Another redesign

Switched themes again, this time so that the site would have a responsive theme. The theme is a default WordPress theme, ‘Twenty-Fifteen’ by Automattic. It’s got a large default font, is clean and responsive… I’m not looking for much in a theme, and this one ticks off all the boxes, for now.

Also, hope to have some more posts up soon. I’ve got a few projects in the works, namely, my consulting site, nathanmarley.com and some book ideas that I need to flesh out. Also working on a Northwest Arkansas local cleaning service business that I’m running with my wife, Maid in NWA.

So hopefully, this blog will see some changes soon, as well as a lot of new and interesting content.

Principles

Gandhian Principles in Kannada
Gandhian Principles in Kannada

Today I was talking with a vegan friend (I’m vegan as well) who mentioned that she had received a casual offer of work at a food truck. She said that she was considering doing it, because it would mean some extra income and she is tired of doing what she is now.

I asked her if the food truck served meat products, and she said that yeah, it does.

This struck me as very odd.

For the non-vegan people out there, let me explain: a statement like that from a vegan is kind of a big deal.

The vegan lifestyle is characterized by refusing all animal products or by-products, up to and including all meat, fish, eggs, milk, cheese… anything that comes from an animal (even honey).

So I was a bit stunned that my vegan friend had so casually mentioned that she was considering working at a food truck which serves meat.

For me personally, as an ethical vegan, I could never support any business which explicitly supported the harm or exploitation of animals for any reason, especially one that requires killing them (obviously meat requires the death of the animal supplying it).

I automatically correlated her vegan-ness with the standard vegan principles. Having strong principles is so important to me, that someone claiming to be something, then nonchalantly considering violating the principles of that something just for a bit of quick cash really confused me.

Maybe she doesn’t have principles, or consider them when making decisions.

It occurred to me then just how important it is to have a defined set of principles, and to stand solidly on them, even be willing to stake your life on them, because if not, then it’s just too easy to be blown whatever direction the wind takes you at the time.

In Principles, Ray Dalio defines them thusly:

1) What are principles?

Your values are what you consider important, literally what you “value.” Principles are what allow you to live a life consistent with those values. Principles connect your values to your actions; they are beacons that guide your actions, and help you successfully deal with the laws of reality. It is to your principles that you turn when you face hard choices.

His next statement on why they are important is also apropos to the situation:

2) Why are principles important?

All successful people operate by principles that help them be successful. Without principles, you would be forced to react to circumstances that come at you without considering what you value most and how to make choices to get what you want. This would prevent you from making the most of your life. …

It’s possible that my friend hadn’t considered operating by principles at all — that she was just reacting to the circumstance … without considering what she (maybe?) values most. Or it’s possible that I’m just wrong — and she values money, and experience working at a food truck more than animal welfare. I do tend to see things as all-or-nothing, so maybe I should just get used to seeing things along a spectrum instead. Maybe she’s not quite as hardcore along the “vegan hardcority” spectrum. Maybe I just made up that spectrum.

Really I just think it was a good example to write about the importance of having principles and living life by them.


photo by balu

Open Financial eXchange (OFX) is Broken (Online Banking Security is a Joke)

Hacker Rene

Am I the only person in the world who thinks that it’s utterly ludicrous that we have to give our passwords to sites like Mint.com so they can help us keep track of our spending habits? Surely I can’t be the only one. It’s like giving away the keys to the kingdom.

It kind of irks me a little that if I want to use a site like Mint.com to track my spending habits and help me keep my budget in line, I have to give my username and password over to them.

In fact, the way the underlying technology works, Mint.com must keep our passwords stored in their system. Not just a hash, but the passwords themselves, since that’s what they have to use in order to access our bank account info. They are stored encrypted, no doubt, but the have to be decrypted in order to be used (see below).

