11 Best Bitcoin Mining Software 2020 (Mac, Windows, Linux)

Discord Log from Ravencoin Open Developer Meeting - Oct 19, 2018

RavencoinDev - Today at 2:03 PM
Hello Everybody, sorry we're getting started a couple of minutes late today.Today we wanted to make sure that everybody was aware of the Bug Bounty program and discuss it.Has everybody seen the information at https://github.com/RavenProject/Ravencoin/wiki?GitHubRavenProject/RavencoinProject staging tree. Contribute to RavenProject/Ravencoin development by creating an account on GitHub.📷

Hans_Schmidt - Today at 2:06 PM

Yes. I'm working on it...📷1

RavencoinDev - Today at 2:07 PM

I have seen that @Hans_Schmidt Thank you for really digging into the code. You have found some really good ones.Did you get an address posted in the issues so we can reward you for your efforts?

Hans_Schmidt - Today at 2:08 PM

Yes I sent it to Tron and blondfrogs. Thanks.

[Dev] Blondfrogs - Today at 2:08 PM

I got hans address, and updated the wiki accordingly

RavencoinDev - Today at 2:09 PM

Nice! thanks guys, we'll get that sent out today.

brianmct - Today at 2:09 PM

Wow that's a lot of RVN!

Hans_Schmidt - Today at 2:09 PM

The next one is proving harder to find. That is a good thing 📷

[Dev] Blondfrogs - Today at 2:09 PM

Please @Scotty and @Hans_Schmidt look at the wiki, and make sure the address next to the issues you created is the correct address where you would like payment.(edited)

MSFTserver-mine more @ MinerMore - Today at 2:09 PM

just a heads up im renaming this channel to just development meetings

RavencoinDev - Today at 2:09 PM

We feel it's worth the amount for sure to find and fix those type of issues.

brianmct - Today at 2:10 PM

Probably shouldn't keep the addresses on the wiki, since it's publicly editable?

RavencoinDev - Today at 2:10 PM

@MSFTserver-mine more @ MinerMore okay

[Dev] Blondfrogs - Today at 2:11 PM

We will look into the github wiki permissionsand verify addresses before sending payment

RavencoinDev - Today at 2:11 PM

Thats a good point, and reach out to the individuals directly to ensure it's their correct address.

brianmct - Today at 2:12 PM

Actually it's not publicly editable. My bad. Still good to confirm directly though

RavencoinDev - Today at 2:12 PM

Yes

brianmct - Today at 2:12 PM

Probably have people put their address on the issue when reporting it

[Dev] Blondfrogs - Today at 2:12 PM

^^

brianmct - Today at 2:12 PM

Don't want any MITM attacks :P

RavencoinDev - Today at 2:13 PM

No we don't.

Chatturga - Today at 2:13 PM

Putting a public address out there is asking to get sent certain asset tokens when it goes live. 📷📷1

RavencoinDev - Today at 2:13 PM

Any questions about the issues that were found thus far?

Hans_Schmidt - Today at 2:14 PM

I verified that my address is correct.

[Dev] Blondfrogs - Today at 2:14 PM

Thanks

Hans_Schmidt - Today at 2:15 PM

Will you send a dust send first to verify (for bitcoin we do that as standard procedure for large amounts)

[Dev] Blondfrogs - Today at 2:15 PM

Yes, that is the process we follow also

Hans_Schmidt - Today at 2:15 PM

sounds good

RavencoinDev - Today at 2:16 PM

Just an FYI some of the developers were at the Free State Blockchain conference last week.We also spoke at the MIT Business schoolIt was great to see our community members there!

UserJonPizza™FlyToTheNorthRaven - Today at 2:17 PM

Are you guys 100% on the 31st? Ik prob been asked a million times but...

RavencoinDev - Today at 2:18 PM

Thanks to all that helped with the conference.📷1

[Dev] Blondfrogs - Today at 2:18 PM

The current code base will start voting on the 31st.

Chatturga - Today at 2:18 PM

Yes Its in the code.

RavencoinDev - Today at 2:18 PM

Any other questions about the Bug Bounty?

Hans_Schmidt - Today at 2:19 PM

What's the plan for next formal release?

[Dev] Blondfrogs - Today at 2:20 PM

Should be early next week, we are planning a 2.1.1 release, with the latest bug fixes in it.We thought we would give it a couple more days to see if any additional bugs are found.

RavencoinDev - Today at 2:21 PM

Agreed, there will be one more binary release before the end of the month.

[Master] Roshii - Today at 2:21 PM

Sorry late again

Hans_Schmidt - Today at 2:21 PM

I'm not pushing for the release, just asking. I prefer to have a few days to see if I can get my next attack attempt to work

SpyderDev - Today at 2:22 PM

@[Master] Roshii - were your ears burning?

[Dev] Blondfrogs - Today at 2:22 PM

Yep. You got it, keep attacking the chain!

RavencoinDev - Today at 2:23 PM

Yes please we would encourage everybody to help us find additional chain splitting or consensus defects.Other defects are also welcome, just not part of the bounty at this point.

Hans_Schmidt - Today at 2:24 PM

It would be helpful to know if someone is methodically verifying that the fixes work and also cover the minor variations, because I am not doing that.

