Category: Blog

Why “Cryptojacking Malware” is exactly what you want on every website

I’ve only ever clicked on one ad.

Congratulations to the Otter Box social media retargeting team, they reminded me to order a phone case that I’d meant to order for 3 months while I left my iPhone unprotected.

The rest of the 5005000 ads I see per day are simple wastes of screen time, my attention, my battery, my data, and my patience.

I am literally paying to see ads when up to 79% of a webpage’s size could be advertising and tracking codes.

Months and months of phone bills and overage all for the sake of that one single advertisement that might make it through and convince me to purchase.

We gave ourselves no choice

Publishers continue to struggle with monetization of their content.

Every day I consume content from bloggers, web cartoonists, photographers, videographers, gurus, and more and I don’t pay them anything. Nothing.

In exchange for free content, publishers hosted advertisements on their sites to help monetize their crafts.

I don’t pay anything, but they still get paid. It was a win-win.

But somewhere along the line, we got fed up with advertisements and installed Ad Blockers.

Faster load times, less eye strain, no distractions – an excellent content consumption experience.

All at the expense of the publisher of course who now struggles more than ever to make ends meet.

On top of that, if they try to block our access and ask me to whitelist their site to allow ads, I either don’t bother, actively avoid, or even treat the brand with disdain.

So how can we have our content and eat it for free?

What if you spend that same 79% of ad load… no, make it 10%…

What if you could spend 10% of a page’s load and a bit of battery generating a small amount of cryptocurrency for the publisher.

You get no ads, smaller data fees, and support the publisher without pulling out your wallet.

Seems like a no brainer…

Sounds cool, but what is it?

In general, this process is called cryptocurrency mining.

Specifically for websites, it’s just called browser mining.

In short, the mining script (aka miner) is doing a whole bunch of math and needs computer (CPU) power to do it. The more power the better.

It doesn’t use any private data, it doesn’t download anything to your computer, and it certainly isn’t stealing your money.

So, if all it does is use some of your unused CPU power, what’s the problem?

Well, like anything, stupid people are ruining it.

Now labelled as a ridiculous “Cryptojacking Malware”, this type of simple monetization strategy has been stained repeatedly by people trying to abuse consumer trust.

Typically, they introduce it with high CPU rates and without user consent.

Mining at too high a rate will cause your electricity bill to increase and your computer to slow down, freeze, or even crash.

Also, let’s stop for a minute and address what a terrible misnomer “Cryptojacking” is. It makes it sound like cryptocurrency theft. NO ONE IS STEALING YOUR CRYPTOCURRENCIES. Though abusers make be taking a disproportionate amount of your data limits and CPU speed, nothing is compromised or stolen. It’s not even malware – it doesn’t live on your computer, only in the browser.

So, it makes me so furious to see people abuse it and then media following up blaming the technology with this misnomer.

And now, these mining scripts are just being outright banned by the Ad Blockers they are meant to work together with. Ironic really.

This is a real solution that needs to be guided and implemented in a fair way for everyone.

What needs to happen next

Ideally, browser mining needs to integrate with the browsers.

Chrome has already begun throttling tabs that cause resource burn, but what we need is a browser hook that allows a site to say “hey, I’m running a browser miner, allocate me resources according to protocol or user’s settings”.

Instead of a hard ban on browser mining, we need browsers to include options for consumers to opt-in to this amazing and liberating feature.

Think of settings like:

  • Enable/disable browser mining
  • Set max % CPU power allowed for mining
  • Whitelist/blacklist publishers
  • Select priority of publishers
  • Mine for publishers while not engaged in their content
  • Mine in the background and use payments later

Help me Chromey-one Kenobi, you’re my only hope!

Though Chrome is set to block annoying audio ads, Google is still a member of the Coalition for Better Ads and their primary income by far is advertising.

Since advertising is directly threatened by browser mining, don’t expect movement from Chrome anytime soon.

And though Mozilla Firefox has at least started to build in ad-blocking, we have a long way to go before these types of browser mining integrations exist.

At the very least, we need to share a better understanding of what exactly “Cryptojacking” is so we can support better online experiences and even support charity.

Comment below with your thoughts and questions!

Ledger Nano S Cryptocurrency Hardware Wallet Review

Today is an exciting day: my Ledger Nano S has finally arrived!

For those that don’t know, the Ledger Nano S is a cryptocurrency hardware wallet meant to store your coins safely off the internet to keep them less prone to hacks, exchange theft, or software failure.

I bought mine because I don’t trust keeping my coins on an exchange and because my laptop has been acting up and crashing frequently.

So instead, I’ll keep my coins safe on this little USB stick.

Ledger Nano S – Money Shot

AND in case I lose or destroy it, it has a 24 word seed that I can use to restore my wallets on any other Ledger product.

