Mining Bitcoin (+ Other Altcoins) with Azure N-Series GPU ...
11 Best Bitcoin Mining Software 2020 (Mac, Windows, Linux)
Mining bitcoin with Azure (and why it is a terrible idea ...
Very Fast Bitcoin mining software for Windows 2020 BTC miner
Roll your own Android-friendly Stadia in 12 steps
A lot of this comes from /cloudygamer, so go there and give them your clicks, but I've been cloud gaming now for months in a variety of ways, and I think I've settled on my happiest path. I rent a server from Paperspace, and simply use Steam Link Anywhere to play any game from my Steam Library from my house. Quality is very good, but not perfect, but my costs are $10/month for storage and $0.51/hr of streaming time. At my rate of about 1-2 hours/day, my annual spend rate is about $400. The benefits I see are as follows:
Incredible portability - I can play on my phone, my laptop, or my Nvidia Shield on my TV.
On-demand usage - If I'm not playing, I'm only paying the storage fee each month, so it sort of scales naturally.
Excellent graphical fidelity - I'm generally able to play on excellent settings and stream at 1080p. I also find that the input lag doesn't bother me. I'm certain if I recorded myself playing in slo-mo, I'd notice input lag, but I've had great fun playing many hours of Rocket League, and I'm having a great time playing through Jedi: Fallen Order
Excellent library - This method basically supports all PC games, and lets me play anything from Steam, Epic, etc, etc, down to indies and anything I want to play. If XCloud has 50 games, and Stadia has 22, I think this path compares rather favorably.
Cost - I'm saving money versus keeping a comparable gaming PC running these games at these settings, but I'm probably losing money against just purchasing new Playstations as they are released. Also, the free tier of Stadia will be cheaper than this, although factor in the purchase of games. This method uses your Steam Library.
Network costs - I assume that if I had anything less than bulletproof internet, my experience would rapidly degrade
Framerate stuff - On occasion I'll hit a bit of lag or delay.
How-to: This is just my path through, and you may choose a different path. I picked Paperspace because the ease of use is just astounding compared to Google Cloud or AWS or Azure. However, they only have 3 servers from what I can tell - California, New York and Amsterdam. I would perform the majority of these steps on your PC:
At this point you may get stopped by a form that requires you to explain what you want to use the server for. I don't think they want people using them for Bitcoin mining, maybe? If you get that form, it usually takes a day for them to get back to you
Choose a storage amount. If you only play one game at a time, you can save some cash here by choosing one of the lower priced storage tiers.
Add your payment details and click "Create Your Paperspace"
You'll be taken to a screen that shows you that Paperspace is provisioning and spinning up your server. Once it's ready, simply click on the box representing your server. You'll be dropped into the Windows environment.
Now, install Steam and log in to your account.
Having done that, enable the beta version of Steam by using the Beta Participation setting in Settings>Account
Steam will restart.
Install Steam Link on your phone (or Android TV device, or tablet, etc, etc). It will by default look for a PC on your home network. When that fails, it will prompt you with "Other Computer". Take the code it gives you, and return to your Paperspace tab in your browser, and navigate to the Remote Play entry in your Steam Settings.
Click the "Pair Steam Link" button, and type in the code that the Steam Link app gave you.
You're in business! Close your Paperspace tab (as it will consume bandwidth that you want to reserve for gaming). Your phone will launch into Steam Big Picture mode, and you can install and play games at will.
You can use the on-screen controls in the Steam Link app, and that might be okay for some indie games or non-twitchy games, but I purchased one of these controllers and this clip for my phone.
A quirk with Paperspace is that it uses the resolution of your browser as the upper bound for the display resolution. So to get higher than 1080p, I open my browser tab in full screen, and I use Chrome to zoom out, which causes the desktop to increase in resolution. Then I close my tab.
If you leave on the auto-start with Windows setting for Steam, all you have to do to get things going is open Paperspace's website on your phone and start your machine. Don't open it on your phone, as that will mess up your resolution, just hit the start button.
Always remember to shutdown your machine after use. Paperspace will kill it after a day of inactivity by default (you can adjust that setting), but you'll keep spending $0.50/hr until you turn it off.
If a particular game requires you to fill out fields and move a mouse cursor around, you can open your Paperspace window and interface that way.
TL, DR: It's really quite simple to set up a personal cloud gaming service that beats Stadia in a number of ways using any number of cloud hosting providers and Steam Link Anywhere.
Am I Operating on a Virtual Machine? Would that even be possible for someone to set up without my knowledge? Am I Crazy?
Long story short, I am friends with a programmer. He has had access to 2 of our computer's, and we've even done some minor work for him before to help him with a large project. He's a MS Enterprise user and I'm pretty sure he uses Azure in his business. He even helped us by using his card to buy us a Windows key when all we had was cash. We've started to notice weird stuff like BIOS boot devices that appeared and disappeared shortly after we discovered them (Windows ToGo & a Linux device) & seems to post twice when booting. Suddenly we have unaccounted for differences in network traffic between the Resource Manager (logs a 1000kb+ spike) & the Task Manager(doesn't log this 1000kb+ spike). "Mouse Intercept" files in game folders. We can't make changes or disable some services we would be able to change before. Internal SATA configured as external SATA. NFC & Payments services, Hyper V & Azure services we didn't install. Unspecified TCP connections and loopbacks, & when we run traceroute the first hop is always " * ". Today we tried to reinstall Windows again (we've done this fresh and re-flashed the BIOS many times) and it said there was only 16mb of space left on a 300GB hard drive even though we only had League of Legends and a browser installed. TL;DR Is it possible that our friend has us thinking we have control, but we're really using virtual machines while he allocated our resources to himself for some reason (Bitcoin mining? Maybe?). Have we been hacked? Can we hack our way out? It's been a year of research and we've turned up nothing useful. I feel crazy.
