Samsung Blockchain Keystore “Couldn’t install app”

If you’re getting the “Couldn’t install app” error when trying to install the Samsung Blockchain Keystore app in your device’s Secure Folder, then read on.  Skip the background if you’re familiar with it and go straight to the Solution section.

Background

In mid-2019, Samsung came out with the Samsung Galaxy S10 phone.  At the same time, they introduced their first cryptocurrency wallet, the “Samsung Blockchain Wallet”.  At first, it only supported Ethereum.  But as of late 2019, it supports a few more cryptocurrencies, most notably, it now supports the most important one, Bitcoin!

But, to use the wallet app, it requires another app; the “Samsung Blockchain Keystore”.  I’m not sure why they separated that out into two apps, but my semi-educated guess is that you can create your keys and manage them in one app and use them in other apps, not JUST the wallet app.

Now, as anyone with any knowledge of cryptocurrencies knows, you have to be EXTRA careful with your keys for cryptocurrency.  YOU are 100% in control of your cryptocurrency.  If you’re careless, and it gets stolen, you have NO RECOURSE!  Unlike a traditional bank with FDIC insurance of up to $100,000 protection per account, there’s NOTHING for cryptocurrency.  That’s not a bug, that’s a feature!  With freedom, comes responsibility.  But that’s a speech for another day.  The point is, that if you’re going to do this on mobile, you want it to be a secure as possible, and on a Samsung phone, that means putting it in the ultra secure section called “Secure Folder”.  Now, let’s get back to the “Couldn’t install app” error.

Solution

Sorry to be the bearer of bad news, but there is no solution at the time of this writing (2020-01-04).  I spent an hour on chat support with Samsung, who then sent me to a phone tech support that’s a specialist on the Secure folder.  Both the chat tech and the Secure Folder tech were unaware of the problem and both confirmed that it is, indeed, a problem that they’re going to have to fix.

Here are the problems you’ll experience:

  1. When trying to install the Samsung Blockchain Keystore into the Samsung Secure Folder:
    1. It will not find it in the installed apps from the apps installed outside of the Secure Folder.
    2. It will not find it in the Play Store (to their surprise, it’s not in the Play Store at all.  You can search for it with a desktop browser.  It’s just not there).
    3. It WILL not find it in the Samsung Galaxy Store… at least, not directly.  First, you have to search for the Samsung Blockchain Wallet app, select it, scroll down for similar apps, and you’ll find the Samsung Blockchain Keystore down there.  Try to install it, and you’ll get the error:
    4. Installing the KeyStore app OUTSIDE of Secure Folder will NOT make it available to the wallet app INSIDE the secure folder.
    5. Even when installed outside of secure folder, it does not show up in the app drawer.  You cannot add its icon to the home screen.
    6. The ONLY way to launch it is to find it in the Galaxy Store and tap the “Open” button there.

So, the conclusion is that it’s not possible to use the Samsung Wallet app in the Secure Folder area.  And if you can’t use it in there, it’s not worth using.  You NEED the extra protection of the Secure Folder for your cryptocurrency.  DO NOT ATTEMPT TO USE IT OUTSIDE OF SECURE FOLDER!!!

Speaking of Decentralized Monetization,

If you like my work, you can contribute directly to me with the following cryptocurrencies (but, apparently, not with the Samsung Blockchain Wallet app in Secure Folder yet!)

BitCoin:

bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg
bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg

LiteCoin:

LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r
LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r

Must-Haves for Decentralized Apps

Whether you’re a developer or a user, these are the requirements for a truly decentralized app. If it lacks any of these, your app can (and should be assumed that it WILL) be censored:

  1. No reliance on legacy DNS.

    1. While you CAN make use of DNS as an additional measure, your app should still fully function even if the entire DNS system is compromised and/or your domain name confiscated.  You should think of the DNS as only a gateway for legacy users to find your services.
  2. No reliance on a centralized account creation system.

    1. User accounts should be created client side ONLY, like a cryptocurrency wallet. The app’s concern with the user account should ONLY be that the user cryptographicly signs their communication with you, using their private key and you use their public key to transmit private data from you to them.
  3. Deployment of the app should NOT depend on a centralized app publisher.

    1. The app should be obtainable if you or your company or your organization cease to exist. This does not mean that you can’t ALSO deploy to centralized app stores, but those should be SECONDARY. You should also dissuade your users away from centralized app stores.
  4. User’s personal data should ONLY be stored on their own device

    1. OR encrypted with their public key before being stored remotely to their choice of external storage.
  5. Remote storage

    1. All remote storage should be stored on a decentralized storage platform (The user’s SiaCoin or FileCoin accounts, for example. For published data, IPFS and/or a blockchain). This doesn’t mean you can’t also make use of centralized platforms. In fact, make use of popular centralized cloud storage like Amazon S3, DropBox, Google Drive, etc, but encourage the user to add 3 of those to their storage preferences and you encrypt their data locally, with their public key, then replicate it, like RAID 3, across at least 3 or more centralized storage platforms.
  6. Monetization

    1. Creator monetization should NOT be controlled by the app creator. The app creator should only facilitate code in their app to allow independent users to pay, directly, to each other, using a system outside the control of the app creator (such as cryptocurrencies).

Speaking of Decentralized Monetization,

If you like my work, you can contribute directly to me with the following cryptocurrencies:

BitCoin:

bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg
bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg

LiteCoin:

LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r
LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r

The Importance of Decentralized Apps & Services

First, a definition:  What IS a decentralized app or service?

A decentralized app or service, its data, and the user accounts are available from multiple locations.  If any one of them go offline, the app or service continues to be functional and distribution of the app or service does not cease, the data does not go away, the user accounts do not die, and no functionality ceases to function.

Let’s review how legacy (centralized) apps and services currently work…

Ordinary, legacy services that you’re probably used to are things like Google Maps, Google GMail, Google Search, Google Drive, Google Docs (seeing a pattern here?), Google’s YouTube.  Aside from the obvious fact that all of these are from A SINGLE COMPANY! they’re also centralized.  In spite of the fact that Google has a planetary wide system where they distribute their services and storage, they have the following centralized points of failure:

