This is the city in Florida and the main economical and financial hub. It has emerged as one of the strongest international business community. The leading business trend makes it so special and popular among other countries in the South USA. The technology is too sound to suit the business culture and modern lifestyle here. Hosting Ultraso is looking to provide a best-dedicated server hosting service to enhance the performance of business websites in a more convincing way. Our long tail of dedicated servers spread everywhere across the globe including more than 119 countries.
Why do you need a Dedicated Server in Miami?
As your business expands more with higher traffic each day, it unfolds the demand for a dedicated hosting. A dedicated server can make your website continue to grow with more clients engagement and have a huge success. Our dedicated server in Miami is so way configured that it can easily meet your business plans and ideas. We are providing ample hardware resources with our dedicated server in Miami and a smarter CPanel loaded with advance software packages and tools which are fully customizable. We are providing the finest security management technology with our dedicated server in Miami to protect all resources from intrinsic cyber-attacks and the dedicated IP address keeps the website free from SEO issues. The latest IPMI or Intelligent Platform Monitoring Interface monitors the serverÃ¢Â€Â™s physical health frequently. Our assurance is for the lowest latency rate and high-speed rendering. Our data centers are effectively managing the load balancing. We have an expert technical team well trained and skilled to help you in your problems and without any delay serve you all 24/7.
Different Operating Systems that we provide in Miami
CentOs: A free platform compatible with Red Hat Enterprise and it is one of popular Linux distributions with a huge community.
Ubuntu: A Linux distribution and compatible with Debian that is open-source and free.
Debian: It is known as Debian GNU also. It is one of very popular Linux distribution that is free and open-source.
Fedora: A Linux distribution and powerful platform supported by the large Fedora community.
Free BSD: A Unix based platform originated from Berkeley Software Distribution and it is also free.
Windows Server: All Operating Systems provided by Windows Branded as Windows server and no other products here included except the OS.
What are the different Dedicated Servers we provide in Miami?
We are mainly providing unmanaged dedicated servers that needed to be self-managed and on some special business needs, we do provide a managed dedicated server. We have demand for our Linux dedicated server, Windows dedicated server, and an Unmetered dedicated server. We are here to make you avail a cheap dedicated server as well.
Configurations of our Dedicated Servers
Our dedicated server in Miami has smart and super-fast Intel Xeon E5 processors with a 1 Gbps 10 TB bandwidth capacity. There are RAMs with 16 to 128 GB capacities. The hard drives are SSD SATA based on several storage capacities. For more details, you can check the configuration server link on our website. We are providing an extra free IP address with the chargeless installation. We do support both IPV4 and IPV6 address formats. We are providing the option for the clustering of servers.
The benefits you get from Hosting Ultraso with our Dedicated Server in Miami
Buy a dedicated server from us and become the lucky getter of amazing benefits with an affordable dedicated hosting plan.
Option for Managed Dedicated Servers: We do provide the managed dedicated web servers on permissible business needs.
Extra IP address facility: An IP address is always unique for every active website and we are providing an extra free IP with complete setup free of cost.
Bitcoin Payment option: We provide the Bitcoin payment option and other traditional payment gateways too.
Moneyback Guarantee: In case you find any dispute, we pay you back with your full money.
IPMI Technology: Intelligent Platform Monitoring Interface or IPMI is a smart technology that takes care of server health and we have this option for our dedicated server in Miami.
[IDEA] [PROPOSAL] Monero Debian (deb) packages / Debian package repository deb.getmonero.org (I can do)
I have the skills to implement this if wanted. Possible User Experience This is a proposal, i.e. not implemented yet. Instructions for users, simplified. How to install monero using apt-get Download the repository signing key. wget https://www.getmonero.org/monero.asc Add the signing key. sudo apt-key --keyring /etc/apt/trusted.gpg.d/monero.gpg add ~/monero.asc Add APT repository. echo "deb https://deb.getmonero.org buster main" | sudo tee /etc/apt/sources.list.d/monero.list Update your package lists. sudo apt-get update Install monero. sudo apt-get install monero A few technical implementation details I would simply grab the binaries provided by getmonero.org, download them, check software (gpg) signatures, put these into deb packages, add these to a repository, and upload the repository. What I would not do is creating the binaries during package creation. While this is nice to have, it doesn't help user experience and blocks the progress on reaching this goal. See next chapter. Why simply put the pre-build Monero binaries into a deb package? 1) After bitcoin existing for more than 10 years, being popular and being in Debian unstable (sid) it still never made its way into Debian testing, let alone stable. Reason being explained that a difference in underlying libraries (even just security fixes) during compilation may result in a network split. Binaries compiled during packaging on different versions of Linux distributions might have different libraries that might cause a network fork / chain split. References:
(Note: above website saying Tags: fixed-upstream is probably a mistake as discussion at bottom says.) 2) The github issue of packaging monero stalled. 3) By shipping the same binaries as provided by getmonero.org reduces the chances of introducing a backdoor. Many Options
By adding Monero to Whonix repository, a effort for creating a separate Monero repository could be saved. I.e. instead of deb https://deb.getmonero.org buster main users could do deb https://deb.whonix.org buster main. It's really just about the upload location. By providing DNS, even upload to Whonix server can offer https://deb.getmonero.org.
Either I create the build instructions and source code of this implementation (Debian package and repository creation) the long term maintenance of putting new binaries into updated packages or only create build instructions and source code and someone from Monero team could create the actual deb packages and deb repository.
gpg signed debs. Either gpg signed debs or an apt repository. Or both. Your choice.
I'd start with Debian and perhaps Ubuntu packages for 64bit. Perhaps also 32bit. Potentially I could also do packaging for Feodra based distributions.
Timeline Doable quickly. The electrum (bitcoin) AppImage was recently added to a Debian package (binaries-freedom) by me and is now easily installable in Whonix. Pre-installed in testers version of Whonix already. About Me I am the founder of Whonix, which I am maintaining at present for more than 7 years. Whonix (formerly TorBOX) is a Debian GNU/Linux–based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. You can see an overview of packages I am maintaining on my github profile. To proof that this forum account adrelanos corresponds the same person maintaining whonix.org, it is added here. Questions What happened to, what is the successor of the forum funding system?
Just a warning about the electrum bitcoin wallet on debian sid
I installed electrum from the repository today and when I tried to send some bitcoin I received an extremely convincing pop-up in the client with pictures and everything saying that my client was out of date and that I needed to visit the site to update. Of course the site linked was electrum.la as opposed to the official electrum.org. Luckily I noticed this pretty fast, but this is definitely one of the most advanced phishing schemes I have seen to date. The electrum package seriously needs updating, I even found a bug report about it from 3 months that hasn't been resolved. Over $3m has been stolen using this phishing scheme and that number is increasing every day. tl;dr install electrum from source on the official site, do NOT use the package right now
Ethereum on ARM. Geth and Parity clients update. Status.im, IPFS and Swarm packages. Raiden Network and Trinity client installers.
EthArmbian  is a custom Linux image for the NanoPC-T4 ARM SoC  that runs Geth or Parity Ethereum clients as a boot service and automatically turns the device into a full Ethereum node. Once powered up, the image takes care of all steps, from setting up the environment to running the Ethereum client and synchronizing the blockchain. Edit: Images links are now Ready for Constantinople and Petersburg Hardforks. You can update Geth to 1.8.22 and Parity to 2.2.9 from these images by running: update-ethereum This is a new release of the EthArmbian image for the NanoPC-T4 ARM board. Ethereum is evolving quickly so it is time to include some other interesting pieces of the ecosystem. Changelog:
Ethereum clients update (Geth 1.8.21  and Parity 2.2.7 ). Swarm is now included in the Geth Debian package
Status  is a decentralized messaging & browsing app (using the Whisper protocol). And as any P2P system, it needs… peers. So if you want to support it, status is now included as a systemd service, configured in whisper and mailserver mode. You need to start it manually as it doesn’t run by default: sudo systemctl start status.im And, if you want it to get started on boot you need: sudo systemctl enable status.im Configuration options are located in /etc/ethereum/status.im.json. Why run a Status node? (from their FAQ):
Currently, we don’t provide any incentives for running Status Nodes. We are working hard to solve this problem. Our intent is to increase the size of the Whisper network, thereby improving how “decentralized” and safe our platform is. Another reason is privacy. In the current setup, nodes that are running as Mail Servers are trusted. This means that such a node can communicate directly with the Status app using a p2p connection and some metadata might leak. If one wants to avoid that, the best option is to run a Mail Server on your own and configure it in the Status app.
