Star Wars meets Blockchain: The Mandalorian and Interplanetary Chain Code

Recently, Disney+ launched a new series to build on the Star Wars universe called The Mandalorian. It follows a Mandalorian bounty hunter (think Boba Fett) on his adventures tracking down various characters for their bounties.

During a meeting with his handler in trying to acquire new bounties, the Mandalorian makes mention of “chain code” in the terms of taking on a vague underworld contract.

Chain code has never been discussed or defined in the Star Wars universe and the show doesn’t explain it at all, but I firmly believe that they are referring to blockchain (and you will too).

Chain code is code run on the blockchain

That’s the literal name of it IRL.

Also called Smart Contracts or dApps, chain code refers to any code that lives on a blockchain and does stuff automatically.

A great example of this would be to, say, put bounty money in escrow that would automatically be released when the subject is captured and returned.

It allows the bounty hunter to feel secure that payment would come through when terms are met.

Blockchain is the solution for interplanetary transactions

If I make a deal on Coruscant to deliver a prisoner to Naboo, I wouldn’t want to wait or rely on intergalactic transmissions to ensure payment. It would make more sense to confirm against a node (computer) on Naboo that has a copy of the chain code.

Since blockchains are immutable, append-only ledgers that are distributed identically across the galaxy, I can rest assured knowing that I will get payed for my bounty from the chain code and that my handler will be notified of the hand off.

If I were using standard centralized servers, I couldn’t guarantee that my handler didn’t delete or alter the contract – or that the government didn’t seize the assets and shut it all down.

And on top of all that, intergalactic communication take a while even at the speed of light. This distance requires asynchronous systems to have any type of reliability; otherwise I’d be waiting hours for communications to confirm.

In short, chain code via blockchain is the only reasonable solution for bounty hunting baby yodas.

DAI: An Actually Decentralized Stablecoin

Quite possibly the biggest concern that non-crypto folks have with cryptocurrency (read as Bitcoin) is the extreme volatility and the prospect of “going to zero”.

Now, I have deep faith that the value of Bitcoin, Ethereum (and a handful of others) will prevail, but the true on-ramp of the masses will not be speculative assets, but rather stable assets – those designed to maintain a specific static value over time.

Stablecoins remove volatility from the equation and are designed to prevent the value of your coins from moving with the rest of the market.

As with Tether, USDC, and others, DAI is a cryptocurrency that is designed to be pegged against the US Dollar.

1 DAI = 1 USD

The usual method for pegging stablecoins against a value is to back them up with that physical asset. For coins like Tether (USDT), reserves of cash are banked away in the same way that the FDIC would insure accounts: for every USDT issued, a physical USD sits behind it to cover liquidity in the case of a “run on the bank.”

DAI, however, is not backed by a bank account. It’s backed by economics (more below).

You might think this is a bad thing, but I’d like the chance to argue that this method is superior.

Issues with USD-backed stablecoins

The biggest flaw I find with USD or other currency backed stablecoins is that this creates a single point of failure for the system.

  1. It’s a single company in charge of the currency
  2. It’s a single bank in charge of that account
  3. It’s a single country’s government that regulates that bank

If that government decides to make cryptocurrency illegal or seizes the assets for reasons, what fate would befall these bank accounts and companies?

If a CEO goes rogue or is coerced into distributing funds, what trust can we have in the stability?

If companies refuse to agree to 3rd party audits, how can we know that these stablecoins are even backed at all?

In order to trust in FIAT-based stablecoins, we must trust in corporations, banks, and governments to get it right. I personally would like to trust them less.

DAI isn’t backed by USD

.. and that’s a good thing. So, how can DAI peg against the dollar?

Simply put: supply and demand. Here’s how it works:

How DAI get’s created

Unlike other stablecoins that are issued by a central issuer, DAI can only be created by staking collateral. (there’s a lot here, but we’ll cover that in another post)

Practically, in order to create DAI, I need to lock up some other valuables as collateral like ether into a vault (and can only retrieve that collateral once I pay back the DAI that was created).

Now, let’s say I create 10,000 DAI with some amount of ether. The worth of this is $10,000.

If the market value of DAI grows to $1.01, I would be incentivized to sell my DAI because it is worth $10,100; earning me $100.

This increases supply of DAI in the market, driving price downward.

But, I still need 10,000 DAI in order to unlock the ether that I put in.

So, if I see that the price of DAI has fallen to $0.99, I can buy 10,000 on the market for $9900; effectively earning me another $100.

This increases demand for DAI in the market, driving price upward.

