#Technically this is connected to Hacker and Dev- | Explore Tumblr posts and blogs

evanvanness · 5 years ago

Text

Annotated edition of May 3 Week in Ethereum News

As it is wont to do, the newsletter buried the lede: ProgPoW is indefinitely shelved.

I think it’s been relatively clear since last time that ProgPoW wasn’t going to happen. The leads of the two largest clients are against it personally, plus it’s quite clear that there isn’t anything close to community consensus. If anything, at the moment the majority of the community opposes it. Greg Colvin bringing it up again last week unfortunately made it harder to do in the case where we do actually need it, ie an ASIC manufacturer has a 10x breakthrough but is only selling the machines privately to control 50%+ of the network.

I’d say it’s unclear whether ACD continues to be a thing. To me it feels like an experiment which was worth trying but has become calcified, which needs a complete refresh in terms of both process and non-technical people involved. But inertia is also a very strong force. To overcome that, Ethereum should have a strong culture of continuously sunsetting things if they are not working.

One amusing thing to me has been the idea that ProgPoW is an AMD/Nvidia conspiracy. Given that ETH price declining in 2018 absolutely destroyed their earnings and share price, those two should have been conspiring! Yet if they were, then they did an exceptionally bad job at it. Instead everyone I know got the impression that the GPU manufacturers were indifferent. There are some competing interests for them of course - the anger of their traditional gaming market, plus AI/neural net researchers - but it still surprises me how they did not get involved at all.

Despite the noise, Ethereum governance works! I remember polling everyone I talked to at EthDenver2019 about whether they supported ProgPoW and (at the time I was pro-ProgPoW; I’d say my position is much more complicated now) being disappointed at how everyone I talked to was against it.

I’m very glad we don’t have on-chain governance where a few exchanges/whales could collude to push things through. Because of that, I’d say on-chain governance will drastically limit the market cap of any basechain’s native token.

Eth1

Latest core devs call. Tim Beiko’s notes. Updates on EIPs for eth2 curve, EVM subroutines. ProgPoW shelved due to clear lack of consensus. Discussion of migrating to binary trie

Analysis of EIP-2315 simple EVM subroutines

DHT+SkipGraph for chain and state data retrieval

Notes from the fee market change call

Vitalik’s EIP1559 fee market change FAQ

There’s a risk of being repetitive, but much of the eth1 work does not lend itself to high-level summaries. Folks are discussing the technical details of EVM improvements (eg, subroutines), as well as getting clients to be stateless (eg the DHT and Skipgraph link). And we’re also talking through EIP1559 in light of Dan Finlay’s escalator algo alternative proposal.

One development not mentioned is that Martin Swende has come around to Alexey’s gas/oil proposal instead of his previous approach of penalties for trie misses.

Eth2

Latest what’s new in Eth2

Schlesi multi-client testnet launched with Lighthouse and (slightly updated) Prysmatic clients. Then Nimbus joined Schlesi a few days later.

Bitfly has a Schlesi explorer

Nimbus client update – up to date, joining Schlesi testnet, RFP for security audits, and benchmarking Nimbus on a 2018 midrange phone

Update from ConsenSys’s TXRX team: prkl network monitoring tool, verifiable precompiles, cross-shard tx simulator, fork choice testing, discv5 sim, and work on turning off proof of work.

A step-by-step guide on joining Prysmatic’s Topaz testnet for Windows10 and MacOS

ConsenSys’s high-level eth2 FAQ

I don’t really do corrections in the newsletter, because once you send an email, you can’t easily clarify your language without sending another email.

But, if you click the “Nimbus joined Schlesi,” then it appears to me that Nimbus is receiving the blocks and following the chain, but not proposing/attesting/etc. I probably should have been more clear when I said “joined.”

Layer2

Channels funding channels: how state channels reduce latency and onchain transactions

This series feels to me like a “yes, state channels are almost here now, let’s get ready to reconsider how to use them.” Productionizing any new technology isn’t easy, and finding the uses that best fit the tradeoffs is not trivial. Seems like this is that series.

This newsletter is made possible by Chainlink

Decentralized oracles are a key capability enabling smart contracts to reach their full potential. Come work with the leading team providing oracles for Ethereum. Join us to help build the next generation of smart contracts in roles including Software Engineering, Developer Evangelism, DevOps, Product Management, and more.

I’m very excited that Week in Ethereum News will continue for the next year due to Chainlink, Celer, Trail of Bits, and 0x.

Stuff for developers

buidler v1.3 – test time-based cases in Buidler EVM, works with TheGraph

Waffle’s plan for making testing better with v3

Testing with Python and Brownie

Typechain v2 – Typescript bindings. truffle v5 support, natspec

Solidity docgen v0.5 – documentation generation for Solidity project

Running async/await scripts in Remix IDE

Austin Griffith’s scaffold-eth, a toolkit to prototype and win hackathons

A linked hashmap in Solidity

How to add proxy Ethereum addresses to BigQuery

Authereum’s batched transactions API for interest rate arbs

discv5 feasibility study for Status

Tutorial to testing on mainnet fork with Ganache, Jest and Uniswap

Etheroll security issue: hacker monitoring for onchain forks and then uses that info to frontrun transactions. Novel (to me!) hack

Dragonfly releases an oracles tracker

Synthetix CTO Justin Moses on 10 things they did to improve their Ethereum development experience. tldr: Buidler, Slither, TheGraph, and Tenderly.

It feels like a very undercommented trend how most devs now tell me that their stack is Buidler + Waffle + ethers, and increasingly Typescript as well. Of course, dev tool stacks are perpetually in flux, but this seems to be the stack du jour.

This isn’t new either. After writing the paragraph above, I remembered that Connext’s Rahul had written something about a similar stack 3 months ago. I go back and check Rahul’s recommendation: Buidler + Waffle + Ethers + typescript. If this was a chatbox, I would put a rofl emoji, but in prose this seems less appropriate.

Ecosystem

Contribute to the TornadoCash trusted setup ceremony. It takes about 5 secs of clicking and requires you to leave the browser tab open a few minutes.

Multisigs controlling multisigs: Avsa’s vision for a usable web3

Renew your ENS names or you will lose them. Names start to expire May 4th

Forgive me the clickbait - you actually have 90 days grace period if your domain expired, but I don’t want anyone to miss this if their domain has expired.

If you haven’t contributed to Tornado’s trusted setup ceremony, I recommend that you do. Assuming that the software works correctly, you can ensure that Tornado becomes trustless for you by participating! It literally takes just a few seconds to start, and then you leave your browser tab open for about 3 minutes. You can even contribute multiple times.

Enterprise

Hyperledger Besu v1.4.4, added priv_getLogs, added Splunk integration

Governance, DAOs, and standards

Governance processes for Maker and Compound add WBTC to Maker and USDT to Compound. TBTC also proposed for Maker

Maker’s MIPs ratification vote is live

MetaClan: DAOs for in-game coordination

ERC2611: Geotimeline Contact Tracing Data Standard

Last call: ERC1363 Payable Token

Last call: EIP1193 Eth provider Javascript API

ERC 2612: permit, 712-signed approvals

EIP2357: Total difficulty in block header

Lots of blowback to Maker adding WBTC. I very much understand the criticism, but to me it looks like Maker is taking reasonable measures, given the current situation where DAI is trading a little rich on the peg. It’s true that permissioned assets have some risk, but this is literally why MKR is supposed to have value: because those MKR holders make good decisions.

Now perhaps you don’t like that model, and that also makes sense, designing for stablecoins is a large solution space. But this has always been the Maker vision. And I say this as someone who does not hold any MKR, and never has (though you’re welcome to give me some!).