[Dev] Blondfrogs - Today at 2:25 PM

Yes. I am personally verifying all bug fixes, and so are the other developers

SpyderDev - Today at 2:25 PM

We are also creatimg tests for them.

Hans_Schmidt - Today at 2:25 PM

Like I payed unique asset creation into the wrong burn address. But there are other variations. Your fix looks like it covers it all.

[Dev] Blondfrogs - Today at 2:26 PM

That is correct. We appreciate the bugs found and expand off of them to fix all other small variations of them.

Hans_Schmidt - Today at 2:26 PM

Great. I focus on new angles.

[Dev] Blondfrogs - Today at 2:26 PM

Prefect!

SpyderDev - Today at 2:26 PM

Please

Chatturga - Today at 2:27 PM

test 

RavencoinDev - Today at 2:27 PM

@Tron isn't able to be here but he wanted me to share this.
Hi All. I’m sorry I’m not able to make it to this development discussion. I’ve been invited to be on a Cryptocurrency and ICO/STO panel at the Federal Bar Council Fall Retreat. I've been informed that many of the attendees are judges from the Second Circuit Court of Appeals which is the Circuit Court for the state of NY. These presidentially appointed judges are just below the US Supreme Court and before whom the SEC and CFTC would be mere litigants. I’m on the panel with some heavyweight crypto and securities attorneys and my role will be talking primarily about the technology (blockchain, tokenized assets, smart contracts, etc.) while allowing the other distinguished panelists to address the legal aspects of this new technology. This is an amazing opportunity to introduce the audience to the best aspects of crypto-currencies and crypto-assets. 
📷4

Pathfinder - Today at 2:28 PM

wow that's awesome

SpyderDev - Today at 2:28 PM

We are all hoping @Tron will not get arrested.

mapple - Today at 2:28 PM

yesand yes to the not arrested :))

RavencoinDev - Today at 2:29 PM

I told him the mask thing was probably a bad idea for that event...

Hans_Schmidt - Today at 2:29 PM

The Raven mask or the Guy Falkes?

RavencoinDev - Today at 2:29 PM

We need a Tron with judges Meme @PathfinderYes to both.

Skan - Today at 2:29 PM

ITS A TRAP

RavencoinDev - Today at 2:30 PM

LOL

Hans_Schmidt - Today at 2:30 PM

A Tron Trap?

mapple - Today at 2:30 PM

i was asked on telegram a few days ago about timeframes for all phases (currently announced) to be completed - are there estimates I've missed?I've properly looked through githubi've not lol

RavencoinDev - Today at 2:31 PM

We are hoping to complete the remaining phases by the end of Q1 but have provided no hard dates.

mapple - Today at 2:32 PM

OK - so march 2019 estimate if anyone asks again would be fair at the moment

RavencoinDev - Today at 2:33 PM

One of the topics I would like to cover for all our web developers is the ravencoin.com website.

gwrg - Today at 2:33 PM

Does it include Phase 7 which was added recently?

RavencoinDev - Today at 2:34 PM

That's not been fully thought through to this point so it's not likely.I wanted to make sure you all knew that Ravencoin.com is a community website, the source is posted and web developers are free to submit pull requests to make changes.

Vincent - Today at 2:35 PM

Chatturga had mentioned a plan to somehow modify the asset creation cost in the future...is that part of the qtr 1 plan?

RavencoinDev - Today at 2:36 PM

We'll be watching closely how the asset creation and RVN burn goes once it goes live.

Chatturga - Today at 2:37 PM

I did say that the rate is 500 RVN for now so that actual data can be gathered, which can then be applied to proposed changes. Speculative data just isnt enough.(edited)

RavencoinDev - Today at 2:37 PM

Anywho... The source for the Website is at https://github.com/RavenProject/ravenproject.github.ioGitHubRavenProject/ravenproject.github.ioRaven Project Website. Contribute to RavenProject/ravenproject.github.io development by creating an account on GitHub.📷

Pathfinder - Today at 2:37 PM

https://i.imgflip.com/2kieyw.jpg📷

SpyderDev - Today at 2:38 PM

LOL

Pathfinder - Today at 2:38 PM

Tron's in there. Just have to look hard (like finding Waldo)

RavencoinDev - Today at 2:38 PM

@Pathfinder You are the best, I'm just saying....

Vincent - Today at 2:38 PM

i understand but pure economics will go into play. i will not harp on it here...there is plenty of time for this

Skan - Today at 2:38 PM

Ok good to know @ website, will spread that info

Vincent - Today at 2:38 PM

obvious my soapbox

RavencoinDev - Today at 2:39 PM

Thanks Skan!📷1Any questions about Ravencoin.com?

Hans_Schmidt - Today at 2:40 PM

I come to these meetings for @Pathfinder memes(edited)

RavencoinDev - Today at 2:40 PM

SO DO I!If I say no will you delete your post?(edited)📷Actually, if we don't have any further questions about the website that would be a great topic.

[Dev] Blondfrogs - Today at 2:43 PM

1

RavencoinDev - Today at 2:43 PM

@[Master] Roshii has been hard at work adding asset support to the mobile wallets.📷3You'll be able to see, transfer, receive assets.You'll also be able to create them right on your phone.

mapple - Today at 2:44 PM

awesome for small business use cases

Vincent - Today at 2:45 PM

will that only include RVN created assets or other currencies as well?