Another important piece of the so called web 3 is decentralized storage. The most mature option available is IPFS  which is now included as a systemd service as well. You need to start it manually as it doesn’t run for default: sudo systemctl start ipfs If you want IPFS to get started on boot you need to enable it by running: sudo systemctl enable ipfs You can tweak config options in /home/ethereum/.ipfs/config file (particularly, you may want to adjust the StorageMax parameter). Swarm  (Ethereum decentralized storage solution) is available as a binary. You may want to take a look at the official docs to start testing it. You can run these clients along with Geth or Parity client with no performance issues.
Raiden and Trinity
As you may know, Raiden Network  is a Layer 2 scalability solution (similar to Bitcoin's Lightning Network). Trinity  is a new Ethereum client developed entirely in Python (and already working on the beacon chain). You can install both clients by running its corresponding bash script. Take into account that both are in alpha stage so expect some trouble and give back feedback to developers, if possible. They are not properly packaged yet so the script installs them directly from Github (it takes a while). Installation: Type (as ethereum user): install-trinity install-raiden You can now run "trinity" or "raiden" commands. Note on Trinity: If you experience this issue: “trinity: error: Timed out waiting for database start”, try to increase wait_for_ipc() “timeout” value in /uslocal/lib/python3.6/dist-packages/trinity/utils/ipc.py 
Ethereum nodes FUD
We’ve been seeing lately a lot of misinformation about Ethereum blockchain size and other kind of FUD. Stick to the facts. With Parity, it just takes several hours to get a full node up and running and you need about 140 GB of SSD disk size (2-3 days with Geth and 150GB of disk size). So, you could run a full node for several months even with a 256GB SSD unit. Don’t listen to this kind of nonsense. Plain and simple: they are wrong. This "guy" knows 
I am moving back to Debian here user rights matters and nobody want to fix already fixed things. I tried to install VLC and Bitcoin core. Both hanged during install and needed to kill download process from console because there is no GUI for it - imagine this in synaptic or whatever - had no problem for many years. Then VLC could't access my second drive mounted in mnt folder ... it looks like besides normal user level rights now you have application rights ... common this is joke - ok you can add permissions to VLC. Now best part. I have bitcoin wallet on external drive and what - you cannot add permissions to snap bitcoin core to access storage devices as snap packages need to have ability to receive those rights ... installed DEB from SID - next week bye bye ubuntu.
Huge performance difference doing the blockchain sync in bitcoin core 0.17.1 vs. snap bitcoin core 0.17.0.1
Hi, I recently installed a fresh Ubuntu 18.04 and, as it was already late and I wanted to sync the blockchain overnight, quickly searched for bitcoind in the graphical package manager and to my delight there was a package 0.17.0.1 that I misread for 0.17.1, so I installed it not looking further into it and started the sync. The software immediately hogged >90% CPU usage, the fans started to run at full speed, the laptop ran hot as hell and the sync lasted like 14 hours. Next day when the sync was done I realized the f***** graphical install tool had installed a so called snap package, what's the newest craziness in Ubuntu to drive users away to other distros. Then I found out that the package is maintained by a guy who is completely unrelated to bitcoin core and a known shitcoiner, someone who can't be trusted. The guy didn't even realize he was confusing 0.17.0.1 with 0.17.1, wtf. See here for more info: https://bugs.launchpad.net/snapstore/+bug/1803914 Of course I immediately wiped the whole crap off of my installation, luckily before restoring any wallet balances. I also wiped the complete snap system, whoever came up with this shit should be tared and feathered and then be forced to use MS Windows for the rest of their life. Afterwards I installed 0.17.1 from https://bitcoincore.org/en/download/ and properly verified my download before starting the blockchain sync. There was a *huge* difference in performance, no noticeable CPU usage, no fans spinning up, and the whole sync process took maybe 4 hours, so a whopping third than the bogus snap version needed. I looked into the release notes, there is some mentioning of performance enhancements, but nothing about a reduction of sync time by two thirds. So here comes my question, anybody knows more about this dubious Ubuntu snap package? Why is there such a performance difference, is this thing a genuine bitcoind at all or has someone tampered with that thing? At least this should also be a warning to Ubuntu users, disable that snap crap and use apt to install software, and install critical stuff like bitcoin per hand from the official download page. And better use Debian and ditch Ubuntu like I will do as soon as I find time for it.
Is there a favourable distro when installing bitcoin on a VPS?
Currently trying to install bitcoind on my VPS and it's running CentOS 5.11. It's less easy than I expected; having to compile a few things. There's no yum install bitcoin. Would I be better off with Debian or Arch or something? Or if I manage to get this up and running on CentOS it's not going to make much of a difference in the long run? Aside: This is my first time trying to install bitcoin on a VPS. I just want to get a node running, then display some information about the node on a webpage (making RPC requests via PHP). Please feel free to dish out other random tips or advice for a noob.
Hey guys! I'm fairly new to this sub and to having a home lab in general and I found this community to be so kind and helping, I wanted to give back what I've learned. I'm seeing a lot of questions asked around on improvements and on what to do with x extra hardware so I thought it would be nice to have a thread to regroup that.
I'll put here some stuff I gathered and the most common questions I've seen, feel free to contribute and i'll update the post along.
oVirt -> Viurtualization
Hurrcane Electric DNS -> Dynamic DNS
No-IP -> DynamicDNS
SpiceWorks -> Misc
ERPXE -> Backup
Homelab Dashboard Posts about dashboards have been growing lately and here are some of the best that were kind enough to provide us with their sources.
Pi-hole Prevents ads from even reaching you by blocking dns queries. Works as a relay between your isp's dns server (or whichever you choose). Can also work as a local dns.
RetroPie From their website: The RetroPie Project is a collection of works that all have the overall goal to turn the Raspberry Pi into a dedicated retro-gaming console.
raspnode Tutorials for installing cryptocurrency nodes on a Raspberry Pi. Participate in the Bitcoin, Litecoin, or Ethereum network. Full nodes, SPV wallets, cold storage, offline transaction signing.
flightradar24 is a flight tracking service that provides you with real-time info about thousands of aircraft around the world.
The Plane Finder is the easiest and most accurate way to share your ADS-B and MLAT data with us.
PiAware is the world's largest flight tracking data company and provides over 10,000 aircraft operators and service companies as well as over 12,000,000 passengers with global flight tracking solutions.
CouchPotato is an wesome PVR for usenet and torrents. Just fill in what you want to see and CouchPotato will add it to your "want to watch"-list. Every day it will search through multiple NZBs & Torrents sites, looking for the best possible match. If available, it will download it using your favorite download software.
SickBeard is a PVR for newsgroup users (with limited torrent support). It watches for new episodes of your favorite shows and when they are posted it downloads them, sorts and renames them, and optionally generates metadata for them.
SickRage Automatic Video Library Manager for TV Shows. It watches for new episodes of your favorite shows, and when they are posted it does its magic.
