how to Build Bitcoin address and balance database ...

Sobre Tibia, gold farmers y un caso de ayuda y éxito PT2. Son muy buenos consejos de cómo comenzar a programar profesionalmente

Una vez más, reconocimiento al autor original de los post International-Unit-8
Hello,

I have gotten so many replies and messages since my last post in this thread, that I can't answer them all individually. Previous topic:

https://www.reddit.com/TibiaMMO/comments/h8tu5u/a_great_tip_for_brazilians_venezuelans_and_othe

It has been shared on multiple subreddits so I have no idea where to even post this. But I'd like to come up with a follow-up thread with some more information. The internet is the most powerful tool that mankind has ever invented. You have the ability to reach thousands, millions and even billions of people with just a computer and some internet access.

If you're on this subreddit, chances are you're already playing Tibia and you already have a computer and internet access. It doesn't need to be the best internet, but as long as websites will load (eventually) you are good to go.

In this topic I will go more in-depth on web development and software engineering. If you have a very slow internet connection, you may want to look into web development instead of software development. An application/software is much heavier (larger file size) than a website. And most developer jobs require that you send and download files, back and forth, between you and your company's server. So if you feel like your internet is too slow to send a lot of files - do not worry! There are plenty of jobs.

First, I will go through some more details on how to learn web development and software development. After that, I will list a few other kinds of jobs that you can do remotely. These types of jobs can be done from anywhere in the world as long as you have internet access.



Part 1: Some languages you should learn

What is web development? Well, it can be a lot of things. You perhaps make websites for shops/restaurants/hair dressers/dentists, or you work for a big company and work on their web application, like Outlook, Discord or Spotify (which can all be accessed via a browser: their web app). You can also work with design and user experience, instead of programming. Being a web developer can mean so many different things, it's impossible to name them all. But most web developers are just developers: they program. They make websites, and they either sell the websites to companies (as a consultant) or you work full/part-time for a company.

I can not provide in-depth information about every single thing, but I can give you some pointers. The very basics any web developer should know is this:

HTML (HyperText Markup Language) - it's what almost all websites use as a foundation. This is not a programming language, but it is a markup language. If you want to build websites, you pretty much have to know this language. Don't worry though, it is easy. Not so much to learn. You can learn all about it in a few weeks.

CSS (Cascading Style Sheets) - it's what will add colors and shapes to your website. If you want to focus more on design (also known as front end development) then this is where you want to gain a lot of knowledge.

Python - A very simple language to learn. This language is very often the first programming language that developers start using. You can use it for a lot of things. This language is used in the back of a lot of websites. Google has been using Python for years and still is. It's great for web scraping and making web requests. If you want a language to practice your algorithms, then this language is awesome.

PHP - This used to be a very popular language, but not so much these days. However, it is very good to know how this works because it's very simple to learn and also very functional in some cases. If you want to transmit or withdraw information from a database to your website, then this (in combination with SQL) is a great way to do so. Whenever you make a login system or a contact form, the data must be sent somehow to a recipient or a database. PHP will help you do that. It is a server-side language, which means it will run in the back of the website.

SQL - To be able to communicate with databases (for example: save data, update data, or insert data) you can use different languages for that. But SQL is probably the most widely used language for this. It is basically just a bunch of commands that you tell your website or app to do. If you have a web shop for example, you will need a database to store all your product information in. You can for example use MySQL as your database and then use the SQL language to extract data from your database and publish it as a list of products on your website.

JavaScript - Perhaps the most powerful language at the moment. Anyone who is good at JavaScript will be able to learn most other modern programming languages. In recent years, the demand for good JavaScript developers has skyrocketed. It's because more applications are becoming web based, and JavaScript is probably among the most useful languages to use. You can use it for so many things. Previously JavaScript was only being run on the client side of the website (that means in the user's browser). But in recent years, there has been massive development of this language and you are now able to build servers, connect to databases and do very powerful web applications using just this language. A great tutorial for JavaScript was made by Tony Alicea: https://www.youtube.com/watch?v=Bv_5Zv5c-Ts This video is "just" 3.5 hours, but it's the intro. There is a much longer version of it, and you can download it for free if you search for it. Just find it as a torrent and watch it. It's probably the best tutorial I have seen for JavaScript.

C# - It's pronounced as "C Sharp". This language has been dominating the software engineering market for decades at this point. Everyone loves it. It's relatively easy to learn and you can build a lot of stuff in C#. It's very much like JavaScript, but focuses more on application development rather than website development. I would however try to avoid learning this language if you have very slow internet, since you will most likely be sending a ton of files back and forth. But if application (computer & phone) is your thing, then this language is great. There are so many tutorials on this, but there is 1 channel on YouTube which teaches a lot of the basics in C# (and many other languages) and that channel is called ProgrammingKnowledge. Sure, his C# videos may be old now but most of it is still relevant and useful. You will learn a lot by watching his videos. It's always good to start from the beginning and then when you're familiar with that, you can learn more about the recent updates in C#. https://www.youtube.com/watch?v=V2A8tcb_YyY&list=PLS1QulWo1RIZrmdggzEKbhnfvCMHtT-sA

Java - This is pretty much 90% identical to C# as I wrote above. Widely used, relatively easy to learn the basics and there's plenty of jobs. If you like making android apps, this language is for you.



Part 2: Technologies and useful tools

To become a web developer you will need a few tools. You need a text editor, a FTP client, a SSH client and some other things. Also a good browser.

Text editor: Visual Studio Code, Atom, Sublime Text, Brackets - There are many different text editors but at the moment, I highly recommend Visual Studio Code. It has so many built-in features it's honestly the only thing you may need.Don't forget to install Notepad++ as well - this very basic editor is so handy when you just quickly need to edit some files.

File archiving: WinRar, 7-Zip - You need some way of archiving projects and send it to your customer or employer. These are basic tools anyone should use. I personally use Winrar.

FTP (File Transfer Protocol): FileZilla - This tool will allow you to connect to your website's file manager and upload your files to it. There are many tools for connecting to an FTP server but this is the most popular one, it's simple and it works great.

VPS (Virtual Private Server): Amazon Web Services, Google Cloud - If you want to practice building web applications or want to host your own website as a fun project, it's great to use a VPS for that. Both Amazon and Google offers 365 days of free VPS usage. All you need is a credit card. However, they will not charge you, as long as you stay below the free tier limit. A VPS is basically a remote computer that you can connect to. I highly recommend that, if you have a slow internet connection. Those VPS-servers (by Amazon and Google) usually have 500mbit/s internet speed, which is faster than most countries in the world. You simply connect to them via Remote Desktop, or by SSH. Depending on what type of server you are using (Windows or Linux).

SSH (Secure Shell): Solar-PuTTY, PuTTY - If you for example have a web server where you store applications and files, a great way to connect to it is by using SSH. PuTTY is pretty much the standard when it comes to SSH clients. But I really love the version created by SolarWinds. When you download that one, do not enter your personal details. Their sales people will call you and haunt you! Haha.

File Searching: Agent Ransack - When you have many files and try to locate a specific document or file, you may want to use something like Agent Ransack. Much faster than the traditional search feature in Windows and it is much more accurate.

IDE / Code Editor: Visual Studio - Great tool to use when you want to create applications in C# for example. Do not confuse this with Visual Studio Code. These are two very different tools. This tool (Visual Studio) is more designed for Windows applications. Not just websites. I only recommend getting it if you plan to make programs for Windows.

Web host & domain: NameCheap, Epik, SiteGround - If you develop websites on your own, or maybe want to create a portfolio website, you will need a domain name and web hosting. I have personally used all of these 3 and they are very cheap. NameCheap has some of the cheapest domains and great web hosting for a low price. Their support is also great. Same with SiteGround. And if you want to buy a domain anonymously (with Bitcoin for example), then you can use Epik. Low prices and great customer service on all these 3 websites.

Web Server: XAMPP, Nginx - If you plan to practice PHP, you will need to have a web server on your local computer. If you have Windows, I would highly recommend installing XAMPP (Apache). It is very easy to use for beginners. If you're on Linux, I would recommend Nginx. Also check our PhpMyAdmin if you want to quickly setup a MySQL database locally.Bonus tip: If you use Visual Studio Code to create websites in HTML, CSS and JavaScript: then install the extension "live server" and you can run your applications on a live server without setting it up yourself. Tutorial: https://www.youtube.com/watch?v=WzE0yqwbdgU

Web Browser: Mozilla Firefox, Microsoft Edge Insider, Google Chrome - You need one of the latest web browsers to create websites these days. Since I prefer privacy over functionality, I've always loved Firefox. But recently, Microsoft has been improving its new version of Edge a lot (based on Chromium) and it's also very popular. If you want all your personal details to be saved and have good tools for web development, then use Google Chrome. Don't forget to utilize the built-in developer tools. You can access it in any of these browsers by pressing F12.



Other things you may want to look into:

Web services, SSL certificates, Search Engine Optimization, Databases, API, Algorithms, Data Structures



Part 3: Learning platforms

https://www.youtube.com/

https://www.w3schools.com/

https://leetcode.com/

https://stackoverflow.com/



If you want to learn in-depth about algorithms, data structures and more. Then you can take a look at the curriculum of the top-tier universities of USA. Such as: UC Berkeley, Harvard and MIT. These courses are very hard and are specifically for people who want to become experts in software engineering. You can enroll some of them for free, like the one on Harvard. And by having a such diploma (which costs $90 extra) can get you a lot of job opportunities. You can enroll those courses if you want, but it can have a fee. But just take a look at what they are studying and try do their exercises, that is 100% free. Get the knowledge. It's mostly on video too! These course below are the very same courses that many of the engineers at Facebook, Google, Amazon, Apple, Netflix, Uber, AirBnb, Twitter, LinkedIn, Microsoft, etc. has taken. It's what majority of people in Silicon Valley studied. And it's among the best classes that you can take. These course are held by some of the world's best professors in IT.