  1. They’re all owned by one company.
    1. Google could, in theory, go out of business.  Wait!  Stop laughing.  Where are you going?  Obviously, that’s not likely to happen any time soon, but it’s always a possibility, especially with the possibility that they may be broken up into multiple smaller companies, due to their gigantic control of virtually the entire internet.
    2. They can (and DO) censor.  THOUSANDS of YouTubers have had the following problems, increasing and accelerating in occurrences, frequently for political, not safety reasons:
      1. Demonetization.
      2. Shadow banning.
        1. Removing their videos or channels from “suggested videos”.
        2. Hiding their videos or channels from search results.
        3. Marking them as “age restricted”, which hides them from search results where “child safe” restrictions are enabled, such as public libraries and schools.
      3. Videos deleted.
      4. Channels deleted.
    3. Falsification of viewer counts.
    4. Blocking of voting.
    5. Blocking of comments.
    6. Simply not paying the creators what they’re owed.
  2. They’re all reliant on the centrally controlled DNS system.
    1. Though the DNS is a decentralized service, the CONTROL of it is NOT.  The CONTROL of the DNS is controlled by an organization called ICANN (Internet Corporation for Assigned Names and Numbers).  They’re the ones that can take your domain name away from you.  They used to be a U.S. based organization, but in 2016, the U.S. government, in a highly controversial move, transferred control to an international body that is not adherent to your first amendment rights.  At the time of this writing (2020/1/4), there are fears that tyrannical governments like Russia or China may start to get partial control of this too.  Both of them are already creating their own DNS and many countries block domains from their entire citizenry.
      1. See this:  UN Moves Towards Handing Dictatorships Power to Control the Internet
  3. They all have access to your PERSONAL data.
    1. Any data you enter into their apps or websites is viewable by them and stored on their servers.  YOUR data is controlled by other people.
  4. Your user account is proprietary for THEIR services
    1. You’ll have to create separate accounts for apps and services on OTHER centralized apps and services not owned by Google.
    2. Your user account and password are known and stored on these organizations servers.  They have access to EVERYTHING you do with their apps, and so do their employees and contractors!

Decentralization solves ALL of the above problems!  Here’s how:

  1. No centralized DNS.
    1. Decentralized apps do not rely on the centrally controlled DNS (Dynamic Name System).  Once you install and run the app on your local device, most of the functionality happens on your own device.  In cases where data needs to be shared, it’s either done so directly from your device to your friend’s device, if you’re having a private conversation, or it’s distributed to a decentralized, public data system like IPFS (InterPlanetary File System).
  2. Decentralized account management:
    1. Instead of creating a user account on a centralized web site for each and every website you visit, you create ONE account.  And you do this on your own device.  And you do not publish it (unless you want to).  This is how cryptocurrencies work.  You create your “wallet” using software running on your own computer.  It’s essentially a very large and random number, run through a cryptographic algorithm that generates TWO keys:  One private (that you hide from everyone) and on public (that you can share with the world).  These keys work in unison.  If you want to prove to anyone that you created content, you encrypt it with your private key.  Anyone with your public key can decrypt it.  Technically, that’s not what we call “encryption”.  It’s “digitally signing”.  If something can be decrypted using your public key, it’s proof that it was encrypted (or signed) with your private key, meaning only YOU.  If someone wants to send you something private, they’ll encrypt it with your public key.  It can ONLY be decrypted with YOUR private key.  This key combination is your “account” and you can use that on any decentralized app that uses that particular technology.  You can also create multiple accounts, if you like.
      1. You create your accounts on your own device.
      2. You use the same account everywhere (if you want).
      3. You can create as many accounts as you like.
      4. No one, but YOU has control over your accounts.  No one can delete them.
  3. Decentralized app deployment:
    1. Apps are made accessible on a network of nodes, rather than a centralized app store.  Some examples of decentralized networks are BitTorrent & IPFS.  This prevents a single entity (Like the Apple App Store or Google’s Play Store) from deleting them.  It also prevents a centralized authority, like ICANN from taking away the public’s access to your content via the DNS.
  4. Personal Data & Remote Storage
    1. While personal data does NOT need to be decentralized, decentralized apps SHOULD handle personal data ONLY locally, on the user’s device, OR, per the user’s intention, encrypt, then store on the user’s choice of cloud storage, preferably a decentralized cloud storage, like SiaCoin or FileCoin, or replicated (after encrypted) across multiple accounts on separate centralized cloud storage services like Amazon S3, Google Drive, DropBox, etc…
  5. Monetization
    1. Content creators should receive payments DIRECTLY from the consumers of their content, usually in the form of cryptocurrency.  The app providers need only provide the means for the content creator to accept cryptocurrencies.  This is usually done by the content creator registering their cryptocurrency wallet addresses with their content and users being able to tap or click it and then transfer crypto directly to the creator.  There should be no middleman involved.
  6. Elimination of DDOS
    1. Distributed Denial Of Services is an attack against a CENTRALIZED web site.  For example:  Multiple machines send thousands or millions of requests to a website, overwhelming the CENTRALIZED servers, causing them to be unable to respond to legitimate requests, because they can’t tell the difference.  If your services or content are decentralized, there’s no central server to attack.
  7. Faster Downloads
    1. When you download content from a decentralized network, you’re not relying on the limited server resources of a single organization or single server anymore.  The system finds the closest or fastest nodes to you that have the content and deliver it to you.
  8. Global bandwidth
    1. Decentralized distribution means closer physical transfers.  In other words, as a downloaded item gets distributed via the act of downloading, it spreads organically across the internet.  Each download is done via the closest neighbor, preventing clogging up the longer path connections, making the rest of the internet faster for everything else too.

Decentralization provides massive benefits for BOTH publishers AND consumers.

  1. For Consumers:
    1. As a consumer, the content you love cannot be taken away from you just because of the politics of the day or the preferences of the owner of an organization.
  2. For Publishers/Creators:
    1. You can’t be censored.
      1. Twitter, Facebook, & YouTube have gone on a massive censorship craze and in spite of being hauled in front of Congress multiple times and facing backlash from the public, they’re only accelerating their censorship.  Decentralization puts an end to that.
    2. You can’t be demonetized.
      1. A sinister part of censorship is demonetization.  In addition to silencing dissident voices, they’re also cutting off their funding and propping up the distribution of funding of only the voice they approve of.  Decentralization puts an end to that.

Speaking of Decentralized Monetization,

If you like my work, you can contribute directly to me with the following cryptocurrencies:

BitCoin:

bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg
bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg

LiteCoin:

LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r
LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r

SANS DIGITAL Raid Tower Four Years On

SANS DIGITAL MobileSTOR MS4UT+B

Almost 4 years ago, I bought a Sans Digital MobileSTOR MS4UT+B four drive bay RAID tower.  Here’s how it’s stood up so far:

The reason I’m writing this article today, is because this past week was the first time one of my drives in the ARRAY failed.  To be clear, this is not a complaint.  ALL drives fail.  That’s WHY I bought a RAID tower, so that when one eventually DOES fail, I have the redundancy in place to keep going while I get a replacement drive, with zero down time and zero data loss.

Before reading further, if you don’t know what RAID is or a RAID tower, please click the link below for a straight-forward explanation:

When I bought the tower almost 4 years ago (this model is not available for sale anymore), I also bought 4 of these drives.  Click the image to see it on Amazon.

