Recent Updates Page 4 Toggle Comment Threads | Keyboard Shortcuts

  • cqwww 8:02 pm on September 27, 2018 Permalink | Reply  

    QubesOS on an Intel NUC 

    I recently installed QubesOS 4.0 on an Intel NUC (model: nuc7i5bnh). It works fine, with one caveat. After you reboot the first time, everything just works. However, after first use & dom0/template upgrades, I attempted a reboot and realized EFI boot was not working. In order to resolve this, you manually will have to follow the steps at Boot device not recognized after installing. Note, every kernel or Xen update you do afterwards, you will manually have to go through this process again if you want your OS to boot without manual intervention.

    For those who don’t identify as a techy, QubesOS is one of the more secure operating systems out there, one of two I recommend — the other being OpenBSD. Neither of these is easy to use. If you want to eventually get there, I recommend you try something like debian or Ubuntu in the interim, as they are a lot easier to learn yet have a slight learning curve. All of these operating systems replace osx or windows, and are fully free forever, and open source. If you feel like going down a rabbit hole regarding operating systems, check out which follows all of the open source operating systems.

    • cqwww 5:58 pm on September 27, 2018 Permalink | Reply  

      Why don’t more women speak up? 

      I managed to miss most of the Kavanaugh and Dr. Ford hearing today, but caught the end of it. I knew going into it that not much would likely sway in public opinion — you either hate change and want to maintain your Christian values, or you believe women by default and want them to have a voice.

      One of the common arguments coming from the Christian/Conservative perspective is a misunderstanding of why women don’t report issues. As this case will likely also result in how abortions will be in the US legally moving forward, this is a highly political case that also strikes to the faith of Christians and Conservatives across the USA.

      Frustrated by the outcome, I decided to go and grab a late lunch after the hearing. As I came out with my take-out foot, there was a man, clearly high, bent over and banging metal sticks on the ground. A women who was in front of me, clearly in a hurry, didn’t walk the long way around, but cut between him and a wall where there was about a 10′ gap. As he heard her walk by, he turned, startled, showing evidence of his drug use as he started to pursue her with sticks raised, yelling every terrible profanity one can call a woman. She didn’t turn back, but kept walking, as to avoid confrontation which she clearly didn’t want in the first place. He then spit as hard as he could to the back of her, yelling more profanities and daring her to turn around. As he raised his sticks towards her again as if to either scare her he was going to hit her, or actually hit her, I made a loud enough noise as to distract him, and it worked. He chose me as his new target. I stood still and faced him for a second hoping a calm eye might work, but it did not. He charged at me with sticks raised.

      I decided reluctantly to call the police as he was clearly ready to threaten every passer by in a heavy pedestrian traffic area. Eventually the police came. Who knows what was said between he and the police officer, but of course he was told to move on, likely to go threaten, or worse, elsewhere.

      As I was in my elevator a woman who was in with me said “Thanks! I had to avoid him when I was going out earlier”, which means she also must have witnessed me on the phone with the police, but more relevant, he had been threatening people for some time, who knows how many.

      It was then that it hit home yet again. How many women were impacted by the threats of this man? I would challenge any man who witnessed this man threaten these women, “But why didn’t they do something or say something?” not dissimilar to the Dr. Ford issue in international news today in that no women impacted by this man today were willing to speak out.

      Why not? It takes extreme courage, due to the unknown threat and risk of legally charging an attacker. It takes privilege, in that the repercussions of taking action are not seen as likely to affect your health, safety, and livelihood, and third, it takes the time & energy to think doing so will have any satisfactory repercussions.

      • cqwww 8:37 am on September 25, 2018 Permalink | Reply
        Tags: buddhism, finding purpose, purpose,   

        Finding Purpose 

        Yesterday I had the pleasure of catching up with my friend Kerry, a Tibetan Buddhist Nun. This was an impromptu video where I pressed record, asked for a one minute introduction, and the conversation naturally turned to buddhism, staying true to one’s religion, selflessness, and finding purpose.

        Have you found your purpose, or are you still seeking it? Other than a lot of reading, what actions do you recommend?

        • cqwww 12:27 pm on September 21, 2018 Permalink | Reply  

          Facebook Debates 

          For those who think they’re good at debating, I challenge you to sign up for my 24 hour debate challenge. If you agree, I will partner you with someone else who is willing to debate. I will privately let you know of your position in the debate over the next 24 hours, and it’s likely I will pick something you oppose.

          The rules for debaters:
          Avoid personal or ad hominem attacks, stick to refuting the central point of the argument.
          Try to avoid logical fallacies
          The debate will last 24 hours from when I start the thread.

