How to use Visual Studio Code | Bitcoin Insider

Trojan malscripts; **what are they?**

in this post you will learn a little about publicly available information on malscripts
what is a trojan.malscript? -a quick google search turns up this result from 2014 (outdated?)
Search Results (Featured snippet from the web) Systems Affected: Windows - Trojan. Malscript is a heuristic detection for Web-based malicious script files that exploit vulnerabilities and/or perform heap spraying.-Sep 3, 2014- -Trojan.Malscript | Symantec- -https://www.symantec.com › security-center › writeup-
-not very clear!... lets try learn some more!!.. *another quick google search gives up some information about other systems not just windows affected
-If we add keywords like linux we get varied results such as this (albeit, older but w/e)
Search Results (Featured snippet from the web) -Systems Affected: Linux, Mac, Solaris, Windows.- Trojan. Malscript. C is a generic detection for HTML files infected with a JavaScript that redirects the browser to a malicious Web site that may exploit the browser or download other malicious threats.-Jan 30, 2010- -Trojan.Malscript.C | Technical Details | Removing Help ...- -https://us.norton.com › trojan.malscript.c-2010-013011-2940-99-writeup.html-
so given a couple quick searches we can guess a bit -we need: *java *HTML *access to the internet somehow (could be by an offline file touching an online source; this puts the item at risk for "contracting" offline ai or crawling codes)
another way would be
*write a "safe" code on here on reddit but its gonna take me time since reddit allows this:
if 1 * 2 < 3: print "hello, world!" 
this can be achieved by possibly writing a code to a site that had malscripts already deployed such as an embed code, or request in an "iframe"
  • Alot of people may remember sites such as:
https://www.xanga.com and various other places; *these places allowed HTML editing for themes and overall page layout -sites such as http://www.neopets.com etc. had/have this ability as well.

-these sites are great examples of how easy it could be to place an HTML or java malscript that was made to either be good/bad/both; especially now, given our extremely large usage of internet!
Sure; #scareme... what can a trojan.malscript do!
quick learned facts:
-exploits an available resource via internets (lol)
-is a form of 'script' (really generic term) that employs heuristic based approach; defined as and asked to google before:
What is a heuristic approach?- -“A heuristic technique, often called simply a heuristic, is any approach to problem solving, learning, or discovery that employs a practical method not guaranteed to be optimal or perfect, but sufficient for the immediate goals.-Feb 5, 2018- -Heuristic Approaches to Problem Solving- | -101 Computing- -https://www.101computing.net › heuristic-approaches-to-problem-solving-
-may perfrom heap spraying which is defined here
A heap spraying attack is a remote code execution exploit that allows the attacker to insert arbitrary code in the system's heap memory space. ... The spray is followed by exploit code that, when inserted into the heap memory, will exploit a weakness or vulnerability, allowing the code to execute on the system.-Aug 11, 2010- -Heap Spraying Buffer Overflow Attacks - Cisco.com- -https://tools.cisco.com › center › resources › security-alerts-announcement-
WAIT! isnt that good...or bad...or OMG wth! #notscared?scared?
it really depends 0.o
-why is there a malscript in the first place; this is a great place to start asking questions for any individual or business by asking what OS is being used and what version/type/grade/blahblah
I use windows xp, windows xp is a "unsupported"(mostly) os - I use it to dissect information. its wonderful! also sucks sometimes when the software is riddled with holes and various other "things" shoutout to Microsoft for updates in DEC 2019! x<.3
Windows xp pro sp3 5.1.2600
x86
smbios2.4
I use AVG anti-virus with highest settings and personal settings that the free version can have
get to know my computer better? #thisajoke??
Nah, over the years Ive collected knowledge and some more common answers to basic questions in cyber security, qustions like "what is a malscript"? have simple answers, mostly... things like these 5 objects can be defined as being malscript:
  • Anti-virus
  • Anti-malware
  • anti-execution mechanisms
  • any word processor may or may not be defined as malscript if it can "spell check" your work or place a timestamp
  • third party input/output mechanism; things such as mouses, sd, usb, cd, internet(s) that crawl for information like web.archive, bitcoin code, cryptocode overall if it has a weakness to malscripted behaviours
there are MULTIPLE other reasons, one such problem is:
mass-malware campaigns and adware from older computers attempting to propogate and control older versions of networks that no longer work as expected/coded to seek
^ this type of malscript "poorly planned, and hastily executed or outdated"; can have adverse impacts on the internet as a whole - not just for the computers expected to be impacted.
ok, malscripts. so what can #I do?
when approaching cyber security its easy to become overwhelmed by the amount of information that is available; to research; to dissect; to use as examples...
what the best thing anyone or a group can do?;
attempt to make an effort to learn about the item a bit before, using or expecting them to work a certain way; due to a biased info source like ones own
also:
seek outside sources, but also be careful an use knowledge seeked as knowledge that may or may not be "useful" for the current project or situation...
this post was an attempt to gain knowledge and some skills in writing and information sharing.
thanks everyone!
hope you enjoy my reading material!!
Have a Awwww-some new year!
ReachOutForBits recommends "useless" backup scanning after securely and safely removing identifiable information before scanning at https://www.virustotal.com before resell of computer or devices ; in order to avoid costly data blunders such as
ids/creds cloning
phonenumber collection
email collection
by persistent threats that are EXTREMELY HARD TO DETECT ; even penetrating some hardwares with advanced capabilities such as "sleeping" AI or, Run-mocking AI!
think of all the people who said AI will skynet us; maybe AI is just a stepping stone for some BAD F-IN MALWARE that someone has written that needs no C&C mechanism or user interaction at all - not the AI itself persay.
this is one form of persistant threat that needs to be identified to ensure non-tainted, verifiable, security information results into the future and beyond...
other threats include:
  • over-patriotic; otherwise defined as "EXTREMIST" - individuals of ANY COUNTRY, ANY RELIGION, ANY CREED, ANY BELIEF or OATH or CONSTITUTIONAL AGREEMENT.
  • fake bomb threats and faux-emergency calls
  • PAID INFORMANTS AND THEIR COUNTERPARTS
  • So called, anons, that gather in groups and communicate between each-other; effectively destroying the meaning of being ANON. singular noun
    the types of people(s) that write their own definition at urbandictionary and then proceed to agree together that thats it.
    • ahha, hah..hahahah...this is funnny....get this:
    -they also gather en-masse in attempts to overwhelm and proceed to cause irreprible cost or some form of damage - rarely peaceful anymore.
names like troll are no longer what they were, fictional characters under a bridge; troll is now Pseudonym for prankster(s) @ anycost
  • Crypto-currency Jackers who have designed tech to prevent proper payments and reward systems (at-source or in-transit) from being implemented; according to consensus.
  • Outdated, over-sourced(more than 10 downloads) malware
  • Junk and bloat that often comes preinstalled with no intention of caring whether or not the user will actually "use" it.
    this type of item hogs CPU/GPU and introduces ill timed updates that cannot be controlled!
STAY SAFE
submitted by killabell33 to MinimalistHacking [link] [comments]

Announcing Parity – Fastest and Lightest Ethereum Implementation in Rust

submitted by johnmountain to programming [link] [comments]

Emergent Coding FAQ

Background reading
  1. https://youtu.be/-MMQUspVduo ELI5 with pictures.
  2. https://youtu.be/ZSkZxOJ5HPA Hello World using Emergent Coding
  3. https://codevalley.com/whitepaper.pdf This document treats Emergent coding from a philosophical perspective. It has a good introduction, description of the tech and is followed by two sections on justifications from the perspective of Fred Brooks No Silver Bullet criteria and an industrialization criteria.
  4. Mark Fabbro's presentation from the Bitcoin Cash City Conference which outlines the motivation, basic mechanics, and usage of Bitcoin Cash in reproducing the industrial revolution in the software industry.
  5. Building the Bitcoin Cash City presentation highlighting how the emergent coding group of companies fit into the adoption roadmap of North Queensland.
  6. Forging Chain Metal by Paul Chandler CEO of Aptissio, one of startups in the emergent coding space and which secured a million in seed funding last year.
  7. Bitcoin Cash App Exploration A series of Apps that are some of the first to be built by emergent coding and presented, and in the case of Cashbar, demonstrated at the conference.
  8. A casual Bitcoin Cash interview that touches on emergent coding, tech park, merchant adoption and much more.
How does Emergent Coding prevent developer capture?
A developer's Agent does not know what project they are contributing to and is thus paid for the specific contribution. The developer is controlling the terms of the payment rather than the alternative, an employer with an employment agreement.
Why does Emergent Coding use Bitcoin BCH?
  1. Both emergent coding and Bitcoin BCH are decentralized: As emergent coding is a decentralized development environment consisting of Agents providing respective design services, each contract received by an agent requires a BCH payment. As Agents are hosted by their developer owners which may be residing in one of 150 countries, Bitcoin Cash - an electronic peer-to-peer electronic cash system - is ideal to include a developer regardless of geographic location.
  2. Emergent coding will increase the value of the Bitcoin BCH blockchain: With EC, there are typically many contracts to build an application (Cashbar was designed with 10000 contracts or so). EC adoption will increase the value of the Bitcoin BCH blockchain in line with this influx of quality economic activity.
  3. Emergent coding is being applied to BCH software first: One of the first market verticals being addressed with emergent coding is Bitcoin Cash infrastructure. We are already seeing quality applications created using emergent coding (such as the HULA, Cashbar, PH2, vending, ATMs etc). More apps and tools supporting Bitcoin cash will attract more merchants and business to BCH.
  4. Emergent coding increases productivity: Emergent coding increases developer productivity and reduces duplication compared to other software development methods. Emergent coding can provide BCH devs with an advantage over other coins. A BCH dev productivity advantage will accelerate Bitcoin BCH becoming the first global currency.
  5. Emergent coding produces higher quality binaries: Higher quality software leads to a more reliable network.

