Bitcoin Miner Virus - How to Detect and Remove It (Update ...
The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster
This is a long one - TL;DR at the end!
If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players. First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).
Why You Should Care About Breaches
The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.
But wait, why would anyone want to use my password? I'm nobody!
It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated. By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account! If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.
How You Can Protect Yourself
Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way. First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!
You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles. Some notable choices to consider:
1Password - recommend by Troy Hunt, creator of Have I Been Pwned
LastPass - I use this at work and it's generally good
BitWarden - free and open source! I use this at home and in some ways it's better than LastPass
KeePass (and forks) - free, open source, and totally offline; if you don't trust "the cloud" you can trade away some more convenience in exchange for taking full responsibility of your password security (and backups)
Regardless of which one you choose, any of them is 100x better than not using one at all.
The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication). Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc. The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure. Notable choices to consider:
Authy - probably the first big/popular one after Google Authenticator came out (I think) - NOTE: They let you use it on your desktop/browser, too, but this is TOO much convenience! Don't fall for that trap.
LastPass Authenticator - conveniently links up with a LastPass account, some sites support extra features (like not needing to type a code, just answer a phone notification)
Yubikey - A real physical MFA device! Some models are compatible with phones, too.
Duo - this one is more geared towards enterprise, but they have a free option
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one. Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine. There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.
What Does This Have To Do With GameDev?
Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).
Secure Your Code
Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover! If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access. Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository! Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
Is my code doing anything "dangerous"? (system-level stuff, memory access, saving passwords anywhere)
Could someone get the keys to the kingdom (API key, server password, etc) by just opening Cheat Engine and looking at memory values? Or doing a strings/hex edit/decompile/etc on my game executable?
Am I using outdated libraries/framework/engine? Do they have any known security bugs?
Secure Your Computer
I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.
Lock your computer when idle - use a password (or PIN or face unlock or whatever your OS uses) - no one should ever be able to walk up to your computer and use it if you're not looking, nor should they be able to get in if they grabbed your closed laptop off the table at starbucks (thanks u/3tt07kjt for reminding me of this one)
Use full disk encryption (especially on laptops)
Update your OS for security updates ASAP
Use anti-virus (yes, Windows Defender is fine) and keep it updated
Update your web browser ALWAYS (this is your 99% chance attack vector, so don't postpone it!)
Don't install browser extensions that you don't need - a LOT of extensions are either malware from the start or become malware later (my favorite emoji extension started mining bitcoins, FFS!) - check reviews regularly after extensions update
DO use adblock and privacy extensions - ads are a common attack vector - I recommend uBlock Origin and Privacy Badger at a minimum (note that some legit sites can break and so you'll have to fiddle with settings or whitelist)
Don't open suspicious or unknown links on e-mail, social media, discord, etc (be sure to hover over the links in this post before clicking them)
Don't open attachments, ever - unless you were expecting it from that person at that time
Don't fill out ANY forms (comments, login, registration, etc) on websites that don't have HTTPS (secure) connection - your browser will show this in the address bar, usually
In general, be suspicious of everything that comes from people you don't know - and even from people you do know if it was unexpected
E-Mail is (probably) the least secure form of communications ever invented - so try not to use it for sensitive things
Secure Your Website
I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site and they are relevant even if you don't use DO for your servers.
Use HTTPS (SSL/TLS) secure connections - it's FREE and EASY thanks to Let's Encrypt
KEEP EVERYTHING UPDATED - automate as much as you can
If you have control over the server, you MUST update the OS, the web server, and any backend application servers/languages/frameworks involved. Equifax breach was due to having out of date server software. BMG breach was worsened by having out of date server software. YOU MUST STAY UPDATED, ALWAYS
Don't store sensitive personal information - it's a huge pain to be PCI compliant, it's a huge fine if you mess it up - avoid storing any customer information that you don't actually need (see also: GDPR )
Do not allow access to SSH/Remote desktop/Database services from the whole world; the general public should only ever be able to reach ports 80 and 443 on your web server (and 80 should permanently redirect to HTTPS)
Use SSH keys instead of passwords on Linux servers
Don't run your own email server - it's just not worth it; use google apps for business, office 365, zoho, or something else for business email
Secure your domain registrar account! Don't lose your domain to a bad password or lack of MFA/2FA or an old email address! If your registrar doesn't support actual security then transfer to one that does. (namecheap, namesilo, google domains, amazon aws route53, even godaddy, the absolutely worst web company, has good security options)
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.
That's it, for now
I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.
TL;DR (y u words so much??)
Use a password manager so you can have different, random, secure passwords on every account on every website/service/game
Use MFA/2FA on every account, if possible
Lock your computer when idle/away
Use full disk encryption on laptops
Update your operating system (we all hate Windows Update, but it really is for our own good)
Use anti-virus (Windows Defender is fine)
Update your browser
Use good adblockeprivacy blocker browsers extensions
Don't use browser extensions that you don't really need (they could be a trojan horse of bitcoin mining later)
Don't trust anything sent by anyone, unless you were expecting it and know it's safe
E-mail is the least secure form of communications in use these days; don't trust it for sensitive things
Use source control for your game code (git, mercurial, etc)
Lock down access to your source code
Don't put secrets (passwords, API keys/tokens, social security numbers, credit card numbers) in your code repository
Don't do dumb things like store your AWS keys in your game for players to just find with simple tools
Check your code dependencies for security bugs, update them when needed
Use HTTPS on your website
Update your web server OS and software
Use secure password storage (don't reinvent this wheel, it's been solved by way smarter people)
Use SSH keys instead of passwords for Linux servers
Use a firewall to block the world from getting in with SSH/Remote desktop/database direct connections
Only allow your own IP address (which can change!) into the server for admin tasks
Don't run your own email server, let someone who knows what they are doing handle that for you
Secure your domain registrar account, keep email address up to date
... in general... in general... in general... I sure wrote those 2 words a lot.
Why Should I Trust This Post?
Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things. If you want my appeal to authority answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products. Edit: Fixed some typos and added some more links More edit: added a few more points and links
“This person does not exist, huh?” Another empty Saturday of my recently unemployed schedule slides by without a thought as to appointments to keep. My finger slides endlessly through Reddit’s constantly generating front page, all concern to the content long gone. I tap the link and find a website that purports presenting randomly generated faces. I’ve not exactly the sharpest attention to detail so at first the randomly generated faces seem normal to me. Eventually, even the dimmest eye can begin to discern uncanny features on the randomly generated faces. Ridges over eyes are too pronounced and the skin appears wrinkled in some places and smooth in others. Irises differ in shape and size and sometimes even color. That’s just the little stuff. Refresh the page over again long enough and you start to come across aberrations such as glasses that don’t connect to their lenses or hats that do not cast a shadow. Scroll long enough and you are lucky to come across the blatant abominations of a soulless AI that only such a program could create. Facial features appear deformed and broken, melding into their surroundings in a discolored and melting mess. Companions of the photograph’s focus are inhuman monsters with mouths sutured shut and eyes that stare emptily into your soul. You know- basic computer fun. That being said, it grows old real fast to a mind that has been nurtured into a desire for instant gratification and a desire for entertainment. I click out of the new tab and go back to scrolling Reddit. The message hits my iPhone with a sharp ring and a notification box slips out of the top of the screen. Jay: Hey, can I borrow a phone-charger adapter? All mine are in use right now. I roll my eyes though its not exactly a great burden on my back. Me: Sure, but you need to come down here. I hear the ceiling above creak and squeak as my upstairs neighbor hoists himself off of his couch and walks across his living room floor. My apartment is an old building, full of the wear and tear of a building from a fading age, built in a rural area in expectation of local development that never came. I hear the upstairs door open and shut, and the stairs outside rattle with Jay stomping down the stairs. He knocks on the door twice and then comes inside without invitation. In the two years that I’ve lived in this apartment, Jay’s the only one that I’ve become on a first-name basis with. I’ve always had a hard time making friends due to general social awkwardness, but Jay seemed invulnerable to any sense of shame or ability to sense offense. Eventually, he wormed his way into my affections, despite being nearly ten years older, through sheer persistence and ignorance. “Hey man,” Jay says with a friendly smile that changes a bad case of resting bitch face to a welcoming warm glow. “Is it in your spare drawer?” Jay was an imposing man that was somewhere between muscular and chubby and had a pair of horn-rimmed glasses dangling from the collar of a dusty blue button-up. His hair was beginning to migrate from the middle of the top of his head to an ever thickening beard that would rival that of any philosopher. “Yup.” I nod, returning his gesture. “In the kitchen.” “Cool.” Jay nods and slips his flip flops off and walks into the kitchen at a near jog. “Hey, I’m going to Family Fare later, do you wanna go along?” I shrug, “Sure. I need to get some rice.” I go back to my phone and then glance back at him. “Ooh, some steak also.” Jay comes out of my kitchen with a outlet-USB adapter cradled in his left hand. “Cool, I’ll text you.” He begins going for the door before I interrupt him. “What are you working on today? You seem too excited to be designing a website for a church.” Jay’s smile returns with an intensity to rival the sun. “Oh yeah, I don’t think I’ve told you about it yet.” He holds out his hands, both flat, though his left one cradled the USB adapter under his thumb. “Alright, picture this. Only you are the one who knows your schedule, right? Or how hot you like your room at night, right?” He pauses enough for a half nod on my part, but quickly continues. “Alright, now imagine that you can clone a little copy of all your little likes and dislikes and install it onto a server that runs your smart home, after bundling it with an AI. Then, this