This blog has moved to Medium

Subscribe via email

ATTENTION – This blog is moving to Medium

TL;DR – This blog is moving. This is how you resubscribe:



From the looks of this blog, you might think I haven’t blogged in a while. That’s not true.

I have been blogging for a few months on Medium.

I have two main feeds there:

  1. – everything I write is accessible there (including #2).
  2. – truth about the nature of reality.

Most of what I’ve written in the last few months belongs to the second category. I’ve been rather embarrassed and feeling pretentious, so I haven’t published most on my posts on Facebook. I thought “my friends wouldn’t care”. But the truth is, I write because I want to reach a large audience, and Facebook is one of my primary distribution outlets. I’m going to publish my truth on Facebook and embrace it.

This blog,, is ending. It might mutate to something else in the future, like a personal website. Or it might stay rigid. (In the meantime I’m planning to move it off WordPress and into some static/free hosting like Github Pages).

Thanks for reading, I hoped you enjoyed this blog, and hope you follow me on Medium.


For those who care why I’m moving: There are ups and downs to using Medium. The main downside is: I don’t “control my content” (although I do retain the legal rights). Mainly, I don’t get the SEO.

The upside: Zero maintenance costs, it just works, no comment spam, and I believe I can get ultimately more exposure there.

What is my superpower?

So, my birthday is tomorrow.
As a gift, I’m asking you to go in here and answer two questions:

1. What is my superpower.

2. What is my kryptonite.

Thanks in advance to anyone who complies.

(Some of you might remember this related post)

How not to use Google Authenticator

Followup to yesterday’s post on how someone hacked my gmail account:

If you choose to add Google Authenticator instead of SMS messages as a two-factor authentication scheme, be aware of the following:


There is a good chance you will add Authenticator as a “primary” authentication scheme, but SMS messages will remain as an alternative option.
This means that an attacker could always bypass Authenticator and just use SMS, which is weak with Pushbullet/any sync-SMS-to-desktop scheme.
If you sync your SMS messages to your phone, you have to make sure to remove SMS messages as an alternative authentication method, not just add Authenticator.

Thanks Eyal Brosh for alerting me to this fact.


Did someone just hack my gmail?

Update: See also this important followup.

Or: why 2-factor authentication is important, and how to use and misuse it.

This is a really important post, and everyone should read it. There’s even a bonus at the end.important

I’ve been using 2-factor authentication since forever now. A while ago, I had horrible security practices – I was basically using the same simple password everywhere “because it didn’t matter and I was lazy”.

Then, someone hacked into Pizza Hut’s website and got to my email. Not fun.

I’ve upgraded my security practices significantly since then. I use a very strong password, coupled with two-factor authentication. Sweet, right?

Well, it turns out there are edge cases.

My chosen method of doing two-factor auth was using SMS codes. Whenever I logged in to a service, a unique code was sent to me via SMS. Well, I recently started using the wonderful Pushbullet chrome extension that lets me send SMS messages from my laptop, and all kinds of wonderful thngs. Problem is: it’s a security hazard, especially when you’re using SMS as your two-factor component.

The whole point of two-factor auth is this: You separate your authentication into two factors: One thing you remember (password), and one thing you have (your phone). An attacker might take possession or guess one of these factors, but it’s much more difficult to simultaneously guess/know your password while having possession of your physical phone.

Using extensions such as pushbullet, or whatever equivalent thing Apple users do, defeats this purpose. If someone hacks into your computer and sniffs your password, they also have access to your phone because it’s synced to the computer. So they basically OWNz you.


So, my solution was to switch to the Google Authenticator app which is the standard solution to the problem I just described. Its purpose is to generate login codes in a secure way, and it is in no way synced to anywhere, so an attacker would still have to have your physical phone in order to use it. Problem solved, right?

Well, yes and no.

So the good news is that this covers most issues and works well most of the time. But, there are caveats. One major caveat is this: in some cases, if your phone is lost or damaged, you are fucked. Since the authentication isn’t based on something like a phone number / SIM card that you can recover if needed, but rather on an app that isn’t backed up anywhere by design … if your phone is lost you just cannot recreate these codes.

There are a few workarounds.

The common workaround is a “backup phone number“. You can enter a friend’s phone number (one that doesn’t use Pushbullet!), so that if your own phone is lost, you can contact your friend and have them help you log in.

Another, argubaly more secure alternative is backup codes. Now, this is rather advanced so I assume 99% of the people who use two-factor auth don’t do this, but you can prepare in advance and print out backup codes that help you login if your phone is lost. I haven’t been doing this systematically until now, but will start using them today on every supported service. Note: depending on your level of paranoia, you should keep this codes somewhere safe from burglars, loss, cats etc.


