BCH: Did I throw away $$$$? Perhaps…

Yesterday was D-Day in the Bitcoin world: On Tuesday, Aug 1st 2017, Bitcoin Cash (BCH) forked off of Bitcoin (BTC). For anyone with control over their wallet and private keys, they now have an equal amount of BTC and BCH.

I have a Bitcoin wallet. Yet, I don’t have any new Bitcoin Cash—and I have no one to blame but myself. Will I ever get the BCH associated with my pre-fork coins? I think that it is likely, though certainly not assured. If not, it will still be my fault. After all, I had fair warning from the company that I trust as custodian of my assets.

A Cryptocurrency Mantra:
“Woe be the person who trusts decentralized cash to a custodian”

I trust Coinbase for good reason. I left my BTC in my Coinbase wallet and vault throughout the fork. Let me tell you how I view the risks of failing to remove my coins before August 1…

  1. Coinbase was clear in warning that BTC withdrawals would be frozen before and after a fork. No problem…I had no immediate need to access my coins.

2. Coinbase warned they had no plan to support BCH—not even for withdrawal after a fork.

I accepted this 2nd warning, even though their reasoning and motives were terribly weak. But, today, I feel very sore. I need a morning after pill! Bitcoin still trades at the level of the past week—about $2700 US/BTC. But my non-existent BCH holdings have significant value! It was briefly as high as $750 per coin, and is now trading at $475. This means that even if I have no desire to save or spend the new coin, I no longer have the option to liquidate my forked asset. I lost a slam-dunk opportunity to capture 17½%.

We’re not talking about a theoretical gain or a gain that assumes liquidation at a momentary spike. We’re talking about right now—a missed opportunity to pocket thousands of dollars!

Am I angry? Not really. I am disappointed in my lack of initiative, but I have only myself to blame. For the record, I don’t believe that I have a reasonable legal claim against Coinbase. After all, they warned me! But, I hope that they will give me my forked coins—eventually. They have already acknowledged to conspiracy theorists that they will not keep the forked BCH, in the event that they create a conversion mechanism. In that case, they will allow withdrawal by the owner of the associated BTC. Now that they see dramatic fractional value, how could they not complete the fork?!

Where Does This Leave Me?

I’m not poorer today than I was yesterday, and I am surprised to find that I have not lost value in original Bitcoin. But, I missed a zero-risk opportunity to gain 17½% overnight. It was staring me in the face and I passed it up. At least I draw comfort in my confidence that Coinbase will complete the fork. Please, Coinbase: Complete the fork!


Ellery Davies co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.

Are Online File-Conversion Services Safe?

At Quora, I occasionally play, “Ask the expert”. Hundreds of my Quora answers are linked at the top right. Today, I was asked if it is safe to use free, online services that convert between file formats. For example, many web services allows you to upload a JPEG image and get back a PNG file. Others convert between DOC and PDF, or between popular video or audio formats.

Some of these services include additional processing. For example, stringing separate images together into a single animated GIF file—or rotating pages and adding a password within a PDF file. If you don’t have a locally installed program that does these things, is it safe to use these free, online services?

And what about the apps that you download and install? These present separate risks! But, with a little common sense, you can figure out which ones you can trust…


The short answer: It depends on the file type. A JPEG file that is processed via an online service is safe. SVG is not.*

A More Complete Answer…

There are three factors that relate to the safety of free online file converters:

  1. Is the target file type passive? That is, is it a data-only file that you will open with your own application. But watch out!

    Most—but not all—media formats (files that store pictures, music or video), cannot contain malicious code, unless you are tricked into opening them with the wrong program. Most of these formats simply direct your application to present pictures to your screen or audio signals to the speakers, without launching other apps or executing code that reads or writes to your device. But there are exceptions. Some popular formats support scripts, which are a form of program instructions. And, rarely, you may even be susceptible to execution of a data only file.*

    In my opinion, JPEG files are safe (including .jpg and .jiff file extensions). So are bmp, gif, mp3, avi, and mp4 files. But svg, doc and pdf files are not necessarily safe! These file formats permit javascript or other code which can be activated when you attempt to open the file. Therefore, if you use a service to create SVG, DOC or these other file types, be sure that you use your own applications to open it, and that you have configured your application to restrict execution on files that are downloaded from the Internet.