The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster
This is a long one - TL;DR at the end!
If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players. First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).
Why You Should Care About Breaches
The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.
But wait, why would anyone want to use my password? I'm nobody!
It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated. By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account! If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.
How You Can Protect Yourself
Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way. First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!
You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles. Some notable choices to consider:
1Password - recommend by Troy Hunt, creator of Have I Been Pwned
LastPass - I use this at work and it's generally good
BitWarden - free and open source! I use this at home and in some ways it's better than LastPass
KeePass (and forks) - free, open source, and totally offline; if you don't trust "the cloud" you can trade away some more convenience in exchange for taking full responsibility of your password security (and backups)
Regardless of which one you choose, any of them is 100x better than not using one at all.
The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication). Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc. The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure. Notable choices to consider:
Authy - probably the first big/popular one after Google Authenticator came out (I think) - NOTE: They let you use it on your desktop/browser, too, but this is TOO much convenience! Don't fall for that trap.
LastPass Authenticator - conveniently links up with a LastPass account, some sites support extra features (like not needing to type a code, just answer a phone notification)
Yubikey - A real physical MFA device! Some models are compatible with phones, too.
Duo - this one is more geared towards enterprise, but they have a free option
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one. Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine. There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.
What Does This Have To Do With GameDev?
Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).
Secure Your Code
Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover! If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access. Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository! Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
Is my code doing anything "dangerous"? (system-level stuff, memory access, saving passwords anywhere)
Could someone get the keys to the kingdom (API key, server password, etc) by just opening Cheat Engine and looking at memory values? Or doing a strings/hex edit/decompile/etc on my game executable?
Am I using outdated libraries/framework/engine? Do they have any known security bugs?
Secure Your Computer
I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.
Lock your computer when idle - use a password (or PIN or face unlock or whatever your OS uses) - no one should ever be able to walk up to your computer and use it if you're not looking, nor should they be able to get in if they grabbed your closed laptop off the table at starbucks (thanks u/3tt07kjt for reminding me of this one)
Use full disk encryption (especially on laptops)
Update your OS for security updates ASAP
Use anti-virus (yes, Windows Defender is fine) and keep it updated
Update your web browser ALWAYS (this is your 99% chance attack vector, so don't postpone it!)
Don't install browser extensions that you don't need - a LOT of extensions are either malware from the start or become malware later (my favorite emoji extension started mining bitcoins, FFS!) - check reviews regularly after extensions update
DO use adblock and privacy extensions - ads are a common attack vector - I recommend uBlock Origin and Privacy Badger at a minimum (note that some legit sites can break and so you'll have to fiddle with settings or whitelist)
Don't open suspicious or unknown links on e-mail, social media, discord, etc (be sure to hover over the links in this post before clicking them)
Don't open attachments, ever - unless you were expecting it from that person at that time
Don't fill out ANY forms (comments, login, registration, etc) on websites that don't have HTTPS (secure) connection - your browser will show this in the address bar, usually
In general, be suspicious of everything that comes from people you don't know - and even from people you do know if it was unexpected
E-Mail is (probably) the least secure form of communications ever invented - so try not to use it for sensitive things
Secure Your Website
I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site and they are relevant even if you don't use DO for your servers.
Use HTTPS (SSL/TLS) secure connections - it's FREE and EASY thanks to Let's Encrypt
KEEP EVERYTHING UPDATED - automate as much as you can
If you have control over the server, you MUST update the OS, the web server, and any backend application servers/languages/frameworks involved. Equifax breach was due to having out of date server software. BMG breach was worsened by having out of date server software. YOU MUST STAY UPDATED, ALWAYS
Don't store sensitive personal information - it's a huge pain to be PCI compliant, it's a huge fine if you mess it up - avoid storing any customer information that you don't actually need (see also: GDPR )
Do not allow access to SSH/Remote desktop/Database services from the whole world; the general public should only ever be able to reach ports 80 and 443 on your web server (and 80 should permanently redirect to HTTPS)
Use SSH keys instead of passwords on Linux servers
Don't run your own email server - it's just not worth it; use google apps for business, office 365, zoho, or something else for business email
Secure your domain registrar account! Don't lose your domain to a bad password or lack of MFA/2FA or an old email address! If your registrar doesn't support actual security then transfer to one that does. (namecheap, namesilo, google domains, amazon aws route53, even godaddy, the absolutely worst web company, has good security options)
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.
That's it, for now
I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.
TL;DR (y u words so much??)