Application layer

DeFiZap and DeFiSnap merged to be ZapperFi: now track and trade your DeFi together

Gnosis Safe apps: interact with apps straight from the Gnosis Safe interface

dforce/lendfme plan post-hack: user airdrop, dSAFU insurance fund, large bug bounty

OpenBazaar now supports Eth

A rough proposal for a GasToken forward

Everest: a project registry from TheGraph and MetaCartel

I know I have said this before, but the ebb and flow between sections is fascinating to me. The stuff for devs section was full this week, but the app layer was a little light. Maybe I just missed stuff.

Arbitrary “how much of this section is DeFi” count: 3/6

Tokens/Business/Regulation

UMA did an Initial Uniswap Offering, and there was a 5-10x spike

It appears Telegram will have to return $1.2 billion to investors

Ideo’s Simple Agreement for Future Governance for DeFi

Auditing the 10k top Eth addresses: ETH is better distributed than BTC and a bunch of other interesting claims

I again note that US federal regulators continue to bailout Silicon Valley investors from the worst deals that Silicon Valley did in late 2017/early 2018.

I’d say it’s inevitable that we’re going to see some folks copy UMA. Watch for it.

Adam Cochran’s onchain activity of top 10k addresses is very interesting. Definitely some undersupported claims in there, but certainly worth a read. This is the second time he wrote a 100+ tweetstorm and then compiled it to a blog post. Personally I prefer viewing it as a blog post.

General

EtherScan Connect: an alpha for mapping addresses with a leaderboard

a16z raises $515m crypto fund

Vitalik’s review of Gitcoin grants round 5

SuperMarlin: no trusted setup with DARK polynomial commitment

“alpha for mapping addresses with a leaderboard“ is another thing I could have said more eloquently. It’s an interesting attempt by Etherscan to give something to their community, though of course it comes with risks.

There’s something amusing about a16z announcing a new fund, mentioning Bitcoin, and then mostly talking about the stuff that’s being built on Ethereum, without actually mentioning Ethereum. People like to talk about being contrarian investors. Wanna know how buying ETH is somehow still a contrarian play in crypto right now? It’s right there.

zk continues to just explode. It almost seems like plug and play, where people are pulling out the parts of different schemes that they like and putting in others, depending on the tradeoffs you want around trusted setups, verifier time, prover cost, etc.

Housekeeping

First issue post-ConsenSys. As a reminder, this newsletter is and has always been 100% owned by me.

Did you get forwarded this newsletter? Sign up to receive it weekly

Permalink: https://weekinethereumnews.com/week-in-ethereum-news-may-3-2020/

Dates of Note

Upcoming dates of note (new/changes in bold):

May 6-20 – Gitcoin’s virtual hackthon

May 8-9 – Ethereal Summit (NYC)

May 22-31 – Ethereum Madrid public health virtual hackathon

May 29-June 16 – SOSHackathon

June 17 – EthBarcelona R&D workshop

0 notes

t-baba · 5 years ago

Photo

The Rise of the No-Code Movement

In the internet age, technological innovation has largely been driven by a community of software engineers, web developers, and hardware hackers. Until recently, acclaimed startup accelerator Y Combinator only accepted founding teams with technical backgrounds. Furthermore, the most valuable companies of today are tech-enabled, so there’s been a focus on tech talent for future-proofing economies. Coding education provider Lambda School has raised close to $50M to close this skills gap and there are many other courses teaching the next generation to code.

But what if coding was no longer vital to success in tech? Enter the world of no-code development platforms (NCDPs).

Over the past couple of years, the rise of the no-code movement has started to change the landscape of tech. Ironically, Lamdba School itself is a product of the no-code movement, building its MVP (that has served 3,000 students) using a combination of tools such as Typeform, Airtable, and Retool. The no-code movement has also been called low code or visual development. The makers of no-code platforms are still discussing the best label for the movement but for now, I will stick with ‘no-code’.

John Everhard summarizes no-code software on Forbes as a visual integrated development environment (IDE). “Within this environment, users (aka the citizen developer) drag-and-drop application components, connect them together and create a mobile or web app. Using this software, staff can design and build powerful applications that can scale for any organization—without writing any code.” All in all, users don’t need to understand code to be able to create an app and therein lies its power.

Benefits of No-Code

When we were in the thick of product development for CloudPeeps, I remember how frustrating it was for our developers (and me!) when I needed to make any updates to our marketing pages or funnels. While I can happily edit HTML, having a custom-built platform meant deploying changes was limited to the devs. Prioritizing feature development alongside bug fixes and tweaks was a challenge. Progress was slow. We tried numerous A/B testing tools and moving some pages to popular CMSs, but the user experience started to suffer. While tools like Webflow existed then, they weren’t touted as mainstream solutions so we lacked the awareness to implement them.

Since then, the rise of no-code tools has changed the game forever – not only for tasks like marketing pages but also for full-stack apps, which people can now build end-to-end. In 2014, if you wanted to build a marketplace, you had to develop it from scratch. After that, offerings like Sharetribe came along with standard marketplace software in a box with an ongoing price tag. Now, you can build whatever marketplace set-up you like using no-code tools.

Evidently, saving time and money are two crucial benefits of no-code. Co-founder of Tiny product studio and indie investment fund Andrew Wilkinson recently tweeted: “I used to spend $25k-$100k building an app over 3-6 months. It was frustrating, expensive, and slow. Then I started using NoCode tools like Webflow, Bubble, Zapier, and Airtable. Suddenly I was able to build my app idea in days instead of months, at a fraction of the cost. Craziest of all, I could tweak and maintain it myself instead of hiring expensive devs.”. He likens ‘native-code’ to being a bulldozer: great to use when you need to build something sizeable and commercial grade. He compares ‘no-code’ to a pickup truck: powerful enough to help you get most simple and intermediate projects done.

Why Now?

The tech industry has been increasingly criticized over the past decade for its lack of diversity and inclusion. Silicon Valley has bred a generation of founders who look like each other, talk like each other, and solve similar problems – and as these people gather further wealth through exits and investments, the cycle of sameness repeats. Teaching people to code and funding different founders is creating slow change, but the no-code movement has the potential to exponentially change the face of tech. If you no longer need access to engineers or capital to launch a product, anyone can have a crack at their idea. Perhaps it is the demand for the democratization of tech that has catapulted the no-code movement into the now.

The post The Rise of the No-Code Movement appeared first on SitePoint.

by Kate Kendall via SitePoint https://ift.tt/38ZSZGO

#CSS3 #HTML5 Branding #HTML5 Weekly #HTMLl5 demos #Javascript Branding #Javascript Weekly #Mobile #Mo

0 notes

un-enfant-immature · 6 years ago

Text

Announcing the custom contests for the TC Hackathon at Disrupt SF

Congratulations to all the motivated hackers, coders, devs and designers who took action and secured their spot in the TechCrunch Hackathon at Disrupt San Francisco 2019 on October 2-4. We limited participation to 800 people, and we’re thrilled that the event is completely full.

We can’t wait to see what 800 of the world’s best code warriors create over the course of roughly 24 high-pressure hours. And we’re pretty sure you can’t wait to hear more about our hackathon sponsors and the real-world challenges they’ve created to test your mettle. This is the post you’ve been waiting for.

Each sponsor offers prizes for the team that creates the best solution for the specific challenge — prizes can include cash, and they vary depending on the sponsor. Oh, but wait there is more. On top of the sponsor prizes, TechCrunch will select one team’s project as the best overall hack and award them $10,000 prize. Want more details? Check out the Hackathon website.

Alright, the time has come. Here are the sponsors, contests and prizes for the TechCrunch Hackathon at Disrupt SF 2019. Let the games begin!

