Privnotes.com Is Phishing Bitcoin from Users of Private ...

⚡ Lightning Network Megathread ⚡

Last updated 2018-01-29
This post is a collaboration with the Bitcoin community to create a one-stop source for Lightning Network information.
There are still questions in the FAQ that are unanswered, if you know the answer and can provide a source please do so!

⚡What is the Lightning Network? ⚡

Explanations:

Image Explanations:

Specifications / White Papers

Videos

Lightning Network Experts on Reddit

  • starkbot - (Elizabeth Stark - Lightning Labs)
  • roasbeef - (Olaoluwa Osuntokun - Lightning Labs)
  • stile65 - (Alex Akselrod - Lightning Labs)
  • cfromknecht - (Conner Fromknecht - Lightning Labs)
  • RustyReddit - (Rusty Russell - Blockstream)
  • cdecker - (Christian Decker - Blockstream)
  • Dryja - (Tadge Dryja - Digital Currency Initiative)
  • josephpoon - (Joseph Poon)
  • fdrn - (Fabrice Drouin - ACINQ )
  • pmpadiou - (Pierre-Marie Padiou - ACINQ)

Lightning Network Experts on Twitter

  • @starkness - (Elizabeth Stark - Lightning Labs)
  • @roasbeef - (Olaoluwa Osuntokun - Lightning Labs)
  • @stile65 - (Alex Akselrod - Lightning Labs)
  • @bitconner - (Conner Fromknecht - Lightning Labs)
  • @johanth - (Johan Halseth - Lightning Labs)
  • @bvu - (Bryan Vu - Lightning Labs)
  • @rusty_twit - (Rusty Russell - Blockstream)
  • @snyke - (Christian Decker - Blockstream)
  • @JackMallers - (Jack Mallers - Zap)
  • @tdryja - (Tadge Dryja - Digital Currency Initiative)
  • @jcp - (Joseph Poon)
  • @alexbosworth - (Alex Bosworth - yalls.org)

Medium Posts

Learning Resources

Books

Desktop Interfaces

Web Interfaces

Tutorials and resources

Lightning on Testnet

Lightning Wallets

Place a testnet transaction

Altcoin Trading using Lightning

  • ZigZag - Disclaimer You must trust ZigZag to send to Target Address

Lightning on Mainnet

Warning - Testing should be done on Testnet

Atomic Swaps

Developer Documentation and Resources

Lightning implementations

  • LND - Lightning Network Daemon (Golang)
  • eclair - A Scala implementation of the Lightning Network (Scala)
  • c-lightning - A Lightning Network implementation in C
  • lit - Lightning Network node software (Golang)
  • lightning-onion - Onion Routed Micropayments for the Lightning Network (Golang)
  • lightning-integration - Lightning Integration Testing Framework
  • ptarmigan - C++ BOLT-Compliant Lightning Network Implementation [Incomplete]