Now that I can redeem (burn) the 10,000 DAI to unlock my ether, I pocket $200 extra (minus fees) and repeat the process.

In fact, I can specifically create new DAI when the price is above $1 with the express intent to sell it high and buy it back when it returns to $1 or below.

This both increases supply of DAI in the market, driving price downward, and increases demand for undervalued DAI as the collateralized ether will need to be unlocked, driving price upward.

Pretty neat and done completely without a bank.

In short, economics, profit, and the market combined with how DAI is collateralized drives the price to $1 – and has effectively done so since Dec 2017.

Combined with the new release of multi-collateral DAI (ETH, BAT, and other ERC20 tokens on the horizon) and the release of the DAI Savings Rate for hodlers, DAI is a pretty great stablecoin.

More Reading

We’re only scratching the surface here. DAI is a part of the Maker DAO ecosystem and there’s a ton more to explore around the economics of DAI and it’s relationship with Maker.

Three Practical Tips for NOT Killing Your House Plants

Yep! I blog about tech and plants 🙂

So, you seem to “kill every plant you own,” huh?

Somehow, the magic balance between sunlight and water eludes you and you end up with toasted leaves or wilted stems.

Fear not, comrade! In just a few paragraphs you’ll have a better understanding of how to take care of your house plants.

Let’s dive right in.

Tip One: Drainage.

Most of the time, when people water their plants, they don’t have proper drainage.

This means that water will sit inside the pot and drown the plant when watered (instead of dispersing into the ground like in nature) and leads to overwatering which can cause rotting and other issues.

Check out these signs of bad drainage and overwatering:

  • Leaves dropping off the plant while green
  • Soft spots or rot on trunks & stems
  • Buds not opening

To be fair, most plants are sold in a piece of junk planter with no drainage. This immediately sets the new plant-parent up for failure.

Typically, you’ll want to have a planter with holes in the bottom along with a planter saucer beneath it to collect the drainage water. This allows you to remove waste water and lets the plant breath.

Photo by rawpixel.com from Pexels

This is the fundamental step to watering your plants because most plants should soak for a short time. The trick is being able to drain the plants after they are done soaking.

Without drainage in your planters (and a saucer to allow for water removal), you will not be able to properly water your plants and might be killing them.

Tip Two: Soaking.

The second trick to watering plants is to give them an appropriate amount of time to drink water. This comes in two steps.

First, check if the plant is dry. For some plants, this will be easy to tell with the top layer of soil. Other plants will need a bit more dryness, so you’ll need to check deeper. A good rule of thumb is probably “halfway deep is dry”. Over time, you’ll be able to better time this.

Pro tip: this timing changes during seasons as air becomes hot/cold and dry/humid.

Then, once you detect that the plant needs water, continue to water your plants until you see water fill up the drainage basin. Sometimes this occurs quickly – you’ll get the timing.

It’s important to note that during soaking the plant may consume that overflow water.

Over the next hour, check in on your plants to make sure that they continue to soak. This means refilling water if they have consumed their reservoir.

Once the hour is over, discard the waste water.

Tip Three: Sunlight.

Depending on your plant, it will require more or less sunlight. Be sure to look up the general needs of your plant for this information.

But, in general, more sunlight is not a bad thing.

Here are some common symptoms of a plant that needs more light:

  • Light/yellowing leaves from chlorophyll disuse
  • Wilting / weak stems from insufficient photosythentic energy
  • Intense leaning from plants searching for more natural light
  • Wide space between leaves as the stems grow longer for the search

For example, I have a Philodendron that doesn’t require a whole ton of light to survive. Typically, I house it in a north-facing room away from the window. This was fine in the summertime, but the winter lighting was impacting its health – leaves were dying off and the plant was looking very weak.

So, I pulled it out from the darker room to my bright east-facing window. This led to immediate response and results: tons of new growth and 100% perkier!

However, the extended light seems to be over-illuminating it now that the summer light has returned, so I might pull it slightly around the corner from the window to reduce direct sunlight or possibly back to the north room.

Try different positions with your plants over the next few weeks to see if more or less sunlight impacts their perkiness.

Good luck!

And that’s it! With good drainage, proper soaking, and enough sunlight, your plants will live thrive!

Most house plants will only require attention once or twice a week.

Get into the habit of feeling the soil’s dryness. This will be the key to ensuring proper water consumption.

Good luck!

Let me know how your plants are doing in the comments below!

AMA: What affordable hosting do you recommend?

Morgan E. asks: “I need to switch hosts because mine is super slow and support isn’t helpful, who do you use?”