UC Berkeley: CS 61a & CS 61b:

https://inst.eecs.berkeley.edu/~cs61a/fa19/

Video playlist here: https://www.youtube.com/watch?v=0_LryzvBxFw&list=PL6BsET-8jgYVAaK0jGVTWr9R5g7kSMQ8i

https://inst.eecs.berkeley.edu/~cs61b/fa19/

Videos: https://www.youtube.com/channel/UCNBSbBTFx8nFahcQyZOYOgQ



Harvard University: CS50 (free enrollment --- 90$ to get a certificate).

https://online-learning.harvard.edu/course/cs50-introduction-computer-science



MIT (Massachusetts Institute of Technology): 6.006

https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-006-introduction-to-algorithms-fall-2011/

Held by Erik Demaine. One of the best - if not THE best - professor at MIT. Just look at this resume. It's almost 50 pages long! https://erikdemaine.org/cv.pdf



Part 4: Finding jobs

https://www.linkedin.com/

https://marketing.hackerrank.com/

https://www.glassdoor.com/index.htm

Facebook groups for web developers, freelancing, remote work, etc.

Portfolio / Code Sharing / Source Control:

https://github.com/



Part 5: Other types of jobs you can work with (remotely) - with/without coding experience

SEO (Search Engine Optimization)

Translations (Spanish/Portuguese, etc.)

Affiliate Marketing (look into Clickbank.com - and use Facebook Ads to promote products)

Design (web design, photo design, etc.)

Copywriting (write sales letters for companies)

Database manager (monitor and administrate a company's database)

YouTube - make YouTube videos to gain views. Views = Money.

Dropshipping (use Shopify.com for example) and sell products in a webshop. Benefit with dropshipping is that you don't personally store the products.

Customer support

more...? Banking, economics, etc.



You can find information about all of the things I have mentioned by using YouTube or Google search.

Hope it helps.



And I hope that in 1 year, there will be at least some new web developers in Brazil, Venezuela and other countries in South America.
submitted by jesuskater to memezuela [link] [comments]

AMA Recap of CEO and Co-founder of Chromia, Henrik Hjelte in the @binancenigeria Telegram group on 03/05/2020.