Mint.com has worker programs, “robots”, if you will, which log in to our bank accounts the same way we do (well, not really, but I’m simplifying for the general public), so they have to be able to authenticate as ‘us’. But the problem is, those username/password combos aren’t read-only. Mint.com may tell you that they have read-only access, but that’s just not true. Anybody who hacks Mint.com’s database, and is able to decrypt those passwords, has full access to the corresponding bank accounts.

The technology which enables this log-in that Mint.com and other financial websites use, is called OFX, which is short for Open Financial Exchange.

The part that requires the username and password for every transaction is described in the OFX ‘security’ page (emphasis mine, and BTW, what a fucking joke):

Authentication enables the recipient of a message to verify the identity of the sender. For example, a financial institution or third party processor authenticates a customer by requiring the use of a password and user ID with each transaction. A customer’s application authenticates a financial institution or third party processor by verifying the institution’s digital certificate.

That technology was developed about 10 years ago. (The website looks about 10 years old too — just take a look.) We’ve evolved since then. Technology has evolved. Why the hell has the banking system not caught up yet? (Hint: it’s not in their best interests to improve the security of your bank account. They would have to pay the cost of securing your account, while not seeing any reward for it.)

This should immediately set off red flags for any information security professional. An obvious way to mitigate this risk is to simply enable customers to generate a read-only API key on the bank end, then give out that read-only API key to any party that they wanted to share their info with, on a read-only basis. This would be true read-only access. But that is something that banks themselves would have to implement, and they’re too busy raping the general public with ridiculous fees for things like debit cards, and simply having a deposit account in the first place.

The Solution

The solution? A successor protocol to OFX which requires banks to implement read-only API key access, and which can be controlled by customers, e.g. by allowing depositors to generate their own unlimited number of API keys, read-only or not (depositor’s choice).

A standard has to first be put in place. It would specify that usernames/passwords are no longer allowed, period. All account access would be via API keys, which would be generated on the bank end, controlled by the clients (depositors), and either read-only, read-write, or other combinations. They could be extensible so as to plan for the future.

Then, make all the banks follow the standard. Fines of $XX,XXX,XXX per day after a X-year grace period which allows all banks ample time to convert from OFX to the new standard, NOFX (New OFX).

Hell, I don’t know. Just something. But please, do something to protect the people, instead of just considering the up-front cost of implementation. (There are hidden costs of not implementing something like what I’ve suggested, but most individuals and businesses won’t see them until it’s too late).

Note: This solution isn’t going to happen. This is just an ideal scenario. The banking system is going to be transformed, but not from the inside, not by anyone who had anything to do with this. Technologies like Bitcoin and other cryptocurrencies and trustless systems are going to render insecure protocols like OFX useless. The funny thing is, it’s because the current system will never change which is the reason why it’s going to be pre-empted and destroyed. The market will find a solution.

Credit

credit cards
Not all credit cards suck.

“Don’t get a credit card, it will just ruin your life.”

I’ve heard that line, or something like it, since I was a teenager. I never was interested in credit cards, probably because of the scary stories I’d heard about them.

It’s probably that way for a lot of people. Either that, or they love the idea of spending money that they don’t even have (yet!) and just rack up so much debt they can literally feel it crushing down on them in later years. (And by literally, I mean figuratively).

I never really had a great understanding of it, but I’m learning a lot more about it these days. Mostly because it’s needed for just about anything you do.

Trying to get an apartment? Gotta pass a credit check (even if you offer to pay the entire lease upfront, in cash).

It’s ridiculous. But it’s how the system works, and when/if you can accept that, then you can start to understand their rules and play by them. Fortunately it’s not too difficult.

This is the American system anyway. I have no idea how it works in other countries.

How to Manage Your Credit Score

1. If you’ve never done this, go to MyFICO.com and purchase the 3-score report. This will pull your credit score info from the 3 major Credit Reporting Bureaus, which are TransUnion, Equifax and Experian.