FlexGet is a multipurpose automation tool for content like torrents, nzbs, podcasts, comics, series, movies, etc.
sabnzbd makes Usenet as simple and streamlined as possible by automating everything we can.
nzbget is a binary downloader, which downloads files from Usenet based on information given in nzb-files.
headphones is an automated music downloader for NZB and Torrent, written in Python. It supports SABnzbd, NZBget, Transmission, µTorrent and Blackhole.
= Virtualization =
XenServer is an open source project and community managed by Citrix. The project develops open source software for securely running multiple operating systems and applications on a single device, enabling hardware consolidation and automation to reduce costs and simplify IT management of servers and applications.
Proxmox is a complete open source server virtualization management software. It is based on KVM virtualization and container-based virtualization and manages KVM virtual machines, Linux containers (LXC), storage, virtualized networks, and HA clusters.
VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use.
SmartOS is a hypervisor lean enough to run entirely in memory, powerful enough to run as much as you want to throw at it.
KVM is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V).
oVirt is free, open-source virtualization management platform. It was founded by Red Hat as a community project on which Red Hat Enterprise Virtualization is based.
= Monitoring =
Nagios is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes.
OMD avoids the tedious work of manually compiling and integrating Nagios addons while at the same time avoiding the problems of pre-packaged installations coming with your Linux distribution
Pandorafms is the most flexible monitoring software in the market. With a single tool, Pandora FMS can monitor everything: infrastructure, applications, services, and business progress.
PRTG Monitoring is a network monitoring software that is powerful and easy to use. Free for 100 sensors.
Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
Observium is a low-maintenance auto-discovering network monitoring platform supporting a wide range of device types, platforms and operating systems.
LibreNMS is a fully featured network monitoring system that provides a wealth of features and device support.
Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality.
Munin surveys all your computers and remembers what it saw. It presents all the information in graphs through a web interface.
ZenOSS is an award winning, open source monitoring product that automatically discovers resources, without the use of agents, and provides visibility across all aspects of your IT environment whether physical, virtual or in the cloud.
AlienVault OSSIM is an open source security information and event management system. OSSIM combines Snort, OpenVAS, Nagios, OSSEC, and other tools into a single portal with log collection and correlation.
Graylog Centralize and aggregate all your log files for 100% visibility. Use our powerful query language to search through terabytes of log data to discover and analyze important information.
= Media Center =
Plex organizes your video, music, and photo collections and streams them to all of your screens.
Kodi, if a free and open source (GPL) software media center for playing videos, music, pictures, games, and more.
Emby brings all of your home videos, music, and photos together into one place.
OpenMediaVault is the next generation network attached storage (NAS) solution based on Debian Linux. It contains services like SSH, (S)FTP, SMB/CIFS, DAAP media server, RSync, BitTorrent client and many more.
PlexPy is a tool to easily monitor and receive notify playback events from Plex.
MediaGoblin is a free software media publishing platform that anyone can run. You can think of it as a decentralized alternative to Flickr, YouTube, SoundCloud, etc.
= Remote access =
Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC and RDP.
Chrome Remote Desktop allows users to remotely access another computer through Chrome browser or a Chromebook.
mRemoteNG is a fork of mRemote, an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.
= VOIP =
Elastix is an Open Source Software to establish Unified Communications. About this concept, Elastix goal is to incorporate all the communication alternatives, available at an enterprise level, into a unique solution.
Asterisk is an open source framework for building communications applications. Asterisk turns an ordinary computer into a communications server.
FreePBX is a web-based open source GUI (graphical user interface) that controls and manages Asterisk (PBX)
= Networking =
pfSense is an open-source firewall/router computer software distribution based on FreeBSD.
Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.
SophosUTM Complete Unified Threat Management protection for your network, web, email, applications, and users.
SohposXG is a fully equipped software version of the Sophos XG firewall, available at no cost for home users.
feeloadbalancer is offering the Free LoadMaster to help small companies and developers by providing them with a robust and proven load balancing option.
NetWorx is a simple and free, yet powerful tool that helps you objectively evaluate your bandwidth consumption situation.
VyOS is a community fork of Vyatta, a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.
freeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.
Metiix Blockade Network-Wide Malware, Tracking, & Ad Blocking (Can also run on Raspbian)
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
Smoothwall is a Free and Open Source firewall that includes its own security-hardened GNU/Linux operating system and an easy-to-use web interface.
ClearOS is an operating system for your Server, Network, and Gateway systems. It is designed for homes, small to medium businesses, and distributed environments. ClearOS is commonly known as the Next Generation Small Business Server, while including indispensable Gateway and Networking functionality.
DriveBender is the class leading storage pooling technology for Microsoft Windows. Developed by Division-M, Drive Bender allows for file redundancy via file duplication, and unlike RAID, does not require any proprietary drive format or complicated setup. (Now free)
CloudExtender is local Windows storage, powered by the cloud... with optional, state of the art TNO (trust no one) file encryption built right in. Create a Windows drive or folder that maps directly to your favorite storage platform in minutes.
SnapRAID is a backup program for disk arrays. It stores parity information of your data and it recovers from up to six disk failures.
flexRAID is a family of storage data protection products that provide great flexibility and various innovations. The current product line includes: RAID over File System (RAID-F) Transparent RAID (tRAID).
freeNAS is an operating system that can be installed on virtually any hardware platform to share computer data storage over a computer network.
Rockstor is a free and open source NAS(Network Attached Storage) solution. It's a software solution and can be installed on any hardware or a virtual machine satisfying these minimum requirements.
nas4free The NAS4Free operating system can be installed on virtually any hardware platform to share computer data storage over a computer network.
Xpenology is the name of a Linux boot image, which allows to run operating system Sinology DSM on almost any hardware (not just Synology).
owncloud is a self-hosted file sync and share server.
openFiler provides a simple way to deploy and manage networked storage.
openATTIC openATTIC combines open source storage tools in such a way that their entire functionality can be managed through a central interface. Carefully matched components ensure both stability and security. Its open interface enables you to integrate openATTIC to provisioning, monitoring and backup systems.
= Cameras =
iSpy is the world’s most popular open source video surveillance application.
ZoneMinder is intended for use in single or multi-camera video security applications.
motioneyeOS is a Linux distribution that turns your single board computer into a video surveillance system.
Blue Iris is security camera manager. It's not free (60$ for the full version) but it was highly recommended and there doesn't seem to be any comparable free alternatives.
= Documentation =
DokuWiki is a simple to use and highly versatile Open Source wiki software that doesn't require a database.
gollum is a simple, Git-powered wiki with a sweet API and local frontend.
BookStack is a simple, self-hosted, easy-to-use platform for organising and storing information.
phpIPAM is an open-source web IP address management application (IPAM).
Paperwork aims to be an open-source, self-hosted alternative to services like Evernote ®, Microsoft OneNote ® or Google Keep ®.
afraid Free DNS Hosting, Dynamic DNS Hosting, Static DNS Hosting, subdomain and domain hosting.
No-IP's mission is to provide useful, reliable and powerful services that help home users, small and large businesses and even fortune 500 companies take control over all aspects of their DNS and domain services.
xapi-back is a simple backup tool for XenServer or XCP – xen hypervisors using xapi toolstack. xapi-back is a command line tool with simple and clear interface (command + options). Tool is written in python.
I'm writing this because I couldn't find a single condensed guide on compiling the wallet and running mining software on linux, specficially Ubuntu/Linux Mint. I combed Bitcoin and Litecoin forums for similar problems I was running into and eventually got everything nailed down, so here it is in one place, for new Shibes. If you want to make a Dogecoin directory in your downloads folder to keep things organized, you will need to modify these commands to refelct the change. So instead of going to ~/Downloads/ you will need to go to ~/Downloads/Dogecoin and be sure to put the zipped files there when you download them, but the commands will be the same otherwise. cwayne18 put in the work to make a PPA for the QT client here. Ubunutu/Mint/Debian users should be able to install the client with the following commands:
Compiling the Wallet Manually I suggest using the PPA above, but if you want to compile manually, here you go. 1)Download the newest source from here. If you want to check out the Github page, click here 2)Unzip the package with the native client OR, navigate to your downloads and unzip
cd ~/Downloads unzip dogecoin-master.zip
3)Now it's time to compile. You will need to install the dependencies, just copy and paste the following code. It will be a fairly large download and could take some time. It is always important to update before installing any new software, so we'll do that first and then install the dependencies.