1. Who/what is Code Valley? Aptissio? BCH Tech Park? Mining and Server Complex?
Code Valley Corp Pty Ltd is the company founded to commercialize emergent coding technology. Code Valley is incorporated in North Queensland, Australia. See https://codevalley.com
Aptissio Australia Pty Ltd is a company founded in North Queensland and an early adopter of emergent coding. Aptissio is applying EC to Bitcoin BCH software. See https://www.aptissio.com
Townsville Technology Precincts Pty Ltd (TTP) was founded to bring together partners to answer the tender for the Historic North Rail Yard Redevelopment in Townsville, North Queensland. The partners consist of P+I, Conrad Gargett, HF Consulting, and a self-managed superannuation fund(SMSF) with Code Valley Corp Pty Ltd expected to be signed as an anchor tenant. TTP answered a Townsville City Council (TCC) tender with a proposal for a AUD$53m project (stage 1) to turn the yards into a technology park and subsequently won the tender. The plan calls for the bulk of the money is to be raised in the Australian equity markets with the city contributing $28% for remediation of the site and just under 10% from the SMSF. Construction is scheduled to begin in mid 2020 and be competed two years later.
Townsville Mining Pty Ltd was set up to develop a Server Complex in the Kennedy Energy Park in North Queensland. The site has undergone several studies as part of a due diligence process with encouraging results for its competitiveness in terms of real estate, power, cooling and data.
  1. TM are presently in negotiations with the owners of the site and is presently operating under an NDA.
  2. The business model calls for leasing "sectors" to mining companies that wish to mine allowing companies to control their own direction.
  3. Since Emergent Coding uses the BCH rail, TM is seeking to contribute to BCH security with an element of domestic mining.
  4. TM are working with American partners to lease one of the sectors to meet that domestic objective.
  5. The site will also host Emergent Coding Agents and Code Valley and its development partners are expected to lease several of these sectors.
  6. TM hopes to have the site operational within 2 years.
2. What programming language are the "software agents" written in.
Agents are "built" using emergent coding. You select the features you want your Agent to have and send out the contracts. In a few minutes you are in possession of a binary ELF. You run up your ELF on your own machine and it will peer with the emergent coding and Bitcoin Cash networks. Congratulations, your Agent is now ready to accept its first contract.
3. Who controls these "agents" in a software project
You control your own Agents. It is a decentralized development system.
4. What is the software license of these agents. Full EULA here, now.
A license gives you the right to create your own Agents and participate in the decentralized development system. We will publish the EULA when we release the product.
5. What kind of software architecture do these agents have. Daemons Responding to API calls ? Background daemons that make remote connection to listening applications?
Your Agent is a server that requires you to open a couple of ports so as to peer with both EC and BCH networks. If you run a BCH full node you will be familiar with this process. Your Agent will create a "job" for each contract it receives and is designed to operate thousands of jobs simultaneously in various stages of completion. It is your responsibility to manage your Agent and keep it open for business or risk losing market share to another developer capable of designing the same feature in a more reliable manner (or at better cost, less resource usage, faster design time etc.). For example, there is competition at every classification which is one reason emergent coding is on a fast path for improvement.
It is worth reiterating here that Agents are only used in the software design process and do not perform any role in the returned project binary.
6. What is the communication protocol these agents use.
The protocol is proprietary and is part of your license.
7. Are the agents patented? Who can use these agents?
It is up to you if you want to patent your Agent the underlying innovation behind emergent coding is _feasible_ developer specialization. Emergent coding gives you the ability to contribute to a project without revealing your intellectual property thus creating prospects for repeat business; It renders software patents moot.
Who uses your Agents? Your Agents earn you BCH with each design contribution made. It would be wise to have your Agent open for business at all times and encourage everyone to use your design service.
8. Do I need to cooperate with Code Valley company all of the time in order to deploy Emergent Coding on my software projects, or can I do it myself, using documentation?
It is a decentralized system. There is no single point of failure. Code Valley intends to defend the emergent coding ecosystem from abuse and bad actors but that role is not on your critical path.
9. Let's say Electron Cash is an Emergent Coding project. I have found a critical bug in the binary. How do I report this bug, what does Jonald Fyookball need to do, assuming the buggy component is a "shared component" puled from EC "repositories"?
If you built Electron Cash with emergent coding it will have been created by combining several high level wallet features designed into your project by their respective Agents. Obviously behind the scenes there are many more contracts that these Agents will let and so on. For example the Cashbar combines just 16 high level Point-of-Sale features but ultimately results in more than 10,000 contracts in toto. Should one of these 10,000 make a design error, Jonald only sees the high level Agents he contracted. He can easily pinpoint which of these contractors are in breach. Similarly this contractor can easily pinpoint which of its sub-contractors is in breach and so on. The offender that breached their contract wherever in the project they made their contribution, is easily identified. For example, when my truck has a warranty problem, I do not contact the supplier of the faulty big-end bearing, I simply take it back to Mazda who in turn will locate the fault.
Finally "...assuming the buggy component is a 'shared component' puled from EC 'repositories'?" - There are no repositories or "shared component" in emergent coding.
10. What is your licensing/pricing model? Per project? Per developer? Per machine?
Your Agent charges for each design contribution it makes (ie per contract). The exact fee is up to you. The resulting software produced by EC is unencumbered. Code Valley's pricing model consists of a seat license but while we are still determining the exact policy, we feel the "Valley" (where Agents advertise their wares) should charge a small fee to help prevent gaming the catalogue and a transaction fee to provide an income in proportion to operations.
11. What is the basic set of applications I need in order to deploy full Emergent Coding in my software project? What is the function of each application? Daemons, clients, APIs, Frontends, GUIs, Operating systems, Databases, NoSQLs? A lot of details, please.
There's just one. You buy a license and are issued with our product called Pilot. You run Pilot (node) up on your machine and it will peer with the EC and BCH networks. You connect your browser to Pilot typically via localhost and you're in business. You can build software (including special kinds of software like Agents) by simply combining available features. Pilot allows you to specify the desired features and will manage the contracts and decentralized build process. It also gives you access to the "Valley" which is a decentralized advertising site that contains all the "business cards" of each Agent in the community, classified into categories for easy search.
If we are to make a step change in software design, inventing yet another HLL will not cut it. As Fred Brooks puts it, an essential change is needed.
12. How can I trust a binary when I can not see the source?
The Emergent Coding development model is very different to what you are use to. There are ways of arriving at a binary without Source code.
The Agents in emergent coding design their feature into your project without writing code. We can see the features we select but can not demonstrate the source as the design process doesn't use a HLL.
The trust model is also different. The bulk of the testing happens _before_ the project is designed not _after_. Emergent Coding produces a binary with very high integrity and arguably far more testing is done in emergent coding than in incumbent methods you are used to.
In emergent coding, your reputation is built upon the performance of your Agent.
If your Agent produces substandard features, you are simply creating an opportunity for a competitor to increase their market share at your expense.
Here are some points worth noting regarding bad actor Agents:
  1. An Agent is a specialist and in emergent coding is unaware of the project they are contributing to. If you are a bad actor, do you compromise every contract you receive? Some? None?
  2. Your client is relying on the quality of your contribution to maintain their own reputation. Long before any client will trust your contributions, they will have tested you to ensure the quality is at their required level. You have to be at the top of your game in your classification to even win business. This isn't some shmuck pulling your routine from a library.
  3. Each contract to your agent is provisioned. Ie you advertise in advance what collaborations you require to complete your design. There is no opportunity for a "sign a Bitcoin transaction" Agent to be requesting "send an HTTP request" collaborations.
  4. Your Agent never gets to modify code, it makes a design contribution rather than a code contribution. There is no opportunity to inject anything as the mechanism that causes the code to emerge is a higher order complexity of all Agent involvement.
  5. There is near perfect accountability in emergent coding. You are being contracted and paid to do the design. Every project you compromise has an arrow pointed straight at you should it be detected even years later.
Security is a whole other ball game in emergent coding and current rules do not necessarily apply.
13. Every time someone rebuilds their application, do they have to pay over again for all "design contributions"? (Or is the ability to license components at fixed single price for at least a limited period or even perpetually, supported by the construction (agent) process?)
You are paying for the design. Every time you build (or rebuild) an application, you pay the developers involved. They do not know they are "rebuilding". This sounds dire but its costs far less than you think and there are many advantages. Automation is very high with emergent coding so software design is completed for a fraction of the cost of incumbent design methods. You could perhaps rebuild many time before matching incumbent methods. Adding features is hard with incumbent methods "..very few late-stage additions are required before the code base transforms from the familiar to a veritable monster of missed schedules, blown budgets and flawed products" (Brooks Jr 1987) whereas with emergent coding adding a late stage feature requires a rebuild and hence seamless integration. With Emergent Coding, you can add an unlimited number of features without risking the codebase as there isn't one.
The second part of your question incorrectly assumes software is created from licensed components rather than created by paying Agents to design features into your project without any licenses involved.
14. In this construction process, is the vendor of a particular "design contribution" able to charge differential rates per their own choosing? e.g. if I wanted to charge a super-low rate to someone from a 3rd world country versus charging slightly more when someone a global multinational corporation wants to license my feature?
Yes. Developers set the price and policy of their Agent's service. The Valley (where your Agent is presently advertised) presently only supports a simple price policy. The second part of your question incorrectly assumes features are encumbered with licenses. A developer can provide their feature without revealing their intellectual property. A client has the right to reuse a developer's feature in another project but will find it uneconomical to do so.
15. Is "entirely free" a supported option during the contract negotiation for a feature?
Yes. You set the price of your Agent.
16. "There is no single point of failure." Right now, it seems one needs to register, license the construction tech etc. Is that going to change to a model where your company is not necessarily in that loop? If not, don't you think that's a single point of failure?
It is a decentralized development system. Once you have registered you become part of a peer-to-peer system. Code Valley has thought long and hard about its role and has chosen the reddit model. It will set some rules for your participation and will detect or remove bad actors. If, in your view, Code Valley becomes a bad actor, you have control over your Agent, private keys and IP, you can leave the system at any time.
17. What if I can't obtain a license because of some or other jurisdictional problem? Are you allowed to license the technology to anywhere in the world or just where your government allows it?
We are planning to operate in all 150 countries. As ec is peer-to-peer, Code Valley does not need to register as a digital currency exchange or the like. Only those countries banning BCH will miss out (until such times as BCH becomes the first global electronic cash system).
18.
For example the Cashbar combines just 16 high level Point-of-Sale features but ultimately results in more than 10,000 contracts in toto.
It seems already a reasonably complex application, so well done in having that as a demo.
Thank you.
19. I asked someone else a question about how it would be possible to verify whether an application (let's say one received a binary executable) has been built with your system of emergent consensus. Is this possible?
Yes of course. If you used ec to build an application, you can sign it and claim anything you like. Your client knows it came from you because of your signature. The design contributions making up the application are not signed but surprisingly there is still perfect accountability (see below).
20. I know it is possible to identify for example all source files and other metadata (like build environment) that went into constructing a binary, by storing this data inside an executable.
All metadata emergent coding is now stored offline. When your Agent completes a job, you have a log of the design agreements you made with your peers etc., as part of the log. If you are challenged at a later date for breaching a design contract, you can pull your logs to see what decisions you made, what sub-contracts were let etc. As every Agent has their own logs, the community as a whole has a completely trustless log of each project undertaken.
21. Is this being done with EC build products and would it allow the recipient to validate that what they've been provided has been built only using "design contributions" cryptographically signed by their providers and nothing else (i.e. no code that somehow crept in that isn't covered by the contracting process)?
The emergent coding trust model is very effective and has been proven in other industries. Remember, your Agent creates a feature in my project by actually combining smaller features contracted from other Agents, thus your reputation is linked to that of your suppliers. If Bosch makes a faulty relay in my Ford, I blame Ford for a faulty car not Bosch when my headlights don't work. Similarly, you must choose and vet your sub-contractors to the level of quality that you yourself want to project. Once these relationships are set up, it becomes virtually impossible for a bad actor to participate in the system for long or even from the get go.
22. A look at code generated and a surprising answer to why is every intermediate variable spilled?
Thanks to u/R_Sholes, this snippet from the actual code for: number = number * 10 + digitgenerated as a part of: sub read/integeboolean($, 0, 100) -> guess
; copy global to local temp variable 0x004032f2 movabs r15, global.current_digit 0x004032fc mov r15, qword [r15] 0x004032ff mov rax, qword [r15] 0x00403302 movabs rdi, local.digit 0x0040330c mov qword [rdi], rax ; copy global to local temp variable 0x0040330f movabs r15, global.guess 0x00403319 mov r15, qword [r15] 0x0040331c mov rax, qword [r15] 0x0040331f movabs rdi, local.num 0x00403329 mov qword [rdi], rax ; multiply local variable by constant, uses new temp variable for output 0x0040332c movabs r15, local.num 0x00403336 mov rax, qword [r15] 0x00403339 movabs rbx, 10 0x00403343 mul rbx 0x00403346 movabs rdi, local.num_times_10 0x00403350 mov qword [rdi], rax ; add local variables, uses yet another new temp variable for output 0x00403353 movabs r15, local.num_times_10 0x0040335d mov rax, qword [r15] 0x00403360 movabs r15, local.digit 0x0040336a mov rbx, qword [r15] 0x0040336d add rax, rbx 0x00403370 movabs rdi, local.num_times_10_plus_digit 0x0040337a mov qword [rdi], rax ; copy local temp variable back to global 0x0040337d movabs r15, local.num_times_10_plus_digit 0x00403387 mov rax, qword [r15] 0x0040338a movabs r15, global.guess 0x00403394 mov rdi, qword [r15] 0x00403397 mov qword [rdi], rax For comparison, an equivalent snippet in C compiled by clang without optimizations gives this output: imul rax, qword ptr [guess], 10 add rax, qword ptr [digit] mov qword ptr [guess], rax 
Collaborations at the byte layer of Agents result in designs that spill every intermediate variable.
Firstly, why this is so?
Agents from this early version only support one catch-all variable design when collaborating. Similar to a compiler when all registers contain variables, the compiler must make a decision to spill a register temporarily to main memory. The compiler would still work if it spilled every variable to main memory but would produce code that would be, as above, hopelessly inefficient.
However, by only supporting the catch-all portion of the protocol, the code valley designers were able to design, build and deploy these agents faster because an Agent needs fewer predicates in order to participate in these simpler collaborations.
The protocol involved however, can have many "Policies" besides the catch-all default policy (Agents can collaborate over variables designed to be on the stack, or, as is common for intermediate variables, designed to use a CPU register, and so forth).
This example highlights one of the very exciting aspects of emergent coding. If we now add a handful of additional predicates to a handful of these byte layer agents, henceforth ALL project binaries will be 10x smaller and 10x faster.
Finally, there can be many Agents competing for market share at each of classification. If these "gumby" agents do not improve, you can create a "smarter" competitor (ie with more predicates) and win business away from them. Candy from a baby. Competition means the smartest agents bubble to the top of every classification and puts the entire emergent coding platform on a fast path for improvement. Contrast this with incumbent libraries which does not have a financial incentive to improve. Just wait until you get to see our production system.
23. How hard can an ADD Agent be?
Typically an Agent's feature is created by combining smaller features from other Agents. The smallest features are so devoid of context and complexity they can be rendered by designing a handful of bytes in the project binary. Below is a description of one of these "byte" layer Agents to give you an idea how they work.
An "Addition" Agent creates the feature of "adding two numbers" in your project (This is an actual Agent). That is, it contributes to the project design a feature such that when the project binary is delivered, there will be an addition instruction somewhere in it that was designed by the contract that was let to this Agent.
If you were this Agent, for each contract you received, you would need to collaborate with peers in the project to resolve vital requirements before you can proceed to design your binary "instruction".
Each paid contract your Agent receives will need to participate in at least 4 collaborations within the design project. These are:
  1. Input A collaboration
  2. Input B collaboration
  3. Result collaboration
  4. Construction site collaboration
You can see from the collaborations involved how your Agent can determine the precise details needed to design its instruction. As part of the contract, the Addition Agent will be provisioned with contact details so it can join these collaborations. Your Agent must collaborate with other stakeholders in each collaboration to resolve that requirement. In this case, how a variable will be treated. The stakeholders use a protocol to arrive at an Agreement and share the terms of the agreement. For example, the stakeholders of collaboration “Input A” may agree to treat the variable as an signed 64bit integer, resolve to locate it at location 0x4fff2, or alternatively agree that the RBX register should be used, or agree to use one of the many other ways a variable can be represented. Once each collaboration has reached an agreement and the terms of that agreement distributed, your Agent can begin to design the binary instruction. The construction site collaboration is where you will exactly place your binary bytes.
The construction site protocol is detailed in the whitepaper and is some of the magic that allows the decentralized development system to deliver the project binary. The protocol consists of 3 steps,
  1. You request space in the project binary be reserved.
  2. You are notified of the physical address of your requested space.
  3. You delver the the binary bytes you designed to fill the reserved space.
Once the bytes are returned your Agent can remove the job from its work schedule. Job done, payment received, another happy customer with a shiny ADD instruction designed into their project binary.
Note:
  1. Observe how it is impossible for this ADD Agent to install a backdoor undetected by the client.
  2. Observe how the Agent isn’t linking a module, or using a HLL to express the binary instruction.
  3. Observe how with just a handful of predicates you have a working "Addition" Agent capable of designing the Addition Feature into a project with a wide range of collaboration agreements.
  4. Observe how this Agent could conceivably not even design-in an ADD instruction if one of the design time collaboration agreements was a literal "1" (It would design in an increment instruction). There is even a case where this Agent may not deliver any binary to build its feature into your project!
24. How does EC arrive at a project binary without writing source code?
Devs using EC combine features to create solutions. They don't write code. EC devs contract Agents which design the desired features into their project for a fee. Emergent coding uses a domain specific contracting language (called pilot) to describe the necessary contracts. Pilot is not a general purpose language. As agents create their features by similarly combining smaller features contracted from peer, your desired features may inadvertently result in thousands of contracts. As it is agents all the way down, there is no source code to create the project binary.
Traditional: Software requirements -> write code -> compile -> project binary (ELF).
Emergent coding: Select desired features -> contract agents -> project binary (ELF).
Agents themselves are created the same way - specify the features you want your agent to have, contract the necessary agents for those features and viola - agent project binary (ELF).
25. How does the actual binary code that agents deliver to each other is written?
An agent never touches code. With emergent coding, agents contribute features to a project, and leave the project binary to emerge as the higher-order complexity of their collective effort. Typically, agents “contribute” their feature by causing smaller features to be contributed by peers, who in turn, do likewise. By mapping features to smaller features delivered by these peers, agents ensure their feature is delivered to the project without themselves making a direct code contribution.
Peer connections established by these mappings serve to both incrementally extend a temporary project “scaffold” and defer the need to render a feature as a code contribution. At the periphery of the scaffold, features are so simple they can be rendered as a binary fragment with these binary fragments using the information embodied by the scaffold to guide the concatenation back along the scaffold to emerge as the project binary - hence the term Emergent Coding.
Note the scaffold forms a temporary tree-like structure which allows virtually all the project design contracts to be completed in parallel. The scaffold also automatically limits an agent's scope to precisely the resources and site for their feature. It is why it is virtually impossible for an agent to install a "back door" or other malicious code into the project binary.
submitted by nlovisa to EmergentCoding [link] [comments]