TL;DR

This wallet was super easy to setup, intuitive to manage, built solid, and feels like an Apple product. I highly recommend it to investors of all calibers. Buy it now.

Quick Timeline

I bought the Ledger Nano S for about $100 straight from the manufacturer in France.

Ordered – Dec 21, 2017
Shipped – Jan 2, 2018 (via La Poste Colissimo)
Arrived – Jan 8, 2018

This was before they announced a 3 month product delay, so pre-order now while you can.

The Physical Product

The product package measures 5″ x 3 1/8″ x 1 1/8″ and came shrink wrapped as a nice touch.

Ledger Nano S – Packaging

As expected, the Ledger Nano S is extremely light and is about the size of any USB thumb drive (~2 1/4″ long).

Opening up the package felt super satisfying in the same way it feels to unbox an iPhone.

Ledger Nano S – Unboxed

The wallet itself it smooth and shiny, but easily takes fingerprint smudges. Inscribed on the back is “Vires in numeris” – Strength in Numbers.

Also included is a small welcome packet including instructions on setting up your device, a note about device security, and a blank 24 word seed store card.

Ledger Nano S – Seed Card

Though I probably won’t be swinging mine around on a keychain, they do provide a small key chain and even a lanyard – and a micro-usb to usb connecting cable of course.

Ledger Nano S – Everything Included

Working with the Device

Once connected to my computer, the Ledger Nano S lit up and scrolled through some basic instructions on setting up the device.

The device itself only has two buttons on it, but the Ledger team made their app very intuitive even with just two buttons to work with.

Note: the device itself doesn’t turn on without being connected to your computer, so don’t go pressing buttons with hope.

The startup sequence was actually quite short.

First, you select a 4-8 digit pin for use in unlocking your device. This pin can be changed or even randomized in the device settings.

Then, you are taken through the seed generation process. One by one it shows you your 24 word seed. Make sure to write this down in triplicate and store them safely – these are your lifelines in case something goes wrong with your product.

After it takes you through the initial 24 words, it will prompt you to confirm 2 of the words’ orders – like “select word #19″. This acts as the final stage in setting up your device.

Then you’re all done with setup! Once authenticated with your PIN, you can navigate through to the default applications: BTC and ETH wallet.

I didn’t want to risk my BTC to start, so I opted to add Ripple.

Adding Ripple to the Ledger Nano S

Note: Though I don’t go over it here, you would take the same steps to work with BTC etc – download the Ledger Wallet BTC and navigate to the corresponding app on your device.

By default, the Ripple wallet app is not installed on the Ledger Nano S.

Luckily, it’s very straightforward to do so.

First, download the Ledger Manager app through chrome. It was a bit weird for me to do this the first time because it’s a chrome extension that acts like an application on your computer.

Open it on your computer, then connect your Nano S and unlock it with your pin. This should prompt the Ledger Manager to unlock itself and present the dozens of wallet apps you can install.

Ledger Manager

It took me a couple tries, but finally the one-click Ripple wallet install worked.

Now that my Ledger Nano S had the Ripple wallet app installed, I needed to download the Ledger Wallet: Ripple onto my computer.

This chrome application, just like the Ledger Manager, is installed on my computer and only unlocks once your device is plugged in, authenticated with PIN, and has the Ripple app open.

Once it’s unlocked, you can easily see your Ripple address, send coins, and check your balance. It even generates easy QR codes and allows you to print or even send via email.

Ledger Wallet Ripple

To confirm how easy it was, I downloaded Ledger Wallet Ripple on an entirely new computer, plugged in my device, and confirmed that my Ripple was safely stored.

Final Notes

I love this product!

It was sold to me for a fair price and delivered in a fair amount of time for an international shipment.

It has an intuitive UI, was incredibly easy to setup, and the Wallet apps are incredibly simple yet refined.

That being said, it does have some room for improvement.

It does not support every crypto wallet at this time – though new wallets are being created and rolled out. For me, that means my XRB and REQ are not compatible yet.

At this time, the Ledger Manager does not show a list of the apps I have installed or provide any settings for those installed apps – though I can select and manage settings for these apps on the device itself.

Vastly small improvements compared to the value you’re getting with the Ledger ecosystem.

Maybe one day I’ll be lucky enough to upgrade to a Ledger Blue.

Getting Started with Bitcoin

A number of people continue to ask me how to get started with cryptocurrencies.

  • How do I buy Bitcoin?
  • How much should I invest?
  • How much have you bought?
  • Which coins should I invest in?
  • What would you spend $100 on?
  • What’s the blockchain?

I wanted to jot down some fundamentals here that should hopefully answer any questions you may have about cryptocurrencies and beginning to get involved.

Bitcoin, though it has seen explosive growth, is a highly speculative investment. Please do not bet the farm. We’ve seen people taking out mortgages in order to buy Bitcoins – this type of behavior en masse could lead to a global depression. Bet only what you can afford to lose.

