

                  • cqwww 12:14 pm on January 15, 2018 Permalink | Reply  

                    Neurotic Neurons: An Interactive explanation

                    • cqwww 1:07 am on January 15, 2018 Permalink | Reply  

                      Today’s cryptocurrencies worth paying attention to (and the ones worth avoiding) 

                      I’m often asked which cryptocurrencies one should invest in, and I should state this is absolutely not financial advice. Do your own due diligence, not just for investing, but everything in life. That being said, the top practical dcoins for me right now:

                      • Stellar (XLM), in terms of platform
                      • Monero (XMR), in terms of  a usable, privacy-centric cryptocurrency that works right now
                      • and of course Bitcoin (BTC), in terms of a heavily volatile store of value, which you need to acquire most other cryptocurrencies. Its temporary time and cost issues appear to be soon resolved with

                      Notable mentions to Request Network and Quantstamp, whom both have been accepted into tech accelerator extraordinaire, ycombinator. Most tech startups that go through YC effectively become millionaires just by being accepted.

                      My thoughts on the biggest sh*tcoins, which are only still only alive due to hypecycle:

                      • Tron (TRX)
                      • Verge (XVG)
                      • Tether (USDT)

                      and notable mention to Ripple (XRP) whom are still some how convincing people to invest in them.

                      If you’re playing in the day trading space, that’s solely based on hype cycle, but the top ones I mentioned are based on technology that I feel can sustain the others and so I’m watching them medium/long term. With over 1,000 cryptocurrencies, I have many thoughts on many others, but I figure a top 3 technology wise and a bottom of the barrel 3 technology and integrity wise was worth an article so I can just point people here instead of repeating the same thing.

                      compose new post
                      next post/next comment
                      previous post/previous comment
                      show/hide comments
                      go to top
                      go to login
                      show/hide help
                      shift + esc