What's Behind Bitcoin's Latest Steep Drop to $8,000 and ...

Your Pre Market Brief for 08/27/2020

Your Pre Market Brief for Thursday August 27th 2020

You can subscribe to the daily 4:00 AM Pre Market Brief on The Twitter Link Here . Alerts in the tweets will direct you to the daily 4:00 AM Pre Market Brief in this sub.
Morning Research and Trading Prep Tool Kit
The Ultimate Quick Resource For the Amateur Trader.
Published 3:00 AM EST / Updated as of 3:30 AM EST
-----------------------------------------------
Stock Futures:
Wednesday 08/25/2020 News and Markets Recap:
Thursday August 27th 2020 Economic Calendar (All times are Eastern)

TODAY: GDP AND UNEMPLOYMENT!!!!

ALSO PENDING HOME SALES
Overnight News Heading into Thursday August 27th 2020
(News Yet to be Traded 8:00 PM - 4:00 AM EST)
End of Day and After Hours News Heading into Thursday August 27th 2020
(News Traded 4:00 PM - 8:00 PM EST)
Offering News
Note: Seeking A url's and Reddit do not get along.
Upcoming Earnings:
-----------------------------------------------
Morning Research and Trading Prep Tool Kit
Other Useful Resources:
The Ultimate Quick Resource For the Amateur Trader.
Subscribe to This Brief and the daily 4:00 AM Pre Market Brief on The Twitter Link Here . Alerts in the tweets will direct you to the daily brief in this sub
It is up to you to judge the accuracy and veracity of the above before trading. I take no responsibility for the accuracy of the information in this thread.
submitted by Cicero1982 to pennystocks [link] [comments]

The blocksize debate, the personal attacks against reputable members of the community, and the Craig Wright revelations are all part of a well orchestrated campaign against Bitcoin. Proof inside?

Uber TL;DR: Craig Wright, anonymously via a report relating to the PGP key from December, attempted to smear and discredit members of the Bitcoin development community, accused Bitcoin Core of hijacking Bitcoin by imposing a blocksize limit, attacked small-block supporters, and heavily promoted big blocks. I hypothesize that the on-going blocksize campaign and Craig are highly connected. Scroll down for a non-Uber TL;DR, or just read the whole thing (yes, its long :)).
First, some background. After the December leaks, a paper pertaining to disprove Greg Maxwell's (nullc) allegations of backdating the PGP key has been released by an unknown (at the time) author, titled "Appeal to authority: A failure of trust".
Abstract: In December 2015, a Motherboard article suggested that cryptographic keys ... were created using technology that was not available on the dates they were supposedly made ... in this paper we present evidence that disproves this claim ... In addition, a warning is rung regarding the onset of centralised authority in the control of bitcoin that has been achieved through Blocksize restrictions. These restrictions have led to centralisation of Bitcoin via the dogma of the core development team ...
In the recent Economist article, they mentioned the following:
As for the backdated keys revealed in the December outing, Mr Wright presents a report by First Response, a computer-forensics firm, which states that these keys could have been generated with an older version of the software in question.
While they do not explicitly state that this is the same paper linked above, what are the odds that two different papers were written to support Craig's claims? In all likelihood, Economist refers to the same "Appeal to authority: A failure of trust" paper, mentioning that it was written by a computer forensics firm named First Response.
Now, to the interesting part. Within the paper (supposedly written by an independent third party firm), we have the following text:
Generally, an appeal to authority is fallacious when we cite those who have no special expertise. This is of greater concern when we have an individual believed or purporting to be an expert who abuses trust. Even experts have agendas and the only means to ensure that trust is valid is to hold those experts to a greater level of scrutiny.
That very same text (the bold portion) is also mentioned in that same Economist article, but this time attributed to Craig Wright himself:
In an article in the press kit accompanying the publication of his blog post, he takes aim at Gregory Maxwell, one of the leading bitcoin developers, who first claimed that the cryptographic keys in Mr Wright’s leaked documents were backdated. “Even experts have agendas,” he writes, “and the only means to ensure that trust is valid is to hold experts to a greater level of scrutiny.”
This could mean one of two things: either that Craig wrote that report (and presented it as-if it was written by an independent third party forensics company), or that The Economist mis-attributed the text to Craig instead of to the First Response report. However, they already refer to this report earlier in the very same article (the second quote on this post) and attribute it to First Response. It is very unlikely that they later in the same article they would mis-attribute this report to Craig. In addition, what does a forensics company has to do with Bitcoin politics? Why would they even mention that subject? And how would they even have the knowledge to do so?
My conclusion is: this report was written by none other than Craig Wright himself, who later used similar phrasing for self-attributed texts in his press kit. He then managed to get First Response to sign-off on that report (or simply just lied about them being involved - would be interesting to try and check that).
Now, to the disturbing part. The author of this paper goes out of his way to attack and discredit Gregory Maxwell, over and over, throughout the entire article. He also repeatedly attacks the Bitcoin Core development community, the Bitcoin governance model, and those advocating for smaller blocks. I would say that 70%-80% of that paper is focused on politics, personal attacks against the Bitcoin technical community and heavy promotion for big blocks (later, in the Economist article, he's also advocating for 340GB blocks), in various phrasing that repeat over and over, with only 20%-30% of it actually being related to the technical questions surrounding the PGP key.
Here are some selected quotes (there are many more!):
We may either conclude that Gregory Maxwell understood what he was asserting and has intentionally misled the community in stating that the PGP keys referenced had been backdated, or that a Bitcoin core developer did not understand the workings of PGP sufficiently.
.
In addition, a warning is rung regarding the onset of centralised authority in the control of bitcoin that has been achieved through Blocksize restrictions.
.
There is an inherent warning in the foregoing discussion with regard to the growing power of individuals who may not fully grasp the full potential of the Blockchain but who nevertheless have a disproportionate level of influence.
.
In limiting the size of the Block, the issue of control and the use of the protocol is centralised to a limited number of developers.
.
The bitcoin core protocol was never designed to be a single implementation maintain by a small cabal acting to restrain the heretics. In restricting the Blocksize, the end is the creation of a centralised management body.
.
Several core developers, including Gregory Maxwell have assumed a mantle of control. This is centralisation. It is not companies that we need to ensure do not violate our trust, but individuals.
.
Gregory Maxwell has been an avid supporter in limiting Blocksize. The arguments as to the technical validity of this change are political and act against the core principles of Bitcoin. The retention of limits on Block size consolidates power into the hands of a few individuals.
.
The position that has been assumed by those seeking centralisation of Bitcoin for many years is to create an artificial scarcity within Bitcoin associated with the limits on the Blocksize.
.
Those with power need to be held to a higher standard.
.
We can clearly assert that the evidence Maxwell has presented to justify his assertions to Motherboard that the PGP keys is false. His motives in this remain a mystery.
This report also uses the strawman logical fallacy, attributing Greg with claims that he never made while avoiding quoting his exact words (instead, optin to quote the press's paraphrase of Greg's words). While Greg said that the algorithms weren't in wide use at the alleged time of the key creation, they repeatedly mis-quote him as claiming that it was impossible to generate such a key at the time. Based on this strawman, they build mountains and hillsides, claiming that they can prove their claim in absolute logical terms ("This is a binary outcome and there cannot be any other result. Either creating the keys was possible, or the evidence reported by Motherboard was unfounded").
That was what Greg actually wrote:
Incidentally; there is now more evidence that it's faked. The PGP key being used was clearly backdated: its metadata contains cipher-suites which were not widely used until later software.
This is what the report claims:
In the logical analysis of evidence, we cannot have contradictions. Where such a contradiction exists, we need to check our premises. In this process that we are exploring together, either we can recreate a similar key along the lines of the one Maxwell has stated could not have existed (WAS NEVER SAID! N.I.) and must have been backdated, or we cannot. If we can create a key using the GnuPG software from 2007 and add the attributes of the disputed keys to a newly created key pair, then Maxwell is wrong. If we cannot complete this process, then he was correct and the keys could have been backdated. This is a binary outcome and there cannot be any other result. Either creating the keys was possible, or the evidence reported by Motherboard was unfounded.
.
We see here the default hash list of “2.8.3” as Maxwell asserts is the only available choice. (WAS NEVER SAID! N.I.)
.
The importance of this statement is that Maxwell has firmly asserted that the algorithms, “8,2,9,10,11” have only been added from a later period in 2009 ... We have engaged in this exercise in order to demonstrate that the former statement made by Maxwell is incorrect.
.
This exercise proves that those algorithms that had been stated to not exist at the time within GnuPG 1.4.7 had indeed been implemented. Maxwell’s assertion is false.
That report is, of course, total and utter nonsense. The algorithms did exists in PGP (no one claimed otherwise), but there was no ciphersuite that combined them together. It was indeed possible to manually select that ciphersuite, the command to do so would look like that:
setpref SHA256 SHA1 SHA384 SHA512 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
There's no way that anyone would choose these exact algorithms under the exact same order before it was added as the default to PGP. Its important to note that the ciphersuite was chosen by the open source community after much discussions and knowledge acquired over time regarding the algorithms, which showed this combination to be the most secure. Foreseeing that this suite is going to be the state of the art, a few years before the PGP community figured it out, is extremely unlikely.
TL;DR
  • After Greg exposed Craig's bluff regarding the PGP key from December, Craig writes a report that allegedly proves his key wasn't backdated. It is published on late December '15 - Early January '16 (anyone has an exact date?).
  • That entire article is based on a strawman, and doesn't really prove anything. It shows that it could be technically possible to create such a key at the alleged time, but completely disregards the fact that the likelihood of that happening is practically zero.
  • He released this report anonymously, not attributing it to anyone.
  • He uses this opportunity to discredit Greg, repeatedly attacking his personal integrity and technical competence. He also attacks Bitcoin Core with claims of an hostile takeover by a "small cabal" that wants to control Bitcoin by restricting the blocksize. He smears the "small blocks camp", while heavily advocating for larger blocks. He does that using personal attacks and severe words pointed at highly respected members of the community. About 70%-80% of the report isn't related to the PGP key at all, but rather to politics and attacks.
  • In his press kit for the revelation, he attaches this report, this time attributed to a forensics company called First Response. In addition to the report, he attaches more attacks against Greg, which he does attribute to himself. The phrasing of his self-attributed attacks strikes an extraordinary resemblance to the attacks in the report.
Having read this report, I now believe that what we're seeing is another stage of a well orchestrated attack on Bitcoin, whose goal is to discredit reputable members of the Bitcoin community, create factions within the community and to sow distrust among community members.
This attack hasn't started now. The opening shot was the block size campaign, which was designed to spread toxicity and dissent, promote personal attacks against thought leaders and technical experts, and split the community into two opposing camps. The goal is to dissemble the human and social fabric of Bitcoin, to subvert our trust in the cypher-punk "leaders" of the bitcoin space and to create chaos and confusion, in order to prepare the ground for the second stage - an hostile takeover of the Bitcoin protocol development via a person claiming to be Satoshi Nakamoto, which will support this new development team and lead people after him.
I don't usually tend to be overly conspirative, but this report is highly disturbing. It has the very clear agenda of attacking Bitcoin Core and the consensus mechanism, while heavily promoting big blocks. We have appealing evidence that it was written by Craig, which also continues his attack as part of his press release. All of that leads me to believe that the blocksize campaign, the non-stop attacks against the Bitcoin development community and thought leaders, and the Craig revelation as "being Satoshi" are all tightly connected as part of an orchestrated attack.
And all of that follows repeating evidence of ongoing sock-puppets and rating manipulation within our online communities, Sybil attacks on the P2P network to create a false image of Classic support, and DDoS attacks. (interesting to note that voting manipulation was put into use with greater vigor during the Craig revelations, according to theymos - "there's substantial vote manipulation in /Bitcoin right now").
I truly believe that this is the real thing. We're witnessing an orchestrated full-scale attack on Bitcoin, by a well-organized entity with significant financial means. Buckle up!
submitted by shesek1 to Bitcoin [link] [comments]