RavencoinDev - Today at 2:46 PM

The RVN wallets only support RVN and soon will support RVN assets.📷2Agreed!Any other questions about Mobile support?

russ - Today at 2:48 PM

any web wallets that support assets yet?

RavencoinDev - Today at 2:48 PM

That's a good question!

Chatturga - Today at 2:49 PM

@traysi -[MM Sysop]- Might be able to answer that.

Pathfinder - Today at 2:49 PM

https://i.imgflip.com/2kifzg.jpg📷

RavencoinDev - Today at 2:49 PM

That's amazing.I think Pathfinder could get paid to make memes for a company...@Under Has done some great work migrating web based bitcoin tools to Raven.I would love to see a web dev kit that allowed web/mobile developers to easily incorporate Raven into their projects.

SpyderDev - Today at 2:51 PM

When is the meme bounty program?

Hans_Schmidt - Today at 2:51 PM

Just wondering- is anyone tracking use of post-2.04 client use on the mainnet? It would be good to know if the non-asset stuff is continuing to work without issues on main.

[Master] Roshii - Today at 2:52 PM

@RavencoinDev I have some ideas for mobile integration kit

[Dev] Blondfrogs - Today at 2:52 PM

Everything seems to be in order on Mainnet.

RavencoinDev - Today at 2:52 PM

Awesome @[Master] RoshiiLet's open it up for General Q&A for the last 10 minutes. Anybody have a question they have been dying to ask?

Under - Today at 2:53 PM

I’d really like to know about the build system.The solution I use is pretty reliable.

cade - Today at 2:53 PM

What would you like to know about it?

Under - Today at 2:54 PM

I’d be glad to train you up on mine

RavencoinDev - Today at 2:54 PM

We are working to incorporate the work that you have put in there. Still struggling with the Mac build part of it.

Hans_Schmidt - Today at 2:54 PM

Do you track wallet version usage on main. Any idea how many people are using newer versions?

cade - Today at 2:54 PM

The current build system we're using is based on what you've doneJust modified to fit into our CI process

[Dev] Blondfrogs - Today at 2:55 PM

@Hans_Schmidt We don't have a rolling tally but you can use the explores to view node versions.

RavencoinDev - Today at 2:55 PM

We do check what's being run on the network periodically but don't have a dashboard type view into the version data.

Vincent - Today at 2:55 PM

is the burn rate going to be tracked and charted on the asset explorer?

Under - Today at 2:55 PM

Rather than incorporating it, it vanilla in a vanilla Ubuntu 18 box works pretty well. CI like Travis could run on a fully gitian build, which I’m glad to work on too

RavencoinDev - Today at 2:56 PM

@Vincent There was talk of creating an RPC call that would show how much has been burned and for what purpose.Anybody want to take a shot at writing that?

Under - Today at 2:56 PM

I’m in the process !Lol

Vincent - Today at 2:56 PM

be a great stat to watch

russ - Today at 2:56 PM

http://ravencoin.asset-explorer.net/stats @Vincentburn and creation rate

Vincent - Today at 2:56 PM

nice

RavencoinDev - Today at 2:57 PM

Sweet, thanks @russ

russ - Today at 2:57 PM

@Scotty made it📷1top notch

cade - Today at 2:58 PM

@Under We have processes and tools that are in use within our organization and we leverage those tools for all of our projects. We have taken the awesome work you've done and tailored it to fit within our toolsets.📷2

Under - Today at 2:59 PM

I can understand that, but I’d counter that the process I describe is simply a copy of bitcoins and allows for it to be replicated in a larger community of developer outside of the Medici teamIt makes the build process trustless and decentralized if it can be replicated by anyone.But I get why you have your ways of doing it.

Hans_Schmidt - Today at 3:00 PM

If you drop the burn address into the web explorer, it tells you how much went there.

Vincent - Today at 3:00 PM

charts are nicer📷2📷1

RavencoinDev - Today at 3:01 PM

I would like a burned endpoint that coinmarketcap can easily call to use in their circulating supply metric.

Vincent - Today at 3:01 PM

burn and rewards can only go one way.... 📷

RavencoinDev - Today at 3:02 PM

Alright, thank you all for being here today. Thank you for your support and for all your effort on Ravencoin platform!

Neo-Geo - Today at 3:02 PM

While we are aware of the dev team’s commitment to ASIC resistance, are there any assurances that RVN dev will find a solution to stay GPU exclusive for optimal decentralization? Monero’s commitment to fork every 6 months (currently on CryptoNightV8) has been wildly successful in keeping AMD’s cards pointing predominantly at their network. RVN is quickly replacing Ethereum as the defacto coin to mine for Nvidia owners (the world’s most popular video card), but the rise of FPGAs can ruin the incentive for GPU miners and lead to hash centralization.📷2

Vincent - Today at 3:02 PM

as a noob...glad to be part of this...great job by all

cade - Today at 3:03 PM

@Under We will be releasing our build process to the community

RavencoinDev - Today at 3:03 PM

Yes @Neo-Geo we are committed to ASIC resistance and we are watching Monero closely.Thanks again everybody. Now go find some BUGS!

