Tutorials Archives - James W Montgomery

How to create a pseudonomous identity on the internet

A short guide to creating a pseudonymous identity on the internet that probably can’t be traced to your real identity (for fun).

Maybe you want to launch a DeFi product without attaching it to your identity? I don’t know you.

Prerequisites:

Can use Ethereum & MetaMask
Can use a VPN or Tor
Can use email and Twitter

Step 1: Use VPN or Tor

Obfuscate your IP address with a VPN or Tor when interacting with these applications to maximize cloak. Or don’t. At least use Brave browser.

Step 2: Fund a new Ethereum address with a Mixer

Properly transfer some ether through a mixer like Tornado to a brand new address (probably MetaMask). This kills off any connection to your central exchange (CEX) funded address.

Remember, don’t dox your new address with direct transactions or other touches.

Step 3: Create an Ethmail address

Legacy internet is built with email. Claim your ethmail.cc email address using your new Ethereum address. Don’t add an email forwarder.

Step 4: Signup for Twitter, Github, etc.

Use your new email to signup for new accounts.

Don’t reuse a password – always use VPN. Be careful when you set up 2FA to not use a linked phone number – maybe no 2FA at all.

Make sure you’re using incognito so Twitter can’t link your old sessions to the new account – clear browser cookies/local data first.

Step 5: Claim an ENS name and link your social profiles [optional]

Add Twitter to your ENS record and ENS to your Twitter profile. This ties and proves your address to your profiles. Don’t want to prove it? Do you.

Step 6: Use

Launch smart contracts and tweet tweets, you’re free!

Tip: Super easy content ideation

Ever get stuck coming up with ideas to write about?

Simply record or revisit your Google searches related to your niche and write about what you learned.

This is especially helpful when you search for something and cannot find what you’re looking for – prime content for future searchers.

For the perfect example of this in action, I recently searched for “how to show the ManageWP plugin”, but had to ultimately ping their support team to get the answer.

I then published the result: How to show the ManageWP plugin.

This capitalizes on the exact search term I used (SEO), leaves a record for future searches to resolve this same issue, and sets me up as a SME on this term.

Thoughts?

Tip: How to show the ManageWP Worker plugin

When you install the ManageWP plugin, you can configure it to be hidden from view so the client website won’t accidentally remove it.

This also hides the plugin from you and, in the case that you want to remove it, makes it slightly more painful than it needs to be.

Simply add the following query parameter on the plugins page to reveal it:

?showWorker=1

This will reveal the plugin so you can manage it.

How to change your password on every account you own

When I was a young warthog, I created my first Gmail account.

It was a time of AOL Instant Messenger, Koolaid Jammers, and learning how to bypass school internet blacklists with proxies to play flash games during comp sci.

As such, I did not create a timeless email address.

Instead, I opted for a juvenile one to befit my tremendously small ego: [email protected].

But that was my email address and slowly but surely I used it to create one account after another over more than 10 years.

Facebook, Amazon, MySpace, Soundcloud, Bank of America, WordPress, etc. The list goes on as you well know.

Some years later I wised up and created a sensible email address – only to slap on an email forwarder and continue to use my Gmail-of-youth.

I thought this blog post was about passwords?

Yeah, yeah, I’m getting there.

So, here I was using my old Gmail for all my accounts, when I started to pay attention to the news.

Yeah, data breaches made me fix my email address because, like 73% of people, I was using the same passwords across multiple accounts.

Let me reiterate: my email-password combo was the same for basically every account I own. So, if any of these accounts became compromised, the hacker would have my email-password for all of my accounts.

And I thought, well there are so many accounts out there, mine probably is safe. Nope.

I ran my amazing email address through the breach scanner (yes, it’s legit) and found I’d had my data exposed by Apollo, a company I had literally never heard of.

As the data breaches began to pile up, not only did I become more worried, but I learned quite how easy it is to access this breached data.

Literally, any Joe Schmoe can go and retrieve it from the published list – though, I’m not going to show you how to do that, sorry.