The Greater Fool's Theory: Crypto Edition

There is a big cognitive dissonance within the crypto community. The dream of decentralization and censorship resistance is dominated by big centralized exchanges centralized empires like Binance and Coinbase.
Speculation still drives the market and fuels the continued growth of centralized exchanges. One of the leading factors fueling the revenue stream of exchanges is new coins, namely ICOs and in future STOs. ICOs became nothing more than a way of Flipping Tokens. Most ICOs used and continue to used Proof of Greater Fool to push forward their blockchain.
People invest in something that they know is probably worthless and extremely overpriced, hoping that they can sell that worthless overpriced digital token to a "Greater Fool". In the end, all ICO investors are fools because even if Fool #1 manages to Flip the token at 3x the price he bought it at, he is still the fool compared to the ''ICO that now holds millions** collected by all the #1 fools.
Essentially ICOs that list on exchanges right away that have nothing to offer and no product are basically Ponzi schemes, with ICO team at the top, ICO Buyers second Layer and people on the exchange at the bottom of the pyramid.
The IEO (Initial Exchange Offering) is a natural evolution of this Ponzi scheme: Now with ICO and Exchanges working together to pump up the price, being able to freely manipulate the price of the token and print free money. As Cryptocurrencies are a totally unregulated market they are pretty much free to do whatever they want.
Cryptocurrency exchanges basically became empires fueled by greed, trading fees, listing fees, and so much more. These empires have no interest in changing the system, similar to how banks do not want to give away power.
It is expected of anyone in power to be very corrupt in a totally uncontrolled market.

BUIDL VS Initial Exchange Offerings

In 2019, for the first time in 3 years, projects that focused on tech, product, and business development came out of the darkness.
Most people pretended to work to look good to raise money, however, some actually worked to solve problems. 2019 was also the year that we started to see Initial Exchange Offerings. ICOs conducted on exchanges compared to publicly.
The original purpose of ICOs was to take away the monopoly of fundraising away from stock exchanges and brokerage firms. An IEO is well explained in that scene of Wolf of Wall Street, when they opened an IPO for Steve Madden shoes. Remember when a centralized entity is responsible for issuing a new stock? It probably has a vast interest in pumping that price, but is it legal in the traditional financial space?
ICOs that are actually working hard to build their product also understand that in order for their projects to become successful they need to become decentralized. They need to get their tokens in as many hands as possible. Of course, the person that is attached to that hand should also bring value to the project.
The best example of the power of useful decentralization is Bitcoin. Bitcoin has a pretty old tech, had a few bugs in their source code, is super slow, but yet it has by far the best community and strongest social consensus. Hashrate doesn't mean much, after all, Bitcoin Cash had a bigger hash rate for a brief while, but it was the social consensus of the mining community that decided not to implement the new changes introduced by Rodger and Bitmain. Now BCH is less than 96% of the market Cap it used to be.
The value of cryptocurrencies is defined by nothing more than censorship resistance, game theory, and token holders. In the long term, these three factors will be decisive determining which coin will have the biggest market cap. Bitcoin has by far the most censorship resistance, probably one of the best game theories and by far the best community.
The value of a coin is pretty much all about: how hard it is to change the information saved on the block * (sum of all useful skills and influence amongst all token holders) that can be leveraged by game theory within the ecosystem.