Seagate 4TB NAS HDD SATA 64MB Cache 3.5-Inch Internal Bare Drive (ST4000VN000)

for $149.99 each in December 2014.  They were the cheapest 4TB drives I could find at that time.

All 4 have been running 24/7 until 2018-10-29, when one of them finally failed.  To be honest, I expected the first failure to be years ago, considering my track record of at least 1 failed drive a year.  I bought the cheapest drives I could find too, so I expected more frequent failures.  The front panel of the RAID tower indicated that my drive #3 had died.

The computer was completely unaware of the failure.  This is a good thing.  That means the RAID tower’s seamless drive failure was working.  I immediately ordered a new, replacement drive.  I ordered the cheapest, 4TB drive I could find.  Why?  Because reliability of individual drives is not all that important when you have them in a RAID tower.  The redundancy of the whole system dramatically improves overall reliability, even when using low reliability drives.  I should also point out that just because a drive is inexpensive, doesn’t mean it’s also low reliability.

Here’s the drive I bought in late October 2018 for $79.99… nearly half the cost from 4 years earlier.  Click the image to see it on Amazon.

WL 4TB 7200RPM 64MB Cache SATA 6.0Gb/s 3.5″ Hard Drive (For RAID, NAS, DVR, Desktop PC) w/1 Year Warranty

What did I do?

When it arrived 3 days later, without shutting anything down, I opened the front panel of my RAID tower, pulled out the bad drive (with the whole system still on and running), unscrewed the 2 screws holding the handle onto the bad drive, screwed them and the handle onto the new drive, and plugged it into the RAID tower.

What did the RAID tower do?

The RAID tower immediately recognized the new drive and started replicating data to it.

What did the PC do?

My PC never knew anything ever happened.  As far as it was concerned, there was a working 12TB drive that it continued to actively use throughout the whole process.  There was never any downtime.

How long did it take?

Swapping the drive took about 5 minutes or less.  The replication, however, began on the night of Tuesday, October 30th.  It was still replicating when I left the PC on Saturday night, November 3rd.  However, Sunday morning, when I got back to it, it had finally finished.  So, it took it about FOUR DAYS to complete the replication.  Much longer than I thought.  I figured it would take between a couple hours up to maybe 1 day.

What does this mean?

It means that my data was vulnerable to disaster via a SECOND drive failure from the moment the drive went bad on Saturday, October 27th, through when the data was finally, fully replicated onto the new drive somewhere between the night of Saturday 11/3 and the morning of Sunday, 11/4… a total of a few hours more than 1 solid week.

If any other drive had died during that time, my 10TB of data would have been hosed.

The good news is that if I were NOT using a RAID tower, I’d be in that same risk ALL THE TIME!  I was only at risk for 7 days.  The BAD news (for YOU) if you’re not using RAID, you’re at that risk 100% of the time.

Conclusion:

This RAID tower performed as designed and is still performing.  The vulnerable replication period is much longer than I expected.  But, in the end, it all worked.  This is the first drive failure I’ve had where I didn’t lose a single bit of data.

My recommendations:

Whether you need speed or reliability, you SHOULD be using a RAID array.  I highly recommend buying a RAID tower and let it handle the complexities of configuring the system.  Software RAID solutions are available, but they are much less reliable and consume resources on your computer, slowing you down.  With an external hardware solution, it’s literally just plug and play, like any normal, single external drive.  But with the capacity, speed, and reliability of a RAID solution.  RAID towers can be found for under $100 and there’s no upper limit to how much you can spend on one.

So:

  1. Buy a RAID tower.
  2. Configure it to the configuration that best meets your needs.
  3. Have a local backup using a low cost, external USB hard drive of equal capacity as your full RAID array’s configuration.
  4. Have a cloud backup of your data too, AND MAKE DARN SURE IT’S ENCRYPTED ON YOUR END BEFORE BACKING UP!!!
    1. There are a lot of decentralized, peer-to-peer, cloud backup services coming online like:
      1. Sia
      2. FileCoin
      3. StorJ
      4. and others.  None of them are great solutions as of this writing YET!  But that’s changing.  Keep an eye on them and read EDUCATED reviews of them.  That includes keeping an eye on my blog because I’m watching them with intense interest, in addition to testing them myself.  I’ll ring the alarm bell when it’s time to jump on.  They WILL BE the ultimate backup solution.

What is RAID or a RAID tower?

RAID is an acronym that stands for “Redundant Array of Independent Disks”.  In short, it’s a system that allows you to make multiple hard drives look like a single drive to a computer that’s using them.  The benefits you get depend on the RAID configuration you choose and the hardware and/or software you use to implement RAID.  Your RAID configuration options are:

RAID Towers

RAID 0:  Striping.  This treats all the platters in all your drives in the RAID 0 configuration as one drive with multiple platters.  On a regular, single drive system, a hard drive usually has multiple, physical disks inside of it.  Data is written on the disks on tracks, similar to a record player, but unlike a record player that has ONE groove that spirals all the way from the outer edge to the center, computer disks have individual rings, called “tracks”.  A hard drive has multiple disks (called “platters”), each with tracks.  A file is written across the multiple platters on the same track until that track, on all the platters, is full, then another empty space is found to continue the writing.  With RAID 0, you can add more drives to extend the depth of those tracks. One file is now written across all platters on all drives on the same track until they’re filled.  There’s no limit to how many drives you can have in a RAID 0 configuration (except limits imposed on your RAID hardware and/or software).

Benefits of RAID 0:

  • Speed
  • Larger volume size.

Disadvantages of RAID 0:

  • Decreased reliability.  If any one drive fails, the whole thing goes down.  The more drives you have in a RAID 0 configuration, the sooner the whole thing will die or the LESS fault tolerant it is.  RAID 0 is pretty dangerous and should not be used unless speed is more important than reliability.

RAID 1:   Mirroring.   Given X amount of drives in ANY RAID configuration, you can have a duplicate copy of them, which requires twice as many drives.  All drives have to be the same capacity.  Neither set is the “original”.  All data written to one set is duplicated on the other.  Both sets are live.  For example:  The simplest RAID 0 configuration is a 2 drive system, both drives of equal size each.  Your total storage capacity across the system is exactly the capacity of ONE of those drives.  Everything written to one drive is duplicated on the other.  A more complex RAID 0 configuration will more more than 2 drives, but ALWAYS an even number of drives.  The 1st half of drives can be any other RAID configuration you like.  The 2nd half of drives will be a duplicate of the same thing.

Benefits of RAID 1:

  • 100% redundancy.  Acts as a full, live backup.  Any part of either side can fail and the array continues to function, seamlessly.
  • Speed.  Mirroring doesn’t require extra processing.  It’s no slower than a single drive with no RAID.