ETH News/Dapp Compilation

Hi guys. This is a list I started just recently for personal use to keep track of all the great news we’ve gotten recently for Ethereum. I’m trying my best to categorize the articles by either what type of industry ETH is helping, or how ETH is being helped (Infrastructure section).
It is in no way a comprehensive list and I’d like to open it up to everyone here to contribute/pick apart. I’ve got an idea for basically an “onboarding packet” for Ethereum that will include a rundown of all this stuff, some defi growth stats, list of popular dapps, user guide for Metamask (None of which will come from me but will be compiled all into one place for the benefit of newbs).
I think any non-believer who reads all of the articles in this list, or even just the snippets I included, would be hard pressed to say “ETH isn’t used” or “crypto is a scam” …unless they are just a total moron. Apologies for bad formatting.
Charity/utilitarianism:
https://www.coindesk.com/oxfam-trials-delivery-of-disaster-relief-using-ethereum-stablecoin-dai “Oxfam has previously distributed help to Vanuatu villagers using cash, but the time taken for ID checks and bank visits was an obstacle, the charity representative said. Onboarding a new user for cash aid took around an hour, signing up for a DAI card takes six minutes, Micky wrote. Plus, it made the whole process more transparent.”
Infrastructure:
http://hitcryptonews.com/2019/04/17/ernst-young-ey-unveils-ethereum-blockchain-based-nightfall-protocol/
private UK tax/audit company with over 35 Billion in revenue "Instead of developing a private iteration, EY has announced that its Nightfall protocol will run on top of the public Ethereum network. Further, the multi-national accounting conglomerate has taken a unique strategy to intellectual property. The company said that it will not only open-source the protocol code but also put it in the public domain with absolutely no license at all."
https://blog.cloudflare.com/cloudflare-ethereum-gateway/
"Today, as part of Crypto Week 2019, we are excited to announce Cloudflare's Ethereum Gateway, where you can interact with the Ethereum network without installing any additional software on your computer."
https://www.coindesk.com/microsoft-ethereum-group-launch-token-building-kit-for-enterprises Microsoft launches a kit for businesses to build their own public Ethereum tokens.
https://www.coindesk.com/samsung-unveils-cryptocurrency-wallet-dapps-for-galaxy-s10-phone
“According to a report from CoinDesk Korea published Sunday, the Samsung Blockchain Wallet is currently compatible only with ether (ETH) and ethereum-based ERC20 tokens. Bitcoin is not yet supported, despite the logo appearing on earlier pre-release presentation images.”
https://www.coindesk.com/operas-browser-with-built-in-crypto-wallet-launches-for-iphones
“Dapps can be accessed by typing their address directly in the browser, avoiding the need to use third-party extensions” https://www.bitcoinisle.com/2019/04/05/ethereum-eth-former-white-house-deputy-ctos-blockchain-startup-raises-3-7m-in-seed-funding/ Former whitehouse Chief Technology Officer raising money for an Ethereum side-chain. The chain WILL use the public chain as a final authority, so not just another private chain.
https://cointelegraph.com/news/big-four-auditing-firm-pwc-releases-cryptocurrency-auditing-software
Per the release, the tool newly added to PwC’s Halo auditing suite can be used to “provide assurance services for entities engaging in cryptocurrency transactions.” The firm claims that, with the new addition, the Halo suite permits PwC to provide independent evidence of private-public key pairing (to establish crypto asset ownership), and gather information about transactions and balances from blockchains.
Supply Chain/Logistics:
https://decrypt.co/7621/farmer-trials-blockchain-supply-chain-app-says-its-better-than-excel
“With a spreadsheet, you have to take the farmers’ word on faith. But Treum provides a timestamp and a geolocation—tied to a specific, pre-selected field—that demonstrates, irrevocably, that the crop was grown where the farmer said it was grown. This data is then transferred, in the form of a single token, to the Ethereum network, where it cannot be overwritten.”
https://www.thedrinksbusiness.com/2019/06/idealwine-launches-authentication-tool/
"Cyrille Jomand, iDealwine’s CEO, said: “Bottles verified by iDealwine are equipped with an inviolable RFID TAG which permanently guarantees the link between the bottle of wine and the information contained and transferred in the blockchain.”
Finance:
https://www.forbes.com/sites/hanktucke2019/06/17/polish-bank-alior-uses-public-ethereum-blockchain-for-new-document-authentication-feature/#120959f244a6
"Societe Generale, a major French investment bank, issued a $112 million bond in security tokens on the public ethereum blockchain in April, but Alior’s management believes it is the first bank to use a public blockchain for a direct customer service solution"
"Customers can search documents they have received on Alior’s servers and browse their history to find where those documents are located on the (Ethereum) blockchain to ensure that they have not been changed by the bank since they were published."
http://fintechnews.sg/31826/blockchain/worlds-first-traditional-equity-shares-on-the-blockchain-blueshare-launches-in-singapore/ The token/share ratio is 1:1, meaning that 1 security token is backed by 1 Equity Capital Participation Share. Investments are accepted both in fiat and cryptocurrencies – Euro, Bitcoin, Ether, and Tether. The token sale started on May 6, 2019. The funds raised under the proposed security token offering will be used as a direct investment into the company’s mining and exploration concessions.
https://finance.yahoo.com/news/iceland-financial-regulator-approves-blockchain-190100164.html "Reykjavik-based Monerium, backed by blockchain software company ConsenSys, has reportedly been approved by the Icelandic financial watchdog to provide fiat payment services using ethereum (ETH) blockchain"
https://www.forbes.com/sites/stevenehrlich/2019/06/19/metlife-plans-to-disrupt-2-7-trillion-life-insurance-industry-using-ethereum-blockchain/#1dd36d002770 MetLife is utilizing the live public Ethereum blockchain to add transparency and efficiency to the claims process. In what is believed to be the first pilot program in the world focused on the life insurance industry, MetLife’s Singapore-based incubator LumenLab is collaborating with Singapore Press Holdings (SPH) and NTUC Income (Income) on a platform of smart contracts known as ‘Lifechain’ to help loved ones quickly determine if the deceased was protected with a policy and automatically file a claim.
Novelty/Games/Collectibles:
https://en.businesstimes.cn/articles/113719/20190614/ubisoft-may-soon-have-ethereum-in-game-items-and-blockchain-games.htm "The associate manager at Ubisoft, Anne Puck, added: "We think that blockchain has the potential to transform the gaming experience and even maybe to empower players as true stakeholders in their worlds. That's why our job is to accelerate the integration of blockchain at Ubisoft with this initiative." Ubisoft will likely enable in-game or in-app purchases via the Ethereum network. It is worth noting that the company has not clearly stated that any form of digital currency will be used for any such purchases. "
https://finance.yahoo.com/news/austria-post-launches-crypto-stamp-132010928.html "The “Crypto Stamp” is the first use case for non-fungible tokens launched by a government so far, making it a milestone. The pilot’s success will help determine the future for NFTs, which can now be issued across multiple Ethereum token standards."
https://coinjournal.net/japans-first-blockchain-game-crypt-oink-expands-to-english-speaking-markets-partners-with-cryptokitties/ "Created by Japan-based developer Good Luck 3, Crypt-Oink is a decentralized application (DApp) running on the Ethereum network. The game lets users breed, collect and trade digital racing pigs called Cryptons."
Data/Identity Management:
https://www.forbes.com/sites/rachelwolfson/2019/06/25/ibm-orbs-consensys-work-together-on-global-blockchain-settlement-platform-for-telecoms/#498d66c4782c “In particular for this project, we propose solutions for the "transaction orchestration layer," and decentralized identities for participants in the network, solutions that have already been deployed successfully on Ethereum, and can integrate with other DLTs."
List of actually useful/cool Ethereum Apps(Some are Dapps others just involve ETH):
https://app.compound.finance/# Lending/borrowing ETH and ETH tokens. No fixed lending periods and interest is generated in real time (Every block I think– roughly ten seconds)
https://cdp.makerdao.com/ Mint DAI against your Ether.
https://www.augur.net/ Create a betting market for anything you can imagine. Use https://predictions.global/ to view current markets without downloading the client.
https://kyberswap.com Trade ETH tokens right from your Metamask account without having to deposit/withdrawal to an exchange.
https://godsunchained.com/ Buy trading cards for the first AAA quality hearthstone-esque Ethereum card game where your cards are tokens in your wallet and are freely tradeable (Or at least they will be once the game is out of Beta…)
https://trade.dydx.exchange/ Decentralized leverage trading right from your Metamask wallet.
Other Utilities and Resources:
https://etherscan.io Block explorer. Use this to check out your ETH address, smart contract addresses, spy on whales addresses, etc.
https://www.ethgasstation.info/ Check current gas prices and transaction speeds.
https://github.com/ethereumbook/ethereumbook This is the github version of “Mastering Ethereum” Which goes over the basics of how Ethereum works with smart contracts and nodes and whatnot. It’s actually easier to follow along with than you’d think. Can also buy the PDF version on Amazon.
submitted by hello_again_world to ethtrader [link] [comments]

[Announcement] PayButton.cash pre-release launch. Host a paybutton on your site with just snippet of code. Convert 160+ currencies to BCH LIVE. Fully hosted on github. @ThePayButton

PayButton.cash is pleased to announce our pre-release launch and testing phase!

All that is needed to host a paybutton on any site is the following snippet of code:

 
with button attribute
success-callback="" 
set to
success-callback="woot" 
will return txid
or even
 
Thanks to the badger wallet and bitcoin.com teams. A lot of the credit goes to them for making all of this possible.
submitted by SouperNerd to btc [link] [comments]

Looking to Exchange Crypto? Try OnePageX!

OnePageX: The Game Changer Through Efficient Simplicity
📷
OnePageX is the short for OnePageExchange. The name pretty much speaks for itself. A cryptocurrency exchange on a single page! OnePageX pretty much triumphs over the complex exchanges with the simplicity of a single page which offers as much as any exchange and even better. Core to the values of OnePageX is the belief that greatness does not have to come at the cost of complexity and so it achieves the prized greatness while still remaining as simple as possible.
While remaining as simple as possible and borne out of this simplicity, OnePageX offers the following advantages;

  1. A Simple Interface for Exchange
📷
Far from the intimidating interface of many exchanges, OnePageX offers a relatively easy to navigate interface that makes for easy exchange of cryptocurrencies. OnePageX currently offers the ability to exchange Bitcoin which the most popular cryptocurrency into more than 140 others all on a single page. This simplicity of navigation and interface would sure gain a lot more crypto adopters hence the ability to easily comprehend even by amateurs.
  1. No Registrations Required.
📷
Well, for me and am sure most others, what really turns me off and takes me off a particular web page is when I am asked to sign up for anything. Registrations suck! They really do when you might even have to supply private information such as in the KYC procedure required by most top exchanges. OnePageX removes the need for sign ups and enables a user to quickly exchange his assets. OnePageX achieves this by creating sessions whenever a user initiates an exchange such that such a user only has to bookmark the page or rather copy the link in order to be checking up on his transaction.
3. The Largest Collection of Options Yet Available.
When you have an insatiable hunger for the perfect, you can only be better. OnePageX has the biggest collection of cryptocurrencies to which users can exchange their Bitcoin and still plans on adding more with our dear steem too in the works. A large availability of different cryptocurrencies can only rake in more users whose interests are as dynamic.
Lets Go To the Crux of the Matter — Exchanging With OnepageX.
Exchanging Cryprocurrency through OnePageX is relatively very easy and time saving. It consists of three major steps. These are explained below;
1. Visit OnePageX And Choose Assets to Convert
In order to use the OnePageX, one has to first of all visit the exchange site. At the very top one would see an image as shown below. Hence OnepageX only supports exchange from bitcoin into other altcoins now. You can simply just enter the amount of bitcoin you want to exchange into an altcoin.
2. After Choosing Assets, Enter A Withdrawal Address
After chosing the altcoin one wants to exchange bitcoin into. The next step is to enter the address of the wallet of the altcoin where one wants it to be deposited. However, one should be careful to input the wallet address correctly.3. Clicking On “Start Exchange” to Start the Process
After inputing the withdrawal wallet of the desired altcoin one wants to exchange, the next step which is as simple as all of the foregoing is to click the “start exchange” bar. From then, the transaction is initiated and will be completed in a short while.
An Unbeatable User Experience
📷OnePageX UX = ;<)
When it comes to the vast terrain of the online web, the websites which get the most visits are those that offer users an unforgettable user experience thus making them want to always come back and use the site to carry out their transactions or simply read that news article. On the other hand, sites which give users a tough time navigating such sites by reason of their complexity or incessant and unsolicited ads usually consistently lose even the most commited of their users.
OnePageX recognizes the importance of an excellent user experience and so has designed its site to offer users an incredible user experience. A user experience that would make one always want to come back and carry out more transactions.
The question is, where else can you exchange crypto in just less that 10 clicks?
The answer is nowhere else but OnePageX!
The Multi Transaction Function
📷
OnePageX for the sakes of efficiency and user satisfaction allows users to make multiple transactions from one single page. Now the question is, How do i do this? Relax the answer is pretty much simple. All you have to do is bookmark your transaction page and you can always come back to the transaction card for more transactions. Easy and Simple.
Enabling Unrivaled Ease of Conversion: The Onebox Widget.
📷
Innovation is what drives the hand of history. OnePageX’s Onebox widget is one such innovation. The Onebox Widget is a snippet code that allows for the conversion of cryptocurrency from any website whatsoever. It surfeits to say that the Onebox is one tool that adds to OnePageX’s efficiency and the ability to quickly exchange cryptocurrency. For those who saw the exchange process as cumbersome, Onebox offers a distinctively different experience of ease and simplicity which will not only drive mass adoption by encouraging many to enter crypto space but would also enable website owners to provide a tool for exchange right on their own sites without having to leave it.
Conclusion
Once man has set out in any endeavour, his primary aim remains to develop what he does and to bring it to the best standards the best brains can think of at a particular time. It is with this ideology that man has risen from wandering on foot to travelling by air and lighting coal fires to finding electricity. The cryptocurrency exchange sector, is no different. It is a human endeavour which deserves to be developed to the best that can be. Today, OnePageX which is simple, fast, anonymous, is that best that can be.
For More Information, Check Out These Sources;
· OnepageX Website
· OnePageX Steemit
· OnePageX Twitter
· OnePageX Medium
· OnePageX Reddit
submitted by Blezdben to cateredcontent [link] [comments]