Best case vs Worst Case outcome for an ICO

An ICO that is used for its actual purpose and not as a vehicle to facilitate scamming, can be seen as the big bang of any new blockchain ecosystem. Successful ICOs understand that they need to act like economies, not companies. Usually, economies filled with smart people that can utilize their skills to push their ecosystem that is also run by the good government (good game theory) do very well, compared to economies that have a very small set of inhabitants that can bring economic value for influence and skill sets.
The optimal scenario for an ICO would be if the tokens were magically distributed among the best developers, business integrators, influencers, politicians and basically anybody that would be willing and capable of bringing value to the new blockchain ecosystem.
Bitcoin’s mechanism to achieve this magical community was via mining and its 4-year reward halving cycle. It takes a great deal of passion and technical skills to start mining. Also, the low token price during the first few years motivated the best developers, who are also deeply interested in the technology, to jump onboard and help on its development efforts. This also allowed them to acquire a lot of tokens in the process.
The 4 year Bitcoin Pump and Dumps enable very smart individuals to join the bitcoin ecosystem every 4 years and accumulate at low prices. Regulators love crypto once they’ve also bought a bag.
Therefore the best outcome is the magical distribution of tokens to all the best developers, business integrators, influencers, politicians and basically anybody that would be willing and able to help that new blockchain ecosystem. The worst case would be an ICO whose tokens holders are mostly speculators, also known as an initial Exchange offering.

ICO DOG offers a different path: Social Mining

We have been very busy for the past few months to build an IDK (ICO Development Kit) for the cryptocurrency ecosystem.
It is an off chain - onchain hybrid solution that any project can plug into their project to assist them with all problems they could potentially face and helps them in the long run to become a decentralized autonomous system. We called it Social Mining, proof of engagement. A certain percentage of the token supply is dedicated for social mining. Any ICO or Post ICO project can plugin our solution to boost their community and to help them become more decentralized.
We have been testing the system now for about 6 weeks and the results are already overwhelming for our first client LTO Network. After the first 6 months, LTO network now has 8 different language channels, community marketing team, over 50 mainnet nodes, community development team, and community produced merchandise shop. The platform is in every sense the opposite of an Initial Exchange offering.
The best performing ICO in the past 12 Months was raised via an IEO on Binance 2nd best performing ICO was raised via our IDK and proof of engagement
You can find a very good in-depth comparison of the two projects here: https://cryptodiffer.com/news/buid-the-meme-that-thrives-in-todays-bearmarket-by-steven-price/
For more information on Social Mining you can check out our content at: www.icodog.io - https://icodog.io/crypto-stories/the-story-of-icodog-november-progress-report/
Or on the LTO Medium Page: https://medium.com/ltonetwork/community-engagement-and-whitelist-the-lto-way-4698b98fdddd
Full article in: https://steemit.com/bitcoin/@icodog/the-greater-fool-s-theory-crypto-edition
By icodog.io
submitted by EnriqueZGZ to ico [link] [comments]

Bitcoinj 0.11 released

Mike Hearn posted this on the Bitcoin Developer Mailing List:
I'm pleased to announce the release of bitcoinj 0.11, a library for writing Bitcoin applications that run on the JVM. BitcoinJ is widely used across the Bitcoin community; some users include Bitcoin Wallet for Android, MultiBit, Hive, blockchain.info, the biteasy.com block explorer (written in Lisp!), Circle, Neo/Bee (Cypriot payment network), bitpos.me, Bitcoin Touch, BlueMatt's relay network and DNS crawler, academic advanced contracts research and more.
The release-0.11 git tag is signed by Andreas Schildbach's GPG key. The commit hash is 410d4547a7dd. This paragraph is signed by the same Bitcoin key as with previous releases (check their release announcements to establish continuity). Additionally, this email is signed using DKIM and for the first time, a key that was ID verified by the Swiss government.
Key: 16vSNFP5Acsa6RBbjEA7QYCCRDRGXRFH4m
Signature for last paragraph: H3DvWBqFHPxKW/cdYUdZ6OHjbq6ZtC5PHK4ebpeiE+FqTHyRLJ58BItbC0R2vo77h+DthpQigdEZ0V8ivSM7VIg=
Notable changes and new features
Smaller improvements
Notable bug fixes
API changes
New documentation
Announcement: https://groups.google.com/forum/?fromgroups#!topic/bitcoinj-announce/3LW0uXhlRZY
Message on Bitcoin Developer Mailing List: http://www.mail-archive.com/[email protected]/msg03873.html
Google Code: https://code.google.com/p/bitcoinj/
GitHub: https://github.com/bitcoinj/bitcoinj
Edit: Added links to articles about BIP39 and BIP70 which were included in the original announcement.
submitted by alsomahler to Bitcoin [link] [comments]