Libraries

Lightning Network Visualizers/Explorers

Testnet

Mainnet

Payment Processors

  • BTCPay - Next stable version will include Lightning Network

Community

Slack

IRC

Slack Channel

Discord Channel

Miscellaneous

⚡ Lightning FAQs ⚡

If you can answer please PM me and include source if possible. Feel free to help keep these answers up to date and as brief but correct as possible
Is Lightning Bitcoin?
Yes. You pick a peer and after some setup, create a bitcoin transaction to fund the lightning channel; it’ll then take another transaction to close it and release your funds. You and your peer always hold a bitcoin transaction to get your funds whenever you want: just broadcast to the blockchain like normal. In other words, you and your peer create a shared account, and then use Lightning to securely negotiate who gets how much from that shared account, without waiting for the bitcoin blockchain.
Is the Lightning Network open source?
Yes, Lightning is open source. Anyone can review the code (in the same way as the bitcoin code)
Who owns and controls the Lightning Network?
Similar to the bitcoin network, no one will ever own or control the Lightning Network. The code is open source and free for anyone to download and review. Anyone can run a node and be part of the network.
I’ve heard that Lightning transactions are happening “off-chain”…Does that mean that my bitcoin will be removed from the blockchain?
No, your bitcoin will never leave the blockchain. Instead your bitcoin will be held in a multi-signature address as long as your channel stays open. When the channel is closed; the final transaction will be added to the blockchain. “Off-chain” is not a perfect term, but it is used due to the fact that the transfer of ownership is no longer reflected on the blockchain until the channel is closed.
Do I need a constant connection to run a lightning node?
Not necessarily,
Example: A and B have a channel. 1 BTC each. A sends B 0.5 BTC. B sends back 0.25 BTC. Balance should be A = 0.75, B = 1.25. If A gets disconnected, B can publish the first Tx where the balance was A = 0.5 and B = 1.5. If the node B does in fact attempt to cheat by publishing an old state (such as the A=0.5 and B=1.5 state), this cheat can then be detected on-chain and used to steal the cheaters funds, i.e., A can see the closing transaction, notice it's an old one and grab all funds in the channel (A=2, B=0). The time that A has in order to react to the cheating counterparty is given by the CheckLockTimeVerify (CLTV) in the cheating transaction, which is adjustable. So if A foresees that it'll be able to check in about once every 24 hours it'll require that the CLTV is at least that large, if it's once a week then that's fine too. You definitely do not need to be online and watching the chain 24/7, just make sure to check in once in a while before the CLTV expires. Alternatively you can outsource the watch duties, in order to keep the CLTV timeouts low. This can be achieved both with trusted third parties or untrusted ones (watchtowers). In the case of a unilateral close, e.g., you just go offline and never come back, the other endpoint will have to wait for that timeout to expire to get its funds back. So peers might not accept channels with extremely high CLTV timeouts. -- Source
What Are Lightning’s Advantages?
Tiny payments are possible: since fees are proportional to the payment amount, you can pay a fraction of a cent; accounting is even done in thousandths of a satoshi. Payments are settled instantly: the money is sent in the time it takes to cross the network to your destination and back, typically a fraction of a second.
Does Lightning require Segregated Witness?
Yes, but not in theory. You could make a poorer lightning network without it, which has higher risks when establishing channels (you might have to wait a month if things go wrong!), has limited channel lifetime, longer minimum payment expiry times on each hop, is less efficient and has less robust outsourcing. The entire spec as written today assumes segregated witness, as it solves all these problems.
Can I Send Funds From Lightning to a Normal Bitcoin Address?
No, for now. For the first version of the protocol, if you wanted to send a normal bitcoin transaction using your channel, you have to close it, send the funds, then reopen the channel (3 transactions). In future versions, you and your peer would agree to spend out of your lightning channel funds just like a normal bitcoin payment, allowing you to use your lightning wallet like a normal bitcoin wallet.
Can I Make Money Running a Lightning Node?
Not really. Anyone can set up a node, and so it’s a race to the bottom on fees. In practice, we may see the network use a nominal fee and not change very much, which only provides an incremental incentive to route on a node you’re going to use yourself, and not enough to run one merely for fees. Having clients use criteria other than fees (e.g. randomness, diversity) in route selection will also help this.
What is the release date for Lightning on Mainnet?
Lightning is already being tested on the Mainnet Twitter Link but as for a specific date, Jameson Lopp says it best
Would there be any KYC/AML issues with certain nodes?
Nope, because there is no custody ever involved. It's just like forwarding packets. -- Source
What is the delay time for the recipient of a transaction receiving confirmation?
Furthermore, the Lightning Network scales not with the transaction throughput of the underlying blockchain, but with modern data processing and latency limits - payments can be made nearly as quickly as packets can be sent. -- Source
How does the lightning network prevent centralization?
Bitcoin Stack Exchange Answer
What are Channel Factories and how do they work?
Bitcoin Stack Exchange Answer
How does the Lightning network work in simple terms?
Bitcoin Stack Exchange Answer
How are paths found in Lightning Network?
Bitcoin Stack Exchange Answer
How would the lightning network work between exchanges?
Each exchange will get to decide and need to implement the software into their system, but some ideas have been outlined here: Google Doc - Lightning Exchanges
Note that by virtue of the usual benefits of cost-less, instantaneous transactions, lightning will make arbitrage between exchanges much more efficient and thus lead to consistent pricing across exchange that adopt it. -- Source
How do lightning nodes find other lightning nodes?
Stack Exchange Answer
Does every user need to store the state of the complete Lightning Network?
According to Rusty's calculations we should be able to store 1 million nodes in about 100 MB, so that should work even for mobile phones. Beyond that we have some proposals ready to lighten the load on endpoints, but we'll cross that bridge when we get there. -- Source
Would I need to download the complete state every time I open the App and make a payment?
No you'd remember the information from the last time you started the app and only sync the differences. This is not yet implemented, but it shouldn't be too hard to get a preliminary protocol working if that turns out to be a problem. -- Source
What needs to happen for the Lightning Network to be deployed and what can I do as a user to help?
Lightning is based on participants in the network running lightning node software that enables them to interact with other nodes. This does not require being a full bitcoin node, but you will have to run "lnd", "eclair", or one of the other node softwares listed above.
All lightning wallets have node software integrated into them, because that is necessary to create payment channels and conduct payments on the network, but you can also intentionally run lnd or similar for public benefit - e.g. you can hold open payment channels or channels with higher volume, than you need for your own transactions. You would be compensated in modest fees by those who transact across your node with multi-hop payments. -- Source
Is there anyway for someone who isn't a developer to meaningfully contribute?
Sure, you can help write up educational material. You can learn and read more about the tech at http://dev.lightning.community/resources. You can test the various desktop and mobile apps out there (Lightning Desktop, Zap, Eclair apps). -- Source
Do I need to be a miner to be a Lightning Network node?
No -- Source
Do I need to run a full Bitcoin node to run a lightning node?
lit doesn't depend on having your own full node -- it automatically connects to full nodes on the network. -- Source
LND uses a light client mode, so it doesn't require a full node. The name of the light client it uses is called neutrino
How does the lightning network stop "Cheating" (Someone broadcasting an old transaction)?
Upon opening a channel, the two endpoints first agree on a reserve value, below which the channel balance may not drop. This is to make sure that both endpoints always have some skin in the game as rustyreddit puts it :-)
For a cheat to become worth it, the opponent has to be absolutely sure that you cannot retaliate against him during the timeout. So he has to make sure you never ever get network connectivity during that time. Having someone else also watching for channel closures and notifying you, or releasing a canned retaliation, makes this even harder for the attacker. This is because if he misjudged you being truly offline you can retaliate by grabbing all of its funds. Spotty connections, DDoS, and similar will not provide the attacker the necessary guarantees to make cheating worthwhile. Any form of uncertainty about your online status acts as a deterrent to the other endpoint. -- Source
How many times would someone need to open and close their lightning channels?
You typically want to have more than one channel open at any given time for redundancy's sake. And we imagine open and close will probably be automated for the most part. In fact we already have a feature in LND called autopilot that can automatically open channels for a user.
Frequency will depend whether the funds are needed on-chain or more useful on LN. -- Source
Will the lightning network reduce BTC Liquidity due to "locking-up" funds in channels?
Stack Exchange Answer
Can the Lightning Network work on any other cryptocurrency? How?
Stack Exchange Answer
When setting up a Lightning Network Node are fees set for the entire node, or each channel when opened?
You don't really set up a "node" in the sense that anyone with more than one channel can automatically be a node and route payments. Fees on LN can be set by the node, and can change dynamically on the network. -- Source
Can Lightning routing fees be changed dynamically, without closing channels?
Yes but it has to be implemented in the Lightning software being used. -- Source
How can you make sure that there will be routes with large enough balances to handle transactions?
You won't have to do anything. With autopilot enabled, it'll automatically open and close channels based on the availability of the network. -- Source
How does the Lightning Network stop flooding nodes (DDoS) with micro transactions? Is this even an issue?
Stack Exchange Answer

Unanswered Questions

How do on-chain fees work when opening and closing channels? Who pays the fee?
How does the Lightning Network work for mobile users?
What are the best practices for securing a lightning node?
What is a lightning "hub"?
How does lightning handle cross chain (Atomic) swaps?

