Oxygen doesn't grow on trees.


Google developers have confirmed a cryptographic vulnerability in the Android operating system that researchers say could generate serious security glitches on hundreds of thousands of end user apps, many of them used to make Bitcoin transactions.
(via Ars Technica)

The generation of random numbers is too important to be left to chance.

Robert Coveyou, Studies in Applied Mathematics, III (1970)

Basically, in 2013, it is still exceptionally difficult to send money to a friend and this is leading to a customer revolution.

Jaron Lukasiewicz, Coinsetter CEO at Inside Bitcoins NYC (via)

Everyone should walk around with 1-2 bitcoins that they can use for small transactions only. If enough people are doing that, then the volality of currency goes down and the value of the currency increases.

Vinny Lingham, CEO of gyft (via)

BitPay employees pay each other back when someone makes a food run, by pointing their phones at each other and scanning QR codes.

Jeff Garzik, ‪Bitcoin‬ Core-Developer (recently snatched by BitPay) (via)

I recently noticed that when I log in to two Twitter accounts, one from Google Chrome’s main window and one from an Incognito one, the session would sometimes mysteriously “leak” to the main window. I suspected this may be caused by a faulty extension, and it seems I was right. The faulty extension is, ironically, HTTPS Everywhere by the Electronic Frontier Foundation.

It seems that cookies set in normal browsing mode cannot be seen in Incognito, but that (some?) cookies set in Incognito are visible to normal browsing mode. Unfortunately this means that your incognito sessions can leak data into your normal browsing sessions.

According to a 4 months old HTTPS Everywhere bug report, it’s a Chrome API bug: “We’re getting the onCookieChanged event, and the cookie we get in that event has a storeId of 0 regardless of where it comes from (Incognito or not). We then turn right around and set the secure flag on the cookie and issue a cookies.set(cookie). Since the storeId is still the default store, the cookie leaks to normal mode.

The only other report I could find was a very minor Google+ post by Todd Vierling (with reproduction instructions) from more than half a year ago, and it seems like nothing was done to mitigate the issue since.

Reproduced in Chrome version: 28.0.1500.72 m, HTTPS Everywhere version: 2013.7.10

I really enjoyed reading Paul Graham‘s essay “Do Things that Don’t Scale” in which he gives counterintuitive advice, encouraging entrepreneurs to invest time in manual labor at the “larval” stage of a their startup’s life.

Here are several highlights I found interesting (could also serve as a tl;dr summary for the lazy, although I recommend reading the essay in full):

  • The most common unscalable thing founders have to do at the start is to recruit users manually.
  • Instead of asking “Will you try our beta?” and sending a link, the Collison brothers weren’t going to wait. When anyone agreed to try Stripe they’d say “Right then, give me your laptop” and set them up on the spot.
  • There are two reasons founders resist going out and recruiting users individually. One is a combination of shyness and laziness. They’d rather sit at home writing code than go out and talk to a bunch of strangers and probably be rejected by most of them. The other reason founders ignore this path is that the absolute numbers seem so small at first. This can’t be how the big, famous startups got started, they think.
  • You should take extraordinary measures not just to acquire users, but also to make them happy. Send each new user a hand-written thank you note. Your first users should feel that signing up with you was one of the best choices they ever made. And you in turn should be racking your brains to think of new ways to delight them.
  • A lot of of startup founders are trained as engineers, and customer service is not part of the training of engineers. You’re supposed to build things that are robust and elegant, not be slavishly attentive to individual users like some kind of salesperson. Ironically, part of the reason engineering is traditionally averse to handholding is that its traditions date from a time when engineers were less powerful—when they were only in charge of their narrow domain of building things, rather than running the whole show. You can be ornery when you’re Scotty, but not when you’re Kirk.
  • The feedback you get from engaging directly with your earliest users will be the best you ever get. When you’re so big you have to resort to focus groups, you’ll wish you could go over to your users’ homes and offices and watch them use your stuff like you did when there were only a handful of them.
  • Some startups could be entirely manual at first. If you can find someone with a problem that needs solving and you can solve it manually, go ahead and do that for as long as you can, and then gradually automate the bottlenecks.
  • The Big Launch is one sort of initial tactic that usually doesn’t work. Some founders seem to believe they’ll make it big if and only if they’re launched with sufficient initial velocity. They want to launch simultaneously in 8 different publications, with embargoes. And on a Tuesday, of course, since they read somewhere that’s the optimum day to launch something. It’s easy to see how little launches matter. Think of some successful startups. How many of their launches do you remember?

Some people, when confronted with a problem, think “I know, I’ll use regular expressions.” Now they have two problems.

jwz (via)

However, if you really have to, use Grant Skinner‘s very useful RegExr tool.

New Homepage Design

New design for my homepage at innerlogics.com. I’m quite happy with the result!

The documentation is somewhat incomplete on how to force Google Analytics to use SSL when working with the ga.js tracker (using asynchronous syntax). When using analytics.js, a simple call to set forceSSL is sufficient.

The correct syntax is


One thing humans don’t know how to do is shut down peer to peer networks. We don’t have the technology.

Peter Vessenes, founder and CEO of Bitcoin exchange CoinLab (via)

My friend and very talented artist Ben Genislaw has finally released the multiple-award winning animation short “Happily Ever After: A Journey to the future of a young couple moving in together for the first time“. It’s happy, sad, depressing, inspiring and above all, amazingly done. Enjoy!