Moh (Binance Angel)🇳🇬,
Please join me to welcome, “CHROMIA CEO & Co-founder, Henrik Hjelte” and “ CMO, Serge lubkin”
Oh, before we proceed, kindly introduce yourselves and tell us a bit about your roles at Chromia u/sergelubkin & u/henrik_hjelte.
Henrik Hjelte,
Ok, I’m Henrik, I’m CEO of ChromaWay that crated the Chromia project. My background is a bit mixed: developer for 30+ years (since 80: s), but I studied other things at university (economics, politics, social sciences philosophy). Life is more than computer you know… I worked with FInance/IT then started a web startup and got to know Alex Mizrahi who worked as a developer….
Web startup didn’t fly, but Alex showed me bitcoin. When I finally read the whitepaper I was blown away, and joined Alex colored-coins project, the first open source protocol to issue tokens. in 2013.
So, we started with open-source tokens (that kickstarted the blockchain industry. Then started company together 2014.
That is a long intro, I’ll shut up now… Thanks….
Serge,
I’m Serge, I’m assisting Henrik today and I work with Chromia marketing team as well as on some business development projects
Moh (Binance Angel)🇳🇬, , Question No 1 :
Kindly describe the CHROMIA project and what it aims to achieve?
Henrik Hjelte,
Chromia is a new public blockchain based on the idea of integrating traditional databases, Relational databases with blockchain security. Chromia is a general purpose blockchain with full smart contract capabilities, just that it is a lot easier to code, even complex applications. You code with an easy to learn new programming language that combines the power of SQL and normal languages but makes it secure in a blockchain context. Up to 1/10 the code-lines vs other blockchains. There is a blog post about it, I’ll share later. On lines of code.
The aim of Chromia is to combine relational databases, which exist in every kind of organization, together using blockchains. We want to provide a platform for our users to develop totally decentralized apps securely. Our goal is for Chromia to be seen as the number one infrastructure for decentralized applications.
https://blog.chromia.com/reasons-for-rell-compactness/
Moh (Binance Angel)🇳🇬,Question No 2:
What inspired the CHROMIA Core team to pick interest in CHROMIA project? what breakthrough have you achieved so far? what are the present challenges you’re facing and how are you planning to overcome them?
Henrik Hjelte,
We started with public blockchains, tokens in 2012, the world’s first stable coin with a bank 2015 (LHV). When coding that solution, peer to peer payments of Euro-tokens, we discovered we need performance reasons to store all data in a database. We needed to quickly know the “balance” of a user, and can’t loop through a blockchain. And slowly the idea grew that we can make the database INTO a blockchain, integrate completely with the transaction mechanism of a database. So, we did it as a private blockchain first (Postchain), used it for some projects, then came up with the idea to make a Public Blockchain based on it.
The motivation is that we felt we needed a better programming model for blockchains. Our CTO Alex has always been thinking of optimal solutions for blockchain technology and has lots of experiences thinking about it. Also: make real-world useful things. For example, we support free-to-play models since users do not need to own “our” token to USE apps, the application itself (often the developer) pays for hosting. And of course, great performance. Also: more knowledge of who runs nodes and risk level. So, it is more suitable for enterprises.
In Chromia the application (at the start the developer) decides Who should be allowed to run its own blockchain (every dapp has its own blockchain). You can also say on a higher level that we want to provide technology to create “Public applications”, a tool
that enables us to create a fairer world.
https://blog.chromia.com/towards-publicly-hosted-applications/
Moh (Binance Angel)🇳🇬, Question No 3 :
Why did you create your own blockchain instead of leveraging on existing and proven base layer protocol?
Henrik Hjelte,
None of the existing protocols are suitable to support large-scale, mainstream applications. We designed Chromia to give our users exactly what they want; fast support, useful features, with an affordable service cost. Other platforms do not have the ability to host data applications in a decentralized and secure way, as Chromia can. Chromia also has its own bespoke programming language that sets it apart from SQL-based platforms. It’s so easy to use, even non-developers can understand it!
The other big difference with Chromia concerns payments. Chromia gives its users freedom from having to pay for each transaction. With Chromia, you have the flexibility to decide how to set fees for your dapp
And when it comes to “proven base layer protocols”: they are just a few years at max. Chromia is built on top of Postgresql, that has been used in enterprises for decades, a really proven technology. And the Java virtual machine on top of that. This is proven tech, at core.
Moh (Binance Angel)🇳🇬, Question No 4 :
What is Postchain?
Henrik Hjelte,
Postchain is an open-source product of ChromaWay for enterprise clients and it’s the core technology on which Chromia is built.
Postchain is a replicated blockchain and database that offers highly resilient distributed database management with distributed control.
Postchain is the only product on the market that combines the immutable consensus of a blockchain and the properties of a real database management system (You know, the tech that built SAP, Facebook, Banks…) …
Postchain allows you to share information between companies and/or individuals in a secure and transparent way.
That is the low-level base of Chromia you can say
Moh (Binance Angel)🇳🇬,
Can you please name some of your clients that are using this service already?
Serge,
You mean products built on Postchain? Also, Stockholm Green Digital Finance, Green Assets Wallet that’s now functioning on Chromia Bootstrap Mainnet.
Big financial institutions
It’s only a beginning of course, but very promising one. https://greenassetswallet.org/news/2019/12/12/launch-of-the-green-assets-wallet
Henrik Hjelte,
We got a lot of attention with the Swedish Land registry; we did a joint project between them and banks and a telco etc on postchain as base.
Then, right now we do a large project with the Inter-American Development bank also about land-registration (processes) in South America.
We had a client, Stockholm Green Digital Finance, that did a system for green bonds (tracking environmental impact. Yes, as Sege says, it was later moved to Chromia…
Which is cool. Also, another external development company did that phase of the project, proving that other can build on our tech,4irelabs from Ukraine is their name. Some companies using the GAW: Blackrock. SEB Bank etc…
Also, we have done more projects, in Australia, asia etc. Oh Daimler too (the Mercedes company) …
Moh (Binance Angel)🇳🇬,
Lots of enterprise clients you’ve got. No wonder I do see the meme “CHR=ETH KILLER”
Serge,
It’s a meme from our supporters. But we believe we can coexist:)
For some niche things eth is good :)
So, no killing :D
Henrik Hjelte,
We want to work with partners too for this, we can’t do all projects ourselves. Also, for Chromia projects, ChromaWay company can help do support maintenance etc. So, it is not competing, it adds value to the ecosystem.
Yeah ETH is good too, for some applications. We are friends with them from colored-coin times.
And colored-coins inspired ETH, and ETH inspires us.
Moh (Binance Angel)🇳🇬, Question No 5 :
Lastly, CHROMIA is already doing very well in terms of business. You just got listed on BINANCE JEX, you are on-boarding new clients and dishing out new features. But what’s next? Is there anything to be excited about?
Henrik Hjelte,
Plans for 2020 are to both release a series of dapps to showcase how fantastic Chromia is, as well as continue to develop the platform. And when it is secure and good enough, we will release the mainnet.
Dapps are now being made by us as well as others. We do a decentralized social network framework called Chromunity, now released to TestNet. It is really cool, users can vote over moderators, and in the future users might even govern the complete application, how it can be updated. This is a great showcase for Chromia and why we use the slogan Power to the Public.
https://testnet.chromunity.com/
Games coming are:
Mines of Dalarnia (by Workinman Interactive). An action game in a mine with blockchain rental of plots and stuff. Already on TestNet and you can take a peek on it at https://www.minesofdalarnia.com
more coming…
Krystopia 2, novas journey. A puzzle game done by Antler Interactive. Could only find trailer though: https://www.youtube.com/watch?v=-G95-Dw3kI4
However, we have even larger ambitions with blockchain gaming…
We are doing A secret demo-project that we do together with Antler to showcase the technical potential of Chromia platform.
Another exciting relase is an indie game Chain of Alliance, done by two external developers. It is a strategy game with full-logic on blockchain. Public release on TestNet on May 22!
More coming in 2020: Other dapps from other companies, one in impact-tech.
That is a serious app, Chromia also works outside gaming and social media for enterprises and startups
And I hope some of you will do something, we want to support dapps on the platform so reach out to us…
Moh (Binance Angel)🇳🇬,
When can we be expecting the mainnet? Any approximate time? I’m sure the community will really excited to have that info
Serge,
It’s now in Bootstap phase, so it’s technically already functioning. MVP will be very soon
Stay tuned;)
Twitter questions Vs answers
Ellkayy,
What’s the unique thing in Chromia that no other blockchain has, that makes you the better option?
Henrik Hjelte,
Unique: Chromia is the only blockchain that also has a real, proper database built-in. And blockchain is about managing data in a shared context. How to best managed data was solved in computer science already. So far, it is the relational algebra model that is used in 100% of all enterprises, and has an 85% market share. Chromia is the only blockchain that use that model and that power.
Ellkayy,
Why Chromia use RELL and not SQL or JavaScript? Can developers with other language knowledge use Chromia?
Serge,
Rell is the only language on the blockchain side. You can combine with anything on client-side, although now client only exists for JS/TS, C# and Java/Kotlin. Rell is a language for relational blockchain programming. It combines the following features:
1 Relational data modeling and queries similar to SQL. People familiar with SQL should feel at home once they learn the new syntax.
2 Normal programming constructs: variables, loops, functions, collections, etc.
3 Constructs which specifically target application backends and, in particular, blockchain-style programming including request routing, authorization, etc.
Rell aims to make programming as convenient and simple as possible. It minimizes boilerplate and repetition. At the same time, as a static type system it can detect and prevent many kinds of defects prior to run-time.
Roshan DV,
I have been monitoring your project for a while but some concerns about it: Your project will build your own core network, so you have more visibility than Ethereum and NEO. These are projects that were born before and which also have a very large community. And what can assure you that your project will guarantee the functionalities that you have defined?
Henrik Hjelte,
What came first? I want to remind that Vitalik was in the colored-coins project, led by our CTO and we had blockchain in production before ETH and NEO etc existed. We are the old dogs…
Large community: We are part of the same community. When developers are fustrated and want to try new tech, they go to us from other blockchains.
Also, we have a large potential: SQL (close to Rell and our tech) is the world top 3 language. Bigger than Java. Bigger than PHP. Only beaten bny HTML and javascript. Soliditiy is not on top 20 list. THere are millions of developers that know SQL. That is potential for community… (source is Stackoverflow annual programming survey).
Paul (Via Manage),
What are the utilities of Chromia and what purpose does the Chromia coin serve?
Serge,
Chromia meta-token called Chroma (CHR). It is used in Chromia to compensate block-producing nodes by fees. In Chromia, fees are paid by dapps, which can in their turn collect fees from users. Chromia provides mechanisms which balance the interests of developers and users. Dapp tokens can be automatically backed with Chroma, providing liquidity and value which is independent of investment into the dapp. Dapp investors can be compensated in Chroma through a profit-sharing contract. For developers, Chromia offers the opportunity to derive income from dapps. This incentivises the creation and maintenance of high quality dapps because better dapps generate more income and create more demand for tokens owned by the developer. The Chromia model is designed to support sustainable circular economies and foster a mutually beneficial relationship between developers, users, and investors.
Idemudia Isaac,
Thank you very much u/henrik_hjelte u/sergelubkin
You stated your plans for 2020 is to release series of dApps. What kind of large scale, mainstream decentralized application and $Chromia products do you think is suitable for the Nigerian environment?
Henrik Hjelte,
Actually, this is why we want to work with partners. We cannot know everything, For African market we have seen of course payments/remittances (but it has fallen out of trend). We would love to do real-estate /land-registration but we understand we need a strong local partner (more than a single person, a real company or organization driving).
●CC● | Elrond 🇵🇭,
What plans do you have to building a vibrant global community around Rell? And how would you go about encouraging/incentivising such ‘Rellists’ around the world to build dApps on Chromia? u/henrik_hjelte u/sergelubkin
Henrik Hjelte,
For developers (I am one too, or used to be) you normally need to prove a few things:
\ That the tech is productive (can I do apps faster?)*
\ That it is better (less bugs, more maintainable?)*
Then the community will come. We see that all the time. Look at web development. React.js came, and developers flooded to it. Not because of marketing on Superbowl, but because it was BETTER. Fewer bugs and easier to do complex webapps.
So, at core: people will come when we showcase the productivity gains, and that is what we need to focus on.
●CC● | Elrond 🇵🇭,
Why do you choose to build Chromia token on ERC20 instead of other blockchain such as BEP2, TRC20…or your own chain while ERC20 platform is very slow and have a case of fee? u/henrik_hjelte u/sergelubkin
Serge,
So far Ethereum has the best infrastructure, it’s the oldest and most reliable network for tokens. It also became the industry standard which exchanges utilize. We will transfer 80% of all erc20 tokens to our Chromia blockchain when it’s ready for that.
Koh,
In your whitepaper it says in the upcoming version of ChromiaWallet that it will be able to function as a Dapp browser for public use. Q) Will it be similar to the Dapp browser on Trust Wallet?
Serge,
It’s live already try it http://vault-testnet.chromia.com/
It’s the wallet and a dapp browser
CHROMIA is SOLID,
Your metamorphosis is a laudable one,surviving different FUD, how have you been able to survive this longest bear market and continue building and developing cos many projects have died out in this time period!
Henrik Hjelte,
You need to know we started a company before ETH existed. There was 0 money in blockchain when we started. I did it becuase it was fun, exciting tech and MAYBE someone would be interested in the thing we made “Tokens”…
We were never in the crazy bull-market, manly observed the crazies from the side. We fundraised for CHR in a dip (they called it bear market). ChromaWay the company also make money from enterprises.
Алекс,
What is SSO?
What makes it important for chromias ecosystem?
Why should we users be attracted to it?’
Serge,
Chromia SSO is perhaps the most important UX improvement that Chromia offers the decentralized world. It revolutionizes the way users interact with dapps. Any dapp requires users to sign transactions, that means they need a private key. Control of the private key is control of any and all dapps or assets associated with it. This means that private keys have an especially stringent set of security requirements in a blockchain context — they control real value, and there is no recourse if they are compromised or lost. https://blog.chromia.com/chromia-sso-the-whys-and-the-whats/
Olufemi Joel,
How do you see the Chromia project developing in 3 to 5 years, both on the commercial level and on the evolution of the company? What are the plans for expansion in different regions? Are you going to outsource the team/skills or keep it centralized and set up offices?
Henrik Hjelte,
I take part of the question. On outsource: we were a distributed team from day one, with co-founders from 3 countries (still living there). We are distributed now, Ukraine, Sweden, Vietnam, Croatia, China are “hubs” then we have individuals too. No big plan, just where we found great developers…
Park Lee, u/henrik_hjelte
You claim CHOROMIA have fast support, useful features with an affordable service cost. That fast and the fees are cheap but can you guarantee stability?
What’s the Algorithms which are used by CHROMIA for that fast? And Can you explain it?
Serge,
We use PBFT protocol with some features of DPOS, this plus sidechains parallelism offers almost unlimited speed and scalability. We also use the feature called anchoring to secure all transactions in batches on Bitcoin blockchain.
Mario Boy,
What are you guys trying to achieve as an end goal? The next Ethereum? Or the next enterprise version of Ethereum? Or something different?
Henrik Hjelte,
The end goal… good question. When we started in 2014 there were no other blockchain companies, so we wanted to do the best blockchain technology in order to enable a decentralized world with more fair applications. And that is what we still do. Technology/software that can enable people to make a fairer world
Erven James Sato,
“STAKING” is one of the STRATEGIES to ATTRACT USERS and ACHIEVE MASS ADOPTION
Does your GREAT PROJECT have plan about Staking?
Serge,
Yes, we announced our staking plans couple of months ago https://blog.chromia.com/on-providers-and-stakes/
We are working with our current partners to make it accessible for general public.
Chizoba,
I often see Chromia and ChromaWay being used interchangeably, what is the relationship between the two?
Henrik Hjelte,
ChromaWay the company started Chromia from code done as postchain. This is normal in open-source development, a company that leads development. But Chromia will be a decentalized network, so ChromaWay will not make direct money out of it more than if we have a role as a Provider (and get payed for hosting). ChromaWay can indirectly make money from optional support and maintenance etc. Also, this, perfectly normal in open-source world.
And it also benefits Chromia that there is a market for support.
A market open for competition.
No special treatment for “ChromaWay”
Enajite,
How to start coding on Chromia?
Henrik Hjelte,
Go to https://rell.chromia.com and follow the tutorial. Enjoy the free time you get compared to other blockchain languages…
●CC● | Elrond 🇵🇭,
Chromia process 500 TPS, these is slow compare to other Blockchains, where we can see now 60K TPS if more capacity require, how can that be? u/henrik_hjelte u/sergelubkin
Serge,
Yes, if you need faster speed you can use parallelism by having multiple blockchains for your dapp. Also, by optimization and better architecture sky is the limit.
Delphino.eth ⟠,
Can we consider Chromia an hybrid? For its mixing of Blockchain and a Database?
Henrik Hjelte,
Yes and no. I want to stress that Chromia is a FULL blockchain. It is not only “inspired”. It is a blockchain AND a database.
I tend to think about Hybrid more in the usecases that you might have as a customer. For example, a bank might want to have some data/transactions private (as a private blockchain) and have another half of the application with public data (on Chromia). So that is a hybrid solution, and Chromia ROCKS in that segment since it is the only blockchain that is complete relational database (what the normal world uses anyway for 85% of all applications)
Example area: “open banking”
Steve bush,
How will Chromia I have any empower Investors, Companies, Developers, Platform Users to
deliver impactful solutions and bring value to people all over the world?
Henrik Hjelte,
In order to make blockchain go big, we need to have users. Users need to be able to use apps with ease. Chromia have features like single-sign on (ease of use), but importantly do not require owning tokens to USE apps.
Also, it needs to be easy to make applications. For example, if you are a student in US and came up with an idea, you want to make an application for your school. Let’s call it “thefacebook”. You code something in PHP and MySQL. DID YOU SEE THAT. SQL. SQL.SQL. It is the same tech that Chromia has but no one else in the blockchain business. SQL rules the world if you look outside the crypto bubble. Google the Oracle head-office… 100% of all enterprises use it… Because it is easy and powerful.
And we even improve on SQL with Rell….
So, compare that with a hacky virtual machine that have a few years…. 😊
August,
“Mines of Dalarnia” is a game that has caught my attention a lot, due to its simplicity and quality. But in the time that I have used it I have not been able to differentiate between the Chromia blockchain of this game and that of the competition? What other games do you have next to develop? I would like to give ideas in those games like a Gamers!
Henrik Hjelte,
We thought about in corona time sports club might want to engage more with their fans digitally. And of course, E-Sports is getting a real momentum as the young generation grows up. Now a bit sad that all games are centralized. My daughter will be sad when (at some day?) they will close down roblox… it happens to all centralized apps eventually… that is what we fix. Power to the Public to control apps and their future. I’ll repost again Alex post. Sorry I like it a lot… https://blog.chromia.com/towards-publicly-hosted-applications/
Bisolar,
Good day Chromia team from a Chromia fan
Can you tell us Chromia’s geographical focus at the moment and the proces it follows for it BUSINESS DEVELOPMENT?
What factors do you consider before identifying NEW MARKETS to enter?
Serge,
Chromia will initially focus on community building in China, Korea, US and Europe. The focus of community growth will gradually expand to other markets as the project gains popularity.
Current community growth strategies of Chromia include:
Chromia blockchain incubator creation to welcome more projects to the Chromia blockchain
Host blockchain gaming conferences, workshops, and meetups to engage with potential users.
Provide online and face-to-face tutorials to engage with dapps developers.
Attract blockchain developers through direct and indirect approach via specialized platforms and communities.
Develop our relations with existing and previous corporate clients, and their partnership networks to participate in their blockchain ventures
Launch Node program to encourage system providers to run nodes on the Chromia blockchain.
Staking program for Chroma (CHR) tokens
Active community engagement via social channels.
Future community growth strategies of Chromia after Mainnet launch include:
Partner with more gaming studios, startups and enterprises
Build local communities with Ambassador Programs.
Partner with external incubator and accelerators to provide blockchain expertise and introduce projects to Chromia ecosystem
Continue organizing hackathons around the world to attract more developers.
Emmanuel,
I want to know the current structure of your roadmap? What is the future roadmap of CHROMIA? Is there any key milestone coming???
Henrik Hjelte,
It is easy to do a roadmap; anyone can make a pape plan. But I think they are used in the wrong way. Software is hard, blockchain is even harder because it NEEDS TO BE SECURE. No MVP releases. We cannot even have roadmap deadlines and skimp on quality. Where we are now though is: Rell language finished so much that developers can write apps and see its magic. We have external devs doing dapps. We have the first phase of mainnet. We have a series of releases coming up. We will release mainnet when it is secure enough, and gradual roll out. I think quite soon, development is going great at the moment, a bit quicker than we though.
Ellkayy,
Why doesn’t Chromia transactions use gas? How do you power transactions then?
Serge,
Main feature of gas in Ethereum is to pay for transactions for miners get rewards. In our scenario Providers get rewards from dapp owners. So dapp owner pays for storing their dapp. It’s like Amazon Web Service model. Then dapp owner can monetize it in its own way.
Ellkayy,
Many developers don’t know RELL, just Solidity and SQL. Is this a barrier or threat to Chromia? Why RELL is better?
Henrik Hjelte,
Very few developers know Solidity. Do a search on github. I referred previously to stackoverflow programming language survey results. https://insights.stackoverflow.com/survey/2019#technology
If you know SQL, you learn Rell in a day.
SQL is the top 3 language here. I’d say there are millions that can easily jump to Rell.
Soldity or other blockchains, not on top 20 list even.
Rell is a hipper, nicer version of SQL that is also a “normal” programming language.
Developers like to learn new things, new languages. Otherwise we would be stuck with PHP, the DOMINANT language. Well, is it still? Seems javascript and react.js and node etc is taking over…
Moh (Binance Angel)🇳🇬,
This brings us to the end of the AMA. It’s been a pleasure being with all of you, THANK YOU. Special shout out to u/sergelubkin and u/henrik_hjelte for honouring us with their presence today❤️
Kindly follow CHROMIA on twitter and join the conversation with their community on Telegram
Twitter: https://twitter.com/Chromia
Telegram: https://t.me/hellochromia
Official Chromia Nigeria Community Channel 🇳🇬 : https://t.me/ChromiaNigeria
Website: www.chromia.com
submitted by dam30 to Teamchromia [link] [comments]