little copy of you could do everything that you want to do on a digital basis, making your life way easier!” He stops and stared at my face. “Isn’t that the plot of a Black Mirror episode? Maybe a bunch of them?” I ask, blurting out the first thing on my mind. Jay seemed confused for a moment, then shrugged, “Is that the technology Twilight-Zone thing you keep trying to get me to watch?” I nod in reply and Jay gives me a sidelong glance. “They haven’t done it though, right? Like in real life?” “I don’t think so.” I say with a shrug. “I don’t even think they have the capability to design commercial AI yet though.” “I’m not concerned about what they can do.” Jay says with a dismissing wave. “The idea is still potentially profitable, right?” “I guess.” I reply and Jay’s smile returns. “But what about the ethical and moral problems of creating a being capable of understanding reality, adding a person to it, then trapping them into a role. Isn’t that similar to creating life just to subject it to slavery?” Jay holds both his hands up in mock defense without dropping his smile, “Woooah, Mister Philosopher over here. I don’t care about that stuff, come on. Plus I’m gonna create safeguards against that stuff.” “Whatever, man.” Shaking my head, I scroll back up to the link to the web page in my history. I open up the randomly generated face of an elderly Asian woman and then turn the phone around to show Jay. “Hey dude, what do you think of this?” Jay steps forward and takes the phone into his hand. “Looks like a face. Looks like its been messed with a bit on Photo-shop or something.” He turns it back around. “Like the nose is too elongated here.” He points to the left nostril. “What about it?” “Hit refresh.” I say and he taps the button. The page reloads and another face shows up. This time, its a young black woman with a companion whose face is distorted beyond any recognizable parameter as a human. “Wow.” Jay says and taps the button again. He tosses the phone back to me and it drops onto my lap, showing a picture of a redheaded man, smiling with a flesh-colored hat. “That’s crazy stuff right there dude, I wouldn’t mess around with it too much.” I smile, “What do you mean?” “Looks like a viral site or something. Trust me, just don’t mess around with it.” “Viral?” I begin as Jay slides on his flip flops. In place of his usual smile is now a gruff expression, him appearing lost in thought. I continue on, sitting up. “Isn’t iOS sand-boxed to hell? How would I get a virus from a site on Reddit’s front page without someone commenting about it?” “Trust me, Peter.” Jay’s rough tone takes me by surprise. “I don’t know very much, but I know what I’m saying when I say that you should stay off that page.” He opens the door and then walks out without another word. I snort and press the sleep button, letting the generated man’s face sink into darkness and drop the phone onto the floor next to the couch. Getting up, I head to the kitchen and begin sorting through my cupboards and refrigerator, searching for food items I’m going to need. Milk, beans, apples, etc. Knowing I’m going to need to make a list, I head back into the living room and snag my phone from the living room floor. After typing in my pass code, the man’s face reappears. I snort again while walking into the kitchen. I grew up with this stuff. It’s not like I don’t recognize a viral download when I see one. Where’s the Trojan download request, or pop-ups? I think to myself. I refresh the page again just for laughs. A smiling Caucasian smiles at the camera, fairly normal in appearance. There is, of course, a blue mucoid blob next to her in frame, but all in all there is nothing sinister or dark about this. No real Nosleep material, as it were. I close out of the tab and tap out a list of things to buy with my dwindling savings. Hopefully my unemployment would get sorted out soon. I’ve never gone on unemployment before and my father, who had some knowledge of the law, said my case seemed ideal for it. The thought of what Jay had said begins to irk me slightly. Does he think that I’m a dumbass or something? I need paper towels too. I tap that into my list. I know that I’m not great at detecting tone or hidden meanings behind words, but it seems weird that Jay would say that to me. Toilet paper? No, I’m good at that. Same as toothpaste and floss. I do need mouthwash, though. There’s no way that’s a virus. I think. Sighing, I finish up my list and open up Safari again. I navigate to the list of comments below the link. Scrolling down, I see no comments about malicious software or hackers or anything like that. Just Imgur links to disconcerting results and threads mocking the realism of the pictures. Setting down the phone on my coffee table, I grab the remote to my TV and flipped it on. Grabbing the GameCube controller hooked up to my Switch and turned the console on and try to idly explore Hyrule in Breath of the Wild, but my mind is occupied too much to be distracted. Minutes pass by and my mind begins to delve into all the bad possibilities, like that I had offended Jay, or perhaps he did really think I was that stupid- as my mind is apt to wander. “Ugh.” Groaning, I finally set the controller down and go to the door for my beat up hi-tops. Jay’s pretty hard to offend and he knows me pretty well, so he wouldn’t think it is too weird if I asked for clarification about his statement. I walk out into the hallway and close the door behind me. Sure is cold out today. I think, even though a quick glance to the double glass doors at the front of the complex confirms they are both shut. The trip upstairs is quick and I knock on Jay’s door. “If it’s Peter, then come in!” A voice calls from within. Opening the door, I step into an apartment far more cluttered than my somewhat minimalist interior design. Stacks of manuals and technical magazines clutter the floor, intermixed with CDs in jewel cases and USB sticks. Old laptops are stacked on top of computer towers along the back wall on either side of a couch that is clear enough for a blanket and pillow, both of which are oddly neat and folded. In the center of the living room are three plastic totes spilling over with green computer components, neatly bundled cords and wires, and random adapters and such. As long as I’ve been friends with Jay, I’ve never actually set foot in his apartment. I’ve seen the inside, but we always hang out at my place. “Jay, where are you?” I call out over the quiet hum of box fans spraying cool air all over the room. The window is open, despite it being winter. “In the bedroom!” Jay replies and I head for the door before Jay steps out and shuts it behind him. In the glimpse that I have of his bedroom, I see boxes on shelves with blinking lights and neatly arranged cords that I can only conclude is some kind of server setup or something. “Jeez man, are you mining bitcoin or something?” I ask half-jokingly, but Jay shakes his head. “Naw. That become unprofitable a few years back. What’s up?” “Listen Jay, I was just wondering about what you said. I don’t want you to think I meant offense if I offended you about-” Jay interrupts me with an upheld hand. “I figured you were coming in about that. I shoulda phrased it better. I’m sorry.” He says with an apologetic frown. “It’s nothing.” I reply and pause, “But what is so wrong about that site? I couldn’t find anything about it. I mean, it just seems like...” I trail off, waiting for a response. Jay sighs and shakes his head, “Listen, you don’t like math or stuff like that, right?” I shake my head but continue before he says anything, “No, but I’m pretty curious about this.” Jay looks away reluctantly and then speaks. “Okay, listen. The site that you showed me has a program that generates a randomly-featured face, right?” “Okay?” I say. Jay moves to the couch and grabs his pillow and blankets in a nice stack. He removes them to the top of the plastic totes and takes a seat. After waiting for me to sit, he continues, lacking any of the excitement that he usually gets about technology. “When the program blends faces together, it gets what appears to be on the surface, a new face. Depending on the sample size of the data fed into the database the program pulls from, any type of face could be generated. The number of possibilities goes up with each entry into the system.” “So what?” “So, if a large enough sample size exists, and a large enough amount of randomized features exist, then the output has, for our purpose, an infinite number of possibilities.” “But it’s not infinite. For it to be infinite-” Jay interrupts me with a nod, “Yeah, yeah, but for OUR purpose, its infinite.” “Okay?” “So eventually, given enough time, the system will generate a face that is identical to a face that is in reality, right? Even with all the distortions and whatever, eventually one will get created, right?” “Given enough time.” I quote him back his own condition. “Yup. The more people messing with it, the more that it has the chance to output a real value.” “So why does any of this matter? Are you gonna tell me the person stops existing?” I begin to chuckle but stopped when I see him shaking his head sadly. “What, Jay?” I tease, less joyfully than I had. “You superstitious?” Jay reaches into the pocket of his sweats and pulls out an iPhone. Typing on the screen, he quickly pulls up the website and points to the URL. “You see the name of the website?” “Yeah. What about it?” Speaking with a shrug, I watch his face grow deadly serious. With a few taps, Jay opens a window to the side of the website filled with what I surmise is the code for the operation. “Do you see all this?” Jay taps a few places on the text-filled window and then flips it to show me a bunch of meaningless brackets, colons and equal signs intermixed with words. “Yeah, its just code.” “Okay.” Jay says. He taps something on the screen a few times, sets the phone down and mumbles something that sounds like “I guess I trust him.” He reaches forward and taps me on the nose. “Boop!” A small shock that feels like a static discharge burns my nose and I recoil.” Ow. “What was that for?” I calmly ask, beginning to grow pissed off. Without a word, Jay lifts his phone and shows me the text window. Strange symbols and letters formed from slashes and grammar symbols appear to be intermixed with the code now. They seem almost to project themselves from the screen in an odd mimicry of a 3-D movie. It’s hard to see the text behind it, or even anything as my focus is locked onto the floating runes. They seem to float out of the screen, growing brighter and brighter as reality grows dim. Then Jay shuts the screen off. I have to blink a few times to clear my vision of the etched symbols. “Wow. Wow. WOW.” I begin to stutter out, but Jay snaps his fingers in front of my face to reclaim my attention. “I might as well go all the way.” Jay says with a shrug. “The name of the website is something called a ‘True Statement’ in that it is unconditionally true. It’s always true that the output of the website does not exist. So if the output is a real person, than that person ceases to exist, with all effects and differences they’ve made in reality changing with them. Reality has already changed six times since this thing was created. When you showed it to me, it seemed off so I came up and checked the source code.” “What? What do you-” I interrupted, but Jay kept speaking. “These symbols are, at a basic level, magical spells in the code that do stuff. This was created by someone bad.” “How do you even know all of this?” I asked and he shrugged. “I’m good with magic. I mean, technology makes it way easier than it used to be. I stare at him stunned. I regret the first thing that rolls out of my mouth. “So I guess you could say you are a tech wizard, huh?” Jay stares at me, mouth hanging open. “Are you serious?” He stands up, gesturing with his hands frantically. “That’s your response to this? A pun?” He puts his hand on his forehead. “I was freaking out about someone finding this out, but...” he trails off. “So now what?” I ask. Part two here: https://www.reddit.com/nosleep/comments/arnhwt/tech_wizard_part_2/
DXCHAIN: big data meets blockchain (development progress)