Disadvantages of RAID 1

  • Capacity is reduced to 1/2 the total capacity of the whole, physical system.

RAID 3:  RAID 3 is made of exactly 3 drives.  2 drives for data, one for parity.  Any 1 drive can fail and the system can continue to function until you replace the bad drive, in which case, the new drive is restored from the remaining 2 drives.

Benefits of RAID 3:

  • Redundancy
  • Capacity.  Maximum capacity usage for data across your array of disks.

Disadvantages of RAID 3:

  • Speed.  RAID 3 requires extra processing and thus, results in somewhat slower performance.
RAID Towers

RAID 5: RAID 5 is nearly identical to RAID 3, with the added benefit that you can use any number of drives you like.  You’re not limited to 3.  Instead of dedicating drives to data or parity, every drive in a RAID 5 configuration contains BOTH data AND parity.  2/3 of every drive contains data and 2/3 of every drive contains parity.

Benefits of RAID 5:

  • Same as RAID 3 plus…
  • Not limited to 3 drives.  Can have 2 or more, with no practical limitation.

Combining RAID configurations: It should be noted that you can combine RAID 1 with any of the other configurations.  A popular configuration is stripping (RAID 0) plus mirroring (RAID 1), known as any of the following labels:

  • RAID 0+1
  • RAID 1+0
  • RAID 10

Benefits of combining stripping and mirroring:

  • Maximum Speed
  • Maximum Redundancy & reliability

Disadvantages:

  • The same disadvantage of mirroring:  Your total capacity of all your drives is cut in half.

What is a RAID Tower, then?

A RAID tower is a piece of hardware with multiple drive bays.  You can plug in your own hard drives in the tower.  The tower usually has the hardware and software built in to handle the RAID configurations for you.  You plug the tower into a computer and it appears simply as a single, external disk drive with the full capacity of whatever RAID configuration you assigned the drive array.

RAID is a concept.  A RAID tower is a functioning product implementing that concept.

A special note about RAID and SSDs (Solid State Drives)

SSDs, as you probably know, are the modern replacements for the decades old, spinning disks we call “hard drives”.  SSDs have no moving parts and are 100% solid state electronics.  They’re essentially memory chips that don’t lose their data when you turn them off, making them ideal for a modern replacement for hard drives.  Because they have no moving parts, they’re significantly faster and more reliable.  They’re also a lot more expensive (for now) per gigabyte of storage.

Can RAID work with SSDs?

Yes!  In fact, my personal desktop PC is using two 256GB SSDs in a RAID 0 configuration.  Why RAID 0, when it’s known to be less reliable?  for several reasons:

  1. Speed.  Yes, even though SSDs are significantly faster than spinning platters with moving read/write robotic arms, they can be even faster in a RAID 0 configuration.
  2. Reliability:  No, I’m not using RAID 0 to make them more reliable.  They are, in fact, LESS reliable in a RAID 0 configuration, but since they’re SSDs, even with two of them in a RAID 0 configuration, they’re still more reliable than a single, spinning disk drive.
  3. I need speed more than reliability on my boot drive.  Why?  All my important data is stored on my RAID tower.  Everything on my boot drive can be restored by simply re-installing all of my software.  The only thing I’ll lose is my time.

Actually, the primary reason is I’d purchased a 256GB SSD for another computer and didn’t need it in that one anymore and I wanted 512GB SSD for my desktop, so I just bought a second 256GB drive and put them both in, configured as a RAID 0 system.  I’m perfectly fine with it for the reasons listed above.

But, enough about me.  Yes, SSDs can be used in any RAID configuration that spinning platter disk drives can be with the same pros and cons.  It’s just that every configuration on an SSD is faster than the same configuration on spinny disks (as I like to call them).  Also, every option is more expensive with SSD.

Tensorflow, Python, & NVidia CUDA Setup

If you’re trying to get started with Machine Learning using Tensorflow, you’ll likely experience frustration trying to find the right version of Tensorflow, Python, & NVidia CUDA drivers that all work together.

Having just gone through that frustration myself, I present to you a WORKING set of instructions.

NVidia CUDA

This part is NOT REQUIRED, unless you want to use your GPU for MUCH faster Tensorflow program execution.  You DO want to use your GPU, BTW!

As of this writing, CUDA 9.2 is the latest version, however, Tensorflow will not work with anything later than 9.0, so go here to download CUDA 9.0:

https://developer.nvidia.com/cuda-90-download-archive

If you don’t have an NVidia GPU, click here to get one…

NVidia GPUs on Amazon.com
NVidia GPUs on Amazon.com

What is CUDA?

CUDA is software to allow you (or other programs written by other people) to write software to utilize your video card’s GPU (Graphic Processing Unit).  A GPU is hardware designed specifically for video operations that are many times faster than a CPU can do it.  Turns out, you can use your GPU for some specific types of calculations that have nothing to do with graphics and speed up those operations… like… a Neural Network like TensorFlow.  They’re also good for cryptomining, but we won’t get into that in THIS article.

Tensorflow

Once you have CUDA installed (assuming you have an NVidia GPU and want to take advantage of the massive speeds it’ll give you compared to just running Tensorflow on your CPU), it’s time to install Tensorflow.

Follow these instructions:

https://www.tensorflow.org/install/install_windows

They’ll also get you up and going with your first “Hello World!” program… after you get Python installed (next section).

Python

There are multiple versions and flavors of Python out there.  THIS is the one that will work with the version of Tensorflow and CUDA listed above:

https://www.python.org/downloads/release/python-362/

Once you have them all installed, follow the tensorflow tutorial on the tensorflow link above.

That’s it!

Extra

Here’s an easy to use Python play site where you can write and test Python code as you learn it without installing anything!

https://www.tutorialspoint.com/execute_python_online.php

The Cryptography of a BlockChain

[Updated on 2019-09-11]

By now you’ve all heard of a blockchain and that it’s the backbone of cryptocurrencies like BitCoin, Ethereum, LiteCoin and others.  I’m not here to tell you that blockchains are the solution to every problem or that blockchains are the next best technology that everyone will use.  You’ve heard that 100 times.  I’m going to explain, in as simple and straightforward a way as possible HOW a blockchain is put together and how cryptography is central and core to the whole thing.

You’ll discover, on your own, that putting a couple of old ideas together creates something phenomenally more powerful than the individual parts summed together.

First, let’s list the parts:

  1. A simple transaction (a record showing a FROM address, a TO address, an amount being transferred, and a time stamp).
  2. A “block”, which is just a list of transactions.
  3. Hashing (the result of a complex math problem using the numbers of all the bytes of a file (or a block and/or a transaction record)), to uniquely identify a larger chunk of data.
  4. Encryption

That’s it!  No, really!  A block chain and a cryptocurrency contain no more than that.  Well, a cryptocurrency needs computers to do the calculations for the hashing and encryption, etc…, but they just build  and validate the block chain.