BEWARE all ICOs and ICO issuers!!!!! Part 1

BEWARE all ICOs and ICO issuers!!!!! Part 1
To see article with images, please visit Medium post.
Luvdub Coin recently made a public announcement for our airdrop and in less than 1 week, received submissions ranging in the thousands despite our intense KYC-AML procedure.
At this time, I felt compelled to write an article due to the alarming frequency of fraudulent activity and stolen data our verification team has witnessed in these past few days.
This article will be broken into 2 posts.
1) Why ICO participants should AVOID ICOs unless they ABSOLUTELY TRUST the issuer.
2)What ICO issuers need to be aware of.
This is by all means not a comprehensive list and I do not suggest that you rely solely on this article to make any decision that may have an impact on your privacy, security, or life. I, nor anyone at Luvdub Coin or Luvdub Nation Inc. can be held responsible for what you do with the information provided. You are the only person who can make sure your data and privacy is safe.
Why ICO participants should AVOID ICOs unless they ABSOLUTELY TRUST the issuer.
It seems that a majority of the stolen data come from Southeast Asia (Vietnam, Thailand, etc.), South Asia/Middle East (India, Pakistan, etc.), Africa, South America, and Russia. This does not mean that other countries aren’t affected but the statistics skew towards these regions.
I IMPLORE you to avoid ICOs unless you absolutely, 100% positively know who you’re dealing with. If you choose to disregard my warnings and would still like to participate in ICOs/airdrops, here are some things to consider.
  1. Just because a site has a Green trust lock to display that they are serving content over TLS (Transport Layer Security) doesn’t mean you should trust the site. All it means is that people from outside the network cannot peer into the information being transmitted. This is still better than having no encryption at all but if the website owner mishandles your information or are outright looking to steal your data, you are SCREWED! Also realize that you can get SSL security (green trust lock/https)for free using a CDN provider.
  2. If you’re going to hand your money/cryptocurrency anywhere, the highest level of authentication is to go with a Positive EV SSL Certificate (Extended Validation Certificate). This means the website owner has to provide their company details to a third party and get authenticated which would then show their name in the URL browser. Bear in mind, the custodians of the site/ICO are still responsible for your funds/personal information. You still must perform your due diligence regardless because having a Positive EV SSL Certificate doesn’t mean that they can’t mess up or steal your data. *Cough* Yahoo *Cough*
  3. Oh, but they have over 20k Telegram members! It must be real! This number means squat! People can buy Telegram users, Facebook likes, Twitter retweets, etc. What really matters is the level of activity on their social media channels. Check their reddit, their BitcoinTalk, their Telegram channel activity. If it appears that the ICO issuer is spamming their own channels with posts and nonsense, then they’re hiding something. Be very wary of ICOs that are constantly updating with a countdown or having casual conversation. When you’re having a busy ICO, your time is limited between development, community management, regulation, legal matters, etc.
  4. But, they have pictures of developers and investors! This is nonsense. Anyone can put up pictures with positions that they feel makes their project looks great. The only real way to tell if it’s a legitimate team is to have an outside source verify their credentials. And no, this doesn’t mean Linkedin with their bought connections but checking any professional licenses or reviewing previous projects. For example, if a Doctor is on the team, I would refer to their country’s agency that provides the professional license to cross reference their name or if they are a developer, I would go and review their previous work. Maybe the ICO company has been incorporated for a few years and can be searched using a government database or the ICO founders have performed several speaking engagements for large crowds.
  5. If they only have a white paper, I would be highly skeptical. Unless their code is open source or they disclose snippets in which you are able to verify, I would be extremely cautious. Don’t let all the fancy images of their “vision” fool you either. Think, if an ICO talks more about the possibilities instead of the product, I would stay away. Show me the product/design!!!
  6. "But I get 25% off if I buy in the first 2 days!" This is a HUGEEEEEEEEE red flag. DO NOT, I REPEAT, DO NOT participate in any ICOs that offer you a huge discount/free tokens at decreasing intervals. That means getting 25% free tokens when you buy on day 1 & 2, 20% free tokens day 3 & 4, 15% tokens day 5 & 6, etc. This is a marketing tactic used to pressure you into purchasing early. Think about it. If their ICO/token is going to be valuable, why would they discount it by so much? If you were buying in bulk(private sale), Ok, maybe that might be a good reason for a percentage of free tokens/discounts but when you’re time bound? You’re dealing with marketers who are going to run away with your money and give you worthless junk in return. DO NOT DEAL WITH THESE PEOPLE.
  7. If an ICO says here’s a little competition, who can be the best!?! The top 5 will get a prize?!?! Stay AWAYYY WITH A TEN FOOT POLE!!!! Who wins in this competition? No one but the ICO issuer because they were able to harness your competitive spirit with your hopes/dreams of being wealthy all while handing you worthless junk. Developers should be focused on their product, not marketing BS just to extract as much value from you. Don’t give away your money. You might as well donate it to charity to make the world a better place.
  8. Any ICO issuer who deals with residents within the European Union must comply with GDPR (General Data Protection Regulation). Essentially, this means that they must require consent from their users, provide users’ with the right to have their data erased, limit data handling, disclose breaches, and a plethora of other rules. If the ICO has no mention of their private practices, STAY AWAY FROM THEM! Even better, see how they handle individuals in their chat groups. Do they show concern for privacy and data? That’s a tell tale sign.
  9. If an ICO is emailing you constantly over and over with little to no substance, STAY AWAY FROM THEM! There is no reason for an ICO to be constantly messaging you if they have no development progress to be discussed or important ICO dates to be publicized. No, a message from the CEO to say hello! or to speak of some grand utopian vision does not cut it. If you get any mail, it should be worthwhile to you and provide ICO participants with new information or the occasional reminder. When you are spammed, this is how ICOs try to blind you with the allure of the “grand vision”. Did you realize you were constantly getting email, notifications, pinned messages, etc.? You NEED to get out. ASAP
  10. If for whatever reason you do believe in an ICO and wish to participate, please protect yourself at all costs. Consider water marking your photo stating that your photo should only be used for whatever ICO URL. Also consider criss crossing lines across the image to prevent scammers from cropping out your text. Do everything in your power to stay safe. Use VPNs, tertiary emails, different BTC addresses or Eth addresses.
I apologize if I turn some people off but data theft has become too rampant within the current cryptocurrency/ICO environment and we had to do something about it. It is our belief that cryptocurrency can help bring individuals out of poverty and maintain honesty in transactions. However, the current activity of stealing data from innocent victims is detrimental to the mass adoption of cryptocurrency and we all must do something together to fix it. Please help spread the word and let us all make a standard together for all ICO issuers and participants to follow.
This has been the first part of my ICO ramble. Check out the second part at What ICO issuers need to be aware of.
GET INVOLVED at www.luvdubcoin.com
Also check out our other sites:
Telegram | Facebook | Github | White Paper | Youtube | Reddit | Twitter | BitcoinTalk | Medium
Security Reminder!
*Always look for the Luvdub Nation Inc. green security trust lock in your browser before submitting any information online.
submitted by luvdubnation to altcoin [link] [comments]

Blowing the lid off the CryptoNote/Bytecoin scam (with the exception of Monero) - Reformatted for Reddit

Original post by rethink-your-strategy on Bitcointalk.org here
This post has been reformatted to share on Reddit. What once was common knowledge, is now gone. You want a quality history lesson? Share this like wildfire.
August 15, 2014, 08:15:37 AM

Preamble

I'd like to start off by stating categorically that the cryptography presented by CryptoNote is completely, entirely solid. It has been vetted and looked over by fucking clever cryptographers/developers/wizards such as gmaxwell. Monero have had a group of independent mathematicians and cryptographers peer-reviewing the whitepaper (their annotations are here, and one of their reviews is here), and this same group of mathematicians and cryptographers is now reviewing the implementation of the cryptography in the Monero codebase. Many well known Bitcoin developers have already had a cursory look through the code to establish its validity. It is safe to say that, barring more exotic attacks that have to be mitigated over time as they are invented/discovered, and barring a CryptoNote implementation making rash decisions to implement something that reduces the anonymity set, the CryptoNote currencies are all cryptographically unlinkable and untraceable.
Two other things I should mention. I curse a lot when I'm angry (and scams like this make me angry). Second, where used my short date format is day/month/year (smallest to biggest).
If you find this information useful, a little donation would go a long way. Bitcoin address is 1rysLufu4qdVBRDyrf8ZjXy1nM19smTWd.

The Alleged CryptoNote/Bytecoin Story

CryptoNote is a new cryptocurrency protocol. It builds on some of the Bitcoin founding principles, but it adds to them. There are aspects of it that are truly well thought through and, in a sense, quite revolutionary. CryptoNote claim to have started working on their project years ago after Bitcoin's release, and I do not doubt the validity of this claim...clearly there's a lot of work and effort that went into this. The story as Bytecoin and CryptoNote claim it to be is as follows:
They developed the code for the principles expressed in their whitepaper, and in April, 2012, they released Bytecoin. All of the copyright messages in Bytecoin's code are "copyright the CryptoNote Developers", so clearly they are one and the same as the Bytecoin developers. In December 2012, they released their CryptoNote v1 whitepaper. In September 2013, they released their CryptoNote v2 whitepaper. In November 2013, the first piece of the Bytecoin code was first pushed to Github by "amjuarez", with a "Copyright (c) 2013 amjuarez" copyright notice. This was changed to "Copyright (c) 2013 Antonio Juarez" on March 3rd, 2014. By this juncture only the crypto libraries had been pushed up to github. Then, on March 4th, 2014, "amjuarez" pushed the rest of the code up to github, with the README strangely referring to "cybernote", even though the code referred to "Cryptonote". The copyrights all pointed to "the Cryptonote developers", and the "Antonio Juarez" copyright and license file was removed. Within a few days, "DStrange" stumbled across the bytecoin.org website when trying to mine on the bte.minefor.co.in pool (a pool for the-other-Bytecoin, BTE, not the-new-Bytecoin, BCN), and the rest is history as we know it. By this time Bytecoin had had a little over 80% of its total emission mined.

Immediate Red Flags

The first thing that is a red flag in all of this is that nobody, and I mean no-fucking-body, is a known entity. "Antonio Juarez" is not a known entity, "DStrange" is not a known entity, none of the made up names on the Bytecoin website exist (they've since removed their "team" page, see below), none of the made up names on the CryptoNote website exist (Johannes Meier, Maurice Planck, Max Jameson, Brandon Hawking, Catherine Erwin, Albert Werner, Marec Plíškov). If they're pseudonyms, then say so. If they're real names, then who the fuck are they??? Cryptographers, mathematicians, and computer scientists are well known - they have published papers or at least have commented on articles of interest. Many of them have their own github repos and Twitter feeds, and are a presence in the cryptocurrency community.
The other immediate red flag is that nobody, and I mean no-fucking-body, had heard of Bytecoin. Those that had heard of it thought it was the crummy SHA-256 Bitcoin clone that was a flop in the market. Bytecoin's claim that it had existed "on the deep web" for 2 years was not well received, because not a single vendor, user, miner, drug addict, drug seller, porn broker, fake ID card manufacturer, student who bought a fake ID card to get into bars, libertarian, libertard, cryptographer, Tor developer, Freenet developer, i2p developer, pedophile, or anyone else that is a known person - even just known on the Internet - had ever encountered "Bytecoin" on Tor. Ever. Nobody.

Indisputable Facts

Before I start with some conjecture and educated guesswork, I'd like to focus on an indisputable fact that obliterates any trust in both Bytecoin's and CryptoNote's bullshit story. Note, again, that I do not doubt the efficacy of the mathematics and cryptography behind CryptoNote, nor do I think there are backdoors in the code. What I do know for a fact is that the people behind CryptoNote and Bytecoin have actively deceived the Bitcoin and cryptocurrency community, and that makes them untrustworthy now and in the future. If you believe in the fundamentals in CryptoNote, then you need simply use a CryptoNote-derived cryptocurrency that is demonstrably independent of CryptoNote and Bytecoin's influence. Don't worry, I go into this a little later.
So as discussed, there were these two whitepapers that I linked to earlier. Just in case they try remove them, here is the v1 whitepaper and the v2 whitepaper mirrored on Archive.org. This v1/v2 whitepaper thing has been discussed at length on the Bytecoin forum thread, and the PGP signature on the files has been confirmed as being valid. When you open the respective PDFs you'll notice the valid signatures in them:
signature in the v1 whitepaper
signature in the v2 whitepaper
These are valid Adobe signatures, signed on 15/12/2012 and 17/10/2013 respectively. Here's where it gets interesting. When we inspect this file in Adobe Acrobat we get a little more information on the signature
.
Notice the bit that says "Signing time is from the clock on the signer's computer"? Now normally you would use a Timestamp Authority (TSA) to validate your system time. There are enough public, free, RFC 3161 compatible TSAs that this is not a difficult thing. CryptoNote chose not do this. But we have no reason to doubt the time on the signature, right guys? crickets
.
See these references from the v1 whitepaper footnotes? Those two also appear in the v2 whitepaperth. Neither of those two footnotes refer to anything in the main body of the v1 whitepaper's text, they're non-existent (in the v2 whitepaper they are used in text). The problem, though, is that the Bitcointalk post linked in the footnote is not from early 2012 (proof screenshot is authentic: https://bitcointalk.org/index.php?topic=196259.0)
.
May 5, 2013. The footnote is referencing a post that did not exist until then. And yet we are to believe that the whitepaper was signed on 12/12/2012! What sort of fucking fools do they take us for?
A little bit of extra digging validates this further. The document properties for both the v1 whitepaper as well as the v2 whitepaper confirms they were made in TeX Live 2013, which did not exist on 12/12/2012. The XMP properties are also quite revealing
XMP properties for the v1 whitepaper
XMP properties for the v2 whitepaper
According to that, the v1 whitepaper PDF was created on 10/04/2014, and the v2 whitepaper was created on 13/03/2014. And yet both of these documents were then modified in the past (when they were signed). Clearly the CryptoNote/Bytecoin developers are so advanced they also have a time machine, right?
Final confirmation that these creation dates are correct are revealed those XMP properties. The properties on both documents confirm that the PDF itself was generated from the LaTeX source using pdfTeX-1.40.14 (the pdf:Producer property). Now pdfTeX is a very old piece of software that isn't updated very often, so the minor version (the .14 part) is important.
.
pdfTeX 1.40.14 pushed to source repo on Feb 14, 2014
.
This version of pdfTeX was only pushed to the pdfTeX source repository on February 14, 2014, although it was included in a very early version of TeX Live 2013 (version 2013.20130523-1) that was released on May 23, 2013. The earliest mentions on the Internet of this version of pdfTeX are in two Stack Exchange comments that confirm its general availability at the end of May 2013 (here and here).
The conclusion we draw from this is that the CryptoNote developers, as clever as they were, intentionally deceived everyone into believing that the CryptoNote whitepapers were signed in 2012 and 2013, when the reality is that the v2 whitepaper was created in March, 2014, and the v1 whitepaper haphazardly created a month later by stripping bits out of the v2 whitepaper (accidentally leaving dead footnotes in).
Why would they create this fake v2 whitepaper in the first place? Why not just create a v1 whitepaper, or not even version it at all? The answer is simple: they wanted to lend credence and validity to the Bytecoin "2 years on the darkweb" claim so that everyone involved in CryptoNote and Bytecoin could profit from the 2 year fake mine of 82% of Bytecoin. What they didn't expect is the market to say "no thank you" to their premine scam.

And Now for Some Conjecture

As I mentioned earlier, the Bytecoin "team" page disappeared. I know it exists, because "AtomicDoge" referred to it as saying that one of the Bytecoin developers is a professor at Princeton. I called them out on it, and within a week the page had disappeared. Fucking cowards.
That was the event that triggered my desire to dig deeper and uncover the fuckery. As I discovered more and more oddities, fake accounts, trolling, and outright falsehoods, I wondered how deep the rabbit hole went. My starting point was DStrange. This is the account on Bitcointalk that "discovered" Bytecoin accidentally a mere 6 days after the first working iteration of the code was pushed to Github, purely by chance when mining a nearly dead currency on a tiny and virtually unheard of mining pool. He has subsequently appointed himself the representative of Bytecoin, or something similar. The whole thing is so badly scripted it's worse than a Spanish soap opera...I can't tell who Mr. Gonzales, the chief surgeon, is going to fuck next.
At the same time as DStrange made his "fuck me accidental discovery", another Bitcointalk account flared up to also "accidentally discover this weird thing that has randomly been discovered": Rias. What's interesting about both the "Rias" and "DStrange" accounts are their late 2013 creation date (October 31, 2013, and December 23, 2013, respectively), and yet they lay dormant until suddenly, out of the blue, on January 20th/21st they started posting. If you look at their early posts side by side you can even see the clustering: Rias, DStrange.
At any rate, the DStrange account "discovering" Bytecoin is beyond hilarious, especially with the Rias account chiming in to make the discovery seem natural. Knowing what we unmistakably do about the fake CryptoNote PDF dates lets us see this in a whole new light.
Of course, as has been pointed out before, the Bytecoin website did not exist in its "discovered" form until sometime between November 13, 2013 (when it was last captured as this random picture of a college girl) and February 25, 2014 (when it suddenly had the website on it as "discovered"). This can be confirmed by looking at the captures on Wayback Machine: https://web.archive.org/web/*/http://bytecoin.org
The CryptoNote website, too, did not exist in its current form until after October 20, 2013, at which time it was still the home of an encrypted message project by Alain Meier, a founding member of the Stanford Bitcoin Group and co-founder of BlockScore. This, too, can be confirmed on Wayback Machine: https://web.archive.org/web/*/http://cryptonote.org
~It's hard to ascertain whether Alain had anything to do with CryptoNote or Bytecoin. It's certainly conceivable that the whitepaper was put together by him and other members of the Stanford Bitcoin Group, and the timeline fits, given that the group only formed around March 2013. More info on the people in the group can be found on their site, and determining if they played a role is something you can do in your own time.~
Update: Alain Meier posted in this thread, and followed it up with a Tweet, confirming that he has nothing to do with CryptoNote and all the related...stuff.

