JSON-RPC

Power of the Command Line (bitcoin-cli, hwi, electrum, trezorctl)

I think some of the console tools available with HW wallets today are greatly under utilized. Here's a quick write-up on how to create and sign a TXN very similar to 43d27...1fc06 found on the SLIP-14 wallet. I'll be using TrezorCTL, Electrum, and HWI for the signing. I won't go much into the setup or install, but feel free to ask if you have questions about it. Note, you don't have to use all three of these. Any one will produce a valid signed TXN for broadcast. I just showed how to do it three ways. Whats more some of the Electrum and HWI steps are interchangeable.
ColdCard also has a utility called ckcc that will do the sign operation instead of HWI, but in many ways they are interchangeable. KeepKey and Ledger both have libraries for scripted signing but no one-shot, one-line console apps that I know of. But HWI and Electrum of course work on all four.

TrezorCTL

This is the what most would think of to use to craft and sign TXNs, and is definitely very simple. The signing uses a script called build_tx.py to create a JSON file that is then used by the btc sign-tx command. The whole process is basically:
  1. tools/build_tx.py | trezorctl btc sign-tx -
This just means, take the output of build_tx and sign it. To copy 43d27...1fc06, I wrote a small script to feed build_tx, so my process looks like:
  1. ~/input.sh | tools/build_tx.py | trezorctl btc sign-tx -
But it's all very simple. Note... I used TrezorCTL v0.12.2 but build_tx.py version 0.13.0 1.

input.sh

```

!/bin/bash

secho() { sleep 1; echo $*}
secho "Testnet" # coin name secho "tbtc1.trezor.io" # blockbook server and outpoint (below) secho "e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00:0" secho "m/84'/1'/0'/0/0" # prev_out derivation to signing key secho "4294967293" # Sequence for RBF; hex(-3) secho "segwit" # Signature type on prev_out to use secho "" # NACK to progress to outs secho "2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3" # out[0].addr secho "10000000" # out[1].amt secho "tb1q9l0rk0gkgn73d0gc57qn3t3cwvucaj3h8wtrlu" # out[1].addr secho "20000000" # out[1].amt secho "tb1qejqxwzfld7zr6mf7ygqy5s5se5xq7vmt96jk9x" # out[2].addr secho "99999694" # out[2].amt secho "" # NACK to progress to change secho "" # NACK to skip change secho "2" # txn.version secho "0" # txn.locktime ```

Electrum

Electrum is one of the better GUI wallets available, but it also has a pretty good console interface. Like before you need your Trezor with the SLIP-14 wallet loaded and paired to Electrum. I'll assume Electrum is up and running with the Trezor wallet loaded to make things simple.
Like with TrezorCTL, Electrum feeds on a JSON file, but unlike TrezorCTL it needs that JSON squished into the command line. This is a simple sed command, but I won't bore you with the details, but just assume that's done. So the process in Electrum (v4.0.3) looks like:
  1. electrum serialize (create psbt to sign)
  2. electrum --wallet signtransaction (sign said psbt)
Still pretty simple right! Below is the JSON I smushed for #1

txn.json

{ "inputs": [{ "prevout_hash":"e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00", "prevout_n": 0, "value_sats": 129999867 }], "outputs": [{ "address": "2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3", "value_sats": 10000000 },{ "address": "tb1q9l0rk0gkgn73d0gc57qn3t3cwvucaj3h8wtrlu", "value_sats": 20000000 },{ "address": "tb1qejqxwzfld7zr6mf7ygqy5s5se5xq7vmt96jk9x", "value_sats": 99999694 }]}

HWI

HWI is an unsung hero in my book. It's a very small clean and simple interface between HW wallets and Bitcoin Core. It currently supports a good range of HW wallets. It keeps itself narrowly focused on TXN signing and offloads most everything else to Bitcoin Core. Again, I'll assume you've imported your Trezor keypool into Core and done the requisite IBD and rescan. And if you don't have the RPC enabled, you can always clone these commands into the QT-console.
To sign our TXN in HWI (v1.1.2), we will first need to craft (and finalize) it in Bitcoin Core (0.21.1). Like in Electrum, we will have to use simple sed to smush some JSON into command arguments, but I'll assume you have that covered. It will take an inputs.json and an outputs.json named separately.
  1. bitcoin-cli createpsbt (create psbt)
  2. bitcoin-cli -rpcwallet= walletprocesspsbt (process psbt)
  3. hwi -f signtx (sign psbt)
  4. bitcoin-cli -rpcwallet= finalizepsbt (get a signed TXN from psbt)
A little more involved, but still nothing too bad. Plus this gives you the full power of Bitcoin Core including integrations with LND (lightning).

inputs.json

[{ "txid": "e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00", "vout": 0 }]

outputs.json

[{ "2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3": 0.10000000 },{ "tb1q9l0rk0gkgn73d0gc57qn3t3cwvucaj3h8wtrlu": 0.20000000 },{ "tb1qejqxwzfld7zr6mf7ygqy5s5se5xq7vmt96jk9x": 0.99999694 }]

Conclusion

This may all seem like very low level coding, but is surprisingly simple once you get a knack for it. Whats more, all these platforms support testnet which allows you to practice with valueless coins until you get the hang of it. And, like many things in bitcoin, this is all (mostly) python, which is one of the easier languages to learn.
Enjoy
Footnotes
1 - https://github.com/trezotrezor-firmware/issues/1296
submitted by brianddk to Bitcoin [link] [comments]

Power of the Command Line (bitcoin-cli, hwi, electrum, trezorctl)

I think some of the console tools available with HW wallets today are greatly under utilized. Here's a quick write-up on how to create and sign a TXN very similar to 43d27...1fc06 found on the SLIP-14 wallet. I'll be using TrezorCTL, Electrum, and HWI for the signing. I won't go much into the setup or install, but feel free to ask if you have questions about it. Note, you don't have to use all three of these. Any one will produce a valid signed TXN for broadcast. I just showed how to do it three ways. Whats more some of the Electrum and HWI steps are interchangeable.

TrezorCTL

This is the what most would think of to use to craft and sign TXNs, and is definitely very simple. The signing uses a script called build_tx.py to create a JSON file that is then used by the btc sign-tx command. The whole process is basically:
  1. tools/build_tx.py | trezorctl btc sign-tx -
This just means, take the output of build_tx and sign it. To copy 43d27...1fc06, I wrote a small script to feed build_tx, so my process looks like:
  1. ~/input.sh | tools/build_tx.py | trezorctl btc sign-tx -
But it's all very simple. Note... I used TrezorCTL v0.12.2 but build_tx.py version 0.13.0 1.

input.sh

```

!/bin/bash

secho() { sleep 1; echo $*}
secho "Testnet" # coin name secho "tbtc1.trezor.io" # blockbook server and outpoint (below) secho "e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00:0" secho "m/84'/1'/0'/0/0" # prev_out derivation to signing key secho "4294967293" # Sequence for RBF; hex(-3) secho "segwit" # Signature type on prev_out to use secho "" # NACK to progress to outs secho "2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3" # out[0].addr secho "10000000" # out[1].amt secho "tb1q9l0rk0gkgn73d0gc57qn3t3cwvucaj3h8wtrlu" # out[1].addr secho "20000000" # out[1].amt secho "tb1qejqxwzfld7zr6mf7ygqy5s5se5xq7vmt96jk9x" # out[2].addr secho "99999694" # out[2].amt secho "" # NACK to progress to change secho "" # NACK to skip change secho "2" # txn.version secho "0" # txn.locktime ```

Electrum

Electrum is one of the better GUI wallets available, but it also has a pretty good console interface. Like before you need your Trezor with the SLIP-14 wallet loaded and paired to Electrum. I'll assume Electrum is up and running with the Trezor wallet loaded to make things simple.
Like with TrezorCTL, Electrum feeds on a JSON file, but unlike TrezorCTL it needs that JSON squished into the command line. This is a simple sed command, but I won't bore you with the details, but just assume that's done. So the process in Electrum (v4.0.3) looks like:
  1. electrum serialize (create psbt to sign)
  2. electrum --wallet signtransaction (sign said psbt)
Still pretty simple right! Below is the JSON I smushed for #1

txn.json

{ "inputs": [{ "prevout_hash":"e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00", "prevout_n": 0, "value_sats": 129999867 }], "outputs": [{ "address": "2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3", "value_sats": 10000000 },{ "address": "tb1q9l0rk0gkgn73d0gc57qn3t3cwvucaj3h8wtrlu", "value_sats": 20000000 },{ "address": "tb1qejqxwzfld7zr6mf7ygqy5s5se5xq7vmt96jk9x", "value_sats": 99999694 }]}

HWI

HWI is an unsung hero in my book. It's a very small clean and simple interface between HW wallets and Bitcoin Core. It currently supports a good range of HW wallets. It keeps itself narrowly focused on TXN signing and offloads most everything else to Bitcoin Core. Again, I'll assume you've imported your Trezor keypool into Core and done the requisite IBD and rescan. And if you don't have the RPC enabled, you can always clone these commands into the QT-console.
To sign our TXN in HWI (v1.1.2), we will first need to craft (and finalize) it in Bitcoin Core (0.21.1). Like in Electrum, we will have to use simple sed to smush some JSON into command arguments, but I'll assume you have that covered. It will take an inputs.json and an outputs.json named separately.
  1. bitcoin-cli createpsbt (create psbt)
  2. bitcoin-cli -rpcwallet= walletprocesspsbt (process psbt)
  3. hwi -f signtx (sign psbt)
  4. bitcoin-cli -rpcwallet= finalizepsbt (get a signed TXN from psbt)
A little more involved, but still nothing too bad. Plus this gives you the full power of Bitcoin Core including integrations with LND (lightning).

inputs.json

[{ "txid": "e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00", "vout": 0 }]

outputs.json

[{ "2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3": 0.10000000 },{ "tb1q9l0rk0gkgn73d0gc57qn3t3cwvucaj3h8wtrlu": 0.20000000 },{ "tb1qejqxwzfld7zr6mf7ygqy5s5se5xq7vmt96jk9x": 0.99999694 }]

Conclusion

This may all seem like very low level coding, but is surprisingly simple once you get a knack for it. Whats more, all these platforms support testnet which allows you to practice with valueless coins until you get the hang of it. And, like many things in bitcoin, this is all (mostly) python, which is one of the easier languages to learn.
Enjoy
Footnotes
1 - https://github.com/trezotrezor-firmware/issues/1296
submitted by brianddk to TREZOR [link] [comments]

New Ethereum Developer Course

Hey All! We've been working heads down on a new developer curriculum for the last year. We're excited to announce it's finally here.
This curriculum is composed primarily of in-browser coding tutorials and challenges (no need to install any dependencies!). It also includes videos and guides which will help you apply what you learned in your local development environment when you're done with the course.
The full course includes:
Learning JavaScript: A collection of JavaScript coding tutorials and challenges which thoroughly teach JS from scratch with the latest ECMAScript features. Networking: Writing Asynchronous Code and communicating with servers through APIs Data Structures: Building and understanding data structures that are important to blockchain programming (especially trees and linked lists) Blockchain: Understanding Bitcoin, Proof-Of-Work, Digital Signatures and building core blockchain data structures. As well as learning about Ethereum, the EVM, ethers.js, and the Ethereum Node JSON-RPC API. Smart Contracts: Our largest section! This includes 21 coding tutorials and challenges thoroughly teaching the latest Solidity version 0.6.x from the very basics. Decentralized Applications: Deploy Smart Contracts and interact with them through ethers.js. You'll have three new working decentralized applications at the end of this section which you'll be able to extend upon to build bigger projects!
You can find the full listing here: https://www.chainshot.com/curriculum
The course is available through a monthly subscription. We'll also be starting live coding classes next month for all subscribers!
We hope you'll choose to learn with us. Let us know if you have any questions/concerns. All feedback is welcome. :)
submitted by dan-nolan to ethdev [link] [comments]

Groestlcoin 6th Anniversary Release

Introduction

Dear Groestlers, it goes without saying that 2020 has been a difficult time for millions of people worldwide. The groestlcoin team would like to take this opportunity to wish everyone our best to everyone coping with the direct and indirect effects of COVID-19. Let it bring out the best in us all and show that collectively, we can conquer anything.
The centralised banks and our national governments are facing unprecedented times with interest rates worldwide dropping to record lows in places. Rest assured that this can only strengthen the fundamentals of all decentralised cryptocurrencies and the vision that was seeded with Satoshi's Bitcoin whitepaper over 10 years ago. Despite everything that has been thrown at us this year, the show must go on and the team will still progress and advance to continue the momentum that we have developed over the past 6 years.
In addition to this, we'd like to remind you all that this is Groestlcoin's 6th Birthday release! In terms of price there have been some crazy highs and lows over the years (with highs of around $2.60 and lows of $0.000077!), but in terms of value– Groestlcoin just keeps getting more valuable! In these uncertain times, one thing remains clear – Groestlcoin will keep going and keep innovating regardless. On with what has been worked on and completed over the past few months.