0x00.txt - the write-up/guide from the FinFisher hack

Here is the write-up/guide from the FinFisher hack, which is excellent reading - it is also mirrored here. Hopefully we will get the Hacking Team one soon.
 _ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__| <|_| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) A DIY Guide for those without the patience to wait for whistleblowers 
--1-- Introduction
I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request.
-- 2 -- Staying Safe
This is illegal, so you'll need to take same basic precautions:
  1. Make a hidden encrypted volume with Truecrypt 7.1a
  2. Inside the encrypted volume install Whonix
  3. (Optional) While just having everything go over Tor thanks to Whonix is probably sufficient, it's better to not use an internet connection connected to your name or address. A cantenna, aircrack, and reaver can come in handy here.
As long as you follow common sense like never do anything hacking related outside of Whonix, never do any of your normal computer usage inside Whonix, never mention any information about your real life when talking with other hackers, and never brag about your illegal hacking exploits to friends in real life, then you can pretty much do whatever you want with no fear of being v&.
NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable for some things like web browsing, when it comes to using hacking tools like nmap, sqlmap, and nikto that are making thousands of requests, they will run very slowly over Tor. Not to mention that you'll want a public IP address to receive connect back shells. I recommend using servers you've hacked or a VPS paid with bitcoin to hack from. That way only the low bandwidth text interface between you and the server is over Tor. All the commands you're running will have a nice fast connection to your target.
-- 3 -- Mapping out the target
Basically I just repeatedly use fierce.pl, whois lookups on IP addresses and domain names, and reverse whois lookups to find all IP address space and domain names associated with an organization.
For an example let's take Blackwater. We start out knowing their homepage is at academi.com. Running fierce.pl -dns academi.com we find the subdomains:
67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com 
Now we do whois lookups and find the homepage of www.academi.com is hosted on Amazon Web Service, while the other IPs are in the range:
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd 
Doing a whois lookup on academi.com reveals it's also registered to the same address, so we'll use that as a string to search with for the reverse whois lookups. As far as I know all the actual reverse whois lookup services cost money, so I just cheat with google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools 
Now run fierce.pl -range on the IP ranges you find to lookup dns names, and fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more whois lookups and repeat the process until you've found everything.
Also just google the organization and browse around its websites. For example on academi.com we find links to a careers portal, an online store, and an employee resources page, so now we have some more:
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com 
If you repeat the whois lookups and such you'll find academiproshop.com seems to not be hosted or maintained by Blackwater, so scratch that off the list of interesting IPs/domains.
In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com was simply a whois lookup of finfisher.com which found it registered to the name "FinFisher GmbH". Googling for:
"FinFisher GmbH" inurl:domaintools 
finds gamma-international.de, which redirects to finsupport.finfisher.com
...so now you've got some idea how I map out a target.
This is actually one of the most important parts, as the larger the attack surface that you are able to map out, the easier it will be to find a hole somewhere in it.
-- 4 -- Scanning & Exploiting
Scan all the IP ranges you found with nmap to find all services running. Aside from a standard port scan, scanning for SNMP is underrated.
Now for each service you find running:
  1. Is it exposing something it shouldn't? Sometimes companies will have services running that require no authentication and just assume it's safe because the url or IP to access it isn't public. Maybe fierce found a git subdomain and you can go to git.companyname.come/gitweb/ and browse their source code.
  2. Is it horribly misconfigured? Maybe they have an ftp server that allows anonymous read or write access to an important directory. Maybe they have a database server with a blank admin password (lol stratfor). Maybe their embedded devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer's default password.
  3. Is it running an old version of software vulnerable to a public exploit?
Webservers deserve their own category. For any webservers, including ones nmap will often find running on nonstandard ports, I usually:
  1. Browse them. Especially on subdomains that fierce finds which aren't intended for public viewing like test.company.com or dev.company.com you'll often find interesting stuff just by looking at them.
  2. Run nikto. This will check for things like webserve.svn/, webservebackup/, webservephpinfo.php, and a few thousand other common mistakes and misconfigurations.
  3. Identify what software is being used on the website. WhatWeb is useful
  4. Depending on what software the website is running, use more specific tools like wpscan, CMS-Explorer, and Joomscan.
First try that against all services to see if any have a misconfiguration, publicly known vulnerability, or other easy way in. If not, it's time to move on to finding a new vulnerability:
5) Custom coded web apps are more fertile ground for bugs than large widely used projects, so try those first. I use ZAP, and some combination of its automated tests along with manually poking around with the help of its intercepting proxy.
6) For the non-custom software they're running, get a copy to look at. If it's free software you can just download it. If it's proprietary you can usually pirate it. If it's proprietary and obscure enough that you can't pirate it you can buy it (lame) or find other sites running the same software using google, find one that's easier to hack, and get a copy from them.
For finsupport.finfisher.com the process was:
At this point I can see the news stories that journalists will write to drum up views: "In a sophisticated, multi-step attack, hackers first compromised a web design firm in order to acquire confidential data that would aid them in attacking Gamma Group..."
But it's really quite easy, done almost on autopilot once you get the hang of it. It took all of a couple minutes to:
Looking through the source code they might as well have named it Damn Vulnerable Web App v2. It's got sqli, LFI, file upload checks done client side in javascript, and if you're unauthenticated the admin page just sends you back to the login page with a Location header, but you can have your intercepting proxy filter the Location header out and access it just fine.
Heading back over to the finsupport site, the admin /BackOffice/ page returns 403 Forbidden, and I'm having some issues with the LFI, so I switch to using the sqli (it's nice to have a dozen options to choose from). The other sites by the web designer all had an injectable print.php, so some quick requests to:
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1 
reveal that finsupport also has print.php and it is injectable. And it's database admin! For MySQL this means you can read and write files. It turns out the site has magicquotes enabled, so I can't use INTO OUTFILE to write files. But I can use a short script that uses sqlmap --file-read to get the php source for a URL, and a normal web request to get the HTML, and then finds files included or required in the php source, and finds php files linked in the HTML, to recursively download the source to the whole site.
Looking through the source, I see customers can attach a file to their support tickets, and there's no check on the file extension. So I pick a username and password out of the customer database, create a support request with a php shell attached, and I'm in!
-- 5 -- (fail at) Escalating
< got r00t? >
 \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^ 
Root over 50% of linux servers you encounter in the wild with two easy scripts, Linux_Exploit_Suggester, and unix-privesc-check.
finsupport was running the latest version of Debian with no local root exploits, but unix-privesc-check returned:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data 
can write to /etc/cron.hourly/webalizer
so I add to /etc/cron.hourly/webalizer:
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell 
wait an hour, and ....nothing. Turns out that while the cron process is running it doesn't seem to be actually running cron jobs. Looking in the webalizer directory shows it didn't update stats the previous month. Apparently after updating the timezone cron will sometimes run at the wrong time or sometimes not run at all and you need to restart cron after changing the timezone.
ls -l /etc/localtime shows the timezone got updated June 6, the same time webalizer stopped recording stats, so that's probably the issue. At any rate, the only thing this server does is host the website, so I already have access to everything interesting on it. Root wouldn't get much of anything new, so I move on to the rest of the network.
-- 6 -- Pivoting
The next step is to look around the local network of the box you hacked. This is pretty much the same as the first Scanning & Exploiting step, except that from behind the firewall many more interesting services will be exposed. A tarball containing a statically linked copy of nmap and all its scripts that you can upload and run on any box is very useful for this. The various nfs-* and especially smb-* scripts nmap has will be extremely useful.
The only interesting thing I could get on finsupport's local network was another webserver serving up a folder called 'qateam' containing their mobile malware.
-- 7 -- Have Fun
Once you're in their networks, the real fun starts. Just use your imagination. While I titled this a guide for wannabe whistleblowers, there's no reason to limit yourself to leaking documents. My original plan was to:
  1. Hack Gamma and obtain a copy of the FinSpy server software
  2. Find vulnerabilities in FinSpy server.
  3. Scan the internet for, and hack, all FinSpy C&C servers.
  4. Identify the groups running them.
  5. Use the C&C server to upload and run a program on all targets telling them who was spying on them.
  6. Use the C&C server to uninstall FinFisher on all targets.
  7. Join the former C&C servers into a botnet to DDoS Gamma Group.
It was only after failing to fully hack Gamma and ending up with some interesting documents but no copy of the FinSpy server software that I had to make due with the far less lulzy backup plan of leaking their stuff while mocking them on twitter.
Point your GPUs at FinSpy-PC+Mobile-2012-07-12-Final.zip and crack the password already so I can move on to step 2!
-- 8 -- Other Methods
The general method I outlined above of scan, find vulnerabilities, and exploit is just one way to hack, probably better suited to those with a background in programming. There's no one right way, and any method that works is as good as any other. The other main ways that I'll state without going into detail are:
1) Exploits in web browers, java, flash, or microsoft office, combined with emailing employees with a convincing message to get them to open the link or attachment, or hacking a web site frequented by the employees and adding the browsejava/flash exploit to that.
This is the method used by most of the government hacking groups, but you don't need to be a government with millions to spend on 0day research or subscriptions to FinSploit or VUPEN to pull it off. You can get a quality russian exploit kit for a couple thousand, and rent access to one for much less. There's also metasploit browser autopwn, but you'll probably have better luck with no exploits and a fake flash updater prompt.
2) Taking advantage of the fact that people are nice, trusting, and helpful 95% of the time.
The infosec industry invented a term to make this sound like some sort of science: "Social Engineering". This is probably the way to go if you don't know too much about computers, and it really is all it takes to be a successful hacker.
-- 9 -- Resources
Links:
Books:
  • The Web Application Hacker's Handbook
  • Hacking: The Art of Exploitation
  • The Database Hacker's Handbook
  • The Art of Software Security Assessment
  • A Bug Hunter's Diary
  • Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier
  • TCP/IP Illustrated
Aside from the hacking specific stuff almost anything useful to a system administrator for setting up and administering networks will also be useful for exploring them. This includes familiarity with the windows command prompt and unix shell, basic scripting skills, knowledge of ldap, kerberos, active directory, networking, etc.
-- 10 -- Outro
You'll notice some of this sounds exactly like what Gamma is doing. Hacking is a tool. It's not selling hacking tools that makes Gamma evil. It's who their customers are targeting and with what purpose that makes them evil. That's not to say that tools are inherently neutral. Hacking is an offensive tool. In the same way that guerrilla warfare makes it harder to occupy a country, whenever it's cheaper to attack than to defend it's harder to maintain illegitimate authority and inequality. So I wrote this to try to make hacking easier and more accessible. And I wanted to show that the Gamma Group hack really was nothing fancy, just standard sqli, and that you do have the ability to go out and take similar action.
Solidarity to everyone in Gaza, Israeli conscientious-objectors, Chelsea Manning, Jeremy Hammond, Peter Sunde, anakata, and all other imprisoned hackers, dissidents, and criminals!
submitted by m1croc0d3 to HowToHack [link] [comments]