So, I freaked out and changed all my passwords

It’s understandable, really.

It would be foolish of me to continue to trust organizations to keep my data safe, so the least I can do is plan for them to lose it and mitigate the risk of my other accounts.

I resolved to take my security into my own hands by changing the passwords of every account that I owned to one that was unique and secure.

Now, I’m not a lunatic. I didn’t stay up for 48 hours straight trying to remember every account I owned and change its password.

Instead, I took one hour to do the following task list:

Set up a password manager
Change my password (and email) on the most important accounts I could think of.
Set up two-factor authentication (2FA) when available

A password manager is absolutely key here.

Without one, you’d end up with a Google Sheet with all your accounts and passwords lined up – now that wouldn’t be very secure, would it?

Though you might be thinking “well then, wouldn’t all my passwords just be stored on the password manager’s servers and equally be at risk”, password managers have deep layers of security and encryption that hinge upon a master password – so even if the data breached, without the master password the information would be useless.

Protip: Master passwords should be long phrases that you can easily remember like “honestly, I still can’t believe it’s not butter” or “long live the flying spaghetti monster”.

Longer passphrases are far more effective than 0bscur3 pAsSw0rdZ! since it takes computers way longer to guess.

Personally, I use Last Password, but I hear excellent things about One Password as well.

Two factor is equally as important since it prevents unauthorized account access even if they have your password. Always choose to use an application like Authy or Google Authenticator, instead of SMS, when available. (SMS has been proven vulnerable, but it’s better than nothing).

Protip: *always* store your 2FA backup code within your password manager – if you lose your phone, you’ll be screwed without the backup code.

After that initial hour, I decided to just update the rest of my accounts as I went along.

In all honesty, I’m still in the process.

The end … of an era

Now, my key accounts

All have a unique, secure password stored safely (and handily) in my password manager
Have 2FA enabled with Authy (with backup codes also stored in my password manager)
No longer use my old Gmail address

On top of that, I added a forwarder from my old email to my new one and made sure to automatically label incoming emails from that account so I could be sure to address anything sent there.

I’ll never delete it though, it’s such a baller email address.

How to Create a Cryptocurrency: Part 1

Why would you want to create your own cryptocurrency?

I don’t know, I’m not you.

But what I can tell you is why I made my own: for fun.

Now, there are some truly legitimate reasons to make a cryptocurrency, but let’s save that for another blog post.

In my opinion, creating a cryptocurrency is now like building a Hello World page when you first start to code – it’s a great foundation and gets you started with a new skill, but we have so many it’s a bit of a running joke now.

With that in mind, here’s the gist of what needs to happen in order to create your own cryptocurrency.

Download Ethereum’s Mist client
Load some Ethereum on it
Paste some code
Publish

Sounds pretty simple, right?

It is. It’s really that simple.

So simple, that there are (of course) tools that automate all of that for you in one click.

But you’re here for something more .. in depth.

If you just copy and paste some code or use a one-click launcher, you won’t really understand how your new cryptocurrency works or how to make it better.

Let’s learn together.

Basic Cryptocurrency Principles and Definitions

First, let’s tackle the basics in the context of the Ethereum blockchain.

Protip: Since we’re publishing our cryptocurrency on top of an existing blockchain, it’s technically called a token. If we had our own blockchain, it would be considered its own (alt)coin.

Blockchain

Think of it like a group chat – we all have a copy of the history of every message and can add new messages ourselves – but we can’t go back and change any messages.

The blockchain is the history of every message while the messages are transactions that contain simple actions like “send tokens” or complex ones like “publish a smart contract”.

Since the entire history is stored, we can always refer back to any message and trust that it is accurate.

Address

Much like it sounds, an address is where something is located on the blockchain.

It looks like this 0xE798e24428621C24f40C48A70E……

If you wanted to send some ether to your friend, it would come from your address and go to their address.

