PayPal buys Coinbase

Cash sloppily thrown about suitcase

PayPal (available now as a source for) buys (of cryptocurrency in) Coinbase.

The PayPal and Coinbase mating ritual continues. Coinbase now accepts PayPal as a funding method.

To my understanding it works like this. When a merchant or other party accepts a cryptocurrency payment via Coinbase, you may use PayPal as a funding source to purchase that crypto from Coinbase on the spot to cover the purchase.

Im just guessing that this is how it works; I’ve been banned from using both Coinbase and PayPal for the past three years, so I’m not sure.

A couple things are interesting about this collaboration. For a while now Coinbase has made a point of telling users at the purchase screen:

Screenshot from Coinbase transaction.

Want to send your ETH? You can send the full amount instantly.

Which means you can now use PayPal to purchase things with Bitcoin instantly. It sounds like an obvious thing to offer, but PayPal’s own platform for buying cryptocurrency does not let you spend it or send it anywhere.

On the other hand, Coinbase does not allow you to fund crypto purchases with Credit Cards.

It seems like both parties circumvent a part of the transaction that they can’t quite legally do yet.

I imagine an inversion of fee accrual structure. Normally Coinbase makes their money on the conversion rates. And PayPal normally charges the merchant for their cut.

In this case the merchant is not expecting to accept PayPal so it wouldn’t be possible for charging them differently for the method of payment to the payment provider.

My guess is that in these partner transactions, PayPal gets the conversion rate spread while Coinbase charges the merchant. This way they can screw over both parties.

This is a roundabout way of reiterating my baseless claim that PayPal is going to buy Coinbase.

Xfinity WiFi

As much as I already hate Comcast, they continue to innovate and impress in the field of general shiftiness.

I’ve known for a while that Xfinity offers these wifi hotspots for public use. I have also known that these hot spots are coming from people’s home router.

I didn’t understand why you’d want that. I have always opted for at least a separate router. I have this idea that the router/access point dies faster than the modem.

Consider how strong that wifi signal has to be in order to be available from the street. A neighbor of mine’s network broadcasts louder than mine in my own place.

So I asked her why she has it on if she never uses it and also isn’t it creepy?

Turns out this is not an opt-in service and she didn’t even realize It was coming from her router. I showed her the BSSID of the public point and her own network and sure enough, only different by x0A or so. Same signal strength and channel.

She had no idea! Comcast sucks ass.

The Return of the Yardstick

In 1834 the United Kingdom House of Parliament burned down. With it went the international base units of length and weight.

It took 21 years but they finally recreated the yard as a stick and one of them was sent to the United States.

This yard however was not perfect and was found to get shorter every year. In the states, the meter was still defined in terms of the yard.

Other countries already had a meter that was pretty steady. Eventually the American yard became based based on the meter. And as everyone knows, the meter was itself based on the wavelength of the 606 nanometer spectral line of a krypton-86 atom.

With those conversions in place, the rest of the world could continue doing business with the United States, and the Americans were free to live their lives ignoring all logical units of measurement because it was not worth the hassle of getting them to change.

But all was not well. The re-defining of the foot left a discrepancy between large amounts of existing survey data and the normal foot. So the “survey foot” was carried forward, a “hard fork” of the international foot.

Thankfully this survey foot is being phased out in 2022. I think this is a perfect time though to make some changes.

Fixing Everything

I propose a system of measurement called the American system. Or something to do with eagles and freedom. It’s like the imperial-based system but we’ve outgrown that name haven’t we?

Here’s how it works. An inch is like the inch as we know it now. Everyone knows the inch. But 12 in a foot is pesky. It’s hard to count multiples of 12 and we only have 10 glyphs to write numbers with.

This is the idea: there will be 10 inches in a foot.

Think if the benefits. You could count a foot on two hands, and everybody suddenly gains about a foot in height.

If you were 5’11” in old units, you’d now be 7’1”.

Great. So what’s bigger than a foot? A yard. But three feet? Never have and never will need to divide anything by 3. The yard has always been causing problems. And as it is, it is basically a meter.

Proposal: a yard is 10 feet. And naturally a mile is 1000 feet.

Now a mile is the long side of the only unit of area understood by non-farmers: the American football field.

Everyone knows a football field is 100 yards long and 192 feet wide.

Traveling a mile takes 528% less time in this new system. If you can walk the length of a football field in 5 minutes, then that’s a 5 minute mile.

Your gas guzzling SUV now gets 132 miles to the gallon. They will need more carpool lanes.

Overall I think it’s a good time to make the move. If we were to have some silly non ten-based system it should at least be base 16.