Thoughts on the impact of bitcoin halving

Hey everyone,
Throwaway account btw.
I’ve been deep in thought about the upcoming Bitcoin halving and wanted to share my views as well as seek alternate perspectives. I think BTC is now big enough to really have exposure to global events, and predict we are about to be in a wild ride. Even though my analysis is definitely bearish in the short term, really believe BTC is about to “grow up” after the turmoil of the next few weeks is over.
The tldr; to this is that I’m betting there will be a massively sharp downward drop in the price of BTC (ie sub USD$200) in the coming weeks with a longer term recovery highly likely, however the time it takes for this could be vary from a fortnight to many months, and be driven by a new and higher transaction fee norm. I’ve been selling down my stake in the recent week given the high prices, as I am very confident a big opportunity is emerging to buy at the $150 level in the next few weeks and I’m building a war chest for it.
The detail
There’s of course no exact reason why the price of bitcoin has jumped so much in recent weeks, however I’ll assert it is a combination of the following;
On Brexit, we are a week away from knowing what happens. It seems that if Brexit occurs (eg Britain leaves the EU), it will be largely a big financial mistake for Britain spilling into the region (BTC might rise further, but it's already had a big run up already), and if Brexit fails (eg Britain stays), calm will return to the market and we will see a return from the recent flight to “safe assets”. It’s anyone’s guess what will happen here, and the bookies are predicting a close call.
Verdict: either way Brexit goes, BTC fluctuates wildly, compounded by the ever-nearing halving event.
China – I’m really not close enough to the action here, however there has been a combination of local and global issues that are driving behavior. The Chinese love a gamble and I suspect as other commentators do to, that this is a big factor on the BTC price too. Verdict: after Brexit, a Chinese rush from closing out their positions will accelerate the price drop.
The halving
I’m not a miner, but my back of the envelope calculations below is telling me we might be about to hit a “stalling event” if the price per BTC comes nears USD$500 before halving, which could drive panic in the market and cause a massive drop.
To use round numbers for simplicity, here’s what the returns have been recently for miners:
January 2015 – price per BTC was ~$250 and decreasing. 25BTC reward provided $6,250 per block + ~0.1BTC in transaction fees. Hash rate was approx. 300GH/s. Total return = USD$6,275 per block.
July 2015 – price per BTC was ~ $250. 25BTC reward provided $6,250 per block + ~0.15BTC in transaction fees. Hash rate gradually increased approx. 350GH/s. Total return = USD$6287 per block.
January 2016 – price per BTC was ~$450. 25BTC reward provided $11,250 per block + ~0.2BTC transaction fees. Hash rate hit increased a bit over double to 800GH/s. Total return = USD$11,340 per block.
Now, June 2016 – price per BTC peaks at ~USD$750. 25BTC reward provides $18,750 per block + ~0.4BTC in transaction fees. Hash rate has almost doubled again to 1400GH/s. Total return = USD$19,050 per block.
Given the relative flat increase in hash rate when the price remained fairly flat in H1 2015, this tells me is there is a baseline capacity of 300 or so GH/s which cannot operate if the return is less than $6,250 per block + transaction fees (as no-one was adding significant capacity then, perhaps just swapping out equipment).
Based on all this, my calculations suggest the make or break price will be around USD$450 per BTC near the time of halving.
Mining rewards would equal $5,625, and transaction fees sit around 0.5BTC per block, so total return per block comes to $5,850.
Old miners get switched off as it is uneconomic for them to continue, and we lose approx. 300GH/s from the mining pool – approx. 20% overnight.
Because the mining difficulty remains in place for a further ~2 weeks, transaction times take a hit given there is less capacity. Panic hits the market driving the price down and transaction volumes up, creating a repeating cycle of a queue of transactions and slow confirmations, greater uncertainty and decreasing prices. People begin to think BTC is “done for” and panic even more, even though it is working exactly as designed. Less efficient miners continue to switch off as the price continues to drop.
A few exchanges start having performance issues as they get smashed with web traffic – this actually helps the mining situation (less volume, transactions verified quicker), however given the panic the price doesn’t yet stabilize.
People increase their transaction fees to prioritize their trades. We see transaction fees triple to an average around 1.5BTC per block (on 200 transactions it is still a small cost – approx. 0.0075BTC).
Panic (and robot trading) continues to drive the price of a BTC down, and it eventually finds a level of support, possibly between USD$200-$250 (range 12 months ago) but – worst case it drops through the floor and hits mid 2013 ranges.
There may be no stopping the downward spiral until BIG buyers come back into the market. And there are plenty of them of course, with all the cash on the sidelines from those who sold out earlier, and big funds waiting to pounce on the post-halving correction which they have been hanging out for.
Miners begin turning their old kit back on as BTC start to flow from the transaction fees and the price starts increasing, making it economic for them to work again.
Fast forward a few weeks, and the price of a BTC has jumped back up to more recent levels (USD$450-$500, maybe higher). The mining difficulty relaxes given the average transaction time went well over 10 minutes. Miners are making about $6,000 per block (12.5BTC), with transaction fees been making up for the decrease in reward.
A new norm appears. Survival stories from “the big halving” bring many, many more people in the market, fueling demand and the price follows. BTC lives on, but this time, stronger than before as it has finally grown up. I’m reckoning USD$3000 in 2 years, but the next 4 weeks are going to be a testing time and probably best viewed from the sidelines until the price drops sufficiently to de-risk a purchase.
Thoughts welcomed & appreciated – sorry I cannot reply but I’ll be keeping an eye on the thread.
submitted by throwaway282828289 to Bitcoin [link] [comments]

[Table] IamA founder of Tindie, "Etsy for Tech". Started on /r/Arduino, team of 5, just finished fundraising (pitching 50+ investors), and have now closed $1m+ in funding. This is a follow up to last year's AMA, for anyone interested in startups/tech/Silicon Valley/open hardware. AMA!