Special Thanks and Notes

  • Many links found from awesome-lightning-network github
  • Everyone who submitted a question or concern!
  • I'm continuing to format for an easier Mobile experience!
submitted by codedaway to Bitcoin [link] [comments]

WARNING: ESEA shows complete disregard for your password security

ESEA ignores basic web security practices putting your passwords and information at risk. Originally mentioned here. ESEA told this customer "please take your business elsewhere".

Security Flaw 1 - Not obscuring password input fields on registration page

Password input fields should always be obscured by default.

Security Flaw 2 - No SSL/HTTPS anywhere

Security Flaw 3 - Your password is emailed to you in plaintext when you register

More information:
This does not necessarily mean they're plaintext in the database, but it is completely unacceptable and any company irresponsible enough to do this is irresponsible enough to store them in plaintext in the database. It's also likely your password is stored in plaintext in server logs, email logs and more.

Security Flaw 4 - "Lost Password" emails a replacement password

Security Flaw 5 - "Lost Email" requirements not secure

The Lost Email page asks for such basic information people could easily hijack accounts.
This should not be all the information required to hand over your account to a new email address.

How can you secure yourself?

What else should you do?

submitted by AWPosition to GlobalOffensive [link] [comments]

Protecting your Crypto - Basic Attack Vectors

Another thread talking about risks of crypto and personal identifiable information was the reason for this post. I’ll say now, I’m in no way a security professional but figured at least some of this may help a novice or further the discussion.
I view securing your crypto as sliding scales of time, money, and risk. Understand them, then you can dial the knobs as you see fit. You’ll want to mitigate as much risk as possible when securing “life changing” funds, spending as much time and money securing them. And maybe dial it back (or as you see fit) when keeping $100 bucks of crypto on your Parity wallet on your computer.
Taking this example further:
Both examples accomplish the same goal of storing crypto, but both have completely different aspects of time, money and risk.
This may sound obvious, but I HAVE SEEN others not know this.
I think a good way to start talking about this is attack vectors. I had time to write out ~3, but there are more.
Phishing: This is probably the most popular right now. Phishing is basically a method of presenting a victim with seemingly legitimate information with the goal of stealing money or information. The scope is super broad and sometimes meant to target inexperienced users. You may have seen examples of this in phishing in e-mail. That Nigerian Prince intentionally misspelt a bunch of words to filter out intelligent recipients. If their scam has 5 parts to it, they don’t want to spend time on getting almost all the way through to the scam and have the victim realize it looks sketchy at the end.
Taking this example in the Crypto space, we have seen phishing domain names appear to look like “MyEtherWallet.com”, and Tricking users to send them coins here or here, or fake messages on Slack, or even Sending Vitalik a fake message on reddit.
Ways you can prevent this
Spear Phishing: Or simply a targeted attack. Spear phishing is a more targeted phishing attack. Unlike phishing, it casts a smaller net, but is geared more towards the target. More time and effort could be spent by the attacker doing this for greater reward. A good way of not being a targeted attack is simply not letting potentially malicious people know you’re a target. Letting others know your wealth either on purpose or accident puts you on an unnecessary radar. Similar to a bug bounty, it will only encourage malicious actors to make you the bounty. Do not give any personal identifiable info when not necessary. A good example of this is this post. It involves a targeted attack/spear phishing and social engineering.
The attacker in short found a tweet by a target that he uses Coinbase. Attacker was then able to obtain Name and phone number of target. Attacker then used social engineering to convince Verizon to relocate victims phone number to another device. With that he was then able to gain access to Coinbase. Among the several things mentioned in the article on security, simply not letting others know he used Coinbase was one of them. Protect your identity and personal information around Crypto when possible.
Security Vulnerabilities and Malware All operating systems should be considered unsecure. 0 day exploits are exploits that are known to malicious actors and not know by the developers of the software. There are also exploits that are known, but simply not patched by users. When was the last time you patched Windows? Malware (Malicious Software) can be installed on your computer via these exploits easily by a hacker given enough skill, and the reward being high enough. They can be deployed on your machine by visiting legitimate websites! The exploit can live in an advertisement banner not completely controlled by the site. This Malware once infected can log keystrokes or read clipboard data (think: Private Keys), allow remote control.
Let’s give a plausible scenario that takes some or all attack vectors here.
Ways to help prevent this are
This was only a few feet wide, and an inch deep. There’s much more to this, but hope it helps someone not lose a great deal amount of funds! Understanding your risk will help you associate enough time and money to protect it
submitted by OneSmallStepForLambo to ethtrader [link] [comments]

I made a simple blockchain project and now wrote this guide for entrepreneurs interested in smart contracts

The following is the exact copy of my medium article. No need to go there if you prefer reddit. And please ignore my startup mentioned here. I spent a whole month writing this huge guide - it's far beyond a mere promotion. This post is about Ethereum blockchain. I do love it.
As I'm an entrepreneur myself (with some humble programming skills) I think I managed to explain clearly the practical side of Ethereum smart contracts - what can be done and how. Think this sub is the best place for it. Hope you'll find this helpful.
Will do my best to answer all your questions (please mind the time difference - I'm in Russia).

An entrepreneur, programmer and user walk into a smart contract - The ultimate Ethereum blockchain stratup guide.

Lifehack - you don't need to understand blockchain to build a smart contract startup.