Under - Today at 3:04 PM

Cool thanks guys

[Dev] Blondfrogs - Today at 3:04 PM

BTW. QT wallet GUI update is coming. hahahah. have a good day everyone📷1

russ - Today at 3:05 PM

📷

mxL86 (MinerMore.com) - Today at 3:05 PM

Noicee

Hans_Schmidt - Today at 3:05 PM

CU later

Pathfinder - Today at 3:05 PM

thank you everyone!
submitted by Chatturga to Ravencoin [link] [comments]

The Greater Fool's Theory: Crypto Edition

There is a big cognitive dissonance within the crypto community. The dream of decentralization and censorship resistance is dominated by big centralized exchanges centralized empires like Binance and Coinbase.
Speculation still drives the market and fuels the continued growth of centralized exchanges. One of the leading factors fueling the revenue stream of exchanges is new coins, namely ICOs and in future STOs. ICOs became nothing more than a way of Flipping Tokens. Most ICOs used and continue to used Proof of Greater Fool to push forward their blockchain.
People invest in something that they know is probably worthless and extremely overpriced, hoping that they can sell that worthless overpriced digital token to a "Greater Fool". In the end, all ICO investors are fools because even if Fool #1 manages to Flip the token at 3x the price he bought it at, he is still the fool compared to the ''ICO that now holds millions** collected by all the #1 fools.
Essentially ICOs that list on exchanges right away that have nothing to offer and no product are basically Ponzi schemes, with ICO team at the top, ICO Buyers second Layer and people on the exchange at the bottom of the pyramid.
The IEO (Initial Exchange Offering) is a natural evolution of this Ponzi scheme: Now with ICO and Exchanges working together to pump up the price, being able to freely manipulate the price of the token and print free money. As Cryptocurrencies are a totally unregulated market they are pretty much free to do whatever they want.
Cryptocurrency exchanges basically became empires fueled by greed, trading fees, listing fees, and so much more. These empires have no interest in changing the system, similar to how banks do not want to give away power.
It is expected of anyone in power to be very corrupt in a totally uncontrolled market.

BUIDL VS Initial Exchange Offerings

In 2019, for the first time in 3 years, projects that focused on tech, product, and business development came out of the darkness.
Most people pretended to work to look good to raise money, however, some actually worked to solve problems. 2019 was also the year that we started to see Initial Exchange Offerings. ICOs conducted on exchanges compared to publicly.
The original purpose of ICOs was to take away the monopoly of fundraising away from stock exchanges and brokerage firms. An IEO is well explained in that scene of Wolf of Wall Street, when they opened an IPO for Steve Madden shoes. Remember when a centralized entity is responsible for issuing a new stock? It probably has a vast interest in pumping that price, but is it legal in the traditional financial space?
ICOs that are actually working hard to build their product also understand that in order for their projects to become successful they need to become decentralized. They need to get their tokens in as many hands as possible. Of course, the person that is attached to that hand should also bring value to the project.
The best example of the power of useful decentralization is Bitcoin. Bitcoin has a pretty old tech, had a few bugs in their source code, is super slow, but yet it has by far the best community and strongest social consensus. Hashrate doesn't mean much, after all, Bitcoin Cash had a bigger hash rate for a brief while, but it was the social consensus of the mining community that decided not to implement the new changes introduced by Rodger and Bitmain. Now BCH is less than 96% of the market Cap it used to be.
The value of cryptocurrencies is defined by nothing more than censorship resistance, game theory, and token holders. In the long term, these three factors will be decisive determining which coin will have the biggest market cap. Bitcoin has by far the most censorship resistance, probably one of the best game theories and by far the best community.
The value of a coin is pretty much all about: how hard it is to change the information saved on the block * (sum of all useful skills and influence amongst all token holders) that can be leveraged by game theory within the ecosystem.

Best case vs Worst Case outcome for an ICO

An ICO that is used for its actual purpose and not as a vehicle to facilitate scamming, can be seen as the big bang of any new blockchain ecosystem. Successful ICOs understand that they need to act like economies, not companies. Usually, economies filled with smart people that can utilize their skills to push their ecosystem that is also run by the good government (good game theory) do very well, compared to economies that have a very small set of inhabitants that can bring economic value for influence and skill sets.
The optimal scenario for an ICO would be if the tokens were magically distributed among the best developers, business integrators, influencers, politicians and basically anybody that would be willing and capable of bringing value to the new blockchain ecosystem.
Bitcoin’s mechanism to achieve this magical community was via mining and its 4-year reward halving cycle. It takes a great deal of passion and technical skills to start mining. Also, the low token price during the first few years motivated the best developers, who are also deeply interested in the technology, to jump onboard and help on its development efforts. This also allowed them to acquire a lot of tokens in the process.
The 4 year Bitcoin Pump and Dumps enable very smart individuals to join the bitcoin ecosystem every 4 years and accumulate at low prices. Regulators love crypto once they’ve also bought a bag.
Therefore the best outcome is the magical distribution of tokens to all the best developers, business integrators, influencers, politicians and basically anybody that would be willing and able to help that new blockchain ecosystem. The worst case would be an ICO whose tokens holders are mostly speculators, also known as an initial Exchange offering.