Verified? (This bot cannot verify AMAs just yet)
Date: 2013-12-02
Link to submission (Has self-text)
Questions Answers
As a maker, why should I sell my goods on your site instead of amazon? As a buyer, why should I buy from you instead of amazon/ebay? Great questions - as a maker, our rates are lower than Amazon - flat 5% of the order. We also reach a core audience of people like you, which tends to mean you'll sell more on Tindie vs Amazon. As an example, one seller sold exclusively on Amazon, opened a Tindie store, and we began out selling Amazon. He closed his Amazon store and now sells exclusively on Tindie.
As a buyer, you are joining a community of likeminded people from all over the world and in different niches. Some like audio, some drones, others lighting. In the new year we are launching more features to build out the community side of the site. We are a community marketplace - community comes first. We can do a better job on the community side, and those features are currently being built.
As an example, one seller sold exclusively on Amazon, opened a Tindie store, and we began out selling Amazon. He closed his Amazon store and now sells exclusively on Tindie. Amazon has a flat fee you must pay $40 a month When you sell out many times over, inventory management becomes a huge issue.
Many reasons but here are two- * * Amazon has a flat fee you must pay $40 a month.* Easier inventory management when you have to just make sure 1 site is right vs multiple. When you sell out many times over, inventory management becomes a huge issue. But, that's three reasons. How can you run a successful business if you can't even count? Link to static.fjcdn.com
I have a desire to learn a programming language and have messed around with python and java on codeacademy. What would you recommend as the next step? Books? More beginner tutorials? Poking around on github? Sounds like you are now at the crossroad where people either keep going, or 'never have the time.' When I started, I'd get the occasional comment online, 'You'll never figure it out.' It's a pretty accurate statement for most. Most don't figure it out. If you can put your head down and just grit it out, you'll get to the other side.
If you want to grit it out, start with Learn Python the Hard Way. Then figure out a project you want to build and go build it. You'll pick things up as you go. You'll think you have it about 10 times before you really have a solid understanding. There were many times I'd talk to my friends and say "Oh I figured it out." I was wrong 10 times :)
It took 1 year to get to n00b level. The next year is when things settle in. After 2 years, you'll have a solid foundation to keep honing your skills. You won't know everything, but you can hack together projects, & figure things out.
Also checkout Stackoverflow. Learning how to properly break down my problems into questions was a great exercise. It helped me understand what the real problem is vs what I thought it was.
Did you eventually start working as an engineer or was programming geared towards side projects and building Tindie? I did - my first job after learning how to code was as a developer advocate. Not 'coding' but putting what I learned to good use. That company was acquired, and I eventually became a web engineer at the company which acquired us. That was my last job before starting Tindie.
My local hackerspace, a 501(c)3, is just getting started. We're thinking of making some products to generate some funding... would Tindie be the right marketplace for us? Oh cool! Yep! We have members of hackspaces all over the globe on Tindie. Sounds like a perfect fit. If you have any questions, just pm me and we can help!
What sort of things did you do for market validation? Good question - the only market validation I did was ask the question on /Arduino. There wasn't a marketplace for this type of hardware (we are still the only "big" site doing what we are doing). The space is emerging now.
Did you have personal experience with this type of thing, people you knew who needed something like this, or some other type of research? You are right. The big question I got from investors is actually - 'How big is the market?' Unfortunately there isn't a good answer for that bc the market is growing / being defined now. Arduino/Raspberry Pi/Drones/3D printers are all just getting started and all growing like weeds. If those platforms become as big as we think they will, then a site like Tindie will have to emerge.
Also, how do you go about estimating market potential? The one thing we look at is the components market is a massive, multibillion dollar market. The type of components that are on Tindie, generally speaking, first come to market on Tindie. The market potential is entirely untapped. However having orders from gov't agencies & large businesses is very reassuring that there is a much greater opportunity than just hobbyists (which is what most people thing on first glance).
What's been your biggest challenge as CEO of your own start-up? Great questions -
What's the most frequent challenge you saw when working across various start-ups in the Valley? Biggest Challenge as CEO - Communication, balancing expectations, keeping everyone on the same page from users, employees to investors. You'll constantly hear, "Did you see X?" when someone thinks it is a competitor. Chances are it isn't and they have their own idea of what the business is which is different than your own.
What words of wisdom do you have for someone wanting to create their own start-up? Wisdom to start a startup - If it is a tech startup, one of your cofounders must be technical. Either yourself or your cofounder. If you can't build the first version/ a proof of concept yourself, start there. If you aren't technical, and don't know anyone technical, learn. In the valley you hear, "I'm looking for a techincal cofounder." so many times its crazy. You either already know someone (a good friend usually) or you don't. Trust me , you won't 'find' a techincal cofounder.
Thanks for your time (and sorry for all of the questions) No worries - these were excellent questions. Keep 'em coming!
You'd be shocked how many random emails I get with businesses proposals. Are these the recreate facebook type of deals where you do all the work and they get to be the owner for giving you the idea of facebook? It runs the gamut from sales, hiring, marketing, partnerships, you name it.
Did you have a good breakfast? Eh, coffee, leftovers, and IRC. We have a channel on Freenode I hop in every morning to check in with users (Tindarians) and make sure everything is right with the world.
(hash)tindie on Freenode ftw
You've mentioned a few times how you shouldn't outsource development to a third party. Can you elaborate on this? Why not? What was your experience? What should you do instead if you're a n00b coder (like myself)? Sure thing - if you hire a 3rd party, you will always have to pay someone else to iterate on the site. There is a 0% chance it will be right on the first shot. Therefore its really an invitation to spend a lot of money down the road - not just the upfront cost you are spending to get your idea made. This is what I did with Knowble - it cost something like $20k+. Please learn from my mistake :) You'll have to iterate, make changes, learn as you go. If you know how to code, then you can make those changes yourself. You'll do it in the morning/nights/weekends and it will only cost you your time.
What advice do you have for me as a student? Thank you, I think what you're doing is awesome! Very cool! Getting press / outside attention is very difficult (if you don't pay for PR - we don't pay for PR). Write blog posts, like to those sites. The link love will go a long way (over time). Most of the companies that you read about on TechCrunch, PandoDaily, etc are paying for PR which is why they get listed on all of those blogs and have stories come out at the same time (embargoes). As a student, build something! Just keep building things. You have some free time - take full advantage of it. Also meet your peers. Build a network of other students in your class. Some will go to Google, Twitter, the next Google, the next Twitter. Increase your chances of doing well by meeting as many super smart people as you can. Build projects with them. Just make things and learn from experience.
I'm also a CS student and for the longest time I've been interested in Arduino. How did you get started tinkering and where would you recommend someone such as myself begin so as to eventually purchase from your website? There are tons of beginner Arduino books. Arduino also has some great tutorials: Link to arduino.cc
In this age, if you have a CS background, Google is your friend :)
Did some more reading. I personally feel a lot of excitement for how well you're doing lol, congrats! What we're you doing before the 5 year run in the valley? How did you get started there? Learn to do the things you don't know yourself.
NEVER outsource development to a 3rd party company.
Learn how to code.
If you don't know how to code, don't bring on another person that doesn't know how to code.
So what compelled you to go from NC to CA? How did you start getting acquainted with people there? Joined Yelp. Yelp was maybe 40-50 people at that point. Flew myself for the interview, got the job, packed my car and hit the road.
As an aspiring entrepreneur myself, my question is this: what was the process like of getting the company from an idea to something you would be able to pitch to investors? The site was already live, we had products, orders, traffic. The sales early on were ~doubling month over month. Sure they were small but that seems like a very good sign. As it kept growing, people around me connected me with other people interested in the space. The first investor I got was someone that was in my network already, but I didn't know him. He also invests in early stage companies, understands marketplaces, and believes in the changes we are seeing in the hardware space. From introductory call to email saying, "I'd like to invest" was about 12 - 18 hours.
How did you fund the project initially? Spend time/money to get a VERY polished pitch deck.
How did you go about finding investors? If an investor says "stay in touch, I'm interested" thats a No.
Did you have to refine or iterate your idea at all in the process? We didn't have to iterate on the site, but I did iterate on the messaging/how I frame what we are doing depending upon the investor, and how that message was received by the last investor. I was constantly iterating what I said from pitch to pitch.
Would you feel that taking a year off to learn python was a worthwhile decision? With no coding background, can I learn it in a year? Definitely - 100% worthwile. I had saved up enough to live for a year without a paycheck (without healthcare...not smart but I did it). If you are interested, go for it. While you still have a job start learning HTML, CSS, some basic things. Give yourself some sort of foundation before taking the plunge. After a year won't be able to get a job as an engineer, but it will definitely help in the long run. I have never regretted that decision.
Any recommendations on resources to learn HTML and CSS? I have some programming skills (C, assembly, VHDL) and found the code academy stuff to be too slow and had a hard time seeing how to really apply it. Link to webdesign.tutsplus.com
I <3 Tuts / Envato.
How much did a year of free time cost you? Rent was $710 a month, Food ~$200-300. Add in taxes & other spending. $20k ish.
There are many exciting developments in hobby-level electronics development. First things like Arduino, now affordable ARM processors. In addition to cheap accelerometers, laser cutting for enclosures, 3d printing, etc. What trends and fads are you seeing that are exciting to you? What kind of products do you think we will see in Tindie next year? Five years from now? Ten? AirPi - Two 17yr olds in London built a shield for Raspberry Pi to turn it into a weather station. Brilliant, cheap product that I never saw coming and has done amazingly. They had to incorporate in the UK, take a loan from their parents, and just shipped hundreds of preorders they got on Tindie. The only thing I know for certain is we will have tens of thousands of hardware companies emerge over the next few years because it is becoming cheaper to prototype and easier to manufacture in lower volumes. Yes "hardware is hard" but it is getting easier and that only opens the door for more people to come in.
Tapster - a robot for manual app testing on mobile devices. EVERY mobile app developer in the world should have one bc of the time you'll save.
How did you come up with the name Tindie? Indie Tech...Tech Indie... Tindie.
The domain was available. Best $7 I've spent.
Amazing site! Just found it. Question/Suggestion ... I'm looking for a site that will accept commissions for one-off projects based on boards like Arduino or Raspberry. Any chance you're site will offer such a market? Thanks! Can you break down "will accept commissions?" Just want to make sure I fully understand what you are looking for.
Hi there. I have been looking into creating a website my self, and I was just curious as to how you build a user base for something like this? How did you get people to sell on Tindie when it first began? Good question - you'll need to figure out where your initial users are and tell them what you are doing. Get people in your corner. As you build the site, give them updates, let them sign up before the site is live. If you don't have enough users on day 1, do more to drive more users to the site. Launch only when you have some amount of users (few hundred or maybe a few thousand is the best case scenario). You'll never be ready to launch but definitely give yourself some momentum before opening the doors.
I did this by keeping everyone on /Arduino in the loop. As I found a name, a domain, logo, I'd share those updates. Sellers were able to sign up and "stock the shelves" prior to launch which meant once I opened the site for transactions, we had ~20 sellers/ products on the site and orders on day 1.
Have you considered reaching out to the Bitcoin mining community? Their hardware seems to fit into your site. We haven't but I'm 100% open to Bitcoin mining products on the site.
Have you considered accepting Bitcoin? We haven't due to its volatility.
Who is your favorite ninja turtle? Easy one - Michelangelo!
Do you plan on taking currencies like bitcoin, megacoin, etc? Not right now. Bitcoin is too volatile. From talking with other marketplaces that implemented Bitcoin, the % of transactions that come through are very, very small. Most people seem to be holding Bitcoins as an investment strategy (the gold analogy). I think that is true. At this point, we can get a much bigger bang for our engineering buck by working on other features vs implementing/maintaing Bitcoin or a similar digital currency.
