World

The last few months I have been getting involved in the crypto currency community. More specific the Burst Community. This paper could not have been possible without the help of two people in general. Crowetic and Lexicon. Lexicon has provided hours of time to me talking about pool setup, code, functionality, and burst in general.  So I would really like to thank these two people for all the help and support that they gave me.

Please check out https://forums.burst-team.us/ for the latest in burst news.

In my many chats with Lexicon on Discord, I posed many questions to him. He was very helpful and provided many answers. Ill go over his answers below.

What is Burst? BurstCoin is a crypto currency that uses the unique algorithm called “Proof of Capacity” (POC), which utilizes your unused hard disk drive space instead of your processor or graphics card to mine BURST. Miners pre-generate chunks of data known as ‘plots’ which are then saved to disk.  Miners can run more than one plot at a time.  The more plots the more chance that you will find a transaction at the current block chain height.

What is a block chain and how does burst use it? A blockchain is a chain of blocks linked together, contains all the transactions/data ever created and starts with a genesis block. (a block is a collection of data that contains all the transactions that are not in any other previous block and are ready to be added to a block.)
Genesis Block – The first block in the blockchain, every block is linked to this block in the blockchain.

How are blocks found? Mining is the process in which transactions are confirmed and blocks are added to the blockchain and how new burst coins are added to the ecosystem once the total amount of 2.1 billion burstcoins have been mined users will  be mining the transaction fees instead. It ensures that the system stays decentralized because anyone can mine and add blocks to the blockchain. In order for a block to be accepted by other nodes on the network it must have a mathematical proof to a math problem.

To get a valid proof it takes a lot of work meaning that you cannot figure it out easily but it needs raw power to get. If an individual wanted to mine more than half of the blocks they would need more than half of the mining power, so it is unlikely that a single person could ever control the majority of the blockchain. But pools combine mining power of many miners and the pool chooses what block should be distributed.

As miners come online and pool numbers go up, how does this effect the network? As miners come online and pool numbers go up the frequency in which transactions are confirmed are faster. More blocks are mined in a shorter period meaning more burst is shared out to the users mining on that pool.

How is burst different from other crypto? Besides from using the unique algorithm called “Proof of Capacity” (POC). And also uses fractions of the energy costs. It can be referred to as the true innovator platform… Burst was the first to do smart contracts over a year before Etherium even existed. Burst has also done a cross-blockchain transfer, and was the first in the world to do this as well. Burst also features an asset exchange is potentially the future of the stock market, totally decentralized, with no middle man. Along with features for market place selling and buying with built in escrow services

Burst now also features a mobile wallet with built in plotter and miner, which opens it up to a huge gap. And allows users phones to also confirm transactions whilst mining burst in the process. This not only makes burst mobile friendly, but expands the user base across multiple hardware and software platforms.

One really cool thing about burst is Smart Contracts. The Smart Contracts interface allows for things that no other coins can do and has its own scripting language which led to the first worldwide decentralized lottery.

As miners come online and pool numbers go up, how does this effect the network? Each miner, or mining pool that comes online increases the network processing of transactions. Thus more miners, or pools, the stronger the network. As the community matures and more money is put into the burst market, the more burst will rise in price.  So you can say community impact is huge, as without the burst community their wouldn’t be anywhere near as many transactions.

Where is burst heading? Burst is heading towards a bright future, as of current there’s only 22-23% of the burst left to mine in existence with the block reward decreasing each month by 5%. So far despite the rises and falls of bitcoin. Burstcoin’s market cap has only really gone up and has been quite stable.

Explain how network difficulty impacts mining and the burst currency? Network difficulty is the general size of the entire burstcoin network. Usually measured in Terabytes. As this increases it naturally gets harder and harder to find blocks as someone else is finding deadlines quicker or better than let’s say yourself

How is burst mining different from GPU or CPU Mining? BurstCoin mining is done off HDD Space, the power requirements are pretty low compared with other crypto currency’s. Also burst is not a CPU, or GPU miner. So you do not have to worry about bogging down your machine as with other currencies like Zcash. Simply Plot some space, start the miner and minimize it to the background, continue on with what you are doing.

The next section will cover the basics of getting started. Download a copy of the burst wallet from https://github.com/burst-team/burstcoin/releases

When you first run the software it will generate you wallet passphrase. It will look like a bunch of words. Please save this as without it you will not be able to access your wallet.