Humana

Create a prototype for Humana and win one of three cash prizes. First place: $10,000; second place: $5,000 and third place: $2,500. Examples of a prototype include a mobile app, a website, animations, video, etc. Here are the prototype guidelines.

The prototype should either demonstrate what a customer would experience visually/in audio or be a technical prototype with basic UX to understand the concept

Teams are encouraged to showcase a demo with a use case that brings the solution to life, simulating movement/animation of the user experience.

Kinship

We want to see Kinship data used in ways that has never been thought of or explored and applied in a manner that translates into real and positive change for pets. Create a solution that improves the lives of pets or pet parents using at least one Kinship data source and win one of three prizes.

First prize: $10,000 between the team and a Whistle GO Explore pet tracker for up to five team members

Second prize: $5,000 between the team and a Wisdom Panel Health canine test for up to five team members

Third prize: $2,000 between the team

Intersystems

Mapping all the stars in the Milky Way Galaxy? InterSystems is there. Providing interoperability for over a billion medical records around the globe? InterSystems has that covered. Processing over a billion transactions a day for a global investment bank? InterSystems is quietly at work in the background. Whether it’s healthcare, business, or government, digital transformation has changed consumers’ expectations about how their data is accessed and managed. Speed, scale, transactional processing, cloud deployment, and high availability, are all cornerstones of what users expect out of their applications. InterSystems challenges you to explore and build your own business solutions using our IRIS Data Platform tools to solve for healthcare, business, or consumer-facing problems. InterSystems will offer a $4,000 prize for the best use of our IRIS for Health platform to solve for healthcare challenges and $4,000 for best use of IRIS Data Platform to solve for business or consumer application challenges. Use of our extensive libraries that enable connectivity both within and between hospital systems is not required for healthcare solution proposals.

But wait…in the coming days we’ll have even more juicy details about contests and prizes sponsored by Plaid and United Airlines!

Disrupt SF 2019 takes place on October 2-4, and we just can’t wait to see what the brilliant minds at the TechCrunch Hackathon will produce under pressure.

Is your company interested in sponsoring the Hackathon at Disrupt San Francisco 2019? Contact our sponsorship sales team by filling out this form.

#TechCrunch

0 notes

shirlleycoyle · 6 years ago

Text

The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code

Mathew Solnik stood next to two of the best iPhone hackers in the world and addressed the question the hundreds of people watching him were all wondering.

“The white elephant in the room: How exactly did we get it?” Solnik, a well-known security researcher, said as he wrapped up one of the most anticipated talks at the Black Hat security conference in Las Vegas in early August 2016. In attendance, among hundreds of security professionals and hackers, were researchers from a company that sells iPhone-cracking services to cops around the world, and Apple’s own employees.

The thing that his team had been able to analyze for the first time was the iPhone’s Secure Enclave Processor (SEP), which handles data encryption for the iPhone. How they were able to do this was a valid question given Apple’s notorious secrecy, and the fact that the SEP is one of the most important and most closely guarded components of the iPhone, the most secure smartphone on the market.

“Well, you get to ask us next time we talk,” Solnik added. (Solnik said the same when I approached him after the talk.)

There was no next time: The team has never publicly discussed its methods.

Now, more than two years later, Motherboard has learned how the team did it. During our investigation, we also discovered how other iPhone hackers research the most secure components and processes of the device.

“It’s kind of the golden egg to a jailbreaker.”

Solnik’s team used a “dev-fused” iPhone, which was created for internal use at Apple, to extract and study the sensitive SEP software, according to four sources with specific knowledge of how the research was done. Dev-fused devices are sometimes called prototypes in the security research industry. They are essentially phones that have not finished the production process, or have been reverted to a development state.

In other words, they are pre-jailbroken devices.

These rare iPhones have many security features disabled, allowing researchers to probe them much more easily than the iPhones you can buy at a store. Since the Black Hat talk, dev-fused iPhones have become a tool that security researchers around the world use to find previously unknown iPhone vulnerabilities (known as zero days), Motherboard has learned.

Dev-fused iPhones were never intended to escape Apple’s production pipeline have made their way to the gray market, where smugglers and middlemen sell them for thousands of dollars to hackers and security researchers. Using the information gleaned from probing a dev-fused device, researchers can sometimes parlay what they’ve learned into developing a hack for the normal iPhones hundreds of millions of people own.

During Motherboard’s months-long investigation, I spoke to two dozen sources—security researchers, current and former Apple employees, rare phone collectors, and members of the iPhone jailbreaking scene—about the underground trade of dev-fused iPhones and their use in the iPhone hacking community. I used one of these devices and obtained “root” access on it, giving me almost total control over the phone; gaining root access allows researchers to probe many of the phone’s most important processes and components. And I learned that these devices are used by some of the highest-profile companies and independent experts that research and hack iOS to find valuable bugs that may later be exploited by governments and law enforcement agencies.

A dev-fused iPhone, connected to a Mac with a special cable, boots up. (Image: Motherboard)

At BlackHat, Solnik and his two former colleagues David Wang and Tarjei Mandt—also known as Planetbeing and Kernelpool in the iPhone jailbreaking community—blew the doors off the SEP with the impressive and technical talk, which delved into, for example, how the phone’s application processor and SEP communicate using a “secure mailbox,” the SEP’s “bootflow,” and the specific “opcodes” that Apple uses to read information from the processor.

For iPhone hackers, the presentation was a godsend. At the time, Patrick Gray, who hosts an influential infosec podcast, described it as a “how2pwn guide” for the SEP, and thus, the iPhone.

One reason the iPhone is so hard to hack is that Apple makes it almost impossible to study how the SEP and other key components work. That’s because the SEP operating system is encrypted, and—in theory—cannot be extracted or reverse engineered from a regular iPhone. But from a dev-fused device it’s possible, and has been repeated since Solnik’s talk by other researchers.

“Wish I could say that they succeeded in pwning the system, but like many in the field [Solnik’s team] leveraged specific prototypes,” an iPhone jailbreaker who asked to be identified as Panaetius told Motherboard. Panaetius did not want to be identified given that he has also used dev-fused devices and is worried Apple may go after him.

A person who formerly worked in Apple’s security team told Motherboard that he approached Wang after the talk at the conference. When he asked Wang how they managed to study the SEP, Wang told him that “Solnik got a dev-phone and dumped the firmware through standard Apple tools.”

An independent iOS security researcher, who spoke on condition of anonymity in order not to damage his reputation within the jailbreaking community, said “Solnik was full of dev-fused [iPhones],” at the time of the SEP talk.

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at [email protected], or email [email protected]

Another iOS security researcher, who also asked not to be identified, said he saw Solnik’s dev-fused devices and the proprietary cables used to work on them in the lead up to the SEP talk at Black Hat.

Solnik, Wang, and Mandt, did not respond to multiple requests for comment. (At the time of the talk, Wang and Mandt were working for Azimuth, an Australian company that provides top-end hacking tools to governments such as the USA, Canada and the UK. Solnik had just left Azimuth.) Solnik was the subject of an episode of Phreaked Out, Motherboard’s 2014 documentary series about hacking.

At the time, they may have been the first ones to get to the SEP, but thanks to the proliferation of dev-fused iPhones, others have repeated their feat. Lisa Braun, a pseudonymous independent iOS researcher, recently claimed to have dumped the SEP from an iPad Air 2 prototype.

And he is not the only one.

A few dev-fused iPhones, collected by Giulio Zompetti. (Image: Giulio Zompetti)

According to five sources in the iPhone hacking world, Cellebrite, a forensic firm that sells devices that can unlock iPhones, has purchased and used dev-fused devices to develop its products. Cellebrite did not respond to a request for comment.