UPDATED - Groestlcoin Core 2.18.2

This is a major release of Groestlcoin Core with many protocol level improvements and code optimizations, featuring the technical equivalent of Bitcoin v0.18.2 but with Groestlcoin-specific patches. On a general level, most of what is new is a new 'Groestlcoin-wallet' tool which is now distributed alongside Groestlcoin Core's other executables.
NOTE: The 'Account' API has been removed from this version which was typically used in some tip bots. Please ensure you check the release notes from 2.17.2 for details on replacing this functionality.

How to Upgrade?

Windows
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer.
OSX
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), run the dmg and drag Groestlcoin Core to Applications.
Ubuntu
http://groestlcoin.org/forum/index.php?topic=441.0

Other Linux

http://groestlcoin.org/forum/index.php?topic=97.0

Download

Download the Windows Installer (64 bit) here
Download the Windows Installer (32 bit) here
Download the Windows binaries (64 bit) here
Download the Windows binaries (32 bit) here
Download the OSX Installer here
Download the OSX binaries here
Download the Linux binaries (64 bit) here
Download the Linux binaries (32 bit) here
Download the ARM Linux binaries (64 bit) here
Download the ARM Linux binaries (32 bit) here

Source

ALL NEW - Groestlcoin Moonshine iOS/Android Wallet

Built with React Native, Moonshine utilizes Electrum-GRS's JSON-RPC methods to interact with the Groestlcoin network.
GRS Moonshine's intended use is as a hot wallet. Meaning, your keys are only as safe as the device you install this wallet on. As with any hot wallet, please ensure that you keep only a small, responsible amount of Groestlcoin on it at any given time.

Features

Download

iOS
Android

Source

ALL NEW! – HODL GRS Android Wallet

HODL GRS connects directly to the Groestlcoin network using SPV mode and doesn't rely on servers that can be hacked or disabled.
HODL GRS utilizes AES hardware encryption, app sandboxing, and the latest security features to protect users from malware, browser security holes, and even physical theft. Private keys are stored only in the secure enclave of the user's phone, inaccessible to anyone other than the user.
Simplicity and ease-of-use is the core design principle of HODL GRS. A simple recovery phrase (which we call a Backup Recovery Key) is all that is needed to restore the user's wallet if they ever lose or replace their device. HODL GRS is deterministic, which means the user's balance and transaction history can be recovered just from the backup recovery key.

Features

Download

Main Release (Main Net)
Testnet Release

Source

ALL NEW! – GroestlcoinSeed Savior

Groestlcoin Seed Savior is a tool for recovering BIP39 seed phrases.
This tool is meant to help users with recovering a slightly incorrect Groestlcoin mnemonic phrase (AKA backup or seed). You can enter an existing BIP39 mnemonic and get derived addresses in various formats.
To find out if one of the suggested addresses is the right one, you can click on the suggested address to check the address' transaction history on a block explorer.

Features

Live Version (Not Recommended)

https://www.groestlcoin.org/recovery/

Download

https://github.com/Groestlcoin/mnemonic-recovery/archive/master.zip

Source

ALL NEW! – Vanity Search Vanity Address Generator

NOTE: NVidia GPU or any CPU only. AMD graphics cards will not work with this address generator.
VanitySearch is a command-line Segwit-capable vanity Groestlcoin address generator. Add unique flair when you tell people to send Groestlcoin. Alternatively, VanitySearch can be used to generate random addresses offline.
If you're tired of the random, cryptic addresses generated by regular groestlcoin clients, then VanitySearch is the right choice for you to create a more personalized address.
VanitySearch is a groestlcoin address prefix finder. If you want to generate safe private keys, use the -s option to enter your passphrase which will be used for generating a base key as for BIP38 standard (VanitySearch.exe -s "My PassPhrase" FXPref). You can also use VanitySearch.exe -ps "My PassPhrase" which will add a crypto secure seed to your passphrase.
VanitySearch may not compute a good grid size for your GPU, so try different values using -g option in order to get the best performances. If you want to use GPUs and CPUs together, you may have best performances by keeping one CPU core for handling GPU(s)/CPU exchanges (use -t option to set the number of CPU threads).

Features

Usage

https://github.com/Groestlcoin/VanitySearch#usage

Download

Source

ALL NEW! – Groestlcoin EasyVanity 2020

Groestlcoin EasyVanity 2020 is a windows app built from the ground-up and makes it easier than ever before to create your very own bespoke bech32 address(es) when whilst not connected to the internet.
If you're tired of the random, cryptic bech32 addresses generated by regular Groestlcoin clients, then Groestlcoin EasyVanity2020 is the right choice for you to create a more personalised bech32 address. This 2020 version uses the new VanitySearch to generate not only legacy addresses (F prefix) but also Bech32 addresses (grs1 prefix).

Features

Download

Source

Remastered! – Groestlcoin WPF Desktop Wallet (v2.19.0.18)

Groestlcoin WPF is an alternative full node client with optional lightweight 'thin-client' mode based on WPF. Windows Presentation Foundation (WPF) is one of Microsoft's latest approaches to a GUI framework, used with the .NET framework. Its main advantages over the original Groestlcoin client include support for exporting blockchain.dat and including a lite wallet mode.
This wallet was previously deprecated but has been brought back to life with modern standards.

Features

Remastered Improvements

Download

Source

ALL NEW! – BIP39 Key Tool

Groestlcoin BIP39 Key Tool is a GUI interface for generating Groestlcoin public and private keys. It is a standalone tool which can be used offline.

Features

Download

Windows
Linux :
 pip3 install -r requirements.txt python3 bip39\_gui.py 

Source

ALL NEW! – Electrum Personal Server

Groestlcoin Electrum Personal Server aims to make using Electrum Groestlcoin wallet more secure and more private. It makes it easy to connect your Electrum-GRS wallet to your own full node.
It is an implementation of the Electrum-grs server protocol which fulfils the specific need of using the Electrum-grs wallet backed by a full node, but without the heavyweight server backend, for a single user. It allows the user to benefit from all Groestlcoin Core's resource-saving features like pruning, blocks only and disabled txindex. All Electrum-GRS's feature-richness like hardware wallet integration, multi-signature wallets, offline signing, seed recovery phrases, coin control and so on can still be used, but connected only to the user's own full node.
Full node wallets are important in Groestlcoin because they are a big part of what makes the system be trust-less. No longer do people have to trust a financial institution like a bank or PayPal, they can run software on their own computers. If Groestlcoin is digital gold, then a full node wallet is your own personal goldsmith who checks for you that received payments are genuine.
Full node wallets are also important for privacy. Using Electrum-GRS under default configuration requires it to send (hashes of) all your Groestlcoin addresses to some server. That server can then easily spy on your transactions. Full node wallets like Groestlcoin Electrum Personal Server would download the entire blockchain and scan it for the user's own addresses, and therefore don't reveal to anyone else which Groestlcoin addresses they are interested in.
Groestlcoin Electrum Personal Server can also broadcast transactions through Tor which improves privacy by resisting traffic analysis for broadcasted transactions which can link the IP address of the user to the transaction. If enabled this would happen transparently whenever the user simply clicks "Send" on a transaction in Electrum-grs wallet.
Note: Currently Groestlcoin Electrum Personal Server can only accept one connection at a time.

Features

Download

Windows
Linux / OSX (Instructions)

Source

UPDATED – Android Wallet 7.38.1 - Main Net + Test Net

The app allows you to send and receive Groestlcoin on your device using QR codes and URI links.
When using this app, please back up your wallet and email them to yourself! This will save your wallet in a password protected file. Then your coins can be retrieved even if you lose your phone.

Changes

Download

Main Net
Main Net (FDroid)
Test Net

Source

UPDATED – Groestlcoin Sentinel 3.5.06 (Android)

Groestlcoin Sentinel is a great solution for anyone who wants the convenience and utility of a hot wallet for receiving payments directly into their cold storage (or hardware wallets).
Sentinel accepts XPUB's, YPUB'S, ZPUB's and individual Groestlcoin address. Once added you will be able to view balances, view transactions, and (in the case of XPUB's, YPUB's and ZPUB's) deterministically generate addresses for that wallet.
Groestlcoin Sentinel is a fork of Groestlcoin Samourai Wallet with all spending and transaction building code removed.

Changes

Download

Source

UPDATED – P2Pool Test Net

Changes

Download

Pre-Hosted Testnet P2Pool is available via http://testp2pool.groestlcoin.org:21330/static/

Source

submitted by Yokomoko_Saleen to groestlcoin [link] [comments]

KYC-Tezos wallets vulnerable to "blind sig" attack

KYC-Tezos wallets vulnerable to
Summary
Most KYC-Tezos wallets we tested are vulnerable to a simple yet catastrophic attack that can lead to loss of all funds on wallet (blind signature vulnerability). These wallets connect to a server (the RPC node) but they do not build the raw tx like normal cryptocurrency wallets, nor do they check the binary provided by the RPC before signing it. Should the RPC get hacked (or turn malicious) it will provide clients a malicious tx to sign: with no way to parse the binary, the unsuspecting user will sign a tx which sends 100% of their funds to the attacker's address. (Update: since publishing this post some wallets have fixed the issue, see table below)

Ledger
Ledger users are not safe. This video shows how funds can be stolen from a Ledger device.

Demo
To demonstrate the vulnerability we also expose a malicious RPC to test your wallet against it (warning: funds could be lost).


Vulnerable wallets

RPC address WHOIS record Can set custom RPC? Vulnerable?
Atomic n/a n/a No Yes
Galleon tezos-prod.cryptonomic-infra.tech Anonymous (Panama) Yes No (fixed in 0.7.0b+)
Guarda mainnet.tezrpc.me Anonymous (US) No Yes
Kukai mainnet.tezrpc.me Anonymous (US) No No
Librebox mainnet.tezrpc.me Anonymous (US) Yes No
Magnum tezos.mgnm.rocks (updated) Anonymous (Russia) No No (fixed in v137+)
T3Wallet n/a n/a No Yes
Tezbox Web mainnet.tezrpc.me Anonymous (US) Yes No (fixed)
Tezbox Chrome mainnet.tezrpc.me Anonymous (US) Yes No (fixed in 13.0.0)
Tezbox MacOs mainnet.tezrpc.me Anonymous (US) Yes No (fixed in 4.0.0+)
Tezbox Windows mainnet.tezrpc.me Anonymous (US) Yes No (fixed in 4.0.0+)
Tezos Blue n/a n/a No No (fixed in v0.4.3+)
TezBridge mainnet.tezbridge.com Anonymous (Panama) Yes Yes
WeTez n/a n/a No Yes

Why it matters
Cryptocurrency wallets were meant to be trustless, but most KYC-Tezos wallets are not. When you're signing any tx with these wallets you're trusting the server (RPC) to send your money where you actually want it to go. Even if you trust the sourcecode of your wallet and are not using a web wallet, you're still vulnerable. The RPC you rely upon could turn malicious (e.g. be hacked) at any moment in time, with no way for you to detect it.

How the attack works
  1. RPC turns malicious (e.g. gets hacked)
  2. Wallet securely connects to malicious RPC via HTTPS
  3. Wallet provides JSON of tx to build
  4. RPC provides malicious binary sending funds to attacker's address
  5. Wallet blindly signs binary
  6. RPC broadcasts tx: funds are now lost

In a variant of the attack, the unsuspecting user will set a malicious RPC as custom RPC in their wallet. There are multiple ways someone could be tricked to do that (see Electrum hack below).

