Recent Updates Page 2 Toggle Comment Threads | Keyboard Shortcuts

  • cqwww 8:24 am on January 8, 2018 Permalink | Reply  

    I generally seek out free, open source software. For video editing, I usually use OpenShot.

    Here’s a list of other options.

    • cqwww 8:46 pm on January 3, 2018 Permalink | Reply  

      Is Bittrex violating Canadian privacy law, and committing theft by withholding my cryptocurrencies? 

      I moved some cryptocurrency into a popular exchange called Bittrex. I did some cryptocurrency trades, and last night decided to take a little out. Now first off, Bittrex has 3 levels of verification; one of them is just an email account, one of them is where they have you verified identity including address (Basic), and the last is the full KYC process (Enhanced). I gave them my full name and address, to complete the basic verification, back when I created the account. As I don’t plan on doing any large transactions, or converting to fiat (USD/CAD) currency, I didn’t bother with their enhanced verification — but also because I’m a foreigner, and I don’t trust them to handle my government issued identification documents, or their ID verification provider, Jumio. Imagine my surprise when attempting to withdrawal my cryptocurrency within their identified limits; my request was denied saying I’ve hit a maximum withdrawal limit. This is impossible I thought, I’ve never withdrawn anything.

      Bittrex Alleged Limit

      Bittrex Alleged Limit

      After a lot of digging around, it turns out that they’re alleging that my Basic Authentication was never completed.

      Bittrex Auth Failed

      Bittrex Auth Failed

      Without any ability to know what the issue is to correct it, or withdrawal my funds, it’s now telling me the only way to get my cryptocurrency out, is to complete their privacy invasive Enhanced verification process.

      Now before I go into details how I think they’re violating Canadian privacy laws, and have stolen my cryptocurrency, I want to mention an important plausible reasons for using KYC which I’ve highlighted before. The reason we have KYC is to prevent money laundering, a reasonable reason to implement — if the transactions are over $10,000 and it’s involving traditional state regulated dollars (fiat).

      In Canada for example, where I live, cryptocurrency is not regulated by the same laws. Only when I transfer my cryptocurrency to fiat currency do KYC laws apply and I would be responsible for disclosing my earnings, according my accountant. And I’m fine with that. But what is important, is I will not be doing that through Bittrex, or any organization on US soil. I have done KYC on an exchange in my country, where I am comfortable with them being custodians of my government issued ID.

      After doing some searching today, it seems that it’s not uncommon for Bittrex to take months to even reply to customers, let alone complete KYC even if they do try.

      Now, in Canada, we have great privacy laws, and businesses must reply to privacy requests within 30 days otherwise myself, as the user, can legally file a privacy complaint against Bittrex. If you’re in the same boat as me, drop me a line and I will help you with the process to file a privacy complaint against Bittrex that they are complying with Canadian privacy laws. The more people whom complain, the faster this will get resolved, and the better we’ll all be.

      If any lawyers or law enforcement are reading this, I would love your feedback on handling the theft by Bittrex of my cryptocurrency. Last night I tried to take out my cryptocurrency assets that I have before drop to a loss, and Bittrex is not allowing me to take out my funds.

      Bittrex allows 0 withdrawals of cryptocurrency, of the cryptocurrency deposited into their system, and that’s obviously just not right. If they don’t allow withdrawals, they should not be taking deposits in the first place.


    • cqwww 2:51 am on December 30, 2017 Permalink | Reply
      Tags: trading pairs   

      Trading Pairs 

      As I touched on in the last article, a trading pair is what you want to trade to and from. For example, at a traditional exchange at the airport, when I fly to Europe, I may ask them if they have the CAD/EURO trading pair. I want to buy (trade) Euros for Canadian dollars. A CAD/EURO trading pair will not only be different from USD/EURO because CAD and USD are different currencies from different countries, the pair exchange rate really matters. Some days it’s better to buy bitcoin with CAD, sometimes it’s better to buy with USD, or even a cryptocurrency like ETH(ereum).

      Let’s take a look at QuadrigaCX’s trade page as an example. It’s worth noting they call Bitcoin XBT instead of BTC. The default page shows the top 10 orders up for XBT/CAD in terms of what someone is willing to pay in Canadian for a bitcoin, and on the other side of the order book, the top 10 offerings on what someone is willing to sell their bitcoin for Canadian dollars.