Chris Wade, the cofounder of Corellium, a startup that sells a product that allows users to create virtual instances of almost any iOS device in the world, has also gotten his hands on these devices, according to three sources in the iPhone hacking world and three sellers.

Wade, who is known as cmw in the jailbreaking community, told Motherboard he has never purchased a dev-fused device. He admitted having “played” with them at a conference, but denied using them in the development of Corellium. (In a 2017 tweet, however, Wade joked about owning “iPhone prototypes.”)

“I want to be 100 percent clear we didn’t/don’t use dev phones @ Corellium. We don’t buy stolen Apple stuff!” Wade told Motherboard in an online chat. “I spent years working on Corellium and we never needed them. Using stolen dev phones is 100 percent the best way to get Apple to sue you or just fuck your life up.”

A screenshot of Corellium’s interface. (Image: Motherboard)

Before Solnik’s Black Hat talk, Apple had yet to provide decrypted kernels to the public. Analyzing the kernel is a key step to hacking the iPhone and to understanding how iOS really works under the hood. And these dev-fused iPhones, available on the gray market for four or five figures, are the perfect tool to do that.

“If you are an attacker, either you go blind or with a few thousand dollars you have all you need,” Luca Todesco, one of the most well-known iOS security researchers in the world, told Motherboard, referring to people who buy dev-fused iPhones. “Some people made the second choice.”

Other researchers in the community told Motherboard that dev-fused devices are widely used in the iPhone hacking scene by researchers looking for zero day vulnerabilities.

As Mandt put it in a Tweet in July of 2017, “anyone with a bit of effort and money can get hold of a switchboard device.” (“Switchboard devices” are another term for some dev-fused phones, which refers to the proprietary operating system they run.)

While the devices are indeed rare, if you go looking for them, they’re not hard to find.

THE VENDORS

“I’m here,” he texted me as I nervously looked around in the crowd of people criss-crossing a busy street in downtown Manhattan.

I looked up and saw a slender man with long dark hair, a colorful hat; and—of course—he was holding an iPhone. I followed him to his workshop nearby. To open the door, he used a fingerprint reader that he said he made and programmed himself. Inside the workshop, there’s a handful electric skateboards, two fish tanks, and a sign that reads “If you taka my space I breaka your face.”

The man is one of the few people in the world who openly advertises and sells dev-fused iPhones. He has a Twitter account called “Apple Internal Store,” but doesn’t share his real name because he is concerned Apple may go after him. He openly advertises dev-fused and other prototype iPhones for sale: One type of dev-fused iPhone X costs $1,800, for example. After reaching out on Twitter, he agreed to meet with me.

The seller said he’s sold to several security researchers, and believes that many big security firms that hack iPhones have them.

“Those people they don’t care about money. They don’t care about the price.” he said. “Whatever it is, the company buys it.”

He’s defensive when I ask how he got the phones.

“Well, I didn’t steal any device. I actually paid for them,” he said as he showed off a bunch of dev-fused devices. “As long as you don’t break [Apple’s] balls, or show an iPhone 11 prototype, or an unreleased device, they’re most likely cool with that.”

On the back of dev-fused iPhones seen by Motherboard, there’s a QR-code sticker, a separate barcode, and a decal that says “FOXCONN,” referring to the factory that makes iPhones and other Apple products. Otherwise, the phones look like normal iPhones. That standard iPhone experience ends when the phone is turned on. When booted up, you briefly see a command line terminal. And then when it loads, gone are the sleek icons and colorful backgrounds of iOS. The phone boots into an operating system known as “Switchboard,” which has a no-nonsense black background and is intended for testing different functionalities on the phone. The home screen is populated with icons for apps with names like MMI, Reliability, Sequencer, and Console, an app that allows you to open a command line terminal inside the iPhone.

An dev-fused iPhone mounted on a rig. (Image: Motherboard)

Clicking through these apps is at times frustrating as they’re made to be used via the command line terminal while connected to a computer. Most of them cannot be closed by tapping or swiping, meaning the phone needs to be turned off and back on to get back to the home screen. Switchboard’s apps suggest a playfulness that Apple doesn’t always let through on iOS. The icon for “Reliability” features a doge (from the meme) playing a musical keyboard. The app itself allows you to test the functionality of the phone’s cameras, speakers, microphone, battery, and ambient light sensors, among other functionalities. An app called “Ness” features the lead character from Nintendo’s game Earthbound. Though the iPhone wiki speculates it could be used to test the phone’s temperature; when I try to launch it, the phone turns off. An app called “Sightglass” used to have the logo for a San Francisco coffee roaster by the same name; it has been changed to a matrix of colored dots.

You can’t do too much with the phone on its own. But once you connect it to a Mac with a proprietary Apple USB cable called “Kanzi,” which can cost around $2,000 on the gray market, you are able to use other internal Apple software (that is widely shared in the jailbreaking community) to get root access on the phone and burrow deep into its software and firmware. The special cable is required because Apple uses a proprietary protocol for accessing certain data within the iPhone to debug the kernel and other hard-to-reach components.

Two people showed Motherboard how to get root access on the phone we used; it was a trivial process that required using the login: “root” and a default password: “alpine.”

Not all dev-fused devices look normal, though. Some of them come mounted on clunky-looking metal rigs that allow you to open them up like a pizza box to inspect the phone’s guts, look at the battery, motherboard, and other internal parts. One that I saw had external wires running from the rig to the inside of the device; the rig itself had what looked like RF connector ports attached to those wires, as well as external, metal volume and power buttons.

Once I started looking for dev-fused iPhones, they weren’t that hard to find, provided you’re willing to shell out a few thousand bucks and aren’t worried about potentially pissing off Apple. Besides Apple Internal Store, there are other Twitter accounts that openly advertise them.

A screenshot of an advertisement on Twitter from Jin Store for an iPhone X prototype.

The owner of the Twitter account Jin Store, which claims to sell dev-fused or prototype iPhones, shared their catalog with Motherboard. A dev-fused iPhone 8 Plus costs $5,000, an iPhone XR $20,000, and an older iPhone 6 costs $1,300 (there are several different types of dev-fused devices that have different levels of security and varying features on them. The price of the dev-fused device depends on the security and features it includes.)

In a conversation via WeChat, Jin said that they personally know Solnik, but declined to say whether he was a customer.

The person behind another dev-fused store that advertises on Twitter, who goes by Mr. White, said he has “almost all” iPhone models. He also claimed to have sold “a lot of” dev-fused iPhones to security researchers.

“I don’t know how to get SEPROM,” Mr. White told me in an online chat, using another technical term for the SEP. “But I know that their research needs my equipment.”

THE DEVICES THAT ESCAPE SHENZHEN

Though it’s possible to buy dev-fused iPhones from various sources, it’s not like there’s a huge supply of them. Outside of Apple and the security research industry, these devices are almost a complete unknown. Even finding any substantial online references to the term dev-fused is difficult.

In a Hacker News thread prompted by a Motherboard investigation on the iPhone bug bounty program, former iPhone jailbreaker and current security researcher Will Strafach wrote that “Apple has dev-fused devices which use separate development certificates and keys.” An entry in the unofficial iPhone wiki also briefly mentions prototype devices. The page is introduced by a big red rectangle that warns readers that “acquiring a copy [of internal Apple software] without Apple’s consent is illegal and may result in being scammed.”

The day after Solnik, Mandt and Wang’s talk, Apple’s head of security Ivan Krstić also spoke at Black Hat. A single line of his presentation slides referred to “development fused” iPhones, though he didn’t actually mention them during his talk. As far as we know, that’s the only time Apple has publicly acknowledged their existence. An Apple spokesperson declined to discuss these devices with Motherboard.