Start learning programming " Here is the best Platforms for you"

Step by step Help for you:
Platforms Node.js Frontend Development iOS Android IoT & Hybrid Apps Electron Cordova React Native Xamarin Linux ContainersOS X Command-Line ScreensaverswatchOS JVM Salesforce Amazon Web Services Windows IPFS Fuse HerokuProgramming Languages JavaScript Promises Standard Style Must Watch Talks Tips Network Layer Micro npm Packages Mad Science npm Packages Maintenance Modules - For npm packages npmAVA - Test runner ESLintSwift Education PlaygroundsPython Rust Haskell PureScript Go Scala Ruby EventsClojure ClojureScript Elixir Elm Erlang Julia Lua C C/C++ R D Common Lisp Perl Groovy Dart JavaRxJava Kotlin OCaml Coldfusion Fortran .NET PHP Delphi Assembler AutoHotkey AutoIt Crystal TypeScriptFront-end Development ES6 Tools Web Performance Optimization Web Tools CSS Critical-Path Tools Scalability Must-Watch Talks ProtipsReact RelayWeb Components Polymer Angular 2 Angular Backbone HTML5 SVG Canvas KnockoutJS Dojo Toolkit Inspiration Ember Android UI iOS UI Meteor BEM Flexbox Web Typography Web Accessibility Material Design D3 Emails jQuery TipsWeb Audio Offline-First Static Website Services A-Frame VR - Virtual reality Cycle.js Text Editing Motion UI Design Vue.js Marionette.js Aurelia Charting Ionic Framework 2 Chrome DevToolsBack-end Development Django Flask Docker Vagrant Pyramid Play1 Framework CakePHP Symfony EducationLaravel EducationRails GemsPhalcon Useful .htaccess Snippets nginx Dropwizard Kubernetes LumenComputer Science University Courses Data Science Machine Learning TutorialsSpeech and Natural Language Processing SpanishLinguistics Cryptography Computer Vision Deep Learning - Neural networks TensorFlowDeep Vision Open Source Society University Functional Programming Static Analysis & Code Quality Software-Defined NetworkingBig Data Big Data Public Datasets Hadoop Data Engineering StreamingTheory Papers We Love Talks Algorithms Algorithm Visualizations Artificial Intelligence Search Engine Optimization Competitive Programming MathBooks Free Programming Books Free Software Testing Books Go Books R Books Mind Expanding Books Book AuthoringEditors Sublime Text Vim Emacs Atom Visual Studio CodeGaming Game Development Game Talks Godot - Game engine Open Source Games Unity - Game engine Chess LÖVE - Game engine PICO-8 - Fantasy consoleDevelopment Environment Quick Look Plugins - OS X Dev Env Dotfiles Shell Command-Line Apps ZSH Plugins GitHub Browser Extensions Cheat SheetGit Cheat Sheet & Git Flow Git Tips Git Add-ons SSH FOSS for DevelopersEntertainment Podcasts Email NewslettersDatabases Database MySQL SQLAlchemy InfluxDB Neo4j Doctrine - PHP ORM MongoDBMedia Creative Commons Media Fonts Codeface - Text editor fonts Stock Resources GIF Music Open Source Documents Audio VisualizationLearn CLI Workshoppers - Interactive tutorials Learn to Program Speaking Tech Videos Dive into Machine Learning Computer HistorySecurity Application Security Security CTF - Capture The Flag Malware Analysis Android Security Hacking Honeypots Incident ResponseContent Management System Umbraco Refinery CMSMiscellaneous JSON Discounts for Student Developers Slack CommunitiesConferences GeoJSON Sysadmin Radio Awesome Analytics Open Companies REST Selenium Endangered Languages Continuous Delivery Services Engineering Free for Developers Bitcoin Answers - Stack Overflow, Quora, etc Sketch - OS X design app Places to Post Your Startup PCAPTools Remote Jobs Boilerplate Projects Readme Tools Styleguides Design and Development Guides Software Engineering Blogs Self Hosted FOSS Production Apps Gulp AMA - Ask Me Anything AnswersOpen Source Photography OpenGL Productivity GraphQL Transit Research Tools Niche Job Boards Data Visualization Social Media Share Links JSON Datasets Microservices Unicode Code Points Internet of Things Beginner-Friendly Projects Bluetooth Beacons Programming Interviews Ripple - Open source distributed settlement network Katas Tools for Activism TAP - Test Anything Protocol Robotics MQTT - "Internet of Things" connectivity protocol Hacking Spots For Girls Vorpal - Node.js CLI framework OKR Methodology - Goal setting & communication best practices Vulkan LaTeX - Typesetting language Network Analysis Economics - An economist's starter kit
Few more resources:
submitted by Programming-Help to Programming_Languages [link] [comments]