I made my smart contract project and still feel as a total noob reading discussions on blockchain. There is so much to learn for me. But, hey, my project works! Why bother? Though blockchain is cool and it's cool to understand the technology, there is no need to understand everything.
Take a look at smart contracts from an entrepreneurs point of view - focus on how you can benefit from it. What kinds of projects you can actually do? What business models are there? What an MVP would look like? What it takes to engage a user, find a programmer and build infrastructure?
This guide with examples and exercises will show you the practical side of smart contracts and help you estimate your idea or generate a new one. Use it as a starting point for your further investigation.

What you do need to know about blockchain and what you may just skip

Mining. The first thing to skip. From an entrepreneur's point of view mining is more like playing the stock market - buy equipment, analyze reward price charts and decide which crypto currency to invest your computing power to. But if you are dealing with smart contracts, you don't have to care about mining for the same reason you don't care about Internet providers when visiting a web-site.
Blocks, hashes, cryptography and all that math - we gonna ignore it too. The important practical outcome can be reduced to this mantra: "Everything that gets into blockchain remains there forever, anything can be verified, but nothing can be changed". In practice it means that data is stored permanently, transparently and securely.
Now let's turn to the terms you cannot do without and explain them as if it's year 2005 now.
Blockchain is like a BitTorrent network. A program on your computer downloads files and afterwards gives them away. But the program is called blockchain client rather than torrent client. And those files you download store transactions instead of videos and music. Sender, recipient, date-time and ammount - records are stored one after another (yes, they are stored in blocks, but who cares). Everybody who runs blockchain client has his own copy of the whole blockchain database and keeps all transactions that have ever been made. This database is huge. Ethereum blockchain is currently about 43 GB, Bitcoin is 125.78 GB. todo
Cryptocurrency is a list of money transfers. In blockchain world your balance is not just a single record, but the sum of all your receipts and expenditures (the entire transactions history). If a blockchain stores transactions which only contain money transfers (sender address, recipient address and amount being sent), we call this type of blockchain a cryptocurrency. Bitcoin - is a cryptocurrency. But any transaction is just a string in a file, thus it may contain any information. An address in turn may not belong to a human... which gives us much wider opportunities then just a crypto currency.
Smart contract is like a web site. A blockchain address may belong to a program. A program then is called a smart contract. It is called a contract just because the code is open. However it is simpler to compare it to a web site (or web service). For example, a classified advertisements service could be a smart contract. Its code would be stored at a particular address in the blockchain - just like a web site url. A transaction to this address would not contain money but an advertisement text. And the smart contract would publish this advertisement, i.e. saves to blockchain.
Ethereum is like the Internet Ethereum - is exactly the kind of blockchain in which transactions may contain not only money, but data. The blockchain database (those files one downloads) stores transactions between people, transactions involving smart contracts and contracts source codes. This makes Ethereum kinda new type of the Internet, which is stored locally by everyone involved.
And that's really enough for the theory. The rest you'll learn from what it all means in practice.

What is the difference between a smart contract and a conventional web site

What are the advantages (and disadvantages) of a smart contract driven service.

Openness and Encryption

A user doesn't have to trust you. "Everything that gets into blockchain remains there forever, anything can be verified, but nothing can be changed". The user sees exactly how your system works (smart contract code is open) and stays confident in the reliability of your database (database is transparent and unchangeable). Meaning there is no need to win users trust.
For example, you can turn a classified advertisements service into an open auction with charity donations. The process of selling would look as follows. A seller sets the initial price and posts a lot. After that anybody will be able to track bets, see a winner, see how much seller earned and how much was deducted to charity and to platform commission. Everybody is confident there was no cheating.
Where it benefits most. Gambling (Roulethvdice.io), prediction markets (Augur, Gnosis), voting, multilevel marketing (TheMillionEtherHomepage).

Payment processing "out of the box"

You don't have to deal with any payment processing services. Solidity language with which smart contracts are written incorporates all the necessary money (Ether cryptocurrency) operators. User balance is just another variable in your code. You can program any behavior to it - like triggering an event on receiving a certain amount of money or making a multisignature payment and much more. That is why Ether and other cryptocurrencies are often referred to as programmable money.
Where it benefits most. Crowdfunding platforms (Weifund, Wings.ai), rent services Golem - rent unused CPU/GPU cycles.

Decentralization

You don't have to worry about DoS attacks and scalability. Every blockchain user has it's own smart contract copy locally on his computer, thus it will withstand any load, free of charge.
Where it benefits most. Smart contracts gave rise to a totally new kind of companies - decentralized organizations (DAOs). DAO is a separate phenomenon worth studying. In the meantime, just ask yourself: "Why do we need an intermediary like Uber, if it is possible to connect a driver and a passenger through a smart contract directly?". What prospects does it opens? Have a look at this startups: Arcade city and Lazooz.
Lifehack: When googling for A DAO, ignore the hassle around THE DAO). The only reason THE DAO failed was braking some basic smart contract safety rules (we'll discuss them further).

Transaction delay and commission

A user have to pay for every transaction and have to wait a bit too. The average transaction is mined (read included) into Ethereum blockchain in 14-15 seconds. There is a high chance of reducing this delay down to 4 seconds in the near future. But even then we are all got used to a better responsiveness. Moreover a simple money transfer (two addresses involved, no contracts, minimal amount of data) would cost about 0.000861 ETH ($0.02 in March 2017). These "drawbacks" are tiny, but enough to build a heavy threshold for certain types of projects.
Where it doesn't benefit. A chat for example. Each message chips a couple of weis (Ether denomination) off your balance and requires half a minute to reach the other end. This is probably a bad idea for a startup unless you are dealing with some official correspondence, which requires legal force and does not require privacy.
With smart contracts you can choose almost any web service and make it blockchain. Plus you are free to create completely new blockchain-only types of projects. See what has already been done, mix it up with Internet of things, artificial intelligence, virtual worlds or fintech, and you'd most probably get a unicorn.
Note: You can make a smart contract with Bitcoin too, but it's like doing 3D in MS Excel. Kinda possible, but why?