Batshit Insane

The Bytecoin guys revel in creating and using sockpuppet accounts. Remember that conversation where "Rias" asked who would put v1 on a whitepaper with no v2 out, and AlexGR said "a forward looking individual"? The conversation took place on May 30, and was repeated verbatim by shill accounts on Reddit on August 4 (also, screenshot in case they take it down).
Those two obvious sockpuppet/shill accounts also take delight in bashing Monero in the Monero sub-reddit (here are snippets from WhiteDynomite and cheri0). Literally the only thing these sockpuppets do, day in and day out, is make the Bytecoin sub-reddit look like it's trafficked, and spew angry bullshit all over the Monero sub-reddit. Fucking batshit insane - who the fuck has time for that? Clearly they're pissy that nobody has fallen for their scam. Oh, and did I mention that all of these sockpuppets have a late January/early February creation date? Because that's not fucking obvious at all.
And let's not forget that most recently the sockpuppets claimed that multi-sig is "a new revolutionary technology, it was discovered a short time ago and Bytecoin already implemented it". What the actual fuck. If you think that's bad, you're missing out on the best part of all: the Bytecoin shills claim that Bytecoin is actually Satoshi Nakamoto's work. I'm not fucking kidding you. For your viewing pleasure...I present to you...the Bytecoin Batshit Insane Circus:
.
https://bitcointalk.org/index.php?topic=512747.msg8354977#msg8354977
.
Seriously. Not only is this insulting as fuck to Satoshi Nakamoto, but it's insulting as fuck to our intelligence. And yet the fun doesn't stop there, folks! I present to you...the centerpiece of this Bytecoin Batshit Insane Circus exhibit...
.
Of course! How could we have missed it! The clues were there all along! The CryptoNote/Bytecoin developers are actually aliens! Fuck me on a pogostick, this is the sort of stuff that results in people getting committed to the loony bin.
One last thing: without doing too much language analysis (which is mostly supposition and bullshit), it's easy to see common grammar and spelling fuck ups. My personal favorite is the "Is it true?" question. You can see it in the Bytecoin thread asking if it's Satoshi's second project, in the Monero thread asking if the Monero devs use a botnet to fake demand, and in the Dashcoin thread confirming the donation address (for a coin whose only claim is that they copy Bytecoin perfectly, what the fuck do they need donations for??).

Layer After Layer

One of the things that happened soon after the Bytecoin "big reveal" was a string of forks popping up. The first was Bitmonero on April 18. Fantomcoin was launched May 6. Quazarcoin was launched May 8. HoneyPenny was announced on April 21, although only launched as Boolberry on May 17. duckNote was launched on May 30. MonetaVerde as launched June 17.
Now for some reason unbeknownst to anyone with who isn't a retarded fuckface, the Bytecoin code was pushed up to SourceForge on 08/04/2014 (the "Registered" date is at the bottom of the page). I have no idea why they did this, maybe it's to try and lend credence to their bullshit story (oh hey, look how old Bytecoin is, it's even on Sourceforge!)
Coincidentally, and completely unrelated (hurr durr), Quazarcoin, Fantomcoin, and Monetaverde are all also on Sourceforge. This gives us a frame of reference and a common link between them - it's quite clear that at least these three are run by the same team as CryptoNote. There is further anecdotal evidence that can be gathered by looking at the shill posts in the threads (especially the way the Moneteverda shills praise merge mining, in a way that is nearly fucking indistinguishable from the Bytecoin praise for multi-sig technology).
QuazarCoin is a special case and deserves a little attention. Let's start with OracionSeis, who launched it. He's well known on Bitcointalk for selling in-game currencies. In that same thread you'll notice this gem right at the end from Fullbuster: "Hey,OracionSeis is no longer under my use so please https://bitcointa.lk/threads/selling-most-of-the-game-currencies.301540/#post-5996983 come into this thread! thank you !" Click through to his new link and Fullbuster clarifies: "Hello, I may look new around here but i've sold my first account and created new one and i have an intention to keep the same services running as my first account did." So now that we know that OracionSeis is a fucking bought account, we can look at his actions a little more critically.
On May 7, just when Monero was being taken back by the community (see below), OracionSeis out of the blue decided to take it overelaunch it himself. This included a now-defunct website at monero.co.in, and a since-abandoned Github. The community pushed back hard, true to form, with hard-hitting statements such as "To reiterate, this is not the original devs, and thus not a relaunch. OP, fuck you for trying this. This should warrant a ban." A man after my own heart. OracionSeis caved and decided to rename it to...QuazarCoin, which launched on May 8. To recap: bought account, launched by trying to "relaunch" Monero, got fucked up, renamed it to QuazarCoin. Clearly and undeniably goes in our pile of fuckface coins.
The other three are a little more interesting. Let's start with ~fuckNote~duckNote. It's hard to say if duckNote is a CryptoNote/Bytecoin project. The addition of the HTML based wallet is a one-trick pony, a common thread among most of the CryptoNote/Bytecoin controlled coins, but that could also be the result of a not-entirely-retarded developer. Given the shill posts in the duckNote thread I'm going to flag it as possibly-controlled-by-the-fuckface-brigade.
And now we come to ~HoneyPenny~ ~MoneyPenny~ ~HoneyBerry~ ~Boolean~ Boolberry. This is an interesting one. This was "pre-announced" on April 21, although it was only released with the genesis block on May 17. This puts it fourth in line, after Fantomcoin and Quazarcoin, although fucktarded proponents of the shittily-named currency insist that it was launched on April 21 because of a pre-announcement. Fucking rejects from the Pool of Stupidity, some of them. At any rate, "cryptozoidberg" is the prolific coder that churned out a Keccak-derived PoW (Wild Keccak) in a month, and then proceeded to add completely fucking retarded features like address aliasing that requires you to mine a block to get an address (lulz) and will never cause any issues when "google" or "obama" or "zuckerberg" want their alias back. Namecoin gets around this by forcing you to renew every ~200 - 250 days, and besides, nobody is making payments to microsoft.bit. This aliasing system is another atypical one-trick-pony that the CryptoNote developers push out and claim is monumental and historical and amazing.
There's also the matter of cryptozoidberg's nickname. In the Bytecoin code there's the BYTECOIN_NETWORK identifiert, which according to the comment is "Bender's nightmare" (hurr durr, such funny, 11100111110001011011001210110110 has a 2 in it). Now this may be a little bit of conjecture, yo, but the same comment appears twice in the "epee" contributed library, once in the levin signature, and again in the portable storage signature. The contexts are so disconnected and different that it would be a fucking stretch to imagine that the same person did not write both of these. We can also rule out this being a Bytecoin-specific change, as the "Bender's nightmare" comments exist in the original epee library on githubw (which is completely unused anywhere on the planet except in Bytecoin, most unusual for a library that has any usefulness, and was first committed to github on February 9, 2014).
We know from the copyright that Andrey N. Sabelnikov is the epee author, and we can say with reasonable certainty that he was involved in Bytecoin's creation and is the dev behind Boolberry. Sabelnikov is quite famous - he wrote the Kelihos botnet code and worked at two Russian security firms, Microsoft took him to court for his involvement (accusing him of operating the botnet as well), and then settled with him out of court on the basis of him not running the botnet but just having written the code. Kelihos is a botnet that pumped out online pharmacy spam (you know the fucking annoying "Y-ou Ne3D Vi-4Gra!?" emails? those.) so it's good to see he transitioned from that to a cryptocurrency scam. Regardless of BBR's claim to have "fixed" CryptoNote's privacy (and the fake fight on Bitcointalk between the "Bytecoin devs" and cryptozoidberg), it's clear that the link between them is not transparent. BBR is either the brainchild of a spam botnet author that worked on Bytecoin, or it's the CryptoNote developers trying to have one currency distanced from the rest so that they have a claim for legitimacy. I think it's the second one, and don't want to enter into a fucking debate about it. Make up your own mind.
Which brings us to the oddest story of the bunch: Bitmonero. It's pretty clear, given its early launch date and how unfamiliar anyone was with creating a genesis block or working in completely undocumented code, that thankful_for_today is/was part of the CryptoNote developers. He made a fatal error, though: he thought (just like all the other cryptocurrencies) that being "the dev" made him infallible. Ya know what happened? He tried to force his ideas, the community politely said "fuck you", and Bitmonero was forked into Monero, which is leading the pack of CryptoNote-based coins today. Let me be perfectly fucking clear: it doesn't matter that the Bytecoin/CryptoNote developers know their code and can push stuff out, and it doesn't matter that Sabelnikov can shovel bullshit features into his poorly named cryptocurrency, and it doesn't matter that Monetaverde is "green" and has "merged mining". Nobody working behind these cryptocurrencies is known in the cryptocurrency community, and that alone should be a big fucking red flag. Monero is streets ahead, partly because of the way they're developing the currency, but mostly because the "core devs" or whatever they're called are made up of reasonably well-known people. That there are a bunch of them (6 or 7?) plus a bunch of other people contributing code means that they're sanity checking each other.
And, as we saw, this has fucking infuriated the Bytecoin/CryptoNote developers. They're so angry they waste hours and hours with their Reddit accounts trawling the Monero sub-reddit, for what? Nobody has fallen for their scam, and after my revelation today nobody fucking will. Transparency wins, everything else is bullshit.
As pointed out by canonsburg, when the Bytecoin/CryptoNote people realised they'd lost the fucking game, they took a "scorched earth" approach. If they couldn't have the leading CryptoNote coin...they'd fucking destroy the rest by creating a shit-storm of CryptoNote coins. Not only did they setup a thread with "A complete forking guide to create your own CryptoNote currency", but they even have a dedicated website with a fuckton of JavaScript. Unfortunately this plan hasn't worked for them, because they forgot that nobody gives a fuck, and everyone is going to carry on forking Bitcoin-based coins because of the massive infrastructure and code etc. that works with Bitcoin-based coins.
There are a bunch of other useless CryptoNote coins, by the way: Aeon, Dashcoin, Infinium-8, OneEvilCoin. We saw earlier that Dashcoin is probably another CryptoNote developer driven coin. However, this entire group is not really important enough, nor do they have enough potential, for me to give a single fuck, so make up your own mind. New CryptoNote coins that pop up should be regarded with the utmost caution, given the bullshit capabilities that we've already seen.

All Tied Up in a Bow

I want to cement the relationship between the major CryptoNote shitcoins. I know that my previous section had a lot of conjecture in it, and there's been some insinuation that I'm throwing everyone under the bus because I'm raging against the machine. That's not my style. I'm more of a Katy Perry fan..."you're going to hear me roar". There were some extra links I uncovered during my research, and I lacked the time to add it to this post. Thankfully a little bit of sleep and a can of Monster later have given me the a chance to add this. Let's start with an analysis of the DNS records of the CN coins.
If we look at the whois and DNS records for bytecoin.org, quazarcoin.org, fantomcoin.org, monetaverde.org, cryptonote.org, bytecoiner.org, cryptonotefoundation.org, cryptonotestarter.org, and boolberry.com, we find three common traits, from not-entirely-damming to oh-shiiiiiiit:
  1. There's a lot of commonality with the registrar (NameCheap for almost all of them), the DNS service (HurricaneElectric's Free DNS or NameCheap's DNS), and with the webhost (LibertyVPS, QHosteSecureFastServer.com, etc.)
  2. All of the CN domains use WhoisGuard or similar private registration services.
  3. Every single domain, without exception, uses Zoho for email. The only outlier is bitmonero.org that uses Namecheap's free email forwarding, but it's safe to disregard this as the emails probably just forward to the CryptoNote developers' email.
The instinct may be to disregard this as a fucking convenient coincidence. But it isn't: Zoho used to be a distant second go Google Apps, but has since fallen hopelessly behind. Everyone uses Google Apps or they just use mail forwarding or whatever. With the rest of the points as well, as far-fetched as the link may seem, it's the combination that is unusual and a dead giveaway of the common thread. Just to demonstrate that I'm not "blowing shit out of proportion" I went and checked the records for a handful of coins launched over the past few months to see what they use.
darkcoin.io: mail: Namecheap email forwarding, hosting: Amazon AWS, open registration through NameCheap monero.cc: mail: mail.monero.cc, hosting: behind CloudFlare, open registration through Gandi xc-official.com: mail: Google Apps, hosting: MODX Cloud, hidden registration (DomainsByProxy) through GoDaddy blackcoin.io: mail: Namecheap email forwarding, hosting: behind BlackLotus, open registration through NameCheap bitcoindark.org: mail: no MX records, hosting: Google User Content, open registration through Wix viacoin.org: mail: mx.viacoin.org, hosting: behind CloudFlare, closed registration (ContactPrivacy) through Hostnuke.com neutrinocoin.org: mail: HostGator, hosting: HostGator, open registration through HostGator
There's no common thread between them. Everyone uses different service providers and different platforms. And none of them use Zoho.
My next check was to inspect the web page source code for these sites to find a further link. If you take a look at the main CSS file linked in the source code for monetaverde.org, fantomcoin.org, quazarcoin.org, cryptonotefoundation.org, cryptonote-coin.org, cryptonote.org, bitmonero.org, and bytecoiner.org, we find a CSS reset snippet at the top. It has a comment at the top that says "/* CSS Reset /", and then where it resets/sets the height it has the comment "/ always display scrollbars */". Now, near as I can find, this is a CSS snipped first published by Jake Rocheleau in an article on WebDesignLedger on October 24, 2012 (although confusingly Google seems to think it appeared on plumi.de cnippetz first, but checking archive.org shows that it was only added to that site at the beginning of 2013). It isn't a very popular CSS reset snippet, it got dumped in a couple of gists on Github, and translated and re-published in an article on a Russian website in November, 2012 (let's not go full-blown conspiritard and assume this links "cryptozoidberg" back to this, he's culpable enough on his own).
It's unusual to the point of being fucking impossible for one site to be using this, let alone a whole string of supposedly unrelated sites. Over the past few years the most popular CSS reset scripts have been Eric Meyer's "Reset CSS", HTML5 Doctor CSS Reset, Yahoo! (YUI 3) Reset CSS, Universal Selector ‘’ Reset, and Normalize.css, none of which contain the "/ CSS Reset /" or "/ always display scrollbars */" comments.
You've got to ask yourself a simple question: at what point does the combination of all of these fucking coincidental, completely unusual elements stop being coincidence and start becoming evidence of a real, tenable link? Is it possible that bytecoin.org, quazarcoin.org, fantomcoin.org, monetaverde.org, cryptonote.org, bytecoiner.org, cryptonotefoundation.org, cryptonotestarter.org, and boolberry.com just happen to use similar registrars/DNS providers/web hosts and exactly the fucking same wildly unpopular email provider? And is it also possible that monetaverde.org, fantomcoin.org, quazarcoin.org, cryptonotefoundation.org, cryptonote-coin.org, cryptonote.org, and bytecoin.org just happen to use the same completely unknown, incredibly obscure CSS reset snippet? It's not a conspiracy, it's not a coincidence, it's just another piece of evidence that all of these were spewed out by the same fucking people.