When reached via Twitter, Krstić said that he could not talk about anything work related, and instead joked I could ask him about his “borderline-encyclopedic knowledge about preparing steak.”

But despite being essentially a secret from the public, security researchers and hackers have known about and used these devices for years.

“They are very popular among security researchers,” said a person who’s familiar with the supply chain of smuggled iPhones in China, who spoke on condition of anonymity to avoid putting his associates in China at risk. “I’ve had a number ask me and say they were willing to pay a significant amount of money to get dev phones.”

“They are stolen from the factory and development campus.”

Andrew “Bunnie” Huang, a well-known hardware security researcher who wrote the ultimate guide to Shenzhen’s electronics markets, told Motherboard that he has seen some of these devices in China. Few people know exactly how they get from Foxconn, which manufactures iPhones, to Shenzhen’s markets. But they find a way there.

“They are stolen from the factory and development campus,” a person who sells these devices on Twitter told Motherboard.

At times, Huang said, even the people who sell dev-fused devices in Shenzhen aren’t aware of how valuable they can be to hackers and security researchers.

“The gray market guys don’t even know what they sit on half the time,” Huang said in an online chat. “They are just trading trash for cash.”

“It gives you a new attack surface that’s not as heavily fortified,” Huang added. “They don’t put the metaphorical lock on the door until the walls are built on the house, so to speak.”

A couple of dev-fused devices, collected by Giulio Zompetti. (Image: Giulio Zompetti)

To be more technical, and unlike the iPhones you can buy at the Apple store, called “prod” or “production fused,” these devices allow their owners to boot into Switchboard. This software allows researchers to hack and reverse engineer different components of iOS. These would be usually off limits without hard-to-get vulnerabilities and a jailbreak, which is worth millions of dollars in today’s zero-day market.

“Prod fused means there’s a specific pin on the board that is ‘blown’ in the production phase. The board checks that pin to see if the device is prod or not,” a former Apple employee who wanted to remain anonymous because he is bound by a non-disclosure agreement, told Motherboard. “If it isn’t, and the firmware is dev version, then certain features are enabled.”

With a proprietary Apple cable and the right skills, they’re the perfect iPhone hacker’s playground.

In 2017, Motherboard reported that the best iPhone hackers in the world did not want to report bugs to Apple, even after the company promised six-figure rewards. One of the complaints the researchers had was that it was incredibly hard to find bugs without already knowing about other bugs. In other words, security researchers need iOS bugs—those that allow them to jailbreak the device and disable security features—just to be able to do their research. If independent researchers were to report bugs to Apple, in their view, they could lead Apple to fix the flaws they rely on to find other bugs.

At the time, some of the researchers said that it’d be better if Apple gave them “developer devices.”

As it turns out, some already had them.

“It’s kind of the golden egg to a jailbreaker,” according to Panaetius, who said he’s bought and re-sold several dev-fused devices. “Here’s a device where you can slap all the security mechanisms out of the way. Because there are still security mechanisms on a development fused device, but you can kind of just push them.”

iPhone hackers, however, are not too keen to discuss the fact that they use them. Some told me that using them is like “cheating,” and others swore to me that they have never used them because it’d be perceived in the scene as being lame.

“Many folks are very wary of these. Just because many do not want to deal with Apple’s allegedly vicious legal folks,” a security researcher who has been in the jailbreak community for years, and asked to be anonymous to discuss sensitive issues, told Motherboard.

Others aren’t nearly as concerned.

THE COLLECTORS

Giulio Zompetti, who calls himself a collector of iPhone prototypes, told me he has 14 dev-fused iPhones, as well as some iPods and iPads. He showed me many of them on a video chat.

He said that while he plays around with his dev-fused devices, he doesn’t hack them—he only collects them.

“For me it’s a bit of an investment. The older they are, the harder it is to find them,” Zompetti said in a phone call. “It’s just fun. The search of something that by itself is really hard to get.”

“The goal is to reconstruct history,” Zompetti told me as he showed me some of his pieces, including an iPhone 5S that he said was dated just a couple of months after the release of the iPhone 5, the previous model.

Another collector who showed me pictures of his devices told me they have too many devices to count.

Mathew Solnik poses during a demo of a hacking technique for Motherboard’s 2014 documentary Phreaked Out. (Image: Motherboard)

Apple is well aware of the fact that dev-fused devices get traded around, according to five sources within and outside the company. Several sources both inside Apple and in the jailbreaking community believe that Apple has ramped up its efforts to keep these devices from escaping Foxconn and to go after people who sell them. It’s no surprise Apple knows that researchers covet these—some of them have even poked Apple publicly. Back in 2016, Solnik teased his great breakthrough on Twitter weeks before his Black Hat talk.

“Who wants to see a security team jump?” he tweeted, along with a screenshot of a terminal window that showed Solnik had been able to obtain the Secure Enclave Processor firmware. “I’ll just leave this here.”

The precise step-by-step of how Solnik, Wand, and Mandt, were able to decrypt and reverse engineer the firmware has never been discussed publicly. Their talk, however, was enough to attract Apple’s attention and boost the speakers’ careers and reputation within the iPhone security research community.

Mandt is still at Azimuth, whereas Wang moved to Corellium. Solnik, on the other hand, is himself a bit of a mystery. At the time of the SEP talk, he was heading his own startup, called OffCell, which was founded with the goal of becoming a government contractor providing offensive security tools and exploits to governments, according to several sources who know Solnik.

In 2017, however, Solnik was hired by Apple to work on its security team, specifically on the so-called red team, which audits and hacks the company’s products. His talk at Black Hat had apparently impressed the folks at Cupertino. A few weeks later, however, he abruptly left the company, according to multiple sources.

The full story of Solnik’s short stint at Apple is a closely-guarded secret. Motherboard spoke to dozens of people and was unable to confirm the specifics around his leaving the company; one source within Apple told me information about Solnik is “incredibly restricted,” and another confirmed that even within Apple, few know exactly what happened.

Apple repeatedly declined to comment or respond to any questions regarding Solnik, but did not deny that Solnik worked there.

In any case, the underground market for dev-fused iPhones is now flourishing. And, for now, Apple doesn’t seem able to stop the flood, despite the fact that these leaks are fueling a growing industry of iPhone hacking companies.

“To be honest everyone benefits from Apple’s lousy supply chain management,” Viktor Oreshkin, an iOS security researcher, told Motherboard in an online chat. “Except Apple, obviously.”

Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.

The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code syndicated from https://triviaqaweb.wordpress.com/feed/

0 notes

savetopnow · 7 years ago

Text

2018-03-08 03 LINUX now

LINUX

Linux Academy Blog

AWS Security Essentials has been released!

Employee Spotlight: Sara Currie, Technical Recruiter

Linux Academy Weekly Roundup 108

Free SSL with Let’s Encrypt & NGINX

Michelle Gill – Becoming V.P. of Engineering

Linux Insider

Kali Linux Security App Lands in Microsoft Store

Microsoft Gives Devs More Open Source Quantum Computing Goodies

Red Hat Adds Zing to High-Density Storage

When It's Time for a Linux Distro Change

Endless OS Helps Tear Down Linux Wall

Linux Journal

Building a March Madness Bracket in PHP

Exim Vulnerability, GitHub Open-Sources Licensed, The Khronos Group Releases Vulkan 1.1 and More

Last chance: Subscribe now to get the highly anticipated comeback issue!