With the Ethereum blockchain, every address can store ether – this is called the balance.

Ethereum is different from Bitcoin because it can also store the code from a smart contract.

Protip: Smart contract addresses are special because no one person owns the address. Be sure to add code into your smart contract that makes it accessible from your personal addresses.

Transaction (Tx)

A transaction is just a public message added to blockchain that says four things:

Which address it’s going to
Which address it came from
How much ether it wants to transfer
Additional data payload (like smart contract code.. we’ll cover this later)

Through Mist (or apps like Coinbase), when you send/receive coins they’re actually packaged in a transaction and stored in the blockchain.

This history of transactions on the blockchain allows us to ultimately come to an address balance.

Smart Contract

A smart contract is a bunch of code that lives at a special owner-less address on the blockchain.

It’s completely public, but the code can prevent/allow access to certain functions to a limited number of addresses.

For example, our cryptocurrency smart contract will allow users to send tokens from their own address, but not from others.

Smart contracts also have a balance and even a storage system for keeping track of data.

We’ll be diving deep into this throughout our tutorial.

Protip: A DApp (Decentralized Application), at a basic level, is just a collection of smart contracts that interact with each other. They can be as simple as a cryptocurrency issuance or as complex as payroll or voting.

Mist

Mist is Ethereum’s desktop application for managing your addresses (accounts) and smart contracts.

It can sync up with the main Ethereum blockchain (real money), with its test blockchains Ropsten/Rinkeby (fake money), or even a local blockchain you made on your own.

Mist is how you will deploy and interact with your new cryptocurrency smart contract – download it from Github.

Note: It can take a little while for the blockchain to download onto your computer, so be patient when it first loads.

Overview of Creating a new Cryptocurrency Token

Let’s talk about the broader context of what we’ll actually be doing. We’ll dive deeper a bit later.

First, we’re going to download and initialize Mist

Mist is our connection to the Ethereum blockchain.

It stores our ether, publishes smart contracts, and can technically even browse the internet.

Download it, connect to one of the test networks (so we can try it for free), and wait for a while as it downloads the blockchain.

Meanwhile, we’ll create a Mist account, head to the test faucet, and send some free ether to your Rinkeby test account. (no, it’s not real ether)

After the blockchain is finally downloaded, we get into the code.

Next, we’ll write a smart contract

This code needs to contain all the necessary pieces of our new token because we can’t edit it once we deploy.

The code will include the coin’s name and functions for creating an address framework, minting coins on launch, sending coins from one address to another, and even burning coins from existence.

Then, we send it to the Ethereum blockchain via a transaction

In Mist, we’ll package our code in a transaction and send it to the blockchain for processing.

Like any transaction, it will cost ether. Luckily, the test networks offer free ethereum for testing.

Once the transaction is confirmed, we will be given the address where the contract lives. This is the address where all transactions will be sent to in order to send your new token.

Finally, we’ll send some tokens from one Mist account to another

Since our smart contract is publically available on the blockchain, we can send transactions to it that modify address balances and effectively “send” cryptocurrency to one another.

Luckily, Mist handles this pretty seamlessly so you’ll be able to do it right within the Send panel.

Enough overview, let’s get started .. in the next post!

How to Add Referral Tracking System with Laravel

This tutorial was created with Laravel 5.5 on a fresh installation and could be considered outdated.

Referral affiliate tracking seemed like something that would be a pretty common development addition to Laravel, but I did not find much in the way of tutorials to guide me 100% of the way there.

This tutorial will walk you through creating functionality in Laravel that will allow your users to share an affiliate link that will give them credit for new users that register with your site. The principles described here should allow you to extend this tutorial to fit other referral needs.

Many thanks to Andy Brudtkuhl’s guide that brought me 85% of the way there; here is the extra 15%:

1. Setup the DB & Migrations

We’ll need to have at least the base auth scaffolding implemented

php artisan make:auth

Next, let’s generate a new migration that will add a new column to our User table.

php artisan make:migration AddReferredByToUsersTable

In this migration, just add a nullable integer called referred_by. We’ll just be setting the referrer’s user id as the referred_by value for simplicity’s sake.