Dxchain is world's first decentralized big data and machine learning network powered by a computing-centric blockchain. Let's discuss it's development progress and project updates. Dxchain is now an open source - debut of godx You guys may be wondering “What’s Godx? What are the contents and features of the open-source code? What does open source really mean?” What’s Godx? Godx is a blockchain project written by the DxChain team using Go. Currently, it supports 64-bit Linux and MacOS operating systems. It not only implements the common blockchain ledger system, but also implements a large-scale distributed storage system. Compared to traditional storage service providers, Godx is based on the blockchain tech that can provide users with more transparent, secure and efficient distributed storage services. How can I access Godx open source? DxChain’s full open-source code for testing Network 3.0 is hosted on DxChain’s GitHub. Click this link to get the code: https://github.com/DxChainNetwork/Godx Why open source? In the blockchain world, code is law, and it forms the community consensus on the blockchain. From now on, the DxChain Godx project is open source, which means that any engineer familiar with the go language can access the code through the provided link. This allows them to review its internal implementation logic, verify and modify the code, and compile their own executable file. It also means that no Trojan or backdoor virus can hide in the program to ensure that the project runs in a completely open and safe environment. The DxChain team is willing to work with community members to maintain this code-based law and build a healthy developer ecosystem. Currently, DxChain uses GitHub as a platform for all code development and management. Starting today, the code modification and upgrade of all subsequent DxChain project developments will be carried out in a completely open and transparent environment. We welcome the supervision and inspection of team members from the global community. We will use actions to prove that DxChain is serious about its open-source code. I hope that every technology enthusiast can provide us with more valuable suggestions in order to improve our decentralized storage ecosystem! What’s inside the Godx open source code? The Godx project is written in Go language and contains 1,706 go language source files, totaling 738,531 lines of code, which was developed by 8 main engineers. (For detailed indicators, please refer to GitHub statistics: https://github.com/DxChainNetwork/Godx/pulse The main module of the program includes general blockchain templates such as account, consensus, core, miner, p2p, rpc and evm, in addition to storage contract modules such as a storage client for storageclient and storagehost. The high-quality code isn’t the only thing that makes this project outstanding. We believe that a clear and detailed document is equally as important in order to get developers started. The DxChain team provides community developers with detailed development updates and usage documentation. Throughout the project, use the tutorial found in the README.md document (https://github.com/DxChainNetwork/Godx). Developers can easily configure and install Godx code and experience DxChain storage and mining functions. What are the features of the Godx project? The DxChain team has always been committed to using blockchain technology to provide solutions for data storage and computing problems. We will elaborate on the various futuristic tech innovations used in the project and bring you a taste of the future. This article will briefly introduce the following three aspects: EVM smart contracts, lightning network storage protocol and fast verification algorithm. Compatibility with EVM Virtual Machine In the smart contract solution, the Ether-compatible virtual machine has 3 unique advantages. It is Turing complete, has DAPP development based on smart contracts, and its EVM platform is situated in the mainstream. The DxChain team has expanded ethereum’s original EVM and added a storage contract function while still being compatible with the original virtual machine commands. Therefore, developers can use both EVM and storage contract functions. The original Ethereum DAPP developers can directly compile the source code of their APP into Godx with almost no modification, which greatly reduces the development cost for the majority of developers. Lightning Network Storage Protocol Since its launch, Lightning Network had the expectation to improve bitcoin transaction speed and scalability. In the algorithm of the offline file contract, the DxChain team also adopted a protocol similar to the lightning network channel. We call it the storage protocol. The storage protocol allows two parties who store the same file in the main chain to sign the contract, carry out the pledge fund and follow up on many detailed activities (such as uploading/downloading files) that can be implemented offline until the funds are settled by both parties. This means that even if there are huge files in the network that need to be stored, it can be quickly completed, without affecting the main chain, greatly improving storage performance and throughput efficiency. Compatibility with EVM Virtual Machine In the smart contract solution, the Ether-compatible virtual machine has 3 unique advantages. It is Turing complete, has DAPP development based on smart contracts, and its EVM platform is situated in the mainstream. The DxChain team has expanded ethereum’s original EVM and added a storage contract function while still being compatible with the original virtual machine commands. Therefore, developers can use both EVM and storage contract functions. The original Ethereum DAPP developers can directly compile the source code of their APP into Godx with almost no modification, which greatly reduces the development cost for the majority of developers. Zero-second file storage verification algorithm Through the specially designed Merkle Tree algorithm, the DxChain team implemented a zero-second network-wide method based on file storage verification. Compared to other algorithms, this algorithm saves necessary network interaction time, so that the acceptance speed of large files can be kept within milliseconds. Through this verification algorithm, all file storage will be efficiently verified by the entire network, in order to eradicate hackers. The DxChain project is unique because of the achievements and improvements made by our team of talented engineers. In the future, we aim to release a series of analytical articles to provide an in-depth explanation of DxChain’s open-source code. Please stay tuned! Conclusion Finally, the DxChain team would like to thank all of the supporters who accompanied us. Godx Open Source showcased the transformation of DxChain from being a team leading project to one that is driven by the community. Everyone is welcome to provide us with valuable comments or suggestions by reporting an issue on GitHub. Every bug report and algorithm proposal will help DxChain’s development. We look forward to developing with DxChain's global community in the future, building a win-win, healthy developer ecosystem with continuous technological innovation, and leaving a permanent mark on the blockchain world. Please share your views and suggestions Here is the website link: https://www.dxchain.com/
Why is Blockstream CTO Greg Maxwell u/nullc trying to pretend AXA isn't one of the top 5 "companies that control the world"? AXA relies on debt & derivatives to pretend it's not bankrupt. Million-dollar Bitcoin would destroy AXA's phony balance sheet. How much is AXA paying Greg to cripple Bitcoin?
Typical semantics games and hair-splitting and bullshitting from Greg. But I guess we shouldn't expect too much honesty or even understanding from someone like Greg who thinks that miners don't control Bitcoin. AXA-owned Blockstream CTO Greg Maxwell u/nullc doesn't understand how Bitcoin mining works
Mining is how you vote for rule changes. Greg's comments on BU revealed he has no idea how Bitcoin works. He thought "honest" meant "plays by Core rules." [But] there is no "honesty" involved. There is only the assumption that the majority of miners are INTELLIGENTLY PROFIT-SEEKING. - ForkiusMaximus
Adam Back & Greg Maxwell are experts in mathematics and engineering, but not in markets and economics. They should not be in charge of "central planning" for things like "max blocksize". They're desperately attempting to prevent the market from deciding on this. But it will, despite their efforts.
Gregory Maxwell nullc has evidently never heard of terms like "the 1%", "TPTB", "oligarchy", or "plutocracy", revealing a childlike naïveté when he says: "‘Majority sets the rules regardless of what some minority thinks’ is the governing principle behind the fiats of major democracies."
People are starting to realize how toxic Gregory Maxwell is to Bitcoin, saying there are plenty of other coders who could do crypto and networking, and "he drives away more talent than he can attract." Plus, he has a 10-year record of damaging open-source projects, going back to Wikipedia in 2006.
https://np.reddit.com/btc/comments/4klqtg/people_are_starting_to_realize_how_toxic_gregory/ So here we have Greg this week, desperately engaging in his usual little "semantics" games - claiming that AXA isn't technically a bank - when the real point is that: AXA is clearly one of the most powerful fiat finance firms in the world. Maybe when he's talking about the hairball of C++ spaghetti code that him and his fellow devs at Core/Blockstream are slowing turning their version of Bitcoin's codebase into... in that arcane (and increasingly irrelevant :) area maybe he still can dazzle some people with his usual meaningless technically correct but essentially erroneous bullshit. But when it comes to finance and economics, Greg is in way over his head - and in those areas, he can't bullshit anyone. In fact, pretty much everything Greg ever says about finance or economics or banks is simply wrong. He thinks he's proved some point by claiming that AXA isn't technically a bank. But AXA is far worse than a mere "bank" or a mere "French multinational insurance company". AXA is one of the top-five "companies that control the world" - and now (some people think) AXA is in charge of paying for Bitcoin "development". A recent infographic published in the German Magazine "Die Zeit" showed that AXA is indeed the second-most-connected finance company in the world - right at the rotten "core" of the "fantasy fiat" financial system that runs our world today.
Who owns the world? (1) Barclays, (2) AXA, (3) State Street Bank. (Infographic in German - but you can understand it without knowing much German: "Wem gehört die Welt?" = "Who owns the world?") AXA is the #2 company with the most economic poweconnections in the world. And AXA owns Blockstream.
Blockstream is now controlled by the Bilderberg Group - seriously! AXA Strategic Ventures, co-lead investor for Blockstream's $55 million financing round, is the investment arm of French insurance giant AXA Group - whose CEO Henri de Castries has been chairman of the Bilderberg Group since 2012.
https://np.reddit.com/btc/comments/47zfzt/blockstream_is_now_controlled_by_the_bilderberg/ So, let's get a few things straight here. "AXA" might not be a household name to many people. And Greg was "technically right" when he denied that AXA is a "bank" (which is basically the only kind of "right" that Greg ever is these days: "technically" :-) But AXA is one of the most powerful finance companies in the world. AXA was started as a French insurance company. And now it's a French multinational insurance company. But if you study up a bit on AXA, you'll see that they're not just any old "insurance" company. AXA has their fingers in just about everything around the world - including a certain team of toxic Bitcoin devs who are radically trying to change Bitcoin:
And ever since AXA started throwing tens of millions of dollars in filthy fantasy fiat at a certain toxic dev named Gregory Maxwell, CTO of Blockstream, suddenly he started saying that we can't have nice things like the gradually increasing blocksizes (and gradually increasing Bitcoin prices - which fortunately tend to increase proportional to the square of the blocksize because of Metcalfe's law :-) which were some of the main reasons most of us invested in Bitcoin in the first place. My, my, my - how some people have changed!
Greg Maxwell used to have intelligent, nuanced opinions about "max blocksize", until he started getting paid by AXA, whose CEO is head of the Bilderberg Group - the legacy financial elite which Bitcoin aims to disintermediate. Greg always refuses to address this massive conflict of interest. Why?
Previously, Greg Maxwell u/nullc (CTO of Blockstream), Adam Back u/adam3us (CEO of Blockstream), and u/theymos (owner of r\bitcoin) all said that bigger blocks would be fine. Now they prefer to risk splitting the community & the network, instead of upgrading to bigger blocks. What happened to them?
AXA would be exposed as bankrupt in a world dominated by a "counterparty-free" asset class like Bitcoin.
AXA pays Greg's salary - and Greg is one of the major forces who has been actively attempting to block Bitcoin's on-chain scaling - and there's no way getting around the fact that artificially small blocksizes do lead to artificially low prices.