  2. Is there anything sensitive in your source material? (i.e. is your file confidential or embarrassing?). If so, it will be in the hands of strangers for all time. Do not use an online service to convert the file—nor even to store it, unless it is first encrypted on your device.
  3. Is there possibility of misdirection or error during the process? That is, could you be tricked into uploading the wrong file or revealing more information than you intended? For example, with deceptive tactics, a web service might slip you a routine that fools with your file associations. Now, a file ending with .JPG is no longer interpreted as an image, but contains an active and malicious threat.

Most Important: Never accept options that offers an upload manager, browser plug-in or “assistant”. These are programs over which you have no control! They often contain malware that threatens your data and your entire network. Helper apps and plug-ins should only be installed from rock-solid sources, such as the maker of your operating system or browser (Apple, Microsoft, Google) or from highly reputable, open-source projects.

Disambiguation: That last warning is about apps installed on your device, rather than online services. But, how can a non-techie be secure in their decision to download or install an app? Here is way to think about your options and safety: The maker of your app should fall into one of these two categories:

  • The vendor has a lot to lose if they fail to fully vet the context and security of an executable. This is typically true of large, audited, publicly funded companies like Adobe, Citrix or Google. (Being big does not inherently make them trustworthy, but it makes them very careful to verify their claims against internal practices).
  • —OR— The executable is offered via a reputable open source community with a broad base of technical and critical developers. It helps if developers are rewarded for finding and reporting bugs.

Online file conversion services fail these tests—But they are not locally installed apps. Remember, these last two tests are intended for apps that you plan to install, whereas online file-conversion services simply process data and return it to you. So to protect yourself from file-conversion programs that you download and install, you must ensure that they don’t install or interact with your other applications and data.

One way of ensuring this is to run in a sandbox or protected environment (as if you maintained a separate PC for use only with file conversions). The more practical way is to educate yourself on the vendor’s practices, reputation and history. A dedicated file conversion utility should interact only with files you select—and only to generate passive content that you open with your own applications.


* Even data-only files can be exploited. For example, malware can use a “buffer overrun” weakness to treat some of the music or photo data in your files as executable program code. But don’t worry. Although this might seem impossible to defend, such opportunistic exploits are unlikely if you have good antivirus protection, and if allow your trusted applications to update regularly.

Additional reading about SVG file format:

Free, Online Blockchain Courses

I develop Bitcoin and Blockchain courses for a profitable venture—And so, I may be shooting myself in the foot with a competitive referral. But, hey!—It’s for a good cause.

Jeremy Boris; Zero to 60 in six months

Jeremy Boris has a degree in business management. He became interested in blockchains a few months ago. In just the first half of this year, he has leapt beyond the realm of enthusiast. He already casts himself as a blockchain developer.

Now, Jeremy seeks to spread the joy (and the potential for career income). Here is his annotated list of free, online blockchain courses, covering all six critical technologies.

Everyone needs a starting point. This is a great one!

Wallet Security: Cloud/Exchange Services

3½ years ago, I wrote a Bitcoin wallet safety primer for Naked Security, a newsletter by Sophos, the European antivirus lab. Articles are limited to just 500 hundred words, and so my primer barely conveyed a mindset—It outlined broad steps for protecting a Bitcoin wallet.

In retrospect, that article may have been a disservice to digital currency novices. For example, did you know that a mobile text message is not a good form of two-factor authentication? Relying on SMS can get your life savings wiped out. Who knew?!

With a tip of the hat to Cody Brown, here is an online wallet security narrative that beats my article by a mile. Actually, it is more of a warning than a tutorial. But, read it closely. Learn from Cody’s misfortune. Practice safe storage. If you glean anything from the article, at least do this:

  • Install Google Authenticator. Require it for any online account with stored value. If someone hijacks your phone account, they cannot authenticate an exchange or wallet transaction—even with Authenticator.
  • Many exchanges (like Coinbase) offer a “vault”. Sweep most of your savings into the vault instead of the daily-use wallet. This gives you time to detect a scam or intrusion and to halt withdrawals. What is a vault? In my opinion, it is better than a paper wallet! Like a bank account, it is a wallet administered by a trusted vendor, but with no internet connection and forced access delay.