Why did you decide to go to the valley for this? For someone thinking of starting an e-shop startup, what would you advise? I had been in SF for 4 years, then moved to Portland after the last company I was at was acquired. I moved back bc missed friends and our head of engineering is in Mountain View too. Made sense from a personal perspective.
Would I move to the valley if I didn't already have a connection to the area? I'm not sure. It is definitely cheaper to live somewhere else. However it is more difficult to get into the community from outside the area. If you live in the the valley, you'll constantly hear about startups/tech and meet people who are part of the scene. It's easier to be a part of the conversation if you are in the area.
I've heard from many of my friends in the industry that moving to SF is also a risk as many of the big companies pose a risk at hiring your engineers. Many of them end up moving their companies back to Canada where Engineers are much cheaper for the same quality. Very true. It is very common for people to stay at a job for one year, vest 25% of your options, and leave for the next hot startup. It is valuable to have a presence in the valley - but not necessary for your team to all be there. I'm a huge fan of distributed businesses.
So what's your take on the interest level in hardware overall? Do you think things being sold on the site will continue to increase in complexity? Or will they be limited in scope and cost in the future because people are more interested in the low end of things? Hey Chris! I think it will gain in complexity - esp as parts come down in price, and manufacturing lower quantities becomes more accessible. The opportunities only get magnified as those two trends accelerate.
I think we will always have low level / low end products, but the sky is the limit - in terms of price point and customers. We already have products that cost pennies to $1k+. We will begin to have more consumerish products - but I think those will fuel growth in hardware. The more interesting products emerge, the more interested people will jump into diy. Very cyclical. Arduino & Raspberry Pi just make that first step so much easier. Gateway hardware drugs.
This looks awesome, I'm surprised I've never heard of it. My question: how hard is it really to start your own business and what are some obstacles no one hears about? It is difficult but not impossible. Things to plan for: taxes & attorney fees. You'll want to set up your business correctly if you plan on raising outside investment. If you don't do that right up front, you'll get bit when you fundraise. The legal fees we'll have for this financing round will be over $10k I bet (probably more)
Any suggestions on where to find and learn how to do this hardware stuff? Where did you learn to it? Was there any doubt while creating this project? Did you think about giving up? Google is your best friend. There are books, tutorials, but just dive in. If you have some coding background just get started. Fortunately that is where I started so its more a process of picking something up and playing around (vs starting from 0).
Question: how much equity did you give up for the investment you've gained? Thanks! A this point it is just closing and collecting checks so the final % will be set in a few weeks once we have a definitive amount closed with this round. However the answer you are looking for is 20%-25%.
I have a question. What stage was Tindie in when you pitched to the investors? (users/revenue) What was is about Tindie that made them decide to invest? At this time last year, I forget where we were with users but we had $3600 in sales that month which would be about 100 orders. When talking to early stage investors, it is very much a gamble. The chance of failure much higher, but then again the opportunity is great. I haven't asked them point blank, but I think it ultimately boils down to they have an idea of how the world will work in the future, and you fit in that narrative.
I have a very refined idea for a web/mobile app start up. I have done months of research on the problem/solution I am building but I have no experience designing websites. Thus, I will need to pitch investors to fund development. What are any tips or resources to get in touch with potential investors? Unfortunately you need to get it built. With out a product & traction, it will be very tough sailing
Do you accept Bitcoin and if not can we expect it in the future? We don't right now and don't have any plans to in the future. Copying answer from another question "Bitcoin is too volatile. From talking with other marketplaces that implemented Bitcoin, the % of transactions that come through are very, very small. Most people seem to be holding Bitcoins as an investment strategy (the gold analogy). I think that is true. At this point, we can get a much bigger bang for our engineering buck by working on other features vs implementing/maintaing Bitcoin or a similar digital currency."
I'm an idea guy; I have new ideas everyday and am actually executing a few of them. My roadblock right now is getting it out there and selling it (to consumers, to investors). I have a new idea that, while the product is different than yours, could rope in every business sector. I've never built a business model; all of my stuff is from the idea point of view. I get an idea, find out if it's been done, and then make it work. What can I do to get the word out there and find investors? What kind of cut do you think is fair for investors? Build it. Unfortunately "ideas are cheap." You have to build it before anything else.
We are a startup who has built it (4+ years of work). Its a business administration product. We are in desperate need of sales and marketing department. How do we approach investors? If you are growing like a weed, they should be approaching you (at least some should). Based on the tone of your question, it sounds like that may not be the case?
As a maker who is currently in final stages of getting a product ready (ie 2nd round of PCB prototypes) any advice about how I go about getting it ready to sell on tindie? How do I determine a good initial batch size to order, handle shipping, refunds etc? Good question - once you are ready, you can list it as a Fundraiser (our version of crowfunding which really is just accepting preorders). It has to hit the min # of units sold to 'live' where we bill the orders and you fulfill those ordered. That will give you a good idea of the initial demand. Shipping & handling you'll need to do a little testing on your end bc it depends where you are located & the shipping service you select. Refunds we can handle on our end. You'll just need to tell us which orders to refund. If you have any other questions, feel free to email us at support(at) tindie.com. More than happy to help!
How did you get in front of 50 investors? Thanks for the AMA I kind of see now what I need to do for my Start Up getting rejected 10 times shouldn't be a big deal I guess. 100% from networking. Friend introducing me to someone else, who says you should talk to X. That person sends the intro, and then schedule a meeting. Cold emails don't get you very far with the top investors who are constantly being bombarded with pitches.
This is very interesting. How is the actual pitching process? I mean, once you get introduced, do you pitch to them in a Shark Tank style? over coffee/lunch? And which aspects of Tindie was the biggest seller to the investors? My background.
How did you come up with the idea.
Why now?
What are you doing?
Traction.
Future plans.
The team.
Some were more presentation style with a slideshow and just run through the deck where the investor most likely will interrupt you from time to time with questions on your points/assumptions.
0 were like Shark Tank.
I think the main thing we have going for us is our team -very strong with startup experience at well known companies/ great engineers. Next is our traction and position in the space.
Thanks for the answer! I thought you were a one man team before getting some funding. How did you get a team together when nothing was really proven? Ah at that point it was just myself and I had built everything up until that point. The site was live, we had products, orders, early traction.
of all congrats on the success with your start up and initial funding. What is the number one thing you would say investors look for in a start up? What helped you achieve success while pitching your ideas? Depends ultimately on the investor and if they are the lead or a follow on investor. The lead must believe in the space, have some idea of what is going, and therefore be passionate about the opportunity.
Follow on investors might know something about the space, might not. The one thing I didn't realize is how much they just "pile on." Most investors look for a signal by another big name investor, and if they are investing, looks good and they want in! The pile on mentality is alive and well.
So are you saying that funding is closed and you are not accepting any new investors? Right - the round is closed. The docs are written. The lead investors have already wired their funds. Now just emailing the smaller investors, getting signatures and the wires for their commitments.
1.) What was the toughest question you were asked during pitches? 2.) Any questions worth mentioning a company should be able to answer that they don't think about? 2) I don't think there is any particular question - just think ahead of what they will ask you. Have your questions down cold. Answer & then shut up. Don't be afraid of silence.
3.) Our products are similar in the sense of the needed co-creation so I'm interested in your marketing strategy on both fronts. (finding sellers and finding buyers) 3) Sellers & Customers has been word of mouth. We haven't don't much on the direct marketing side, so I don't have very good advice on that.
4.) I'm sure not everyone has been full time with the company, so how did you manage a team of 5 part-timers and making sure deadlines were met, goals accomplished, etc.? 1) Market size. There isn't a good answer. You can come up with many different answers with many different data points but at the end of the day, no one knows 4) Everyone is full -time.
I'm trying to convince some friends of mine to get serious about taking an idea of there's to an angel to see if they (we) could get funding. So my question is, what did you need to take to investors in the form of demos/research/etc. to get them to take you seriously enough to give you your first (and subsequent) rounds of funding? Build it first. If you get traction on the idea/project, investors will be interested. If it is just an idea, you'll have a very tough time. The only real answer - build it and they will come (if it is a great project and they see potential).
Makers / producers of open source hardware and products? What niche do you feel is currently not being addressed in the open source hardware arena? I think any hardware product today should have an open equivalent. The opportunity is just sitting there for someone to build an open version of X. Open source if a flywheel. Once you get it started and there is a community to support it, it only becomes stronger and better. At the end of the day, I don't see much difference btwn producer vs educator. If you have an open project, part of your job will be education. Just start working on something. At the end of the day, if you want to produce it and sell it you can. If not, no harm/no foul.
Hi Thank you for doing this. My question is, how hard it is to work with VC/Angel people? Do they push you really hard? Good question - some investors you won't get along with. You'll have different ideas/ look at the world differently/ it just isn't a fit. If that is the case, probably not a good fit as a major investor in your company. The can email you rather frequently - don't want to hate that part of your job...
I'm 19 and have no marketable skills beyond being the designated local tech geek. In terms of coding, I could mess around with the variables in JavaScript, but that's about it. Would I have any use in your organization? If not, what would you recommend the first thing I do to set down that path? Unfortunately not. Get more experienced & become a solid JS developer. Build projects, open the code, get feedback, critiqued by the JS community. You'll have a lot of value as a seasoned JS dev (esp as Node picks up traction)
I'd love to hear your thoughts on patents for DIY hardware! Let's say I've got a hardware design idea, but I know it's an evolution of existing technology. How do I go about researching conflicting patents that could prevent me from bringing my idea to market, what steps should I take to differentiate my idea from similar products, and at what point (if any) do I need to see an attorney? I'm anti-patent. It is a huge time/money suck and ultimately hinders innovation. I'm not the best person to ask on researching your design/idea/ etc but I'd probably just go ahead build it and go for it. Any time you spend looking for conflicting patents, someone else will launch their version and get a leg up.
Plans for the international market? Already international! We have customers in over 60 countries, sellers in over 40. I haven't looked lately but those were the numbers about a month or two ago.
Thank you for shipping to India! \o/
Hello Tindie. I am just now incorporating as of January 1st (LLC) with friends in the tech industry for our first start-up. They are all NASA employees and MIT grads with extensive tech background, but my background is in Public Policy and Regulations development. Are there tools on your website for new start ups in the tech field, or could you offer any recommendations as to navigating pitfalls for someone without extensive tech background? We can definitely do a better job on that end. Since you all have an engineering background, most likely the biggest problem will come in execution - sourcing manufacturers, parts, work abroad vs a domestic manufacturer. PM me and we can definitely help!
What has been your biggest regret starting Tindie? No regrets so far. It's been a huge learning experience- esp this year. If I were still at my old job, I'd have been constantly wondering whether or not this could take off. Happy I took the plunge.
HAve you ever thought to add Music Tech to the site? I know a lot of people who are into buying and creating their own midi controllers/instruments. OR have I overlooked something? We have it :) Link to www.tindie.com
How many register sellers and buyers do you have? Sellers: Over 300.
Last updated: 2013-12-06 11:10 UTC
This post was generated by a robot! Send all complaints to epsy.
submitted by tabledresser to tabled [link] [comments]