Causes
More than wallet developers themselves, we deem KYC-Tezos developers inadequacy and lack of understanding of an adversarial environment as the culprit for this simple yet potentially catastrophic vulnerability.
1.Wrong design
The RPC exposes a JSON API to build the tx, which is then provided to the client for signing, and returned to the RPC for broadcast. This is not how a blockchain wallet should work: txs should be built and signed locally, and only then pushed to a server.
2.OCaml binary with no serialization specs
In the KYC-Tezos APIs there is no spec for the transaction binary format. tezos-data-encoding is the library responsible for encoding a tx, so the tx format is tightly coupled with the the serialization of OCaml objects. An OCaml binary with no spec is what led GUI wallet developers, who are not using OCaml, to just trust the binary provided by the RPC instead of parsing and checking it.

A secure channel with your attacker
SSL security between client and server won't help: if the RPC turns malicious, it will first establish a secure connection as usual and then provide a malicious tx to sign. Hiding in plain sight, KYC-Tezos APIs actually hint [1] to the vulnerability. The "solution" they suggest is securing the connection, which as already explained does not solve the issue at all while providing users a false sense of security.

Hiding in plain sight: a hint from KYC-Tezos APIs

What happened to Electrum
Recently more than $750,000 were stolen by an attacker spawning malicious Electrum servers and stealing BTC from Electrum users. [2][3]
The attack succeeded despite Electrum being way more secure than KYC-Tezos wallets: with Electrum the tx is generated by the client and not by the server.

Malicious RPC demo
Set this custom RPC in your wallet to test the vulnerability:
https://demo.tzlibre.io/malicious/ 
WARNING: IF YOUR WALLET IS VULNERABLE FUNDS WILL BE LOST AND SENT TO FOUNDATION BAKER 1 (tz3RDC3Jdn4j15J7bBHZd29EUee9gVB1CxD9)
As safety measure this demo RPC only manipulates recpient's address, and not the transaction amount as well.
If your wallet is vulnerable and not listed above yet, please let us know.

How we fixed it
We fixed the vulnerability in LibreBox by checking portions of the tx (such as destination address, amount, etc) after a reverse-engineering of the tx format itself.

Suggested next steps
  • KYC-Tezos users: do not sign any tx with a vulnerable wallet until the vulnerability is addressed.
  • Wallet developers: immediately start warning your users of the danger, until binary txs are parsed and checked. If you resolved the issue or if your wallet is not listed, feel free to contact us to update this post.
  • Tezos Foundation: immediately release specs for the binary tx format, and improve documentation to a more decent standard.

Update (1/14/2019): in a previous version of this post Kukai was wrongly listed as vulnerable. Kukai has never been vulnerable to the attack. Tezbox Web has fixed the vulnerability, while Tezbox Chrome, Tezbox MacOs, Tezbox Windows remain vulnerable.
Update (1/15/2019): Magnum has fixed the vulnerability in v137 and changed the RPC from mainnet.tezrpc.me to tezos.mgnm.rocks
Update (1/16/2019): Tezos Blue has fixed the vulnerability on Github [4], but their 3 apps remain vulnerable to date.
Update (1/17/2019): TezBox has fixed the vulnerability on Chrome, MacOs, Windows. Tezos Blue has fixed the vulnerability on all 3 apps with v0.4.3
Update (1/18/19); Galleon has fixed the vulnerability in version 0.7.0b

References
[1] https://tezos.gitlab.io/alphanet/introduction/various.html#signer
[2] https://github.com/spesmilo/electrum/issues/4968
[3] https://www.zdnet.com/article/users-report-losing-bitcoin-in-clever-hack-of-electrum-wallets/
[4] https://github.com/tezos-blue/client/commit/7eb335df64f4b72706fa2252dd369edca903ee93
submitted by tzlibre to tzlibre [link] [comments]

Groestlcoin September 2019 Development Release/Update!

For a more interactive view of changes, click here
In our current world; bordering on financial chaos, with tariff wars, Brexit and hyperinflation rife, you can count on Groestlcoin to consistently produce innovation that strikes to take the power away from the few and into the many, even after a full five and a half years of solid development.
Here is what the team has already announced in the last 3 months since the last development update:

What's Being Released Today?

Groestl Nodes

What am I?

Groestl Nodes aims to map out and compare the status of the Groestlcoin mainnet and testnet networks. Even though these networks share the same protocol, there is currently no way to directly compare these coins in a single location. These statistics are essential to evaluate the relative health of both networks.

Features

Source - Website

Groestlcoin Transaction Tool

What am I?

This is a tool for creating unsigned raw Groestlcoin transactions and also to verify existing transactions by entering in the transaction hex and converting this to a human-readable format to verify that a transaction is correct before it is signed.

Features

SourceDownload

Groestlcoin AGCore

What am I?

AGCore is an Android app designed to make it easier to run a Groestlcoin Core node on always-on Android appliances such as set-top boxes, Android TVs and repurposed tablets/phones. If you are a non-technical user of Groestlcoin and want an Android app that makes it easy to run a Groestlcoin Core node by acting as a wrapper, then AG Core is the right choice for you.

What's Changed?

Source - Download

Groestlcoin Electrum

What's Changed?

Android Electrum-Specific

OSXWindowsWindows StandaloneWindows PortableLinux - Android
Server SourceServer Installer SourceClient SourceIcon SourceLocale Source

Android Wallet – Including Android Wallet Testnet

What am I?

Android Wallet is a BIP-0032 compatible hierarchial deterministic Groestlcoin Wallet, allowing you to send and receive Groestlcoin via QR codes and URI links.

V7.11.1 Changes

Groestlcoin Java Library SourceSource - DownloadTestnet Download

Groestlwallet

What am I?

Groestlwallet is designed to protect you from malware, browser security holes, even physical theft. With AES hardware encryption, app sandboxing, keychain and code signatures, groestlwallet represents a significant security advance over web and desktop wallets, and other mobile platforms.
Simplicity is groestlwallet's core design principle. Because groestlwallet is "deterministic", your balance and entire transaction history can be restored from just your recovery phrase.

iOS 0.7.3 Changes

Android v89 Changes

iOS SourceAndroid Source - Android DownloadiOS Download

Groestlcoinomi Released

What am I?

Groestlcoinomi is a lightweight thin-client Groestlcoin wallet based on a client-server protocol.

Groestlcoinomi v1.1 Desktop Changes

Groestlcoinomi Android v1.6 Changes

Groestlcoin Java Library SourceAndroid Source
Android DownloadWindows DownloadMac OS DownloadLinux Download

Groestlcoin BIP39 Tool

What's Changed?

Source - Download
submitted by Yokomoko_Saleen to groestlcoin [link] [comments]

How can I sign a message with a Litecoin address using PHP?

I am looking for something similar to https://github.com/BitcoinPHP/BitcoinECDSA.php/blob/mastesrc/BitcoinPHP/BitcoinECDSA/BitcoinECDSA.php, i.e. doing it independently on a PHP server without any need to make a JSON-RPC call.
submitted by ramboKick to litecoin [link] [comments]

Could not connect to Bitcoin Core using JSON-RPC error message when launching Eclair

Hi! I am new to the Lightning Network and I am seeking to install a Lighting Network full node on my PC.

I already have Bitcoin Core installed and my full bitcoin node working (version 0.17.1).

I went through some steps to install the LN full node on a video on YouTube, following instructions from a Medium post: "How to run a Lightning Network node on Windows" (https://medium.com/coinmonks/guide-setup-a-lightning-network-node-on-windows-8475206807f).

I installed Eclair (v0.2-beta9) from their Github page.

But when I try to launch Eclair (with my Bitcoin Core node up and running), an error message pops us, saying:
Could not connect to Bitcoin Core using JSON-RPC.
Make sure that Bitcoin Core is up and running and RPC parameters are correct.

Here is what I have in my Bitcoin Core .conf file:

testnet=0
server=1
rpcuser=foo
rpcpassword=bar
txindex=1
zmqpubrawblock=tcp://127.0.0.1:29000
zmqpubrawtx=tcp://127.0.0.1:29000
addresstype=p2sh-segwit
deprecatedrpc=signrawtransaction

And in my eclair.conf file:

eclair.chain=mainnet
eclair.bitcoind.rpcport=8332
eclair.bitcoind.rpcuser=foo
eclair.bitcoind.rpcpassword=bar
eclair.node-alias=”myalias”
eclair.node-color=ff9900

By the way, I went through an old thread on the same topic (https://www.reddit.com/lightningnetwork/comments/7rlk1e/could_not_connect_to_bitcoind_using_jsonrpc_any/), but the solutions proposed did not work for me.

Your help would be greatly appreciated :-) Thanks!
submitted by swisscrypto77 to lightningnetwork [link] [comments]

Gridcoin Leisure Update 3.7.14.0 Released

Today we have a new leisure update for you. This version includes a lot of "under the hood" changes, but there are some improvements for the average user as well.
 
Notably this release includes a better time to stake calculation method, thanks to @jamescowens. Also the Neural Network runs much smoother thanks to many optimizations by @ifoggz.
 
Download the update from GitHub here.
The Windows MSI can be downloaded here.
 
Full Release Notes:
Added
 
Changed
 
Fixed
 
Removed
 
Thank you to all the developers who contributed to this release. I will update this post when the Windows MSI has been uploaded to the website.
submitted by barton26 to gridcoin [link] [comments]

Soo after almost 3 months of setting up I have my own LN full node running on RP3

Soo after almost 3 months of setting up I have my own LN full node running on RP3
I have been eager to try LN mainnet since the very beginning of it. I've found out about lnd, eclair, zap and other wallets but every scenario I tried to use it failed because of critical issues:
  • eclair does not really constitute a wallet, it's more like a credit card - you can send money but not receive it
  • lnd is okay, but requires a server and tons of resources for maintaining a full node, can't be used securely, efficiently and mobily at the same time
  • zap offers some cloud wallet (in testnet!) by default, this is a serious misunderstanding of my cryptoanarchy needs
  • web wallets - ah, forget it
So I've decided to use my Raspberry Pi with a very old laptop HDD attached (200GB so the pruning function has to be used) to create a backend wallet service and zap desktop (temporarily!) as my frontend control panel.
https://preview.redd.it/0vcq147887q11.png?width=1024&format=png&auto=webp&s=7bb6eccdd4110a857e5af0400acc2d7e1ee7ee85
Setting up Pi is easy, lots of tutorials over the internet, not gonna discuss it here. Then I had to obtain bitcoind (current rel: bitcoin-0.17.0-arm-linux-gnueabihf.tar.gz) and lnd (lnd-linux-armv7-v0.5-beta.tar.gz), create a bitcoin technical user, deploy the tools, configure and install new systemd services and go through the configs. This is a tricky part, so let's share:
# Generated by https://jlopp.github.io/bitcoin-core-config-generato # This config should be placed in following path: # ~/.bitcoin/bitcoin.conf # [core] # Set database cache size in megabytes; machines sync faster with a larger cache. Recommend setting as high as possible based upon machine's available RAM. dbcache=100 # Keep at most  unconnectable transactions in memory. maxorphantx=10 # Keep the transaction memory pool below  megabytes. maxmempool=50 # Reduce storage requirements by only storing most recent N MiB of block. This mode is incompatible with -txindex and -rescan. WARNING: Reverting this setting requires re-downloading the entire blockchain. (default: 0 = disable pruning blocks, 1 = allow manual pruning via RPC, greater than 550 = automatically prune blocks to stay under target size in MiB). prune=153600 # [network] # Maintain at most N connections to peers. maxconnections=40 # Use UPnP to map the listening port. upnp=1 # Tries to keep outbound traffic under the given target (in MiB per 24h), 0 = no limit. maxuploadtarget=5000 # [debug] # Log IP Addresses in debug output. logips=1 # [rpc] # Accept public REST requests. rest=1 # [wallet] # Do not load the wallet and disable wallet RPC calls. disablewallet=1 # [zeromq] # Enable publishing of raw block hex to 
. zmqpubrawblock=tcp://127.0.0.1:28332 # Enable publishing of raw transaction hex to
. zmqpubrawtx=tcp://127.0.0.1:28333 # [rpc] # Accept command line and JSON-RPC commands. server=1 # Username and hashed password for JSON-RPC connections. The field comes in the format: :$. RPC clients connect using rpcuser=/rpcpassword= arguments. You can generate this value with the ./share/rpcauth/rpcauth.py script in the Bitcoin Core repository. This option can be specified multiple times. rpcauth=xxx:yyy$zzz
Whooaa, this online config generator is really helpful, but I still had to manually correct a few things. The last line is obviously generated by rpcauth.py, I disabled the wallet functionality as lnd is going to take care of my funds. ZMQ is not available to the network so only my LND can use it, RPC usage I still have to think through a little, in general I would like to have my own block explorer some day but also be safe from any hacking attempts (thus I would need at least 2 RPC ports/user accounts - one for lnd, one for block explorer frontend). No ports open on firewall at this time, only UPnP is active and gently opens 8333 for block/tx transfers.
Now, synchronizing the blockchain took me time from mid-July to early September... The hard drive is really slow, also my external HDD drive has some trouble with its A/C adapter so Pi was getting undervoltage alerts all the time. Luckily, it is just downclocking when it happens and slowly but steadily synchronized the whole history. After all, I'm not paying even $5 monthly for a VPS, it is by design the cheapest hardware I could use to set up my LN wallet.
When bitcoind was ready (I've heard some stories about btcd but I don't trust this software yet, sorry), it's time to configure lnd.conf:
[Application Options] debuglevel=trace rpclisten=0.0.0.0:10009 externalip=X.X.X.X:9735 listen=0.0.0.0:9735 alias=X color=#XXXXXX [Bitcoin] bitcoin.active=1 bitcoin.mainnet=1 bitcoin.node=bitcoind [Bitcoind] bitcoind.rpchost=127.0.0.1 bitcoind.rpcuser=X bitcoind.rpcpass=X bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 
Here I've had to XXX a little more fields, as not only the bitcoind RPC credentials are stored here, but also my node's public information (it should be illegal to run nodes without specifically selected color and alias!). It is public (and I had to open port 9735 on my firewall), but not necessarily connected to my reddit account for most of the adversaries, so let's keep it this way. In fact, I also see a security vulnerability here: my whole node's stability depends on the IP being static. I could swap it for a .tk domain but who can tell if the bad guys won't actively fight DNS system in order to prevent global economic revolution? As such, I would rather see node identification in LN based on a public key only with possible *hints* of last-known-ip-address but the whole discovery should be performed by the nodes themself in a p2p manner, obviously preventing malicious actors from poisoning the network in some way. For now, I consider the IP stability a weak link and will probably have to pay extra Bitcoin TX fees when something happens to it (not much of a cost luckily!).