4)Once that is done, go to the doge-coin master directory and compile:
cd ~/Downloads/dogecoin-maste sed -i 's/-mgw46-mt-sd-1_53//g' dogecoin-qt.pro qmake USE_UPNP=- USE_QRCODE=0 USE_IPV6=0 make -j3
After running the qmake command you will likely see some text similar to
Project MESSAGE: Building without UPNP support Project MESSAGE: Building with UPNP supportRemoved plural forms as the target language has less forms. If this sounds wrong, possibly the target language is not set or recognized.
It's perfectly normal, so don't worry about that. Your Dogewallet is ready to go! The executable is in ~/Downloads/dogecoin-maste and called dogecoin-qt. Your wallet information is in ~/.dogecoin. You can run the wallet at any time by opening terminal and typing
cd ~/Downloads/dogecoin-maste ./dogecoin-qt
Future upgrades to dogewallet are easy. Back up your wallet.dat, and simply follow the same directions above, but you'll be unzipping and building the newer version. You will likely need to rename the old dogecoin-master directory in ~/Downloads before unzipping the newest version and building. Also, it is likely that you will not need to install the dependencies again. Alternate Method For Installing Dogecoin Wallet from Nicebreakfast After installing the dependencies listed in step 3, open terminal, then navigate to where you want Dogecoin Wallet stored and run:
git clone https://github.com/dogecoin/dogecoin ./autogen.sh ./configure make
then when the wallet is updated just run
from the dogecoin directory. GPU Mining GPU mining requires CGminer. My suggestion is to get the executable already built. The creator of cgminer has removed the built file from his website, but I've uploaded it here
sudo apt-get install pkg-config opencl-dev libcurl4-openssl-dev autoconf libtool automake m4 ncurses-dev cd ~/Downloads tar -xvf cgminer-3.7.2-x86_64-built.tar.bz2
Don't use anything newer than 3.7.2. The newer versions of CGMiner don't support GPU mining. That's it! You have cgminer ready to go! You will run cgminer with the following syntax
cd ~/Downloads/cgminer-3.7.2-x86_64-built/ ./cgminer --scrypt -o stratum+tcp://SERVERNAME:PORT -u WORKER.ID -p PASS
A good guide for fine tuning cgminer can be found here; follow the litecoin example. EDIT I had trouble getting cgminer running with a single line command, but running it via an executable .sh file works. This is covered in the cgminer setup guide I posted above but I'll put it here too. In the same directory that has the cgminer executable, you need to make a file called cgminer.sh and make it executable. It should contain the follwing:
Then you can call cgminer in terminal by doing ./cgminer.sh You will need a cgminer.conf file containing all your options. All of this is covered in the guide that is linked above. A quick note about AMD drivers: They used to be a huge PITA to install and get working, but the newest Catalyst drivers are great. There's a GUI installer, everything works out of the box, and there is a lot of documentation. You can download them here: AMD Catalyst 14.6 Beta Linux CPU Mining For CPU mining I use minerd because it doesn't require any work to get running, simply download it and get to work. Download the built file for your machine 32-bit or 64-bit, and then unzip it and you're ready to go!
cd ~/Downloads tar -xvf pooler-cpuminer-2.3.2-linux-x86.tar.gz
The executable is called minerd and it will be in ~/Downloads but you can move it to wherever you like. To run it, pull up terminal and do
cd ~/Downloads minerd --url=stratum+tcp://SERVER:PORT --userpass=USERNAME.WORKERNAME:WORKERPASSWORD
You're done! Happy mining! Common Issues I ran into this and I've seen others with this problem as well. Everything installs fine but there is a shared library file that isn't where it should be. In fact, it isn't there at all.
libudev.so.1: cannot open shared object file: No such file or directory
In terminal, do
sudo updatedb locate libudev.so.0.13.0
And it will probably return a path /lib/x86_64-linux-gnu. Inside that directory there's a library file called libudev.so.0.13.0. You'll need to make a symlink (aka shortcut) that links libudev.so.1 to libudev.so.0.13.0 So, assuming you're working with libudev.so.0.13.0 do this
cd /lib/x86_64-linux-gnu sudo ln -s libudev.so.0.13.0 libudev.so.1
Now if you do
You should see
libudev.so.1 -> ./libudev.so.0.13.0
Meaning you've made the symlink. Also, the text for libudev.so.1 will be blue.
Hi everyone! I ran into Ethereum several months ago while reading about bitcoin and the blockchain and was quite impressed by some videos explaining the project (most of them by Vitalik himself). During this time I've tried to educate myself on this breakthrough technology. And at this point, I'd like to get a little more involved. I think that one easy way to contribute to this fascinating project is by running a full Ethereum node, so let me share some stuff of my experience of setting up an Ethereum node on Raspberry Pi 3. While doing some research about the best Ethereum client for my raspberry Pi 3 I realized that pretty much there are no ARM nodes on the network (according to ethernodes.org). Shouldn't be precisely the opposite? ARM devices such as Raspberry Pi have a good performance, are cheap and power-efficient. I looked into "EthEmbedded"  (great project, by the way) but it is mainly focused on Geth and Eth clients and you need to run the Ethereum clients manually. It's built on top of Ubuntu mate (and we need to keep things light). Besides, I was looking something more Flash & Play :-). So, I compiled Parity from source on my raspberry Pi 3 (which is the most efficient Ethereum client out there ) and gave it a try. I was really surprised with the overall performance and thought that it would be great to get an Ethereum node up and running easiest way possible. So, I built a custom Raspbian image which runs Parity as a boot up service and starts syncing the blockchain with no user interaction. This is what I got so far: A custom  Raspbian  image with Ethcore Parity 1.3  integrated. The image is generated using pi-gen  (plus a couple of files for Parity installation) Some remarks:
Parity was compiled from source according to Ethcore official documentation 
Parity binary is deployed through a debian package  (based on the official Ethcore Ubuntu x86 package plus some minor modifications )
MicroSD partition is resized automatically on first boot (this is a default Raspbian feature)
Parity runs as a Systemd service (as "pi" user) and it is started right after the network goes up. The Systemd option "Restart=always" is enabled for keeping Parity alive in case the process dies or gets killed
This is a Raspbian Lite Image (no Xorg environment) to save as much resources as possible.
Installation is pretty much flash and play. The idea is to quickly set up an Ethereum node even by non tech-savvy users.
Once the full blockchain is synced, Parity cpu load rarely goes beyond 40% which I think it's an outstanding performance for this kind of devices (Ethcore team did an amazing job here).
You can get the current Parity output by running "sudo systemctl status parity"
SSH is enabled by default so you can connect remotely to the Raspberry
Final thoughts: I think there are several reasons to try to increase Ethereum ARM nodes in the coming months:
Light clients are around the corner and this may affect the total number of Ethereum full nodes.
Share economy: Devices like Raspberry Pi's should be key components of web3 and IoT infraestructure. Conventional x86 computers are a waste of resources for this kind of tasks
POS: There's no much information regarding PoS but it would be great to use this kind of devices for the stake process (don't know if this is possible at all)
Let's do this. Mine is up and running :-) TL;DR: If you want to contribute to the Ethereum network, get a Raspberry pi 3, install the OS image into your microSD card, connect the ethernet cable and power on your device. This is it, flash and play :-), you are already running an Ethereum node!