So, here is what a block chain is in a nutshell:

  1. Every transaction ever taken place since the creation of the blockchain.
    1. The list of transactions are divided into “blocks”.  If you create your own blockchain, you get to decide how big a block is and how many transactions are placed in a block.  In BitCoin, for example, a block used to be 1MB max (it was updated in August of 2017 to be bigger).  A new block is added to the blockchain every 10 minutes… at least, on BitCoin, it’s every 10 minutes.
    2. The transaction is digitally signed by the sender so the network can confirm the owner of the cryptocurrency is truly authorizing the transfer.
  2. Each transaction in the block has a hash that uniquely identifies the transaction.  No 2 transactions will ever have the same hash.
  3. Once all transactions for the next block are ready, the hash from the prior block is added to the new block and that hash, plus all the transactions, are hashed to create a final hash of the new block.
  4. Critically important:  That prior hash being added to the new block is what LINKS the new block back to the prior block!  That’s what makes it a “chain”.  Each new block references the old one and the new block’s hash is dependent on the old one, which was dependent on ITS older one, and so on, all the way back to the first “genesis” block.  The new hash is the way it is because of ALL the older hashes are the way they are.  If any single transaction anywhere in the blockchain were different, so would ALL the hashes be different following that one.

That’s it!  Really, that’s all there is.

But, some really important things have happened as a result of those simple pieces:

  • Every processing computer on that network has a full copy of the entire blockchain.
  • There’s no central blockchain server.  The blockchain exists ONLY on the hard drives of the machines of the volunteers.

That means a hacker can’t hack “the bitcoin server” and change records, because no such central server exists.  He’d have to hack into EVERY bitcoin node and change it.  (Well, he’d have to hack at least 51% of them).

Something else important happens with the technology:

  • When a BitCoin node computes the hash of a block, it doesn’t just compute the hash ONCE, it computes TRILLIONS and TRILLIONS of hashes.  A single, home laptop, would probably take years to compute that hash.  Why? The network won’t accept just any hash.  The hash produced MUST match a pre-defined pattern.  Specifically, it has to, by pure chance, come up with a hash that begins with a bunch of zeros.  The amount of zeros needed increases over time as computers get faster, to ensure that Moore’s law doesn’t overtake the network.  These hashing computations NEED to take a long time.  MANY BitCoin nodes are competing with each other to find that magical hash value.  The first one that finds it, submits it to multiple peers on the network for confirmation.  Confirmation is instant.  Once confirmed, the block is accepted into the blockchain and it’s distributed to every node on the network so they can all add it to their local copy of the blockchain.  And the computer that found the hash is awarded with 12.5 new BitCoins (worth about $92,000 at the time of this writing).  Those computers that spend all their time crunching numbers to produce those hashes are called “miners”.

So, why are miners required to compute all those useless hashes only to find yet another useless hash?  Because it has to cost the miners something to do it.  It’s too expensive to do that if there’s no reward, so a hacker is not going to waste their time doing it.  If a hacker tried to submit a false hash, the network would reject the false hash and would ban them from the network.  So, only hashes that actually went through the full AND EXPENSIVE computational process are accepted.

When a miner submits their hash, and it’s confirmed by other miners, that hash is a “proof of work”.

Again, WHY?

Aside from making it too expensive and mathematically improbable to submit false hashes, it makes it impossible to change records in the blockchain.  If you tried to change a record from 24 hours ago, you’d have to rehash it, then rehash the next block (because remember, the NEXT block has been hashed with the prior block’s hash… the one you’re CHANGING!).  You’d have to rehash EVERY block after the one you’re changing.  It takes about $1,000 worth of electricity to mine a block and thousands of specialized computers to get it done in time.  In a 24 hour period, there are 144 new blocks, so it would cost you $144,000 to rehash them all.  Every 10 minutes back in time of a transaction you’re trying to alter will cost you another $1,000 in electricity.

Then, you’d have to somehow hack 51% of all bitcoin mining rigs and REPLACE ALL their local copies of the blockchain.

There simply is not enough computer power in the world to accomplish that task, not even if you add all the world’s supercomputers owned by the NSA, Oak Ridge National Laboratories, China, etc…  Because while you’re doing that, the bitcoin network (the fastest supercomputer on the planet), is still churning out new blocks every 10 minutes.  You’d need the combined computational power of the ENTIRE bitcoin network, PLUS MORE to catch up with them.

It’s no longer a hacking challenge, but a thermodynamic problem that you simply cannot do with current technology.  It’s expected that a quantum computer would eventually be able to do that, but the BitCoin developer teams are working on new algorithms safe from quantum exploitation.  Side note:  It’s believed that current AES encryption is likely quantum-safe.

THAT is why any record written to the blockchain is permanent and unalterable.  That was accomplished with extra hashing of blocks and distributing copies of the blockchain all over the network.

Back to Cryptography

Hashing:  Again, hashing is taking a string of bytes, pushing them through a particular algorithm, and producing a fixed length, unique string of bytes, always the same size (for the SHA256 hashing algorithm, the one that BitCoin uses, that’s 256 bits long or 32 bytes long), regardless of the size of the original string.  A hash is non-reversible.  That means that you CANNOT reverse a hash to recreate the original data that was used.  Think of it in the same way you think of the remainder to a division math problem.  For example, 13/5 = 2, with a remainder of 3.  But how many other divisions have a remainder of 3?  An infinite number of them.  So, if all you have is the remainder, you have no way to determine what the original 2 numbers were.  That’s kind of how a hashing works.

Important to cryptocurrency (and blockchains):  You must have a “wallet” to keep your cryptocurrency in.  That wallet is simply this:  You create a new public/private encryption key pair.  Your private key is generated from random numbers put through an algorithm.  Your public key is generated from your private key by putting it through another algorithm.  Your wallet address is simply a hash of your public key.  You can freely give people your public key and your wallet address.  Your address is what you want people to have so they can send you money.

Signing:  For more details on signing, please see:

Understanding Encryption

But here’s a short explanation:  When you encrypt data, you use the recipient’s PUBLIC key.  When they DECRYPT your message, they use their PRIVATE key.  But, if you want to PROVE that YOU sent the message, you’d also SIGN it.  That simply means that you encrypt with your PRIVATE key.  The recipient DECRYPTS it with your PUBLIC key.  Anything encrypted with your private key can be decrypted with your public key.  Since your public key is public and anyone can decrypt your data with it that you encrypted with your private key, it’s not considered “decryption”.  And since ONLY YOU can encrypt anything with your private key and your public key can’t decrypt ANYTHING NOT encrypted with your private key, then that proves YOU are the one that encrypted it.  You digitally “signed” it.  That’s how you prove you created the content.