AXA kinda reminds me of AIG If anyone here was paying attention when the cracks first started showing in the world fiat finance system around 2008, you may recall the name of another mega-insurance company, that was also one of the most connected finance companies in the world: AIG.
Falling Giant: A Case Study Of AIG What was once the unthinkable occurred on September 16, 2008. On that date, the federal government gave the American International Group - better known as AIG (NYSE:AIG) - a bailout of $85 billion. In exchange, the U.S. government received nearly 80% of the firm's equity. For decades, AIG was the world's biggest insurer, a company known around the world for providing protection for individuals, companies and others. But in September, the company would have gone under if it were not for government assistance.
Bernanke did say he believed an AIG failure would be "catastrophic," and that the heavy use of derivatives made the AIG problem potentially more explosive. An AIG failure, thanks to the firm's size and its vast web of trading partners, "would have triggered an intensification of the general run on international banking institutions," Bernanke said.
http://fortune.com/2010/09/02/why-the-fed-saved-aig-and-not-lehman/ Just like AIG, AXA is a "systemically important" finance company - one of the biggest insurance companies in the world. And (like all major banks and insurance firms), AXA is drowning in worthless debt and bets (derivatives). Most of AXA's balance sheet would go up in a puff of smoke if they actually did "mark-to-market" (ie, if they actually factored in the probability of the counterparties of their debts and bets actually coming through and paying AXA the full amount it says on the pretty little spreadsheets on everyone's computer screens). In other words: Like most giant banks and insurers, AXA has mainly debt and bets. They rely on counterparties to pay them - maybe, someday, if the whole system doesn't go tits-up by then. In other words: Like most giant banks and insurers, AXA does not hold the "private keys" to their so-called wealth :-) So, like most giant multinational banks and insurers who spend all their time playing with debts and bets, AXA has been teetering on the edge of the abyss since 2008 - held together by chewing gum and paper clips and the miracle of Quantitative Easing - and also by all the clever accounting tricks that instantly become possible when money can go from being a gleam in a banker's eye to a pixel on a screen with just a few keystrokes - that wonderful world of "fantasy fiat" where central bankers ninja-mine billions of dollars in worthless paper and pixels into existence every month - and then for some reason every other month they have to hold a special "emergency central bankers meeting" to deal with the latest financial crisis du jour which "nobody could have seen coming". AIG back in 2008 - much like AXA today - was another "systemically important" worldwide mega-insurance giant - with most of its net worth merely a pure fantasy on a spreadsheet and in a four-color annual report - glossing over the ugly reality that it's all based on toxic debts and derivatives which will never ever be paid off. Mega-banks Mega-insurers like AXA are addicted to the never-ending "fantasy fiat" being injected into the casino of musical chairs involving bets upon bets upon bets upon bets upon bets - counterparty against counterparty against counterparty against counterparty - going 'round and 'round on the big beautiful carroussel where everyone is waiting on the next guy to pay up - and meanwhile everyone's cooking their books and sweeping their losses "under the rug", offshore or onto the taxpayers or into special-purpose vehicles - while the central banks keep printing up a trillion more here and a trillion more there in worthless debt-backed paper and pixels - while entire nations slowly sink into the toxic financial sludge of ever-increasing upayable debt and lower productivity and higher inflation, dragging down everyone's economies, enslaving everyone to increasing worktime and decreasing paychecks and unaffordable healthcare and education, corrupting our institutions and our leaders, distorting our investment and "capital allocation" decisions, inflating housing and healthcare and education beyond everyone's reach - and sending people off to die in endless wars to prop up the deadly failing Saudi-American oil-for-arms Petrodollar ninja-mined currency cartel. In 2008, when the multinational insurance company AIG (along with their fellow gambling buddies at the multinational investment banks Bear Stearns and Lehmans) almost went down the drain due to all their toxic gambling debts, they also almost took the rest of the world with them. And that's when the "core" dev team working for the miners central banks (the Fed, ECB, BoE, BoJ - who all report to the "central bank of central banks" BIS in Basel) - started cranking up their mining rigs printing presses and keyboards and pixels to the max, unilaterally manipulating the "issuance schedule" of their shitcoins and flooding the world with tens of trillions in their worthless phoney fiat to save their sorry asses after all their toxic debts and bad bets. AXA is at the very rotten "core" of this system - like AIG, a "systemically important" (ie, "too big to fail") mega-gigantic multinational insurance company - a fantasy fiat finance firm quietly sitting at the rotten core of our current corrupt financial system, basically impacting everything and everybody on this planet. The "masters of the universe" from AXA are the people who go to Davos every year wining and dining on lobster and champagne - part of that elite circle that prints up endless money which they hand out to their friends while they continue to enslave everyone else - and then of course they always turn around and tell us we can't have nice things like roads and schools and healthcare because "austerity". (But somehow we always can have plenty of wars and prisons and climate change and terrorism because for some weird reason our "leaders" seem to love creating disasters.) The smart people at AXA are probably all having nightmares - and the smart people at all the other companies in that circle of "too-big-to-fail" "fantasy fiat finance firms" are probably also having nightmares - about the following very possible scenario: If Bitcoin succeeds, debt-and-derivatives-dependent financial "giants" like AXA will probably be exposed as having been bankrupt this entire time. All their debts and bets will be exposed as not being worth the paper and pixels they were printed on - and at that point, in a cryptocurrency world, the only real money in the world will be "counterparty-free" assets ie cryptocurrencies like Bitcoin - where all you need to hold is your own private keys - and you're not dependent on the next deadbeat debt-ridden fiat slave down the line coughing up to pay you. Some of those people at AXA and the rest of that mafia are probably quietly buying - sad that they missed out when Bitcoin was only $10 or $100 - but happy they can still get it for $1000 while Blockstream continues to suppress the price - and who knows, what the hell, they might as well throw some of that juicy "banker's bonus" into Bitcoin now just in case it really does go to $1 million a coin someday - which it could easily do with just 32MB blocks, and no modifications to the code (ie, no SegWit, no BU, no nuthin', just a slowly growing blocksize supporting a price growing roughly proportional to the square of the blocksize - like Bitcoin always actually did before the economically illiterate devs at Blockstream imposed their centrally planned blocksize on our previously decentralized system). Meanwhile, other people at AXA and other major finance firms might be taking a different tack: happy to see all the disinfo and discord being sown among the Bitcoin community like they've been doing since they were founded in late 2014 - buying out all the devs, dumbing down the community to the point where now even the CTO of Blockstream Greg Mawxell gets the whitepaper totally backwards. Maybe Core/Blockstream's failure-to-scale is a feature not a bug - for companies like AXA. After all, AXA - like most of the major banks in the Europe and the US - are now basically totally dependent on debt and derivatives to pretend they're not already bankrupt. Maybe Blockstream's dead-end road-map (written up by none other than Greg Maxwell), which has been slowly strangling Bitcoin for over two years now - and which could ultimately destroy Bitcoin via the poison pill of Core/Blockstream's SegWit trojan horse - maybe all this never-ending history of obstrution and foot-dragging and lying and failure from Blockstream is actually a feature and not a bug, as far as AXA and their banking buddies are concerned.
The insurance company with the biggest exposure to the 1.2 quadrillion dollar (ie, 1200 TRILLION dollar) derivatives casino is AXA. Yeah, that AXA, the company whose CEO is head of the Bilderberg Group, and whose "venture capital" arm bought out Bitcoin development by "investing" in Blockstream.
If Bitcoin becomes a major currency, then tens of trillions of dollars on the "legacy ledger of fantasy fiat" will evaporate, destroying AXA, whose CEO is head of the Bilderbergers. This is the real reason why AXA bought Blockstream: to artificially suppress Bitcoin volume and price with 1MB blocks.
This trader's price & volume graph / model predicted that we should be over $10,000 USD/BTC by now. The model broke in late 2014 - when AXA-funded Blockstream was founded, and started spreading propaganda and crippleware, centrally imposing artificially tiny blocksize to suppress the volume & price.
"I'm angry about AXA scraping some counterfeit money out of their fraudulent empire to pay autistic lunatics millions of dollars to stall the biggest sociotechnological phenomenon since the internet and then blame me and people like me for being upset about it." ~ u/dresden_k
Bitcoin can go to 10,000 USD with 4 MB blocks, so it will go to 10,000 USD with 4 MB blocks. All the censorship & shilling on r\bitcoin & fantasy fiat from AXA can't stop that. BitcoinCORE might STALL at 1,000 USD and 1 MB blocks, but BITCOIN will SCALE to 10,000 USD and 4 MB blocks - and beyond
AXA/Blockstream are suppressing Bitcoin price at 1000 bits = 1 USD. If 1 bit = 1 USD, then Bitcoin's market cap would be 15 trillion USD - close to the 82 trillion USD of "money" in the world. With Bitcoin Unlimited, we can get to 1 bit = 1 USD on-chain with 32MB blocksize ("Million-Dollar Bitcoin")
Greg Maxwell has now publicly confessed that he is engaging in deliberate market manipulation to artificially suppress Bitcoin adoption and price. He could be doing this so that he and his associates can continue to accumulate while the price is still low (1 BTC = $570, ie 1 USD can buy 1750 "bits")
Why did Blockstream CTO u/nullc Greg Maxwell risk being exposed as a fraud, by lying about basic math? He tried to convince people that Bitcoin does not obey Metcalfe's Law (claiming that Bitcoin price & volume are not correlated, when they obviously are). Why is this lie so precious to him?
https://www.reddit.com/btc/comments/57dsgz/why_did_blockstream_cto_unullc_greg_maxwell_risk/ I don't know how a so-called Bitcoin dev can sleep at night knowing he's getting paid by fucking AXA - a company that would probably go bankrupt if Bitcoin becomes a major world currency. Greg must have to go through some pretty complicated mental gymastics to justify in his mind what everyone else can see: he is a fucking sellout to one of the biggest fiat finance firms in the world - he's getting paid by (and defending) a company which would probably go bankrupt if Bitcoin ever achieved multi-trillion dollar market cap. Greg is literally getting paid by the second-most-connected "systemically important" (ie, "too big to fail") finance firm in the world - which will probably go bankrupt if Bitcoin were ever to assume its rightful place as a major currency with total market cap measured in the tens of trillions of dollars, destroying most of the toxic sludge of debt and derivatives keeping a bank financial giant like AXA afloat. And it may at first sound batshit crazy (until You Do The Math), but Bitcoin actually really could go to one-million-dollars-a-coin in the next 8 years or so - without SegWit or BU or anything else - simply by continuing with Satoshi's original 32MB built-in blocksize limit and continuing to let miners keep blocks as small as possible to satisfy demand while avoiding orphans - a power which they've had this whole friggin' time and which they've been managing very well thank you.