What business models are there

You are free to use any business model. But first have a look at what have already become a new standard in Ethereum - tokens.
In conventional terms tokens business model is like crowdfunding and IPO combined. The "crowd" buys shares of your company instead of products. And in the future the shares (tokens) may be sold or exchanged for your services.
This became possible because Solidity (Ethereum smart contract language) allows issuing your own cryptocurrency.
For example. You came up with a classified advertisement platform idea. You want it to have its own internal currency (tokens) called Advertisement (ADV). You want to charge 1 ADV for placing an advertisement, 2 ADVs for pinning it to the top and 0.2 ADVs for updating. You write a smart contract. All that it is capable of at this point is receiving money (ETH) and keeping users balances.
Now you announce your platform in a way that crowdfunding projects usually do and offer to buy ADVs at low cost 1 ADV = 1 ETH. Later when your platform is live you'll set the ADV price to 10 ETH. After that those who invested in the very beginning will be able to sell their ADVs gaining income or place their ads 10 times cheaper than the current price. But for now you've earned your ETH to spend on development.
Tokens are attractive enough on their own to start experimenting with smart contracts.

What it takes to engage a user

Ok. You published your first smart contract. But what it takes to engage a user with no blockchain experience to use it? And how can we lower the threshold?
We can break user experience into two parts: interacting with blockchain (what a user has to do anyway) and interacting with your smart contract (ways we can make a user's life easier).

Interacting with blockchain

What a user has to do anyway.
Get an address (a wallet). An address and a key to it is like username and password. There is no way to interact with blockchain without it. The easiest way to get it is to use generator at MyEtherWallet.com. It takes less than one minute and as a result, user receives an address and a key. The address is a 42 character sting and the key is a small file. The key file is used to sign transactions and has to be saved as securely as possible - there is no way to restore it. A user can use the same address to interact with any smart contract.
IMG: Generate a wallet at MyEtherWallet.com
Get some ether (ETH). Any transaction requires commission (0,001 to 0,01 ETH on average). A user has to fuel up his address with a sufficient sum to interact with your contract. Buying ether is possible through major exchanges. These exchanges require 1-3 day for identity approval and are available in a limited list of countries. Users from other countries and those not eager to wait (especially when buying Ether worth a couple of bucks) may use almost instant alternatives.
Look and feel exercise: generate a wallet and send some Ether to it.
Access a blockchain client. Any interaction with blockchain and with any smart contract accordingly is done through a blockchain-client.
As of March 2017 downloading Ethereum database to an HDD disk (70% are still using HDDs) requires 2-3 days and 43 GB of spare space. It makes computer unresponsive enough to start throwing things at it. Keeping blockchain in sync too requires about the same amount of resources as watching a movie online does.
Not to confuse the pros. For the sake of simplicity we call EthereumWallet, Mist browser, geth and parity the blockchain client. We are entrepreneurs here, it is only a programmer who should really know the difference.
There is also a so called light client. It doesn't require downloading the database. But it still requires installation and getting hands dirty with manuals. Our target audience is not willing to do it either.
So let's be realistic our target audience will hardly install any blockchain client on their computers. Let's see how we can help.
A necessary and sufficient minimum for a user to start interacting with any smart contract is an address (key file) and a tiny amount of ether on it.

Interacting with your smart contract

We got to simplify user experience with a graphical user interface (GUI). In Ethereum GUIs do not belong to smart contracts and are stored off the blockchain. There are several ways to "attach" GUI to a smart contract. Here are they from the least to the most user-friendly.

Smart contract with no GUI

Users can interact with smart contracts directly, with no GUI at all.
Blockchain client can identify smart contract functions and let user work with it. The client provides auto-generated GUI so a contract looks and feels like a sign-in form of a website. This is a straightforward way of writing to and reading from contract.
IMG: Access contract function through Ethereum Wallet
But we agreed we won't force user to deal with blockchain clients. To set user free from it we can try to offer MyEtherWallet.com (an online client). Contract interaction will look just the same, but there is no need to download or learn anything.
IMG: Access the same function through MyEtherWallet.com
The contract without GUI has to be very well documented. It is also a good idea to make a landing page to display the current state of the contract.
For example, TheMillionEtherHomepage.com displays the state of the underlying contract and offers users to work with it directly giving all necessary instructions. The same setup would likely be a minimum for a classified advertisements smart contract. So the user with no blockchain background would be able to grasp the idea of the service.
Look and feel exercise: Try following sign in instructions for TheMillionEtherHomepage.com (it's free) and see what it is like to use MyEtherWallet.com.
A Smart contract without GUI will do as a minimum viable product

Decentralized application (DApp) - GUI in a browser

In the above example the website doesn't allow writing to the contract being just a representation of its state (it only reads from the contract). To let user interact with your contract (read and write) through your own GUI you gonna need a DApp. DApp is a GUI for your contract in a browser.
A browser can simultaneously connect to the Internet and to a blockchain client. This allows a smart contract to look (and work) just like a conventional web-site. A user will follow a link like http://myClassyAdvertisements.com and see your website in the full beauty of HTML, CSS and JavaScript, then will be prompted to fill ad text and click "publish". The only difference the user will notice is a pop-up offering to select a keyfile on the disk instead of asking for a username-password.
The GUI is taken from the Internet, but transactions are sent to a local blockchain client.
Browser can connect either to full or light blockchain client. We discarded them both. There is a browser with "included" client - the Mist browser. But it is too complex too. The easiest solution is the Google Chrome plugin Metamask which brings all blockchain benefits right into the browser. This is what we want our user to install.
Look and feel exercise: Go to tokens exchange platform Maker Market, then install Metamask Chrome plugin and try Maker Market again. See how metamask brings blockchain functionality to the website.
DApp and Metamask browser plugin make your smart contract look and feel just like a web-site

Mobile application

We can make any GUI for mobile or desktop application and bring any feature to it. But in order to send transactions it has to communicate with a blockchain client too.
The ways to do it without any locally installed client are: embedding a light client right into your application or communicating with a remote blockchain client (see infrastructure section further).
Look and feel exercise: Try installing Jaxx wallet or Free Wallet on your phone.
To engage a user with no blockchain background means to make him get an address, buy a bit of Ether and install your mobile app or Metamask browser plugin.