Go to “reports -> printable” and save the report in PDF format on your computer or the cloud somewhere. Basically, you want to be able to access this months later if needed, and MyFICO doesn’t allow you to access it after one month. What a ridiculous shenanigan.

This will basically tell you everything about your credit history and how to fix and improve your credit score. Read over it thoroughly, because getting your credit in order is time well spent.

2. If you don’t currently have any credit, you: a) won’t be able to get a report from MyFICO, and b) need to work on building a credit score. One way to build a credit score is to get a secured credit card. Which basically means, you’re extending credit to yourself, but choosing to include a bank so that you can build a credit score. I recommend the US Bank Harley Davidson Visa card as a form of building credit if you have none. Just Google it and get started. It will require a minimum of $300 deposit. You can get this back when you cancel your account, and after you’ve built a credit score and opened up a normal (not-secured) credit card.

3. I would recommend ordering a single MyFICO credit report every 6 months, just to make sure you’re on the right track and not doing anything stupid to destroy your credit.

Photo Credit

Ambiance

low-lighting creates a great, cozy coffee house ambiance
low-lighting creates a great, cozy coffee house ambiance

The concept of “ambiance” (or ambience) isn’t very well understood by most Americans today, it seems. Google tells us that ambiance is defined as: the character and atmosphere of a place.

I’ve always stated that there are two main things which make up a place’s ambiance: 1) Lighting, and 2) Music. Art/décor have an effect on the mood of a place as well, but not as much as lighting and music.
A lot of people don’t seem to grasp that, at least in my experience.

For example, I’m currently staying at a friend’s house while he and his family are out of town for a few days. It’s been a great place to get away and just focus on getting things done. But the problem? He has no lamps in his house, at all. Only overhead lights. This totally kills any cozy ambiance that the place could have.

Actually, there is one lamp, but it’s in his 2-year-old’s room. (I turn it on anyway.)

And since it’s just after the winter solstice, the days are short and nights are long, meaning less natural light from the sun.

This is a nice house in a quiet neighborhood, perfect for getting away, and could have a *very* nice atmosphere, but it’s just so… bright. Almost harshly so. The over-bright lights just kill the mood. Ambiance is another way of saying the “mood” of a place.

If you’re trying to create a cozy ambiance at home, low-lit lighting is key (which is to say, dim lamps). Christmas lights and/or rope lights work great as well. Dim lamps along the walls always give a cozy feel to a place, like a pre-industrial revolution English pub. Oh yeah, and candles. Candles are the ultimate tool for creating just the perfect cozy mood/feel.

Of course, “ambiance” could apply to other moods, too. I just happen to like “cozy”. Discos/nightclubs have a different ambience. So do 50’s style diners. It’s all about lighting primarily, and music secondarily.

Just look around whenever you’re indoors. Look at the lighting and notice how it makes you feel. Is there any music playing? If yes, how does that fit in with the general feel & atmosphere of the place?

Restaurants understand this concept. Hotels and lodges have it down. Interior designers obviously understand this, but it seems like the average person doesn’t. But once you start paying attention, it’s hard not to miss.

Photo credit

The Living Light Culinary Arts Institute

Living Light logo

I never thought I’d actually fulfill the dream of going to culinary school, especially after adopting a vegan diet and lifestyle. But fast-forward to now and… here I am! I’m currently attending the Associate Chef and Instructor Training program at the Living Light Culinary Arts Institute in Fort Bragg, California.

It’s only been two weeks, but it’s been an amazing ride thus far. I’ve learned far more than I even thought possible, and still have two weeks left to go (one of which is dedicated to desserts!).

I’m even considering staying on another month to obtain the Raw Gourmet Chef certification and learn even more about recipe development, ethnic flavours, raw fusion, catering and even more about raw pastry arts.

It’s a very fast-paced, intense program which has kept my colleagues and me very busy for most of our entire time here. Yesterday was our first day off in two weeks! But it’s been a good busy-ness, and it should let up a lot after next week. Our group is also getting to know each other pretty well, and new friendships are being formed, which is always a good thing.