Hey Morgan this is a super common question I get asked all the time.

The bottom line is there is no one-size-fits-all, permanent solution for this problem. In fact, most hosts change over time. Some improve; some decay.

For example, GoDaddy (in my opinion) had a remarkably bad hosting service when I worked with them a few years ago, but has really improved their hosting and support game lately. Meanwhile, BlueHost has fallen off.

On top of that, each host may be good at one thing while bad at others. Between speed, support, account management, pricing, limitations, and product offering, each host has many opportunities to fail you.

I’ve tried HostGator, 1and1, and A Small Orange as well – each recommended one time or another and none impress me or have my business any longer.

Presently, I recommend Media Temple for your standard shared hosting needs. They have fair pricing, good reliability, good support, and their account center is extremely well organized.

Alternatively, WP Engine is the one consistent company for WordPress sites that I have seen. They are the only site I trust with the label “managed WordPress hosting” because there is a ton of false advertising out there. They can be pricey if you want to have multiple sites and aren’t suitable for hosting non-WordPress sites, though.

Lastly, if you’re a technical person like myself, Digital Ocean is the way to go. You’ll need to do all the leg work, but the pricing, flexibility, and speed are excellent.

But, at the end of the day, it’s all trial and error – and most likely you’ll need to switch over time.

Good luck!

How to change your password on every account you own

When I was a young warthog, I created my first Gmail account.

It was a time of AOL Instant Messenger, Koolaid Jammers, and learning how to bypass school internet blacklists with proxies to play flash games during comp sci.

As such, I did not create a timeless email address.

Instead, I opted for a juvenile one to befit my tremendously small ego: [email protected].

But that was my email address and slowly but surely I used it to create one account after another over more than 10 years.

Facebook, Amazon, MySpace, Soundcloud, Bank of America, WordPress, etc. The list goes on as you well know.

Some years later I wised up and created a sensible email address – only to slap on an email forwarder and continue to use my Gmail-of-youth.

I thought this blog post was about passwords?

Yeah, yeah, I’m getting there.

So, here I was using my old Gmail for all my accounts, when I started to pay attention to the news.

Yeah, data breaches made me fix my email address because, like 73% of people, I was using the same passwords across multiple accounts.

Let me reiterate: my email-password combo was the same for basically every account I own. So, if any of these accounts became compromised, the hacker would have my email-password for all of my accounts.

And I thought, well there are so many accounts out there, mine probably is safe. Nope.

I ran my amazing email address through the breach scanner (yes, it’s legit) and found I’d had my data exposed by Apollo, a company I had literally never heard of.

As the data breaches began to pile up, not only did I become more worried, but I learned quite how easy it is to access this breached data.

Literally, any Joe Schmoe can go and retrieve it from the published list – though, I’m not going to show you how to do that, sorry.

So, I freaked out and changed all my passwords

It’s understandable, really.

It would be foolish of me to continue to trust organizations to keep my data safe, so the least I can do is plan for them to lose it and mitigate the risk of my other accounts.

I resolved to take my security into my own hands by changing the passwords of every account that I owned to one that was unique and secure.

Now, I’m not a lunatic. I didn’t stay up for 48 hours straight trying to remember every account I owned and change its password.

Instead, I took one hour to do the following task list:

  1. Set up a password manager
  2. Change my password (and email) on the most important accounts I could think of.
  3. Set up two-factor authentication (2FA) when available

A password manager is absolutely key here.

Without one, you’d end up with a Google Sheet with all your accounts and passwords lined up – now that wouldn’t be very secure, would it?

Though you might be thinking “well then, wouldn’t all my passwords just be stored on the password manager’s servers and equally be at risk”, password managers have deep layers of security and encryption that hinge upon a master password – so even if the data breached, without the master password the information would be useless.

Protip: Master passwords should be long phrases that you can easily remember like “honestly, I still can’t believe it’s not butter” or “long live the flying spaghetti monster”.

Longer passphrases are far more effective than 0bscur3 pAsSw0rdZ! since it takes computers way longer to guess.

Personally, I use Last Password, but I hear excellent things about One Password as well.

Two factor is equally as important since it prevents unauthorized account access even if they have your password. Always choose to use an application like Authy or Google Authenticator, instead of SMS, when available. (SMS has been proven vulnerable, but it’s better than nothing).

Protip: *always* store your 2FA backup code within your password manager – if you lose your phone, you’ll be screwed without the backup code.

After that initial hour, I decided to just update the rest of my accounts as I went along.

In all honesty, I’m still in the process.