What it takes to build an infrastructure

Let's turn to even more practical (and technical) parts. First what will you have to buy. From the cheapest to the most expensive setup.

Smart contract with no GUI

Regardless of the way you've implemented the GUI, you need to publish your contract first. Publication of a contract is a transaction too. Commission for it is negligible. If you managed to pay 1 ETH for commission, then your project is larger than the majority of existing ones.
Project documentation may be published for free at readthedocs.com. Or upload instruction videos to youtube.
If you want to display the status of the contract on a web-site the way TheMillionEtherHomepage.com does, you have to develop a back-end that will "listen" to the contract through a blockchain-client. Thus you need a hosting to run your website, blockchain client and your blockchain client "listener".
Before buying a hosting check out Etherscan.io and Infura APIs. These are "remote" blockchain clients which will probably let you build your landing page with pure Javascript and no back-end.

DApp

DApp is just a web page (HTML, CSS, JAvaScript). A simple hosting with no database and frameworks support will probably be enough for a start. Remember your user has to interact through his own client (a local one or Metamask). So introduce a version for those with no access to blockchain (see a paragraph up - make a web-page representing your smart contract status).

Mobile App

For a mobile app you'd probably need a server with a running blockchain client to let your app communicate with the blockhain through it. Or you can embed light client right into your app. Or use Etherscan.io and Infura API. Depends on your features. A more detailed (and more technical) guide is here - Mobile: Introduction

Which developer skills are required

What kind of developers skills you want to search?
First - responsibility, second - patience and third - JavaScript front-end skills. Safety first, because failure price is very high.

Smart contract with no GUI

Ethereum has its own language for smart contracts which is called Solidity.
The language looks very much like JavaScript and simple to learn. But one has to be really really really careful writing smart contracts.
Any contact is open source. Anyone can copy it and quietly experiment with attack options before an actual attack. With no thought out bug fixing strategies, neither address nor contract code can be changed after its publication. If there is a vulnerability and no escape paths, you'll helplessly observe your balance approaching zero. So it was with the ill-fated DAO (remember the life hack - The DAO is just an example of how one shouldn't write smart contracts).
Responsibility. Ethereum community recommends writing smart contract as if it were a firmware for electronics or a financial service (but NOT a web-site). For anyone eager to write smart contacts this official document on safety is a must.

DApp

DApp is HTML, CSS and JavaScript. JavaScript library web3.js provides interaction with blockchain client. A front-end developer will do the job.
Patience You need a patient and curious developer. This is the person to dive deepest into blockchain technology, make raw developer tools work and read through tons of documentation.
Regardless of whether your contract has a GUI or not, you gonna need a JavaScript developer. As it is strongly recommended (no, it is actually a must) to cover close to 100% of smart contract functionality with tests, which are written in JavaScript. Detailed developer guide is here here.

Mobile apps and back-ends

Mobile and desktop applications can be written in any language. Recommendations are the same as for the DApp. To connect your app to a blockchain client (full, light or remote) there are ready-made libraries available. For example, python. To embed a light client, check out geth.

Conclusion

Lifehack: Jump off the cliff and build wings on the way down © Ray Douglas Bradbury.
There are only 368 dapps listed at the official Ethereum dapps list and only one third of them is live. I believe this indicates the lack of understanding, not possibilities. It makes Ethereum a great chance to build a future game changer.
You may get some insights learning technology deeper. It is useful to know many of the underlying concepts of Ethereum and blockchain technology in general. But for the smart contracts and for the start this guide is a enough.
As you've seen there is not much complexity. If you are already dealing with websites and JavaScript all you have to do is pump up your team's responsibility. And if you already have an idea, just give a test flight. And see how high you can go.
Thank you for reading.
submitted by takeshi_reg to Entrepreneur [link] [comments]

Protecting your Crypto - Basic Attack Vectors

Another thread talking about risks of crypto and personal identifiable information was the reason for this post. I’ll say now, I’m in no way a security professional but figured at least some of this may help a novice or further the discussion.
I view securing your crypto as sliding scales of time, money, and risk. Understand them, then you can dial the knobs as you see fit. You’ll want to mitigate as much risk as possible when securing “life changing” funds, spending as much time and money securing them. And maybe dial it back (or as you see fit) when keeping $100 bucks of crypto on your Parity wallet on your computer.
Taking this example further:
This may sound obvious, but I HAVE SEEN others not know this.
I think a good way to start talking about this is attack vectors. I had time to write out ~3, but there are more.
Phishing: This is probably the most popular right now. Phishing is basically a method of presenting a victim with seemingly legitimate information with the goal of stealing money or information. The scope is super broad and sometimes meant to target inexperienced users. You may have seen examples of this in phishing in e-mail. That Nigerian Prince intentionally misspelt a bunch of words to filter out intelligent recipients. If their scam has 5 parts to it, they don’t want to spend time on getting almost all the way through to the scam and have the victim realize it looks sketchy at the end.
Taking this example in the Crypto space, we have seen phishing domain names appear to look like “MyEtherWallet.com”, and Tricking users to send them coins here or here, or fake messages on Slack, or even Sending Vitalik a fake message on reddit.
Ways you can prevent this
Spear Phishing: Or simply a targeted attack. Spear phishing is a more targeted phishing attack. Unlike phishing, it casts a smaller net, but is geared more towards the target. More time and effort could be spent by the attacker doing this for greater reward. A good way of not being a targeted attack is simply not letting potentially malicious people know you’re a target. Letting others know your wealth either on purpose or accident puts you on an unnecessary radar. Similar to a bug bounty, it will only encourage malicious actors to make you the bounty. Do not give any personal identifiable info when not necessary. A good example of this is this post. It involves a targeted attack/spear phishing and social engineering.
The attacker in short found a tweet by a target that he uses Coinbase. Attacker was then able to obtain Name and phone number of target. Attacker then used social engineering to convince Verizon to relocate victims phone number to another device. With that he was then able to gain access to Coinbase. Among the several things mentioned in the article on security, simply not letting others know he used Coinbase was one of them. Protect your identity and personal information around Crypto when possible.
Security Vulnerabilities and Malware All operating systems should be considered unsecure. 0 day exploits are exploits that are known to malicious actors and not know by the developers of the software. There are also exploits that are known, but simply not patched by users. When was the last time you patched Windows? Malware (Malicious Software) can be installed on your computer via these exploits easily by a hacker given enough skill, and the reward being high enough. They can be deployed on your machine by visiting legitimate websites! The exploit can live in an advertisement banner not completely controlled by the site. This Malware once infected can log keystrokes or read clipboard data (think: Private Keys), allow remote control.
Let’s give a plausible scenario that takes some or all attack vectors here.
Ways to help prevent this are
This was only a few feet wide, and an inch deep. There’s much more to this, but hope it helps someone not lose a great deal amount of funds! Understanding your risk will help you associate enough time and money to protect it
submitted by OneSmallStepForLambo to ethereum [link] [comments]