The Conclusion of the Matter

Don't take the last section as any sort of push for Monero. I think it's got potential (certainly much more than the other retarded "anonymous" coins that "developers" are popping out like street children from a cheap ho), and I hold a bit of XMR for shits and giggles, so take that tacit endorsement with a pinch of fucking salt.
The point is this: Bytecoin's 82% premine was definitely the result of a faked blockchain. CryptoNote's whitepaper dates were purposely falsified to back up this bullshit claim. Both Bytecoin and CryptoNote have perpetuated this scam by making up fake website data and all sorts. They further perpetuate it using shill accounts, most notably "DStrange" and "Rias" among others.
They launched a series of cryptocurrencies that should be avoided at all cost: Fantomcoin, Quazarcoin, and Monetaverde. They are likely behind duckNote and Boolberry, but fuck it, it's on your head if you want to deal with scam artists and botnet creators.
They developed amazing technology, and had a pretty decent implementation. They fucked themselves over by being fucking greedy, being utterly retarded, being batshit insane, and trying to create legitimacy where there was none. They lost the minute the community took Monero away from them, and no amount of damage control will save them from their own stupidity.
I expect there to be a fuck-ton of shills posting in this thread (and possibly a few genuine supporters who don't know any better). If you want to discuss or clarify something, cool, let's do that. If you want to have a protracted debate about my conjecture, then fuck off, it's called conjecture for a reason you ignoramus. I don't really give a flying fuck if I got it right or wrong, you're old and ugly enough to make up your own mind.
tl;dr - CryptoNote developers faked dates in whitepapers. Bytecoin faked dates in fake blockchain to facilitate an 82% premine, and CryptoNote backed them up. Bytecoin, Fantomcoin, Quazarcoin, Monetaverde, Dashcoin are all from the same people and should be avoided like the fucking black plague. duckNote and Boolberry are probably from them as well, or are at least just fucking dodgy, and who the fuck cares anyway. Monero would have been fucking dodgy, but the community saved it. Make your own mind up about shit and demand that known people are involved and that there is fucking transparency. End transmission.
Just a reminder that if you found this information useful, a little donation would go a long way. Bitcoin address is 1rysLufu4qdVBRDyrf8ZjXy1nM19smTWd.
submitted by OsrsNeedsF2P to CryptoCurrency [link] [comments]

Buona spiegazione di meltdown & spectre.

Tl;dr: Ci sono due bug nella gestione di memoria di tutte le CPU in uso da 20 anni a questa parte. Il loro effetto è di permettere ad un processo in stato non privilegiato di leggere la memoria del kernel (Meltdown) e/o di un altro processo (Spectre). Questo si può usare (ad esempio) per fare un keylogger e leggere password, # di carta di credito etc. mentre vengono scritti. I possibili exploit funzionano su tutti i sistemi operativi (sì, anche sui telefoni, e sui dispositivi IOT, e sugli embedded), ipervisori (sì, anche cross-domain) e da ogni tipo di userspace - in particolare al momento è possibile farlo da uno snippet javascript che giri nella finestra di un browser. Non riesco a immaginare un motivo per cui non si possa fare da PHP, che so, in un plugin di wordpress. Le patch, che non sono ancora state messe in distribuzione generale, sono efficaci solo contro Meltdown (Spectre è più difficile da sfruttare, per fortuna, ma è anche capito peggio). Non solo, ma rallentano le prestazioni (fino al 20% in alcuni benchmark di postgres) e aumentano l'uso della CPU (un cloud provider ha visto la CPU post-patch raddoppiare).
Buon 20181.
1) Primo tentativo di aggiornare il kernel di una VM (presumibilmente con la patch anti-Meltdown). Risultato: VM non-bootabile. Groan.
*"By now, most of you have probably already heard of the biggest disaster in the history of IT – Meltdown and Spectre security vulnerabilities which affect all modern CPUs, from those in desktops and servers, to ones found in smartphones. Unfortunately, there's much confusion about the level of threat we're dealing with here, because some of the impacted vendors need reasons to explain the still-missing security patches. But even those who did release a patch, avoid mentioning that it only partially addresses the threat. And, there's no good explanation of these vulnerabilities on the right level (not for developers), something that just about anyone working in IT could understand to make their own conclusion. So, I decided to give it a shot and deliver just that.
First, some essential background. Both vulnerabilities leverage the "speculative execution" feature, which is central to the modern CPU architecture. Without this, processors would idle most of the time, just waiting to receive I/O results from various peripheral devices, which are all at least 10x slower than processors. For example, RAM – kind of the fastest thing out there in our mind – runs at comparable frequencies with CPU, but all overclocking enthusiasts know that RAM I/O involves multiple stages, each taking multiple CPU cycles. And hard disks are at least a hundred times slower than RAM. So, instead of waiting for the real result of some IF clause to be calculated, the processor assumes the most probable result, and continues the execution according to the assumed result. Then, many cycles later, when the actual result of said IF is known, if it was "guessed" right – then we're already way ahead in the program code execution path, and didn't just waste all those cycles waiting for the I/O operation to complete. However, if it appears that the assumption was incorrect - then, the execution state of that "parallel universe" is simply discarded, and program execution is restarted back from said IF clause (as if speculative execution did not exist). But, since those prediction algorithms are pretty smart and polished, more often than not the guesses are right, which adds significant boost to execution performance for some software. Speculative execution is a feature that processors had for two decades now, which is also why any CPU that is still able to run these days is affected.
Now, while the two vulnerabilities are distinctly different, they share one thing in common – and that is, they exploit the cornerstone of computer security, and specifically the process isolation. Basically, the security of all operating systems and software is completely dependent on the native ability of CPUs to ensure complete process isolation in terms of them being able to access each other's memory. How exactly is such isolation achieved? Instead of having direct physical RAM access, all processes operate in virtual address spaces, which are mapped to physical RAM in the way that they do not overlap. These memory allocations are performed and controlled in hardware, in the so-called Memory Management Unit (MMU) of CPU.
At this point, you already know enough to understand Meltdown. This vulnerability is basically a bug in MMU logic, and is caused by skipping address checks during the speculative execution (rumors are, there's the source code comment saying this was done "not to break optimizations"). So, how can this vulnerability be exploited? Pretty easily, in fact. First, the malicious code should trick a processor into the speculative execution path, and from there, perform an unrestricted read of another process' memory. Simple as that. Now, you may rightfully wonder, wouldn't the results obtained from such a speculative execution be discarded completely, as soon as CPU finds out it "took a wrong turn"? You're absolutely correct, they are in fact discarded... with one exception – they will remain in the CPU cache, which is a completely dumb thing that just caches everything CPU accesses. And, while no process can read the content of the CPU cache directly, there's a technique of how you can "read" one implicitly by doing legitimate RAM reads within your process, and measuring the response times (anything stored in the CPU cache will obviously be served much faster). You may have already heard that browser vendors are currently busy releasing patches that makes JavaScript timers more "coarse" - now you know why (but more on this later).
As far as the impact goes, Meltdown is limited to Intel and ARM processors only, with AMD CPUs unaffected. But for Intel, Meltdown is extremely nasty, because it is so easy to exploit – one of our enthusiasts compiled the exploit literally over a morning coffee, and confirmed it works on every single computer he had access to (in his case, most are Linux-based). And possibilities Meltdown opens are truly terrifying, for example how about obtaining admin password as it is being typed in another process running on the same OS? Or accessing your precious bitcoin wallet? Of course, you'll say that the exploit must first be delivered to the attacked computer and executed there – which is fair, but here's the catch: JavaScript from some web site running in your browser will do just fine too, so the delivery part is the easiest for now. By the way, keep in mind that those 3rd party ads displayed on legitimate web sites often include JavaScript too – so it's really a good idea to install ad blocker now, if you haven't already! And for those using Chrome, enabling Site Isolation feature is also a good idea.
OK, so let's switch to Spectre next. This vulnerability is known to affect all modern CPUs, albeit to a different extent. It is not based on a bug per say, but rather on a design peculiarity of the execution path prediction logic, which is implemented by so-called Branch Prediction Unit (BPU). Essentially, what BPU does is accumulating statistics to estimate the probability of IF clause results. For example, if certain IF clause that compares some variable to zero returned FALSE 100 times in a row, you can predict with high probability that the clause will return FALSE when called for the 101st time, and speculatively move along the corresponding code execution branch even without having to load the actual variable. Makes perfect sense, right? However, the problem here is that while collecting this statistics, BPU does NOT distinguish between different processes for added "learning" effectiveness – which makes sense too, because computer programs share much in common (common algorithms, constructs implementation best practices and so on). And this is exactly what the exploit is based on: this peculiarity allows the malicious code to basically "train" BPU by running a construct that is identical to one in the attacked process hundreds of times, effectively enabling it to control speculative execution of the attacked process once it hits its own respective construct, making one dump "good stuff" into the CPU cache. Pretty awesome find, right?
But here comes the major difference between Meltdown and Spectre, which significantly complicates Spectre-based exploits implementation. While Meltdown can "scan" CPU cache directly (since the sought-after value was put there from within the scope of process running the Meltdown exploit), in case of Spectre it is the victim process itself that puts this value into the CPU cache. Thus, only the victim process itself is able to perform that timing-based CPU cache "scan". Luckily for hackers, we live in the API-first world, where every decent app has API you can call to make it do the things you need, again measuring how long the execution of each API call took. Although getting the actual value requires deep analysis of the specific application, so this approach is only worth pursuing with the open-source apps. But the "beauty" of Spectre is that apparently, there are many ways to make the victim process leak its data to the CPU cache through speculative execution in the way that allows the attacking process to "pick it up". Google engineers found and documented a few, but unfortunately many more are expected to exist. Who will find them first?
Of course, all of that only sounds easy at a conceptual level - while implementations with the real-world apps are extremely complex, and when I say "extremely" I really mean that. For example, Google engineers created a Spectre exploit POC that, running inside a KVM guest, can read host kernel memory at a rate of over 1500 bytes/second. However, before the attack can be performed, the exploit requires initialization that takes 30 minutes! So clearly, there's a lot of math involved there. But if Google engineers could do that, hackers will be able too – because looking at how advanced some of the ransomware we saw last year was, one might wonder if it was written by folks who Google could not offer the salary or the position they wanted. It's also worth mentioning here that a JavaScript-based POC also exists already, making the browser a viable attack vector for Spectre.
Now, the most important part – what do we do about those vulnerabilities? Well, it would appear that Intel and Google disclosed the vulnerability to all major vendors in advance, so by now most have already released patches. By the way, we really owe a big "thank you" to all those dev and QC folks who were working hard on patches while we were celebrating – just imagine the amount of work and testing required here, when changes are made to the holy grail of the operating system. Anyway, after reading the above, I hope you agree that vulnerabilities do not get more critical than these two, so be sure to install those patches ASAP. And, aside of most obvious stuff like your operating systems and hypervisors, be sure not to overlook any storage, network and other appliances – as they all run on some OS that too needs to be patched against these vulnerabilities. And don't forget your smartphones! By the way, here's one good community tracker for all security bulletins (Microsoft is not listed there, but they did push the corresponding emergency update to Windows Update back on January 3rd).
Having said that, there are a couple of important things you should keep in mind about those patches. First, they do come with a performance impact. Again, some folks will want you to think that the impact is negligible, but it's only true for applications with low I/O activity. While many enterprise apps will definitely take a big hit – at least, big enough to account for. For example, installing the patch resulted in almost 20% performance drop in the PostgreSQL benchmark. And then, there is this major cloud service that saw CPU usage double after installing the patch on one of its servers. This impact is caused due to the patch adding significant overhead to so-called syscalls, which is what computer programs must use for any interactions with the outside world.
Last but not least, do know that while those patches fully address Meltdown, they only address a few currently known attacks vector that Spectre enables. Most security specialists agree that Spectre vulnerability opens a whole slew of "opportunities" for hackers, and that the solid fix can only be delivered in CPU hardware. Which in turn probably means at least two years until first such processor appears – and then a few more years until you replace the last impacted CPU. But until that happens, it sounds like we should all be looking forward to many fun years of jumping on yet another critical patch against some newly discovered Spectre-based attack. Happy New Year! Chinese horoscope says 2018 will be the year of the Earth Dog - but my horoscope tells me it will be the year of the Air Gapped Backup.”*
1) Primo tentativo di aggiornare il kernel di una VM (presumibilmente con la patch anti-Meltdown). Risultato: VM non-bootabile. Groan.
submitted by MonsieurCellophane to ItalyInformatica [link] [comments]