But enough talk, let’s get to the pictures!

My team and I made this Living Lasagna this week. Delicious and has the texture of real lasagna!
My team and I made this Living Lasagna this week. Delicious and has the texture of real lasagna!
Lemon tartlet that we made in class. We learned to style them especially for photography.
Lemon tartlet that we made in class. We learned to style them especially for photography.
Raw Dolmas with Zucchini Rice
Raw Dolmas with Zucchini Rice
I made these raw collard wraps at home
I made these raw collard wraps at home

And this one’s not exactly related to Living Light, but it is a part of my time here… my first king boletes ever!

I found my first king boletes  yesterday with some native Fort Braggians!
I found my first king boletes yesterday with some native Fort Braggians!

So that’s a short summary of what I’ve been doing for the past two weeks. It’s been difficult being without my wife, but it’s also the start of a time in my life which I’ll never forget. I’ll try and put up some pictures of my colleagues and I soon, if I can get around to it.

Bitcoin eliminates PCI compliance

I was just reading up on wrapping APIs and just came to another realization regarding Bitcoin. In a payment system using only Bitcoin, there is absolutely no need for PCI compliance. Zero. That’s right:

Bitcoin eliminates PCI compliance.

There’s no private data to store. No customer data exists that a criminal can then steal and rack up charges. Since Bitcoin payments are a push from the customer, instead of a pull from the merchant, there’s no need for any PCI compliance. Customer security is simply “baked in” to the protocol.

Think of how many millions (probably billions) of dollars are spent by large corporations every year, just to be PCI compliant. I know first-hand that the largest company in the world spends (at least) millions on PCI. There are yearly audits, infrastructure costs galore. All CC data must be encrypted. It’s a huge freaking hassle.

And forget about the small guys. There’s no way small businesses could ever hope to store CC data themselves (and be in compliance with PCI standards) — which is why they have to rely on companies like Stripe and Braintree to accept credit card payments.

I like Stripe and Braintree, but I like even more the fact that millions of dollars can be saved simply by using Bitcoin.

Things like this are what makes Bitcoin so amazing. This is just one example. Bitcoin takes everything we think we “know” about electronic payments and flips it on its head.

Here’s why Bitcoin will change the world…

As I’ve said before, a lot of people a lot smarter than me could explain Bitcoin a lot better than me… so I’ll leave it up to them.

Both of these videos feature Andreas Antonopoulos, a network and security professional and major Bitcoin evangelist.

Watch This First

The first clip is Andreas speaking at the Milwaukee Bitcoin meetup a couple of weeks ago. You can start watching at 47 minutes and 15 seconds (the link should take you there).

Edit: Ok, I can’t figure out how to the get damn player to start at exactly 47:15, so if it doesn’t take you there, just fast-forward to 47 minutes in.

I have also extracted the audio for anyone interested in just listening to it, which you can get here (trimmed to only include Andrea’s talk):

Watch This Second

Now that you’ve drunk some of the kool-aid, you’re ready for the second round. This one is more intense, and more exciting. You’ll be wanting to pour (fiat) money into Bitcoin after watching this one. This interview discusses the recent failure of a Bitcoin exchange known as MtGox, infamous for their incompetence.

It’s an hour and a half, and I suggest you watch the entire thing. It’s worth it, I promise.

Bitcoin

I’ve refrained from posting about Bitcoin until now, mostly because I haven’t had time, which is to say that it hasn’t been prioritized. I have also refrained from posting because I’ve been considering a site re-design, and didn’t want to take the time to mess with it. But I’ve got too many thoughts which I need to get out, plus the “Twenty Fourteen” WordPress theme is pretty clean and simple. I like it. Anyway, here goes…

What is Bitcoin?