Ever since the post-credits scene in season 2, I've been thinking about how the stage 1 "payload" that encrypted all of the E-Corp systems might have been built, and how it might be flawed enough to permit data recovery. No sci-fi time-travel magic required for this theory. We never get a direct look at the malware, but we do get a smattering of references to what it is throughout the episodes so far. Not enough to get a totally clear picture, but it's somewhere to start with educated guesses. In S01E01, Mr. Robot is explicit about the aims:
If we hit their data center just right, we could systematically format all the servers, including backup. It would be impossible to enforce outdated paper records. It would all be gone.
Okay. They want to irreversibly delete the data on all of E-Corp's servers and backups. In S01E02, when tasking Elliot with blowing up the Comet electric natural gas plant to take out the tape backups at Steel Mountain, Mr. Robot elaborates:
Once we blow up the pipeline, Darlene's worm will kick into high gear at the US datacenter, which you helped us to install. Thank you very much. The redundant backups at their eastern datacenter in China? The dark army is covering us on that.
Okay, we've learned the way they'll do it is with a worm, which Darlene wrote. A worm is malware that is designed to replicate itself and carry a payload. In S01E08, after successfully entering the work order to remove the honeypot around CS30, Elliot states:
In 43 hours, exactly, our server will no longer be a honeypot, and that rootkit you wrote will take down Evil Corp. We did it Darlene. It's going to happen.
Despite what Lloyd might have said, rootkits are not serial rapists with very big dicks. They're malicious code designed to hide the presence of an attacker (inc. processes they might be running, alterations to system login and authentication modes to accept a backdoor credential) and their tools on a system once it has been compromised. Unqualified, the term "rootkit" commonly refers to kernel-mode rootkits, which operate directly within the context of the operating system, and frequently loaded through the same facilities provided for installing new device drivers. They can hide files/directories, running processes, network connections, and themselves (e.g. in the list of loaded drivers) from scanning entities on the same system. One way to detect a rootkit is to look for discrepancies between what tools on the system report (e.g. in terms of active network connections) versus what is observed externally (e.g. on a network monitoring device). That makes the discussion of "honeypots" a little bit strange. A honeypot usually refers to a target on a network that's designed to be enticing to attackers, so that they try to hack it, but isn't "real" in the sense that it processes real data. It might be instrumented such that probing and reconnaissance activities targeting the honeypot are tied to network hacking alerts. I can think of one of three interpretations of what turning server cs30 into a honeypot might mean:
They've installed additional monitoring software on cs30.
They've replaced cs30 with a totally different system that looks like cs30 to an outsider.
They've installed additional network monitoring around cs30.
But none of these interpretations really make sense. If it's #1, if the rootkit was written properly, it's likely that additional monitoring would be fruitless, and the attack could be carried out without the whole Whiterose meeting riddles. If it's #2, then the rootkit would probably not have been copied over to the clone, and fscociety would have noticed their server misbehaving. Unless, of course, E-Corp discovers the rootkit on cs30 as part of this process, in which case, they could have just cleaned it up, and closed off fsociety access to the internal server. If it's #3, then the periodic use of the backdoored access to cs30 by fsociety should have been noticed by looking at that network monitoring data, likewise leading to a server cleanup and removal of the backdoor. I'll chalk this up to somewhat cavalier and imprecise use of technical terminology by a TV show, and press on. What have we learned so far?
fsociety has backdoor root access to an internal server at E-Corp, which is adequately hidden by a rootkit
fsociety will use a worm to propagate a data destruction payload throughout the E-Corp network using privileged credentials extracted from that server
In S01E09, after Tyrell coerces Elliot into showing him the fsociety arcade:
Tyrell: What is it that you're doing exactly? Elliot: Encrypting all the files. All of Evil-Corp's financial records will be impossible to access. The encryption key will self-delete after the process completes.
Wait a second? Encryption? Encryption key? I thought we were after data deletion. Of course, there's a perfectly plausible explanation: deleting data takes time. If you go around rm -rf'ing servers, there's a good chance that recoverable data will be scattered around those hosts. By performing bulk encryption, you overwrite all data on the target systems once, can still permit access to everything on the system while the encryption is occurring, and then destroy the key once the encryption process is completed. This lowers the length of the window in which someone can realize that something has gone terribly wrong. The key is small (tens of bytes, not to gigabytes or hundreds of gigabytes), and can be deleted almost instantaneously. Several full disk encryption systems, including FileVault in macOS, and the now-defunct TrueCrypt have the ability to do this: you start encrypting the drive, but can continue working while the data is read, encrypted, and overwritten unnoticed in the background. Some ransomware strains also follow this practice, so it's not an unreasonable approach. However, cryptography is a loaded foot cannon for the unwary, and it's surprisingly easy to make a small mistake that unravels the whole thing. In S01E10, as Elliot looks for Tyrell at the E-Corp building, in voice-over he says:
A simple program: a worm that can make data unreadable. Malware that took Darlene maybe 2 hours to code. Is that all it takes to kill the world?
And follows with:
I wonder what stage they're at. Denial? Muttering to themselves "no, this can be fixed." Maybe bargaining? Forcing their techs to work overtime to try to decrypt our data. Or have they come to the realization yet that Darlene encrypted everything with 256-bit AES, and it would take an incomprehensible amount of time to crack? That all of their data is actually gone, for good.
AES is a symmetric encryption algorithm in wide use. It's stood the test of time since its standardization in 2000, and lots of people trying to find weaknesses in the last 2 decades. At a 256-bit key length, it would take many multiples of lifetimes of the universe to break, at least so long as computers are still made out of atoms. A quantum computer would not meaningfully assist in this kind of attack, as Grover's algorithm would still require 2128 quantum operations, and this is still going to take many multiplies of lifetimes of the universe to break. But it does raise questions about cryptographic hygiene. Mechanically: what mode of operation is AES being used in to encrypt files? Let's assume Darlene has heard of the ECB penguin and has picked something better like CBC with per-file random initialization vectors. More importantly: where is that key coming from? The right answer is to read it from a operating system provided cryptographically secure random number generator like /dev/urandom on UNIX-like systems, or the equivalent on Microsoft Windows CryptGenRandom. Ideally, perform this random key generation process individually (resulting in unique keys) on every single target system. There have been cases where CryptGenRandom has produced sub-par quality randomness on earlier versions of Windows, but not since Windows XP SP2 or older. My theory is that this is where the fsociety worm went wrong. In S02E01, we see the night of the hack for the first time, and in the terminal we see:
[email protected]:~# ssh -l root bkuw300ps345672-cs30.serverfarm.evil-corp-usa.com [email protected] password: The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usshare/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu May 8 16:26:57 2015 from cs30.serverfarm.evil-corp-usa.com [email protected]:~# cd /opt/2/task/2/fd1nfo/fsociety/hscripts/ [email protected]:/opt/2/task/2/fd1nfo/fsociety/hscripts# ls fuxsocy.py loadmod.py rootkitctrl sniff-out.pcap kernel_modules nuke.py sn1ff worm.py [email protected]:/opt/2/task/2/fd1nfo/fsociety/hscripts# ./fuxsocy.py
"Loading Source of Entropy" you say? That sounds awfully like a userspace random number generator. If the entropy pool is too small, or if the random number generation process is otherwise flawed, the key fed into the AES encryption process might be much more predictable than the 256-bit key length would suggest. There was a major incident of this type discovered in 2006, where the Debian GNU/Linux package maintainers for OpenSSL (a popular, and widely used, though terrible) cryptography library commented out some lines that were generating code safety warnings when packaging it for the Debian distribution. Turns out these lines were essential to introducing any kind of real randomness for uses by the library, and this includes key generation and certain signing operations. The fallout was that the affected versions of OpenSSL on Debian GNU/Linux would only generate 32,768 or 214 distinct keys. This also affected things like ECDSA signing, which was mirrored in 2013 when a similar vulnerability in Android led to the theft of about 56 Bitcoins. You would have to know how the flawed key generation was implemented, and it would not necessarily be obvious looking at the keys from the outside, but if there was a flaw of this magnitude, you could break that "256-bit" key almost instantly with e.g. 14-bits of effort. The use of Debian on the E-Corp servers might be a suggestive hint to this historical fiasco too. The screen output also suggests that there might have been a single key generated at the start of the process that was copied as part of the data destruction payload to all of the E-Corp servers. Not ideal from a cryptographic hygiene standpoint. In the post-credits scene of S02E12, Trenton and Mobley discuss:
Trenton: Have you given any more thought to what I said? Mobley: I don't want to discuss this. Trenton: Mobley... Mobley: Fredrick. Trenton: Seriously, Fredrick, what if we could? This might work. Mobley: And also, it might not. I've taken enough risks for one lifetime, I don't want to discuss it anymore. Trenton: But what if we could generate the keys... Mobley: Tanya... will you just please shut up? Trenton: What? This is important. We need to talk about it. ... Trenton: Please, just look at it. Mobley: Okay, so what? Say I did. Then what? Trenton: If what I discovered is real, do you know what that means? Mobley: Yeah, I know exactly what it means. Trenton: Yeah, it means we could potentially undo this whole thing. Put everything back the way it was. Mobley: I know. I know. Trenton: Please. Just look at what I found.