The case for Ethereum: general-purpose vs special-purpose blockchains

Bitcoin and Alt-coins are Special-Purpose Chains

What's the difference between a general-purpose blockchain and a special-purpose blockchain? Let's start with bitcoin, the original special-purpose chain for computing and comparing sha256 hashes. Bitcoin users started the chain by mining on generic x86 (general-purpose) CPUs. But because sha256 hashing is a specific computation, btc mining is now dominated by Application Specific Integrated Circuit (ASIC) hardware. Litecoin is another special-purpose chain, except it computes scrypt hashes (some manufacturers are already started shipping scrypt ASIC miners). There's also a Primecoin for computing prime numbers, and a bunch of other special-purpose chains commonly known as alt-coins.

Special-Purpose Chains: Backend and User Perspective

How does it work when we want to use the services provided by separate special-purpose chains? Let's look at the granddaddy of alt-coins, namecoin, which like bitcoin uses sha256 hashes. Additionally, it also provides some standard namecoin script opcodes for associating plaintext pseudonyms with unique addresses (public/private keypairs), so namecoin addresses can register and "own" domain names or identities/handles. Let's say you want to use bitcoins to purchase a namecoin .bit domain that its owner is selling. What does it take to get these two special-purpose blockchains (bitcoin and namecoin) to interact with each other? The immediate option (and the only one available today) is a centralized service running a web server in front of both p2p daemons (as nodes of their respective networks, bitcoind and namecoind). That centralized service is a BTC/NMC exchange, and maybe it has an interface allowing you to register "dot-bit" names (otherwise you'd have to open up two separate wallets - one for each coin). The centralized exchange is a trusted third-party that holds in escrow the BTC and NMC of each user (whose coins could be stolen by a dishonest exchange operator).

A General-Purpose Chain: Backend and User Perspective

So how is using a unified general-purpose chain different from a special-purpose one? On the Ethereum general-purpose chain, each service is provided by some "DApp" (distributed app "hosted" by all ethereum miners). A DApp is an interface to a specific "contract", running at some address on the blockchain. For instance, to register a name, you would open the EtherNames DApp in the ethereum client's built-in browser, type in the name you want to register, and "send" the registration as a transaction with data. There's no need to copy and paste addresses since the Ethereum client provides hooks for seamless wallet access inside every DApp. The registration transaction is sent to the EtherName DApp's contract address, which is running some variant of the namecoin contract code. A specific contract gets initialized at a particular address by some untrusted third-party individual/entity (the DApp author). The contract author is not trusted, all the author does is upload the contract code and pay the initial "gas" fee. The contract code is independently executed and verified by each ethereum miner as part of a single atomic transaction. Atomicity means that the ledger database updates are all-or-nothing, so no user has to worry about the risk of having to pay first because any and all transactions needed to fulfill a contract are guaranteed to occur within the same block, or the contract is broken and won't run at all. Think of Ethereum contracts as interconnected threads in a big web of complex multi-sig transactions of Ethers and contract-specific sub-currencies, all of which run atop the same unified blockchain.

Special-Purpose Chains: Developer Perspective

From the developer's perspective, operating a service that uses two separate special-purpose chains requires maintaining both blockchains (upgrading separate software, providing enough processing power, disk space, and bandwidth for each chain). It also requires maintaining user accounts, as well as wallets on two separate chains (multiplied by the number of users). Hosting a server is needed to run both the namecoin daemon and bitcoin daemon (unless outsourced to a centralized API). The web developer will need to maintain a web server and app stack such as LAMP (Linux Apache Mysql Php) or MEAN (Mongodb Express Angular Node). Finally, the service must hold the users' deposits of bitcoins and namecoins in secure hot wallets and offline cold storage, keeping them safe from hacker thieves. Altogether, every service operator needs to independently maintain a separate full-stack system, which can be a herculean effort.

A General-Purpose Chain: Developer Perspective

A service operating on Ethereum has a DApp backend hosted right on the blockchain, maintained by miners (who earn gas fees). A developer simply authors the contract code and pays the gas fee to initialize it on the blockchain, which is much easier than forking an alt-coin to start yet another genesis block. DApp's do not need a separate API for access and integration by other developers; authors just name functions inside a contract, directly exposing an API (with optional fee-per-use) that enables message calls from any other Ethereum DApp. Also, DApp authors do not need to maintain user accounts, since the users interact with the DApp directly on the blockchain through their ethereum addresses. Nor do DApp authors need to maintain user wallets since private keys stay private in a decentralized system. Unlike the current convention where coins are deposited to a wallet address controlled by some third-party, in a truly decentralized system private keys are only used for signing transactions as inputs to contracts.