Use a password manager so you can have different, random, secure passwords on every account on every website/service/game
Use MFA/2FA on every account, if possible
Lock your computer when idle/away
Use full disk encryption on laptops
Update your operating system (we all hate Windows Update, but it really is for our own good)
Use anti-virus (Windows Defender is fine)
Update your browser
Use good adblockeprivacy blocker browsers extensions
Don't use browser extensions that you don't really need (they could be a trojan horse of bitcoin mining later)
Don't trust anything sent by anyone, unless you were expecting it and know it's safe
E-mail is the least secure form of communications in use these days; don't trust it for sensitive things
Use source control for your game code (git, mercurial, etc)
Lock down access to your source code
Don't put secrets (passwords, API keys/tokens, social security numbers, credit card numbers) in your code repository
Don't do dumb things like store your AWS keys in your game for players to just find with simple tools
Check your code dependencies for security bugs, update them when needed
Use HTTPS on your website
Update your web server OS and software
Use secure password storage (don't reinvent this wheel, it's been solved by way smarter people)
Use SSH keys instead of passwords for Linux servers
Use a firewall to block the world from getting in with SSH/Remote desktop/database direct connections
Only allow your own IP address (which can change!) into the server for admin tasks
Don't run your own email server, let someone who knows what they are doing handle that for you
Secure your domain registrar account, keep email address up to date
... in general... in general... in general... I sure wrote those 2 words a lot.
Why Should I Trust This Post?
Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things. If you want my appeal to authority answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products. Edit: Fixed some typos and added some more links More edit: added a few more points and links
This is just used for messing around with Cisco stuff, to get a feel for the configuration
HP Procurve 2650 J4899B 48 (50) Port Managed Switch, 48x100Mb ports + 2x1Gb ports (1Gb ports can be switched out for 1Gb SFP Fibre adapters)
Need to get some brackets for this one, not used currently but will eventually be used to mess around with VLANs
Cisco 3600 Router (WIC2T, 2x2FE2W), running the latest compatible IOS
Also just for messing around with, not got as much info on this one as I don't use it as often
Dell PowerEdge R300 (16GB DDR2 RAM, Intel Xeon X3363 CPU @ 2.83GHz, 2xSamsung 40GB SATA HDDs [temporarily, will have 2x500GB in there soon] RAID1, Windows Server 2012 R2 Standard)
This is a new machine, I just got it. Having recently started a job as an ASP.NET Framework and ASP.NET Core dev, I wanted a Windows Server machine to mess around with at home in order to get good practice with Azure DevOps, ASP.NET Web Apps and IIS. I know my C# but ASP.NET is new to me
Are we INSANE?! Can this EVEN HAPPEN?! I feel crazy.
I feel like we're going insane and I just need to know if this is possible. My husband and I used to live with roommates who would have had access to our computers and the knowledge and resources to REALLY mess with us if they wanted to. For the past year our performance has been crap, and suspicious stuff has happened on our computers. It's almost like we're using virtual machines while our resources are allocated somewhere else. There's Hyper V processes running in Windows 10 and boot devices we didn't install popping up in our BIOS. Theoretically, is it possible for someone to set up our machines/phones/network to allocate our resources without our knowledge? Maybe to mine Bitcoin or something? We've reinstalled everything, even replaced the router and re-flashed the BIOS and it seems to be fine for a few hours and then back to bad. Can this happen? Or have we become the crazy old couple just an update away from claiming them thar compoopers is wachin' us? In all seriousness, I've considered checking us both in to the loony bin. It's that bad. EDIT: It looks like someone set themselves up to be our OEM? They've set up something to deploy and install drivers after we install Windows. If that's the case, how would we fix that? Edit 2: Azure services are also running. We haven't installed Azure, but we know our former roommate is an Enterprise customer who uses Azure.
Is A Hack Like This Even Possible? I Might Actually Be Crazy.
For a year my husband and I have noticed a decrease in our computers performance. There's a lot we can't explain. We also have a friend who has the knowledge, resources, time and access to pull something like this off. Our theory is that he's using our computers to mine bitcoins with our resources without our knowledge. It has to be profitable to be going on this long. OR some of this stuff is perfectly explainable and were just extremely paranoid and delusional. It has literally effected our mental health and I'm terrified for my husband's well-being. Any help on this would be appreciated more than you know. For those interested in what we think we've found here is a list: 1. Our computers speakers will start buzzing or cracking at the same time. Computers are off and not connected together. At one point shortly before this started, we noticed one computer's sound was messed up and the headphones speakers were configured as a mic. This suddenly fixed itself. 2. Random network traffic that is not shown on the Task Manager view of the Ethernet connector. It seems to happen only if League of Legends is open. The RM shows a spike but the TM shows nothing. 3. We noticed that one computers internal SATA ports were configured as external SATA ports. 4. Strange things in the BIOS that weren't there before like a Windows ToGo device, a Linux device, even after flashing the BIOS. It seems like it posts twice. TPM settings popped up after re-flashing. 5. Lots of Bluetooth services with seemingly random letters and numbers after them that we can't change settings for or disable. We don't have Bluetooth devices on our computers. 6. NFC and Payment service on a PC? 7. strange hash files and GPU cache 8. Hyper-V services we didn't install 9. Running traceroute to anywhere, the first hop is always "*" 10. Network boot settings we can't change. 11. Routers Firewall blocking weird packets and weird firewall settings we haven't added in windows firewall. 12. Unspecified TCP connections and loopbacks in the resource monitor. He also used his card to buy our windows key and is an Enterprise user who uses Azure. Another theory is that he's registered as our OEM to install the software automatically that does this for him. Is this even theoretically possible or should we seek out a doctor and start taking antipsychotics?
