crypto

Hardware & Software

Last Update: 05.11.24

Priorities

First of all as I am an architect, I have to use windows machine for work, especially for 3dsmax, photoshop and stuff. This is why I generally have the latest workstation CPU, latest GPU, and the most ram I can get -right now 192GB. But as it is work only computer at the office I will not talk about it.

My main laptop is for research, writing, mails, watching stuff, listening to music, so basically everything I need.

Hardware

Laptop: My main laptop is Thinkpad X230. I have bought it from Insurgo. But they dont sell hardware anymore, so the best bet for you to get Intel ME neutralized X230 preferably with Heads and i7, ssd, 16GB ram and IPS screen. Then if something is broken, you can replace easily, and it has enough power to do even video rendering. If you spend more than 200 dollars for a computer, it is a waste of money.

Phone: Google Pixel 6a, if it ever gets broken, I will get the latest Pixel phone and install GrapheneOS immediately. You can see what I use as apps in the mostly updated post.

Kindle: I have always prefered hard copy books, but sometimes it is hard to get the actual book, or even impossible. And also instead of waiting days for a book to come, I just buy it from amazon, I always have my recent library with me and it has crazy battery life.

Crypto:

Coldcard – air-gapped transaction for #btc
Trezor – storing my #eth
Phantom wallet – my hot wallet, generally use it on Jupiter

Software

Operating System: I use Arch linux. And I do only recommend Arch/Artix and if you are into these stuff QubesOS. Even if you are totally newb, get Arch, only few days you will have problems, then you will love the way linux works.

Terminal: I use st by suckless which is one of the most minimal yet easily customizable terminal emulators out there.

Window Manager: dwm as window manager and dwmblocks for status bar.

Text Editing: Neovim, it is vim, but a bit better.

Web Browser: Librewolf with arkenfox with some modifications. Also I do have these add-ons:

uBlock Origin
Decentraleyes
I still don’t care about cookies
VimVixen

File Manager: lf fast,easy to customize.

Mail Client: neomutt, I keep all my mail offline with isync. Not that easy to set up, but you do it once.

Video Player: mpv, as you know all cool kids are already using it. I am even using it on my phone.

PDF Viewer: Zathura, you can also use MuPDF, which I still prefer for my phone.

Logic is simple, I only use libre software, I will not use any proprietary software. I try to optimize my life with better alternatives for everything. So that means no video games either.

  • Eat alkaline
  • Workout daily
  • Quality sleep
  • Ground daily
  • Sun gazing
  • Pray daily

Life will be on easier mode. Trust me.

Bullrun Safety Guide

All types of wallet/token/NFT hacks fall into two categories:

  • Abuse of previously owned token approval.
  • Private key/seed compromise.

Token Approvals:

Token approvals are essentially a permission for smart contract to access and move specific type or amount of a token from your wallet. Like giving permission to OpenSea or Uniswap to move your NFTs so you can see them.

In detail, on Ethereum network, everything except ETH is ERC-20 token. NFTs are are mostly ERC-721 and 1155 tokens respectively. Their approval mechanics work similar to ERC-20s but for NFT marketplaces.

If you are not careful about that, you might just give grant tokens permission to a malicious smart contract to get your assets stolen.

Many DeFi apps will prompt for unlimited approval of ETC20 token by default. This is to improve user experience, and it is more convenient as it does not require potential future approvals thus saving on time and gas fees.

So limiting this for max amount of tokens will fix the problem.

NFT Approvals:

NFT marketplaces will ask for that kind of approval, thus when you sell and NFT to a buyer, that marketplace’s smart contract can move the NFT automatically to the buyer. This sounds cool, but can also be used by malicious websites/contracts to steal your NFTs.

Example: When you are about to mint an NFT, from a website which looks totally legitimate, in the background their contract searches for your wallet and chooses the highest value NFT and asks for permission to take it, and when you think you are minting, you are giving away your NFT.

Limit your risk to approvals:

  • Use multiple wallets, do not sign approvals from your high value wallet.
  • Ideally reduce or completely avoid granting unlimited apprivals for ERC-20s.
  • Check and revoke approvals periodically via Etherscan or Revoke.

Hardware Wallets:

Hot wallets are connected to the internet through your computer or phone so the keys stored online.

Cold wallets are hardware devices where the key is generated and stored offline.

So it is a lot safer to use hardware wallet, I would suggest Coldcard mk4 for #btc, and trezor for #eth

There are some stuff to look for:

  • Buy hardware wallet only from official manufacturer website. No Ebay / no Amazon…
  • Make sure the packaging is sealed.
  • First time you set it up, it will generate a seed phrase.
  • ONLY write that seed on physical paper or a steel plate so it will be fire and waterproof.
  • Never digitalize it meaning never take picture of it, never write it on any kind of keyboard.
  • This seed phrase you got when you set up is EVERYTHING. Do not forget that, and not specific to your device, you can use that with any device.
  • If you loose it, you will loose everything.
  • Ledger / Trezor and Coldcard has the ability to add 25th word. Which sets a different address which cannot be access via the 24-word recovery phase alone, so you will be the only one who can know the word.