Bitcoin Original: Reinstate Satoshi's original 32MB max blocksize. If actual blocks grow 54% per year (and price grows 1.542 = 2.37x per year - Metcalfe's Law), then in 8 years we'd have 32MB blocks, 100 txns/sec, 1 BTC = 1 million USD - 100% on-chain P2P cash, without SegWit/Lightning or Unlimited
https://np.reddit.com/btc/comments/5uljaf/bitcoin_original_reinstate_satoshis_original_32mb/ Meanwhile Greg continues to work for Blockstream which is getting tens of millions of dollars from a company which would go bankrupt if Bitcoin were to actually scale on-chain to 32MB blocks and 1 million dollars per coin without all of Greg's meddling. So Greg continues to get paid by AXA, spreading his ignorance about economics and his lies about Bitcoin on these forums. In the end, who knows what Greg's motivations are, or AXA's motivations are. But one thing we do know is this: Satoshi didn't put Greg Maxwell or AXA in charge of deciding the blocksize. The tricky part to understand about "one CPU, one vote" is that it does not mean there is some "pre-existing set of rules" which the miners somehow "enforce" (despite all the times when you hear some Core idiot using words like "consensus layer" or "enforcing the rules"). The tricky part about really understanding Bitcoin is this: Hashpower doesn't just enforce the rules - hashpower makes the rules. And if you think about it, this makes sense. It's the only way Bitcoin actually could be decentralized. It's kinda subtle - and it might be hard for someone to understand if they've been a slave to centralized authorities their whole life - but when we say that Bitcoin is "decentralized" then what it means is: We all make the rules. Because if hashpower doesn't make the rules - then you'd be right back where you started from, with some idiot like Greg Maxwell "making the rules" - or some corrupt too-big-to-fail bank debt-and-derivative-backed "fantasy fiat financial firm" like AXA making the rules - by buying out a dev team and telling us that that dev team "makes the rules". But fortunately, Greg's opinions and ignorance and lies don't matter anymore. Miners are waking up to the fact that they've always controlled the blocksize - and they always will control the blocksize - and there isn't a single goddamn thing Greg Maxwell or Blockstream or AXA can do to stop them from changing it - whether the miners end up using BU or Classic or BitcoinEC or they patch the code themselves.
The debate is not "SHOULD THE BLOCKSIZE BE 1MB VERSUS 1.7MB?". The debate is: "WHO SHOULD DECIDE THE BLOCKSIZE?" (1) Should an obsolete temporary anti-spam hack freeze blocks at 1MB? (2) Should a centralized dev team soft-fork the blocksize to 1.7MB? (3) OR SHOULD THE MARKET DECIDE THE BLOCKSIZE?
Core/Blockstream are now in the Kübler-Ross "Bargaining" phase - talking about "compromise". Sorry, but markets don't do "compromise". Markets do COMPETITION. Markets do winner-takes-all. The whitepaper doesn't talk about "compromise" - it says that 51% of the hashpower determines WHAT IS BITCOIN.
Clearing up Some Widespread Confusions about BU Core deliberately provides software with a blocksize policy pre-baked in. The ONLY thing BU-style software changes is that baking in. It refuses to bundle controversial blocksize policy in with the rest of the code it is offering. It unties the blocksize settings from the dev teams, so that you don't have to shop for both as a packaged unit. The idea is that you can now have Core software security without having to submit to Core blocksize policy. Running Core is like buying a Sony TV that only lets you watch Fox, because the other channels are locked away and you have to know how to solder a circuit board to see them. To change the channel, you as a layman would have to switch to a different TV made by some other manufacturer, who you may not think makes as reliable of TVs. This is because Sony believes people should only ever watch Fox "because there are dangerous channels out there" or "because since everyone needs to watch the same channel, it is our job to decide what that channel is." So the community is stuck with either watching Fox on their nice, reliable Sony TVs, or switching to all watching ABC on some more questionable TVs made by some new maker (like, in 2015 the XT team was the new maker and BIP101 was ABC). BU (and now Classic and BitcoinEC) shatters that whole bizarre paradigm. BU is a TV that lets you tune to any channel you want, at your own risk. The community is free to converge on any channel it wants to, and since everyone in this analogy wants to watch the same channel they will coordinate to find one.
Adjustable blocksize cap (ABC) is dangerous? The blocksize cap has always been user-adjustable. Core just has a really shitty inferface for it. What does it tell you that Core and its supporters are up in arms about a change that merely makes something more convenient for users and couldn't be prevented from happening anyway? Attacking the adjustable blocksize feature in BU and Classic as "dangerous" is a kind of trap, as it is an implicit admission that Bitcoin was being protected only by a small barrier of inconvenience, and a completely temporary one at that. If this was such a "danger" or such a vector for an "attack," how come we never heard about it before? Even if we accept the improbable premise that inconvenience is the great bastion holding Bitcoin together and the paternalistic premise that stakeholders need to be fed consensus using a spoon of inconvenience, we still must ask, who shall do the spoonfeeding? Core accepts these two amazing premises and further declares that Core alone shall be allowed to do the spoonfeeding. Or rather, if you really want to you can be spoonfed by other implementation clients like libbitcoin and btcd as long as they are all feeding you the same stances on controversial consensus settings as Core does. It is high time the community see central planning and abuse of power for what it is, and reject both:
Throw off central planning by removing petty "inconvenience walls" (such as baked-in, dev-recommended blocksize caps) that interfere with stakeholders coordinating choices amongst themselves on controversial matters ...
Make such abuse of power impossible by encouraging many competing implementations to grow and blossom
https://np.reddit.com/btc/comments/617gf9/adjustable_blocksize_cap_abc_is_dangerous_the/ So it's time for Blockstream CTO Greg Maxwell u/nullc to get over his delusions of grandeur - and to admit he's just another dev, with just another opinion. He also needs to look in the mirror and search his soul and confront the sad reality that he's basically turned into a sellout working for a shitty startup getting paid by the 5th (or 4th or 2nd) "most connected", "systemically important", "too-big-to-fail", debt-and-derivative-dependent multinational bank mega-insurance giant in the world AXA - a major fiat firm firm which is terrified of going bankrupt just like that other mega-insurnace firm AIG already almost did before the Fed rescued them in 2008 - a fiat finance firm which is probably very conflicted about Bitcoin, at the very least. Blockstream CTO Greg Maxwell is getting paid by the most systemically important bank mega-insurance giant in the world, sitting at the rotten "core" of the our civilization's corrupt, dying fiat cartel. Blockstream CTO Greg Maxwell is getting paid by a mega-bank mega-insurance company that will probably go bankrupt if and when Bitcoin ever gets a multi-trillion dollar market cap, which it can easily do with just 32MB blocks and no code changes at all from clueless meddling devs like him.
As a non-profit organization, UNICEF has also enabled web-mining through an opt-in process through which individuals can donate spare computational power, to contribute to specific charitable causes supported by such a large organisation. This process is completely transparent as opposed the pathway that was taken by PirateBay, whereby there was no option to not partake in the mining for the website. For non-profit organizations that choose to adopt this scheme, there comes an added benefit as by supporting cryptocurrencies and the mining there of, they have the chance to be exposed to, and therefore donated to by cryptocurrency advocates who in general would not initially opt to donate, but in exchange for the support, would be more inclined to. Over all, costs in terms of conversion/transferring fees to the countries/charities that are currently being supported by the non-profit organization can be cut down immensely if all payments are made through cryptocurrency, as it can be dealt within minutes and and the fees are almost non existent.
Salon Media Group offered users an opt-in ad replacement scheme, where once the user consents, they have chosen to ‘suppress’ the ads and instead, offer revenue through mining whilst using the website. There’s even a link on the Salon.com website explaining to users how the service works, offering solutions for refusing to opt-in, and why they chose to adopt the scheme. This is similar to the implementation of web-mining done by UNICEF, except the proceeds in this case go to the Salon Media Group.
Advantages and Disadvantages
Currently, there are a handful of companies that offer the services to enable web-mining. These include but are not limited to Coinhive (the suppliers for PirateBay), JSECoin, mining their own cryptocurrency, and Minergate who are considered to be the first to provide the service but with an unfortunately negative light (they introduce Trojans which insert the miner in users’ computers). Many of the available web miners also have the disadvantage of overburdening the user’s processing units. With Gath3r however, we believe in transparency, everything is made clear to both the owner and the end user through a pop-up allowing users to opt-in rather than be forced to mine without their permission. Moreover, Gath3r’s internal security features have been extensively tested to prove that there is no significant impact on devices ranging from laptops to smartphones and even gaming consoles. We also provide the added benefit of allowing payouts to be made either in Bitcoin, or if preferred in a local currency directly to your bank account (where permissible). In conclusion, web mining, whilst unfortunately holding a negative connotation, can actually be used by companies (if done so safely and transparently) in order to create increased revenue shares, ultimately ridding the need for advertisements and therefore clutter on websites.