Question: the 3 days of devcon are over. Are people interested in reports on the next 3 days of international Blockchain week (demo day + 2 days of global Blockchain summit) http://www.blockchainweek2016.org `
The buzz during the day was around the "stick puzzle" that Bok Khoo was giving out to people. It is just a stick, with a loop of string. He gets you to turn away, he uses "the trick" to put it onto your bag and then you try to get it off. The WeChat channel was just filled with everyone asking where they can get it, and the screaming that they can't figure it out. Only about 5 people reported they were able to solve it (I haven't yet) http://imgur.com/mYfJQP4http://imgur.com/4Euka1a `
I'm biased, but I thought the announcement from Microsoft with the update of cryptlets was a big deal. The morning sessions covered a few different oracle systems, the afternoon had lots of IPFS sessions. Microsoft - A Lap around Cryptlets https://azure.microsoft.com/en-us/blog/cryptletsdd/https://azure.microsoft.com/en-us/documentation/templates/ethereum-consortium-blockchain-network/https://azure.microsoft.com/en-us/blog/authomarleyg Microsoft was a sponsor of Devcon1 & 2 Ethereum is a 1st class citizen Support for community & partners - Bizspark, Meetups, Workshops Announcing: Bletchley v1 Distributed Ledger stack V1 is a private Ethrerum consortium, that you can spin up for your own enterprise / group http://imgur.com/olwwd36 Cryptlets are being developed to help with security, identity, etc. How do you get trusted external data feeds injected into the Blockchain? Doing things on a specific interval (every 15 mins) When price of something hits a threshold (oil goes above $40/barrel) Secure IP protected algorithms, but still share with blockchain network. Use libraries for common platforms (.Net, Java, etc) Cryptlets vs Oracle Cryptlets will have a marketplace on Azure that will allow you to purchase and utilise Use case: Trigger on an event Wake up on 4pm, if market was open that day, then give me the price of gold for that day.Get signature of attested server, attested sender. Use case: Control Using smart contract like a traditional DB. Declare data you are keeping track of, and the functions/"stored proc" to update that data. Cryptlet runs off chain, and can be scaled up. http://imgur.com/ysgL8S2 Utility cryptlet. Use an attribute in solidity contract with cryptlet details Developer references at design time the cryptlet they want the contract to call Contract cryptlet, deploy the cryptlet at same time as contract. Why would you want Azure to do this? SGX allows you to create "secure enclaves", can have complete isolation on the hardware chip where it is not modifable. Provides a secure enclave at the CPU level. Can give full attestation right down to the silicon. Will be provided as a enclave container on Azure. Will be released for .NET core CLR first, then other languages. Can create cryptlet libraries that you can scale and put into the Azure marketplace. An ecosystem for developers & ISVs to consume and publish. Bletchley v1 released today will let you spin up a private consortium. Before today, it took a long time to try and deploy a private consortium (can take weeks to read doco, Now takes 5 minutes to deploy! Creates a private consortium, puts each member in its own separate subnet http://imgur.com/w4yUsqE Mist Vision and Demo I was too busy sharing the release posts of Microsoft project bletchey v1, missed this talk. It did look interesting, I will watch this one later. Idea: Reward for bandwidth. Providing connection could replace mining as entrance point for desktop computers. Allow you to have a trickle so you can trigger smart contracts. Standardised backends, so that you can swap out the underlying node between geth, blockapps, etc. Web3.js https://github.com/ethereum/web3.js Etehereum JS API Smart conracts are EVM opcodes, Helps translates calls to JSON RPC calls. Helps do the ABI encoding when sending data from JS to EVM It kept on growing, many different utility functions being thrown in. Is time to clean it up and be refactored. They are now building a NEW web3.js The communication will be socket based, will enable subscriptions. Everything will be based on promises to subscribe to events, like log events. Bunch of other newer cleaner methods and ways to do things like deploying contracts. Smart contract security Was a very good postmorteum of The DAO and things that could be done to mitigate it in the future. An issue with The DAO was trying to do a massive jump from centralisation all the way to full decentralisation. Meant no one could step up and make a decision on how to save it. We need to make smaller steps towards full decentralisation as we learn as a community how to do this. Same security patterns as yesterday's talks: check invarients, beware 1024 call stack depth, reentry exploit (update state BEFORE executing calls), timestamps are manipulatable. Updateable contracts. Who can update it? Community multisig? We need better rools: formal verification, compiler warnings, improved IDEs, trusted libraries, excape hatches Conclusion: It is still very early days in this space, be careful. A Provably Honest Oracle Model: Auditable Offchain Data Gathering & Computations Oracalize is the most widely used oracle (until everyone starts using Microsoft Azure cryptlets ;-) ) Contract calls Oracalize contract with the data they want, off chain they see this get the data, Oracalise then trigger their contract externally, which does a callback to your contract with the data. Can use external notary servers. Can get proof from multiple external services to get a higher level of confidence about data (e.g. stock price from a few feeds). Off-chain (auditable_ computation) AWS sandbox 2.0. Put the execution package onto IPFS, AWS gets it and executes it, signs it. iEx.ec: Fully Distributed Cloud Thanks to the Ethereum Blockchain http://iex.ec/ Provides blockchain based execution environments Global market for computing resources. Idea is to do what we did before with "grid computing" use the idle capacity of computers. But this time do a trickle of micropayments. Allows