How People Got Hacked?

  • Tricked into downloading malware via PDFs, beta testing games, running some macros via google sheets or phishing websites.
  • Interacting with malicious contracts: FOMO minting from a mimic website, as explained above.
  • Inserting or giving away the seed to customer support or something similar.

Takeaways:

  • Don’t trust, always verify. Make sure the contract address and website you are interacting with is legitimate.
  • Periodically check and revoke your token approvals via revoke and etherscan.
  • You can take advantage of Pocket Universe and Wallet Guard as the last line of defense.
  • Choose custom approval limits over the default unlimited approval option.
  • Hedge your risk by utilizing multiple wallets.
    Utilize cold wallet and hot wallets for their purpose.

Misc Stuff:

  • Always use 2FA. Authy is great app, you can use Yubikey for the next level. Never use SMS as 2FA tho.
  • Use password manager. Then you can use all different 20 mixed characters passwords for all websites. Most people use Bitwarden, but I would suggest pass or KeepassXC or self hosted Bitwarden.
  • You can check have I been pwned for data breaches.
  • Assume everyone online is liar or compromised.
  • Instead of using Gmail, Hotmail etc.. Use better ones like Tuta or the best, you can host your mail.
  • Never use public Wi-Fi, there can always be fake hotspot, or MIM attack.
  • If you need to use a Wi-Fi, use VPN, because any network can be hacked. For VPN I would suggest Mullvad.

The point is assume that everything you have is already compromised or can be at any point, so act accordingly.

2025 Shopping Guide

This is a simple list to get you ready for 2025. Only daily stuff, and none of the firms are paying me to do that.

They are all my personal recommendations:

  • Havn EMF Proof Clothing: https://havnwear.com
  • Leela Quantum Pendants: https://leelaq.com
  • Vivarays Blue Light Blockers: https://vivarays.com
  • Mitozen Products: https://www.mitozen.club
    Shower Filter: https://a.co/d/flyUj2o
  • Red Light Therapy: https://joovv.com/products/joovv-mini-3-0
  • Quality Bands: https://www.movement-made.com
  • Laptop: Lenovo x230 – Artix
  • Phone: Pixel 9 – GrapheneOS: https://store.google.com/us/product/pixel_9?hl=en-US
  • VPN: https://mullvad.net
  • Notepad: https://a.co/d/0TINiyn
  • Hardware wallet: Coldcard Mk4: https://coldcard.com
  • C02 Meter: Aranet4 – https://aranet.com
  • EMF Meter: https://a.co/d/dVGE1Dm
  • Air Tube Headphone: https://a.co/d/4x9VoV1

Coldwallet tips


Cold Wallet Tips & Suggestions

Suggestions:
As everyone has become accustomed to these days, cryptocurrency remains one of the safest methods for storing and spending money. As the market heats up, it’s crucial to be prepared for the next bull run. However, with the increasing money and activity, there will inevitably be bad actors looking to exploit vulnerabilities.

I witnessed firsthand when my friend, who was a developer for Harmony, was hacked for around $800k. The hackers found a way to exploit the extension, even though it functioned similarly to MetaMask. In this case, the hackers didn’t need the seed to gain access to the wallet.

We’ve also heard and read countless reports of people being hacked, resulting in drained wallets. The primary culprit?

HUMAN ERROR

To avoid these pitfalls, follow these guidelines and never make these common mistakes:

  • Keep your seed safe: Your 12/24-word seed is your ultimate access code. Store it only on a piece of paper or a metal plate – no photos, no computer files. This seed is your key to everything, whether you use a hardware wallet or a paper wallet. Keep it safe and never disclose it to anyone.
  • Use a separate browser for trading: Avoid using your trading browser for daily activities, especially anything shady. Hackers may find a way through cookies, gaining access to your unlocked MetaMask. Use a dedicated browser like Firefox solely for trading. Bookmark essential websites and keep this browser updated.
  • Consider a separate computer: The more separated your personal life is from your crypto life, the better. Using a dedicated computer for trading adds an extra layer of security.
  • Avoid clicking on unfamiliar links: Never click on any links within the trading profile, computer, or browser. You can never be certain if a person or website is compromised. Bookmark important websites to minimize the risk of falling for phishing attempts.
  • Securely handle your seed on the computer: If you must use your seed on a computer, change the wallet immediately and transfer your funds to a new, clean wallet.

Cold Wallet Suggestions:

  • Coldcard Mk4: Arguably the best Bitcoin hardware wallet, completely air-gapped, eliminating the need to connect to a computer. It only requires a battery and a microSD card. Keep in mind that it is designed for Bitcoin storage, not for daily usage.
  • Trezor: An extremely user-friendly hardware wallet, suitable for daily transactions. While I still use the Trezor One, the Trezor Safe 3 is considered a bit more secure in case your Trezor gets stolen.

There are other alternatives like Ledger and Jade, but due to numerous hacking stories surrounding Ledger, it may not be the safest option. I personally prefer Coldcard over Jade.


Please send an email for questions or suggestions.