ICO DOG offers a different path: Social Mining

We have been very busy for the past few months to build an IDK (ICO Development Kit) for the cryptocurrency ecosystem.
It is an off chain - onchain hybrid solution that any project can plug into their project to assist them with all problems they could potentially face and helps them in the long run to become a decentralized autonomous system. We called it Social Mining, proof of engagement. A certain percentage of the token supply is dedicated for social mining. Any ICO or Post ICO project can plugin our solution to boost their community and to help them become more decentralized.
We have been testing the system now for about 6 weeks and the results are already overwhelming for our first client LTO Network. After the first 6 months, LTO network now has 8 different language channels, community marketing team, over 50 mainnet nodes, community development team, and community produced merchandise shop. The platform is in every sense the opposite of an Initial Exchange offering.
The best performing ICO in the past 12 Months was raised via an IEO on Binance 2nd best performing ICO was raised via our IDK and proof of engagement
You can find a very good in-depth comparison of the two projects here: https://cryptodiffer.com/news/buid-the-meme-that-thrives-in-todays-bearmarket-by-steven-price/
For more information on Social Mining you can check out our content at: www.icodog.io - https://icodog.io/crypto-stories/the-story-of-icodog-november-progress-report/
Or on the LTO Medium Page: https://medium.com/ltonetwork/community-engagement-and-whitelist-the-lto-way-4698b98fdddd
Full article in: https://steemit.com/bitcoin/@icodog/the-greater-fool-s-theory-crypto-edition
By icodog.io
submitted by EnriqueZGZ to ico [link] [comments]

The blocksize debate, the personal attacks against reputable members of the community, and the Craig Wright revelations are all part of a well orchestrated campaign against Bitcoin. Proof inside?

