Hello Kitty

Since she was a kid, my wive dreamt of having a pet, preferably a cat. Our kids also said they would love to have a cat or a bunny or a turtle or… I grew up with animals. We had cats and dogs and sheep and goats and chicken and once even a pig. We even had newborn cats and dogs and chicken in our house. Out of all these animals I like dogs best. They are a lot more social and intelligent then any other animal we had. But for our family, even I have to agree, that having a dog would be too big a commitment and responsibility. So after reviewing bunnies, turtles and guinea pigs, we settled for a cat. Mirella surfed the web evening for evening for weeks searching for cats. Then I saw a poster in a cablecar station when doing some tandem flights. Somebody uphill wanted to give away some young cats. They looked cute. So I took a photo of the poster.

After some back and forth and some planning and buying equipment, we went to get one. I quit work early last Friday. After I came home, we drove to Flüelen together, and took the cablecar to Eggberge. The boys were totally excited. We had to walk about half an hour uphill to reach the farm. A boy fetched the cat we had previously selected. They didn’t ask a specific price, but just wanted something to cover their expenses. Our boys could choose a name for the cat. They came up with “Simba”. Simba didn’t like the walk in the box too much, so she started to purr when we stopped at the cablecar. The ride with the cablecar as well as with the car didn’t look too pleasant to her.

But at home she came out of the box, exploring our flat and cuddle. It turned out even though she grew up on a farm she is not shy at all. It’s clear that the kids on the farm spent a lot of time playing with the young kitten. She doesn’t seem to care if our boys drive their RC cars close by her. We try to teach our boys not to carry her around all the time, and watch for the signs if she likes something. Eventhough you can tell if she doesn’t like it sometimes when they play with her, she never hurts them.

HW1 tiny BitCoin hardware wallet

While the trezor is certainly a great device for securing BitCoins, I’m also interested in alternative hardware wallets. Even in my very first discussions about increasing the scurity of BitCoin we talked about SmartCard solutions. After all, that’s also how I secure my GPG keys. But a regular SmartCard alone only protects the keys. If the computer is malware infected, it could sign another transaction than the one you initiated, and thus spend all your coins at once. The trezor solves this problem nicely with displaying the transaction details on the screen, waiting for a button press to confirm. Then came the HW1, a tiny BitCoin hardware wallet, based on smartcard technology with some extras. Since it has no display nor buttons, I was ready to get somewhat reduced security compared to the trezor. But in fact they are also very clever, and it turns out the security is just as high at the cost of a bit of convenience. But as I understand it, that level is configurable. I just opted for the more secure option.

So, If I want to spend some Coins from my HW1, I plug the dongle which is smaller than a regular key on my keychain into an USB port on my computer. Then I start up electrum, and send the coins. Now the HW1 has to sign the transaction. It asks me to remove the dongle and plug it into another computer, that is preferably not connected to the internet. If I don’t have too much funds on this wallet, I can also plug it into the same one again. A text editor should be opened beforehand, and it should have focus. The dongle then acts as a keyboard, typing the transaction details along with a TAN code to validate the transaction. Next I remove the HW1 again, and plug it into the former computer. I type the TAN code, HW1 signs the transaction, and electrum distributes it to the BitCoin network. That’s it: simple and secure.

Just as electrum itself and trezor, the HW1 uses a deterministic hierarchical wallet. To be sure I can trust the device and the method in general, it was not enough for me to test that I can spend from it. I wanted to also be sure I keep my coins in case the device gets damaged or lost. That means I have to be able to restore it from a seed. The seed is generated when I first initialize the dongle. And like the TAN code it is printed out in HID keyboard mode. If you have it print it on a machine that could be compromised, there would be no point in using a hardware walled in the first place. So have it print the seed to an air-gapped secure computer. If you already initialized your HW1, you can’t restore another seed onto it, unless you reset it first. I couldn’t find any documentation on how to reset it though. A developer told me to enter a wrong PIN three times to reset it. After that, don’t choose restore, but initialize. In the BTChip personalization manager that follows, you choose restore. I did this on a machine where I removed the harddisk, and booted from a fresh USB stick. Getting electrum usable with all the required plugins and libraries was the most work. Before typing in the seed, unplug the network cable and disable WiFi. After the seed was typed in, and the dongle restored, I issued “sudo dd if=/dev/random of=/dev/sda” and waited for the kernel to go belly up. That’s for making sure no sensitive information remained on the USB dongle. Don’t do this on your regular computer.

In conclusion, I can say that:

  1. The security is just as high as with the trezor, if you let it type the TAN on a computer that is temporarily offline. But the convenience obviously suffers.
  2. If you only use it to store medium value funds, you can have it type on the same device, at reduced security. In that setting the convenience is about the same as with the trezor.
  3. Where the biggest difference lies for me, is restoring the device from a seed. Preparing a fully equipped air-gapped computer to securely restore the dongle from a seed proved to be quite some work. While with the trezor, you don’t need an additional computer. Luckily that’s a task that is required infrequently.