Meta-Coins as Feature Specs

Meta-coin protocol extensions like Colored Coins, MasterCoin, and CounterParty work by organizing a group of users who agree to interpret bitcoin transaction data according to some metadata specification, supplementing the base rules of the bitcoin protocol. For example, MasterCoin specifies creating multisig 1-of-n bitcoin transactions and encoding data in the n-minus-1 unused public keys. In the meta-coin approach, each feature or "contract" is specified in the meta-protocol. Two MasterCoin features are registration of a data stream and the creation of a sub-currency, these are baked into the specification and reference client alongside the other features. While you can register new data streams and sub-currencies, if you want to create a new contract that is some kind of a hybrid between a data stream and a sub-currency, such as a call/put option or a Contract For Difference (CFD), it would need to be implemented directly in the reference client, and unlocked as a feature at some future block number. Implementing new features in a meta-coin protocol that doesn't have a scripting language requires specifying them directly in the protocol and must be effected at the organizational level.

Scripts and DApps vs Forks and Features

Embedding a scripting language into a crypto-currency gives it the same kind of extensibility that gamers crave in video games. Scripts empower players to create "mods" and customize their game-world with new levels, characters, and maps. In the crypto-currency world, scripting allows for the extension of a plethora of decentralized features such as trading, lotteries, and ecommerce, all atop a shared, compatible platform. Bitcoin has a scripting language, but with severe limitations including: lack of loops, binary state variables limited to spent or unspent transaction outputs, and blockchain blindness. The difficulty of using bitcoin script has in effect given rise to a landscape of competing alt-coins and meta-coins with incompatible protocols. The preferable route, and vision of Ethereum, is to foster a fully-featured ecosystem of compatible, interacting DApps. Providing a Turing-complete scripting language on a general-purpose blockchain with message calls between contracts stimulates adoption of Ethereum as a shared decentralized Operating System and kernel.

Decentralized House, Decentralized Dealer

Consider the concept of a decentralized lottery. In a semi-decentralized lottery that is merely provably fair, although the operator is not capable of altering any particular dice outcome, he can simply shut down the service immediately after a big winning bet comes in, scamming the user of his money and winnings. But in a fully decentralized lottery, the mechanism for distributing the winnings is written into the contract itself (open-source and audited by users), so no central operator is needed. While writing such a contract in bitcoin script is theoretically possible (see pages 12-15), to my knowledge none has been implemented. In practice, it is easier to create a LottoCoin as a special-purpose alt-chain. In contrast, writing a script on the Ethereum platform for a fully decentralized lottery is not only feasible but relatively easy.

Conclusion

The limitations and difficulties of using bitcoin script to implement decentralized features natively on the bitcoin blockchain has resulted in a fragmented ecosystem of incompatible, competing alt-chains and meta-coins. While it is theoretically possible to use bitcoin script for complex contracts like cross-chain atomic trading, practical implementations of such features have yet to be achieved (to my knowledge). On the other hand, Ethereum focuses on providing an easy-to-use scripting language for implementing advanced contracts on a general-purpose blockchain. Ethereum's extensible platform enables the realization of advanced decentralized features that previously were inaccessible.
submitted by martinBrown1984 to ethereum [link] [comments]

A message to Bitcoin and cryptocurrency holders ❤️BITCOIN: Important Message [ ANDREAS ANTONOPOULOS ] - Bitcoin 2020 - Analysis Bitcoin - Some Bitcoin Cash maximalists don’t want you to hear this message - Intro BITCOIN BROKE OUT!!! HUGE RESISTANCE ABOVE US!!! ARE WE IN A GREAT DEPRESSION ?!? SecPoint - Next Generation Cyber Security - YouTube

Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.. Visit Stack Exchange A test message composed on privnotes.com, which is phishing users of the legitimate encrypted message service privnote.com. Pay special attention to the bitcoin address in this message. I believe there are some chains that allow that. I'm not sure if it has been merged upstream to bitcoin or not. I know I've been discussing ways to do messaging within a coin blockchain (vs bitmessage). You could use a blockchain.info wallet and send a message over blockchain.info. – Joe White Jan 5 '14 at 21:20 The key data is the least of your worries. The number of files this system will maintain (apparently indefinitely) will grow in N*M fashion. Every node will be given every e-mail ever sent by anyone, and be expected to keep that file for some relatively long time. 10 users, whose computers are nodes in the web of trust, who each send an e-mail to all users (including themselves; what, you've ... Bitcoin stackexchange com/users/message/9 sent=1#9 bedeutung hebel beim traden . Bitcoin stackexchange com/users/message/9 sent=1#9 visa prepaid card not working on amazon . Ing Diba Extra Konto Girokonto. reussir-avec-fleche.org. bitcoin stackexchange com/users/message/9 sent=1#9 forex in norway . Buchhandel Düsseldorf Hbf

[index] [22396] [30866] [29164] [7069] [22157] [20962] [19970] [17916] [13568] [7351]

A message to Bitcoin and cryptocurrency holders

0:16 - 9 year anniversary of the first Bitcoin billboard 0:42 - More than 1,000 BCH gifts given away with gifts.bitcoin.com 1:03 - New interview with Roger Ver coming soon Bitcoin will be the new store of value and crypto will be the new technology evolution and I want to be a part of that trough this channel. I will be sharing my ideas about the future of Bitcoin ... Cyber Security and Crypto News - BTC 100 Quintillion Ecuador Leak - Skidmap Malware Snowden Sued - Duration: 3 minutes, 25 seconds. Send me an email to [email protected] 📝Legal: *'The above video references an opinion and is for information purposes only. It is not intended to be investment advice. Thank you Andreas for your constant support. I hope you all enjoyed it as much as we did. SEE YOU IN THE NEXT VIDEO! Twitter: https://twitter.com/techwithc...

#