To mine you have to set the wallet up. It requires plots, some burst coins, and a pool address. To get some burst coins you can use a faucet. Go this address in your browser:

https://faucet.burstcoin.info/

Complete the submission and you will have a few coins sent to your wallet.

Once you have logged into your new wallet, and have some bursts, you need to plot you drives. At the bottom of the window you will see the “Write plots”. Select the drive that you want to plot on from the drop list and add your wallet address to the box if it’s not there. Select the amount of space you want to plot and the amount of cores to use. Once you’re ready select plot and wait. This process could take a while depending on how much space you wish to plot.

 

Once your drive is plotted you can then click the mine link and choose a pool to mine on. The biggest thing to understand about choosing a pool is setting your reward assignment and the pool from the list. This need to be set to the pool you will be mining on. It will be a numeric number and not the pools burst address. Example: 4048889333605521434

Input your passphrase for your wallet and click submit. If there is no error the submission went ok. Error Code 5 usually means there is a space in the numeric box. After this you need to wait 4 to 5 blocks for the network to sync. “You may see reward does not match pool…..” or something similar. Please just wait the 4 to 5 blocks and it will go away.

If you want to use a pool that is not in the list, please type it in the box. If the pool has long dns name you can use the ip address of the pool.

After that you can click on mine again and choose “Start Mining (AVX)”. You should be mining now.

For example here is my pool information:

  1. Pool Address : pool.bursts.me
  2. Set Recipient: 4048889333605521434
  3. Pool Fee: 1.5% ( We plan to invest in Assets to ensure bursts in pool )
  4. DevFree : Paid to Lexicon to help support the software process
  5. Mining Size : Any
  6. Location : USA East Coast

Each time you buy, sell, or trade these transactions are display in your wallet. Here is my wallet showing transactions. If you get bursts, they will be in green with a plus sign. As you spend them they will be in red.

One of the longest processes here is the plotting and the syncing of the blockchain to the wallet. If you want to shortcut the blockchain download you can shut off the miner and download the blockchain to your computer from here.

http://db.burst-team.us/

Download this and extract it to your burst folder under db_burst and restart the wallet. You will have to sync some of the block chain but not the whole thing. This download is typically 1.8 gig and most up-to-date. If you have files here before, delete them before you extract the db.

One of the coolest things about burst is the assets exchange. Here you can take your hard earned burst and practically buy into someone’s assets. There are many different types of assets you can buy, while some are based upon mining operations, others are based upon other things like silver. Each assets as a description about what the asset is trying to achieve.

There have been reports of scam assets being created so do your research on them before you buy.

Exchanges can be kind of complicated, and you can lose quit a lot of bursts depending on what you do here. There were two exchanges that I played around on. Each one yielded different results. Here are the two I tested with.

  1. https://www.poloniex.com/
  2. https://bittrex.com/

While both of these allowed you to buy and sell currency, I found that bittrex was far superior. Matter of fact, based upon my experience “Do not use POLONIEX!”  They have a horrible support department and a horrible support mentality.  My experience and research showed two things about them. They have massive complaints for people who are trying to get money out of the system, and massive complaints on support times. 3 to 4 days it takes them to reply to simple support items.

Think about this for a second… You sign up for an account and you get your email confirmation in less than 5 minutes. You send currency to the exchange address and it’s in your account in maybe an hour. This all great right? Here the rub. Now try to with-drawl your funds. To do this they send you an email to confirm… Good practice in general. But what happens when you never receive this email? I waited 12 hours. Time to file a ticket! To file a support ticket you have to go to a different site and create a support account? HUH!!!!! So I go to the other site and create a support account. I get the email within minutes. I create the ticket and again I get the email confirmation within a few minute. But then I notice something. They say tickets will be looked at in 24 to 48 hours… Hmm that won’t work for me. I had a Burst asset at a low price I was withdrawing to buy. Support ended up replying with the check my spam box 2 days after I put in the ticket. Guess what? The with drawl email came 11 hours after that.

Again I went to support asking what was going on. They suggested I enable 2fa on the account and disable the email conf. Guess what? The 2fa email came within minutes. However on my next withdrawal request, I got the dreaded email confirmation again. Which never came. So off to file another ticket. Short story of it is support had to remove the feature on my account as there email system cannot seem to deliver this one email.  I sold everything at a loss to get out of this place.

On poloniex there is a chat box with moderators called the “Troll Box”. There are mods there that try to help, but it’s pretty clear they are powerless to do anything, as they keep saying support will look at it. One thing to note on this chat box. You cannot talk about prices going up or down, what is good to buy and what is not. They ban you for an hour each time. They claim your trying to hype, pump, or dump. I have seen people banned for simply saying the price of something is going up. In fact it was. It was a true statement. Here is a user saying the price of something and a moderator (in blue) warns him about it. What good is the troll box if people cannot talk about what is happening on the site?