The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster

This is a long one - TL;DR at the end!

If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players.
First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).

Why You Should Care About Breaches

The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.

But wait, why would anyone want to use my password? I'm nobody!

It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated.
By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account!
If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.

How You Can Protect Yourself

Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way.
First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!

Passwords

You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles.
Some notable choices to consider:
Regardless of which one you choose, any of them is 100x better than not using one at all.

Multi-Factor Authentication / Two-Factor Authentication (aka MFA / 2FA)

The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication).
Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc.
The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure.
Notable choices to consider:
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one.
Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine.
There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.

What Does This Have To Do With GameDev?

Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).

Secure Your Code

Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover!
If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access.
Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository!
Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
A lot of these things cannot be solved automatically, unfortunately, but some of it can. If you are using Javascript for your game you likely will be using packages from npm - luckily they (recently) added security auditing for packages. For other languages you can look at tools like Snyk or some other alternatives to audit the libraries you use in your project. Unfortunately none that I know of are aimed at game dev in particular, but it's still important to use these tools when you can. In general, be aware of all of your code dependencies and what impact they can have on your game or your customers if there are security bugs. Impact can range from "can cheat in multiplayer" to "can get IP addresses of all players in the world" or even "can get all information I ever put on my server", etc.
In general you'll want to look into Secure Software Development Lifecycle (commonly SDLC) practices. Microsoft has some information on how they do it.

Secure Your Computer

I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.

Secure Your Website

I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site and they are relevant even if you don't use DO for your servers.
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.

That's it, for now

I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.

TL;DR (y u words so much??)

... in general... in general... in general... I sure wrote those 2 words a lot.

Why Should I Trust This Post?

Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things.
If you want my appeal to authority answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products.
Edit: Fixed some typos and added some more links
More edit: added a few more points and links
submitted by exoplasm to gamedev [link] [comments]

Homelab collective ressources post!

Hey guys!
I'm fairly new to this sub and to having a home lab in general and I found this community to be so kind and helping, I wanted to give back what I've learned. I'm seeing a lot of questions asked around on improvements and on what to do with x extra hardware so I thought it would be nice to have a thread to regroup that.
 
I'll put here some stuff I gathered and the most common questions I've seen, feel free to contribute and i'll update the post along.
 
Latest Additions
 
Homelab Dashboard
Posts about dashboards have been growing lately and here are some of the best that were kind enough to provide us with their sources.
User Screenshot Source
yours truly http://imgur.com/a/GhCNH https://github.com/Gabisonfire/dashboard-q
lastditchefrt http://i.imgur.com/5zQdao4.png https://github.com/d4rk22/Network-Status-Page
_SleepingBag_ http://i.imgur.com/Ql9ZM4W.png https://github.com/jsank/homelabdash
NiknakSi https://niknak.org/extras/sysinfo TBA
DainBramaged http://imgur.com/jYNlUEQ https://github.com/gordonturneBigBoard
michaelh4u https://i.imgur.com/XkZwMKj.png https://github.com/michaelh4u/homelabfrontpage
spigotx http://imgur.com/a/1zMht https://github.com/spigotx/HomeLab2
SirMaster https://nicko88.com/ https://github.com/dashbad/plex-server-status
yourofl10 http://imgur.com/a/AyROa TBA
TheBobWiley http://imgur.com/a/oU6d3 https://github.com/TheBobWiley/ManageThis-LandingPages
0110010001100010 http://i.imgur.com/iwtQcsL.jpg https://github.com/danodemano/monitoring-scripts
mescon & SyNiK4L https://i.imgur.com/gqdVM6p.jpg https://github.com/mescon/Muximux
ak_rex http://i.imgur.com/a/RJkrT https://github.com/ak-rex/homelab-dashboard
 
Or build yours from scratch: PRTG API, ELK, Grafana, freeboard, JumpSquares
 
Some other resources: Custom Monitoring Scripts by 0110010001100010
 
Credits to apt64 for his original post
= Pi specific =
 
= Download Automation =
 
= Virtualization =
 
= Monitoring =
 
= Media Center =
 
= Remote access =
 
= VOIP =
 
= Networking =
 
= File Servers/Storage/RAID =
 
= Cameras =
 
= Documentation =
 
= Dynamic DNS =
 
= Backup =
 
= Creating network diagrams =
 
= Guides =
 
= Misc =
 
That's all I could come up with on top of my head + some research, passing over to you guys so we can get a nice complete list!
 
Let's try and stick with free(or mostly) softwares, let me know if you guys feel otherwise.
submitted by Gabisonfire to homelab [link] [comments]

Run a 0.14 Full-Node on RaspberryPi3 Pruned(less than 16GB SD needed)

Hi!
Happy if this guide helps you.
Tip if you want: 19656Uwdwko5RjtnuwQENpjBwE3ChzD59v
UPDATE 04/06/17
Add 'uacomment=UASF-SegWit-BIP148' into your bitcoin.conf if you want to signal UASF.
UPDATE 03/13/17
ADDED a tl;dr; Version at the end of this Post.
UPDATE 03/12/17:
Just to test it - I reinstalled all on 8GB SD and it works as well. But maybe you should use at least 16GB for the beginning.
Using a 128GB card for the first version was a little bit stupid - so I reinstalled everything on a 8GB SD card. Including Linux and a pruned blockchain - and it works.
I used prune=550 and Jessie Lite (headless / command line) - without wallet and gui.
The SD is almost full, but it works so far
I also updated the whole manual a bit to make things more clear. Thank you for all your feedback!
Just started my Bitcoin Node today and wanted to share the way I did it with people who are interested in running their own full node. It took some time to write everything down - hopefully correct so far.
I am sure, many people around bitcoin are way more informed and educated as I am - I am the noob. So I wrote this manual to help users like me - noobs, to get started with a cheap, simple bitcoin node on raspberry pi.
Have fun!
I wanted to get my Raspberry Pi 3 working as a node to support the network. Actually the process of installing and running the node was more or less easy - but for Noobs (like I am) it might be a bit tricky to start the whole thing, because there are different ways.
Did you - like me - think you would need +120GB on the raspi, external USB HDD to be a full node? You won't!
If you have a Raspberry and you know what Bitcoin is, I guess, you are a little bit aware of linux, networks and of course bitcoin - so I won't go into detail too much.
This guide is just a little helper to get a full node running on your raspberry pi. Thanks to the help of the nice people in this sub and of course the documentation by the developers, I got it working - and of course also special thanks to raspnode.com - as I followed their tutorial to start - I went some other ways here and there - so please read carefully.
For the Part 2 I would suggest to have http://raspnode.com/diyBitcoin.html open and read through my manual.
I split the tutorial in 2 Parts - PART ONE is about installing the client on your PC and downloading the Blockchain.
PART TWO is about the setup of the raspberryPi and transferring the pruned blockchain to the pi and run it as a full node!
The first thing to be aware of is: You actually need to download the whole blockchain to get this working - if you already have your bitcoin client synced on the PC / MAC great you can reuse it!
Now you might think "but you said less than 16GB in the title!"
Yes, but the good thing is you won't need to download it on your Raspberry, neither you need to sync it completely on your raspberry which took ages (weeks!) before. When you finished this Guide, you will just have a max. 4GB Blockchain on your Raspberry Pi - but it still is a full node! The magic word is Pruning.
Maybe even a 8GB SD Card works just fine including Linux (jessie lite)!
So, if you already have a full node on your PC - Great you can almost skip PART ONE - BUT have at how to Prune in PART ONE if you don't know about it.
For PART TWO you'll need a Raspberry Pi 2 or 3 (I used 3) min. 8GB (works also) or better 16GB SD Card. (I used a 128GB for the first version of this manual - which is way too big)