BEWARE all ICOs and ICO issuers!!!!! Part 1

BEWARE all ICOs and ICO issuers!!!!! Part 1
https://preview.redd.it/ohbp38gkwp311.png?width=600&format=png&auto=webp&s=f730893079a7b5d5fb2462c6e476dfcf182b0bc4
Luvdub Coin recently made a public announcement for our airdrop and in less than 1 week, received submissions ranging in the thousands despite our intense KYC-AML procedure.
At this time, I felt compelled to write an article due to the alarming frequency of fraudulent activity and stolen data our verification team has witnessed in these past few days.
This article will be broken into 2 posts.
1) Why ICO participants should AVOID ICOs unless they ABSOLUTELY TRUST the issuer.
2)What ICO issuers need to be aware of.
This is by all means not a comprehensive list and I do not suggest that you rely solely on this article to make any decision that may have an impact on your privacy, security, or life. I, nor anyone at Luvdub Coin or Luvdub Nation Inc. can be held responsible for what you do with the information provided. You are the only person who can make sure your data and privacy is safe.
Why ICO participants should AVOID ICOs unless they ABSOLUTELY TRUST the issuer.
Avoid ICOs?
Here are some reasons why you might want to reconsider giving away your personal information for some “Airdrops”.
We have the bad, for example:
https://preview.redd.it/p60v3qlswp311.png?width=720&format=png&auto=webp&s=3031fa9a797621b9e5789c9c75de5b38ef2caffe
We have the, what the eff:
https://preview.redd.it/fhuwdwqtwp311.png?width=800&format=png&auto=webp&s=f35508bb5e7b33517f516d93508a93735339878d
Then we have the, that could’ve passed if looked over quickly:
https://preview.redd.it/g75owbkuwp311.png?width=800&format=png&auto=webp&s=4681a334f0621ad18a02d4e49575f254c828248e
The photoshopper:
https://preview.redd.it/e8k8aahvwp311.png?width=540&format=png&auto=webp&s=9c2c5a9392f4b42857db0a0ced5dfb3c195f1c2f
And finally, the artist:
https://preview.redd.it/ei7btsawwp311.png?width=800&format=png&auto=webp&s=2cdb0f93bcea7c7bcfa0b6c21e2f6277b5529d5e
Keep in mind, this is just a few of the fraudulent submissions we have received. It is estimated that somewhere between 30–40% are likely to be stolen data.
It seems that a majority of the stolen data come from Southeast Asia (Vietnam, Thailand, etc.), South Asia/Middle East (India, Pakistan, etc.), Africa, South America, and Russia. This does not mean that other countries aren’t affected but the statistics skew towards these regions.
I IMPLORE you to avoid ICOs unless you absolutely, 100% positively know who you’re dealing with. If you choose to disregard my warnings and would still like to participate in ICOs/airdrops, here are some things to consider.
I can’t be completely trusted!
Just because a site has a Green trust lock to display that they are serving content over TLS (Transport Layer Security) doesn’t mean you should trust the site. All it means is that people from outside the network cannot peer into the information being transmitted. This is still better than having no encryption at all but if the website owner mishandles your information or are outright looking to steal your data, you are SCREWED! Also realize that you can get SSL security (green trust lock/https)for free using a CDN provider.
If I’m going to trust anything, it’s this.
If you’re going to hand your money/cryptocurrency anywhere, the highest level of authentication is to go with a Positive EV SSL Certificate (Extended Validation Certificate). This means the website owner has to provide their company details to a third party and get authenticated which would then show their name in the URL browser. Bear in mind, the custodians of the site/ICO are still responsible for your funds/personal information. You still must perform your due diligence regardless because having a Positive EV SSL Certificate doesn’t mean that they can’t mess up or steal your data. *Cough* Yahoo *Cough*
But they have the Telegram members!
This number means squat! People can buy Telegram users, Facebook likes, Twitter retweets, etc. What really matters is the level of activity on their social media channels. Check their reddit, their BitcoinTalk, their Telegram channel activity. If it appears that the ICO issuer is spamming their own channels with posts and nonsense, then they’re hiding something. Be very wary of ICOs that are constantly updating with a countdown or having casual conversation. When you’re having a busy ICO, your time is limited between development, community management, regulation, legal matters, etc.
But they have so many pictures of developers and investors!
This is nonsense. Anyone can put up pictures with positions that they feel makes their project looks great. The only real way to tell if it’s a legitimate team is to have an outside source verify their credentials. And no, this doesn’t mean Linkedin with their bought connections but checking any professional licenses or reviewing previous projects. For example, if a Doctor is on the team, I would refer to their country’s agency that provides the professional license to cross reference their name or if they are a developer, I would go and review their previous work. Maybe the ICO company has been incorporated for a few years and can be searched using a government database or the ICO founders have performed several speaking engagements for large crowds.
Their paper is white though!
If they only have a white paper, I would be highly skeptical. Unless their code is open source or they disclose snippets in which you are able to verify, I would be extremely cautious. Don’t let all the fancy images of their “vision” fool you either. Think, if an ICO talks more about the possibilities instead of the product, I would stay away. Show me the product/design!!!
But I get 25% off if I buy in the first 2 days!
This is a HUGEEEEEEEEE red flag. DO NOT, I REPEAT, DO NOT participate in any ICOs that offer you a huge discount/free tokens at decreasing intervals. That means getting 25% free tokens when you buy on day 1 & 2, 20% free tokens day 3 & 4, 15% tokens day 5 & 6, etc. This is a marketing tactic used to pressure you into purchasing early. Think about it. If their ICO/token is going to be valuable, why would they discount it by so much? If you were buying in bulk(private sale), Ok, maybe that might be a good reason for a percentage of free tokens/discounts but when you’re time bound? You’re dealing with marketers who are going to run away with your money and give you worthless junk in return. DO NOT DEAL WITH THESE PEOPLE.
But the more I do, the more I get!!!!
Another marketing gimmick. If an ICO says here’s a little competition, who can be the best!?! The top 5 will get a prize?!?! Stay AWAYYY WITH A TEN FOOT POLE!!!! Who wins in this competition? No one but the ICO issuer because they were able to harness your competitive spirit with your hopes/dreams of being wealthy all while handing you worthless junk. Developers should be focused on their product, not marketing BS just to extract as much value from you. Don’t give away your money. You might as well donate it to charity to make the world a better place.
But I can trust them. Can’t I?
Any ICO issuer who deals with residents within the European Union must comply with GDPR (General Data Protection Regulation). Essentially, this means that they must require consent from their users, provide users’ with the right to have their data erased, limit data handling, disclose breaches, and a plethora of other rules. If the ICO has no mention of their private practices, STAY AWAY FROM THEM! Even better, see how they handle individuals in their chat groups. Do they show concern for privacy and data? That’s a tell tale sign.
They keep emailing me. They must really care!
If an ICO is emailing you constantly over and over with little to no substance, STAY AWAY FROM THEM! There is no reason for an ICO to be constantly messaging you if they have no development progress to be discussed or important ICO dates to be publicized. No, a message from the CEO to say hello! or to speak of some grand utopian vision does not cut it. If you get any mail, it should be worthwhile to you and provide ICO participants with new information or the occasional reminder. When you are spammed, this is how ICOs try to blind you with the allure of the “grand vision”. Did you realize you were constantly getting email, notifications, pinned messages, etc.? You NEED to get out. ASAP
Only if you believe
If for whatever reason you do believe in an ICO and wish to participate, please protect yourself at all costs. Consider water marking your photo stating that your photo should only be used for whatever ICO URL. Also consider criss crossing lines across the image to prevent scammers from cropping out your text. Do everything in your power to stay safe. Use VPNs, tertiary emails, different BTC addresses or Eth addresses.
I apologize if I turn some people off but data theft has become too rampant within the current cryptocurrency/ICO environment and we had to do something about it. It is our belief that cryptocurrency can help bring individuals out of poverty and maintain honesty in transactions. However, the current activity of stealing data from innocent victims is detrimental to the mass adoption of cryptocurrency and we all must do something together to fix it. Please help spread the word and let us all make a standard together for all ICO issuers and participants to follow.
This has been the first part of my ICO ramble. For the second part, please visit What ICO issuers need to be aware of.
GET INVOLVED at www.luvdubcoin.com
Also check out our other sites:
Telegram | Facebook | Github | White Paper | Youtube | Reddit | Twitter | BitcoinTalk
Security Reminder!
*Always look for the Luvdub Nation Inc. green security trust lock in your browser before submitting any information online.
submitted by luvdubnation to LuvdubCoin [link] [comments]

Blue Beelzebub (Part 1)