Another horrible thing is to “robo-reply” check your spam box and have that count as a support reply. This is Horrible beyond belief.

Every graph on the site lags out, and is vastly outdated by the time its generated.  This does not give an correct idea of what the current price is.

Even the table generated buy and sell orders lag. Not only is this pointed out to them, they are doing nothing to solve the issue in a timely manor.

Bittex is more simple and up-to-date with a smoothed out interface. Currency price and volume is accurately represented and trading is very fast. There are no bulky inaccurate graphs to distract you. Everything is simple and smooth.

When you look at your wallets, again you get a much slimmed down versions. Again no bulky or laggy screens. Far superior than that at poloniex.

To test to make sure i did not have the same issues that i had with poloniex, i deposited some burst into my account, and then withdrew them. Depositing took less than 30 minutes to show up in my account, and to get them back in my wallet took 4 minutes. No emails, No fuss. Just a simple 2fa code and it was done.. There was never any need to contact support as the system worked as intended.

So based upon these observations, if you are going to be trading crypto-currencys use bittrex. Stay away from poloniex as it seems they cannot get their issues sorted in anyway.

In the next few weeks we will be publishing a tutorial on how to setup a mining pool. We will also be doing a Live Broadcast Interview with Lexicon. Stay Tuned!

Surviving the Con.. Or at least the day after.....

So like I, many of you are returning to your real world jobs after a hard weekend of “con life”.  As we settle back into our work weeks many of us will take the time to reflect on our experiences.  Who we met, what we heard, and what we learned.  Many of the things I am going to say may sound weird, may sound a little  old, and even may sound completely off the wall.

The first rule is Cardio! Yes… You will walk your ass off. There is no way else to say it. The con is a never ending sea of people. All moving to and from different talks. You will go upstairs, downstairs, sideways, and other ways… In the end it will be a blur.

Stay close to the Con! Not always a plus due to price, but when you’re drunk at 3am, trying to make your way back to your hotel room… It’s a huge bonus…

Know your limits… This is a big one. Each con is a little different. Some are one day, and other last 3 days. Know when you are done. Get a nap. Eat something. Take a mental break. We meet so many new people, we see so many new and exciting things, and that we often end up Short-circuiting ourselves.

Participate!!! This is a huge one… The con will come and go, and the talks will happen. Some of the best talks I have ever experienced, did not happen in the talk itself. They came after the talk. It’s typical that there are meetups after the con. Here is where the conversation flows freely. No format. No time limits… Listen… Ask questions… Share your ideas or thoughts.

Make a Friend!!! Not everyone who is at the con, has been there before. If you see someone standing alone. Strike up a conversation. You never know the history of the person you’re going to meet. Each year I am introduced to some very exciting people that are doing some very exciting things.  For me the con is about meeting people… not just new people, but people that i have communicated with over social platforms during the year, but they are not in the same area as i am.

But for whatever reason you’re there, whatever you’re doing, and whoever you meet… remember it… Leave with a sense that you were part of something… That something happened….

See you at the next Con!!!

Digi…

Maybe it meant something. Maybe not, in the long run, but no explanation, no mix of words or music or memories can touch that sense of knowing that you were there and alive in that corner of time and the world. Whatever it meant. – Hunter S. Thompson, Fear and Loathing in Las Vegas

What is OpSec?

For normal people we can define it like this: basically you need to not leave about bits of information that can be traced back to you, or be put together like a puzzle to form a bigger picture about who you are or what you are doing. Don’t use credit cards in your name, sign up for social networks, and post pictures with Exif data or landmarks in the background. These types of acts leave a trail right back to the person. Other ways to practice OpSec might be to not give people your personal information, your back account information, or even share your passwords. The biggest way I feel people destroy their OpSec is by telling people what they are doing. Many people trust others with little thought to how the information they are giving them can be used to betray them.

OPSEC-StepPoster

The military defines OpSec with a very structured definition. “Operations security (OPSEC) is a term originating in U.S. military jargon, as a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.”

Who uses OpSec?

When we look at how the term has changed in the last 10 years, we can add in many types of situations. Businesses use it to protect their R&D and product lines. Law Enforcement uses it in investigations to build cases against criminals. Hackers use it to keep from getting arrested, and terrorists use it to keep their plans secret. OpSec is used by so many types of organizations that it has become a daily practice. Many groups use VPN, Tor, or other types of technology to hide their traffic or actions.