      At the top right, you can see a pull down of all of other trading pairs on this exchange, seven at the time of writing this. This exchange currently only trades Canadian & US dollars from fiat currency, and Bitcoin, Ethereum, Litecoin, Bitcoin Cash, and Bitcoin gold in terms of cryptocurrencies. Note that the trading pairs are each effectively their own markets, on their own exchange. This means that XBT/CAD could be widely different then XBT/USD and not just the difference between USD & CAD at that time. One of them will always be worth a little more.

      There’s also usually a large arbitrage opportunity between exchanges. In the last month, it’s not been unheard of to have XBT/USD on QuadrigaCX and BTC/USD on OKCoin have a price difference per bitcoin at over $1,000 USD!

      OK, now that we get the value of trading pairs, let’s jump over to everyone’s favourite startpage, which lists all of the popular cryptocurrencies by market capitalization. The first thing I recommend is looking at the coloumns that are available by default. I recommend you instead click on the number after Cryptocurrencies: in the top left. This will add all/views/all to the end of the URL, bookmark this page. I often get asked, where/how to do I buy $SOME_COIN, whichever coin they’ve just heard about, and the intent of this post is to resolve that. Simply find the coin on, and then click on the name of that cryptocurrency. Once you’re on the page for the cryptocurrency you’re interested in, click on the Markets tab. Let’s say I’m interested in buying Ethereum today, I click on Ethereum, then the markets tab, and I end up on the Ethereum markets tab. You can see, by default it lists all of the markets that have that currency as one side of the trading pair. Note that USD is different than USDT, avoid USDT as of reading this! So if I don’t have any cryptocurrency yet, I’m going to be looking for ETH/USD or ETH/CAD pairs. If you’re trying to buy a new cryptocurrency and it doesn’t have a USD or CAD trading pair, it likely has at least a BTC trading pair, so go to the Bitcoin/#markets tab, find a BTC/CAD or BTC/USD pair, acquire BTC, and then go back to the Ethereum/#markets tab and find a ETH/BTC pairing exchange to trade there.

      The last technical thing I’ll leave you with on the markets tab for any currency is to click on the price header, so that it sorts by price instead of trading volume. If you do this on the Bitcoin/#markets tab, it’s not unheard of to see +$5,000 gaps between trading pairs. Note, I don’t usually trust any price that has less than 6 figures worth of trading volume (If I was an unscrupulous exchange I could say I bought a couple bitcoin for 20% more than elsewhere, so people to move to my exchange). Also note that today bitcoin has a long delay transfer time, so BCH/LTC/ETH are a lot more fun if you’re experimenting with arbitrage of trading pairs.

      If you are getting into trading, you should speak with your accountant, as in Canada it doesn’t appear to clear yet how many trades constitutes you doing it professionally vs for fun, in which case it has different tax implications.

      • cqwww 5:00 pm on December 28, 2017 Permalink | Reply
        Tags: AML, , , KYC, XBT   

        How to acquire Bitcoin/cryptocurrencies, and understand KYC and AML 

        Two things that we all should know are

        1. Know Your Customer (KYC)
        2. Anti-Money Laundering (AML)

        Let’s start with KYC. This is the term government regulators use to know the identify of people they’re dealing with, this is most commonly used by financial institutions and money service businesses. kycmap has a list of businesses in Canada that this applies to. When you created your bank account, you had to show your government issued id to the bank teller. This also applies to most of the online exchanges. Before you deposit fiat currency (dollars) to buy bitcoin, you need to give them your government issued id. For most exchanges, this means taking a picture of you with your passport and waiting for a human at the exchange to verify it. Note, this typically takes around 3 business days. So if you’re considering getting into bitcoin or cryptocurrency, you should start the account creation process with your exchange of choice, and beginning the KYC process.

        Now let’s jump into AML. In Canada, we have FINTRAC, in the U.S.A there is FINCEN. I won’t cover anything more than than the popular thing to be aware of, which is that large transactions through KYC regulated reporting entities need to be provided to your regulator to ensure the customer and transaction are above board. It is because of AML compliance that your KYC must be completed with an exchange before you can do a 5 figure transaction or higher.