When you transfer digital money on a blockchain,  you digitally sign your transaction to move money out of your “wallet” (again, your wallet address is a hash of your public key).

The network refuses to transfer money from one address to another unless the transaction is digitally signed by the “from” wallet address’s owner.

Encryption: You don’t really encrypt anything in most blockchains, but I’ll mention encryption here, just so it’s not ignored from the conversation.  But “signing” and “hashing” are considered subsets of the larger “encryption” concepts.

Benefits of all these pieces of technology put together:

  1. An immutable (unchangeable), public ledger.  You never have to worry about someone changing a past transaction.
  2. Decentralized.  There’s no single place that a hacker can attack and no single place a dishonest website owner can manipulate, and no single place for a tyrannical government to shut down, and no single company to go out of business, tacking everything with it.
  3. You are 100% in control of your own cryptocurrency.  No one, not EVEN the government can technologically steal your funds or stop you from sending or receiving money on the blockchain.
  4. It’s virtually unhackable, not even someone with resources as deep as say the NSA.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

IRS Hell for BitCoin Users

Summary

2018 is the first year U.S. citizens have to file taxes on their cryptocurrency activities for 2017.  The limited “rules” the IRS has published do not cover the majority of types of activities and the information needed to accurately file taxes is simply not available to non programmers and is excruciatingly difficult to acquire, even for programmers.

Tax “Guidance”

In 2014, the IRS published a somewhat vague guidance on how to report cryptocurrency taxes.  It essentially boils down to:

  1. How much did you buy? 
  2. How much did you sell?
  3. What’s the difference?
  4. Send in 30% of your profits.
  5. Determine fair market value on the day of your transactions.

Here’s the actual 2014 IRS tax guidance document.

Reality

Unfortunately, reality is much more complicated than that.  Here are the real-world things that we have no clear rules on:

  1. What if I bought some prior to 2017?
  2. When I sell some, which of the MANY prior purchasing transactions do I apply the price to?  The price is different for every transaction.
  3. What about mining?
  4. What about mining hardware prices?
  5. What about price of electricity?
  6. I bought & sold on more than one exchange.
  7. I moved crypto between exchanges.
  8. I converted crypto from one to another.
  9. Prices at the moment of each transaction are not available when converting between currencies.
  10. Which price would we use, even if we had it?  There’s no universal price on any crypto.  Each exchange has its own, moving price that changes by the second.
  11. What about when a cryptocurrency forks, like BitCoin to BitCoinCASH and BitCoinGold?
  12. They say to use the fair market value of the day to determine prices on transactions, but that’s of no use since the price can swing thousands of dollars within a day.

My Experience

Since 2014, I’ve bought and sold crypto hundreds of times.  On some days, I’ve made dozens of trades in a single day.  In addition to that, I have accounts on 4 exchanges and also mine Ethereum.  I also traded between cryptos like converting BitCoin to LiteCoin and LiteCoin to Ethereum & Ripple & IOTA, etc., and moved crypto between exchanges like CoinBase, Kraken, Bitfinex, & Bittrex, and to and from my personal wallets,  and gained some crypto during forks, and lost some due to CoinBase not giving me my Ethereum Classic.

Over the past week, I’ve spent about 6-10 hours or so JUST on trying to gather what I understood would be needed for my tax accountant for cryptocurrency (not counting my usual taxes).  From the list above, you’ll get a rough idea of what I was going through to try to collect the information.

It’s 2018-03-31 and I finally finished my taxes.  Here’s how the day went:

I was woken up around 9:45 am this morning (I like to sleep late on Saturdays) by my tax accountant.  We spent a SOLID FIVE HOURS on the phone, trying to resolve everything (95% of that was related to cryptocurrencies).  This is their first year dealing with this.  I had to explain a lot about crypto and even the IRS’s rules.  She, apparently, had the same, uninformative PDF document from 2014 from the IRS too and just assumed it’d be as simple as they explain.  Reality is hugely different.

She wanted me to make it simple for her.  I wanted her to make it simple for ME.  That’s kind of why I’m paying her, right?  I spent hours gathering everything she could possibly need (minus the information that was just not feasible to get, but that we actually DO need).

It was simply not enough information, not just the lack of data that I didn’t have access to, but the lack of rules from the IRS.

Conclusion

The amount of effort trying to figure out just HOW to report my cryptocurrency transactions to the IRS was a nightmare and equals about the same amount of effort I spent throughout the year transacting and buying, learning, and setting up my Ethereum mining.  And it was significantly more frustrating than the actual crypto activities.

The IRS needs to get their act together, learn what it is we actually do, and come up with REALISTIC rules that we can actually perform.

After all the time and effort I spent preparing my taxes for my accounted, PLUS the amount of time we spent on the phone afterwords was insane and we STILL didn’t get everything.  We probably got about 85% of what was needed and I guarantee that what we reported was not right, but that was the best we could do.  I had tens of thousands of dollars in transactions.  With the limited information we had, she simply ended up using what I sent to her from the website CoinTracking.com, which is ONLY good for a SINGLE exchange.  So, I reported a $200 profit and paid taxes on that.  At least that is small, to keep my taxes down AND shows a “profit”, which should keep the IRS off my back, since I’m actually paying them something.  I was told that if I reported a loss, it would likely trigger an audit.

What?  Were you hoping to come here for a resolution to YOUR tax problems?  Sorry.  All I can offer is comfort that you’re not alone.  The IRS needs to get their act together and YOU need to click this link to contact your U.S. representative and explain to them the nightmare they’ve created for us.  Click the following link:

Find Your Representative

 

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Validating Digital PGP Signatures & Why it’s Important

Do you ever see the checksums, CRCs, SHA, or PGP signatures presented to you when you’re downloading a file?  Like this for example:

These are actually SUPER IMPORTANT!

What are those signatures?

They are, in a very very simplistic explanation, answers to a math function where the numbers given to the function are the bytes of the file you want to download.

Why are they important?

They are used to prove to you that the file you’re downloading hasn’t been tampered with.   HOW? you may ask?   Because only the valid, original file, with the original set of bytes in it could have produced that signature.  If you change just ONE byte in the entire file, no matter how big the file is, you’d get a DIFFERENT answer to the math function.

This is CRUCIALLY important for things like cryptocurrency wallets for cryptocurrencies like #BitCoin, #Ethereum, #LiteCoin, etc…  Hackers frequently publish TAMPERED versions of wallet software and if you install and run the hacker’s version, they’re going to steal ALL OF YOUR CRYPTO!  This has already happened many times.  Websites are compromised and hacked versions are put on their websites.