https://preview.redd.it/hjd1nooo77q11.png?width=741&format=png&auto=webp&s=14214fc36e3edf139faade930f4069fc31a3e883
Okay then, lnd is up and running, had to create a wallet and give it a night for getting up to speed. I don't know really what took it so long, I'm not using Windows nor 'localhost' in the config so the issues like #1027 are not the case. But there are others like #1545 still open so I'm not going to ponder much on this. I haven't really got any idea how to automatically unlock the wallet after Pi restart (could happen any time!), especially since I only tried to unlock it locally with lncli (why would I enter the password anywhere outside that host?), but let's say that my wallet will only be as stable as my cheap hardware. That's okay for the beta phase.
Finally, zap-desktop required me to copy tls.cert and admin.macaroon files to my desktop. If my understanding of macaroon (it's like an authentication cookie, that can later be revoked) is correct then it's not an issue, however it would be nice to have a "$50 daily limit" macaroon file in the future too, just to avoid any big issues when my client machine gets stolen. Thanks to this, I can ignore the silly cloud-based modes and have fully-secure environment of my home network being the only link from me to my money.
https://preview.redd.it/11bw3dgw47q11.png?width=836&format=png&auto=webp&s=b7fa7c88d14f22441cbbfc0db036cddfd7ea8424
Aaand there it is. The IP took some time to advertise, I use 1ml.com to see if my node is there. The zap interface (ZapDesktop-linux-amd64-v0.2.2-beta.deb) lacks lots of useful information so I keep learning lncli syntax to get more data about my new peers or the routes offered. The transactions indeed run fast and are ridiculously cheap. I would really love to run Eclair with the same settings but it doesn't seem to support custom lnd (why?). In fact, since all I need is really a lncli wrapper, maybe it will be easy to write my own (seen some web gui which weighs 700MB after downloading all dependencies with npm - SICK!). Zap for iOS alpha test registration is DOWN so I couldn't try it (and I'm not sure if it allows custom lnd selection), Zap for Android doesn't even exist yet... I made a few demo transactions and now I will explore all those fancy t-shirt stores as long as the prices are still in "early investor" mode - I remember times when one could get 0.001 BTC from a faucet...
https://preview.redd.it/42sdyoce57q11.png?width=836&format=png&auto=webp&s=7ec8917eaf8f3329d51ce3e30e455254027de0ee
If you find any of the facts presented by me false, I am happy to find out more in the discussion. However what I did I did mostly for fun, without paying much attention to the source code, documentation and endless issue lists on github. By no means I claim this tutorial will work for you but I do think I shared the key points and effort estimations to help others decide if they want a full-node LN client too. I'm also interested in some ideas on what to do with it next (rather unlikely that I will share my lnd admin.macaroon with anyone!) especially if it gives me free money. For example, I can open 1000 channels and start earning money from fees, although I no longer have more Bitcoins than the LN capacity yields... I will probably keep updating the software on my Pi until it leaves beta phases and only then will pour more money inside. I'm also keen on improving the general security of my rig and those comments I will answer more seriously.
submitted by pabou to Bitcoin [link] [comments]

The great Blockchain search

Alright now that we have fairly conclusive evidence that Julian is inside the Embassy I think it's time to discuss what we have found in our search of the blockchain. As many of you may know I spearheaded the search and contributed to enhanced versions of the jean.py scripts that work directly on the local blockchain but still retained https://blockchain.info/ calls for those who did not want to download the full blockchain. First I will post our github repo https://github.com/WikiLeaksFreedomForce and I will discuss the different code used and some of the things we've found through our testing and learning of the blockchain technology.
 
First off I started working with the original Jean.py scripts. They didn't work for me originally and I had to modify them a bit to get them to work. Once I did that I set out to make it much easier to use. On the chans there was talk of using a program called trid which is used to determine a file type of an unknown set of data. It's fairly advanced and has an ever growing database of known file types so it would often give false positives. We figured we could just get a list of known file headers to search for inside the data and limit the scope to fewer false positives. So within my first week of starting we already had code that worked pretty well at finding things. The main goal at first was to be able to successfully download the cablegate archive that Wikileaks uploaded themselves to the blockchain which was relatively simple with the full list of transactions that they themselves uploaded right after.
 
Moving forward from Jean.py I needed a faster way of communicating with the data from the blockchain and I found the JSON RPC commands built into the bitcoin client. The first couple weeks I had some issues with the fact the latest versions of bitcoin core don't keep a database of transaction ID's stored by default. Fortunately on my second attempt to getting it I enabled txindex=1 inside the bitcoin conf file. This had to rebuild the full index of each transaction and took several days.
 
Shortly after I did this work the first "great blockchain" post was made here and we gained a lot of support from other programmers willing to help out. We had one user build a Go program that does the same thing and avoids the issue of txindex=1, we had another user help us build a framework for parsing the blocks directly in c#, and we had another user more experienced in Python to help out with the original script. With the new help we were able to prototype new techniques for searching relatively quickly as well as improve readability and usage of the code. There are still plans to continue improving the code and make it easier to use but desire to keep working on it has come to a halt since most people are confident that Julian is safe in the Embassy and his Dead Man Switch was not released.
 
The blockchain is rather interesting as it's a ledger of information. Each transaction has a series of data that it uses to transmit and store information. I'm not fully aware of every aspect but I have learned a lot in the great search. We've found that most information stored as human readable content is inside the scripts. Each transaction has an input and output script. These are stored as binary data inside the blockchain .dat files and displayed as hex data through RPC and on https://blockchain.info/. The hex data tends to make it easier to see the data whereas often times unicode translations will make it look like gibberish.
 
Our code was designed around the principals of the original Satoshi Upload script as well as the download script. This used a unique line of code that ensured the correct data was uploaded and can be downloaded. This line encoded the length and a checksum of the data for the transaction inside each transaction. So when applying the Satoshi Downloader you can search for the first 8 bytes of data for a length value and checksum for data that follows that length after the first 8 bytes. Websites like http://www.cryptograffiti.info/ do not use this length and checksum. Right now our code can download everything inside a transaction that we know about. There are ways of improving speed by only flagging a transaction that contains significant information such as known file headers or follows the length and checksum from Satoshi. This has lead to a few interesting finds. Including but not limited to Peter Todd's lucifer linux burn in utility. I still plan to add a plaintext search at some point but there are websites devoted to finding those.
 
One thing that I couldn't get to work right was finding Wikileaks file hashes inside the blockchain. The information on how they do it is limited and I was only able to find the one cabelgate hash stored following the same idea as OpenTimeStamps. Searching for hashes takes a long time though and I have a simple python parser made that takes a dictionary of all the hashes and searches for them. The dictionaries I have as well as the python script are all on the girhub repo.
 
Some things we have found include: Cablegate, This is dog meme, unknown gpg acceptable files, plaintext messages, and a 7z with a message from Julian Assange(Don't get too excited I uploaded it myself to prove a point that we can't verify who sends a transaction). We haven't found anything really that hasn't already been documented or is available on other sites.
 
I would like to thank everyone who was involved on the Discord server working with me on this search it was great working with everyone and learning as a group!
 
Please feel free to comment and ask questions and I will try to answer them as best I can.
 
Edit: I am also free to discuss some of the stories and strange things that have occurred during the search. I tried to keep the main article about what we did do not what we were told to do or how.
submitted by TrustyJAID to WhereIsAssange [link] [comments]

Gridcoin Developer Update May 7th, 2018

Hello everyone and welcome to another Developer Update from the Gridcoin team. I'd like to remind everyone that these posts will be created every two weeks unless a wallet update is pending that week.
 
The last two weeks have largely been spent preparing for the next leisure release. The release would have come sooner, but some last minute additions to the staging branch were pulled in since the previous update post. Some of these pull requests have included:
 
Testnet has been working with PR #1060 which was mentioned in the last Developer Update post. I can now happily report that two superblocks have been successfully staked on testnet by Linux clients using contract forwarding. These results are extremely promising and will be a welcome addition for improved superblock stability on mainnet.
In the coming days I expect a new staging build to be ready for testnet deployment so testing will refocus soon on the PRs mentioned in this post.
 
While not entirely wallet related, I did want to point out some behind the scenes improvements for the https://gridcoin.us website. The site now properly redirects to HTTPS and supports TLS 1.2. Our site is now rated "A+" by SSL Labs. Thanks to our founder Rob for making these changes!
 