        OK. Now you want to pick an exchange and start KYC. Which exchange will you use? Here’s a great list, sorted by volume. You may also chose an exchange by location (QuadrigaCX is here in Vancouver/Canada) or trading pairs (Bittrex handles over 200 cryptocurrencies, not just Bitcoin). Once you have bitcoin, you can transfer it to any other exchange, and trade it for any of the other cryptocurrencies, but generally you need bitcoin to start. For future reference, this is a trading pair. So if I have money and I want IOTA, I likely need to find an exchange with a USD/BTC trading pair, so my US dollars can be exchanged for bitcoin. Then I would transfer my bitcoin (BTC) to an exchange with a BTC/IOTA trading pair, and do that exchange there.

        If you’re reading this with the intent on getting into trading, you’ll likely have accounts on several different exchanges, so start the KYC now on several of them with many trading pairs and in different jurisdictions. I’m two weeks into going through KYC with one exchange as of writing this, for example. They weren’t happy with my utility bill scan for example, so I have to send another.

        Outside of the traditional exchanges, if you’re starting small, and want to skip the long and arduous process of KYC/AML you could also try the craigslist equivalent of cryptocurrency purchasing which is by going to and completing the transaction there, finding a local bitcoin ATM (often with 8% of higher transaction fees for the convenience!), or finding your local cryptocurrency/decentralization community hub. If you’re in Vancouver, that is D-CTRL, get your butt there.

        There’s a lot more to learn, but these are the ways that you can acquire bitcoin. Let me know if you have any questions!


        • cqwww 9:12 am on October 12, 2017 Permalink | Reply  

          Debugging internet issues 

          If you’re on osx, if you have something like, install mtr.

          Once you have mtr installed, you can test your internet connection with any computer on the network, or internet. For example “mtr” will show all of the computers between your computer, and Google’s webservers. Not only does it show you the internet address of all of these computers, as long as you’re running mtr you will see how long it takes a packet of data to transit this route.

          Most notably on the right hand column, you want to see 0% packet loss. Under the ping section you want to see under 100ms, or 1/10th of a second latency, especially if you want to do something like Skype/video chat.

          If the first “hop” is the problem, it’s likely something in your house. If it’s the second or third, or shares the same domain name as your ISP that is showing packet loss or over 1000ms (1 second) in latency, it might be worth a call to your ISP and see if they can fix it.

          You can get more detailed tutotials from DigitalOcean and Linode.

          You might also want to try something like Speedtest for an online bandwidth test.



          • cqwww 8:55 am on October 12, 2017 Permalink | Reply  

            first steps on osx after security — install brew 

            If it’s your first time on osx, or just setting up a new machine, or doing a re-install, there are a few things I install by default. Before you start the software installing, you should think about security first… configuring your firewall and encrypted partition(s). As for the software:

            The first thing I do is point my browser to and install it. Go to Applications -> Utilities -> Terminal and paste:
            ruby -e "$(curl -fsSL"
            Once that is done:
            $ brew doctor
            and make sure there are no errors. If you see any errors, search for them online and fix them. After that I install:

            Most of these can be installed in terminal from the command line. For example, if I want to see if Sublime Text is there:
            $ brew search sublime
            $ brew install Caskroom/cask/sublime-text

            and it should install. This is a lot easier than searching online, downloading, and installing each.

            Every week or two, you should run the following to keep things updated:
            $ brew update && brew upgrade && brew cleanup && brew cask cleanup && brew doctor

            • cqwww 12:44 pm on September 16, 2017 Permalink | Reply  

              Most of the best InfoSec professionals I know don’t have a related degree 


              Susan M CSO Equifax

              Susan M — CSO of Equifax has only a music degree

              There have been several people and media outlets commenting that the CISO of Equifax has a music degree. 

              Infosec is an industry that in my experience is led mostly by smart people who are obsessed with infosec, are self-taught, and transitioned to experience.
              I’m personally self-taught. I was given the title of global security expert by Canada’s biggest company, and privacy expert & international trainer for the International Association of Privacy Professionals (IAPP).
              I have no degrees. Although I did get my reverend certificate one late night on the internet 😀
              On a slightly more serious note, I remember a first meeting a technical mentor, Marcus, when he mentioned that if I like infosec so passionately, I likely also enjoy amateur (ham) radio, photography, model rocketry, lock picking etc. People in InfoSec often have deep and creative hobbies, and many of them. So having a passion for music also makes a lot of sense, and does not devalue the individual’s competence in terms of information security capabilities, as least on its own.