How to buy Bitcoin

Currently, the easiest and safest way for a beginner to get some Bitcoin is to create an account on a Cryptocurrency Exchange. Use Coinbase to start and move on to explore other exchanges as you begin your exploration into other coins.

At present, you will need to verify your identity and provide credit card or banking information. Be smart when handing over this information and try your best to hedge against the worst case scenario – like your information being stolen or misused.

This leads us to a very important topic:

How to protect your Bitcoin (and other coins)

If you leave your coins on an exchange, you are asking for pain.

Please, please, please do not underestimate this advice. We have seen time and time again people losing all their money because they did not store their coins in a wallet.

Either download a software wallet to your computer or purchase a physical hardware wallet to store your coins safely off the exchange.

Each cryptocurrency will have its own supported wallets, so do some research online to what is supported. For Bitcoin, I use Electrum software wallet and the Ledger Nano S hardware wallet.

How much you should invest

Imagine you go to a casino. You see the roulette table is getting some great action. Everyone at the table has bet on black and won all night long – doubling, tripling, 200x’ing their money.

How much would you bet on black, knowing full well that it could land on red?

How much I have invested

Somehow, this is a question that comes up within 5 minutes every time. Most likely born of a natural curiosity, this question is deeply personal to me akin to asking how much money I have at all.

Instead of asking someone how much money they have, ask them which price points they managed to buy in at or how their portfolio growth has been. This is a bit more exciting and revealing of a conversation in many regards and will not offend someone who is protective of their assets.

What other coins should you invest in

One of the big problems I see is a lack of understanding of the core problems each cryptocurrency solves. Instead, people focus on the ROI of their investment.

This same mentality led to the .com collapse because we threw money at any website with page hits. We all now know that page hits aren’t gold and that same principle should apply here.

Go and research the different technology behind the coins and justify whether it has legs – otherwise it’s a gamble.

Personally, I believe Ethereum has a solid foundational technology that has tremendous applications. Remember, cryptocurrency is a byproduct of blockchain technology.

The blockchain and how it related to cryptocurrency

Most of the cryptocurrencies you’ve heard of are primarily transactional blockchains – meaning they are built to send money from A to B etc.

But blockchains can be so much more – from renting a car to registering land rights.

Cryptocurrencies are a way of incentivizing computer power to be spent on maintaining a blockchain. If the blockchain is good, the crypto is a good long term bet.

If the blockchain is only solving for cryptocurrency, it better do well otherwise it will be defeated by competition, just like any product or service. There is a lot of competition.

Should you get involved with mining

Probably not.

Mining on your computer is obsolete and setting up your own rigs is a complicated task even for people who’ve built a computer before.

Beware of cloud mining contracts as there’s hardly a way to determine if it’s a Ponzi scheme or not.

This is a buyer beware, wild west market. Be careful and be prepared to lose money.

Lessons Learned as a WordPress Theme Shop Customer Support Agent

Working for a WordPress Theme Shop has been one of the most influential experiences of my development career. Not only am I responsible for solving client problems, but I’m also responsible for learning how to solve those problems myself. I’ve learned a tremendous amount about what stumps users, what they want, and ultimately how to correctly respond to any support question – even if it’s never been asked before. I attribute most my knowledge to working as a WordPress Theme Shop Customer Support Agent and am truly stunned at all the lessons I’ve learned the hard way.

1. Live for the fix

The most gratifying part of being a custom support agent for me is solving the problem for a customer. If I can easily make their day better with a few lines of code that they would never have figured out, it honestly makes my day better too. Reading the words “omg thank you so much!!” brings a smile to my face every time and pushes me to try harder to fix the next problem. I reply to every comment, letting them know that I’m here to help them with any issues and adding emoticons when they really make my day. Even if I don’t know the answer, the least I can do is ask for additional information so the user feels looked after. It’s important to me that the user is happy, because when I need customer support, I want the same level of respect and dedication.

2. Assume they know nothing

There is no such thing as a stupid user, only inadequate directions. Assuming the user knows what FTP is or where to add CSS code is one of most basic mistakes I still manage to make. While it only may lead to another response or two on the support thread, it could add hours to the time before a user’s problem is solved. On top of that, when a user doesn’t know what to do or where to navigate, it leaves them feeling lost, impatient, and even angry. No bueno.