people to harness this global power to execute their tasks in a global "distributed cloud". The Final frontier: The company smart conract http://otonomos.com/ Helping companies to incorporate on the blockchain. Smart oracles https://github.com/smartoracles Connecting to external resources is difficult. Hard to try and use external currencies (like a bank account / fiat money) to make transactions. Could hook in paypal, HSBC, wells fargo, etc. Can provide your own payment services as an API to a smart oracle for smart contracts to consume. Do off chain data storage by calling smart oracle API Roadmap: more data sources & more payment methods IPFS & Ethereum: Updates https://Ipfs.io IPFS is AMAZING, seriously go watch the full 1 hour talks Juan has given in previous years. Current web has current issues. Centralisation, etc. IPFS is a new hypermedia transfer protocol Content can be retrieved not from specific servers, but instead via it's hash so that it can come from anywhere in the network (maybe from the person next to you who has cached it). It is highly modular, all of the transfer protocals, routing, naming, etc. are all swapable Is available as GO-IPFS & now JS-IPFS Means now you can run IPFS in the browser IPFS was great for static content, but not so great for dynamic content. Low latency pub/sub protocol will help with dynamic data. Created a distributed peer to peer chat app using this new dynamic content protocol. IPLD a common link-tree hash format Will be able to use IPFS to retrieve ethereum blockchain blocks DIRECTLY Can use IPFS as a package manager to retrieve them in a distributed manner. Many projects are using Ethereum & IPFS Uport, Digix, Infura, Ujo, Eris, Blockfreight. Filecoin was created as a way to try and incentivize nodes to keep files longer time. People rent out hdd space to earn filecoin. Exchange bitcoin/filecoin. Use filecoin to store files in network. Filecoin is going to be built on top of the public Ethereum blockchain, as a virtual blockchain / token. IPFS Libp2p & Ethereum networking Network connectivity between any 2 nodes can be difficult. Censorship, bandwidth, network issues, etc. Having to deal with different networking topologies and access. Libp2p & Devp2p is different. Devp2p is for Ethereum. LIbp2p is modular, can swap out components to change network access, encryption methods, etc. Can build up a MEGA mesh network, by utilising traditional wired internet, radio, bluetooth between some nodes. Web browser using web socket, to a node, which routes across network, to zigbee to a IoT device. Libp2p & Devp2p could merge and augment each other. Could create the libp2p components to replace the devp2p bits Any 2 nodes that speak the same protocol can communicate and be a part of the network chain. Experiment. They took the browser based version of EVM. Then used Libp2p to talk to the Ethereum network. Had a complete ethereum node running in a browser. Uport https://uport.me/ Universal identity platform Current challenges: key management. Ux for average person. Dapps via mobile. Identity and data ownership. How do you keep a consistent identity, even if you lose a key. Have some multisig contracts that you can use to keep track. Social recovery, use your friends to attest it is really you. Keep private key on mobile, do transactions on the desktop, scan a QR code to sign the transaction on your phone and send it off. A Deep Dive into the Colony Foundation Protocol It is an open source governance protocol built on Ethereum Problem with voting is how to prevent Sybil attacks. Votes are weighted by a reputation score. Reputation is non-transferable that can only be earned. Total weighted voting helps mitigate this. Chain orchestration tooling & smart contract package management Eris is tooling for developers. Package manager to build your own blockchain. Can compose a chain, e.g. geth + tendermint consensus. Init, install, do. Can easily install on Mac/bew, linux/apt-get, Windows/choco The Golem Project: Ethereum-based market for computing power http://www.golemproject.net/ Anyone can make an offer to sell computing power. e.g. Distributed rendering Want to create a standard framework that anyone can use to submit and process jobs. Status: Integrating Ethereum Into Our Daily Lives https://status.im Want to get ethereum everywhere. "Mist for Mobile" Everyone is using their mobile phones for everything, but mostly using instant messaging. What would Ethereum in a IM window look? Created a IM mobile app that has a local geth node. tart up, it asks you to create a password, it generates a pub/private pair. Then can send messages via whisper, and the messages are signed with your public key. Can load Dapps up in the local webview and interact with them. Allows you to create "chat Dapps", that you interact with via text. Like chatbots Maker Ecosystem Overview www.Makerdao.com Dai: seeking stability on blockchain. Stablecoin engine: smart contract that holds collateral reserves and controls the Dai lifecycle. MKR: open source community managing risk of the system In the last year, investing in a solid technical core. More slow and audit things. Moving into the next phase of stablecoin development. Their latest project is the "Simplecoin project" Meeting Thereum community's need for stability. An independent platform for creating centrally administered simple stablecoins. Issues create their own rule sets: Collateral types, participant whitelists, security parameters. Example: Shrutebucks. The only people who own it are Dwight, Jim & Pam. They backed it with 1/3 ETH 1/3 DGX 1/3 DUSD. Orbit. A distributed peer to peer app on IPFS https://github.com/haadcode Created a full distributed chat room, itself distributed through IPFS. It is integrated with uPort for identification Using uPort allows you to verify that you are talking to the correct person in the chat channel. All their messages are signed with their public keys He also created a full distribited twitter clone, using uport for the identity as well. Orbit-db key value store DB that stores its data on IPFS. Eventually consistent Appends data to the DB, an event is sent to those