For years, years, I wondered – ‘why me’ – you know, you know, kiddo – ‘why me’ – but there is no ‘why me’. What? As if there were, you know, ‘chosens’, there’s no ‘chosens’ – there’s no all–seeing, all–knowing powerful nothing. It happened. That’s it. I fell for it. I took its bait – hook, line, sinker. Didn’t I do it to myself? Wasn’t I the sucker? There’s no ‘why me’ – and once I realized that, that there was no, that there was no, no any kind of justice what so ever, until I acted, that gave my existence purpose. And now I’m gonna fulfill that purpose. I don’t want you getting involved. You’re deep enough as it is. Don’t be the sucker!
– Bobby Mortaren; famous last words
I raced from the house to the hotel, at Walsenburg, where I struggled to make sense of everything that transpired. I poured myself over notes and records that I had brought along. Only my laptop’s glow illuminated the room. Every so often lights through I-25 swept across the bed. Every so often breezes stirred trees around the perimeter. Soon midnight passed. The world darkened, relaxing as it were into slumber.
A knock rattled the door - and I could have shrieked if it weren’t for what remained of my nerves. All of a sudden, I felt so icy, so cold, that I stood, frozen, uncertain of how to proceed. Who was it? It couldn’t be good. Not the FBI. Not the Thules. Ache, already?
I balked at chucking my laptop - whoever they were at the door, they’d find it, they’d find it.
It’s the 21st century; evidence doesn’t vanish without a trace.
As my heart pounded my chest, I reached that door and cracked it a notch. I braced for the kick certain to follow. It didn’t come. The hotel’s courtyard / lot spread, deserted except for my rented Wrangler. There wasn’t anyone - anyone who may have been my visitor.
Yet - by my feet - at the edge of the threshold - my visitor had left a box.
I poked at it with my pole and turned it over and over. It wasn’t postmarked. It wasn’t addressed. It had been delivered by hand and, suspecting what it was, I yanked it inside. Leaning onto and drooping against the door, I tore its lid. The box contained two floppies, a CD, and a stack paper. It was Blue Beelzebub - all of it, every part of it. As well as instructions: a How-To-Guide for destroying your future, fetched onto my doorstep, white-glove-style to boot, as promised. It may as well have been a bomb.
###
How did Blue Beelzebub mutate into my obsession?
Worse - did I expect to find its truth remarked into code from 1996? 1996! There wasn’t a lot to the internet way, way back when. But crime was crime no matter its era. Was it crime? And did the game start this way or that way then evolve into crime? Was it crime from its start?
The programmer of Blue Beelzebub, a hacker by the avatar ‘ZuZu’, claimed to be legit. Their MO had been to create games not scams. Or so it appeared until Blue Beelzebub entered the story. If it were a product of malware, why had ZuZu devoted so much of their effort into its creation? Why had they boasted of the game’s nitty gritty details during its gestation? Why all of that trouble, if only a fraction of it would have been appreciated by those who played it? Even LVN, when they weren’t laundering bitcoin, expressed what may be described as passion for that game.
Was it a game?
By 1996 standards, its demos parlayed atrocious graphics and threadbare mechanics. The way it affected the player’s rig ensured nobody would be eager to replay it. The game passed every scan available yet it twisted the OS and hijacked the PC to serve as a node, a link into a yet-unknown and yet-unnamed network for purposes every bit as mysterious as the game itself.
As I contemplated the reality of the situation, I settled onto the notion that that game may have been a gimmick to cover truly malevolent intentions. That had been the crux of LVN’s KickStarter and GoFundMe rackets - they always proposed plausible if lofty projects as if they were real, actual products people buy. However, case after case demonstrated that their pretense unraveled after scrutiny. Could it be, as far back as 1996, the creator(s) of Blue Beelzebub conceived of such a deception? FPS (of the type Blue Beelzebub reported to be) were the rage through the 90s. If so then their MO resembled that of a typical bait-and-switch scheme - bait them with a game, switch them with a virus. Then? What? Profit?
###
In the summer of 2017, Czech authorities in conjunction with the EU, arrested LVN at their apartment south of Plzen. They seized the hacker’s laptop, PC, as well as their twenty thousand CD library. LVN was a hacker-for-fire; evidence presented at their arraignment demonstrated to the court that they had been paid by Russian and other Eastern European actors to pilfer bitcoin wallets. In addition to theft, the court entertained charges connected to a NiceHash heist of 64 million euros earlier that year.
It was the breach of NiceHash’s security that brought my skills to the EU’s attention. For a few weeks, between March and May, I played my part to aid the investigation and the conviction of its mastermind. We discovered that the breach had been directed from inside NiceHash. We split the work: ‘brick and mortar’ detectives ran interviews and stakeouts while my fellow ‘white-hats’ and I toiled at the forensics. To meet our end of the bargain, we created a model of that cyber-attack, in order to construct and deconstruct its operation. As we realized how the crime had been executed, we identified the party responsible for it and built the authorities a solid chain-of-evidence - a chain-of-evidence that identified LVN as the perpetrator.
LVN masterminded not just that NiceHash heist but a dozen scams at sites like KickStarter and GoFundMe. LVN traded exclusively through bitcoin. Their MO was to sow fake projects then to reap real funds submitted by backers - by backers who aimed to launder money via its exchange into bitcoin. Projects were advertised to those who sought the service; they were fraudulent through and through yet they appeared real enough to fool the maintainers of those sites and the public at large who may have been tricked by the scams.
Under the supervision of the investigation at large, I pledged my dollars to a few of LVN’s projects, to see what the response would be. Soon, LVN and I exchanged emails. They wanted to speak face-to-face. In front of the experts, I played to type and gained access to a roster of services from that hacker-for-hire. As a result of the communication, the investigation brought into play anti trafficking & exploiting agencies from around the world and accelerated their goal to convict LVN.
One of the projects LVN advertised didn’t fit into the mold in so far as it felt like a genuine hobby of theirs. LVN sought investors to fund their (re)development of a game, Blue Beelzebub. The project listed at KickStarter - removed but saved to my laptop - included a lightbox of images and demos as well as snippets of code. It discussed such esoterics as: updates to its physics engine and its video & audio renderer; upgrades to its arsenal and its gallery of foes; changing its play - expanding its levels and ditching its linearity.
The details impressed me as they perplexed me. Why? I kept asking. What’s the idea? What’s the racket? Why create a game using twenty year old technology? I understood its esoterics perfectly for I came of age during the 90s. So much of what went into Blue Beelzebub felt familiar as it was familiar. An FPS - first person shooter - propelled by a fork of that fabled, 2.5D DOOM engine. Little wonder that its caps parlayed the look and feel of classic 90s PC games!
Maybe it was yet another scam? Or - maybe - it was a hobby of a gamer / programmer? Could it be that LVN recalled those early DOS games and wanted to re-create the era? But that wasn’t everything. And as I mused & Googled I started to ask myself if there wasn’t more about Blue Beelzebub beyond the haze of my nostalgia. I failed to connect the dots although that did not shake the deja vu - somehow, someway, I recognized that game.
###
Escape published my article about LVN’s conviction. Against the advice of my editor, I stalked its commentary, to see what, if anything, the story drew out of the woodwork. Its aside re: Blue Beelzebub attracted attention. I wasn’t surprised, to be honest, as I had inserted it into the text to draw reaction. And my rouse worked! But I wasn’t the only one who felt deja vu about the game.
A commentator, who asked for anonymity, posted a link to 4CHAN about Blue Beelzebub. LVN had advertized the KickStarter for the game at a group devoted to indie developers. LVN never advertized their work at 4CHAN out of fear of exposure. So that thread where they didn’t ask for money confirmed my sense that it wasn’t, necessarily, a scam.
As I scanned that thread, however, I realized what a rabbit-hole the business would be. After LVN’s post, anonymous replies went to and fro as they typically do. Then the tenor of the thread devolved into a war amongst those who were for vs. those who were against what LVN proposed to do with the game. It was a question about credit. At last - somebody revealed a truth I duly suspected of - that Blue Beelzebub wasn’t the work of LVN - that the game as it existed predated LVN by twenty years or so.
The idea for Blue Beelzebub had floated about USENET c. 1995. The majority of the conversations extracted from the archives suggested that the game was vaporware. Its supporters countered that either a P/C or a DEMO existed and that a play-through had been uploaded to (early) YouTube. Everyone who added their opinion - pro & con - agreed that it was “inspired by Satan”, “took its cues from Crowley’s ‘Thelema’“, and that it included clips “replete with ever more corrupt” gore and snuff. A self-described player, whose rig they claimed had been “totaled” by the game, stated bluntly that it contained a “Chinese Sandwich”.
Undeterred by the confusion, I kept at my search, ramming through the archives, pushing my way further back in time, from 1997 to 1995. USENET had been mirrored prior to its collapse yet its content was not indexed completely; a robust query of its posts required force and patience.... In spite of the odds, my effort worked, my persistence located the roots of Blue Beelzebub.
It was a posted dated June 15, 1995 written by the game’s originator, a hacker by the name of ZuZu. According to their missive, they claimed to have produced “a proof of concept demo” for their “latest and greatest” game, Blue Beelzebub, and that it was “a legit game catering to those who worship and admire Lucifer and everything that stands for”. ZuZu listed, point by point, the substance of their creation. I wasn’t surprised to see, splattered across that post, the verbiage LVN usurped for their own advert.
Except - they weren’t seeking funding. According to their missive, the game had been bankrolled “by entities of a foreign sort, who don’t want to be credited”. Rather, they were seeking “experts” willing to alpha & beta test the product.
Blue Beelzebub and by extension ZuZu went rouge between 1997 and 2005.
Then - October 31, 2005 - ZuZu submitted their last, known public statement. Broadcasted through their usual, over-the-top flamboyance, they wished for their “fans to learn and spread the word” that they “secured an exclusive”. They had convinced a devote of indie horror / FPS games to review Blue Beelzebub. The player they had snagged was famous for their day and their name I recognized as I read it.
Bobby Mortaren - an internet pioneer par excellence. Mixing reviews and play-throughs together, his format had been lauded as visionary and just as imitated. Tweaked a bit by-the-by it continued to find use. His name, though, hadn’t been spoken of for a decade. Games had changed. Tastes had changed. He could have shifted into yet another venture so far as I knew.
Mortaren posted his works to YouTube - to YouTube prior to its merger with Alphabet. As I considered the changes that transpired across the years, I wasn’t surprised to discover that all of my links to his works were dead. Eerily, though, it was impossible to locate his reviews directly via YouTube. So I tried Google and Bing. No result. Ditto with DuckDuckGo. Ditto with Wiki, SlideShare, BoardReader. Out of desperation I surfed into the remnants of Alta Vista - maybe its database saved the information? No. No. Futile - all of it.
YouTube’s size was greater than USENET’s size. My task’s extent was altogether a colossal order of magnitude. If that which I pursued had not been deleted, then, it would be found ad finem omnia. So to dig further I opted for a quick & dirty hack - a bot. A bot scripted to sift and sort all YouTube’s content that matched keywords Mortaren and Blue Beelzebub. I ran it and waited for days then for weeks then for months.
###
My extensive search corroborated the fact that Mortaren left the internet c. 2006. Assuming they may have continued via pseudonym, I enquired into the matter with colleagues who devoted themselves to games and / or to reviews. Only a few recognized their name; nobody was cognizant of their voice.
An editor from ToplessRobot directed my attention to a defunct fansite’s messageboard where somebody asked why Mortaren vanished without a trace. To my shock, the reply was that Mortaren had been arrested by the FBI c. 2006. I could not fathom why. Nevertheless, if the revelation were correct, then, the resolution to the matter was tantalizingly viable. Arrests - and trials - were public.
The LVN / EU case brought my forensic skills to the notice of the DOJ and the Treasury / Secret Service. The FBI, like its European counterparts, wanted to understand everything about bitcoin and how it might (might) be possible to trace transactions to individuals.
As part of my freelance work, I already met and debriefed FBI agents re: the Czech hacker. Eventually ‘large’ talk gave way to ‘small’ talk amongst us. It was at that juncture that I broached the subject of Blue Beelzebub - namely, that LVN hatched a scheme to defraud investors (via bitcoin) ostensibly by promising to develop an update to that game.
“They got exposed by players who recognized the game’s ill-repute,” I stated. “Apparently, the game’s infamy started after its reviewer, a fellow by the name of - er - Robby Mortaren? Bobby Mortaren? Well - they got arrested by the FBI.”
Neither the game nor the reviewer elicited a reply - immediately, anyhow.
A (censored) document, summarizing a DOJ investigation, worked its way into my mailbox. Mortaren had been under FBI surveillance from November 2005 to May 2006. Why wasn’t stated; just that the FBI obtained search warrants for computers & electronics. A federal judge issued an arrest warrant May 30, 2006; however, the DOJ withdrew the charges after Mortaren agreed to an immunity deal. Mortaren turned star witness at a trial that involved organized crime as well as rackets, cults, ritualized human & civil rights abuses and elements that suggested Satanism. The perpetrator(s) that the DOJ wanted to convict fled either to South America OR Eastern Europe / Central Asia. The trial evaporated; neither the charges nor the perpetrator(s) were detailed.
Mortaren’s immunity deal with the DOJ wasn’t negotiable or retractable and included a complete internet ban.
The document listed a PO BOX as Mortaren’s permanent address.
To Mr. B. Mortaren:
Sir, I apologize. Blue Beelzebub. Were it not for the fact that you may be the only person left to recall that game, I would not have stretched my resources so thin to find you. If you are not able to assist my research, is anyone?
I was part of an EU investigation re: bitcoin, theft & fraud, as well as trafficking & exploiting vagrants. Through that investigation I came into contact with a hacker; they claimed to be working on Blue Beelzebub; they sought funds to upgrade it. While disturbing to say the least, that game did not strike me as part of the hacker’s MO. So I pried further into the matter and discovered, to my astonishment, that Blue Beelzebub dated to the mid 90s and that you reviewed & posted the demo at YouTube.
I am curious about that game. I cannot get it out of my head. Who was the programmer? Who was the developer? Where did they get the money? What were their goals? What was the game about, if the game was about anything?
A DOJ document summarizing your immunity from prosecution was brought to my attention. I suspected, as I matched the timeframe of the FBI’s surveillance and arrest, to the demo, that these matters are related. I was not able to find a link, due to the fact that all records, transcripts, etc., were sealed by request of the FBI.
If, for any reason what so ever, we cannot communicate about this matter, would it be possible to contact a surrogate or anybody with the information I seek?
With All Due Respect
JK
###
Due to limits that existed at YouTube’s debut, videos posted from 2005 to 2010 were capped to 10 minutes. Both image and sound playback quality were kept low to spare bandwidth. A lack of (accessible) software and hardware to edit video forced vloggers to improvise. Mortaren had always used a webcam and mic from the 90s to shot their videos ‘live’, i.e., without edits.
YouTube retained the majority of Mortaren’s content; however, after a check of the dates and the poster’s IDs, I determined that Mortaren’s videos had been reposted c. 2006 by another user.
If the titles / numbers were correct then there were seven parts to the demo Mortaren recorded for Blue Beelzebub. Of seven, six remained. Specifically, the 5ifth - which must have been filmed as evidenced by the discontinuity between 4ourth and 6ixth - defied my ability to trace.
The reposter stated that “the 5ifth wasn’t part of the review package”. Yet, as I perused copies of replies they had saved, commentary that referenced material that doesn’t appear anywhere else, I strongly suspected that a 5ifth had been posted for a while and, for whatever reason, Mortaren removed it prior to 2006.
1irst - details facts re: the game: the developer, the programmer, the system requirements, etc.
“If your rig’s able to run DOOM, Blue Beelzebub works,” they state then add: “although, prepare yourselves, kiddos, the game takes a very, very long time to install”.
Passingly, he adds that a fan of his had ditched the game after they experienced “a catastrophic system failure” that they blamed “on either a bug or a virus or both”.
The executable and its auxiliary files pass every virus and malware checker Mortaren throws at it.
2econd & 3hird - demonstrates the game play or what passes for it.
Mortaren prefers to record his reviews live so that his fans experience the game exactly as he does. His videos contain hints / cheats if they are discovered as he plays. He describes Blue Beelzebub as a DOOM-GUY-ESQUE player who moves through an enshadowed monochromatic maze.
“There’s no backwards, I, I, I don’t believe it! Did they forget to give us backwards? There’s forwards and left, right. Kiddos, you gotta do a circle to go backwards.” He continues to berate the game, adding: “Yeah, there’s only forwards. And you know, I gotta say it, the programmer may think they’re the money’s nuts for it.... But it’s so weird that going forwards causes the view to bob up and down or side to side. What’re they trying to do? Are they trying to replicate a player’s gait? Takes me right out of the game. Let me tell y’all why. Like I said, the programmer’s got to be thinking they’re the monkey’s nuts but it’s that bizarro attention to detail that’s so jarring as I consider the lack of detail given to the graphics. Guys. Guys. Guys. You gotta think about what you present.”
Mortaren piles his criticism of the graphics and the sounds, comparing both unfavorably to DOOM. Especially frustrating is the invariance of the black & white textures throughout the maze. He praises the response of the maze to the player as he notes, while attempting to draw the maze, that its passages shift at random. Then more and more criticisms were strewn at the game, including its lack of weaponry, its lack of powerups / extras, its lack of anything.
“A game can’t be about going through the maze, guys, there’s got to be a point - something to do!” Finally, he voices the suspicion that he had been duped by ZuZu.
4ourth - the demo gets interesting.
Mortaren finds an area of the maze where the textures differ. The video’s pixilation - perhaps due to the webcam - perhaps due to the way the reposter preserved it - masks the bulk of the alteration. I detect a change of shade, though, from black & white to blue.
“Well it can’t be for nothing that the wall is blue. Jeez!” As he cracks the joke, to his shock (an explicative slips), the sounds became those of “eerie, drone-like notes fading into reverb” and the monitor displays a still-shot. Mortaren zooms into the image; I recognize it as coming from the shock-site, ROTTEN.
After that alteration, every blue-hued texture Mortaren faces produces other images, increasingly nihilistic and graphic, usually of the dead or the dying, often of celebrities, suicides, accidents, wrecks.
5ifth - ?
6ixth - the segment starts at an awkward jump.
It must have been split from the 5ifth video and while Mortaren does not state why, explicitly, the tone of the voice suggests that something serious transpired.
“Sorry, kiddos, I turned the webcam away - a first - I guess this ZuZu accomplished something.”
When he returns the webcam to the monitor, it is apparent that in addition to tone the substance of the game itself altered.
The player stands at the center of a room Mortaren describes as “a vault with a hole at its floor”. The 2.5D renderer prevents the player from gazing inside the hole. But by directing the player to walk the hole’s circumference it is possible to catch bits of its contents. A sharp, blue light shoots out of the hole; the way it cast light at the ceiling suggests there might have been “water”, as if the hole were a well of sorts.
What shocks Mortaren is that the room fills with children. The renderings of faces make each of the children unique. However: “the ghastliness of the imagery resembles how faces voxilate like with Delta Force games”. Further, he notes, after a pause that echoes my own consternation and trepidation, “I’ve seen these kids. Yeah, I’ve seen these kids from those, those photographs the game stopped everything to show us. Jeez!”
The children stand statue-like as the player walks about them. They serve as obstacles that block movement, otherwise, inert, unresponsive, “not that the player interacts with the kids as there’s no other keys available except A, W, D”.
The video continues, then, Mortaren shrieks.
The playback jostles as if it were about to stop. When everything resettles, he speaks, calmly and evenly, that “there’s a kid that’s different ... animated. You gotta see it, kiddos, I can’t say if it’s awful because it’s awful or if it’s awful because it’s awful....” The webcam zooms into the monitor; the child rendering appears to show it breathing, haphazardly, with their mouth agape. And then, then the child moves and the player like the viewer alike slip an explicative. “I take it back, everything, this is truly and utterly awful.”
7eventh - the coda feels like the set’s longest but is the shortest.
“Right now I’m running. I don’t have a weapon, jeez! I’m running as fast as this keyboard allows but my health is shrinking.” Mortaren stops and rotates the player to face backwards. The animated child is behind and striking the player using a technique that resembles “Hanna-Barbera laziness - or who knows - who knows, kiddos, it could be part of the style”. Just as it is with DOOM, as the player’s health decreases, the view gets redder and the avatar gets bloodier. Mortaren aims into the maze; there is no exit, there is no weapon, no upgrade to assist, all that exists is the floor where the player drops, dead.
The 7eventh adds a post-script recorded after the demo. It shows Mortaren’s PC, open and split to pieces. “The game installed a virus,” he declared then described its symptoms.
“Immediately upon my player’s death, the PC rebooted. After the BIOS, instead of going into DOS, it starts a telnet session and tries to connect via IP. Of course it doesn’t get a reply since my PC uses dial-up. So it freezes, pinging and pinging a server somewhere that it cannot reach.”
Mortaren concludes by theorizing that if Blue Beelzebub were a virus, it must have been designed to target high-end systems with LAN / Ethernet ports.
I jot the IP and attempt to connect to it. Strangely, it will not load yet it will not issue an error of any kind. Chrome, FireFox, Edge, etc., freeze. WHOIS is not able to resolve the owner. Nevertheless, it yields the location of the server, a site approximately 50 miles north east of Trinidad, Colorado.
I reject the result; users of tracers already know that they rely on ISP databases to match IP / location - and how often are those databases updated? - and how often are those updates distributed? The decade that passed between today and the video, and between the video and the creation, assures that there must have been a drift re: the location of the IP.
###
I will not reveal the particulars of when, where, and how I received the call.
“The coordinates.” Into my ear spoke a voice that my investigation made familiar. “Check the coordinates.”
“Coordinates?”
“Blue Beelzebub.”
“Yes,” I replied and Mortaren implied we’d meet.
Mortaren had traced my whereabouts through the blogosphere. He wanted to talk about the game yet feared the government “and or others” eavesdropping. I admitted off-handedly that as I sunk into my work with the DOJ, my paranoia tipped.
“What’s the deal with the game, anyway?”
“What do you want on your Chinese Sandwich?”
My impression settled onto a mixture of intrigue and trepidation. The matter felt so cryptic as to defy credulity. Coordinates? Blue Beelzebub. Chinese Sandwich? Nevertheless, even as we talked (brief as the conversation was) I put together that by coordinates + Blue Beelzebub Mortaren referred to the IP the game telnet’ed.
submitted by 0fruitjack0 to nosleep [link] [comments]

NEW BITCOIN CLOUD MINING SITE  XASHBITMINING  DAILY 0.0000164BTC  NO INVESTMENT  PROOF PAYMENT AREGERO NEW BITCOIN SITE  200GH BONUS  LEGIT SITE  PAYMENT PROOF NO INVESTMENT  0.0005 WUTHDRAW New Free Bitcoin Mining Site 2020  Earn 0.000579000 BTC Daily  Crypto Mining New Free Bitcoin Cloud Mining Site With Free 1000 GH/s Free 0.001 Btc Payment Proof How to Place an HTML Code Snippet on Your Web Page

This paper is a technical introduction to the Bitcoin electronic cash system. It presents the design principles of transactions and blockchain. It is based on the Satoshi Nakamoto's paper and the Wiki site of the Bitcoin community. The mechanisms are illustrated with JavaScript code snippets for Node.js When searching on the web for pre-written code, i found many partly useful, but also false or maybe old snippets. What i am searching for is a general function that i can parse the output script (or the complete raw transaction string) to and that delivers the output addresses and values of BTC / Satoshi sent to these. Access tutorials, blog posts, video streams and code snippets to help you go from being a hobbyist to a professional step by step. Develop With the power of Bitcoin Cash, the ease of BITBOX and the Bitcoin.com developer platform, you’ll create your most innovative apps ever. The Bitcoin Code Review. According to Steve McKay , “The The Bitcoin Code App is currently reaching successful binary options trade percentages that are unmatched by any other Binary Options Trading System 2016 that are available & it’s all thanks to the New Secrets code that drives the entire The Bitcoin Code software.” Source code snippets are chunks of source code that were found out on the Web that you can cut and paste into your own source code. Whereas most of the sample source code we've curated for our directory is for consuming APIs, we occasionally find something interesting on the API provider side of things.

[index] [11662] [3133] [6077] [10043] [7278] [13548] [7186] [752] [3069] [1309]

NEW BITCOIN CLOUD MINING SITE XASHBITMINING DAILY 0.0000164BTC NO INVESTMENT PROOF PAYMENT

Code snippets and steps to create custom code snippets - Duration: 13:05. techsapphire 2,440 views. 13:05. The Untold Truth About Money: How to Build Wealth From Nothing. HELLO FRIENDS, WELCOME TO CRYPTO MINING ALP CHANNEL, I MAKE VIDEOS OF CRYPTOCURRENCY MINING SO IF YOU HAVEN'T SUBSCRIBE MY CHANNEL YET THEN PLEASE SUBSCRIBE IT AND SHARE IT TO YOU'RE FRIENDS TOO ... New bitcoin mining side Script avi termux daily earn 0.01 BTC LIVE payment proof combo Scropt Hello Friends In this video i am talking about a new earning application with Hack Bypass Trick so ... Divi 4 Snippets Add Spacing With Margins. The Divi theme from elegant themes is absolutely awesome. Whenever I have a WordPress build, it's my go-to theme every time. I have built many, many sites ... HELLO FRIENDS, WELCOME TO CRYPTO MINING ALP CHANNEL, I MAKE VIDEOS OF CRYPTOCURRENCY MINING SO IF YOU HAVEN'T SUBSCRIBE MY CHANNEL YET THEN PLEASE SUBSCRIBE IT AND SHARE IT TO YOU'RE FRIENDS TOO ...