Thanks for reading this edition of the Developer Update. Expect to see another update two weeks from today (5/21), unless there is a wallet update released between now and then. If you have any comments or questions for the Gridcoin development team feel free to ask in the comments below. If I am not able to answer your question directly, I can certainly forward it to someone who can!
submitted by barton26 to gridcoin [link] [comments]

DEVCON2 report: Day Three - Final day

previous days
Question: the 3 days of devcon are over. Are people interested in reports on the next 3 days of international Blockchain week (demo day + 2 days of global Blockchain summit) http://www.blockchainweek2016.org
`
Event update
The buzz during the day was around the "stick puzzle" that Bok Khoo was giving out to people. It is just a stick, with a loop of string. He gets you to turn away, he uses "the trick" to put it onto your bag and then you try to get it off.
The WeChat channel was just filled with everyone asking where they can get it, and the screaming that they can't figure it out. Only about 5 people reported they were able to solve it (I haven't yet)
http://imgur.com/mYfJQP4 http://imgur.com/4Euka1a
`
Sessions
I'm biased, but I thought the announcement from Microsoft with the update of cryptlets was a big deal. The morning sessions covered a few different oracle systems, the afternoon had lots of IPFS sessions.
Microsoft - A Lap around Cryptlets
https://azure.microsoft.com/en-us/blog/cryptletsdd/ https://azure.microsoft.com/en-us/documentation/templates/ethereum-consortium-blockchain-network/ https://azure.microsoft.com/en-us/blog/authomarleyg
Microsoft was a sponsor of Devcon1 & 2 Ethereum is a 1st class citizen Support for community & partners - Bizspark, Meetups, Workshops
Announcing: Bletchley v1 Distributed Ledger stack V1 is a private Ethrerum consortium, that you can spin up for your own enterprise / group
http://imgur.com/olwwd36
Cryptlets are being developed to help with security, identity, etc. How do you get trusted external data feeds injected into the Blockchain? Doing things on a specific interval (every 15 mins) When price of something hits a threshold (oil goes above $40/barrel) Secure IP protected algorithms, but still share with blockchain network. Use libraries for common platforms (.Net, Java, etc)
Cryptlets vs Oracle Cryptlets will have a marketplace on Azure that will allow you to purchase and utilise
Use case: Trigger on an event Wake up on 4pm, if market was open that day, then give me the price of gold for that day.Get signature of attested server, attested sender.
Use case: Control Using smart contract like a traditional DB. Declare data you are keeping track of, and the functions/"stored proc" to update that data. Cryptlet runs off chain, and can be scaled up.
http://imgur.com/ysgL8S2
Utility cryptlet. Use an attribute in solidity contract with cryptlet details Developer references at design time the cryptlet they want the contract to call Contract cryptlet, deploy the cryptlet at same time as contract.
Why would you want Azure to do this? SGX allows you to create "secure enclaves", can have complete isolation on the hardware chip where it is not modifable. Provides a secure enclave at the CPU level. Can give full attestation right down to the silicon. Will be provided as a enclave container on Azure. Will be released for .NET core CLR first, then other languages. Can create cryptlet libraries that you can scale and put into the Azure marketplace. An ecosystem for developers & ISVs to consume and publish.
Bletchley v1 released today will let you spin up a private consortium. Before today, it took a long time to try and deploy a private consortium (can take weeks to read doco, Now takes 5 minutes to deploy! Creates a private consortium, puts each member in its own separate subnet
http://imgur.com/w4yUsqE
Mist Vision and Demo I was too busy sharing the release posts of Microsoft project bletchey v1, missed this talk. It did look interesting, I will watch this one later. Idea: Reward for bandwidth. Providing connection could replace mining as entrance point for desktop computers. Allow you to have a trickle so you can trigger smart contracts. Standardised backends, so that you can swap out the underlying node between geth, blockapps, etc.
Web3.js
https://github.com/ethereum/web3.js Etehereum JS API Smart conracts are EVM opcodes, Helps translates calls to JSON RPC calls. Helps do the ABI encoding when sending data from JS to EVM It kept on growing, many different utility functions being thrown in. Is time to clean it up and be refactored.
They are now building a NEW web3.js The communication will be socket based, will enable subscriptions. Everything will be based on promises to subscribe to events, like log events. Bunch of other newer cleaner methods and ways to do things like deploying contracts.
Smart contract security
Was a very good postmorteum of The DAO and things that could be done to mitigate it in the future.
An issue with The DAO was trying to do a massive jump from centralisation all the way to full decentralisation. Meant no one could step up and make a decision on how to save it. We need to make smaller steps towards full decentralisation as we learn as a community how to do this. Same security patterns as yesterday's talks: check invarients, beware 1024 call stack depth, reentry exploit (update state BEFORE executing calls), timestamps are manipulatable. Updateable contracts. Who can update it? Community multisig? We need better rools: formal verification, compiler warnings, improved IDEs, trusted libraries, excape hatches
Conclusion: It is still very early days in this space, be careful.
A Provably Honest Oracle Model: Auditable Offchain Data Gathering & Computations
Oracalize is the most widely used oracle (until everyone starts using Microsoft Azure cryptlets ;-) ) Contract calls Oracalize contract with the data they want, off chain they see this get the data, Oracalise then trigger their contract externally, which does a callback to your contract with the data. Can use external notary servers. Can get proof from multiple external services to get a higher level of confidence about data (e.g. stock price from a few feeds). Off-chain (auditable_ computation) AWS sandbox 2.0. Put the execution package onto IPFS, AWS gets it and executes it, signs it.
iEx.ec: Fully Distributed Cloud Thanks to the Ethereum Blockchain
http://iex.ec/ Provides blockchain based execution environments Global market for computing resources. Idea is to do what we did before with "grid computing" use the idle capacity of computers. But this time do a trickle of micropayments. Allows people to harness this global power to execute their tasks in a global "distributed cloud".
The Final frontier: The company smart conract
http://otonomos.com/ Helping companies to incorporate on the blockchain.
Smart oracles
https://github.com/smartoracles Connecting to external resources is difficult. Hard to try and use external currencies (like a bank account / fiat money) to make transactions. Could hook in paypal, HSBC, wells fargo, etc. Can provide your own payment services as an API to a smart oracle for smart contracts to consume. Do off chain data storage by calling smart oracle API Roadmap: more data sources & more payment methods
IPFS & Ethereum: Updates
https://Ipfs.io IPFS is AMAZING, seriously go watch the full 1 hour talks Juan has given in previous years.
Current web has current issues. Centralisation, etc. IPFS is a new hypermedia transfer protocol Content can be retrieved not from specific servers, but instead via it's hash so that it can come from anywhere in the network (maybe from the person next to you who has cached it). It is highly modular, all of the transfer protocals, routing, naming, etc. are all swapable Is available as GO-IPFS & now JS-IPFS Means now you can run IPFS in the browser IPFS was great for static content, but not so great for dynamic content. Low latency pub/sub protocol will help with dynamic data. Created a distributed peer to peer chat app using this new dynamic content protocol. IPLD a common link-tree hash format Will be able to use IPFS to retrieve ethereum blockchain blocks DIRECTLY Can use IPFS as a package manager to retrieve them in a distributed manner.
Many projects are using Ethereum & IPFS Uport, Digix, Infura, Ujo, Eris, Blockfreight. Filecoin was created as a way to try and incentivize nodes to keep files longer time. People rent out hdd space to earn filecoin. Exchange bitcoin/filecoin. Use filecoin to store files in network. Filecoin is going to be built on top of the public Ethereum blockchain, as a virtual blockchain / token.
IPFS Libp2p & Ethereum networking
Network connectivity between any 2 nodes can be difficult. Censorship, bandwidth, network issues, etc. Having to deal with different networking topologies and access. Libp2p & Devp2p is different. Devp2p is for Ethereum. LIbp2p is modular, can swap out components to change network access, encryption methods, etc. Can build up a MEGA mesh network, by utilising traditional wired internet, radio, bluetooth between some nodes. Web browser using web socket, to a node, which routes across network, to zigbee to a IoT device. Libp2p & Devp2p could merge and augment each other. Could create the libp2p components to replace the devp2p bits Any 2 nodes that speak the same protocol can communicate and be a part of the network chain. Experiment. They took the browser based version of EVM. Then used Libp2p to talk to the Ethereum network. Had a complete ethereum node running in a browser.
Uport
https://uport.me/ Universal identity platform Current challenges: key management. Ux for average person. Dapps via mobile. Identity and data ownership. How do you keep a consistent identity, even if you lose a key. Have some multisig contracts that you can use to keep track. Social recovery, use your friends to attest it is really you. Keep private key on mobile, do transactions on the desktop, scan a QR code to sign the transaction on your phone and send it off.
A Deep Dive into the Colony Foundation Protocol
It is an open source governance protocol built on Ethereum Problem with voting is how to prevent Sybil attacks. Votes are weighted by a reputation score. Reputation is non-transferable that can only be earned. Total weighted voting helps mitigate this.
Chain orchestration tooling & smart contract package management
Eris is tooling for developers. Package manager to build your own blockchain. Can compose a chain, e.g. geth + tendermint consensus. Init, install, do. Can easily install on Mac/bew, linux/apt-get, Windows/choco
The Golem Project: Ethereum-based market for computing power
http://www.golemproject.net/ Anyone can make an offer to sell computing power. e.g. Distributed rendering Want to create a standard framework that anyone can use to submit and process jobs.
Status: Integrating Ethereum Into Our Daily Lives
https://status.im Want to get ethereum everywhere. "Mist for Mobile" Everyone is using their mobile phones for everything, but mostly using instant messaging. What would Ethereum in a IM window look? Created a IM mobile app that has a local geth node. tart up, it asks you to create a password, it generates a pub/private pair. Then can send messages via whisper, and the messages are signed with your public key. Can load Dapps up in the local webview and interact with them. Allows you to create "chat Dapps", that you interact with via text. Like chatbots
Maker Ecosystem Overview
www.Makerdao.com Dai: seeking stability on blockchain. Stablecoin engine: smart contract that holds collateral reserves and controls the Dai lifecycle. MKR: open source community managing risk of the system In the last year, investing in a solid technical core. More slow and audit things. Moving into the next phase of stablecoin development. Their latest project is the "Simplecoin project" Meeting Thereum community's need for stability. An independent platform for creating centrally administered simple stablecoins. Issues create their own rule sets: Collateral types, participant whitelists, security parameters. Example: Shrutebucks. The only people who own it are Dwight, Jim & Pam. They backed it with 1/3 ETH 1/3 DGX 1/3 DUSD.
Orbit. A distributed peer to peer app on IPFS
https://github.com/haadcode Created a full distributed chat room, itself distributed through IPFS. It is integrated with uPort for identification Using uPort allows you to verify that you are talking to the correct person in the chat channel. All their messages are signed with their public keys He also created a full distribited twitter clone, using uport for the identity as well. Orbit-db key value store DB that stores its data on IPFS. Eventually consistent Appends data to the DB, an event is sent to those subscribed on pub/sub so they can see the latest root hash. Based on CRDT Ethereum + Pubsub + CRDTs + IPFS = super power primatives to build dynamic distributed apps
Development considerations with distributed apps. Need to ensure that apps work offline. No centralised servers. No data silos. Provide integration path.
Future work: could you use uPort for ACL like permissions? Mobile use cases, how to make it work nicely on mobiles
Building scalable React Dapp architecture
https://github.com/SilentCicero/react-dapp-boilerplate React + Ethereum He has a configured boilerplate template. Has contract scaffolding. Enforced contract Linting/testing. Wallet generation/identity. Preconfigured web3 instance. UI: Mature react arhitecture "react boilerplate". Prices listed in USD with ETH/btc via kraken api. A basic multi-contract example Dapp. Offline first, dapp runs without internet. Uses Redux. State models in UI & blockchains work well. PostCSS, CSS Modules, sanitize.cs. Redux, immutableJS, reslect, redux-saga, i18n, redux-router. Web3, ethdeploy, dapple, solium, eth-lightwallet, chaithereum, ethereumjs0-testrpc Enforced contract testing in 2 languages.
Ethereum for Enterprise (BlockApps Strato)
Trying to make sure that Ethereum stays relevent to enterprise development. Why do you need a blockchain WITHIN an org, shouldn't they trust each other? Well different departments may not, they may reconcile differently, and can help automate/orchestrate between them. Blockchain is the "killer app" for cloud financial services. Legacy infrastructure, batch prossing, etc are all restricting fintech from progressing. Blockchain can happen in real time, can replace legacy. Ethereum is very flexible and programmable, works well. There are others based on Bitcoin (like Hyperledger). Ethereum + Blockapps = Extreme productivity + Proven Technology. Blockapps is extending Ethereum for Enterprise. Runs very well on Azure Enterprises don't want all their data exposed on public chain. Blockapps helps solve data privacy and scaling with multichain fabrics.
submitted by DavidBurela to ethereum [link] [comments]