Uber TL;DR: Craig Wright, anonymously via a report relating to the PGP key from December, attempted to smear and discredit members of the Bitcoin development community, accused Bitcoin Core of hijacking Bitcoin by imposing a blocksize limit, attacked small-block supporters, and heavily promoted big blocks. I hypothesize that the on-going blocksize campaign and Craig are highly connected. Scroll down for a non-Uber TL;DR, or just read the whole thing (yes, its long :)).
First, some background. After the December leaks, a paper pertaining to disprove Greg Maxwell's (nullc) allegations of backdating the PGP key has been released by an unknown (at the time) author, titled "Appeal to authority: A failure of trust".
Abstract: In December 2015, a Motherboard article suggested that cryptographic keys ... were created using technology that was not available on the dates they were supposedly made ... in this paper we present evidence that disproves this claim ... In addition, a warning is rung regarding the onset of centralised authority in the control of bitcoin that has been achieved through Blocksize restrictions. These restrictions have led to centralisation of Bitcoin via the dogma of the core development team ...
In the recent Economist article, they mentioned the following:
As for the backdated keys revealed in the December outing, Mr Wright presents a report by First Response, a computer-forensics firm, which states that these keys could have been generated with an older version of the software in question.
While they do not explicitly state that this is the same paper linked above, what are the odds that two different papers were written to support Craig's claims? In all likelihood, Economist refers to the same "Appeal to authority: A failure of trust" paper, mentioning that it was written by a computer forensics firm named First Response.
Now, to the interesting part. Within the paper (supposedly written by an independent third party firm), we have the following text:
Generally, an appeal to authority is fallacious when we cite those who have no special expertise. This is of greater concern when we have an individual believed or purporting to be an expert who abuses trust. Even experts have agendas and the only means to ensure that trust is valid is to hold those experts to a greater level of scrutiny.
That very same text (the bold portion) is also mentioned in that same Economist article, but this time attributed to Craig Wright himself:
In an article in the press kit accompanying the publication of his blog post, he takes aim at Gregory Maxwell, one of the leading bitcoin developers, who first claimed that the cryptographic keys in Mr Wright’s leaked documents were backdated. “Even experts have agendas,” he writes, “and the only means to ensure that trust is valid is to hold experts to a greater level of scrutiny.”
This could mean one of two things: either that Craig wrote that report (and presented it as-if it was written by an independent third party forensics company), or that The Economist mis-attributed the text to Craig instead of to the First Response report. However, they already refer to this report earlier in the very same article (the second quote on this post) and attribute it to First Response. It is very unlikely that they later in the same article they would mis-attribute this report to Craig. In addition, what does a forensics company has to do with Bitcoin politics? Why would they even mention that subject? And how would they even have the knowledge to do so?
My conclusion is: this report was written by none other than Craig Wright himself, who later used similar phrasing for self-attributed texts in his press kit. He then managed to get First Response to sign-off on that report (or simply just lied about them being involved - would be interesting to try and check that).
Now, to the disturbing part. The author of this paper goes out of his way to attack and discredit Gregory Maxwell, over and over, throughout the entire article. He also repeatedly attacks the Bitcoin Core development community, the Bitcoin governance model, and those advocating for smaller blocks. I would say that 70%-80% of that paper is focused on politics, personal attacks against the Bitcoin technical community and heavy promotion for big blocks (later, in the Economist article, he's also advocating for 340GB blocks), in various phrasing that repeat over and over, with only 20%-30% of it actually being related to the technical questions surrounding the PGP key.
Here are some selected quotes (there are many more!):
We may either conclude that Gregory Maxwell understood what he was asserting and has intentionally misled the community in stating that the PGP keys referenced had been backdated, or that a Bitcoin core developer did not understand the workings of PGP sufficiently.
.
In addition, a warning is rung regarding the onset of centralised authority in the control of bitcoin that has been achieved through Blocksize restrictions.
.
There is an inherent warning in the foregoing discussion with regard to the growing power of individuals who may not fully grasp the full potential of the Blockchain but who nevertheless have a disproportionate level of influence.
.
In limiting the size of the Block, the issue of control and the use of the protocol is centralised to a limited number of developers.
.
The bitcoin core protocol was never designed to be a single implementation maintain by a small cabal acting to restrain the heretics. In restricting the Blocksize, the end is the creation of a centralised management body.
.
Several core developers, including Gregory Maxwell have assumed a mantle of control. This is centralisation. It is not companies that we need to ensure do not violate our trust, but individuals.
.
Gregory Maxwell has been an avid supporter in limiting Blocksize. The arguments as to the technical validity of this change are political and act against the core principles of Bitcoin. The retention of limits on Block size consolidates power into the hands of a few individuals.
.
The position that has been assumed by those seeking centralisation of Bitcoin for many years is to create an artificial scarcity within Bitcoin associated with the limits on the Blocksize.
.
Those with power need to be held to a higher standard.
.
We can clearly assert that the evidence Maxwell has presented to justify his assertions to Motherboard that the PGP keys is false. His motives in this remain a mystery.
This report also uses the strawman logical fallacy, attributing Greg with claims that he never made while avoiding quoting his exact words (instead, optin to quote the press's paraphrase of Greg's words). While Greg said that the algorithms weren't in wide use at the alleged time of the key creation, they repeatedly mis-quote him as claiming that it was impossible to generate such a key at the time. Based on this strawman, they build mountains and hillsides, claiming that they can prove their claim in absolute logical terms ("This is a binary outcome and there cannot be any other result. Either creating the keys was possible, or the evidence reported by Motherboard was unfounded").
That was what Greg actually wrote:
Incidentally; there is now more evidence that it's faked. The PGP key being used was clearly backdated: its metadata contains cipher-suites which were not widely used until later software.
This is what the report claims:
In the logical analysis of evidence, we cannot have contradictions. Where such a contradiction exists, we need to check our premises. In this process that we are exploring together, either we can recreate a similar key along the lines of the one Maxwell has stated could not have existed (WAS NEVER SAID! N.I.) and must have been backdated, or we cannot. If we can create a key using the GnuPG software from 2007 and add the attributes of the disputed keys to a newly created key pair, then Maxwell is wrong. If we cannot complete this process, then he was correct and the keys could have been backdated. This is a binary outcome and there cannot be any other result. Either creating the keys was possible, or the evidence reported by Motherboard was unfounded.
.
We see here the default hash list of “2.8.3” as Maxwell asserts is the only available choice. (WAS NEVER SAID! N.I.)
.
The importance of this statement is that Maxwell has firmly asserted that the algorithms, “8,2,9,10,11” have only been added from a later period in 2009 ... We have engaged in this exercise in order to demonstrate that the former statement made by Maxwell is incorrect.
.
This exercise proves that those algorithms that had been stated to not exist at the time within GnuPG 1.4.7 had indeed been implemented. Maxwell’s assertion is false.
That report is, of course, total and utter nonsense. The algorithms did exists in PGP (no one claimed otherwise), but there was no ciphersuite that combined them together. It was indeed possible to manually select that ciphersuite, the command to do so would look like that:
setpref SHA256 SHA1 SHA384 SHA512 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
There's no way that anyone would choose these exact algorithms under the exact same order before it was added as the default to PGP. Its important to note that the ciphersuite was chosen by the open source community after much discussions and knowledge acquired over time regarding the algorithms, which showed this combination to be the most secure. Foreseeing that this suite is going to be the state of the art, a few years before the PGP community figured it out, is extremely unlikely.
TL;DR
  • After Greg exposed Craig's bluff regarding the PGP key from December, Craig writes a report that allegedly proves his key wasn't backdated. It is published on late December '15 - Early January '16 (anyone has an exact date?).
  • That entire article is based on a strawman, and doesn't really prove anything. It shows that it could be technically possible to create such a key at the alleged time, but completely disregards the fact that the likelihood of that happening is practically zero.
  • He released this report anonymously, not attributing it to anyone.
  • He uses this opportunity to discredit Greg, repeatedly attacking his personal integrity and technical competence. He also attacks Bitcoin Core with claims of an hostile takeover by a "small cabal" that wants to control Bitcoin by restricting the blocksize. He smears the "small blocks camp", while heavily advocating for larger blocks. He does that using personal attacks and severe words pointed at highly respected members of the community. About 70%-80% of the report isn't related to the PGP key at all, but rather to politics and attacks.
  • In his press kit for the revelation, he attaches this report, this time attributed to a forensics company called First Response. In addition to the report, he attaches more attacks against Greg, which he does attribute to himself. The phrasing of his self-attributed attacks strikes an extraordinary resemblance to the attacks in the report.
Having read this report, I now believe that what we're seeing is another stage of a well orchestrated attack on Bitcoin, whose goal is to discredit reputable members of the Bitcoin community, create factions within the community and to sow distrust among community members.
This attack hasn't started now. The opening shot was the block size campaign, which was designed to spread toxicity and dissent, promote personal attacks against thought leaders and technical experts, and split the community into two opposing camps. The goal is to dissemble the human and social fabric of Bitcoin, to subvert our trust in the cypher-punk "leaders" of the bitcoin space and to create chaos and confusion, in order to prepare the ground for the second stage - an hostile takeover of the Bitcoin protocol development via a person claiming to be Satoshi Nakamoto, which will support this new development team and lead people after him.
I don't usually tend to be overly conspirative, but this report is highly disturbing. It has the very clear agenda of attacking Bitcoin Core and the consensus mechanism, while heavily promoting big blocks. We have appealing evidence that it was written by Craig, which also continues his attack as part of his press release. All of that leads me to believe that the blocksize campaign, the non-stop attacks against the Bitcoin development community and thought leaders, and the Craig revelation as "being Satoshi" are all tightly connected as part of an orchestrated attack.
And all of that follows repeating evidence of ongoing sock-puppets and rating manipulation within our online communities, Sybil attacks on the P2P network to create a false image of Classic support, and DDoS attacks. (interesting to note that voting manipulation was put into use with greater vigor during the Craig revelations, according to theymos - "there's substantial vote manipulation in /Bitcoin right now").
I truly believe that this is the real thing. We're witnessing an orchestrated full-scale attack on Bitcoin, by a well-organized entity with significant financial means. Buckle up!
submitted by shesek1 to Bitcoin [link] [comments]