Hot! Fortnite Gamers Targeted by Malware That Steals BTC Addresses
I was shocked when I read this today. Fortnite - one of the most popular games in the world now - gamers got scammed. Scammers using malware that targets the Bitcoin (BTC) wallet addresses, as Cybersecurity firm Malwarebytes said. How did it happen? So, thieves are sneaking malicious data theft code into downloads that apparently promise “free” season six Fortnite Android versions, among other “bogus cheats, wallhacks and aimbots.” So-called “free V-Bucks” – an in-game currency that can be used to purchase additional gaming content – also conceal malicious packages of code. The download links were shared via scammers youtube channels. Interesting? Next more! As investigation said, more than 1,200 downloads had already been completed. A file named “Trojan.Malpack,” was a data stealer targeting Bitcoin wallets. The file in question reportedly attempted to redirect the siphoned information “via a POST command to an /index.php file in the Russian Federation, courtesy of the IP address The crypt mining malware (cryptojacking – among hackers) is continuously rising. source: cointelegraph
Litecoin Finance / LTFN , a first hard fork of Litecoin / LTC
Litecoin Finance is a peer-to-peer Internet currency that enables instant, near-zero cost payments to anyone in the world. Litecoin Finance is an open source, global payment network that is fully decentralized without any central authorities. Mathematics secures the network and empowers individuals to control their own finances. Litecoin Finance features faster transaction confirmation times and improved storage efficiency than the leading math-based currency. With substantial industry support, trade volume and liquidity, Litecoin Finance is a proven medium of commerce complementary to Bitcoin. Litecoin Finance is an open source software project released under the MIT/X11 license which gives you the power to run, modify, and copy the software and to distribute, at your option, modified copies of the software. The software is released in a transparent process that allows for independent verification of binaries and their corresponding source code. The Litecoin Finance blockchain is capable of handling higher transaction volume than its counterpart - Bitcoin. Due to more frequent block generation, the network supports more transactions without a need to modify the software in the future. As a result, merchants get faster confirmation times, while still having ability to wait for more confirmations when selling bigger ticket items. Wallet encryption allows you to secure your wallet, so that you can view transactions and your account balance, but are required to enter your password before spending Litecoin Finances. This provides protection from wallet-stealing viruses and trojans as well as a sanity check before sending payments. Litecoin Finance is a CPU only mining algorithm called YescryptR32. Miners are currently awarded with 25 new Litecoin Finances per block, an amount which gets halved roughly every 4 years (every 840,000 blocks). The Litecoin Finance network is therefore scheduled to produce 94 million Litecoin Finance.
Litecoin Finance specifications: Name of the coin - LitecoinFinance Start fork block #1,550,000 Ticker LTFN Pow Algorithm: YescryptR32 P2P Port: 39328 RPC Port: 39327 Address letter prefix: C Multisig Address prefix: letter N Bech32 Address prefix: ltfn 2-way replay protection: Yes Maturity: 100 + 1 blocks Block maximum size: 8 mb Difficulty Re-target: Every block Maximum coin supply: 94m Network magic: a7b388e9 Postmine: 10m There is NO ICO
I think the Berlin Wall Principle will end up applying to Blockstream as well: (1) The Berlin Wall took *longer* than everyone expected to come tumbling down. (2) When it did finally come tumbling down, it happened *faster* than anyone expected (ie, in a matter of days) - and everyone was shocked.
Centralization is a double-edged sword. So far, centralization (and intertia, and laziness, and caution) has been favoring Blockstream. But if and when a congestion crisis comes, then the tide is gonna turn pretty quickly - and Blockstream's monopoly in terms of "code running on the network" is gonna evaporate quicker than anyone expected. How will this happen? Like this: Bitcoin is going to go into a crisis - not just the current agonizing slow-motion swamp of centralized fascist governance, but a real-time honking red alert involving a clogged-up network, with people freaking out screaming from the rooftops that millions of dollars in transactions are in limbo due to some pointless fucked-up 1 MB "blocksize limit". And at that point, people are going to get rid of the damn piece of broken cripple-code, immediately. End of story. Slow to crumble, fast to collapse Up till now, the Bitcoin governance crisis has been like slowly sinking into a swamp of quicksand. But once a real-time congestion crisis actually hits (and online forums become dominated by posts screaming "my transaction is stuck in limbo!!!"), then all the previous bullshit and bloviating from economic idiots about "fee markets" and "soft hard forks" or whatever other nonsense will be instantly forgotten. And at that point, there will be only 2 things that can happen:
Either Bitcoin dies, and $7 billion dollars in investor wealth evaporates into thin air; or
The simplest and safest "good enough" on-chain scaling upgrade gets rolled out ASAP - ie, we will get bigger blocks so fast it will make your head spin.
You don't need Blockstream - they need you When push comes to shove, people are going to remember pretty damn quick that open-source code is easy to patch. People are going to remember that you don't have to fly to meetings in Hong Kong or on some secret Caribbean island ... or post on Reddit for hours ... or spend hundreds of thousands of dollars on devs ... in order to simply change a constant in your code from 1000000 to 2000000. Eventually, we are going to remember what vote-with-your-CPU consensus looks like Remember all those hours you wasted on reddit? Remember all that time you wasted in some hidden downvoted sub-thread debating with some snarky little toxic troll who'd wandered over from a censored Milgram experiment forum full of brainwashed circlejerkers and foot-stomping fascists whose only adrenaline rush and power trip in life had evidently been when they would run around bloviating gibberish like "fee markets!" or "Austrian!" to the self-selected bunch of ignorant submissive sycophants who hadn't been banned from r\bitcoin yet? Well, when the real crisis hits, all that trivial online drama isn't going to matter any more. When the inevitable congestion crisis finally comes, it's only going to take a couple of mining pools plus a couple of exchanges to make a simple life-or-death business decision to un-install Blockstream's artificially crippled code and instead install code that has actually been upgraded to deal with the reality of mining and the marketplace - and then we're all going to see what actual vote-with-your-CPU consensus really looks like (instead of vote-with-your-sockpuppet pseudo-consensus on Reddit). This upgraded code could be Classic, or Unlimited, or even a modded version Core - it doesn't really matter. Code is code and money is money, and when push comes to shove, investors and miners aren't going to give a damn what some overpaid economic idiot from Blockstream said at some meeting in Hong Kong once, or what some fascist poisonous astroturfing shill-bot posted a million times on Reddit. Things usually move slow in Bitcoin-land - except when they move fast For an example of how fast the tide can turn, just look at a couple of major events from the past two days: (1) Coinbase is suddenly saying that:
Bitcoin looks a lot like hard-to-use antiquated assembly code - and Ethereum looks like an easy-to-use modern programming language;
Blockstream with its toxic, opaque and oppressive culture is scaring away all the new devs - who are flocking to alt-coins like Ethereum which has a healthy, transparent and welcoming culture.
Of course the good devs are flocking to Ethereum now. Any smart dev can see from a mile away that it would be suicide to try to contribute to Core/Blockstream - Blockstream don't want any new coders or new ideas, they are insular and insecure and they feel downright threatened by new coders with fresh ideas. They've shown this over and over again, eg:
when they repeatedly freaked out and went nuclear and refused to compromise whenever any dev made a simple safe scaling proposal, like 20 MB blocks, or 8 MB blocks, or 4 MB blocks, or 2 MB blocks, or Adaptive Blocks, etc etc.
scaring all the good devs and a lot of investors into alt-coins.
Blockstream has backed themselves into a corner At this point, people are starting to realize that Blockstream is a led by desperate and incompetent dead-enders. (There are some great coders over there such as Pieter Wuille - and Greg Maxwell is also a great Bitcoin coder, but he is toxic as a "leader".) Blockstream can't do capacity planning, they can't do threat assessment, they can't innovate, they can't prioritize, and they can't communicate. In the end, they're only destroying themselves - by censoring debate, and ostracizing existing innovators (eg, Mike Hearn and Gavin Andresen) - and scaring away potential new innovators. Remember, Blockstream != Bitcoin It's important to remember that Blockstream cannot destroy Bitcoin - any more than Mt Gox could. Once Blockstream is thoroughly discredited in the eyes of the Bitcoin community and the media, as "the company that almost strangled the Bitcoin network by trying to force blocks to be smaller than the average web page" - it's gonna be time for honey-badger jokes all over again. Blockstream's gargantuan conflicts-of-interest will be their downfall Blockstream is funded by insurance giant AXA - a company whose CEO is the head of the friggin' Bilderberg Group. (He's scheduled to move from CEO of AXA to CEO of HSBC soon. Out of the frying pan and into the fire.) AXA doesn't even want cryptocurrency to succeed anyways, because half of the 1 trillion dollars of so-called "assets" on their fraudulent balance sheet is actually nothing more than toxic debt-backed worthless derivatives garbage. (AXA has more derivatives than any other insurance company.) In other words, AXA's balance sheet will be exposed as worthless and the company will become insolvent (just like Lehman Brothers and AIG did in 2008) once real money like Bitcoin actually becomes dominant in the world economy - which will "uber" and knock down the whole teetering $1.2 quadrillion derivatives casino. Hmm... AIG... a giant insurance group whose alleged "assets" turned out to be just a worthless pile of toxic debt-backed derivatives on the legacy ledger of fantasy fiat, AIG who triggered the 2008 financial near-meltdown... Who does AIG remind me of... Oh yeah AXA... So let's put AXA in charge of paying for Bitcoin development! What could possibly go wrong?!? Blockstream's owners HATE Bitcoin Never forget:
This is the probably the most gigantic CONFLICT OF INTEREST in the history of economics. And it's something to think about, as we sit here wondering for years why Blockstream is not only failing to scale Bitcoin - but it's also actively trying to SABOTAGE anyone ELSE who tries to scale Bitcoin as well. So, be patient - and optimistic Viewed from one perspective, the fact that this blocksize battle has dragged on for years can be very depressing. But, viewed from another perspective, the fact that it's still going on is positive - because, for example, nobody really dares to say anymore that "blocks should be 1 MB" - since repeated studies have shown that the current hardware and infrastructure could easily handle 3-4 MB blocks, and Core/Blockstream's own precious SegWit soft-fork is going to need 3-4 MB blocks anyways. Plus, the only "strengths" that Blockstream had on its side actually turn out to be pretty weak upon closer scrutiny (money from investors like AXA who hate cryptocurrency, censorship from domain squatters who only know how to destroy communities, snark from sockpuppets who can't argue their way out of a wet paper bag on uncensored forums). In fact, if you were part of Blockstream, you'd be pretty demoralized that a rag-tag bunch of big-blocks supporters has been chipping away at you for the past few years, creating new forums, creating new coins, creating new products and services, exposing the economic ignorance of small-block dead-enders - and all the while, Blockstream hasn't been able to deliver on any of its so-called scaling roadmap. If it hadn't been for a few historical accidents (cheap energy behind the Great Firewall of China, plus the other "linguistic" firewall that has prevented many people in the Chinese-speaking community from seeing how much of the community actually rejects Blockstream, plus the other accidental fact that bigger blocks involve generalizing Bitcoin, which mathematically happens to require a hard fork), then Blockstream would not have been able to control Bitcoin development as long as it has. Yeah, they have done routine maintenance stuff and efficiency upgrades, like rewriting libsecp256k, which is great, and much appreciated - and Pieter Wuille's SegWit would be a great refactoring and clean-up of the code (if we don't let Luke-Jr poison it by packaging it as a soft-fork) - but the network also needs some simple, safe scaling. And the network is going to get simple, safe scaling - whenever it decides that it really, really wants it. And there's nothing that Blockstream can do to block that.