          The rules for others:
          Please don’t comment on the thread, if you like a comment, “like it”.
          Whichever comment gets the most likes within 24 hours, that person wins the debate.

          Remember: This person doesn’t likely believe their stance, I’ve told them what their stance is for this debate.

          Debate 1: Overpopulation
          Debate 2: Socialism

          • cqwww 11:29 pm on September 12, 2018 Permalink | Reply
            Tags: #hiring, #HR, #jobs   

            What’s your best advice for someone about to go on a hiring spree?

            (no recruiters mentioning their firms please — I don’t intend on using recruiters currently. If you’re not in that industry, I’m interested in hearing the benefits of using recruiters (in general) based on experience. I’ll put a call out for recommendations of recruiters if I change my mind.)

            • cqwww 5:26 pm on August 22, 2018 Permalink | Reply  

              Slutshaming: A life ruined and a path to sex work 

              I was recently asked to do a talk on privacy & security for the local sex work industry. I asked what they were interested in, and it was mostly centered around doxxing, and how to avoid it. At the end of the talk, I gave out my business cards and suggested people reach out if they have any specific questions. One young woman told me what I feel is a tragic story, and I hope sharing it we can come up with a solution.

              As the story was told to me, this young woman lived in another city in Canada, and was working an office job as an admin assistant. She had an older co-worker who really didn’t like her, and started making unprofessional comments, such as that our victim, let’s call her Jo, couldn’t possibly afford the designer handbag she wore to work. Jo said to her co-worker it was none of her business, but if she must know, her handbags meant a lot to her, and that’s what she choose to save her money up to buy. The harassment continued. One day, the harasser “accidentally” sent an interoffice email with a link to a article which was slut shaming Jo, using pictures from Jo’s instagram (nothing nude, one pic was in a gym working out, I’ve seen the article). But it also made several allegations about Jo, including her full name, and the city in which she lived.

              Jo was furious, and called the police, who allegedly told her there was nothing they could do, as it was a cybercrime. A couple days later, Jo was called into the office, not the harasser, and was let go from her employer. Not sure what to do, she tried to apply for other jobs for over a year, but any web search by future employers would being up this article making allegations as to promiscuous behaviour. After over a year of trying to find a job she felt defeated and moved here to Vancouver, in the process legally changing her name so she could move on. The issue now, was she has no employment history with this new name, and so for over a year couldn’t find work here — and in a desperate state for income, has recently entered into the sex work industry for lack of other options.

              She told this to me with an almost void emotion, stating that it’d taken her 2 years to get over that article which was still there, but she was grateful for me just listening. I told her I would look into it, and see what I could do.

              I’ve provided her three solutions thus far, hopefully helpful for anyone reading this who may have had their life ruined by or another slutshaming website.

              1. File a DMCA complaint:
                I would create a new email address just for this, in case they try to
                shame you with it — but if they did, the lawyers in the next step
                would have even more recourse. I think this is likely your cheapest and
                fastest to try to get started
              2. A followup, or separate option is to reach out to a lawyer like this and ask
                them what they charge to have your article removed:
              3. As this happened in Canada, file a privacy related complaint against
                If it happened in BC:
                If it happened in AB:
                If it happened in other provinces (other than QC):
                The advantage of going down this route, is it could set a
                precedent to get the slutshaming website itself blocked provincially or federally, not just your article removed, so it would fix
                the issue systematically, and for others. The privacy commissioners may also choose to investigate who was responsible for posting it.

              I’m writing this with the hopes that as these paths are tried, one of them will be found successful, or someone who has had success will list it here as a comment for others. The other intention is to raise awareness for anyone interested in going after this website systematically, as having just heard one silent story, it makes me wonder how many other lives have been ruined.

              • cqwww 12:30 pm on August 7, 2018 Permalink | Reply  

                Working to improve discourse online 

                There is a lot of talk about how we can improve discourse online, as well as solve online hate. I first had the opportunity to speak on this at RightsCon in Brussels in 2017, representing Canada.  

                It’s a complicated topic, and no easy or obvious solutions, but the good news is that there are a lot of people researching the topic, and a few of us actively working on solutions. 

                I’ve had my idea for a couple years, and finally hired a group of students at BCIT to build out a first draft of my idea, which I’ve called Debate Pyramid.

                The idea for this project stems from an article written by Paul Graham in 2008 called How to Disagree . A few years later, I saw that someone made that into an image: 

                debate pyramid

                It was based on this image that I realized we could likely select most Tweets, or Facebook comments, that are in a debate, based on one of these levels. Then, over time, you could choose to filter out levels — for example, I’ve chosen to block anyone who has scored over 100 votes of using Ad Hominem or Name-Calling attacks in a debate. I don’t need to use up my mental real estate reading this. 