So, why did I pick today to start using backup codes? Because I was just hacked. Yes, me with all my paranoia… hacked.

What just happened? I don’t really know the full story.

TL;DR – I disabled my 2-factor auth for a few days for technical reasons. A hacker used this time to login into my account.

How do I know I was hacked? Because of this:


I just woke up to find two emails from Google that my account was accessed, one from Safari (which I never use), and another  from Android. These emails are normal when you log in from a new device, but these login attempts happened while I was asleep/busy and from a device I never use which is a big freaking warning sign. I’m lucky the attacker wasn’t able to use their access to delete these emails, because otherwise I wouldn’t have known the hack even happened.

Note: The key icon which indicates this is not a phishing attempt, but rather  the emails really came from Google. Note: the emails were addressed to “” and not “” or “”, but they were sent to – this is a detail that still puzzles me … if anyone can explain this inconsistency, they’ll earn my gratitude.

To summarize this post: Login security is still an unsolved problem. All the details I described above are way too difficult for the average user to bother  to understand and follow. Accounts are not safe, but you can significantly upgrade your security by learning and  applying some techniques. Stay safe.

P.S – Why did I disable 2-factor auth in the first place?

My primary phone had a malfunctioning GPS device, so I was having it fixed and I was using an alt phone. Before I put my phone in the repair shop, I had to switch my Google Authenticator from my primary phone to my alt one (you must do this for every account/service you use Authenticator with! Remember, you have to have your physical phone with you in order to login!)

The problem was that my alt phone was rather shitty and braindead. After a bit of usage, its charger outlet gave out, and now it can never be recharged again! As soon as I noticed this I made a mental note to myself that I need to keep a little bit of battery in order to move Authenticator apps from my alt back to my primary phone, after I get it back from the shop.

Once I got my primary phone, I realized the repair shop had formatted it completely, despite my explicit instructions (it’s Eline, don’t buy anything there!). Long story short, my alt phone with a working Authenticator was quickly running out of battery as I was trying to switch my Authenticator app to my new App. I was literally racing against time, because if my phone reached 0% battery then I would be locked out of my account. So in this race, I only had time to disable 2 factor auth, because installing the Authenticator app on my new formatted phone took a bit more time than I had battery left. I thought to myself “well, I’ll just turn off 2-factor auth for a few days, it won’t hurt … I have a strong password”. Well, guess I was wrong. In the 3 days since I did that, someone already hacked my account. I don’t know how, I had a working assumption that my laptop was mostly hacker free, but perhaps that’s not the case. In any case, another important thing you should take away (Luckily I already know this) – assume your laptop can be hacked, and don’t keep anything really important on it 🙂

P.S.S – Bonus

For those who survived this post until this point: A new website I just discovered and starting to use is You can check if your login information is found in any known major hacking, and get notified on future hacks. Here is how I was pwned:



So, apparently I had an account at (I didn’t even remember this), and this account was haccked on Feb 2014. It’s not really critical to me since I don’t use the same password there, but it’s still nice to know a little bit about known hacks that uncover my details. Are you pwned?

The Fractional Fractal

As I was running yesterday, this image flashed into my mind.

I believe I had never seen this fractal before. It is original.
It’s possible someone else discovered it, maybe even that I saw it somewhere. The mind works in mysterious ways.
But if that happened, I repressed the memory of seeing it.

In other words, I believe I came up with this one all by myself.

So, after seeing this image flashing in my head, I just had to make it a reality. To code it.
Some Googling led me to this awesome post on 7 awsome free tools for creating fractals. I tried out a couple of tools – they were awesome indeed! But they were too limited and could not produce the image that haunted me.

So, I turned to the basics. Coding it from scratch. Using Logo.

Logo was the first programming language I ever learned. My dad taught me how to code in Logo when I was a young kid. I don’t know how old I was, maybe 8 or 9. I had a 286 computer which was rad, because all the other kids had xt, except my friend who had a 386 powerhouse.

I never thought I would use Logo for anything. But yesterday, it was the best tool for the job.

So, here I present the code for Fractional Fractal. This Fractal represents the series of fractions 1/2, 1/3, 1/4, 1/5, 1/6…

Finally, I’d like to end this post with a thank you.

Thank you dad, for believing in me. For teaching a young kid how to program. How think. How to love math, logic, programming and reasoning. How to be analytical. This is a core part of myself that I owe to you. #StillYourKid.

<tears of joy>


My Awakening Experiences AKA Satori

Update: If you are able to read Hebrew, forget this post, and go read this. It is a much more useful description of an awakening experience.