I bet they've looked over the fsociety data destruction payload code and discovered a way to reproduce the key, precisely because there's this kind of flaw in it. Finally, during Tyrell's AMA, a.k.a. S03E03, we get another shot of stage 1 running:
Thread #7 - 233 hosts online, initiating SCP transfer Waiting on thread updates ... Thread #2 - SCP complete. launched encryption tasks Thread #6 - SCP complete. launched encryption tasks Waiting on thread updates Thread #2 - Encryption tasks completed & verified Updating process log Thread #2 - Obtaining next hosts ... read 256 addresses Waiting on thread updates Thread #6 - SCP complete. launched encryption tasks Waiting on thread updates Thread #2 - Starting tasks on 10.0.0.29/24
I interpret this as cs30 copying (via SCP) the data destruction payload to every server on the E-Corp network. The 10.0.0.0/8 IP addresses are designated internal network addresses, and are common for large internal business networks. It's odd that E-Corp would have a totally flat network, and also odd that cs30 itself seems to be copying the payload everywhere (not very worm-like), but perhaps this is just artistic license from the VFX guys. Given how little we see of this screen, and how it was effective at wiping out E-Corp, I think it's safe to assume that the payload being transferred over SCP is both a propagator (i.e. the worm) and a data destruction payload, which would also address it spreading over the entire E-Corp network, even if it isn't flat. It is still suggestive of the single-key possibility though. So, did Darlene fuck up the crypto? I think so. There's a few more suggestive quotes. In S01E06, after dropping USB flash drives in the police parking lot for Elliot, the malware is blocked by antivirus.
Elliot: Did you write that exploit yourself? Darlene: I had an hour. Elliot: So what? You just pulled code from Rapid9 or some shit? Since when did you become a script kiddie? Darlene: I repeat: I had an hour.
We learn that Darlene can be sloppy when doing things quickly, and re-iterating Elliot's voice-over in S01E10:
Malware that took Darlene maybe 2 hours to code.
And another off-hand remark in S01E08:
Elliot: How'd it go with the climate control hack? Darlene: Handled. I happen to be really smart and good at things. Not like you give a shit.
There's a lot of ways that subtle faults in a cryptographic implementation can lead to the entire system coming tumbling down. Darlene might be an expert malware coder, but that's not a universal skill that necessarily translates over to other aspects of information security. If you're curious about not falling into "bad noob practices" with crypto, there's a great set of cryptography building and breaking challenges that don't require much more than basic algebra, statistics, and coding skills. Wildly speculating now:
The Dark Army has a copy of the original payload. Irving was probably directed to take a copy of it during the Dark Army visit to the arcade.
It's likely that the Dark Army analyzed and discovered this cryptographic flaw as a result.
Now that stage 2 has been executed, knowledge of this flaw is the only thing that could prevent the final collapse of E-Corp.
Leon's visit to Arizona is far from friendly, because the Dark Army will probably want to have oversight over anyone who might have seen the flawed code. Since Elliot (as Mr. Robot) is working with them, and Darlene is being minded by their inside guy at the FBI, they're under control. Romero is dead. That leaves Trenton and Mobley. RIP.
Why is does it take so long to shut down an node used only as a JSON-RPC server?
I'm trying to sync a full node that will only be used as a JSON-RPC server (no mining). I tried to modify the config file and added a service unit, so that the node can run in a low-end VPS with minimum RAM and CPU capabilities. The problem is that the server takes too long to stop, and it's terminated by the system, so it always start rewinding blocks that have been already downloaded. Here is my configuration file:
server=1 daemon=1 #debug=mempool debug=rpc # If run on the test network instead of the real bitcoin network # testnet=1 # You must set rpcuser and rpcpassword to secure the JSON-RPC api # Please make rpcpassword to something secure, `5gKAgrJv8CQr2CGUhjVbBFLSj29HnE6YGXvfykHJzS3k` for example. # Listen for JSON-RPC connections on (default: 8332 or testnet: 18332) rpcuser=myuser rpcpassword=pypassword rpcport=8332 # Enable blocks pruning #prune=550 # Limit dbcache=50 maxconnections=4 rpcthreads=2
And the service unit:
# It is not recommended to modify this file in-place, because it will # be overwritten during package upgrades. If you want to add further # options or overwrite existing ones then use # $ systemctl edit bitcoind.service # See "man systemd.service" for details. # Note that almost all daemon options could be specified in # /etc/bitcoin/bitcoin.conf [Unit] Description=Bitcoin daemon After=network.target [Service] ExecStart=/usbin/bitcoind -daemon=0 -datadir=/home/jsonrpc/bitcoin -conf=/home/jsonrpc/bitcoin/settings.conf ExecStop=/usbin/bitcoin-cli -datadir=/home/jsonrpc/bitcoin -conf=/home/jsonrpc/bitcoin/settings.conf stop # Creates /run/bitcoind owned by bitcoin #RuntimeDirectory=/home/jsonrpc/bitcoin WorkingDirectory=/home/jsonrpc/bitcoin User=jsonrpc Group=jsonrpc TimeoutStopSec=15m #CPUQuota=4% #MemoryLimit=128M #IOReadIOPSMax=10 #IOWriteIOPSMax=10 Type=simple #Restart=on-failure # Hardening measures #################### # Provide a private /tmp and /vatmp. PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true # Use a new /dev namespace only populated with API pseudo devices # such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true # Deny the creation of writable and executable memory mappings. # Commented out as it's not supported on Debian 8 or Ubuntu 16.04 LTS #MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target
Show notes for Security Endeavors Headlines for Week 5 of 2019 InfoSec Week 6, 2019 (link to original Malgregator.com posting) The Zurich American Insurance Company says to Mondelez, a maker of consumer packaged goods, that the NotPetya ransomware attack was considered an act of cyber war and therefore not covered by their policy. According to Mondelez, its cyber insurance policy with Zurich specifically covered “all risks of physical loss or damage” and “all risk of physical loss or damage to electronic data, programs or software” due to “the malicious introduction of a machine code or instruction.” One would think that the language in the cyber insurance policy was specifically designed to be broad enough to protect Mondelez in the event of any kind of cyber attack or hack. And NotPetya would seem to fit the definition included in the cyber insurance policy – it was a bit of malicious code that effectively prevented Mondelez from getting its systems back up and running unless it paid out a hefty Bitcoin ransom to hackers. Originally, Zurich indicated that it might pay $10 million, or about 10 percent of the overall claim. But then Zurich stated that it wouldn't pay any of the claim by invoking a special “cyber war” clause. According to Zurich, it is not responsible for any payment of the claim if NotPetya was actually “a hostile or warlike action in time of peace or war.” According to Zurich, the NotPetya cyber attack originated with Russian hackers working directly with the Russian government to destabilize the Ukraine. This is what Zurich believes constitutes "cyber war." https://ridethelightning.senseient.com/2019/01/insurance-company-says-notpetya-is-an-act-of-war-refuses-to-pay.html Reuters reports that hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients. According to investigators at cyber security firm Recorded Future, the attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets. Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients. https://www.reuters.com/article/us-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUSKCN1PV141 A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards. Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols. This new vulnerability has been detailed in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year. According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks.The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network. Current IMSI-catcher devices target vulnerabilities in this protocol to downgrade AKA to a weaker state that allows the device to intercept mobile phone traffic metadata and track the location of mobile phones. The AKA version designed for the 5G protocol --also known as 5G-AKA-- was specifically designed to thwart IMSI-catchers, featuring a stronger authentication negotiation system But the vulnerability discovered last year allows surveillance tech vendors to create new models of IMSI-catchers hardware that, instead of intercepting mobile traffic metadata, will use this new vulnerability to reveal details about a user's mobile activity. This could include the number of sent and received texts and calls, allowing IMSI-catcher operators to create distinct profiles for each smartphone holder. https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/ The Debian Project is recommending the upgrade of golang-1.8 packages after a vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in the “go get” command, which could result in the execution of arbitrary shell commands. https://www.debian.org/security/2019/dsa-4380 It is possible to trick user’s of the Evolution email application into trusting a phished mail via adding a forged UID to a OpenPGP key that has a previously trusted UID. It's because Evolution extrapolates the trust of one of OpenPGP key UIDs into the key itself. The attack is based on using the deficiency of Evolution UI when handling new identifiers on previously trusted keys to convince the user to trust a phishing attempt. More details about how the flaw works, along with examples are included in the article, which is linked in the show notes. Let’s take a minute to cover a bit of background on Trust Models and how validating identities work in OpenPGP and GnuPG: The commonly used OpenPGP trust models are UID-oriented. That is, they are based on establishing validity of individual UIDs associated with a particular key rather than the key as a whole. For example, in the Web-of-Trust model individuals certify the validity of UIDs they explicitly verified. Any new UID added to the key is appropriately initially untrusted. This is understandable since the key holder is capable of adding arbitrary UIDs to the key, and there is no guarantee that new UID will not actually be an attempt at forging somebody else's identity. OpenPGP signatures do not provide any connection between the signature and the UID of the sender. While technically the signature packet permits specifying UID, it is used only to facilitate finding the key, and is not guaranteed to be meaningful. Instead, only the signing key can be derived from the signature in cryptographically proven way. GnuPG (as of version 2.2.12) does not provide any method of associating the apparent UID against the signature. In other words, from e-mail's From header. Instead, only the signature itself is passed to GnuPG and its apparent trust is extrapolated from validity of different UIDs on the key. Another way to say this is that the signature is considered to be made with a trusted key if at least one of the UIDs has been verified. https://dev.gentoo.org/~mgorny/articles/evolution-uid-trust-extrapolation.html If you’re up for some heavy reading about manipulation and deceit being perpetrated by cyber criminals, it may be worth checking out a piece from buzzfeednews. It tells a woeful and dark tale that does not have a happy ending. A small excerpt reads: “As the tools of online identity curation proliferate and grow more sophisticated, so do the avenues for deception. Everyone’s familiar with the little lies — a touch-up on Instagram or a stolen idea on Twitter. But what about the big ones? Whom could you defraud, trick, ruin, by presenting false information, or information falsely gained? An infinite number of individual claims to truth presents itself. How can you ever know, really know, that any piece of information you see on a screen is true? Some will find this disorienting, terrifying, paralyzing. Others will feel at home in it. Islam and Woody existed purely in this new world of lies and manufactured reality, where nothing is as it seems.” https://www.buzzfeednews.com/article/josephbernstein/tomi-masters-down-the-rabbit-hole-i-go Security researchers were assaulted by a casino technology vendor Atrient after responsibly disclosed critical vulnerabilities to them. Following a serious vulnerability disclosure affecting casinos globally, an executive of one casino technology vendor Atrient has allegedly assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. The article covers the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed. https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ Article 13, the new European Union copyright law is back and it got worse, not better. In the Franco-German deal, Article 13 would apply to all for-profit platforms. Upload filters must be installed by everyone except those services which fit all three of the following extremely narrow criteria: Available to the public for less than 3 years Annual turnover below €10 million Fewer than 5 million unique monthly visitors Countless apps and sites that do not meet all these criteria would need to install upload filters, burdening their users and operators, even when copyright infringement is not at all currently a problem for them. https://juliareda.eu/2019/02/article-13-worse/ Researchers from Google Project Zero evaluated Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS. There are bypasses possible, but the conclusion says it is still a worthwhile exploitation mitigation technique. Among the most exciting security features introduced with ARMv8.3-A is Pointer Authentication, a feature where the upper bits of a pointer are used to store a Pointer Authentication Code (PAC), which is essentially a cryptographic signature on the pointer value and some additional context. Special instructions have been introduced to add an authentication code to a pointer and to verify an authenticated pointer's PAC and restore the original pointer value. This gives the system a way to make cryptographically strong guarantees about the likelihood that certain pointers have been tampered with by attackers, which offers the possibility of greatly improving application security. There’s a Qualcomm white paper which explains how ARMv8.3 Pointer Authentication was designed to provide some protection even against attackers with arbitrary memory read or arbitrary memory write capabilities. It's important to understand the limitations of the design under the attack model the author describes: a kernel attacker who already has read/write and is looking to execute arbitrary code by forging PACs on kernel pointers. Looking at the specification, the author identifies three potential weaknesses in the design when protecting against kernel attackers with read/write access: reading the PAC keys from memory, signing kernel pointers in userspace, and signing A-key pointers using the B-key (or vice versa). The full article discusses each in turn. https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html There is a dangerous, remote code execution flaw in the LibreOffice and OpenOffice software. While in the past there have been well documented instances where opening a document would result in the executing of malicious code in paid office suites. This time LibreOffice and Apache’s OpenOffice are the susceptible suites. The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the software using a hidden onmouseover event. To exploit this vulnerability, the researcher created an ODT file with a white-colored hyperlink (so it can't be seen) that has an "onmouseover" event to trick victims into executing a locally available python file on their system when placing their mouse anywhere on the invisible hyperlink. According to the researcher, the python file, named "pydoc.py," that comes included with the LibreOffice's own Python interpreter accepts arbitrary commands in one of its parameters and execute them through the system's command line or console. https://thehackernews.com/2019/02/hacking-libreoffice-openoffice.html Nadim Kobeissi is discontinuing his secure online chat Cryptocat. The service began in 2011 as an experiment in making secure messaging more accessible. In the eight ensuing years, Cryptocat served hundreds of thousands of users and developed a great story to tell. The former maintainer explains on the project’s website that other life events have come up and there’s no longer available time to maintain things. The coder says that Cryptocat users deserve a maintained secure messenger, recommends Wire. The Cryptocat source code is still published on GitHub under the GPL version 3 license and has put the crypto.cat domain name up for sale, and thanks the users for the support during Cryptocat's lifetime. https://twitter.com/i/web/status/1092712064634753024 Malware For Humans is a conversation-led, independent documentary about fake news, big data, electoral interference, and hybrid warfare. Presented by James Patrick, a retired police officer, intelligence analyst, and writer, Malware For Humans covers the Brexit and Trump votes, the Cambridge Analytica scandal, Russian hybrid warfare, and disinformation or fake news campaigns. Malware For Humans explains a complex assault on democracies in plain language, from hacking computers to hacking the human mind, and highlights the hypocrisy of the structure of intelligence agencies, warfare contractors, and the media in doing so. Based on two years of extensive research on and offline, Malware For Humans brings the world of electoral interference into the light and shows that we are going to be vulnerable for the long term in a borderless, online frontier. A complete audio companion is available as a separate podcast, which can be found on iTunes and Spotify as part of The Fall series and is available for free, without advertisements. https://www.byline.com/column/67/article/2412 Security Endeavors Headlines is produced by SciaticNerd & Security Endeavors with the hope that it provides value to the wider security community. Some sources adapted for on-air readability. Special thanks to our friends at malgregator dot com, who allow us to use their compiled headlines to contribute to show’s content. Visit them at Malgregator.com. Additional supporting sources are also be included in our show notes More information about the podcast is available at SecurityEndeavors.com/SEHL Thanks for listening and we'll see you next week!