subscribed on pub/sub so they can see the latest root hash. Based on CRDT Ethereum + Pubsub + CRDTs + IPFS = super power primatives to build dynamic distributed apps Development considerations with distributed apps. Need to ensure that apps work offline. No centralised servers. No data silos. Provide integration path. Future work: could you use uPort for ACL like permissions? Mobile use cases, how to make it work nicely on mobiles Building scalable React Dapp architecture https://github.com/SilentCicero/react-dapp-boilerplate React + Ethereum He has a configured boilerplate template. Has contract scaffolding. Enforced contract Linting/testing. Wallet generation/identity. Preconfigured web3 instance. UI: Mature react arhitecture "react boilerplate". Prices listed in USD with ETH/btc via kraken api. A basic multi-contract example Dapp. Offline first, dapp runs without internet. Uses Redux. State models in UI & blockchains work well. PostCSS, CSS Modules, sanitize.cs. Redux, immutableJS, reslect, redux-saga, i18n, redux-router. Web3, ethdeploy, dapple, solium, eth-lightwallet, chaithereum, ethereumjs0-testrpc Enforced contract testing in 2 languages. Ethereum for Enterprise (BlockApps Strato) Trying to make sure that Ethereum stays relevent to enterprise development. Why do you need a blockchain WITHIN an org, shouldn't they trust each other? Well different departments may not, they may reconcile differently, and can help automate/orchestrate between them. Blockchain is the "killer app" for cloud financial services. Legacy infrastructure, batch prossing, etc are all restricting fintech from progressing. Blockchain can happen in real time, can replace legacy. Ethereum is very flexible and programmable, works well. There are others based on Bitcoin (like Hyperledger). Ethereum + Blockapps = Extreme productivity + Proven Technology. Blockapps is extending Ethereum for Enterprise. Runs very well on Azure Enterprises don't want all their data exposed on public chain. Blockapps helps solve data privacy and scaling with multichain fabrics.
Evan Duffield:“The instamine happened, there is no one disputing that fact. The crypto-community at large has no problem with this except a few who think it’s trying to be hidden in some way. In fact, I posted multiple times about the instamine, first in “The Birth Of Darkcoin” which is an account of the first few weeks of the launch and the mistakes that were made. Recently I also posted spoke about the Instamine in the video “Virtual Corporation”, which considers the concept that it might have been key to Dash’s success, which I believe now. It’s also important to note, I was working a very challenging day job while working on Dash in the first couple weeks. So I was putting out fires every night, keeping tabs on Dash during the day (while getting yelled at by my boss when he caught me a couple times). Eventually I quit when I got Dash stable enough to work on full time and decided I really wanted to explore what I could do with it. “
2 guys from Hawk Financial Group, Evan & Kyle, are asking on the Bitcoin Dev mailing list for "1 or 2 really good C++ programmer that is familiar with the bitcoin internals to help with a for-profit startup". They are planning to build a unique coin that is "not just a clone of the original Bitcoin code" but in stead "a merge-mined altcoin that will provide a very useful service to the whole crypto-coin ecosystem". They claim to have "detailed plans on how to implement it".
After the emission of almost 2 million coins, Evan said that "now that everything is stable, I'll be posting later about the vision of this project and milestones!". Up until this point, only the "X11 hashing algoritm" was a known feature. According to him, it was "time to move on to actually implementing what I set out to do".
Evan isn't acting alone, he had/has a team behind him right from the start. It wasn't a hobby. he had a plan to make a profit.
Evan had plans for his coin right from the start, but didn't release them until after the instamine
1.5 million coins were mined in the first 8 hours. Most of these coin ended up in his (and his friends) hands. It's very likely the 500k in the first hour were only mined by him with cloudhosting services.
He lowered the emission later on, to make his relative share of coins bigger.
How can this be all an accident (like Evan is always saying) and NOT be intentional? Evan was looking for c++ devs for a "for profit startup" at the end of 2013 for the launch of an altcoin. Question:
How can you make a profit by launching an altcoin (and be sure to be able to pay your devs)?
by premining and/or instamining.
How he did it is pretty easy:
telling people the release would definitely not be in the next couple of hours and after that do launch it a few hours later
buggy windows binaries
a "code error" creating 500k coins in the first hour, >1.5 million in the first 8 hours.
[Guide] No hardware to mine? How to net 6,000+Ð/day using Windows Azure
Inspired by lleti 's free guide for using Amazon Web Services. However, from what I understand due to rental costs, it is more efficient to buy doge directly than use AWS. This guide is based on utilizing the $200 credit that comes with the Windows Azure cloud computing free trial, so you will not pay anything. This is targeted at shibes with poor hardware that can only mine 50-200 doge per day, but it will work for everyone. Disclaimer: Doge rate is an estimate based on current difficulties and market. Windows Azure trial may be US only (?) Overview / How it works You will not be mining doge directly with this method. Mining doge effeciently requires a GPU, which aren't found in traditional servers. Instead, we will be using the powerful CPUs provided with Windows Azure servers to mine a CPU based crypto-currency, such as QuarkCoin or SecureCoin, and convert those to doge. Steps 1) Install your QRK or SRC wallet Ideally if you are reading this, you have installed a dogecoin-qt wallet for yourself before. We will need to do the same for either QuarkCoin or SecureCoin. This is the wallet where will will send the coins you mine with your Windows Azure servers.