This brings up another important concept of signatures vs. the files they’re supposedly coming from:

A published signature is absolutely USELESS if it’s on the SAME website as the download file.  Why?  Because if a hacker compromises the download site, then you can’t trust anything on that site, including the signature.  You’ll find that MOST sites that publish a signature do so on one website, but the downloaded file is hosted on another website.  For BOTH the signature AND the file to be compromised by the same hacker, they’d have to hack BOTH of those websites, which is much more difficult.

How can I validate them?

You’ll need software on your computer that can compute the same types of signatures that the website publishes for their downloaded files.  In short, these are the steps (I’ll go into explicit detail shortly):

  1. Install some signature making and validating software onto your computer (Do this only once).
  2. Make note of the published signature for the file you’re about to download. (Do this for every download that offers it).
  3. Download the file (DO NOT EXECUTE IT!  It’s NOT trusted until you validate the signature!)
  4. Use the signature software to make or verify the signature of the downloaded file.
  5. If the signature checks out, the file is safe.  If it doesn’t, DELETE THE FILE!  DO NOT EXECUTE IT!

Detailed VALIDATION instructions:

Before you get overwhelmed, scroll to the bottom and see that once you’ve done all this once, future validations are really simple…. Just those 4 steps at the bottom.  But for now, you’ll need to go through this more lengthy setup process.

In this tutorial, we’ll be dealing with a downloadable executable file that offers a public PGP signature for you to validate against.  You should know that there are many forms of signatures that an author could choose to publish.  Other than PGP, there are SHA1, SHA256, SHA512, MD5 (which has been broken), and several others.  These are the most popular ones.

We’ll be downloading and validating a popular BitCoin wallet app.  For this type of app, it’s critical to validate the downloaded file against the published signature.

Yes!  This looks very involved, but the good news is that most of these steps are only needed to be done ONCE EVER.  Since this is your first time, there are many steps to get new things installed and set up right.  Subsequent verification will be much simpler and I’ll provide a list of steps to do after you have everything set up.

First, install some PGP key software on your computer.

  1. Install gpg4win from here: https://gpg4win.org/
    1. It will install a few utilities and a GUI app that will hold all of your PGP keys and certificates. (You don’t need to understand what those are at this point).
  2. Skip this step if you already have a public/private PGP key pair.  Create public/private keys for your own e-mail address.  You’ll need this later and it has other benefits such as being able to send and receive encrypted e-mail on any e-mail system.  See: STICK IT TO THE NSA: HOW TO ENCRYPT YOUR WEBMAIL
    1. Open the “File” menu and choose “New Key Pair”.
    2. On the box that opens, choose “Create a personal OpenPGP key pair”.
    3. Enter your name and e-mail address, then click “Advanced Settings…” and on the top 2 drop downs, change it to 4096 bits.  That’ll make your key orders of magnitude stronger.  If you want, feel free to check “Authentication” and “Valid until” and pick a date.  I recommend 1 year into the future.  If you choose a date, your key will not be trusted by anyone after that day.
    4. Click [OK], then [Next], then [Create].
    5. It’ll prompt you for a password.  To use your private key, you’ll need this password, so DO NOT LOSE IT!!!!!  Go ahead and enter it.
    6. After taking a few moments (and it WILL take a few moments), you’ll have a key pair.  If you want others to be able to send you encrypted data, I recommend clicking the button “Upload Public Key To Directory Service…”.  People will be able to look up your public key via your name or e-mail address.  But, it’s not needed for validating signatures, which is the primary purpose of this article.  Now, click [Finish].
    7. You’ll now have a new, certified key in your key ring.  PROTECT YOUR PRIVATE KEY WITH YOUR LIFE!!!!

If you’re interested in more details about what they private/public key pair is that you created, please see.  It’s not necessary to know all of that for this article, but it will clear up some confusion, if you have any.

Now, let’s do an actual Verification!

  1. Go to https://electrum.org/#download and view that page.  (Note, if you have the know-how and the means to download and build from the source code, ALWAYS do that rather than downloading a pre-built executable!)  Notice the signature links next to every download option?  THAT’S what we’re working with in this article.
  2. Click the Windows Installer and download it.  DO NOT RUN IT!  In the folder in which you downloaded the file, you’ll see a file named something like electrum-3.1.0-setup.exe.  As you can see, I’ve downloaded prior versions of the file too.  Notice that some of the files DON’T have “.exe” at the end?  We’ll fix that shortly.
  3. Back on the web page, click the signature next to “Windows Installer”.  You’ll see something that looks like this in your browser:
    1. -----BEGIN PGP SIGNATURE-----
      