PART ONE

This is the manual how to get started on you PC / MAC / Linux (I did it on Win7)
Go to: https://bitcoin.org/en/download and download the core Client for your Machine (I used win64).
Install it and configure it to save the Blockchaindata to the directory of your choice - so instead getting 120GB on your C drive, I would suggest to download it to another place like a USB drive.
You can set this up during the install. Standard folder for the blockchain folder is "%APPDATA%\Bitcoin" on Windows.
or you can do it after the install by creating a bitcoin.conf file inside your installation folder / or %APPDATA%\Bitcoin and add
datadir=l:\yourfolder
to the file. Line by line.
By the way here you could also just add dbcache - to use more memory to speed up the process a bit:
dbcache=4096
if you don't want to use the settings inside the program. (you can also set this inside the program under settings! If you have this inside the bitcoin.conf you will see the amount you set there from inside the program - it overrides the values)
You can check inside the windows client under settings, if you can see a manual dbcache is set by having a look at the left footer area. When your dbcache value shows up, everything is fine.
So the Blockchain download process will take time - maybe a few days! Depending on your machine, internet connection and HDD.
The Blockchain is huge as it contains every single transaction of the past until today. You won't need to keep your PC running all the time, you can turn it off and on and it will resync automatically when you start bitcoin-qt.exe!
Make sure to close the client always via "quit" - ctrl+q.
After you have your bitcoin core installed, the blockchain downloaded and synced - you are ready to PRUNE!
First - close the Client and let it close smoothly. After it is really closed you can follow these steps:
By pruning, your blockchain will dramatically shrink. From 120GB to just a few GB.
Be aware, that you will lose your Downloaded Blockchain as pruning will erase a big chunk of it! If you have enough space, you could of course keep the full blockchain saved somewhere on another HDD.
You can prune by editing your bitcoin.conf file by adding:
prune=550
I used prune=1024 - not sure where the differences are right now (min. prune=550). (for my 8GB version I used 550! I suggest to use this.)
Save the bitcoind.conf file and restart your windows client.
It will now clean up the Blockchain. So just the latest blocks are saved. The client should start without any problems. Maybe it takes some time to prune the blockchain data.
Check if everything works normally (the client opens as usual, you can see an empty wallet) than close the client.
Inside the Bitcoin Folder, you'll find two folders called:
blocks chainstate
those are the interesting folders containing the important data (now pruned) - and we will transfer those two to the raspberry later!
Now you are good to start the raspi transfer explained in the next part.

PART 2

Here is what I did:
1) I installed Raspian Pixel (https://www.raspberrypi.org/downloads/raspbian/) using a 128 GB SD - which is not needed because of "Pruning" - I think a 16GB card might work, too! (You can also install Raspian Jessie Lite - which saves you even more space, as it runs headless - only command line) (Updated: It is better to use Jessie Lite to save a lot of space - when you are fine with only command line)
2) I followed partly this tutorial to get everything running and setup:
http://raspnode.com/diyBitcoin.html
Please have a look at it - I have copied the Headlines in capitals to let you know what I did, and what I skipped.
On Tutorial Page: Start with RASPBIAN (OPTIONAL) CONFIG OPTIONS.
Set You RasPi up including "EDITING FILES" to save your Layout at the tutorial page and come back here.
I skipped the CONFIGURE USB AND SET AUTOMOUNT process, as we are going to use PRUNING to reduce the 120GB to a tiny filesize - so USB Devices are not needed here!
It was necessary to ENLARGE SWAP FILE to install bitcoin core - otherwise it didn't went through which ended in a frozen raspi.
So have a close look by following the raspnode tutorial at: ENLARGE SWAP FILE.
I have my raspi running via cable to router - but you can also WiFi setup everything described under NETWORKING ON THE RASPBERRY PI.
Now comes the interesting part: Follow the steps at DOWNLOADING BITCOIN CORE DEPENDENCIES - they work fine for 0.14.0 too. Git should be on Board already when you installed Pixel - otherwise you would need to install it.
sudo apt-get install git -y (only jessy lite)
I skipped the next command lines - as I don't use bitcoin-qt wallet. If you want to use it as wallet - do the step.
mkdir ~/bin cd ~bin
Now you are in the folder you want your bitcoin core data be downloaded to via git. I didn't Downloaded the Berkeley Database source code - so I also skipped the whole next command lines
[email protected]~/bin$ wget http://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz [email protected]~/bin$ tar -xzvf db-4.8.30.NC.tar.gz [email protected]~/bin$ cd db-4.8.30.NC/build_unix/ [email protected]~/bin/db-4.8.30.NC/build_unix$ ../dist/configure --enable-cxx [email protected]~/bin/db-4.8.30.NC/build_unix$ make -j4
and went on with "INSTALLING BITCOIN"!
I followed the first part but instead downloading 0.13 I took of course the latest version:0.14
git clone -b 0.14 https://github.com/bitcoin/bitcoin.git cd bitcoin ./autogen.sh
this might take some time to start.
If you have trouble with hanging RESOLVING DELTAS - just restart the Raspberry Pi and remove the bitcoin folder inside /~bin using
rm -rf bitcoin
this command will delete the folder and you can reuse
git clone -b 0.14 https://github.com/bitcoin/bitcoin.git

For some reason RESOLVING DELTAS is a common problem with different downloads - so just retry it and at least after 3 times it should work!

as I didn't use the GUI/ Wallet, I ran
./configure --enable-upnp-default --disable-wallet
as I don't need the wallet functionality.
I didn't need to use "MAKE" which saves you maybe up to 2.5 hours.
instead you can just go ahead with:
sudo make install
(If I am wrong in doing so - please let me know)
The install takes some time - and just a heads up: when it gets stuck somewhere - just redo the installation process - it took three times to went through - stuck at some processing.
After the installation took place you can finally get your Raspberry Pi Node running in no time!
To test if the the installation went through - you can just start bitcoind using:
bitcoind &
than check if everything is working so far:
bitcoin-cli getinfo
after a few seconds you should see version: etc...
if not, something went wrong. Try to redo the steps in the raspnode tutorial.
(don't give up if it failed - retry! Ask your questions here)
IMPORTANT: you need to stop bitcoin on your raspberry now!
bitcoin-cli stop
If you don't need an external USB Drive - what I hope - as we are going to use pruning just go ahead and skip the USB part and create a file inside (or follow the raspnode tutorial on how to setup the USB drive):
cd .bitcoin
sudo nano bitcoin.conf
and enter the exact same pruning size you have used on your Desktop Machine to prune. I used 1024 but the minimum is 550. (used 550 for the 8GB SD card on PC and Raspberry)
prune=550
That's it for the raspi.
update: To signal UASF enter in a new line:
uacomment=UASF-SegWit-BIP148

TRANSFER

Now you have to transfer the two folders CHAINSTATE and BLOCKS from your PC bitcoind directory to your raspberry.
I am using a program called "WINSCP" - it is free and easy to use: https://winscp.net/eng/download.php
We need this to transfer the files to the Raspberry pi. Pretty sure you can also do it via SSH - but I am the noob. So let's keep it simple.
Open Winscp and put in the IP Address of your Raspberry Pi, User and Password (same as in SSH)
You should now see the directories on your Raspberry Pi. There is a folder called
.bitcoin
enter it and you will see the two folders
blocks & chainstate
you can delete them on the raspberry as they have some data from your previous test inside.
Make sure you can also see the bitcoin.conf file in that directory, which needs to contain the exact same prune line, like the one on your desktop machine. If not, make sure to edit it via SSH. The line "datadir=l:\yourfolder" is obviously not needed in the Raspberry bitcoin.conf file.
Now grab the two folders CHAINSTATE and BLOCKS from your PC and copy them to your .bitcoind folder.
I also copied banlist.dat, fee_estimation.dat, mempool.dat and peers.dat to the folder - not really knowing if needed! Not needed.
The whole copy process might take some minutes (against some weeks in the old way).
After copying is finished, you can now start bitcoind on the Raspberry.
bitcoind &
the & symbol let you still use the command line while the process is running btw.
The process - if succesfull - will take some time to finish.
bitcoin-cli getinfo
Will give you some informations what is going on right now. When you can see, that it is checking the blocks, this is good!
If you get an error - double check - if you have the correct prune size (same as on desktop machine) - in bitcoin.conf and that this file is inside .bitcoin on RaspberryPi. It took me some time, to find my mistakes.
Congrats! You are almost a part of the network!
To make your node now a fullnode, you will need to go to your router (often 192.168.1.1) and enable portforwarding for your raspberry pi - and open ports 8333 - that's it!
You can now go to: https://bitnodes.21.co/nodes/
scroll down to "JOIN THE NETWORK" and check check if your node IP is connected!
It will show up as soon as the blocks are checked and the raspi is running.
Well done!
Now you are running a full node, with a small Blockchain and got it working in Minutes, not weeks!
I really hope, my little tutorial worked for you and your are part of the Node network now.
If you have problems or I made a mistake in this helper tut, just let me know and I will try to make it better.
Have fun and NODL!
the noob
tl;dr; (if you are a real noob start with the non-tl;dr version!)
tl;dr; PART ONE
1) Download & install / setup bitcoincore @ https://bitcoin.org/de/download
2) change dbcache to something smaller than your memory and download the whole Blockchain (120GB).
3) create a file called bitcoin.conf put the line prune=550 (or higher) in to activate pruning on win inside %appData%/bitcoin
4) Open ports 8333 on your Router to make this a full node with a smaller Blockchain.
You are running a full node on your PC.
tl;dr; PART TWO
1) Install jessie lite and the needed dependencies on your SDCard - Raspberry
( >git clone -b 0.14 https://github.com/bitcoin/bitcoin.git )
  • see tutorial for more info.
2) create a file called bitcoin.conf inside .bitcoin and add the same prune=Number you had on your PC.
3) transfer the pruned folders BLOCKS and CHAINSTATE to the Raspberry Folder .bitcoin
4)Start "bitcoind &"
5) let everything sync
6) Make sure you have port 8333 opened on your router.
You are running a full node on your Raspberry with a super small Blockchain (I put all on a 8GB SDcard)
Tip if you want : 19656Uwdwko5RjtnuwQENpjBwE3ChzD59v
updated 03/12 - will update more, soon.
updated 03/12.2 - I updated the whole process a bit and also added some improvements.
updated 03/14/ Added a tl;dr version at the end.
submitted by I-am-the-noob to Bitcoin [link] [comments]

My band trying to use Bitcoin for mp3 downloads. Does it have to be this complicated?