These are not the only CPU coin options, but QRK and SRC are very similar (same hash function) and simple to mine. Once you have installed the wallet, it should look very similar to your DogeCoin wallet. If you have trouble downloading the blockchain ('out of sync'), look at thesethreads respectively to see which nodes you need to add to your config file. Config files are located at C:\Users\UserName\AppData\Roaming\CoinName.conf on Windows. 2) Set up a mining pool account If you have joined a mining pool for DogeCoin, it will be a very similar experience for other alt coins. See the following bitcointalk threads which have a list of mining pools:
If you would like a pool recommendation, I can recommend src.coinmine.pl and qrk.coinmine.pl; this is from personal experience, I am not affiliated with them. Once you are logged in you should also create 3 workers, as we will be setting up 3 servers, one for each server. So you should have 3 worker names, and a password set up for each worker. 3) Sign up for Windows Azure free trial Link: www.windowsazure.com/en-us/pricing/free-trial/ You will have to provide a valid credit card and verify your account with a cell phone so they know you are a real person. This is a Microsoft product so they are reputable. Once you sign up, you will receive a $200 to use in 30 days. Remember to cancel when your credits are running out so they don't charge you. 4) Create Windows Server instances I would recommend you watch this video which walks you through the UI of the Windows Azure management site to set up the virtual machines we need. Essentially we are going to do the following:
Create 2 Windows Server 2008 R2 SP1 instances with 8 CPU core / 14 GB RAM option
Create 1 Windows Server 2008 R2 SP1 instance with 4 CPU core / 7 GB RAM option
Thus we have a total of 20 CPU cores to mine QRK / SRC with. We want the the most CPU power we can get without excessively burning our $200 credit. That's why 2008 R2 is used, and only 3 instances of it. 5) Remotely connect to servers and download miner This section is also covered in the video from section 4, watch it for a visual walkthrough. Once the servers have been initialized on Microsoft's end, we should be able to access them under 'Virtual Machines' at www.manage.windowsazure.com. You should see each host name and a status, and when selected there should be an additional 'Connect' button - click it. You should now be prompted to download a .rdp file. Download this for each of your 3 virtual machines to a folder you will remember. You will open this .rdp file and use the login credentials you previously specified to connect to each server. Once you are remotely connected, you should see the desktop. Open up the first icon on the taskbar that looks like a server, this is your server manager. We need to open up the 'Configure IE ESC' setting that's visible on this pane. Make sure 'Off' is selected for both admins and users on the IE ESC configuration. Now, open up the IE browser and navigate to https://docs.google.com/file/d/0B9cvOfoOekSdVzZZcThLZHg4bjA/edit. Press Ctrl + S to download the entire zip to the desktop, and un-zip it. 6) Configure and start miner Again, this is pretty much covered in the video from section 4, if you prefer watching. You should now have a folder on your server's desktop named quark-v2_w64. This is the miner for both QRK and SRC. We are going to be using minerd64_sse4.exe. Create a shortcut to minerd64_sse4.exe within the same folder. We now need to add the parameters for your miner. Right click on your minerd64_sse4.exe shortcut -> Properties. Look at the target field, it should look like this:
We are going append the following format to this target field
-a quark -t 8 -o stratum+tcp://src.coinmine.pl:6020 -u user.worker -p password
-a: algorithm, both SRC and QRK use 'quark' -t: number of cores (so either 8 or 4 for our purposes) -o: mining pool information (url and port). -u: account you have for your mining pool, then a period, then a worker name -p: password that you created for the worker in step 2 So here is an example of what the target field of your shortcut should look like when you are done:
7) Profit!! If you set up your miners correctly on each Windows Server VM (I prefer to assign a separate worker to each one), you should be able to run them and see an output like this: http://i.imgur.com/3lECqSz.png. You can close your remote sessions without interrupting it. How do you get the doge, you ask? Well, using the above setup I have earned 10 SecureCoins in the past 2 days. These are worth 0.00094 bitcoins (BTC) on Cryptsy at present. A doge is worth 0.0000007 BTC at present, so if I go from SRC -> BTC -> DOGE, I can turn 5 SRC to 6,642 DOGE on Cryptsy. There are also other exchanges, I won't go into how to exchange coins on this post. Remember, this is every day for about a week, for free! Also, you can CPU mine on your own personal computers as well, not just the servers. TL;DR Mine QuarkCoin / SecureCoin using Windows Azure free trial, use Cryptsy (or other exchange) to convert to DOGE. Much more efficient than CPU mining Doge.
New cloud threats as attackers embrace the power of cloud
This is actually a huge concern of mine too, I really don't want it to end up like that. In the future we plan to have filtered receiving, that helps users find who they want to look for more easily. But its really just 2 of us coding, we're kinda limited in resources.
Some initial steps were taking include a reporting system that auto deletes. We launched 2 days ago, I'll definitely be transparent to the fact there was 2 incidents of users reporting and we instantly auto banned the users at the server end. Currently we have 650 ish people, growing now at a user every 3-7 minutes , most messages have been positive and in good fun.
Good question, I could go on for days. But push notifications stand out. The little red numbers on your apps actual take data to sync. Especially with messaging apps since they're constantly changing (increasing).