Bitcoinj 0.11 released

Mike Hearn posted this on the Bitcoin Developer Mailing List:
I'm pleased to announce the release of bitcoinj 0.11, a library for writing Bitcoin applications that run on the JVM. BitcoinJ is widely used across the Bitcoin community; some users include Bitcoin Wallet for Android, MultiBit, Hive, blockchain.info, the biteasy.com block explorer (written in Lisp!), Circle, Neo/Bee (Cypriot payment network), bitpos.me, Bitcoin Touch, BlueMatt's relay network and DNS crawler, academic advanced contracts research and more.
The release-0.11 git tag is signed by Andreas Schildbach's GPG key. The commit hash is 410d4547a7dd. This paragraph is signed by the same Bitcoin key as with previous releases (check their release announcements to establish continuity). Additionally, this email is signed using DKIM and for the first time, a key that was ID verified by the Swiss government.
Key: 16vSNFP5Acsa6RBbjEA7QYCCRDRGXRFH4m
Signature for last paragraph: H3DvWBqFHPxKW/cdYUdZ6OHjbq6ZtC5PHK4ebpeiE+FqTHyRLJ58BItbC0R2vo77h+DthpQigdEZ0V8ivSM7VIg=
Notable changes and new features
Smaller improvements
Notable bug fixes
API changes
New documentation
Announcement: https://groups.google.com/forum/?fromgroups#!topic/bitcoinj-announce/3LW0uXhlRZY
Message on Bitcoin Developer Mailing List: http://www.mail-archive.com/[email protected]/msg03873.html
Google Code: https://code.google.com/p/bitcoinj/
GitHub: https://github.com/bitcoinj/bitcoinj
Edit: Added links to articles about BIP39 and BIP70 which were included in the original announcement.
submitted by alsomahler to Bitcoin [link] [comments]