So many people have given explanations for this, and all of them a lot better than anything I could write here. According to Google:

Bitcoin is a peer-to-peer payment system and digital currency introduced as open source software in 2009 by pseudonymous developer Satoshi Nakamoto. It is a cryptocurrency, so-called because it uses cryptography to control the creation and transfer of money.

Bitcoin is protocol, a type of electronic money, a payment network, a distributed timestamp server (at it’s core), and much more. It’s an entire infrastructure, and it’s completely distributed and self-healing. I recommend reading the Bitcoin whitepaper if you’re completely new to Bitcoin if you haven’t read it. I promise it’s short.

Also, check out http://www.weusecoins.com/en/

Bitcoin is the future.

It’s a Libertarian’s dream, a crypto-nerd’s fantasy, and the great equalizer for the common people. Bitcoin is a payment network, a currency (if you want it to be) and a store of value (much better than those worthless paper notes in your wallet and in your bank accounts). Most people focus on the currency aspect of Bitcoin, and its value relative to the US dollar. It’s so much more than that…

Bitcoin can’t be seized (stolen).

Ok, that’s not entirely true. Bitcoin can be stolen (just as the FBI stole the Bitcoins owned by the operator of the Silk Road). But as long as you’ve taken appropriate security measures, your Bitcoin is safe in your hands. Or on your computer.

Here’s an excerpt from an article by attorney Mark Nestmann that I read yesterday. (You can read the article here.)

…cases like that of Emiliano Gomez Gonzolez, who had the misfortune of being stopped by cops in Nebraska – a state where police get to keep what they seize. State troopers found bundles of currency totaling $124,700 in his car.

Police seized all the money, alleging that it was the proceeds of drug trafficking. Gonzolez tried to get it back in court but lost his case, despite the fact that police found no drugs, drug paraphernalia, or drug records connected to the cash. Nor was he ever accused of any crime. And the Nebraska cops kept it all, less a 20% commission paid to the feds for their assistance in prosecuting the case.

Mark then makes a case for opening a foreign bank account and stashing some of your savings there as a solution. Of course, Bitcoin makes this a non-issue. If the driver had instead been holding his $124k+ in Bitcoin, it simply could not have been seized (as long as he had secured his Bitcoin). Money in foreign banks, however, can be seized by the foreign government which regulates that bank, or by the bank itself, as we saw in Cyprus in April 2013.

Bitcoins are limited

There will only ever be 21 million Bitcoins in existence. Due to the mathematics and cryptography behind Bitcoin, they can’t be copied or created out of thin air. This is a good thing. Since Bitcoins can’t be conjured out of thin air (unlike US dollars, British pounds, Euros, etc.), they retain value.

Bitcoin is global

Bitcoin is global, can be used anywhere in the world, and has value anywhere in the world. Take Chile, for example. What’s the point of holding Chilean pesos if I ever get into a bind and need money here? Chile just elected a Socialist president — what’s to stop her government from dipping into your bank account, just like in Cyprus? The Chilean government can’t dip into your Bitcoins without your approval. They won’t even know you have Bitcoin unless you tell them.

A few predictions

It’s currently January of 2014. My predictions are thus:

  • Within the next 2-3 years, at least one other “developed” country will enact a Cyprus-style bail-in. Probably France. The US will eventually do it also, for the sake of “national security” of course.
  • With Bitcoin, there’s no more need for money transmitters (since that’s baked into Bitcoin by default). Western Union? Gone with the next 5 years. Maybe within 2-3, depending on how fast the world adopts crypto-currencies.

<tl;dr>

Bitcoin is the future. It will destroy banks. It will change the world. Crony-capitalism, in it’s current form, will be finished.

My Wife Has a Website

A few months ago my wife began her quest toward becoming a full-fledged web developer.

She’s now got a good basic understanding about computers in general, and today she set up her very own website (without any help from me!). The link to her site is here:

http://huckleberry.site44.com/

Needless to say, I’m very proud of her and wish her continued success on her long and rewarding journey.