Being thorough and providing specific step-by-step directions is the best way to ensure a user can follow through and resolve the issue. For common questions, like ‘What is FTP?’, it’s very useful to just link them to a codex entry on the topic in your response. For example:

open custom-functions.php and change ... to ...

should be:

  1. FTP to server.
  2. Navigate to wp-content>themes>theme-folder>framework and download custom-functions.php
  3. Open it in a text editor
  4. Change code ... to ...
  5. Upload & replace the file on your server

3. Know every codex entry by heart (and slug)

Most of the time, users will require the same set of directions to solving a problem. Linking them directly to a codex entry with the steps to the fix is far more effective than re-typing the solution over and over again. That’s why it’s important to know what’s in your codex and to create codex entries for common issues. Knowing the slug of the codex entry is awesome for quickly linking to those common questions without having to search them every time, though it may be harder for super-SEO-taxonomized codex entries.

One time, Google Adwords updated their code so that it was incompatible with the Ad fields in our theme options. While we were working on a fix, a number of users were still affected by the change and created support threads. I did not create a codex entry and spent a lot of time detailing the solution for a number of users before I facepalmed at my mistake and created one. It saved me countless hours more than the time it took to create the entry. Lesson learned.

4. Have infinite patience

Sometimes, things break. When things break, users get mad. When users get mad, they use choice language. When users use choice language, I don’t like it. Though I don’t fight fire with fire, it is certainly off-putting and I wish I could reach across the internet to smack some sense into them. After all, I’m here to help you, there’s no need to be rude. This is where infinite patience comes in handy. Even if the user makes me mad, I try to step out of the moment and put myself in their shoes. I’ve been frustrated before, especially when something simple doesn’t work. I try to envision how I would want customer support to respond, even if I were angry. Empathy is the key to bringing me back to a place of level-headed helpfulness and even to go above and beyond to resolve the issue. I secretly prefer solving angry user problems because it’s gratifying to bring a bit of peace to someone who probably has a lot more on their mind.

5. Test your code before you recommend it

If you’ve ever tried out some code and then get white-screened, you know how terrifying it can be. Now imagine white-screening someone else’s live website because you missed a closing php tag. In short, they aren’t too thrilled. Even simple stuff like a css color fix can cause users to get upset if it doesn’t work. Sure, it was only an id selector instead of a class, but they don’t know the difference. And because of this simple mistake, and the lag time between thread responses, the fix takes hours longer than expected. In terms of user experience, you may have just lost a client. So, as I’ve learned the hard way, always check your code before you recommend it to someone else.

6. Stay up to date on library updates and bugs

WordPress isn’t perfect. Neither are themes or plugins. And they sure aren’t perfect together. Pile jQuery conflicts and deprecated functions into the mix and you have a recipe for some broken elements. It’s important to know when new releases of product are shipped, but it’s even more important to know what breaks with them. I remember when WordPress 3.7 launched there was an issue with default category menus because the exclude-category function failed. I thought it was an issue with the theme, but a quick look through some of the wordpress.org threads informed me that it was a 3.7 issue. If I hadn’t gone through the support forums, I could have wasted a lot of time trying to solve the problem within the theme, when it was something that was not broken in the first place.

7. Write in the plainest English possible

Writing grammatically correct English is important to me. It facilitates better communication and enables me to explain myself in full. However, most of the world does not speak English, and certainly not as a first language. Furthermore, some English doesn’t translate well into other languages or at all. Since a hefty percentage of our users are not native English speakers, it became very apparent that simplicity was my best friend. Writing for translation software is the best way to avoid redundant explanations. Useless directions like ‘You’ll need to navigate to the theme options then open custom styling etc..’ quickly became terse bullet points like ‘Go to Theme Options>Custom Styling’. Using capital letters, periods, lists, dashes, and semicolons became a common tool for segmenting sentences so that a user could see the split between directions. Turning long sentences into short, broken instructions is the best way to communicate over the language barrier.

8. Never Close a Support Thread

I may seem counter intuitive, but closing threads can actually make life more difficult. Users often have similar issues, but might want to ask different questions on the topic. If I were to close a thread, they would then open a separate thread, maybe link back to the original thread, and ultimately cause confusion somewhere down the line with fixes, external links, and duplicate search results. Leaving the thread open allows users to continue the discussion on fixes and allows them to communicate if a fix breaks or even contribute alternative solutions. Personally, I hate when a thread on wordpress.org is closed because I can’t ask further questions about a fix, especially when closed threads pop up as the first page of google search results. Closing threads leaves them out of date, shuts down nuanced discussion, and doesn’t play nicely with user experience.

9. Don’t be afraid to call for backup

I was hired to take the load off of the theme developers, who were serving as support agents as well. Most of the time I can handle the support threads, but sometimes a tough question will stump me. For a while, I was too proud to ask for help – I didn’t want to appear as if I couldn’t do my job. This only resulted in wasting my own time and, more importantly, the user’s. Now, instead of banging my head against the problem, I elect to bring in some experienced help from the theme developers. Not only will they be able to sort out the problem quickly, but I’ll also be able to learn from their solution on how to attack the problem in the future.

What lessons have you learned while working with WordPress?