                I’d love your feedback if you give it a try. It currently works for both Google Chrome and Mozilla Firefox browsers, and you can vote on any comments or tweets on Facebook or Twitter with it.  

                This year while at RightsCon 2018, I met an ally named Shane Greenup who has been working on these issues longer than me.  If you’re interested in this topic, you may also want to try out rbutr which is also a browser plugin. 

                What rbutr does is tell you when the webpage you are viewing has been disputed, rebutted or contradicted elsewhere on the internet. From there, you can easily click to read the rebuttals, which are prioritized in a crowd sourced way. I’m sure he’d love any feedback you have if you give it a try, as he’s genuinely trying to improve online discourse as well. 

                I have a lot of other ideas as well, as simple one would be a option for social media — so if someone posts an old, debunked article which can easily be found on, they would lose “social points” in debatepyramid, and so you could say, “as soon as someone has posted 10 articles debunked on, I don’t want to read their content anymore” as if someone is doing that — that frequently, clearly their research skills are lacking and it would incentivize them to up their game in this area. I should add, the plugin would automatically post the link as a response to their comment, by everyone using the plugin, so it would add that social pressure as well. 

                Thanks for reading. Let me know if you give DebatePyramid or rbutr a try, and what you’d like to see added or changed with either plugin. Also, if you have any other ideas, please share in the comments below for others interested in this topic area.

                • cqwww 3:25 am on June 15, 2018 Permalink | Reply  

                  Modern cell phone story (privacy related) 

                  As you walk around with your cell phone on, you walk by different cell phone towers, which allow you to make a phone call no matter where you are. Your cell phone is always beaconing out; hey; which tower is closer?

                  Whomever responds first, wins.
                  Sometimes it’s an IMSI catcher, a hacker, or a government agent, or sometimes it’s a tower owned by your phone company that responds to your cell phone that it’s clear for you to make a call — but they’re all motivated to make sure your cell phone stays with you, and that the GPS stays on, and your unique phone identifies you (MAC address, Bluetooth (LTE), IMSI number, and the same phone number) as that information is worth a lot. They’ve all turned off encryption, it’s virtually non-existent for cell phone networks. This allows them to do man-in-the-middle (MITM) attacks where they just listen in the middle and allow your phone call to carry on. It can be recorded and shared, forever.
                  Which tower is your cell phone connected to right now? Is that even a legit cell phone tower you’re connected to right now, or your neighbors briefcase? Who owns that device your cell phone is connected to?

                  There is nothing to be trusted about cell phone networks in 2018. The only two tools the public can use are and for secure communication, and they require a data connection. It will take at least a year from now for your cell phone provider to fix this issue, so that you know if you’re connected to them, or your nephew’s PAL receiver. This info is years old, so it’s unlikely to get fixed any time soon. Enjoy the radiation beside your genitals as your cell phone spends its time trying to find something to connect to and share its information with, at least there’s a comfortable warmth.

                  IMSi-Catcher (Wikipedia)

                  • cqwww 11:55 am on June 11, 2018 Permalink | Reply
                    Tags: anti money laundering, anti terrorist financing, security token, utility token   

                    New Canadian rules around AML/ATF and offering of tokens 

                    It’s a big week for Canadians whom work in cryptocurrency. First, the Department of Finance released an impact analysis statement around the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

                    Canada Gazette, Part I, Volume 152, Number 23: Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2018

                    Most notably the proposal:

                    • Persons and entities that are “dealing in virtual currency” would be financial entities or other entities deemed domestic or foreign MSBs, as the case may be. These “dealing in” activities include virtual currency exchange services and value transfer services. As required of all MSBs, persons and entities dealing in virtual currencies would need to implement a full compliance program and register with FINTRAC. In addition, all reporting entities that receive $10,000 or more in virtual currency (e.g. deposits, any form of payment) would have record-keeping and reporting obligations.

                    These amendments serve to mitigate the money laundering and terrorist activity financing vulnerabilities of virtual currency in a way that is consistent with the existing legal framework, while not unduly hindering innovation. For this reason, the amendments are targeted at persons or entities engaged in the business of dealing in virtual currencies, and not virtual currencies themselves.

                    and a couple of days later, the Canadian Securities Administrators sent out a notice on Securities Law Implications for Offerings of Tokens.

                    CSA Staff Notice 46-308 Securities Law Implications for Offerings of Tokens [PDF]

                    Most notable it provides guidance on when an offering of tokens may or may not involve an offering of securities, and has many examples. They also recommend you work with qualified securities legal counsel as well as the regulatory bodies themselves.