Best Laptop for Running Linux

diff -u: Linus Posting Habits

Linux Magazine

OpenStack Queens Released

Kali Linux Comes to Windows

Ubuntu to Start Collecting Some Data with Ubuntu 18.04

CNCF Illuminates Serverless Vision

LibreOffice 6.0 Released

Linux Today

How to install ONLYOFFICE Desktop Editors 4.8.7 as a Snap Package

7 traits of a valuable DevOps team player

You Can Now Run Linux on Sony's PlayStation 4 Gaming Console, Here's How

How To Check All Running Services In Linux

Meet Endless OS, a lightweight Linux distro

Linux.com

Protecting Code Integrity with PGP — Part 4: Moving Your Master Key to Offline Storage

One Week Until Embedded Linux Conference + OpenIoT Summit in Portland: Will You Join Us?

Cilium 1.0.0-rc4 Released: Transparently Secure Container Network Connectivity Utilising Linux BPF

Automated Provisioning in Kubernetes

Reddit Linux

Microsoft Office as Remote APP in Linux

Win a ticket to SCaLE!

Just found a binary file totem-daemon in my home folder, any ideo what is it ?

Powerful, flexible, text-first project management tool: etm

Nvidia release a beta driver which has Vulkan 1.1 support.

Riba Linux

How to install SwagArch GNU/Linux 18.03

SwagArch GNU/Linux 18.03 overview | A simple and beautiful Everyday Desktop

How to install Nitrux 1.0.9

Nitrux 1.0.9 overview | Change The Rules

Pixel OS 1.0 "Apu" Public Beta 1 overview | Meet Pixel OS

Slashdot Linux

Time To Bring Back the Software User Conference

Leaked Files Show How the NSA Tracks Other Countries' Hackers

Researchers Bypassed Windows Password Locks With Cortana Voice Commands

Ask Slashdot: Should We Worry Microsoft Will 'Embrace, Extend, and Extinguish' Linux?

Microsoft Confirms Windows 10 'S Mode'

Softpedia

Mozilla Firefox 58.0.2 / 59.0 Beta 14

Evolution 3.26.6

Evolution 3.28.0 RC

Evolution Data Server 3.26.6 / 3.28.0 RC

Evolution Mapi 3.26.6 / 3.28.0 RC

Tecmint

How to Enable and Disable Root Login in Ubuntu

8 Best Tools to Access Remote Linux Desktop

How to Install NetBeans IDE 8.2 in Debian, Ubuntu and Linux Mint

How to Install NetBeans IDE in CentOS, RHEL and Fedora

Get Complete Full Stack Developer eBook Bundle [16 eBooks]

nixCraft

400K+ Exim MTA affected by overflow vulnerability on Linux/Unix

Book Review: SSH Mastery – OpenSSH, PuTTY, Tunnels & Keys

How to use Chomper Internet blocker for Linux to increase productivity

Linux/Unix desktop fun: Simulates the display from “The Matrix”

Ubuntu 17.10 no longer available for download due to LENOVO bios getting corrupted

#linux

0 notes

markoprljic · 6 years ago

Text

Mentoring at Diffusion Hackathon

On the 19th and 20th October at Factory Berlin some of the world’s most important Web 3 protocols and leaders in blockchain, from across The Convergence Stack came together for a 2-day in-person dev con made up of hacks, exclusive product launches, and live demos.

About the hackathon

Diffusion Hackathon is a two-day event with the focus on the practical application of open-source distributed ledger technology, smart contracts, machine learning, and programmable tokens, to create a new data layer. It brought together leading decentralized projects and their tribes, developers, economists, system engineers, enterprise and technical academia to define the next major web cycle.

Hacking is based on The Convergence Stack which is Web 3 protocols in blockchain, AI, IoT, and Big Data.

Leading practitioners from cryptography, machine learning, smart contract dev, IoT, systems engineers, and crypto-economics were exploring the implications of deploying new technologies and distributed systems in complex and challenging fields such as smart cities, Industry 4.0, and Mobility.

How can you leverage the Convergence Stack to do Good, with a capital G? How do we create an infrastructure for collaborative knowledge networks? How do we create Crypto-economic systems that will allow us to establish new rules and economic incentives for blockchain ecosystems? What can you achieve with machine learning with the ever-growing open datasets that decentralized systems themselves produce? How do we enable access control in decentralized systems? How do we share data over a trusted network, without losing time, reducing trust and ownership? How do we make every interaction that a user has with a smart contract understandable and safe? How do we onboard the 99% of developers and organizations who are not into Web 3 yet?

These are just some of the questions that Diffusion hackers were seeking answers to at selected hackathon tracks:

A Stack for Good: your moonshot for a better world (this one had some really great projects)

ETHBerlin and the DoD: community improvement bounties

Web 2.5: onboarding the rest of the world to decentralized technology

The Odyssey Serendipity Network: growing a network of ecosystems

Token Engineering: (re-)invent economic mechanisms by using simulations

Machine Learning in the Decentralised World: opening the AI silos

Shaking Up the Model: data and compute in different places

Sharing in Consortia Networks: permissioned, tokenized data sharing with T-Labs

The Usable Stack: new and better ways to use Web 3

Identity and beyond with Hyperledger: credentials for digital trust

Mentoring and Hacking, why not do both?

The moment I heard about Diffusion got me really excited and I knew I wanted to be there, either as a hacker or a mentor. Since I mentored at ETH Berlin Zwei two months earlier I figured it would be best to continue in the same direction, so I applied ... and got accepted!

I was mentoring about User experience (UX) - for projects that build a product that will be used directly by people, e.g. a DApp or a service. My initial track of choice was The Usable Stack (new and better ways to use Web 3). A word about the track from the organizers:

It’s been ten years since the inception of blockchain, and using crypto and DApps is still hard. Too hard for the widespread adoption it deserves. Things are getting better: there are many great initiatives to make accessing DApps easier for new users, such as Metamask, Portis, and Torus, but to an extent, these are only scratching the surface of great Web 3 user experience. How do we not only lower the barrier of entry but make every interaction that a user has with a smart contract understandable and safe? As we extend the usage of distributed ledgers from simple value transactions to elaborate smart contracts and realize an open data economy, how do we provide ways for users to interact with it, without creating new centralized gatekeepers?

Web 2.5 (onboarding the rest of the world to decentralized technology) which I call The Liminal Web has been my second choice because it tackles the problems on how to assist people in transition from current Web 2.0 to Web 3.0 looking at current problems and future scenarios from user perspective, how we communicate the value, find the best product-user fit and offer the tools needed to make that transition.

Our Hack-along crew was also participating and since I’m close to them on a daily basis I was also considering hacking along.

My mentoring duties have been priority and I scheduled my calendar to listen to some interesting talks which I outline below.

Into the talks ...

Enterprise interest in blockchain

Customer need: Uncertainty and complexity prohibit adoption of DLTS We have a lot of people who are not familiar with BC and can easily deploy their node.

Stax:

dApp

Connectivity

Payment

Data verification

Storage

Identity

Security

Our aim is to create a network of devices and don’t need to enable your data every time, just once.

Odyssey: ecosystems for good

Rutger van Zuidam gave a talk about the Odyssey hackathon, the bigger picture, vision, mission and explained the process and approach in building new ecosystems for mass collaboration.

Notes from the talk...

Odyssey hackathon is used as a time-traveling device. Portal of the future opens and co-create with your future clients future solution and take it back. What can you do with it after the hackathon?

We’re building the infrastructure for ecosystems for mass collaboration.

Complex challenges:

Multitude of stakeholders

Borderless + Interconnected

No one can hold all the information

Not:

Linear, top-down leadership

Money

Who thinks that the Amazon rainforest is your responsibility? What can you do about it? What is the best tool to use it and how do we scale it? How do we incubate all the ecosystems in solving together all these problems? Complex challenges like these need all stakeholders. The ecosystem awareness that can allow people to act on the whole. Group A is not building something for Group B, Group A is building for Group A, we’re all part of a greater whole.