Schema::table('users', function(Blueprint $table)
{
  $table->integer('referred_by')->nullable();
});

and make sure to drop it nicely

Schema::table('users', function(Blueprint $table)
{
  $table->dropColumn('referred_by');
});

Then, run your migration and check your DB to see that the columns are all set.

php artisan migrate

Protip: Make sure you add referred_by to the $fillable array in the User model (app/User.php), otherwise you’ll see some breakage.

2. Generate Referral Links

Easy peasy, just echo out the current logged-in user’s id appended to your url. The middleware we’ll build can catch it anywhere on the site, so feel free to customize this or build it into a helper function.

Stick this inside a view of your choosing.

@auth //only show for logged in users
  <input type="text" readonly="readonly"
         value="{{ url('/') . '/?ref=' . Auth::user()->id }}">
@endauth

The ?ref value will be what the middleware checks for.

3. Bake Cookies with Middleware

Now let’s create a new cookie if someone visits the referral link. We’ll later use this cookie to update the database during user registration.

For those that aren’t familiar with it, middleware basically runs as a filter for HTTP requests.

This means we can add new middleware that will check to see if we’ve added ?ref to the url and then set a cookie if we don’t have one already.

php artisan make:middleware CheckReferral

After we create our middleware, we need to register it in the kernel (app/Http/Kernel.php). We can specify certain routes or add it to a middleware group, but for this case a simple global registration is sufficient.

Add "\App\Http\Middleware\CheckReferral::class" to the end of the $middleware array.

Now, let’s create that cookie by adding some simple functionality to the new middleware file.

Replace the default handle() functionality with this:

$response = $next($request);

// Check that there is not already a cookie set and that we have 'ref' in the url
if (! $request->hasCookie('referral') && $request->query('ref') ) {
  // Add a cookie to the response that lasts 5 years (in minutes)
  $response->cookie( 'referral', encrypt( $request->query('ref') ), 525600 );
}

return $response;

Protip: By default, Laravel uses encryption in cookies. Use encrypt() to pass values to cookies, otherwise you won’t be able to retrieve them later on. Otherwise, you’ll need to add the cookie name to the $except array in the EncryptCookies (app/Http/Middleware/EncryptCookies.php) middleware.

Now, our registered middleware will check the url for ?ref and create a cookie.

Try it now: Navigate to a the referral url you generated in your view earlier. Then, check your developer tools to see if the cookie has been set. In Chrome, this is currently under the Application tab of the Developer Tools.

4. Assign the Cookie Value During Registration

So, now that our User model can have a referrer_id assigned to it and we have the referral cookie set, let’s finish this up by adding the referral cookie value to the referrer_id during user registration.

Fix up the default create() function in RegisterController (app/Http/Controllers/Auth/RegisterController.php) to look like this:

protected function create(array $data)
{
    $referred_by = Cookie::get('referral');

    return User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'password' => bcrypt($data['password']),
        'referred_by' => $referred_by,
    ]);
}

If you’re feeling protective, look into validating that $referred_by is a real user id. Remember, this value can be null and by default Cookie::get() will return null if no value is detected.

You’ll need to import the Cookie facade here to use that function.

use Illuminate\Support\Facades\Cookie;

Try it now: After navigating through a valid affiliate url (and confirmed the cookie is set properly), register a new user and confirm that the referrer_id has been set in the database for the new user.

Now what?

Well, that’s all for the sake of this article. Getting into awarding referrals tends to split dramatically from here on out depending on what you’re trying to accomplish.

At the very least, you have a foundation where you at least know who referred who.

Let me know if you have any questions or improvements in the comments below, particularly if you:

Know how to register the Middleware to automatically encrypt cookies without the use of encrypt()
Feel strongly that we should use a hashed user id for referral links.
Got lost anywhere along the way.