The end … of an era

Now, my key accounts

  • All have a unique, secure password stored safely (and handily) in my password manager
  • Have 2FA enabled with Authy (with backup codes also stored in my password manager)
  • No longer use my old Gmail address

On top of that, I added a forwarder from my old email to my new one and made sure to automatically label incoming emails from that account so I could be sure to address anything sent there.

I’ll never delete it though, it’s such a baller email address.

Why you should keep your WordPress site updated (obviously)

Have you ever logged into your WordPress site and seen those bright orange notifications in the sidebar?

“11 Updates!? I just updated this last month!”

How many times have you ignored those notifications, letting them pile up week after week until you finally say “screw it” and update them all in one shot?

Has that ever backfired on you? Some plugin update breaks your site and you’re now scrambling for 6 hours trying to fix it.

Has that caused you to avoid updating altogether?

You’re not alone.

Almost 40% of WordPress sites are not running the latest version (aka 10% of the internet) – let alone the countless plugins and themes that are also out of date.

The problem is that this is an incredibly bad idea.

When you leave WordPress out of date, you’re practically inviting hackers to enter your site.

This is because the vulnerabilities of older versions are published and available to the community as soon as the new version goes live (and often times soon).

So, that little orange icon should say something like “hackers literally know how to abuse your old plugins now”.

Scary? It should be.

What’s crazy is that this is completely common.

In fact, WP White Security found that 73% of the 40,000 most popular websites that use the WordPress software are vulnerable to attack.

So, what’s the worst that could happen?

Most likely, your website is an integral part of your business. Whether you’re using Ecommerce or simply blogging, your website is practically the face of your business and probably has access to sensitive customer data.

Leaving your site out of date leaves your site vulnerable for someone to take advantage of you and really hurt your business.

Extortion

This tactic can be attached to basically any of the following issues. Hackers will takedown or defame your site until you cough up some money for release.

And, unless you solve the problem, you’re vulnerable for them to extort you over and over again.

Compromised Customer Data

If you are collecting customer information like emails and phone numbers (or potentially payment information), you’re now dealing with a true crisis that leaves you exposed to customer retaliation and a PR nightmare.

Heard of Experian? Yeah.

Blacklisting

Typically, hackers will publish thousands of garbage posts and pages using your site that all backlink to some scam.

Or maybe they’ll inject malware directly onto your site to try and compromise customers.

When Google finds these pages on your site, it will Blacklist you from Search Results.

In fact, Google blacklists around 20,000 websites for malware, and around 50,000 for phishing each week.

That’s right – no more search rankings or traffic.

Oh, and it’s damn hard to undo, too.

Use in Botnets

Ever hear about “Russian botnets” or “DDoS”?

Hackers will basically put sleeper code onto your server and use it to attack other servers.

Defamation

After gaining access, hackers could take over the design of your site and post some pretty horrific content in its place.

Say goodbye to customers at least.

Takedowns

This is by far the nicest of punishments – taking your site completely offline. No site = no business.

All that, just from outdated stuff?

Yeah, it’s real life.

The simple act of updating WordPress, plugins, and themes protects you from most attacks (and that’s over 90,978 attacks happening per minute).

Naturally, there are other methods of entry, so you should be employing a security plugin as well, but just updating keeps you on a good level.

Even if you just use a secure password, you’ll be protected against 8% of WordPress security breaches.

Ok, I’ll do better to keep my plugins updated from now on.

Well, there’s another problem: plugin updates can crash your site.

Yeah I know, right? Can’t catch a break.

Plugin conflicts are no stranger to anyone who’s worked with WordPress for long, but only the dedicated few really know how to resolve these quickly.

Maybe the plugin you just installed doesn’t outright break your site, but it could still be a problem like the thousands of WordPress websites that were infected with malware disguised as a search engine optimization plugin.

And if it’s a severe break, do you have a backup of your site available? Know how to restore it?

Are you ready to call the amazing tech support at your server host when things go wrong?

To recap, if you plan to do this yourself, you’ll be responsible for:

  • Updating WordPress core, plugins, and themes daily
  • Checking if updates break your site
  • Checking that new plugins are ok to install
  • Resolving plugin breaks
  • Protecting your site against other vulnerabilities
  • Auditing your existing site for malware
  • Keeping an eye on your passwords
  • Backing up your site properly
  • Restoring your site if it goes down
  • Talking with tech support
  • Oh, and the rest of your business

How much are those hours worth to you? You should be doing bigger and better things.

Let me do it for you.

With plans starting at $100/mo, you’ll have a dedicated WordPress expert managing your site for you.