Ravencoin Open Developer Meeting - 1/4/2019

[14:04] Hi everyone! [14:04] :dabbitwave: [14:04] Hey Everybody! [14:04] Hello 😃 [14:04] Sorry we're getting started a bit late. [14:04] Topics: SLC Meetup (March 15th) [14:04] 👋 [14:04] Roadmap breakdown - posted to github [14:05] IPFS (integration) [14:05] greetings 👋 [14:05] So, SLC Meetup on the 15th! [14:05] Great! [14:05] Hi! [14:06] Hi all — a special thanks to the developers and congratulations on an amazing first year!!! # [14:06] <[Dev] Blondfrogs> Hello Everyone! [14:07] We have a tentative agenda with @Tron , @corby speaking. [14:08] We would like to have nice walkthrough of the Raven DevKit for the meetup. [14:08] We are planning on hosting a meetup in SLC at the Overstock building on March 15th from 6:00pm-9:00pm. It is free admission, but there is a page on meetup.com where people can rsvp so that we have a somewhat accurate headcount for food. [14:08] sup guys [14:08] hey russ [14:09] We are planning on having a few speakers and have allotted a bit of time at the end for people to meet and greet each other. [14:09] can you guys link us to the page somewhere when thats available? 😄 [14:10] free food?! [14:10] todays topic? [14:10] yeah can we indicate pepperoni pizza [14:10] Sounds good to me @Jeroz Nothing ordered yet though. 😃 [14:10] only pepperoni pizza is served at true blockchain meetings right [14:10] :blobhide: [14:10] Absolutely. The itinerary just needs to be finalized and then I'll make a broad post about the rest of the details. [14:11] https://www.meetup.com/Salt-Lake-City-salt-lake-city-Meetup/ [14:11] 😭 so far away [14:11] West Coast! [14:11] @MTarget But there's pizza, so worth the travel time. [14:11] lol [14:12] I'll be watching the stream if its available since i'm from montreal/canada 😛 [14:12] Ah yes, I love $300 pizza 😉 [14:12] as long as I get to see your smiling faces @Tron @RavencoinDev then it's worth the time [14:12] We'll be there. [14:12] We'll be messaging additional details as they get finalized. [14:12] Greeting and salutations! [14:12] sup [14:13] Hey, $300 is considerably cheaper than 2 $3,700,000 pizzas. [14:14] Ok, switching topics... [14:14] yeah its a way to fly, [14:14] question is whether those piza's will be paid for in RVN coin or not :ThinkBlack: [14:14] Roadmap [14:14] It hasn't changed, just added some detail. [14:14] https://github.com/RavenProject/Ravencoin/tree/masteroadmap [14:15] nice [14:15] This now links to a breakdown for messaging, voting, anti-spam, and rewards (dividends) [14:15] will there be any additional RPC functionality coming in the future, thinking in terms of some functions that are only available in ravencore-lib [14:15] apologies if now is not time to ask questions, i can wait for later [14:15] "Phase 7 - Compatibility Mode" - that's new 😮 [14:15] The protocol for messaging is pretty well established, but the rest isn't in stone (code) yet. [14:16] can you give us details on compatibility mode? [14:16] In broad brush strokes. [14:17] The idea is to allow ravend to act as a daemon that looks like a single coin. [14:17] so ravend that only works with the bitcoin asset? [14:18] interesting [14:19] So you start it with an option to only work with a single asset/token account or something? [14:19] hmm compelling what is the reason for this? some kind of scale or performance? [14:19] ^ [14:19] Example: Configure ravend to listen for transfer RPC call for senttoaddress or sendfrom, but for a specific asset. This would allow easy integration into existing system for assets. [14:20] Only the daemon or the whole wallet UI? [14:20] yeah thats great, rpc functions dont allow us to do this yet, if i recall [14:20] or at least we depend more on ravencore lib [14:20] so like asset zmq [14:20] that's smart [14:20] @Tron it also sounds like it makes our life easier working with RPC, instead of core all the time for some functionality [14:21] if i understand correctly anyways [14:21] So you could run numerous instances of ravend each on their own network and RPC port, each configured for a different asset. You would need some balance of RVN in each one to cover transaction fees, then. [14:21] id be curious to know what all the advantages are of this [14:21] one more question, how would i decentralize the gateway between bitcoin mainnet/ravencoin mainnet? in the current RSK implementation they use a federated gateway, how would we avoid this? [14:21] it sounds neato [14:21] Just the daemon. The alternative is to get exchanges to adapt to our RPC calls for assets. It is easier if it just looks like Bitcoin, Litecoin or RVN to them, but it is really transferring FREE_HUGS [14:22] That makes sense. Should further increased exchange adoption for each asset. [14:22] hmm yeah its just easier for wallet integration because its basically the same as rvn and bitcoin but for a specific asset [14:22] so this is in specific mind of exchange listings for assets i guess [14:23] if i understand rightly [14:23] @traysi Gut feel is to allow ravend to handle a few different assets on different threads. [14:23] Are you going to call it kawmeleon mode? [14:23] Lol [14:23] I read that as kaw-melon mode. [14:24] same lol [14:24] so in one single swoop it possible to create a specific wallet and server daemon for specific assets. great. this makes it easier for exchanges, and has some added advantages with processing data too right? [14:24] Still keeping a RVN balance in the wallet, as well, Tron. How will that work is sendtoaddress sends the token instead of the RVN? A receive-RVN/send tokens-only wallet? [14:25] @traysi Yes [14:25] sendtoaddress on the other port (non RVN port) would send the asset. [14:25] This will be a hugely useful feature. [14:25] ^ [14:26] @Tron currently rpc function not support getaddresses senttowallet and this has to be done in ravencore lib, will this change you propose improve this situation [14:26] Config might look like {"port":2222, "asset":"FREE_HUGS", "rpcuser":"hugger", "rpcpass":"gi3afja33"} [14:26] how will this work cross-chain? [14:28] @push We'd have to go through the rpc calls and work out which ones are supported in compatibility mode. Obviously the mining ones don't apply. And some are generic like getinfo. [14:28] ok cool 👍 cheers [14:29] for now we continue using ravencore lib for our plans to keep track i just wondering if better way [14:29] as we had some issue after realising no rpc function for getting addresses of people who had sent rvn [14:29] @push | ravenland.org all of the node explorer and ravencore-lib functionality is based on RPC (including the addressindex-related calls). Nothing you can't do with RPC, although I'm not sure of the use cases you're referring to.. [14:29] interesting, so ravencore lib is using getrawtransaction somehow [14:29] i thought this may be the case [14:29] that is very useful thankyou for sharing this [14:30] look into addressindex flag and related RPC calls for functions that operate on addresses outside your wallet [14:30] thank you that is very useful, tbh i am not very skilled programmer so just decoding the hex at the raven-cli commandline was a challenge, i shall look more into this, valued information thanks as this was a big ? for us [14:31] Ok, things have gone quiet. New topic. [14:31] IPFS (integration) [14:31] GO [14:33] ... [14:33] <[Dev] Blondfrogs> So, we have been adding ipfs integration into the wallet for messaging. This will allow the wallets to do some pretty sweet stuff. For instance, you will be able to create your ipfs data file for issuing an asset. Push it to ipfs from the wallet, and add the hash right into the issuance data. This is going to allow for a much more seamless flow into the app. [14:34] <[Dev] Blondfrogs> This ofcourse, will also allow for users to create messages, and post them on ipfs and be able to easily and quickly format and send messages out on the network with ipfs data. [14:34] It will also allow optional meta-data with each transaction that goes in IPFS. [14:34] will i be able to view ipfs images natively in the wallet? [14:34] <[Dev] Blondfrogs> Images no [14:34] We discussed the option to disable all IPFS integration also. [14:35] @russ (kb: russkidooski) Probably not. There's some risk to being an image viewer for ANY data. [14:35] No option in wallet to opt into image viewing? [14:35] cool so drag and drop ipfs , if someone wanted to attach an object like an image or a file they could drag drop into ui and it create hash and attach string to transaction command parameters automatically [14:35] We could probably provide a link -- with a warning. [14:35] nomore going to globalupload.io [14:35] :ThinkBlack: [14:35] I understand that the wallet will rely on globalupload.io. (phase 1). Is it not dangerous to rely on an external network? Or am I missing something? [14:36] hmm [14:36] interesting, i suppose you could hash at two different endpoints and compare them [14:36] if you were that worried [14:36] and only submit one to the chain [14:36] You will be able to configure a URL that will be used as an IPFS browser. [14:36] Oh ic [14:36] you wont flood ipfs because only one hash per unique file [14:36] <[Dev] Blondfrogs> There are multiple options for ipfs integration. We are building it so you can run your own ipfs node locally. [14:36] <[Dev] Blondfrogs> or, point it to whatever service you would like. e.g. cloudflare [14:36] this is very cool developments, great to see this [14:37] Just like the external block explorer link currently in preferences. [14:37] @[Dev] Blondfrogs what about a native ipfs swarm for ravencoin only? [14:37] We have discussed that as an option. [14:37] @push | ravenland.org Considering having a fallback of upload through globalupload.io and download through cloudflare. [14:37] <[Dev] Blondfrogs> @russ (kb: russkidooski) We talked about that, but no decisions have been made yet. [14:37] yeah, i would just use two endpoints and strcompare the hash [14:37] as long as they agree good [14:37] submit tran [14:38] else 'potentially mysterious activity' [14:38] ? [14:38] if you submitted the file to ipfs api endpoints [14:38] Will the metadata just be a form with text only fields? [14:39] and then you would get 2 hashes, from 2 independent services [14:39] that way you would not be relying on a central hash service [14:39] and have some means of checking if a returned hash value was intercepted or transformed [14:39] i was answering jeroz' question [14:40] about relying on a single api endpoint for upload ipfs object [14:40] We have also kicked around the idea of hosting our own JSON only IPFS upload/browse service. [14:41] I have a service like this that is simple using php [14:41] we only use it for images right now [14:41] but fairly easy to do [14:41] Yup [14:42] Further questions about IPFS? [14:43] contract handling? file attach handling? or just text fields to generate json? [14:44] trying to get an idea of what the wallet will offer for attaching data [14:44] Probably just text fields that meet the meta-data spec. [14:44] ok noted [14:44] What do you mean by contract handling @sull [14:45] We won't prevent other hashes from being added. [14:45] asset contract (pdf etc) hash etc [14:45] <[Dev] Blondfrogs> also, being able to load from a file [14:45] got it, thanks [14:47] Let's do some general Q&A [14:48] Maybe just a heads up or something to look for in the future but as of right now, it takes roughly 12 hours to sync up the Qt-wallet from scratch. Did a clean installation on my linux PC last night. [14:48] Any plans or discussions related to lack of privacy of asset transfers and the ability to front run when sending to an exchange? [14:48] ^ [14:48] Is there a way to apply to help moderate for example the Telegram / Discord, i spend alot of time on both places, sometimes i pm mods if needed. [14:49] Any developed plans for Asset TX fee adjustment? [14:49] also this^ [14:49] @mxL86 We just created a card on the public board to look into that. [14:49] General remark: https://raven.wiki/wiki/Development#Phase_7_-_Compatible_Mode = updated reflecting Tron's explanation. [14:49] @mxL86 That's a great question. We need to do some profiling and speed it up. I do know that the fix we added from Bitcoin (that saved our bacon) slowed things down. [14:50] Adding to @mxL86 the sync times substantially increased coinciding with the asset layer activation. Please run some internal benchmarks and see where the daemon is wasting all its cycles on each block. We should be able to handle dozens per second but it takes a couple seconds per block. [14:50] @BW__ no plans currently for zk proofs or anything if that's what you're asking [14:50] You are doing a great job. Is there a plan that all this things (IPFS) could be some day implemented in mobile wallet? Or just in QT? [14:50] i notice also that asset transactions had some effect on sync time as we were making a few. Some spikes i not analysed the io and cpu activity properly but will if there is interest [14:51] we are testing some stuff so run into things i am happy to share [14:51] @BW__ Might look at Grin and Beam to see if we can integrate Mimble Wimble -- down the road. [14:51] yeees [14:51] @J. | ravenland.org work with the telegram mods. Not something the developers handle. [14:51] i love you [14:51] @J. | ravenland.org That would be best brought up with the operators/mods of teh telegram channel. [14:51] @corby @Tron thnx [14:51] @S1LVA | GetRavencoin.org we're planning on bumping fees to... something higher! [14:51] no catastrophic failures, just some transaction too smals, and mempool issues so far, still learning [14:52] @corby i thought that this may happen :ThinkBlack: [14:52] @corby x10? 100x? 1000x? Ballpark? [14:52] Definitely ballpark. [14:52] 😃 [14:52] 😂 [14:52] Is a ballpark like a googolplex? [14:53] @push | ravenland.org asset transactions are definitely more expensive to sync [14:53] yes yes they are [14:53] they are also more expensive to make i believe [14:53] 10,000x! [14:53] as some sync process seems to occur before they are done [14:53] @traysi ★★★★★ thanks for the suggestions we are going to be looking at optimizations [14:53] But, it is way slower than we like. Going to look into it. [14:53] i do not understand fully its operation [14:53] 1000x at minimum in my opinion [14:53] its too easy to spam the network [14:54] yes there has been some reports of ahem spam lately [14:54] :blobhide: [14:54] 😉 [14:54] cough cough ravenland [14:54] @russ (kb: russkidooski) we're in agreement -- it's too low [14:54] default fee 0.001 [14:54] ^ something around here [14:54] @corby yep we all are i think [14:55] waaay too low [14:55] meaningful transactions start with meaningful capital expense [14:55] though there is another scenario , there are some larger volume, more objective rich use cases of the chain that would suffer considerably from that [14:55] just worth mentioning, as i have beeen thinking about this a lot [14:55] there are some way around, like i could add 1000 ipfs hashes to a single unique entity, i tested this and it does work [14:56] @russ (kb: russkidooski) What would you suggest. [14:57] I had a PR for fee increase and push back. [14:57] Ignore the push back. 0.001 RVN is not even a micro-farthing in fiat terms [14:57] definitely around 1000x [14:57] Vocal minority for sure [14:57] ^ yep [14:57] @russ (kb: russkidooski) That sounds reasonable. [14:57] Couple hundred Fentons [14:58] right now an asset transaction is 0.01 of a penny essentially [14:58] 1 RVN would work now, but not when RVN is over $1. [14:58] yes exactly [14:58] Hi. Late to the party. [14:58] We are also talking about a min fee. The system will auto-adapt if blocks fill up. [14:58] im thinking tron, some heavy transaction use cases would fall out of utility use if that happened [14:58] so whats the thinking there [14:59] is there a way around the problem, bulked ipfs hash transactions? [14:59] 1000x would put us around btc levels [14:59] maybe a minimum 500x? [14:59] @russ (kb: russkidooski) Agreed. [14:59] <[Dev] Blondfrogs> It is time to wrap it up here. Everyone. Thank you all for your questions and thoughts. We will be back in 2 weeks. 😃 [14:59] Small increase and review. [14:59] Thanks all! [14:59] Cheers. [15:00] yeah sorry for 1 million questions guys hope i didnt take up too much time [15:00] cheers all 👍 [15:00] Thanks everyone [15:00] Thanks everyone for participating!!! [15:00] That is what we are here for [15:00] 100x-500x increase, 1000x maximum [15:00] 🍺