I would like to tell you about two unique experiences in my life, unlike everything else I have ever experienced. These, I learned, are called “Satori” experiences.

Wikipedia says

In the Zen Buddhist tradition, satori refers to the experience of kenshō,[2] “seeing into one’s true nature”. Ken means “seeing,” shō means “nature” or “essence.”[2]

Satori and kenshō are commonly translated as enlightenment, a word that is also used to translate bodhi, prajna and buddhahood.



I don’t know about other people’s experience of satori, I can only tell you about my own. I can’t really describe them, reading about the experience pales in comparison to experiencing them.

My first satori happened about three years ago. It happened several days after my first ever intake of weed. I have no idea if that had anything to do with the experience or not, but I know it was a very small dose, I wasn’t feeling high or anything out of the ordinary in the days between my weed consumption and my satori experience. It felt like it didn’t affect me at all. And then satori happened.

I experienced utter bliss. I knew that my place in the world was right here, right now. Everything I did felt perfect. I could make no mistakes, even if I really tried. In fact, the very concept of mistakes didn’t make sense to me – anything that anyone ever did was perfect. It was what was needed at that time. I knew that I had a role  to play in the universe, and I was playing it perfectly. I was doing my important bit to progress the universe to its next, evolved state. I was important, not more than other people, but I was zoomed in on my own importance and felt that my existence mattered. I hardly needed sleep, for almost a week. I was going to sleep at 3 AM and waking up at 5 AM … just because my brain woke up me. I had to go do important work.

I was walking my dog in the garden, and felt how this moment was perfect. I had a headache from hardly sleeping for days, and the pain registered on my senses, but I felt that the pain is just a phenomenon I observed … it didn’t cause me any suffering whatsoever, it was just a signal from my body “I need more sleep”. Just something that was happening to my body, not to “my self”.

My second satori happened a few months ago, in Midburn, the Israeli Burning Man. It was a lot like the first one, with a few differences:

It was definitely unrelated to weed or any other drug. I am actually on a break from weed for the last few months, in order to diagnose my suspected bipolar symptoms, and I was clean when satori happened.

While the experience was similar to the first in that I felt the ultimate acceptance, peace, “All is well with the world and with my life” feeling … an interesting difference was that this time, I felt all kinds of what people usually describe as “negative emotions”. I was dancing alone in a crowded party, and felt alone. I felt afraid. I felt angry. The amazing thing, however, is that throughout feeling these so called  “negative emotions”, I simultaneously felt “This is still perfect. I am feeling exactly what I’m supposed to be feeling right now. The world is perfect. My life is perfect. I am supposed to feel alone right now, because I really didn’t connect to anyone in this party. I am supposed to be sad, or angry or whatever other emotion I was having”.

Usually when “negative emotions” arise, they are accompanied with a sense of  “damn, why I am feeling this right now. My life sucks”, or “I shouldn’t feel this right now, stop feeling it already!”. This time, my satori stayed through these strong emotions, and I was still feeling bliss coupled with all the other human emotions. Like my first satori, the second one lasted for a few days as well.

At first, after my first satori had ended, I felt quite alone. Nobody could understand what I went through. I failed to reproduce this ultimate high I had reached, and I couldn’t communicate what I felt. This year, something amazing happened. I met someone awesome who told me she’s had the same experience and me and told me the name “Satori” that categorizes this unique experience. She then followed to introduce me to a group of people who have had several different awakening experience, some of them having had dozens or more different satori experiences! I had people to talk to about this, and explore what they mean and how to see past them. I am still exploring this, I don’t have all the answers. But I’m seeking.

Looking for a UX designer to join my next project

I’m building a social network designed for Polyamory and non-monogamous relationships. Not going to elaborate a lot at this point, but: if you know a great UX/UI designer who is passionate about the subject and willing to work for percentages, let me know.

Details … when it’s ready 🙂

Synereo – the first fully decentraliezd attention-based social network

I would like to introduce you to Synereo, the world’s first fully decentralized, attention-based social network.

I wrote before about the need for a decentralized internet, which is rapidly being built. Synereo is building the social networking platform for that model. One important difference between them and other decentralized open source social networks (Diaspora anyone?) is that Synereo has an internal tradeable token that can be used to monetize the network, fund development, and attract users (free amps anyone?)

In a world where users are products, Synereo’s model turns users into active agents that get rewarded for the actions, content and attention.

I haven’t had the chance to really dig into their model or tech stack, although I know and highly appreciate the founder. The tech isn’t really ready yet, they are just raising funds now (the sale of ‘amps’ ends in 16 days).


* Disclaimer – I am not invested in Synereo, nor do I own any ‘amps’.