The emergence of the collaborative layer of the internet. An operating system for our global society. Ecosystem + Token = New market. The ecosystem grows, the cost of collaboration drops and creates new business opportunities.

How can you validate green energy going into the grid but without installing IoT devices? Vattenfall brought their competition on board, everyone from the ecosystem, all stakeholders. They all go and do the hackathon and program through a transformation. Then you encounter a new world together. If the team come to the hackathon to build what they planned to build then why did they come to the hackathon?

From hyper-competition IQ to hyper-collaboration EQ (emotional) and SQ (spiritual).

More and more emphasis is put on the human processes which make the difference and sets the DNA and culture of the Ecosystem. It allows people to understand each other, that’s what we’re looking for.

We need board members to understand the complexities of the 21st century and find a bridge to get onboard.

Fission talk: licensing open-source software

Open-source licensing evolution.

What does OS mean? Lcinscing, community, voting, democracy, mob rule?

Definition of OS:

Legal innovation of licenses

Way of working together in code, collaboratively, asynchronously, remotely (large corps did this)

Ideology of code re-use & sharing (gentle versions of)

Commons-based peer production: Lot’s of people work on it, everybody benefits from it and people can build on it even in revenue-generating fashion.

Open source is not a business model.

Why do you choose a license? Is it because of distribution, free labor from contributors, lock it open?

We forgot about a lot of stuff we fought 15years ago. Devs and biz people don’t spend much time which licensed they pick and why?

The copyleft (against copyright). GPL (don’t need to share your changes in code, keep it closed) and AGPL (mus share changes back).

Apple is moving from Bash to Zsh because of licensing, it’s GPL v2 and the new version uses v3. This is to think about licensing in business context.

Licensing innovation is in fact one of the definitions of OS. Cloud providers are making record profits from OS contributors.

Should we licenses who restrict others to do business even call licenses? It’s really weird when your biggest competitor is running your software (Amazon)

License Zero

Licensing as a business model, pay attention to this. Parity and Prosperity are two new licenses. Sell licenses over command line to individuals and companies. Automatically get licenses if you sponsor on Patreon or Github sponsorship.

Do you think current open software licenses are the best we’ll ever have? NO!

Cross License Collaboratives: “Maintain your projects and create shared moneymaking opportunity without any company, foundation or dictator.”

If we can get China and India into open-source collaboration. Just number wise it would be huge!

Anti 996 License - releasing software to companies to comply with local labor regulations.

Data Ethics We start seeing people saying “Maybe I don’t want FB and Google have all my data with them?” Blockstack - Can’t be evil as opposed to Google’s “Don’t be evel”, but it’s not just about the technology. It’s about principles like Fair data scotiey, Local First Software and licences like Cryptographic Autonomy Licences, Icepick.

If we start tunning our own IPFS local servers we’re saving server resources, which saves us a lot of money. - Constellation provider

Step 1 from going into production should from your laptop! Give developers tools to keep date user-controlled.

Why are we not making smart contracts that are deployed once, audited once and we can all contribute to them, in an open-source collaborative fashion? Where we have a global shared rich environment that we should make us of.

Into the hacks...

Here are a couple of projects that caught my attention. You can browse all teams and projects here.

Fission Live

Host your app from your laptop.

Fission is building a backend-as-a-service that will include hosting, database, identity & more. Their service lets you instantly update files, directories and obviously websites directly to IPFS and serve them anywhere.

At Diffusion, they’re launching the first piece, FissionLive. FissionLive allows you to host your app, whether it’s a static website or a Single Page App, directly from your laptop.

Here you can follow the steps and try it yourself (I’m installing it as I write this). Having not much technical background it was super easy for me to set it up. Thanks to Boris Mann and Brooklyn Zelenka who worked hard on this to ship it before the hackathon started. Go, try it out!

Spekboom

I met Denham Preen outside at the courtyard and he explained to me the idea behind the project they’re hacking. They figured there’s a plant called Spekboom in the Karoo of South Africa that provides one of the most cost-effective carbon offset solutions. It grows on the eroded ground and you basically can’t do anything with that plant or the soil on which the plant lives. So why not make use of it?

Spekboom (aka Portulacaria afra) is a succulent that helps fight air pollution. It has the ability to 'sequester' or capture four to ten tons of carbon per hectare! Essentially, it acts as a carbon sponge, absorbing carbon from the atmosphere and turning it into plant matter.

They built a system that connects plantations and farmers (landowners) to everyone allowing to buy carbon credits

Plantations are always for sale as NFTs. Holding an NFT continuously generates verifiable carbon credits (ERC20 tokens). Corporations can burn carbon credits to transparently showcase they are carbon neutral. The Harberger tax received from the entities holding the always for sale NFTs, flows directly to the farmers for income and the upkeep of the spekboom plantations.

They used Ocean protocol to implement functionality where Carbon generation and Carbon use data gathered from our use-case. This is our step toward kick-starting a Data Economy!

To show where the spekboom plantations are they used FOAM to enable a crowdsourced map and decentralized location services.

CarbonCreditsClub (name of the team) won several awards at the hackathon and very well deserved. Kudos to the team: Denham, Jason, and Jonjon.

https://devpost.com/software/assetnomics https://carboncredits.club/

Hack-along

Mentors were allowed to participate in the hackathon, so I took advantage of that although I did not contribute that much as I wished. I was part of the Hack-along team (Liminal Village) together with Josh, Thomas, Pavle, Vlad, with a partial presence from Jakub (a very smart guy from Prague).

The system being designed intends to co-opt short term extractive behavior into long term resilience for people and planet via a triple bottom line of people, planet and profit. We want to outcompete (hyper)capitalism.

We split the pie (funds/resources) on the streams via a monthly proposal process that deploys a splitter. Personal streams are transferred directly to your personal wallet. Local streams go to a community DAO that uses liquid pledging to allocate funds into internal projects (like co-budget). The global stream is for when personal and local streams reach their cap when this happens excess overflows into ecosystem partner DAOs.

What's next for Hack-along? Harmonization phase back at the Village to tidy up and integrate various parts that have been contributed from a pluralistic whole.

We’re already forming new teams and doing preparation work for the Odyssey 2020 Hackathon.

Closing words

This hackathon was good, quality content, very knowledgeable people, very good tech being showcased and used, great talks (mostly technical) and great organization all around. Kudos to Jamie, Charlotte, Aron, Matt, Scott and everyone from the Diffusion team. I’m looking forward to the next hack!

#diffusion2019 #hackathon #blockchain #iot #berlin #ux #convergence #stack

0 notes

click2watch · 7 years ago

Text

Builders on Wall Street: Bitcoin Devs Host Lightning Hack Day

It was described as “not a normal conference.”

Sure, speakers took to the podium to present their futuristic ideas – a staple at the cryptocurrency space’s many, many conferences. But the Lightning Hackday, which took place in the heart of Wall Street on October 27th and 28th, was all-in-all more of a community-led endeavor with a heavy coding twist.

Throughout the two-day event, a hackathon whirred in the background. Tiny computers called Raspberry Pis dotted the tables and developers murmured amongst themselves about how to tweak the rules of the system while also not disrupting the incentive schemes.

This eclectic setup is maybe to be expected from a group of hackers building what they hope is the future of money.

Bitcoin’s lightning network is still in its early stages, but many hope it will fix bitcoin’s biggest underlying problems – that it’s simply too slow and clunky, and so doesn’t scale well for a future of mass adoption – at least, that is, without the help of a second layer.

“For those of you who don’t know, blockchains suck,” Chris Stewart, an engineer at blockchain data provider SuredBits, said when kicking off his talk.

That said, he and other developers hope the lightning network will change that.