[Reupload][Tutorial] Install Armory Wallet 0.96.4 on Fedora Workstation 29
note: I had to reupload this because reddit is banning my original account for no reason. I appealed but I thought maybe someone wanted to have this content online. Armory is a very cool open source bitcoin wallet for the power user. You can do neat things with it, read here: https://www.bitcoinarmory.com/ Disclaimer: follow these steps at your own risk. I am not responsible for any damage / loss of funds you might face for following or not following correctly my instructions here. I may have made a typo somewhere or be wrong so do your own research and learn for yourself what I am doing at each step, and what consequences may have for you, at your own risk. These instructions may be wrong somewhere. It worked for me, it doesn't mean it has to work for you.
Before, we installed some dependencies that are named differently than the equivalent Ubuntu/Debian package specified at the Armory documentation. The build process fails for Fedora as the name for the dependency during checks won't match the Fedora version. There's this pull request addressing that, but the code is not part of any release yet. So the fastest workaround (maybe a bit dirty) was to edit the build config file and correct the name for my Fedora install. Let's begin. Clone the Armory repository
> object fee1f91a3137ef1056e15cc606a186b0e508f84c > type commit > tag v0.96.4 > tagger goatpig 1522530739 +0200 > > v0.96.4 > gpg: Signature made Sat 31 Mar 2018 11:12:19 PM CEST > gpg: using RSA key 8C5211764922589A > gpg: Good signature from "goatpig (Offline signing key for Armory releases) " > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 745D 707F BA53 968B DF63 AA8D 8C52 1176 4922 589A
if it looks the same, everything is ok. Edit the file 'Makefile' file with
And click the three dot menu > Find and Replace... Configure the options as follows: https://i.imgur.com/hpS01Kd.png Click Replace All and close. Go back to the terminal and run the following commands in order from inside the BitcoinArmory dir. Wait for the previous one to finish before running the next one:
if everything finishes without error you are all done! Run this to start Armory:
you are all set. Please let me know if I missed something.
Electrum will be in the next Ubuntu release in ~1 month. Please help test it now.
Hello, I am magicfab posting from the Bitcoin Embassy account. Yesterday I shared here why I thought it was excellent news that Electrum was recently made available to all Debian GNU/Linux users and its derivatives and how it was so recent that it had missed the time window to be included automatically in one of its derivatives, Ubuntu. I filed a bug report to make an exception and include electrum in Ubuntu now instead of waiting another 6 months, and it was quickly accepted. The package is already available for testing. Don't download it directly! If you're using Ubuntu 13.10 already you can search for electrum with your package manager or just sudo apt-get install electrum. This is the ideal time to install Ubuntu 13.10 and test its functionality and this includes Electrum. Ubuntu "Saucy Salamander" is still in beta, and beta freeze is today. For all intents and purposes, the beta version is very close to what will be released in ~1 month, stable enough to use daily, and specially to test and file important bugs reports. If you find a bug in Ubuntu for Electrum or Debian, this is an excellent time to report it. As the Chief Ambassador here at the Bitcoin Embassy, this is one of the more technical aspects in my role of Bitcoin advocacy that I believe is important to help with. If anyone files a bug report, has similar ideas or other technical requests regarding use of Bitcoin with free open source software / operating systems, PM me at magicfab or Bitcoin_Embassy. tl;dr: Electrum will be in the final Ubuntu 13.10 release :) PM me if you have technical suggestions/requests related to Bitcoin + free software.
GUIDE: How to use Electrum with your Ledger Nano S on Tails 3.7
The official guide doesn’t provide useful info. Moreover, Tails has some restrictions for security and privacy reasons. This guide uses only well-documented features of Tails and doesn’t require any additional stuff (usb-sticks, other OS etc).
This guide assumes both features are activated on Tails Greeter every startup:
encrypted persistence storage;
Tails is based on Debian GNU/Linux. And to detect the Ledger Nano S we need the python library provided by python3-btchip package. This package is available on sid, but it depends on python3 (>= 3.6~). Tails has python 3.5.3 installed. So…
… we’ll install btchip-python library by means of the python’s pip tool. To make this library persistently installed you should activate Tails “Dotfiles” Persistence feature and restart Tails. I don’t know how to configure the pip tool to go through Tor. So this guide suggests to use GitHub repositories. Open terminal in the Home folder and download git repositories:
To check installation open the folder in terminal:
Don’t forget every login update udev rules. Start electrum… and get an error: Firmware version (or “Bitcoin” app) too old for Segwit support. Actually the Electrum 3.0.6 is too old for the latest Ledger Nano S firmware. So download Electrum-3.1.3.tar.gz from the official site and untar it. In the electrum directory, run: 'python3 electrum'. Your feedback is welcome. HODL! EDIT_1: fixed typo. EDIT_2: libudev-dev=237-3~bpo9+1 libudev-dev/stretch-backports EDIT_3: works for Electrum-3.2.2 on Tails 3.8 as well.
The service user 'bitcoin' is added during install. Its homedir is in '/var/lib/bitcoin'. bitcoind.service is disabled by default to allow the user to configure it, before starting it the first time. On package purge, the 'bitcoin' user as well as its homedir is left intact, to not accidentally remove a wallet or something of equal importance. If you aren’t already logged into the computer you want to install Bitcoin on, login now. Make sure you use an account that can use su or sudo to install software into directories owned by the root user. If you logged in graphically, start a terminal. If you logged in another way, we will assume you’re already in a shell. View package lists View the packages in the stable distribution This is the latest official release of the Debian distribution. This is stable and well tested software, which changes only if major security or usability fixes are incorporated. The Chromium Debian package was designed for a Debian-based platform. If your system does not adhere to Debian policy, it may or may not work; anyway, even if it works now, packaging it for your own platform makes more sense than hoping the next upgrade doesn't depend on Debian-specific behavior. apt-get update apt-get install bitcoind. Step 3 ) Install start-up & config scripts. Again, surprisingly for a debian package, there’s no start-up or config installed for you. So you’re going to have to do it yourself. I took the. script found on this forum and edited it as per the thread recommendations with a few tiny mods of my own:
»» Debian Tutorials - Part 3 - Installing Packages ««
This video explains the first steps after a fresh install of Linux. installing packages, configuring the sidoers files and installing X. followed by install a window manager, in this case the ... Debian based. Commands: sudo dpkg --add-architecture i386 sudo apt-get update sudo apt-get install packag... Install and run 64-bit packages on a 32-bit system. Install & update package on Debian without internet Helpful? Please support me on Patreon: https://www.patreon.com/roelvandepaar With thanks & praise to God,... Creating a Debian package in Ubuntu .... Install it... and Use ..... The Crypto Dad shows you how to set up the Ethereum wallet in Debian 9 (Stretch). We go through downloading (with verification) and installing the Ethereum wallet. Important software used is ...