submitted by Chatturga to Ravencoin [link] [comments]

Technical community | LBTC tech community member develops a new blockbrowser ‘Thebes’

Technical community | LBTC tech community member develops a new blockbrowser ‘Thebes’
Recently, from the LBTC developer community ,a geek called Chen Jian helped LBTC develope a new block browser — “Thebes” : https://lbtc.me/lbtc/explorer .

https://preview.redd.it/lbfr0m0ev4031.png?width=1059&format=png&auto=webp&s=973796c43edbe3f095b82ad0b967ed31e20c831d
Thebes mainly USES python development language and flask development framework. In terms of database, high-performence MongoDB is selected to cooperate with Mysql. By using transaction id as the primary key of data storage, the speed of transaction information search is greatly improved. In other development respects, the Web server selects nginx, the process management tool selects supevisor and python(gevent), and the timing task tool selects crontab. Meanwhile, in the development process of Thebes, some js and CSS code fragments were optimized and compressed to speed up the page loading speed. In GTmetrix and Yellowlab’s global blockbrowser performance tests, the “Thebes” browser received the highest grade A in core metrics such as CSS snippet authoring, image loading, style & script optimization, linking server resources, and docking cache validators.
Click the link to see the full rating report:
https://gtmetrix.com/reports/lbtc.me/rsXxSwhI
https://yellowlab.tools/result/fcakefdwkk
Compared to existing LBTC blockbrowsers, Thebes has the following innovative features
Global Mining Node Full Information Statistics
In the node page of Thebes, the user can easily find information about all the mining nodes of LBTC. As of May 17, 2019, Beijing time, LBTC has 231 full nodes in operation, among which 17 nodes use the network client of /Satoshi: 0.14.2/70013 version. Of the 231 nodes, two have adopted IPv6’s sixth generation Internet communication scheme. In addition to this basic information, the user can see information for each specific node. For example, the node ranked 81 in votes :(cobo.com/lbtc.7), the address balance, transaction information, block history, voting information, proposal status and so on.

https://preview.redd.it/rw32iyqhv4031.png?width=1075&format=png&auto=webp&s=42c9322b6eeb891b1ff288e8375fe5e9d97fd287
The blockbrowser is also a network interface to JSON-RPC. In order to better count the mining nodes of the LBTC network around the world, the browser does this by continuously sending getaddr information to all accessible network nodes.
Real-time Update of Network Status
In a Bitcoin network, the value of a Bitcoin is proportional to the square of the number of people using the network, which is determined by two parameters: the number of addresses and the daily transaction volume. In the “Thebes” browser, the core parameters of the network, such as daily transaction volume, daily change in the number of newly added Lightning Bitcoin addresses, total number of Lightning Bitcoin holders, average transfer fee and average block volume, are all clearly displayed.

https://preview.redd.it/pukrf8hjv4031.png?width=1074&format=png&auto=webp&s=3e5989be9c95b4fc1bc2e578defddfdb48c4109e
About the Technical Community
The LBTC technology community was officially launched in early April 2019. The core developer of the technology community, W.H.H., announced on Twitter on April 15 that the LBTC foundation would invest more than $1 million in technology community incentives. The open rewards system gives developers from around the world a way to learn about blockchain development, try new ideas and contribute to projects. The technology community is still in its infancy, but it has brought together a group of passionate developers. By writing documents, developing blockbrowsers and wallets, and organizing offline seminars for the developer community, they have helped the community thrive and opened the door to LBTC for many investors and developers.
submitted by LightningBitcoin to LightningBTC [link] [comments]

Nice Article About How HPB Perform Vs EOS (and so ETH)