While the experience with the trezor was smooth from the beginning, I tested a lot with the HW1 to gain confidence with it. I found some minor bugs. I had the computer freeze a couple of times. I saw lots of messages about dongles not found. I had to reconnect and start over many many times. Some things were not documented or not obvious. All these problems became lesser the more I tested it. I can only explain it that way that I grew a sense for the correct timings and steps required. In the meantime I use it without problems, but I have the feeling that it is not as robust as the trezor. It will work in the end, but you might have to try a few times before it does.

I packaged the python library that is needed for the plugin for ubuntu. Once all parts and dependend libraries are out of beta, I will also try to get it into debian. On ubuntu, you can install it like this:

sudo apt-add-repository ppa:richi-paraeasy/bitcoin
sudo apt-get update
sudo apt-get install python-btchip

Ah yes, and there’s the price difference. A trezor costs $119 while a HW1 is just $20. At the moment they have a 2 for 1 offer, so go hurry.

What could go wrong when ordering pizza?

For some months now it was possible to order pizza for BitCoin in our area. I wanted to give it a try since it was announced. But only last Thursday, I proposed to my coworkers to order pizza. And that I would pay with BitCoin. It was meant as a demonstration how cool the virtual currency is, and that it is actually useful in the real world. I was going to take pictures and blog about it. After all, a pizza deal was the first real use and most famous BitCoin transaction in history.

So I placed the order with lieferservice.ch for pizza’s from Angolo, where we used to go for lunch before. The website was really cool, we could order extra ingredients on top of the regular pizza. Payment was a breeze, as always with BitCoin. It was 11:25 when I placed the order, and I picked 12:30 for the delivery. The email confirmation from lieferservice.ch followed immediately. But when we all grew more and more hungry, I tried to call Angolo at 12:45 to ask where our food was. Nobody answered the phone. I tried again, and again, and again. Nothing, not even an answering machine. After 13:00 we decided we would drive to Angolo with the confirmation email, and eat our pizza in the restaurant. When we arrived, it was closed for holiday.

This is clearly not how this is supposed to work. The guy from lieferservice appologized, and told me their contractors are ment to tell them when they change opening hours. He couldn’t refund me in BitCoin, and asked for my IBAN instead. One of my colleagues was so pissed off, he said he wouldn’t go to Angolo ever again.

Paracuda walk & fly

In the Paracuda paragliding club, we distribute the organization of the events among the members. So I agreed to organize a “walk n fly” event in October. Usually pilots go up with a cablecar to go flying. This saves us from having to carry the equipment for too far. But for people that want to do a bit more sport and see a bit more from the nature, there is “walk n fly”. It’s the perfect undertaking for autumn, where the thermals vanished and the temperatures retreat. The interest was stealthy from the start, but I still hoped some people would join. To my dismay, I was alone on the meeting point.  That didn’t stop me from going to hike though. The Wasserberg was covered in a cloud, and the description in the Internet described the trail as difficult to find. So I save this one for later. Instead I went to the familiar Pfaff near Glattalp. About once a year, I take the cablecar to the Glattalp, and do the half hour hike to the Pfaff. It has a huge take off area with two possible directions. After I was airborne, I headed straight to the Kupferberg with a nice little cloud atop. As I approached, the birds left, and apparently the thermals as well. So I went to the next one. This was the mountain straight on top of where my father grew up. I remember looking up the wall when I was a kid, visiting my grandmother. It looked enormous from below, but at the hilltop looks very friendly. It even spared some thermals for me. In October late afternoon it’s already very nice, if you can hold your position for a couple of minutes. After cruising around in the Bisital some more, I landed right behind my uncle’s cows. That was actually the most difficult part of the flight. There is a tight grid of power lines, and only from atop I could spot a cell big enough to squeeze into. I had a coffe at my cousin’s house, and then hiked back to the car. The signs indicated more than an hour, but actually it takes only slightly more than half.

 

The Rise and Rise of BitCoin

As part of the Zürich Film Festival last week, they presented “The Rise and Rise of Bitcoin“. I couldn’t make it to one of the screenings where the director and the main actor were present. The room was fully booked, which I noticed with delight. I didn’t learn too much from the film on the technical side, as I’ve been involved with the topic for some years. But it was interesting to get to know some of the famous players a bit better. The movie was not very technical, and that’s on purpose. It does a great job in explaining BitCoin to the average people, and maybe get them interested in the future of money.

To test my knowledge in the area of BitCoin and crypto currencies in general, I recently took the test for “Certified BitCoin Professional“. While most of the question are not that hard if you’ve been involved in BitCoin for some time, the time to answer is limited. You have to answer 75 questions in 20 minutes. So I forced myself into flow mode and gave the answers swiftly. After 16 minutes I hit submit on the last one, and was presented with “73 correct out of 75”. They won’t tell which ones were not correct, nor do they specify how many you need to get the certificate. Only the fee stops you from trying it over and over again. I’d be interested in your scores.