Exchange and cloud users want instant response. They want to purchase things without delay and they want quick settlement of currency exchange. But online wallets come with great risk. They can be emptied in an instant. It is not as difficult to spoof your identity as you may think (Again: Read Cody’s article below!)

Some privacy and security advocates insist on taking possession and control of their wallet. They want wealth printed out and tucked under the mattress. Personally, I think this ‘total-control’ methodology yields greater risk than a trusted, audited custodial relationship with constant updates and best practice reviews.

In case you want just the basics, here is my original wallet security primer. It won’t give you everything that you need, but it sets a tone for discipline, safety and a healthy dollop of fear.


Ellery Davies co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.

Incentivize Bitcoin Miners After All 21M BTC Are Awarded

Individuals who mine Bitcoins needn’t be miners. We call them ‘miners’ because they are awarded BTC as they solve mathematical computations. The competition to unearth these reserve coins also serves a vital purpose. They validate the transactions of Bitcoin users all over the world: buyers, loans & debt settlement, exchange transactions, inter-bank transfers, etc. They are not really miners. They are more accurately engaged in transaction validation or ‘bookkeeping’.

There are numerous proposals for how to incentivize miners once all 21 million coins have been mined/awarded in May 2140. Depending upon the network load and the value of each coin, we may need to agree on an alternate incentive earlier than 2140. At the opening of the 2015 MIT Bitcoin Expo, Andreas Antonopolous proposed some validator incentive alternatives. One very novel suggestion was based on game theory and involved competition and status rather than cash payments.

I envision an alternative approach—one that also addresses the problem of miners and users having different goals. In an ideal world the locus of users should intersect more fully with the overseers…

To achieve this, I have proposed that every wallet be capable of also mining, even if the wallet is simply a smartphone app or part of a cloud account at an exchange service. To get uses participating in validating the transactions of peers, any transaction fee could be waived for anyone who completes 1 validation for each n transactions. (Say one validation for every five or ten transactions). In this manner, everyone pitches in a small amount of resources to maintain a robust network.

A small transaction fee would accrue to anyone who does not participate in ‘mining’ at all. That cost will float with supply and demand. Users can duck the fee by simply participating in the validation process, which continues to be based on either proof-of-work, proof-of-stake — or one of the more exotic proof theories that are being proposed now.


Ellery Davies co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.

Bitcoin closes in on (US) $2000; Why it matters

At the beginning of 2016, Bitcoin was fairly steady at $430. Richelle Ross predicted that it would finish the year at $650. She would have been right, if the year had ended in November. During 2016, Bitcoin’s US dollar exchange rose from $433 to $1000. In the past 2 months (March 24~May 20, 2017), Bitcoin has tacked on 114%, rising from $936 to $2000.  [continue below image]…

If this were stock in a corporation, I would recommend liquidating or cutting back on holdings. But the value of Bitcoin is not tied to the future earnings or property value of an organization. In this case, supply demand is fueled—in part—by speculation. Yes, of course. But, it is also fueled by a two-sided network built on the growing base of utilitarian adoption. And not just an adoption fad, but adoption that mirrors the shift in our very understanding of bookkeeping, trust and transparency.

Despite problems of growth, governance and regulation, Bitcoin is more clearly taking its place as the future of money. Even if it never becomes “legal tender” in any country—and is used only as a mechanism of payments and settlement, it is still woefully undervalued. $2000 is not an end-game. It is a beginning.

Ellery Davies co-chairs Crypsa & The Bitcoin Event. He is a columnist & board member at Lifeboat Foundation,
editor at WildDuck and is delivering the keynote address at the 2017 Digital Currency Summit in Johannesburg.

Blockchain can dramatically reduce pollution, traffic jams

The World Economic Forum has posted an article that hints at something that I have also suggested. (I am not taking credit. Others have suggested the idea too…But advancing tech and credible, continued visibility helps the idea to be taken seriously!)

I am not referring to purchasing and retiring carbon credits. I like that idea too. But here is an idea that can enable fleets of autonomous, shared, electric vehicles. Benefits to individuals and to society are numerous. And the blockchain makes it possible early in the next decade. It is not science fiction.

The future is just around the corner. Non-coin applications of the blockchain will support great things. Goodbye car ownership. Hello clean air! The future of personal transportation is closer than you think.

Read about it at the World Economic Forum.


Ellery Davies co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.