                    • cqwww 12:05 pm on May 9, 2018 Permalink | Reply  

                      If you insist on having pop-ups on your website, wait until your visitors are hooked 

                      We’ve all been to a website where you get a pop-up right away, asking for a conversion, for example to sign up for their newsletter. What website owners don’t usually measure is the negative impacts of such activity — if you’re only measuring the signups, and not the exits, it looks like success. Consider instead the more normal socialized model of marketing, which is to ensure that people are having a good experience before you ask. “jab jab right-hook” as GaryVee would say.
                      Even at the end of reading my first article on a given website, if I get a popup, I’m likely to block the website from working in my browser in the future. The first few times someone comes to your website, should be a positive experience, and the website visitor should find what they’re looking for without being interrupted. It’s quite easy, technology wise, to detect when a user is back.
                      If it’s my 5th time on your website, you know I’m hooked. At the end of an article and when I’m about to leave, not interrupting my access, would be a good time to facilitate the ask. Even then, I would consider if a popup is the best way to make that ask. If you don’t have the confidence you can attract someone to your website without a pop-up for at least 5 visits and they have a good experience being able to consume your content, consider resolving that first. This blog gets anywhere from 10k-100k hits per day now, more than many local news outlets, and I have no popups, or any experiences that will interrupt you. Build traffic with good content, and throw out an ask once in a while, to your repeat visitors.

                      • cqwww 1:07 am on April 17, 2018 Permalink | Reply  

                        I’m looking for smart phone recommendations 

                        I’m not a fan of planned obsolescence, so I want a phone that will last. I currently have a Nexus 5, which is ~5 years old. Why I still like it: There are a lot of hardened kernels and tools for it due to its popularity; why I don’t like it: battery life and trustability of the Google Play Store (2/10) and general privacy of the Google ecosystem. There is f-droid as a replacement app store for Android, but it has limited options and a different set of issues.

                        One of the biggest challenges today is trusting the hardware, and operating systems, in terms of threat model. This is a hard problem, that is not easily solvable. It involves pressure from nation states to backdoor the phones. In Asia, this is more likely a hardware concern, in the United States, the pressure that can come to an operating system vendor with a national security letter under the US PATRIOT Act. In Canada, our trusted Blackberry (RIM) was found to have provided the RCMP the private key for over 6 years.

                        As a result, I think we should be looking to support open hardware platforms. This should solve the planned obsolescence issue, and some of the security issues.
                        For example, I had the Neo Freerunner from OpenMoko, which was great philosophically but never really practical. For the hobbyist, there’s the PiPhone and ZeroPhone, but they need even more work to be practical.

                        There’s the Samsung Z4, although it has hardware and operating system concerns; but the most exciting phone in the near future is the Librem-5 from This phone has hardware toggles to turn off the microphone and camera when not in use, as well as Wifi/Bluetooth, and baseband. Amazing.

                        Not as open source, but a balance between ethics and solving planned obsolescence, and DIY, also check out the Fairphone 2.

                        So my requirements in order:

                        • Privacy & Security-centric
                        • Will last longer than most smart phones
                        • Ethical hardware
                        • Open hardware/Open Software

                        I’d love your thoughts on anything I’m missing in the comments.

                        • Jason 4:41 am on April 17, 2018 Permalink | Reply

                          It’s not available yet, the site says that phones and a ROM will be available in 2018 but have you looked into

                      • cqwww 11:00 pm on April 10, 2018 Permalink | Reply  

                        New Tech: IPFS 

                        IPFS is a distributed, peer-to-peer (p2p) hypermedia protocol.

                        It’s not just theoretical, you can use it now. There’s a lot to be said about the benefits. Consider for example you’re downloading an image or a video, the speed at which that transfer happens, depends on that single connection. With p2p, you’re connecting to many nodes, making the process a lot faster. Also note that every file, and ever block in every file gets a cryptographic hash. This not only means that IPFS keeps track of every version of every file, this feature allows allows it to block duplication! So instead of 1000 copies of the same movie in the cloud, as soon as one person uploads the movie, everyone is splitting that same single copy. The other big feature, of every file with every version, is unlike the web we know today, no web pages or files get lost or forgotten! This should make the archivist in all of us squeal with glee.

                        Note, this is fully working, but alpha software. Also, this is intermediate level to use, meaning you should be comfortable in a terminal, and know how to untar a tarball. If this last sentence doesn’t make sense to you, IPFS is not for you. Perhaps instead, learn how to use the terminal. For those ready to dive in:

                        Are you ready to give it a try? Install it now.

                        Not sold yet? Spend some time going through their documentation.

                        compose new post
                        next post/next comment
                        previous post/previous comment
                        show/hide comments
                        go to top
                        go to login
                        show/hide help
                        shift + esc