Bitcoin HASH RATE skyrockets! Cryptocurrency Bucks the Trend!! Oobit Pass  Crypto and Bitcoin News DeFi Big Scam!!? Be Careful/Bitcoin Pumping Soon Hash Rate ... Bitcoin’s Hash Rate Surges Higher Despite $2000 Price ... What is hash rate in Bitcoin ? - YouTube LITECOIN Hash Rate Down!

Morgan Stanley Strategist Recommends Bitcoin as Central Banks… September 13, 2020. Bitcoin. Bitcoin whale cluster at $10,570 is the most… September 12, 2020. Bitcoin. Huge ‘Bitcoin Tram’ Ad Campaign and 20 Billboards… September 12, 2020. Bitcoin. Bullish pennant hints at Bitcoin price breakout to… September 12, 2020. Bitcoin. Growing Bitcoin Hashrate Points to Further BTC Gains ... Antminer Bitmain S9j 14.5TH/s 16nm ASIC Bitcoin BTC Miner: IBEST IMPETUS ATX Netzteil 1600 W Mining Server Netzteil 1600 W Gold PSU Mining 140 mm leiser Lüfter mit Mining Machine für 6 GPU Rig Ethereum Bitcoin Miner: CNIKESIN Bergbau Riser Karte, 1X eine 16X Grafikkarte mit USB 3.0 Verlängerungskabel Sata zu Molex 6 Pin Stromkabel für Gpu erweitern Ethereum Bitcoin Miner Machine : KKmoon ... Bitcoin tweeted out to it’s 58 thousand plus followers that their hashrate has it another all-time high, experiencing a 15% increase in the last two weeks. Bitcoin Hashrate Constantly Climbing This recent jump and constant rise in hashrate over the past few months shows a consistent level of interest in mining the digital token, despite […] As bitcoin grows in popularity and recognition worldwide, resources dedicated to providing in-depth and diverse stats on all things crypto have exploded onto the scene and continue to proliferate rapidly. This post lays out 17 of the best sites, and divides them into basic categories such as checking price, viewing network visualizations, and more. Also... Bitcoin hashrate jumped 23 percent since May 26, signaling more miners are resuming operations on the cryptocurrency’s blockchain network.The rally also continued as Bitcoin’s mining difficulty dropped by over 9 percent on June 4.The rising hashrate indicates a slowdown in miner capitulation, which could assist in sending the bitcoin price higher towards $10,000.The Bitcoin hashrate […]

[index] [45298] [40420] [44824] [15155] [627] [2520] [6084] [9412] [7014] [17246]

Bitcoin HASH RATE skyrockets! Cryptocurrency Bucks the Trend!! Oobit Pass Crypto and Bitcoin News

Well, Litecoin hash rate is down and people are going crazy about it. My thoughts on LTC and LTC hash rate. My thoughts on LTC and LTC hash rate. Cycles of Bitcoin - https://www.tradingview.com ... Bitcoin's halving (block reward) is fast approaching, and we examine the recently increases hash rate metrics. Oobit Releases A Coinbase-Powered “Skyscanner” For Bitcoin. Singapore-based Oobit ... Free Bitcoin എങ്ങനെ നേടാം? (ലിങ്ക് താഴെ കൊടുത്തിരിക്കുന്നു ) Hash Rate ... DeFi Big Scam!!? Be Careful/Bitcoin Pumping Soon Hash Rate increases/Bitcoin News ***** What is DeFi - https://yout... Bitcoin has faced a strong correction over the past few weeks as legacy markets have collapsed from local highs. The leading cryptocurrency currently trades ...

#