0x00.txt - the write-up/guide from the FinFisher hack

Here is the write-up/guide from the FinFisher hack, which is excellent reading - it is also mirrored here. Hopefully we will get the Hacking Team one soon.
 _ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__| <|_| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) A DIY Guide for those without the patience to wait for whistleblowers 
--1-- Introduction
I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request.
-- 2 -- Staying Safe
This is illegal, so you'll need to take same basic precautions:
  1. Make a hidden encrypted volume with Truecrypt 7.1a
  2. Inside the encrypted volume install Whonix
  3. (Optional) While just having everything go over Tor thanks to Whonix is probably sufficient, it's better to not use an internet connection connected to your name or address. A cantenna, aircrack, and reaver can come in handy here.
As long as you follow common sense like never do anything hacking related outside of Whonix, never do any of your normal computer usage inside Whonix, never mention any information about your real life when talking with other hackers, and never brag about your illegal hacking exploits to friends in real life, then you can pretty much do whatever you want with no fear of being v&.
NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable for some things like web browsing, when it comes to using hacking tools like nmap, sqlmap, and nikto that are making thousands of requests, they will run very slowly over Tor. Not to mention that you'll want a public IP address to receive connect back shells. I recommend using servers you've hacked or a VPS paid with bitcoin to hack from. That way only the low bandwidth text interface between you and the server is over Tor. All the commands you're running will have a nice fast connection to your target.
-- 3 -- Mapping out the target
Basically I just repeatedly use fierce.pl, whois lookups on IP addresses and domain names, and reverse whois lookups to find all IP address space and domain names associated with an organization.
For an example let's take Blackwater. We start out knowing their homepage is at academi.com. Running fierce.pl -dns academi.com we find the subdomains:
67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com 
Now we do whois lookups and find the homepage of www.academi.com is hosted on Amazon Web Service, while the other IPs are in the range:
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd 
Doing a whois lookup on academi.com reveals it's also registered to the same address, so we'll use that as a string to search with for the reverse whois lookups. As far as I know all the actual reverse whois lookup services cost money, so I just cheat with google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools 
Now run fierce.pl -range on the IP ranges you find to lookup dns names, and fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more whois lookups and repeat the process until you've found everything.
Also just google the organization and browse around its websites. For example on academi.com we find links to a careers portal, an online store, and an employee resources page, so now we have some more:
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com 
If you repeat the whois lookups and such you'll find academiproshop.com seems to not be hosted or maintained by Blackwater, so scratch that off the list of interesting IPs/domains.
In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com was simply a whois lookup of finfisher.com which found it registered to the name "FinFisher GmbH". Googling for:
"FinFisher GmbH" inurl:domaintools 
finds gamma-international.de, which redirects to finsupport.finfisher.com
...so now you've got some idea how I map out a target.
This is actually one of the most important parts, as the larger the attack surface that you are able to map out, the easier it will be to find a hole somewhere in it.
-- 4 -- Scanning & Exploiting
Scan all the IP ranges you found with nmap to find all services running. Aside from a standard port scan, scanning for SNMP is underrated.
Now for each service you find running:
  1. Is it exposing something it shouldn't? Sometimes companies will have services running that require no authentication and just assume it's safe because the url or IP to access it isn't public. Maybe fierce found a git subdomain and you can go to git.companyname.come/gitweb/ and browse their source code.
  2. Is it horribly misconfigured? Maybe they have an ftp server that allows anonymous read or write access to an important directory. Maybe they have a database server with a blank admin password (lol stratfor). Maybe their embedded devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer's default password.
  3. Is it running an old version of software vulnerable to a public exploit?
Webservers deserve their own category. For any webservers, including ones nmap will often find running on nonstandard ports, I usually:
  1. Browse them. Especially on subdomains that fierce finds which aren't intended for public viewing like test.company.com or dev.company.com you'll often find interesting stuff just by looking at them.
  2. Run nikto. This will check for things like webserve.svn/, webservebackup/, webservephpinfo.php, and a few thousand other common mistakes and misconfigurations.
  3. Identify what software is being used on the website. WhatWeb is useful
  4. Depending on what software the website is running, use more specific tools like wpscan, CMS-Explorer, and Joomscan.
First try that against all services to see if any have a misconfiguration, publicly known vulnerability, or other easy way in. If not, it's time to move on to finding a new vulnerability:
5) Custom coded web apps are more fertile ground for bugs than large widely used projects, so try those first. I use ZAP, and some combination of its automated tests along with manually poking around with the help of its intercepting proxy.
6) For the non-custom software they're running, get a copy to look at. If it's free software you can just download it. If it's proprietary you can usually pirate it. If it's proprietary and obscure enough that you can't pirate it you can buy it (lame) or find other sites running the same software using google, find one that's easier to hack, and get a copy from them.
For finsupport.finfisher.com the process was:
At this point I can see the news stories that journalists will write to drum up views: "In a sophisticated, multi-step attack, hackers first compromised a web design firm in order to acquire confidential data that would aid them in attacking Gamma Group..."
But it's really quite easy, done almost on autopilot once you get the hang of it. It took all of a couple minutes to:
Looking through the source code they might as well have named it Damn Vulnerable Web App v2. It's got sqli, LFI, file upload checks done client side in javascript, and if you're unauthenticated the admin page just sends you back to the login page with a Location header, but you can have your intercepting proxy filter the Location header out and access it just fine.
Heading back over to the finsupport site, the admin /BackOffice/ page returns 403 Forbidden, and I'm having some issues with the LFI, so I switch to using the sqli (it's nice to have a dozen options to choose from). The other sites by the web designer all had an injectable print.php, so some quick requests to:
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1 
reveal that finsupport also has print.php and it is injectable. And it's database admin! For MySQL this means you can read and write files. It turns out the site has magicquotes enabled, so I can't use INTO OUTFILE to write files. But I can use a short script that uses sqlmap --file-read to get the php source for a URL, and a normal web request to get the HTML, and then finds files included or required in the php source, and finds php files linked in the HTML, to recursively download the source to the whole site.
Looking through the source, I see customers can attach a file to their support tickets, and there's no check on the file extension. So I pick a username and password out of the customer database, create a support request with a php shell attached, and I'm in!
-- 5 -- (fail at) Escalating
< got r00t? >
 \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^ 
Root over 50% of linux servers you encounter in the wild with two easy scripts, Linux_Exploit_Suggester, and unix-privesc-check.
finsupport was running the latest version of Debian with no local root exploits, but unix-privesc-check returned:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data 
can write to /etc/cron.hourly/webalizer
so I add to /etc/cron.hourly/webalizer:
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell 
wait an hour, and ....nothing. Turns out that while the cron process is running it doesn't seem to be actually running cron jobs. Looking in the webalizer directory shows it didn't up