What is Glass Glue For

I have some glass glue. As in, when you need to glue two pieces of glass together, this is the glue to use.

It seemed like a good idea. But in practice, nothing glass that has broken has been salvageable or glue-able.

There is a possibility that this is for glueing glass before it’s broken. When you need to attach two pieces of glass, you grab glass glue first.

I just don’t see many cases where you are going to do that. I think there is no good case for glass glue.

What is the Point of Pi Network

I mostly dislike everything crypto. The hype, the price speculation and the cynicism are all distasteful to me. However, removed from these contexts of reality, the concepts and technology are interesting. Overall I think it is a good thing to have in the brain of the world.

One of these cryptocurrencies, Pi is somewhat unique. You mine it by checking into an app everyday, and based on the number of people you’ve invited seemingly, the more faster you get the Pi’s. It reminded me of Cookie Clicker in that you check in once a day and the number keeps going up. As of now, Pi is unusable and un-tradable. Additionally, everyone is still on the test net. We’ve been promised a full transfer to main net when it launches. I don’t know if that is normal or whatever.

So a good question is, what is the point of Pi coins? Its not worth anything and there aren’t a bunch of people trying to melt their power lines mining it.

Pi’s ultimate goal seems to be building a web of trust. They reward people for bringing people they know into it and working together, as opposed to a competition for proof of work. That sounds pretty lame, but at least a decentralized verification system is one of the prerequisites for any post-government data management and transport.

Think about the concept of a public key infrastructure (PKI). The best examples are SSL certificates – the things that out the S in HTTPS. When you connect to a web site, your connection is end to end encrypted. You know your data is going to the right destination because regardless of where it ends up, it can only be decrypted by the holder of the matching private key.

Since anyone can generate keys and certs the only way you know their particular one is legit is because it has been signed by a trusted entity who vouches for the legitimacy. That signing entity itself has had its signing legitimacy signed by an entity who has a root certificate.

The root certificate being the highest authority and thus most legitimate… is simply a certificate that has been signed by itself and no one else.

The only thing that gets those top level certificates to be accepted by your browser is being owned by members of a big circle jerk of companies — comprised of the most legit-ist names, made out of variations on words such as “verify” and “sign” — who recognize each other and occasionally sign off on each others’ child certificates.

So that is the web of trust. Each person on Pi functions as a root certificate, and they merely recognize and acknowledge the members of their circle to be continuously more or less the same entity over time. And that’s all that is needed to “authenticate” any one member of the whole network because those connections are public knowledge and the history is permanent.

I’ll write sometime about the ultra-exciting world of making your own PKI system for development servers. This blog is supposed to be about tech and dev stuff after all. It’s a great way to understand how certificates work and how they do what they do. You could write a bash script in a few hours that performs the exact same physical certificate services as Digicert or Thawte, both bajillion dollar companies. Or that gets close to Let’s Encrypt, a much more sane, more free and more comprehensive service provider.

Limits of Corporation-Sponsored Open Source

Recently Google announced that they are limiting Chromium’s access to private APIs meant for consumption by the Chrome browser.

Chromium is the free and open source “upstream” project that Chrome overlays proprietary features on top of to create their final commercial product. It contains code for consuming private apis. However, Google never intended for any third party distribution of Chromium browsers to ship with the binary pre-authenticated to these APIs.

To be clear, end-users can always build their own version using their own api keys to enable these features. Anyone can acquire these keys from Google for free. Additionally third party distributions are not blocked from having an end user supply their self-obtained keys to use in their distribution. The big sin was baking a set of keys into the distribution.

As a result Google has announced they “are limiting access to our private Chrome APIs starting on March 15, 2021.” I assume this means that they have canceled the offending keys. Including commercial product integration in open source software is a common practice. It is always preferable to the alternative. That is, limiting such integrations to propriety software.

Overall, this incident and the incredulous, annoyed response from Google employees has generated bad optics for Google. It’s not their fault that people view their actions as taking away some rights that they are entitled to. It is remarkable how easily people conflate a free service with a positive right.

Private APIs cost money to maintain and providing them for free does not mean they have an obligation to keep doing so. They do it because it suits their business case. There is no mystery surrounding that fact. I think imposing these limits as a statement is a dick move, but that is just my opinion. They provide these APIs at their own pleasure.

It is worth noting that Google are remedying the “problem” through non-aggressive means. These limitations are implemented purely at their own gates, not from within the Chromium project itself. Most importantly, they are not seeking to brandish the sadistic justice hammer of intellectual property at the offenders. They are simply refusing to provide a service which no one can force them to provide.

