Parity multisig wallets. How did they break?

An overview of the recent wallet incident

Libraries on Ethereum First off, there’s 3 ways to call a function on a contract. CALL, CALLCODE, and DELEGATECALL. Libraries on Ethereum are largely implemented with DELEGATECALL. Meaning, you deploy a contract that serves as a library — it’s got some functions that anyone can call, and can even change the storage of the calling contract. Solidity has some syntactic sugar that lets you declare a library, which does all the DELEGATECALLs for you if you use the library in your contract. [Read More]

Fixing cryptswap after disk repatition in Lubuntu 16.04 LTS

For a Windows-Linux dual boot setup

Cryptswap broke I have a Windows 10 / Lubuntu 16.04 dual boot setup. Recently I booted into Windows 10 and resized some partitions. Somehow that broke cryptswap, I’m guessing due to partition UUID being changed. ⚠⚠⚠ Please do not copy paste commands from this blog post. My configuration can be different than yours. You might lose your data! My swap partition is allocated on /dev/sda7 I have /dev/mapper/cryptswap1 that’s supposed to be mapped to /dev/sda7 Symptoms Every time I boot up it asks me for a passphrase to encrypt /dev/mapper/cryptswap1, when it is supposed to pull a random. [Read More]

A decentralized autonomous publishing platform

Visions of a fully decentralized blogging community

Recently I’ve made a very basic proof-of-concept decentralized CMS with Ethereum blockchain and Swarm, and you can see the code + demo here. But before I go over some technical details, let’s take a look at Steem. The Steem Solution Decentralized social media platforms are not new. Steem has already set an example of what a decentralized blogging platform can be. Despite its controversial launch, I still love Steemit. It’s almost my ideal platform. [Read More]

Doing more with less code

Good old xargs ✨

The problem Every semester, our university gets a lot of new students coming in. Usually, we get some kind of CSV from every school. We figure out the format of the CSV they are using, then either use an existing Python script, or write a new script to import the students to the system. Swarmed by Python scripts Because everyone seems to have their own idea when it comes to spreadsheet format, pretty much every time I have to write a new script to deal with whatever CSV I’m importing. [Read More]

Security Considerations when Dealing with Passphrases in Smart Contracts

Just hashing it won't be enough

A password protected remittance contract Recently I have to make a DApp for remittances. The requirements go like this There are three people: Alice (UserA), Bob (UserB) & Carol (UserC). Alice wants to send funds to Bob, but she only has ether & Bob wants to be paid in local currency. Luckily, Carol runs an exchange shop that converts ether to local currency. Therefore, to get the funds to Bob, Alice will allow the funds to be transferred through Carol’s Exchange Shop. [Read More]

Debugging your React Chrome Extensions in VS Code

Without leaving the editor

If you are building an extension for Google Chrome, there is a way to use Chrome debugger for VS Code to debug your extension without leaving the editor. If you are just debugging a normal webapp instead of a Chrome extension, see this Medium post by Kenneth Auchenberg on how to live edit and debug your React apps directly in VS Code The launch.json You need to enter your extension ID in the url field It launches Chrome, loads your extension, and opens a tab to your extension’s popup. [Read More]

Why isn't NVMe SSD running at rated speeds in my laptop

Fixing NVMe driver for Samsung 960 Pro, in Dell Inspiron 15. If you are looking for the solution, skip to Fixing the driver What I think of Insipron Gaming laptop Recently I got a Dell Insipron gaming laptop. It’s an entry level gaming laptop, nothing hardcore. The model I got has an SSD, but it’s a SanDisk X400 - a SATA SSD. Not fast enough for me. The first thing I did once I received my laptop was to replace the SSD with a Samsung 960 Pro. [Read More]

Using Reverse Proxy to Control Access to a Vendor API

Vendor APIs and keys For some vendor APIs like OrgSync, we get one API key to access the entire OrgSync API. There are cases where we’d like someone to have access to only parts of the API, say, an orgnization manager who wants to see all the events going on in his orgnization. The problem is, we only have one master API key, and it gives unrestricted access to the entire vendor API. [Read More]

Gorilla Mux: Subrouters and Middlewares

Gorilla router: the very basic usage I’ve been using gorilla mux for quite some time. It has pretty much become the de facto as it is convenient and easy to use. Say I am making a web app for organizing events, where it needs to have: A public web interface for users A private web interface for authenticated admins Uses secure cookies An API with authentication Uses an HTTP header To start with, my new router kind of looks like this: [Read More]

Terminal Tinder with Microsoft Cognitive Services

Remember a couple months ago I wrote a Cleverbot powered Tinder? It was fun. This week I made another fun app with Tinder API. Cognitive Services I’ve been playing around with MS Cognitive Services, particularly the Computer Vision API It has the capability to generate a text caption for an image. This gave me an idea. Terminal Tinder Sometimes I use Tinder API to do some swiping on terminal, often without a desktop environment. [Read More]