Hello, My acoustic folk anarcho-punk band has been trying to configure our website to accept Bitcoins for users to download our mp3s, but everything seems so complicated!
Is there an easy way for us to allow users to send 25 cents in Bitcoin to our Bitcoin address and then in return they are re-directed to our mp3 file for download?
We've tried Blockchains API which didn't really get us anywhere the instructions are vague and not very useful. I read some instructions on stackoverlow but we would have to download the entire blockchain and run a bitcoind? No way are we doing that! There are no youtube videos on how to set up a simple Bitcoin payment portal. It's very frustrating to want to accept this currency but not have any good resources available.
P.S. we are not total computer idiots. We built our own website and I know html. Our drummer knows PHP and javascript. With our powers combined I thought we would have no problem putting this together, but I was wrong. I just want a simple code snippet I can enter in our existing website code that tells the user to send 250 bits or 25 cents or whatever and once they do they are given our mp3. I don't want the user to have to leave our website for this either.
Any options for us, or is Bitcoin not ready for this type of easy implementation yet?
EDIT: SOLUTION Thanks to everyone for their help, suggestions and solutions.
xbtdev suggested satoshibox.com - this is a great solution for someone with no coding experience. No registration required, just upload and they give you a link or a snippet of code.
grintor provided us with a solution using blockchain's API. This is the type of code we were looking for. The code is pretty straight forward and light weight, and does not require a database or even use of PHP sessions. https://github.com/grintoantiquesons
We tried using Blockchain's API on our own but we didn't get anywhere as there were little to no instructions available. A tutorial on using their API would be helpful and I'm surprised one does not exist yet (hint, hint youtubers). We awarded Grintor with 100,000 bits for providing the working code.
Several people suggested coinbase and bitpay. They are easy to use but this wasn't the type of integration we were looking for.
farts2much linked us to a work in progress code https://github.com/jswebdevel/btcbox This project looks promising and we'll keep an eye on it.
Running a full node and bitcoind was an option if we wanted to avoid all 3rd parties, but I don't believe this is a practical solution for everyone.
Again, thank you all for your help and support!
submitted by antiquesons to Bitcoin [link] [comments]

[OFFER] Want to learn how to create your own 3D or 2D game in Unity? I'll tutor you for $12.50/hr, or $25/hr if it cuts into my bedtime.

Offer

Pretty much what the title says. I'll teach you how to:
I'll be able to teach you:
  1. How to program in C# and use .NET and Unity
  2. How to create art and sound (assets, basically) for your game
  3. How to actually make your game
Finally, the only prerequisites are:
What I will not do however is:
The only exception to the above is if you can afford to hire me for $35 USD/hr pre-paid.

Price

Here's the current time for my timezone.
Saturday to Monday @ $12.50/hr, anytime between 8 AM and 10 PM. Saturday to Monday @ $25/hr, anytime outside of above. Tuesday to Friday @ $25/hr, anytime between 8PM and midnight, except for Thursdays (up to 11PM)
Offer: Go for more than 4 hours in one go (sitting), and every hour after the fourth will be discounted 20%. This will be rebated at the end, or in extra hours of tutoring.
Offer: One free hour if you have Credo and go through its process. Only available if you're going to actually buy tutoring hours, and purchase at least four hours. (6 in total for the price of 4)
Payments are accepted in Bitcoin, or PayPal (preferred).

FAQ

Post-paid, or pre-paid? Pre-paid, but if go over, we can come to an agreement and arrange the difference. Go under and bail, and I'll refund the remainder.
Trials? Sure. One free hour. Can be combined with a purchase to be a free hour instead.
Can you just code X for me? No, I'm trying to teach you, not be your code monkey... Unless you don't mind pre-paying me at hourly market rates1 . (PM for details)
Wait... There's like tutorials all over the internet, and they're free! Good. Go learn them. The thing I'm really offering here is not the lessons, but the live-ness of the lessons and the ability to correct you if you make mistakes.
You sound like a 10-year-old kid. My mic sucks. My voice is a lot lower than that.
Do you teach anything else? I can also teach you to setup and code your own website, using HTML/CSS + Javascript and PHP + Databases in the backend.
Do you have a course overview? Yes, on request, provided you provide me with context about what you want to learn.
Any other questions? Ask on my Discord Channel or pop me a PM.
I can't see your screen! / Your screen is ridiculously blurry! / You're sounding like a robot, not like a kid or normal! Blame Telstra for the horrible upload speeds.
Can I trade tutoring hours that I've paid for software licenses? I don't see why not.
Can you play Rocket League/CS:GO with me? Only if you live in Queensland/New South Wales in Australia, and be willing to put up with my noobness in the games.
What are you proficient in?
1 My country's market rate; not yours (about $30-40 USD/hr after conversion rates, so... $35 USD/hr should do the trick)
submitted by aytimothy to slavelabour [link] [comments]