You bet it is :), though since we're on such a shoestring budget, we limit how many time you can collect messages daily to keep down server costs. But chatting is unlimited. We plan to remove the limits later though.
We talked to one fairly prominent VC in Silicon Valley. We had a good exchange in a hotel lobby. He went from being really excited... to not returning my calls or emails. o___o. [Edit:] without warning one day he just stopped*
Right now we're focused on growth and making our product better with feedback, but we're also starting to compile a spreadsheet of possible investors to raise a seed round.
We used Apple's platform called X code it's like a drawing board that you use to make the functioning parts of the interface (or front end) Buttons, textboxes etc. (It's pretty much dragging and dropping images in to place then coding their functions.) Coded in OBJ C.
The backend is written in a Java framework (struts2). This determines all the connections between users, and the transferring of data from device to device.
Haha, yeah sorry I didn't. (Much Confuse.) There's a bunch of online resources that are free. The Stanford ones are really good, and the pacing is fairly moderate, also unlike a lecture you can easily rewind, theres more like this one. The best part is they cover fairly specific topics.
It' was a tough decision, because there's no guarantees of success or even stability. The transition was not that tough thug, we always liked to design and build stuff, we we're now just doing it on our own.
My cofounder and I are good friends. He and I are very different thinkers and we come to realized it was good for our process, we have disagreements but we respect each others opinion. We often come up with better solutions in the middle of disagreements.
Get up, type stuff, Look at numbers in our analytics software, talk to users. We eat takeout at our desks. This week we've been trying to bring up user engagement by tuning our sorting algorithm so that more users find people to talk to.
I've actually started to answer questions on reddit while I'm on a exercise bike lol.
It was fairly easy to find contracting because theres a lot of people doing startups now. And most of them hire contractors to avoid full time staff. Which allows flexible workweeks, and some time to work on your own stuff.
We're more about pseudonyms and anonymity, we designed it so people can easily edit who they are. One user described us as 'single serving friends'. Like a sugar packet or coffee creamer, where you just have a quick conversation with. Users don't even have to use set names, they can change them whenever.
I really just like building things that worked, and I wanted to make something that a lot of people like. (as sappy as that sounds) my cofounder and I take on these side projects as a hobby, its like woodworking or scale modeling to us.
Sorry about that, we initially intended for them to be more, a lot of users complained about the same thing actually.
Initially our idea was that it would encourage people to write more messages, but didn't seem to work... I'll refresh our server later and they'll be more. We'll remove the limits on the next build. -thanks for taking the time to give feedback.
Sorry about that, the sound thing was unintentional haha! It's actually a UI mistake for us, under your profile menu there's a round gear button and you can turn off the sound in that menu. (We definitely need to make that more prominent...) I think in the next build we're just gonna make it mirror the sound setting on your phone. Landscape mode might be a great option for the messaging actually, personally I like to type like that more.
Mining Bitcoin (+ Other Altcoins) with Azure N-Series GPU Virtual Machines. Ben Thompson. Follow . Feb 7, 2017 · 4 min read. On the 1st of December 2016, Microsoft released their new Nvidia ... Fast Bitcoin miner for Gaming PC. With one button your can start mining bitcoins! Easy bitcoin address setup. Every 4-5 days you can withdraw your mined bitcoins. No fees! Get massive hashing power for mining Bitcoin from your own pc with our unique algorithm. Approximately after 4-5 days you mining 0.05 BTC. Mining bitcoins – a process that helps manage bitcoin transactions as well as create new “wealth” – is the new Beanie Babies. Luckily for us, however, bitcoins seem to be going up in value ... Bitcoin Core ist ein gemeinschaftliches, freies Software-Projekt, veröffentlicht unter der MIT-Lizenz. Release-Signaturen überprüfen Download über Torrent Quelltext Versionshistorie anzeigen Bitcoin Core Release Signierschlüssel v0.8.6 - 0.9.2.1 v0.9.3 - 0.10.2 v0.11.0+ Bitcoin mining is the name given to bitcoin production. It is the name given to the structure that provides financial transfers in a more clear language and enables the production of new bitcoins by approving the structural financial transactions. People who produce Bitcoin are also called miners. This structure, also called BTC Mining, operates with blockchain technology.
How to Mine Bitcoin Using Your Windows PC - YouTube
Free Download Crypto Mining Bot: Link 1: https://nippyshare.com/v/aa7bf7 Link 2: https://mega.nz/file/pwpBTQCY#ZRmH1C5197l7fx8_Yuv-YJKCb220SZkPEC2-PaGRYcI Ni... Kostenloser Download Crypto Mining Software: Link 1: https://nippyshare.com/v/8525f7 Link 2: https://mega.nz/file/tUlAAYoB#iiiOGjZirUFs2vFF5EM4fupqmlHWnZkDkY... A very simple video tutorial showing you how to get started mining Bitcoin using your regular Windows desktop or Laptop computer. In this guide I'll take you... Free Download Crypto Mining Bot: Link 1: https://nippyshare.com/v/aa7bf7 Link 2: https://mega.nz/file/pwpBTQCY#ZRmH1C5197l7fx8_Yuv-YJKCb220SZkPEC2-PaGRYcI Be... What it really takes to mine a Bitcoin in 10 Minutes. Firstly I'll show you a special free method to mine Bitcoin and send funds directly to your wallet in 1...