      iQIcBAABCgAGBQJanWcrAAoJECvVgkt/lHDm/a8P/iyHkc+2zkaL2JpbhBMEnPE3
      qf21G0xOmkq9x9bfnKhCT1WYbpJrkjbeSCUSlfENbpjpud+ANCDNLA16n4T9eVPL
      0VrrejOTtH37OwJUI35v5asqmT6N4XcuokY+D2f0uSjd4Pnh+SQP9D5NAk0/1DeH
      WgtEfTKYfiPHzl6NJ3XcVjdMNl2H536OwFZx0x4u0nsdFoAvZgHIA/rrSWxMkN+C
      AbMtTd0pGqPYo5gJnHaoYkxbDIvq/CXRgaHFp0arPaKkYSwqkG/Q7KC1z1zbFLcq
      gD2z9tkj3toBzyCUNrmbmmGd491T6XbZujtiFYbjNhyMBjuBBR4V1sae/mzXoFDb
      LW3wwl8OsrnQlFfSN/NbqEFPSUIbFl5rFpK/LgV3YId7kbujXukKxfTHDce2OsjP
      U7a8QrUm7C3MTz4zAlgWWDwN3rioEzlfebe1qCQxI4hAu7vglOE+cW3UKJVh7zyM
      J21KKKzIO1EZz91t8EfHYrJMWL7Yl3/orgDOEjM2t1IAEm5znAzO0uBujBykgLXV
      A0mF3CP1/Vt+Wosc1aRn7+rzMH1nPpOiEoXYDALASc1mXnNA4oS3/vK9BtzJtZJm
      1jG/Zc+ubB7ybUjKP6e9Z0O8eGX2sWdaqPZCXm2ZNpRidPV6S0Y4mVuoPWb1CIg2
      wJlzoxNsCRk4Ox7qOv6e
      =cof+
      -----END PGP SIGNATURE-----
  4. Click anywhere on the text and hit [Ctrl]+[A] to select all of that text, then [Ctrl]+[C] to copy it.  Or you can select all the text with your mouse and copy it.  You’ll be pasting it into a text file shortly.
    1. DO NOT COPY THE PGP SIGNATURE FROM MY ARTICLE TEXT!!!
  5. Open the folder to where you downloaded the Windows Installer file.  It should be named something like electrum-3.1.0-setup.exe.  Obviously, if you’re reading this in the future, there will likely be a newer version.  This is the latest version at the time of this writing.
    1. Right-click on any empty, white space in the folder and choose “New”, then “Text Document”.  A new, empty text file will be created.  Ignore the extra menu items I have.  I’m a developer and have extra features installed that you might not.
  6. Now hit enter to open the empty text file and paste the PGP key into it (from step 3.1 above, you should have the text in your copy buffer (or “clipboard”) still).  Hit [Ctrl]+[V].  This will paste the text you already had copied from 3.1 above into the text file.  Now hit [Ctrl]+[S] to save it.  And finally CLOSE notepad (or whatever text editor you’re using).
  7. Now rename the text file to exactly the same name as the downloaded electrum exe file, but with “.pgp” added to the end of the filename.  In my case, I rename the text file to electrum-3.1.0-setup.exe.pgp
  8. Now, let’s fix that problem where the file types (also called “file extensions”) are hidden.  While looking at the filename that you downloaded in Windows Explorer, open the “View” menu or tab.  On the right hand side (you might have to resize the window to something bigger to see it), open the “Options” drop down and choose “Change folder and search options”.
  9. On the “Folder Options” that opens up, click on the “View” tab and check OFF (or UN-check) the box “Hide extensions for known file types”, then click “OK”.  It should NOT have a check-mark in it.
    1. You’ll see the files changed from this…
    2. to this…  (again, these are MY files, you may have more or fewer and certainly different files in your downloads folder).
      1. It’s VERY important that you see the FULL filenames.  Before this, the electrum-3.1.0-setup.exe.pgp file looked like it it was named electrum-3.1.0-setup.exe and as you can see, there’s actually ANOTHER file that actually has that name.  Why Microsoft hides these by default is beyond me.   All it does is create confusion is severely increases the risk of hackers tricking you into launching a malicious program when you think you’re opening a safe text file or a picture file.
  10. LET’S DO IT! Let’s make an attempt to actually verify the PGP signature of the file.  Spoiler alert:  It won’t work, but that’s OK.  It will walk us through what we need to do.  Right click your newly created and renamed file that you added “.pgp” to the end of the filename on.  In my example, it will be electrum-3.1.0-setup.exe.pgp , and then choose “More GpgEX options”, then “Verify”.
  11. The verification process will complete as verified, but not fully verified…
    1. Here’s what’s going on.  The EXE file DID verify against the PGP signature, but the signature, itself, is not known to be trusted.  At least, your verification software you’re using (called Kleopatra) does not know the signature to be from a trustworthy source.  You’ll have to TELL IT that you trust that author’s key.  Once you do that, Kleopatra will fully verify everything produced from that author, signed with his same keys.  Click the “Search” button.  This will search on several public PGP key stores on the internet for one that contains that PGP key you have from that author.
      1. It SHOULD find a key from ThomasV@gmx.de after a minute or so…
      2. Click his e-mail address and then click the “Import” button.  That will import his public PGP key into your PGP keyring.  This will make it available for future use by you to validate new versions of this app and others from the same author.  You won’t have to go through all of these steps again for future downloads from him.
  12. Now we need to CERTIFY his signature.  This simply means we’re going to tell our local install of Kleopatra that we TRUST the key from ThomasV.  Open your start menu and find Kleopatra and launch it.
    1. It will show you all the public and private PGP keys you have installed.  Here’s what MINE looks like.  Yours may have only the one key from ThomasV and your own key.  (I’ve blurred my personal keys).
  13. Now, we’ll certify ThomasV’s key.  Right click his key (anywhere on the line with his e-mail address in it) and choose “Certify…”
  14. Check ALL the boxes on the “Certify Certificate” dialog box that pops up, then click “Next”.
  15. Now you need to tell it which of YOUR keys you want to certify it with.  It should show you all your keys that you already installed for yourself.  Select the one you wish to use to validate.  It’s not critical which one you choose, but I recommend choosing the latest one of yours that’s not expired and is associated with your most used e-mail address.  And select “Certify only for myself”, then click “Certify”.  (I’ve blurred all my personal signatures).
    1. You’ll see the following once Kleopatra has marked his certificate as validated by your own key.  We do this to make the software validation work.  Most of these steps are a one-time deal.  You will not repeat all of these every time you want to validate a signature on software.
      1. Click [Finish] and you’ll see your list of installed keys and see that his key is now marked as “certified”.  This is good.  This will REDUCE the number of steps to validate software from him in the future.
  16. Now, one more time, let’s right-click the electrum-3.1.0-setup.exe.pgp file you created, choose “More GpgEX options”, then “Verify”.  This time, you’ll get FULL VERIFICATION!

Congratulations!  You’ve now validated that the Electrum BitCoin wallet software is safe, unmodified, and from the original author.  It is safe to install.  Please note, this was NOT an article about installing the Electrum BitCoin software.  It was an example of how to validate software signatures from ANY software you download (as long as the author provides you validation signatures).  We could have used countless other apps to do the same thing.

It’s MUCH easier the second time!

Yes, I know.  That was quite a lot of work to do.  But that’s only because you’re new to this AND you had to install, configure, and create lots of new things.  Now that you’ve done it once, doing it again will be much less effort.

From now on, all you do is the following:

  1. Get the PGP signature of the file you want to download and save it into a text file.
  2. Download the file you want.
  3. Rename your PGP signature file to exactly the same name as the file you download, but with “.pgp” appended to the end of the file name.
  4. Right-click that pgp file, choose “More GpgEX options” -> “Verify”, and it’ll either validate or report that it’s not valid.

That’s it!  And getting newer versions of the app will be the same 4 steps.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

LastPass: Turn Off Auto-Fill NOW!

There are many reports recently of malicious websites and malicious scripts in ads and comments on websites that generate login name and password fields on legitimate sites that trigger LastPass and other password managers to auto-fill with your credentials, allowing the bad actors to literally steal your login credentials, without you doing anything except innocently visiting your favorite sites.

Side note:  This is a REALLY GOOD reason to turn on 2-Factor Authentication.

To turn off aut-fill in LastPass is pretty simple, but nearly impossible to find and know how to do with out someone else “in the know” showing you.

  1. On your desktop browser, open your LastPass vault.
  2. Click “Account Settings” in the lower left.
  3. Click on the “Never URLs” tab.
  4. Click the “Add” Button at the bottom of the dialog box.
  5. Now, you’ll need to do this 3 times, once for “Never Fill Forms”, “Never AutoLogin”, and “Never AutoFill Application”.  Choose “Never Fill Forms”, from the “Type” drop down and then type “all” (without the quotes!) in the “URL” box and click add.  Continue for “Never AutoLogin” and “Never AutoFill Application”.

That’s it!  From this point forward, LastPass will still work, but it won’t just blindly fill in your login name and password to just any field named “login” or “password”.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.