Though Google is a massive government-protected corporation riddled with the endemic natural “evils” that comes with that obligation, their early decisions to make Chromium open-source has been mutually beneficial for themself and the public. They have yet to use their status to threaten the open source community as far as I know, or change the openness of the license in response to an entity taking full advantage of that license. But I say this doing exactly zero research.

In contrast, Elastic recently decided to nerf their OSI license for Elasticsearch and Kibana changing it to the Butt-hurt That Other Corporations are Actually Treating it as Free Software License (SSPL). This was in response to Amazon continuously offering managed Elasticsearch hosting without “collaborating” with Elastic.

The idea of open source licenses has always seemed to me a last resort method of using IP laws to keep things free from IP laws. The ‘legal’ aspects of requiring attribution, while vain, is intended to keep the intentions of freeness transparent. By keeping a lineage of contributions it is harder to erase those intentions and close off the code. It is ironic to use coercive measures to ensure freedoms because it is not fully free if you have limitations on how to use it. As a result, the intentions can be misunderstood. It seems that nothing is truly free as long as we rely on the law to qualify freedom.

While I find this sort of interpersonal pettiness at the corporate level funny, nevertheless it is a good thing to support your average uncompensated package maintainers. Maintaining these codebases is a thankless unprestigious job that most developer-consumers take for granted. I recommend reading this blog post by François Zaninotto about deciding to stop maintaining the popular PHP Faker package to get an idea of what they go through.

PayPal and Coinbase

PayPal is going to buy Coinbase. It’s a guess but it would make sense.

First, eBay has recently dumped PayPal as their payment provider. I assume this is a big blow to PayPal as a large part of their business model is floating payments to merchants on eBay. Will people still put up with their bullshit when they aren’t the only game in town for the largest auction site? I’m guessing not.

Consider PayPal’s acquisition Braintree Payments.

Braintree was once a disruptive force in payment gateways. Their gateway emphasized ease of integration. Their documentation has a developer-friendly, SDK-first approach.

However, since their acquisition by PayPal, Braintree has frozen in time. There has been little innovation in their core product, with the exception of a new graphQL endpoint.

Worse, they have failed to implement international payments. Though they accept “local currencies,” these are still converted to US Dollars in the backend. They do not accept payment methods other than PayPal and credit cards. They lean heavily on PayPal integration to make the feature work.

Compare with their contemporaries Stripe. Stripe has a best-in-class API. Starting from a well-designed object model they’ve had no problem incorporating new payment methods and international currencies.

So why Coinbase? Easy: Coinbase is the PayPal of crypto. I have no objective basis for this claim. However, I observe both Coinbase and PayPal to be assholes who hold your money in a non FDIC-insured limbo at their leisure. Both companies face pressure from regulatory agencies and file 1099’s.

PayPal started playing with crypto in a very PayPal way. Arbitrary holds, transfer restrictions, hidden FAQs, closing your account, keeping your money for your own safety. Customers will not take them seriously until they let customers send and receive the currency they pay for.

A couple years ago, Coinbase was valued at upwards of 8 billion. Now they boast claims of 50 billion in crypto reserves.

Still, it should still be a drop in the bucket for PayPal (who at the time of writing has a market cap of $295 billion). Coinbase’s $50 billion in bitcoin is not fully liquid. Those are reserves that can’t be lent out for interest. Being the largest holder of the currency, converting large amounts of bitcoin to cash would lower its value just as fast as they could sell it. We will soon know more of Coinbase’s worth as their IPO progresses.

PayPal will want a win to recover from losing eBay while they’ve still got come clout. They are diversified enough to be able to sit on that coin money and not need to convince people to “invest” in it at all times.

Coinbase’s stablecoin is shit. Paypal Cash Plus accounts are the equivalent of a non-collateralized stablecoin that is guaranteed to be worth less than the fiat it represents (minus fees). Imagine if they could back that imaginary cash up with made-up coins that they control the largest supply of?


This is my first post. I am forcing myself to publish it, using no less.

I try to take notes when trying something new so I don’t have to learn it twice. I highly recommend it to anyone doing anything technical, especially if you don’t know what you are doing.

I’m good at not knowing many people who share my interests. The COVID-19 pandemic has intensified this.

Here’s a good quote:

I don’t consider this writing, I consider this thinking. I like sharing my thoughts and I like hearing yours and I like practicing expressing ideas, but fundamentally this blog is not for you, it’s for me. I hope that you enjoy it anyway.

Aaron Swartz,