Litecoin Finance / LTFN , a fork of Litecoin / LTC
Litecoin Finance is a peer-to-peer Internet currency that enables instant, near-zero cost payments to anyone in the world. Litecoin Finance is an open source, global payment network that is fully decentralized without any central authorities. Mathematics secures the network and empowers individuals to control their own finances. Litecoin Finance features faster transaction confirmation times and improved storage efficiency than the leading math-based currency. With substantial industry support, trade volume and liquidity, Litecoin Finance is a proven medium of commerce complementary to Bitcoin. Up-to-date network statistics can be found at Litecoin Finance Block Explorer Charts. Source code for Litecoin Finance Core and related projects are available on GitHub. Litecoin Finance is an open source software project released under the MIT/X11 license which gives you the power to run, modify, and copy the software and to distribute, at your option, modified copies of the software. The software is released in a transparent process that allows for independent verification of binaries and their corresponding source code. The Litecoin Finance blockchain is capable of handling higher transaction volume than its counterpart - Bitcoin. Due to more frequent block generation, the network supports more transactions without a need to modify the software in the future. As a result, merchants get faster confirmation times, while still having ability to wait for more confirmations when selling bigger ticket items. Wallet encryption allows you to secure your wallet, so that you can view transactions and your account balance, but are required to enter your password before spending Litecoin Finances. This provides protection from wallet-stealing viruses and trojans as well as a sanity check before sending payments. Litecoin Finance is a CPU only mining algorithm called YescryptR32. Miners are currently awarded with 25 new Litecoin Finances per block, an amount which gets halved roughly every 4 years (every 840,000 blocks). The Litecoin Finance network is therefore scheduled to produce 94 million Litecoin Finance.
Litecoin Finance specifications: Name of the coin - LitecoinFinance Start fork block #1,550,000 Ticker LTFN Pow Algorithm: YescryptR32 P2P Port: 39328 RPC Port: 39327 Address letter prefix: C Multisig Address prefix: letter N Bech32 Address prefix: ltfn 2-way replay protection: Yes Maturity: 100 + 1 blocks Block maximum size: 8 mb Difficulty Re-target: Every block Maximum coin supply: 94m Network magic: a7b388e9 Postmine: 10m There is NO ICO
So you think you know about BTC? Everyone who is interested in BTC should read this...
fyi - the use of the word "scheme" is not used negatively! BASIC FEATURES Bitcoin is probably the most successful — and probably most controversial — virtual currency scheme to date. Designed and implemented by the Japanese programmer Satoshi Nakamoto in 2009, the scheme is based on a peer-to-peer network similar to BitTorrent, operating at a global level and used as a currency for all kinds of transactions (for both virtual and real goods and services). It thereby competes with official currencies like the euro or US dollar. The scheme maintains a database that lists product and service providers which currently accept Bitcoins. These products and services range from intemet services and online products to material goods and professional or travel/tourism services. Bitcoins are divisible to eight decimal places enabling their use in any kind of transaction, regardless of the value. Although Bitcoin is a virtual currency scheme, it has certain innovations that make its use more similar to conventional money. Bitcoins are not pegged to any real-world currency. The exchange rate is determined by supply and demand in the market. There are several exchange platforms for buying Bitcoins that operate in real time. Mt.Gox is the most widely used currency exchange platform and allows users to trade US dollars for Bitcoins and vice versa. As previously stated, Bitcoin is based on a decentralised, peer- to-peer (P2P) network, i.e. it does not have a central clearing house, nor are there any ﬁnancial or other institutions involved in the transactions. Bitcoin users perform these tasks themselves. In the same vein, there is no central authority in charge of the money supply. In order to start using Bitcoins, users need to download the free and open-source software. Purchased Bitcoins are thereafter stored in a digital wallet on the user’s computer. Users have several incentives to use Bitcoins. Firstly, transactions are anonymous, as accounts are not registered and Bitcoins are sent directly from one computer to another. Also, users have the possibility of generating multiple Bitcoin addresses to differentiate or isolate transactions. Secondly, transactions are carried out faster and more cheaply than with traditional means of payment. Transactions fees, if any, are very low and no bank account fee is charged. ECONOMIC FOUNDATIONS OF BITCOIN The theoretical roots of Bitcoin can be found in the Austrian school of economics and its criticism of the current ﬁat money system and interventions undertaken by governments and other agencies, which, in their view, result in exacerbated business cycles and massive inﬂation. The following ideas are generally shared by Bitcoin and its supporters: — They see Bitcoin as a good starting point to end the monopoly central banks have in the issuance of money. — They strongly criticise the current fractional-reserve banking system whereby banks can extend their credit supply above their actual reserves and, simultaneously, depositors can withdraw their funds in their current accounts at any time. — The scheme is inspired by the former gold standard. TECHNICAL DESCRIPTION OF BITCOIN The technical aspects of this system are complex and not easy to understand without a sound technical background. Therefore, a comprehensive explanation of the underlying technical mechanism of Bitcoin lies outside the scope of this report. This section aims simply to provide a basic description of the functioning of this virtual currency scheme. According to the founder, Nakamoto (2009), an electronic coin can be deﬁned as a chain of digital signatures. Each owner of the currency (P') has a pair of keys, one public and one private. These keys are saved locally in a ﬁle and, consequently, a loss or deletion of the ﬁle would mean that all Bitcoins associated with it are lost as well. A simpliﬁed illustration of a chain of transactions from one node to another can be found here. The virtual coin shown in the picture is the same one, but at different points in time. To initiate the transaction, the future owner P‘ has to ﬁrst send his public key to the original owner P0. This owner transfers the Bitcoins by digitally signing a hash6 of the previous transaction and the public key of the future owner. Every single Bitcoin carries the entire history of the transactions it has undergone, and any transfer from one owner to another becomes part of the code. The Bitcoin is stored in such a way that the new owner is the only person allowed to spend it. All signed transactions are then sent to the network, which means that all transactions are public transactions, although no information is given regarding the involved parties. The key issue to be addressed by the system is the avoidance of double spending, i.e. how to prevent a coin being copied or forged, especially considering there is no intermediary validating the transactions. The solution implemented is based on the concept of a “time stamp”, which is an online mechanism used to ensure that a series of data have existed and have not been altered since a speciﬁc point in time, in order to get into the hash. Each time stamp includes the previous time stamp in its hash, forming a chain of ownership. By broadcasting the new transactions, the network can verify them. The systems that validate the transactions are called “miners” — essentially these are extremely fast computers in the Bitcoin network which are able to perform complex mathematical calculations that aim to verify the validity of transactions. The people who use their systems to undertake this mining activity do so on a voluntary basis, but they are rewarded with 50 newly created Bitcoins every time their system ﬁnds a solution. “Mining” is therefore the process of validating transactions by using computing power to ﬁnd valid blocks (i.e. to solve complicated mathematical problems) and is the only way to create new money in the Bitcoin scheme. According to Nakamoto (2009): “if a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or by using it to generate new coins. He ought to ﬁnd it more proﬁtable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth”. MONETARY ASPECTS OF BITCOIN The Bitcoin scheme is designed as a decentralised system where no central monetary authority is involved. Bitcoins can be bought on different platforms. However, new money is created and introduced into the system only via the above-mentioned mining activity, i.e. by rewarding the “miners” who perform the crucial role of validating all transactions made, with new Bitcoins. Therefore, the supply of money does not depend on the monetary policy of any virtual central bank, but rather evolves based on interested users performing a speciﬁc activity. According to Bitcoin, the scheme has been technically designed in such a way that the money supply will develop at a predictable pace The algorithms to be solved (i.e. the new blocks to be discovered) in order to receive newly created Bitcoins become more and more complex (more computing resources are needed). As explained on its website} the rate of block creation is approximately constant over time: six per hour, one every ten minutes. However, the number of Bitcoins generated per block is set to decrease geometrically, with a 50% reduction every four years. The result is that the number of Bitcoins in existence will reach 21 million in around 2040. From this point onwards, miners are expected to ﬁnance themselves via transaction fees. In fact, this kind of fee can already be charged by a miner when creating a block. The fact that the supply of money is clearly determined implies that, in theory, the issuance of money cannot be altered by any central authority or participant wanting to “print” extra money. According to Bitcoin supporters, the system is supposed to avoid inﬂation, as well as the business cycles originating from extensive money creation. However, the system has been accused of leading to a deﬂationary spiral. The total supply of Bitcoins is expected to grow geometrically until it reaches a ﬁnite limit of 21 million. If, however, the number of Bitcoin users starts growing exponentially for any reason, and assuming that the velocity of money does not increase proportionally, a long-term appreciation of the currency can be expected or, in other words, a depreciation of the prices of the goods and services quoted in Bitcoins. People would have a great incentive to hold Bitcoins and delay their consumption, thereby exacerbating the deﬂationary spiral. The extent to which this could be a problem in reality is not clear. Two remarks should be made. Firstly, the deﬂation hypothesis entails an assumption which is not realistic at this stage, i.e. that many more people will want to receive Bitcoins in return for goods or in exchange for paper money. However, Bitcoin is still quite immature and illiquid which is a clear disincentive for its use. Secondly, Bitcoinis not the currency of a country or currency area and is therefore not directly linked to the goods and services produced in a speciﬁc economy, but linked to the goods and services provided by merchants who accept Bitcoins. These merchants may also accept another currency (e. g. US dollars) and therefore, the fact that deﬂation is anticipated could give rise to a situation where merchants adapt the prices of their goods and services in Bitcoins. SECURITY INCIDENTS AND NEGATIVE PRESS From time to time, Bitcoin is surrounded by controversy. Sometimes it is linked to its potential for becoming a suitable monetary alternative for drug dealing and money laundering, as a result of the high degree of anonymity.