              Equifax surely made some epic mistakes, which should actually impact credit reporting moving forward as industry fraud level is too high now to trust any of the data points used by Equifax. But let’s not make it unnecessarily personal when the individuals degree doesn’t have any relevance.

              More of my thoughts on Equifax as posted on Twitter

              • cqwww 11:08 am on September 11, 2017 Permalink | Reply  

                I met a nice young woman on the week-end. In the first few minutes of meeting she told me she had a really high IQ, while ordering a Caffè Americano. She mentioned she had a late night drinking (alcohol) the night before, as she ordered in her second Americano. Then she told me how much she was against anyone who does any type of drugs.

                • cqwww 6:03 pm on September 8, 2017 Permalink | Reply  

                  Is reading the bible hate speech in Canada? 

                  My friend Steve, an advocate for free speech in the U.S, and I were discussing hate speech, where I highlighted that most progressive countries have hate speech laws now, including defined hate speech laws in Canada.
                  From Wikipedia,

                  Section 318 prescribes imprisonment for a term not exceeding five years for anyone who advocates genocide. The Code defines genocide as the destruction of an “identifiable group.” The Code defines an “identifiable group” as “any section of the public distinguished by colour, race, religion, ethnic origin or sexual orientation.”

                  Section 319 prescribes penalties from a fine to imprisonment for a term not exceeding two years for anyone who, by communicating statements in any public place, incites hatred against any identifiable group where such incitement is likely to lead to a breach of the peace.

                  Steve then asked,

                  Would reading the old testament where genocide is advocated by the deity and portraying this as ethical (particularly to children) count?

                  I started to think about genocide in the bible (wow, there’s more than I recall) including children, and started with a re-read of Deuteronomy 22:13-21 which ends with

                   If, however, the charge is true and no proof of the young woman’s virginity can be found, 21 she shall be brought to the door of her father’s house and there the men of her town shall stone her to death. She has done an outrageous thing in Israel by being promiscuous while still in her father’s house. You must purge the evil from among you.

                  If there’s no evidence a woman being married is a virgin, she is evil and should be stoned to death sounds like a recommendation for genocide to me. So that has me wondering if Steve has a point; I’m pretty sure that that being a sexually active single woman is sexual orientation (as defined in section 318 above) and this appears to advocate for the genocide of any such human who attempts to marry — would reading sections of the bible (or Quran) aloud like this one classify as hate speech?


                  • cqwww 10:59 pm on August 29, 2017 Permalink | Reply
                    Tags: email, inbox 0, optimization   

                    I managed to delete +100 emails tonight just by scrolling down to year old emails. What’s your best tip for heading to Inbox 0? From minimal research, it seems like the best solution for handling email is turn off all notification on mobile and desktop, and only check it certain times a day, for a certain period of time. i.e. 3 x 20 minutes/day. What works best for you?

                    • cqwww 10:34 pm on August 29, 2017 Permalink | Reply  

                      What are your thoughts on the 0x project? (

                      • cqwww 5:22 pm on August 29, 2017 Permalink | Reply  

                        Let’s start collecting data on Canada’s oligarchies 

                        Last night at an ideas Vancouver meeting, Steven and I had an idea on how we could start collecting the data on what interactions are like with Canada’s oligarchies. We’re thinking initially ISPs, cell phone companies, and airlines.

                        Imagine you sign up for this oligarchy data collection website, and you agree it can record your transactions. The system would be setup with with something like Twilio to proxy and record the phone calls, and an email proxy to intercept email conversations, initially.

                        In a short order, the website could start to show statistics, like how long we really wait on hold for each of these services. In longer order, when you want to do something, like renew your cell phone plan, the website would know which services other customers have been offered, and how they got their in the phone tree. This service could streamline that for you, so you could click a link, “Renew Telus mobile” and it would dial the number, and enter all of the necessary numbers with pauses to get you to a person/renewal the fastest.
                        You could also click in app if you think something was a lie or falsehood, and it could now be referenced.

                        It’s not a technical problem to create this website, it just needs the financing to get off the ground. Maybe this is something that GenSqueeze or OpenMedia might be interested in, or we could crowdsource it and see what happens?

                        What else could we do with such a website? Would you be interested in participating?

                        compose new post
                        next post/next comment
                        previous post/previous comment
                        show/hide comments
                        go to top
                        go to login
                        show/hide help
                        shift + esc