HPB: Unique Blockchain Infrastructure
Now most public chains will mention that the problem of tps development is the problem of the blockchain. This is also because the traditional blockchain has the problem of poor performance. In order to reach consensus, the efficiency is sacrificed. But if you want to build an ecosystem of countless DAPPs based on the public chain, there is no guarantee of performance that is almost impossible.
The dream of building a DAPP ecosystem is that Bitcoin has not been completed and it is not necessary to complete it. Bitcoin is only a digital currency and it has initially fulfilled its historical mission. It has become a value storer, and it has opened the world of the blockchain. .
Ethereum started with the goal of building a world-wide computer that provided the infrastructure for building decentralized applications, but so far it has only succeeded in the crowdfunding field. Due to performance, cost, scalability, and other issues, it is not yet possible to become a DAPP infrastructure. By the end of 2017, a simple encrypted cat game would have caused Ethereum to jam. Ethereum tried to get rid of the predicament through techniques such as fragmentation, Plasma, and PoS consensus.
Newcomers, such as EOS, are highlighting their high performance, emphasizing the possibility of reaching mega-level tps. Then, in the future, an infrastructure is needed to build a prosperous DAPP ecosystem on this decentralized infrastructure to meet the user or business needs of different scenarios.
What kind of program is a better choice? This is what blue fox has been paying attention to. Blue Fox focuses on an HPB blockchain project that uses a completely different search path than other public chains or infrastructure. This path is worth paying attention to all the buddies who pay attention to the blockchain.
This path is a combination of hardware and software. It is more demanding and the practice is more difficult. However, if it is truly grounded, it may be a good path.
HPB to become a high-performance blockchain infrastructure
Whether HPB or EOS have the same goals, they must provide a high-performance infrastructure for the decentralized ecosystem. why? Mainly from the blockchain to the mainstream business scene point of view. The current blockchain has achieved some success in security and decentralization, but there are natural constraints in terms of efficiency. This hinders its application scenario to the mainstream.
This is also a direction that Blockchain 3.0 has been exploring. Through higher performance, lower costs, and better scalability to meet the needs of more decentralized application scenarios.
The current bitcoin and Ethereum's throughput are both worrying. Bitcoin supports about 7 transactions per second on average, and Ethereum has about 15 throughputs. If you make the block bigger, you can also increase the throughput, but it will cause the problem of block bloat. Last year, an encrypted cat game made everyone see the blockchain congestion problem. From a performance point of view, it takes a long time for blockchains to reach the mainstream.
In addition to the lack of tps performance, the transaction cost of the blockchain is high. Both ordinary users and developers cannot afford gas costs that are too high. For example, before Ethereum's crypto-games became hot, there were even transaction fees compared to encrypted cats. It is also expensive.
The HPB and EOS goals are similar, but their paths are completely different. HPB uses a combination of hardware and software, has its own dedicated chip hardware server, which makes it theoretically have higher performance.
HPB is also trying to create an operating system architecture that can build applications. This architecture includes accounts, identity and authorization management, policy management, databases, asynchronous communications, program scheduling on CPUs, FPGAs, or clusters, and hardware accelerated technology. Realizes low delay and high concurrency and realizes mega-level tps to meet the needs of commercial scenarios.
It is different from EOS. Its architecture, in addition to its software architecture and its hardware architecture, is a combination of hardware and software blockchain architecture that combines high-performance computing and cloud computing concepts. The hardware system includes a distributed core node composed of high performance computing hardware, a general communication network, and a cloud terminal supported by high performance computing hardware.
The core node supports a standard blockchain software architecture, including consensus algorithms, network communications, and task processing. It also introduces a hardware acceleration engine. It works with software to achieve high-performance tps through BOE technology (Blockchain Offload Engine) and consensus algorithm acceleration, data compression, and data encryption.
BOE makes HPB unique
In the HPB's overall architecture, compared with other blockchain infrastructures, there are obvious differences. One of the important points is its BOE technology.
BOE mentioned above, is the blockchain offload engine. The BOE engine includes BOE hardware, BOE firmware, and matching software systems. It is a heterogeneous processing system that achieves high performance and high concurrent computational acceleration by combining CPU serial capabilities with the parallel processing capabilities of the FPGA/ASIC chip.
In the process of parsing TCP packets and UDP packets, the BOE module does not need to participate in the CPU, which can save CPU resources. The BOE module performs integrity checking, signature verification, and account balance verification on received messages such as transactions and blocks, performs fragment processing on large data to be transmitted, and encapsulates the fragments to ensure the integrity of received data. At the same time, statistics work will be performed according to the received traffic of the TCP connection, and corresponding incentives will be provided according to the system contribution.
BOE has played its own role in signature verification speed, encryption channel security, data transmission speed, network performance, and concurrent connections.
The BOE acceleration engine embeds the ECDSA module. The main purpose of this module is to improve the speed of signature verification. ECDSA is also an elliptic curve digital signature algorithm. Although it is a mature algorithm that is widely used at present, the pure software method can only be performed thousands of times per second and cannot meet the high performance requirements. So the combination of BOE and ECDSA is a good attempt.
In the process of data transmission between different nodes, BOE needs to establish an encrypted channel. In this process, it uses a hardware random number generator to implement the security of the encrypted channel, because the seed of the random number of the key exchange becomes unpredictable.
The BOE acceleration engine also uses block data fragmentation broadcasting technology. Block fragmentation includes a complete block header, which facilitates the broadcast of newly generated blocks to all nodes. With block data fragmentation, network data can be quickly transmitted between different nodes.
The BOE technology can perform traffic statistics of node connections based on hardware, and can calculate network bandwidth data provided by different nodes. Only providing network bandwidth to the system will have the opportunity to become a high contribution value node. In this way, incentives for the contribution of the nodes are provided.
In terms of concurrency, BOE is expected to maintain more than 10,000 TCP sessions and handle 10,000 concurrent sessions through an acceleration engine. BOE's dedicated parallel processing hardware replaces the traditional software serial processing functions such as transaction data broadcasting, unverified blockwide network broadcasting, transaction confirmation broadcasting, and the like.
According to HPB estimates, through the BOE acceleration engine, the session response speed and the number of session maintenance can reach more than 100 times the processing power of the common computing platform node. If the actual environment can be achieved, it is a very significant performance improvement.
Consensus algorithm for internal and external bi-level elections
HPB not only significantly improves performance through BOE, but also adopts a dual-layer internal and external voting mechanism in consensus algorithms. It attempts to achieve more efficient consensus efficiency on the premise of ensuring security and privacy.
Outer election refers to the selection of high-contribution-value node members from many candidate nodes, and the election will use node contribution value evaluation indicators. Inner-layer election refers to an anonymous voting mechanism based on a hash queue. When a block is generated, it calculates which high-contribution value node preferentially generates a block. Nodes with high priority have the right to generate blocks preferentially.
So, how to choose high contribution value node? Here is the first indicator to evaluate the contribution value. The indicators include whether a BOE acceleration engine is configured, network bandwidth contribution (data throughput over a fixed period of time), reputation, and total node token holding time. Among them, the creditworthiness of the node is obtained through the analysis of participating transactions and data analysis such as packaged blocks and transaction forwarding. The total holding time of the node token can be obtained by real-time statistics on the account information.
The outer election adopts an adaptive and consistent election plan. That is, by maintaining the consistency of “books” to ensure the consistency of outer elections, this can reduce network synchronization, and can also use the data of each node on the chain. The first is to put the above-mentioned four evaluation indicators into the block. By keeping the account books consistent, you can calculate the current ranking of all the participating candidate nodes. The higher-ranking high-contribution value nodes will become the official high contribution in the next round. Value node.
With the formal high contribution value node, the goal of the inner election is to find the high contribution value node corresponding to each block as soon as possible. The entire process is divided into three phases: nominations, statistics, and calculations. These three phases combine security, privacy, and performance.
The first is the nomination. At the beginning of the voting period, the BOE acceleration engine generates a random Commit. The high contribution value node submits its Commit, and the Commit synchronizes with the chain generated by the high-performance node. After the voting period is over, the Commit in the blockchain is started and the ticket pool is created. The last is the calculation. The calculation is mainly based on the weight algorithm to calculate the node's generation priority in the block. Generate the highest-priority high-contribution value node and obtain the block package right.
Other nodes can verify the random number and address signature according to the principle of verifiable random function, which not only guarantees security, but also guarantees the unpredictability and privacy of high contribution value nodes.
In general, HPB's consensus algorithm combines security, privacy, and speed through a combination of hardware and software. Using the BOE acceleration engine to generate random numbers, contribution value evaluation indicators, coherence ledgers, anonymous voting mechanisms, weight algorithms, signature verification, etc., privacy, reliability, security, and high efficiency are achieved.
Universal virtual machine design: support for different blockchains
The HPB virtual machine adopts a plug-in design mechanism and can support multiple virtual machines. It can implement the combination of the underlying virtual machine and upper level program language translation and support, and support the basic application of virtual machines. In addition, the external interface of the virtual machine can be realized through customized API operations, which can interact with the account data and external data.
The advantage of this mechanism is that it can realize the high performance of native code execution when the smart contract runs, and it can also implement the common virtual machine mechanism supporting different blockchains. For example, it can support Ethereum virtual machine EVM. The smart contract on EVM can also be used on HPB.
Neo's virtual machine NeoVM can also be used on HPB. When high-performance scenarios are needed, users of both EVM and NeoVM need only a few adaptations to interact with other HPB applications.
The HPB smart contract has also made some improvements, such as the management of the life cycle, auditing and forming a common template. No progress can realize the full lifecycle management of smart contracts, such as the complete and controllable process management and integration rights management mechanism for intelligent contract submission, deployment, use, and logout.
In smart contract auditing, HPB conducts a protective audit that combines automated tool auditing with professional code design. In terms of templates, HPB gradually formed a generic smart contract template to support the flexible configuration of various common business scenarios.
Incentives for a positive cycle of token economy
When the high-contribution value node generates a block, it will receive a token reward from the system. From the design of the HPB, the system will issue a token of no more than 6% per year, and the additional token will be proportional to the total number of high-contribution nodes and candidate nodes.
In order to obtain the token reward from the system, it must first become a high contribution value node, and only the high contribution value node has the right to generate a block.
In order to obtain the right to generate a block, it is necessary to contribute, including holding a certain number of HPB tokens, having a BOE hardware acceleration engine, and contributing network bandwidth to the system.
From its mechanism, we can see that HPB's token economic system design is considered from the formation of a positive incentive system. It maintains the overall HPB system by holding the HPB token, having a BOE hardware acceleration engine, and contributing network bandwidth to the system. safe operation.
HPB landing: supports a variety of high-frequency scenes
In essence, HPB is a high-performance blockchain platform and is an infrastructure where various blockchain applications can be explored. Including blockchain finance, blockchain games, blockchain entertainment, blockchain big data, blockchain anti-fake tracking, blockchain energy and many other fields.
In terms of finance, decentralized lending, decentralized asset management, etc. can all be built on the HPB platform to meet high-frequency lending and transaction scenarios.
In terms of games, although all game operations are not practical, the up-chaining and trading of assets such as game props are important scenes. Once the realization of the game product chain, you can ensure that the game assets are transparent, unique, can not be tampered with, never disappeared, etc., providing great convenience for the transaction between the game products.
Compared with traditional centralized service providers, there are many advantages. For example, there is no need to worry about the loss, confiscation, or change of virtual game products. The transaction process is also simple and convenient. Since HPB has a high-performance blockchain, it is expected to support millions of concurrents, and many high-frequency scenarios can also be satisfied.
For blockchain entertainment, it can support the securitization of star assets, such as star-related token assets. In terms of blockchain big data, it can support the data right, ensure that the data owner controls the data ownership, ensure the authenticity of the data, traceability, can not be modified, and finally realize data transactions according to the needs of different entities. , to ensure personal privacy and data security.
Based on HPB's blockchain infrastructure, based on its high performance, blockchain applications can be built in multiple scenarios. The HPB design provides a blockchain application program interface and application development package. In the HPB blockchain base layer, it provides blockchain data access and interactive interfaces, and supports various applications and development languages ​​using JSON-RPC and RESTful APIs. It also supports multi-dimensional blockchain data query and transaction submission, and the interactive access interface can be integrated with the privilege control system.
The application development package includes comprehensive functional service packages that operate on blockchains based on different development languages. For example, it provides functional interfaces such as encryption, data signature, and transaction generation, and can seamlessly support integration and function expansion of various language service systems. , supports multiple language SDKs such as Java, JavaScript, Ruby, Python, and .NET.
Conclusion
If the future blockchain wants to enter the mainstream population, it must have high-performance public-chain or infrastructure support to form a true application ecosystem. Ethereum's dream to build a decentralized ecosystem cannot be achieved on an existing basis. Ethereum is trying to improve performance and expand scalability through fragmentation, plasma, and pos consensus mechanisms.
At the same time, the current status quo has also spawned other public-linked efforts, including eos, HPB, etc. Among them, HPB has adopted a unique combination of hardware and software, dedicated BOE hardware acceleration, signature verification speed, encryption channel security, data transmission Speed, network performance, and high concurrent support all have their own advantages over simple software solutions.
In the software architecture, consensus algorithms for internal and external elections, flexible virtual machine design, application program interfaces, and development packages are also used to provide infrastructure for the development of blockchain application scenarios.
From the overall design of HPB, its goal is to provide high-performance infrastructure for the entire blockchain to mainstream people. With a high-performance infrastructure, blockchains can only be implemented in many high-frequency scenarios to create more application ecosystems and have the opportunity to reach mainstream people.
The HPB team focused on the technical background, including the founder Wang Xiaoming who was an early evangelist in the blockchain and once participated in the establishment of UnionPay Big Data, Beltal, and Beltal CTO. Co-founder CTO Xu Li has more than 10 years of experience in chip industry R&D and management. He was responsible for the logic design, R&D, and FPGA chip marketing of the core products of the world's top qualified equipment suppliers and the world's largest component distributor. Technical VP Shu Shanlin once worked for Inspur, a well-known Chinese server manufacturer, as an embedded chief engineer, and has extensive R&D experience in embedded software and underlying software. Another co-founder, Li Jinxin, is a former blockchain analyst of Guotai Junan and has extensive experience in digital asset investment.
The background of the team members is in line with the HPB's soft and hard path. According to the latest monthly report, the basic PCB layout design of the BOE board, the overall architecture design of the BOE, and the ECC acceleration scheme have also been completed. At the same time, several tests have been completed for the BOE hardware acceleration engine.
It is hoped that HPB will develop rapidly and will embark on a path with its own characteristics in the future of blockchain infrastructure competition. It will provide support for more decentralized applications and eventually build a prosperous ecosystem.
Risk Warning: All Blue Fox articles do not constitute investment recommendations, investment risks, it is recommended to conduct in-depth inspection of the project, and carefully make their own investment decisions.
Source: https://mp.weixin.qq.com/s/RSuz6R6MTotEL_U__Al_Wg
submitted by azerbajian to HPBtrader [link] [comments]

JSON RPC Calls with Bitcoin qt (4 of 6) How to give your bitcoin node commands using a web server Programming Bitcoin-qt using the RPC api (1 of 6) Bitcoin JSON-RPC Tutorial 1 How to run Bitcoin-qt as a server with a configuration file (3 of 6)

JSON RPC API Bitcoind compatible RPC api. My Wallet users can interact with their wallet using our JSON RPC api. It is intended to be fully compatible with the original Bitcoind RPC protocol however some method calls are not supported. No Blockchain Download - Save on bandwidth and disk space. No Need to run Bitcoind - Some VPS and shared hosting plans do not allow you to run custom processes ... Running Bitcoin with the -server argument (or running bitcoind) tells it to function as a HTTP JSON-RPC server, but Basic access authentication must be used when communicating with it, and, for security, by default, the server only accepts connections from other processes on the same machine. If your HTTP or JSON library requires you to specify which 'realm' is authenticated, use 'jsonrpc'. Accordingly, the only thing you need to accept bitcoins is a bitcoin client on the server. It is called bitcoind, it’s just a console version of the client, with all the same familiar functionality. It works through the JSON-RPC protocol, is located under port 8332. All that remains after installation is to set up the client and Node.js. JSON-RPC. A light weight remote procedure call protocol. It is designed to be simple! Site by Matt Morley of MPCM Technologies LLC, a manager of the JSON-RPC google group. ... BCH JSON RPC Specification ⚠️ out of date ⚠️ Date: 2018-05-15 Version: 0.2. Summary. Documenting the BCH JSON RPC HTTP verbs, methods and arguments. Blockchain getbestblockhash HTTP Verb. POST. Arguments. None; Result. hex (String): the block hash hex encoded; getblock HTTP Verb. POST. Arguments. blockhash (String, required): The block hash; verbose (Boolean, optional, default=true ...

[index] [24684] [24630] [33778] [11953] [43838] [46012] [4819] [17069] [19296] [34521]

JSON RPC Calls with Bitcoin qt (4 of 6)

Bitcoin JSON-RPC Tutorial 5 - Your First Calls - Duration: 10:06. m1xolyd1an 11,838 views. 10:06 . Building a Blockchain in Under 15 Minutes - Programmer explains - Duration: 14:28. Ivan on Tech ... How to run Bitcoin-qt as a server with a configuration file (3 of 6) - Duration: 5:48. ... Bitcoin JSON-RPC Tutorial 2 - VPS Setup - Duration: 6:28. m1xolyd1an 14,440 views. 6:28 . Steve Jobs ... Step 7.3 Connecting your Wallet to BTCPay Server with xpub Ledger Nano S or other like Electrum - Duration: 5:00. BitcoinShirt 2,579 views. 5:00. Bitcoin JSON-RPC Tutorial 4 - Command Line ... In this video I revisit an old topic where several things have changed since 2015 in regards to using the JSON-RPC to communicate with your node with an apache server with PHP. https://www.amazon ... Bitcoin JSON-RPC tutorial. Handling JSON, entering parameters and receiving error messages. BTC: 1NPrfWgJfkANmd1jt88A141PjhiarT8d9U.

#