“ On other occasions, users have claimed to have suffered a substantial theft of Bitcoins through a Trojan that gained access to their computer.” The Electronic Frontier Foundation, which is an organisation that seeks to defend freedom in the digital world, decided not to accept donations in Bitcoins anymore. However, practically identical problems can also occur when using cash, thus Bitcoin can be considered to be another variety of cash, i.e. digital cash. Cash can be used for drug dealing and money laundering too; cash can also be stolen, not from a digital wallet, but from a physical one; and cash can also be used for tax evasion purposes. The question is not so much related to the format of money as such (physical or digital), but rather to the use people make of it. Nevertheless, if the use of digital money in itself complicates investigations and law enforcement, special requirements may be needed. Therefore, the real dimension of all these controversies still needs to be further analysed. Bitcoin has also featured in the news, in particular following a cyberattack perpetrated on 20 June 2011, which managed to knock the value of the currency down from USD 17.50 to USD 0.01 within minutes. Apparently, around 400,000 Bitcoins (worth almost USD 9 million) were involved. According to currency exchange Mt.Gox, one account with a lot of Bitcoins was compromised and whoever stole it (using a Hong Kong based IP to login) ﬁrst sold all the Bitcoins in there, only to buy them back again immediately afterwards, with the intention of withdrawing the coins. The USD 1,000/ day withdrawal limit was active for this account and the hacker was only able to exchange USD 1,000 worth of Bitcoins. Apart from this, no other accounts were compromised, and nothing was lost. This chart shows the evolution of Bitcoin’s exchange rate on the Mt.Gox exchange platform during the hours of the incident, and is also the expression of how an immature and illiquid currency can almost completely disappear within minutes, causing panic to thousands of users. The problem was related to a particular trading platform — Mt.Gox — which did not have strong enough security measures. In a more recent case (May 2012), the exchange platform Bitcoinica lost 18,547 Bitcoins from its deposits following a cyberattack, in which sensitive customer data might also have been obtained.” A PONZI SCHEME? Another recurrent issue is whether Bitcoin works like a Ponzi scheme or not. The US Securities and Exchange Commission deﬁnes a Ponzi scheme in the following terms: "A Ponzi scheme is an investment fraud that involves the payment of purported returns to existing investors from funds contributed by new investors. Ponzi scheme organizers often solicit new investors by promising to invest funds in opportunities claimed to generate high returns with little or no risk. In many Ponzi schemes, the fraudsters focus on attracting new money to make promised payments to earlier-stage investors and to use for personal expenses, instead of engaging in any legitimate investment activity.“ On the one hand, the Bitcoin scheme is a decentralised system where — at least in theory — there is no central organiser that can undermine the system and disappear with its funds. Bitcoin users buy and sell the currency among themselves without any kind of intermediation and therefore, it seems that nobody beneﬁts from the system, apart from those who beneﬁt from the exchange rate evolution (just as in any other currency trade) or those who are hard-working “miners” and are therefore rewarded for their contribution to the security and conﬁdence in the system as a whole. Moreover, the scheme does not promise high returns to anybody. Although some Bitcoin users may try to proﬁt from exchange rate ﬂuctuations, Bitcoins are not intended to be an investment vehicle, just a medium of exchange. “Bitcoin is an experiment. Treat it like you would treat a promising internet start-up company: maybe it will change the world, but realise that investing your money or time in new ideas is always risky." However, it is also true that the system demonstrates a clear case of information asymmetry. It is complex and therefore not easy for all potential users to understand. At the same time, however, users can easily download the application and start using it even if they do not actually know how the system works and which risks they are actually taking. Therefore, although the current knowledge base does not make it easy to assess whether or not the Bitcoin system actually works like a pyramid or Ponzi scheme, it can justiﬁably be stated that Bitcoin is a high-risk system for its users from a ﬁnancial perspective, and that it could collapse if people try to get out of the system and are not able to do so because of its illiquidity. WOOOHOOO KNOWLEDGE=POWER Thanks to... Source: ECB Europa - Virtual Currency Schemes 2012
This is an automatic summary, original reduced by 50%.
The bad actors behind a new malware contagion are exploiting the desperation of American college graduates looking for relief from their student debt, according to a Symantec report. A number of spam campaigns offering to provide relief to college graduates needing to pay off their student loans delivers instead Ascesso malware, a trojan first detected by Symantec in 2001 that uses rootkit techniques, injects code into services. Unsuspecting recipients are duped by the enticing offer appearing as a response to an inquiry the target allegedly made communicating with a student debt forgiveness program. "The student loan scam spam comes in a variety of forms but typically offers a reduction in student debt, consolidation of debt, or student loan forgiveness," according to the Symantec report. Symantec reported that it has detected several variants of this malware family with "Extended capabilities to download additional malicious plugin components." These add-ons enable further crimeware activities, including the downloading of different malwares, distributed denial of service attacks, Bitcoin mining, click fraud and data stealing, Symantec wrote. Experts advise that graduates should look only to U.S. government student loan forgiveness programs, as these don't ask for fees.
Summary Source | FAQ | Theory | Feedback | Topfivekeywords: student#1Symantec#2loan#3debt#4malware#5 Post found in /news. NOTICE: This thread is for discussing the submission topic. Please do not discuss the concept of the autotldr bot here.
You need to pick your focus area. What do you want to do? Penetration testing? Encryption? Malware analysis? Forensics? Underground intelligence? Counter-espionage? Then you need to find mentors and coaches. The easiest way to do this is via online forums dedicated to your focus area. For example, check forum.infosecmentors.com.
SANS has some great online resources for people starting up in this area: check them out.
It's trivial to modify existing malware so that traditional antivirus programs won't detect it any more. It only takes couple of minutes.
That's why antivirus programs have been moving towards behaviour-based detection models as well as towards reputation-based detection models.
Do note that testing behaviour-based blocking is hard. That's why it's misleading when people post links to sites such as Virustotal as evidence that particular file is 'not detected by AVs'. There's no way to know if a particular antivirus would have blocked the file, unless you would try to run it.
"As far as we can see, this program has never been executed by anyone else anywhere. You are the first person on the planet to run this file. This is highly unusual. We will block this file, even though we can't find any known malware from the file"
The only problem with this scenario are software developers, who compile their own programs. They obviously are the first persons on the planet to run a particular program - as they made it themselves! They can easily whitelist their output folder to avoid this problem though.
People use Tor for surfing the normal web anonymized, and they use Tor Hidden Service for running websites that are only accessible for Tor users.
Both Tor use cases can be targeted by various kinds of attacks. Just like anywhere else, there is no absolute security in Tor either.
I guess the takedown showed more about capabilities of current law enforcement than anything else.
I use Tor regularily to gain access to sites in the Tor Hidden Service, but for proteting my own privacy, I don't rely on Tor. I use VPNs instead. In addition to providing you an exit node from another location, VPNs also encrypt your traffic. However, Tor is free and it's open source. Most VPNs are closed source, and you have to pay for them. And you have to rely on the VPN provider, so choose carefully. We have a VPN product of our own, which is what I use.
The operating systems on our current phones (and tablets) are clearly more secure than the operating systems on our computers. That's mostly because they are much more restricted.
Windows Phones and iOS devices don't have a real malware problem (they still have to worry about things like phishing though). Android is the only smartphone platform that has real-world malware for it (but most of that is found in China and is coming from 3rd party app stores).
It is interesting the Android is the first Linux distribution to have a real-world malware problem.
There are different problems: problems with security and problems with privacy. Security problems come from criminals who do break the law and who directly try to steal from you with attacks like banking trojans or credit card keyloggers. Blanket surveillance of the internet also affects us all. But comparing these threats to each other is hard.
The idea of a 'good virus' has been discussed to death already years ago. The consensus is that anything good that could be done with self-replicating code could be done better without the replication.
Most mobile malware IS written for Linux, since most smartphones run Linux.
So first and foremost, it's a question of market shares.
After that it's a question of attacker skillsets. If the attackers have been writing Windows malware since Windows XP, they aren't likely to stop and switch easily to OS X or Linux unless they have to. And they don't have to.
Nobody was withholding detection. Everybody detected all Regin-related files they had, and protected the end users. Which one would you rather have us to do? Sign an NDA, get the samples and protect our users? Or not sign the NDA and not protect our users.
Some people will always say this. But they are always the people who haven't really thought it through.
If you have nothing to hide, you can't keep a secret. If you have nothing to hide, show me your search history. If you have nothing to hide, give me your password. If you have nothing to hide, I can't trust you.
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of "Bitcoin virus" malware on your mobile device. This feature targets the ‘less reputable’ sources that infect sites or online ads with crypto-mining code, which executes stealthily after loading in the victim’s browser. Eric Lawrence, Microsoft Principal Program Manager, claims that the new Microsoft Edge blocker will be superior to the cloud-based anti-phishing and anti-malware ... Bitcoin’s Realized Cap Adds $43 Billion Since the 2017 Peak to Hit A New ATH; A 60% Increase While the price of bitcoin is struggling around $10,000, although still holding strong to the key psychological level, Bitcoin realized its cap has hit an all-time high. Compared to the $197 billion jsecoin.com is a service that suggest mining own jsecoin crypto currency. minergate.com is one of the first such services. It offers combined mining, that is both cloud mining and the use of software for hidden mining (in fact, it is about introducing Trojan, which starts the mining process, into users’ computers). Adobe Flash Player Exploit Could Be Used to Install BitCoinMiner Trojan prevent the misuse of the popular software for installing backdoors, trojans andAfter we send the request watch what’s happening in your terminal. b>Bitcoin mining Trojan source code. Run a scan with HitmanPro to remove remnants of the Trojan.BitcoinMiner
Set 2-Get gold, Silver or Bitcoin or alt coins mining package with credit card, bank wrier Bitcoin Need my help? Here is how to get in touch: ... The Wall Street Code VPRO documentary 2013 ... You will get a reward if you use the code THWVDKOK on the app. The app just mines bitcoins for you for free and then you can cash them in. https://play.googl...