I have great OpSec! How can I fuck it up?

There are many ways to fuck up OpSec. When we look at some of the most highlighted hackers who have gotten caught these last few years we notice a couple of things. They did not practice good enough OpSec. Most of these hackers slowly leaked information that was used to trace or correlate them to their traffic or habits. This eventually led to their arrest and was used as evidence against them.

Many people say to use Tor (The Onion Router) to create a VPN to hide your activities. As many have found out this is completely false. Law enforcement and criminals alike use and operate on Tor or VPN services. Tor is not secure (it leaks your location, and stands out like sore thumb) and is enough to get you looked at. VPNs are not secure either. Both VPN operators and Tor exit nodes can see what’s going through the pipe. In one case the government used an Adobe flaw to connect outside of the Tor network and reveal the users IP address.

No one can honestly say that they use the best OpSec that’s out there. What’s safe today may not be safe tomorrow. When traveling the internet, you connect through many systems and it is impossible for anyone to tell if those system are secure, uncompromised, or that the owner isn’t doing malicious things to the traffic. While we all use software, it’s not as secure as we think. Bugs, tech issues, and other flaws exist in the product line, which may leak your usage.

Here are a few other ways to screw up your OpSec:

  1. Doing operations from your house or work
  2. Using the same MAC address for multiple operations
  3. Using the same Internet handle for both personal and operations work
  4. Working with others who will sell you out to save their ass
  5. Bragging about your operations

There are so many ways to screw up your OpSec and the list grows longer every day.

Let’s look at a few people that fucked up their OpSec. Many stories have been written about each of these people. Some stories are more accurate than others.

In the case of the group known as YardBird, they used a common encryption key that was given to all members. While this allowed them to kill a key and replace it quickly, it took only one member getting caught and giving up the encryption key to expose a portion of the group. Once the police had the key they could read messages meant for the group.

“During a period of 15 months, there were around 400,000 images and 11,000 videos uploaded to a central server run by the group and shared by the members. The reason we know that, is because during that 15 months, the FBI performed an undercover operation to infiltrate the group in hopes of apprehending the members. They successfully apprehended 1 in 3 members of the group. One of those who remain free to date, was the leader of the group, who also went by the online name YardBird.

How is it possible that after so much effort was put in by the American Federal Bureau of Investigation (FBI), the Australian Federal Police (AFP) and the Australian Queensland Police Service, that people high up on the wanted lists were able to evade capture. They used strong cryptography, and proper OpSec rules.”

Link: The YardBird Story

Jeremy Hammond had pretty good OpSec, but was working with an informant: Hector Xavier Monsegur (AKA Sabu )… Hammond told Sabu a few detailed things about his life, and that was used to pin-point who he was. Hammond had been arrested before, and had told Sabu about it, which led police to put two and two together.

Hector Xavier Monsegur, AKA Sabu, who is allegedly the mastermind of hacking group, LulzSec
Hector Xavier Monsegur, AKA Sabu, who is allegedly the mastermind of hacking group, LulzSec

hammondtafeln1kl

Link: The Down fall of LulzSec

In the case of Higinio Ochoa (my best friend), he uploaded pictures with the GPS location of his Girlfriend to his operations Twitter account. After the police identified her, they identified him through her social media accounts. In short, you need to keep your online identify completely separate from your personal life. Higz failed to follow this rule by using his girlfriend in his pictures. Yes, it was funny to see his taunting on Twitter, but they were able to use that to connect him to his crimes. Most people think that he was caught due to not understanding Exif metadata, but that is an untrue statement. One of the best ways to screw up OpSec is to rush. Deadlines are deadlines, and if you rush to meet them, you make mistakes, such as publishing the picture with metadata instead of the one you just cleaned as Higz did.

higz

With so many possibilities and so many flaws, I think we can assume that you can never have 100% solid OpSec. If you work with anyone else, publish your victories, or communicate to others about what you’re doing, you’re at risk of fucking it up, or you’ve fucked it up already. If you look at today’s news about hackers who have gotten arrested, you will see the sentences are rising. People from other countries are being extradited to face charges in others. Groups form and break apart faster and faster, as they are infiltrated and members are turned on one another.

So in closing… listen my brothers and sisters… Practice good OpSec… or better yet… rethink what you are doing… It might not go well… Stay safe…

Sign In

Reset Your Password