0x00.txt - the write-up/guide from the FinFisher hack

Here is the write-up/guide from the FinFisher hack, which is excellent reading - it is also mirrored here. Hopefully we will get the Hacking Team one soon.
 _ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__| <|_| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) A DIY Guide for those without the patience to wait for whistleblowers 
--1-- Introduction
I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request.
-- 2 -- Staying Safe
This is illegal, so you'll need to take same basic precautions:
  1. Make a hidden encrypted volume with Truecrypt 7.1a
  2. Inside the encrypted volume install Whonix
  3. (Optional) While just having everything go over Tor thanks to Whonix is probably sufficient, it's better to not use an internet connection connected to your name or address. A cantenna, aircrack, and reaver can come in handy here.
As long as you follow common sense like never do anything hacking related outside of Whonix, never do any of your normal computer usage inside Whonix, never mention any information about your real life when talking with other hackers, and never brag about your illegal hacking exploits to friends in real life, then you can pretty much do whatever you want with no fear of being v&.
NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable for some things like web browsing, when it comes to using hacking tools like nmap, sqlmap, and nikto that are making thousands of requests, they will run very slowly over Tor. Not to mention that you'll want a public IP address to receive connect back shells. I recommend using servers you've hacked or a VPS paid with bitcoin to hack from. That way only the low bandwidth text interface between you and the server is over Tor. All the commands you're running will have a nice fast connection to your target.
-- 3 -- Mapping out the target
Basically I just repeatedly use fierce.pl, whois lookups on IP addresses and domain names, and reverse whois lookups to find all IP address space and domain names associated with an organization.
For an example let's take Blackwater. We start out knowing their homepage is at academi.com. Running fierce.pl -dns academi.com we find the subdomains:
67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com 
Now we do whois lookups and find the homepage of www.academi.com is hosted on Amazon Web Service, while the other IPs are in the range:
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd 
Doing a whois lookup on academi.com reveals it's also registered to the same address, so we'll use that as a string to search with for the reverse whois lookups. As far as I know all the actual reverse whois lookup services cost money, so I just cheat with google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools 
Now run fierce.pl -range on the IP ranges you find to lookup dns names, and fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more whois lookups and repeat the process until you've found everything.
Also just google the organization and browse around its websites. For example on academi.com we find links to a careers portal, an online store, and an employee resources page, so now we have some more:
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com 
If you repeat the whois lookups and such you'll find academiproshop.com seems to not be hosted or maintained by Blackwater, so scratch that off the list of interesting IPs/domains.
In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com was simply a whois lookup of finfisher.com which found it registered to the name "FinFisher GmbH". Googling for:
"FinFisher GmbH" inurl:domaintools 
finds gamma-international.de, which redirects to finsupport.finfisher.com
...so now you've got some idea how I map out a target.
This is actually one of the most important parts, as the larger the attack surface that you are able to map out, the easier it will be to find a hole somewhere in it.
-- 4 -- Scanning & Exploiting
Scan all the IP ranges you found with nmap to find all services running. Aside from a standard port scan, scanning for SNMP is underrated.
Now for each service you find running:
  1. Is it exposing something it shouldn't? Sometimes companies will have services running that require no authentication and just assume it's safe because the url or IP to access it isn't public. Maybe fierce found a git subdomain and you can go to git.companyname.come/gitweb/ and browse their source code.
  2. Is it horribly misconfigured? Maybe they have an ftp server that allows anonymous read or write access to an important directory. Maybe they have a database server with a blank admin password (lol stratfor). Maybe their embedded devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer's default password.
  3. Is it running an old version of software vulnerable to a public exploit?
Webservers deserve their own category. For any webservers, including ones nmap will often find running on nonstandard ports, I usually:
  1. Browse them. Especially on subdomains that fierce finds which aren't intended for public viewing like test.company.com or dev.company.com you'll often find interesting stuff just by looking at them.
  2. Run nikto. This will check for things like webserve.svn/, webservebackup/, webservephpinfo.php, and a few thousand other common mistakes and misconfigurations.
  3. Identify what software is being used on the website. WhatWeb is useful
  4. Depending on what software the website is running, use more specific tools like wpscan, CMS-Explorer, and Joomscan.
First try that against all services to see if any have a misconfiguration, publicly known vulnerability, or other easy way in. If not, it's time to move on to finding a new vulnerability:
5) Custom coded web apps are more fertile ground for bugs than large widely used projects, so try those first. I use ZAP, and some combination of its automated tests along with manually poking around with the help of its intercepting proxy.
6) For the non-custom software they're running, get a copy to look at. If it's free software you can just download it. If it's proprietary you can usually pirate it. If it's proprietary and obscure enough that you can't pirate it you can buy it (lame) or find other sites running the same software using google, find one that's easier to hack, and get a copy from them.
For finsupport.finfisher.com the process was:
At this point I can see the news stories that journalists will write to drum up views: "In a sophisticated, multi-step attack, hackers first compromised a web design firm in order to acquire confidential data that would aid them in attacking Gamma Group..."
But it's really quite easy, done almost on autopilot once you get the hang of it. It took all of a couple minutes to:
Looking through the source code they might as well have named it Damn Vulnerable Web App v2. It's got sqli, LFI, file upload checks done client side in javascript, and if you're unauthenticated the admin page just sends you back to the login page with a Location header, but you can have your intercepting proxy filter the Location header out and access it just fine.
Heading back over to the finsupport site, the admin /BackOffice/ page returns 403 Forbidden, and I'm having some issues with the LFI, so I switch to using the sqli (it's nice to have a dozen options to choose from). The other sites by the web designer all had an injectable print.php, so some quick requests to:
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1 
reveal that finsupport also has print.php and it is injectable. And it's database admin! For MySQL this means you can read and write files. It turns out the site has magicquotes enabled, so I can't use INTO OUTFILE to write files. But I can use a short script that uses sqlmap --file-read to get the php source for a URL, and a normal web request to get the HTML, and then finds files included or required in the php source, and finds php files linked in the HTML, to recursively download the source to the whole site.
Looking through the source, I see customers can attach a file to their support tickets, and there's no check on the file extension. So I pick a username and password out of the customer database, create a support request with a php shell attached, and I'm in!
-- 5 -- (fail at) Escalating
< got r00t? >
 \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^ 
Root over 50% of linux servers you encounter in the wild with two easy scripts, Linux_Exploit_Suggester, and unix-privesc-check.
finsupport was running the latest version of Debian with no local root exploits, but unix-privesc-check returned:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data 
can write to /etc/cron.hourly/webalizer
so I add to /etc/cron.hourly/webalizer:
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell 
wait an hour, and ....nothing. Turns out that while the cron process is running it doesn't seem to be actually running cron jobs. Looking in the webalizer directory shows it didn't update stats the previous month. Apparently after updating the timezone cron will sometimes run at the wrong time or sometimes not run at all and you need to restart cron after changing the timezone.
ls -l /etc/localtime shows the timezone got updated June 6, the same time webalizer stopped recording stats, so that's probably the issue. At any rate, the only thing this server does is host the website, so I already have access to everything interesting on it. Root wouldn't get much of anything new, so I move on to the rest of the network.
-- 6 -- Pivoting
The next step is to look around the local network of the box you hacked. This is pretty much the same as the first Scanning & Exploiting step, except that from behind the firewall many more interesting services will be exposed. A tarball containing a statically linked copy of nmap and all its scripts that you can upload and run on any box is very useful for this. The various nfs-* and especially smb-* scripts nmap has will be extremely useful.
The only interesting thing I could get on finsupport's local network was another webserver serving up a folder called 'qateam' containing their mobile malware.
-- 7 -- Have Fun
Once you're in their networks, the real fun starts. Just use your imagination. While I titled this a guide for wannabe whistleblowers, there's no reason to limit yourself to leaking documents. My original plan was to:
  1. Hack Gamma and obtain a copy of the FinSpy server software
  2. Find vulnerabilities in FinSpy server.
  3. Scan the internet for, and hack, all FinSpy C&C servers.
  4. Identify the groups running them.
  5. Use the C&C server to upload and run a program on all targets telling them who was spying on them.
  6. Use the C&C server to uninstall FinFisher on all targets.
  7. Join the former C&C servers into a botnet to DDoS Gamma Group.
It was only after failing to fully hack Gamma and ending up with some interesting documents but no copy of the FinSpy server software that I had to make due with the far less lulzy backup plan of leaking their stuff while mocking them on twitter.
Point your GPUs at FinSpy-PC+Mobile-2012-07-12-Final.zip and crack the password already so I can move on to step 2!
-- 8 -- Other Methods
The general method I outlined above of scan, find vulnerabilities, and exploit is just one way to hack, probably better suited to those with a background in programming. There's no one right way, and any method that works is as good as any other. The other main ways that I'll state without going into detail are:
1) Exploits in web browers, java, flash, or microsoft office, combined with emailing employees with a convincing message to get them to open the link or attachment, or hacking a web site frequented by the employees and adding the browsejava/flash exploit to that.
This is the method used by most of the government hacking groups, but you don't need to be a government with millions to spend on 0day research or subscriptions to FinSploit or VUPEN to pull it off. You can get a quality russian exploit kit for a couple thousand, and rent access to one for much less. There's also metasploit browser autopwn, but you'll probably have better luck with no exploits and a fake flash updater prompt.
2) Taking advantage of the fact that people are nice, trusting, and helpful 95% of the time.
The infosec industry invented a term to make this sound like some sort of science: "Social Engineering". This is probably the way to go if you don't know too much about computers, and it really is all it takes to be a successful hacker.
-- 9 -- Resources
Links:
Books:
  • The Web Application Hacker's Handbook
  • Hacking: The Art of Exploitation
  • The Database Hacker's Handbook
  • The Art of Software Security Assessment
  • A Bug Hunter's Diary
  • Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier
  • TCP/IP Illustrated
Aside from the hacking specific stuff almost anything useful to a system administrator for setting up and administering networks will also be useful for exploring them. This includes familiarity with the windows command prompt and unix shell, basic scripting skills, knowledge of ldap, kerberos, active directory, networking, etc.
-- 10 -- Outro
You'll notice some of this sounds exactly like what Gamma is doing. Hacking is a tool. It's not selling hacking tools that makes Gamma evil. It's who their customers are targeting and with what purpose that makes them evil. That's not to say that tools are inherently neutral. Hacking is an offensive tool. In the same way that guerrilla warfare makes it harder to occupy a country, whenever it's cheaper to attack than to defend it's harder to maintain illegitimate authority and inequality. So I wrote this to try to make hacking easier and more accessible. And I wanted to show that the Gamma Group hack really was nothing fancy, just standard sqli, and that you do have the ability to go out and take similar action.
Solidarity to everyone in Gaza, Israeli conscientious-objectors, Chelsea Manning, Jeremy Hammond, Peter Sunde, anakata, and all other imprisoned hackers, dissidents, and criminals!
submitted by m1croc0d3 to HowToHack [link] [comments]

PHP Tutorial (& MySQL) #27 - Rendering Data to the Browser ... Beginner PHP Tutorial - 115 - SELECT Part 1 PHP Tutorial (& MySQL) #5 - Strings - YouTube How to Connect HTML Form with MySQL Database using PHP ... COINSPRO BASIC TRADING BITCOIN TO PHP TUTORIAL and Reviews ...

PHP API for Current Bitcoin Price According to Wikipedia, Bitcoin is a cryptocurrency, a form of electronic cash. Cryptocurrency is basically a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. Linux Apache MySQL PHP + Bitcoin tutorial. For this introduction we assume that you have GNU/Linux server with Apache and PHP and that you wish to interact with the Bitcoin network from a web application. We assume some knowledge of Bitcoin and experience in PHP. While this is written for PHP, the same principles apply for other languages. Xem Practical Cryptography with PHP for Using Bitcoin_clip9 - Dangtoan14288 trên Dailymotion How to build Bitcoin Address and Balance database in mysql or mongodb in our local computer? any tutorials will help me out. Bitcoin Core is programmed to decide which block chain contains valid transactions. The users of Bitcoin Core only accept transactions for that block chain, making it the Bitcoin block chain that everyone else wants to use. For the latest developments related to Bitcoin Core, be sure to visit the project’s official website.

[index] [14715] [45988] [6340] [2764] [39288] [324] [43921] [39934] [34336] [14599]

PHP Tutorial (& MySQL) #27 - Rendering Data to the Browser ...

Hey gang, in this PHP tutorial I'll explain one of the many data types in PHP - strings. ----- 🐱‍💻 🐱‍💻 Course Links: + Cou... This database tutorial will help beginners understand the basics of database management systems. We use helpful analogies to explain a high-level overview of... Hey gang, in this PHP tutorial I'll show you how to take the data we get from the database and render it to the browser inside our HTML template. How to Create Excel Data Entry Form (No VBA) Super Easy - Duration: 9 ... But how does bitcoin actually work? - Duration: 26:21. 3Blue1Brown Recommended for you. 26:21. 5 Things You Should Never ... Complete #CRUD Operation with #PHP #MySql Database. In this tutorial, we are going to learn how to create PHP CRUD Operation. We will learn how to create, Re...

#