Passions were so high, in fact, that it was hard to keep track of all the different projects on the floor. But one thing tied them all together – the interest in building for the technology’s potential as a payment mechanism for everyday purchases.

Indeed, Lightning Labs engineer Alex Bosworth admitted that lightning’s “killer app” – what takes it mainstream – might be as simple as that.

“I don’t know what the killer app is, maybe buying a cupcake is,” Bosworth told attendees during his talk.

Ideas, man

Bosworth, though suspects that the best ideas for using lightning haven’t even been created yet.

For comparison, he argued that the early developers behind Linux, the popular open-source operating system, could never have guessed how far the code would go.

“Were they thinking ‘Oh this will be deployed in a billion phones?” he said, implying that they probably didn’t – and couldn’t – have that kind of foresight when it was first deployed.

As such, Bosworth told the developers to not keep their big ideas a secret. And he took his own advice, sharing his many ideas for how lightning could be used in unique ways. For instance, he believes lightning could be used as a “monetized data layer,” with some retouching of the underlying software.

Right now, lightning works by passing around “little proofs” that are essentially “meaningless, random data,” Bosworth said. “But we could turn it into meaningful data,” added.

One idea: use lightning for passing around little pieces of a file, so that when they’re brought together they recreate the full file.

Bosworth also argued that lightning could be used to pay for enhanced payment privacy and to fuel a wave of “self-organizing” games, although, as Bosworth rattled off idea after idea, it was hard to keep up with just how these features would work in practice.

Still, he was only one developer sharing ideas at the event.

Hailing from Japan, Nayuta CEO Kenichi Kurimoto presented a lightning implementation that’s optimized for the “internet of things,” or the vast array of devices – from cars to TVs – that have enhanced capabilities thanks to being connected to the internet.

He sees great potential in this use case, arguing these connected machines might one day send payments between each other. And with that, he envisions that a “money owned by nobody” (i.e. bitcoin) will play a key role, since payments can be so cheap and various devices can execute them without the need for a third party.

Back to the basics

But with all of the futuristic, look-past-the-horizon ideas aside, another key focus of the Lightning Hackday was simply making lightning easier to use.

“There’s a lot going on, but there’s also not,” bitcoin enthusiast Toby Algya said, laughing about how difficult lightning is to set up. “I’m just trying to get lightning working. That’s my personal challenge for the day.”

In this regard, developers are still thinking about the bottom layer, which might someday help with these kinds of problems. For example, a tool called “lightning autopilot” could make things easier by automating the step where users have to set up a “channel” to use the network.

For one, Rene Pickhardt, a lightning developer and data science consultant, is working in this area and argues that these kinds of design questions are important to answer early.

“Why is it important to think about it early? If we grow lightning for a couple of years, we might find out topology is not that great,” he contended.

While Pickhardt offered some ideas at the Lightning Hackday, he noted that no solution is perfect since there’s a “tradeoff between privacy and the quality of recommendations.”

On a related note, a few key lightning developers are meeting in Australia next week to discuss the future of the project’s specifications. Pickhardt noted that the future of autopilot, including his implementation, is something high on their list to discuss.

Bosworth echoed that sentiment, saying that these kinds of technical tweaks are so vital that he’s going to hit pause on his big ideas – for now, at least – to focus on them. Case in point: he recently joined Lightning Labs on a full-time basis in order to work on the nuts-and-bolts aspect of the software.

“There are so many cool things that can be built on lightning, it’s important for the underlying protocol to work well,” he said, concluding:

“My priority is to get it there.”

Fearless girl statue image via Renee Leibler

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n; n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window, document,'script','//connect.facebook.net/en_US/fbevents.js');

fbq('init', '472218139648482'); fbq('init', '239547076708948'); fbq('track', "PageView"); This news post is collected from CoinDesk

Recommended Read

Editor choice

BinBot Pro – Safest & Highly Recommended Binary Options Auto Trading Robot

Do you live in a country like USA or Canada where using automated trading systems is a problem? If you do then now we ...

9.5

Demo & Pro Version Try It Now

Read full review

The post Builders on Wall Street: Bitcoin Devs Host Lightning Hack Day appeared first on Click 2 Watch.

More Details Here → https://click2.watch/builders-on-wall-street-bitcoin-devs-host-lightning-hack-day

#Click2Watch

0 notes

cryptoquicknews-blog · 7 years ago

Photo

New Post has been published here https://is.gd/Ypistk

Builders on Wall Street: Bitcoin Devs Host Lightning Hack Day

This post was originally published here

It was described as “not a normal conference.”

This eclectic setup is maybe to be expected from a group of hackers building what they hope is the future of money.

“For those of you who don’t know, blockchains suck,” Chris Stewart, an engineer at blockchain data provider SuredBits, said when kicking off his talk.

That said, he and other developers hope the lightning network will change that.

Indeed, Lightning Labs engineer Alex Bosworth admitted that lightning’s “killer app” – what takes it mainstream – might be as simple as that.

“I don’t know what the killer app is, maybe buying a cupcake is,” Bosworth told attendees during his talk.

Ideas, man

Bosworth, though suspects that the best ideas for using lightning haven’t even been created yet.

For comparison, he argued that the early developers behind Linux, the popular open-source operating system, could never have guessed how far the code would go.

“Were they thinking ‘Oh this will be deployed in a billion phones?” he said, implying that they probably didn’t – and couldn’t – have that kind of foresight when it was first deployed.

Right now, lightning works by passing around “little proofs” that are essentially “meaningless, random data,” Bosworth said. “But we could turn it into meaningful data,” added.

One idea: use lightning for passing around little pieces of a file, so that when they’re brought together they recreate the full file.

Still, he was only one developer sharing ideas at the event.

Back to the basics

But with all of the futuristic, look-past-the-horizon ideas aside, another key focus of the Lightning Hackday was simply making lightning easier to use.

For one, Rene Pickhardt, a lightning developer and data science consultant, is working in this area and argues that these kinds of design questions are important to answer early.

“Why is it important to think about it early? If we grow lightning for a couple of years, we might find out topology is not that great,” he contended.

While Pickhardt offered some ideas at the Lightning Hackday, he noted that no solution is perfect since there’s a “tradeoff between privacy and the quality of recommendations.”

“There are so many cool things that can be built on lightning, it’s important for the underlying protocol to work well,” he said, concluding:

“My priority is to get it there.”

Fearless girl statue image via Renee Leibler

#crypto #cryptocurrency #btc #xrp #litecoin #altcoin #money #currency #finance #news #alts #hodl #coindesk #cointelegraph #dollar #bitcoin View the website

New Post has been published here https://is.gd/Ypistk

#Uncategorized

0 notes

theinvinciblenoob · 7 years ago

Link

Calling all hackers, programmers and tech heads from around the world: The Hackathon at TechCrunch Disrupt SF 2018 is a virtual reality. We wanted something truly special to celebrate the biggest, most ambitious Disrupt event in history, so we launched the Virtual Hackathon. Thousands of the most highly skilled developers and coders will go head-to-head. But you only have about five weeks left to sign up and complete your hack, so you’d better hurry and sign up now.

Here’s how this super-sized Virtual Hackathon works. Show us how you’d produce and apply technology to solve different challenges. Our judges will review all eligible submitted hacks and rate them on a scale of 1-5 based on the quality of the idea, technical implementation of the idea and the idea’s potential impact. Here’s what you receive for your effort:

The 100 top-scoring teams get up to 5 Innovator Passes to attend TechCrunch Disrupt SF 2018

The 30 highest-scoring teams also get to go to the semifinals at Disrupt SF, where they will demo their crafty hack

Out of those 30 teams, we’ll pick 10 to pitch their product on The Next Stage in front of thousands of Disrupt SF attendees

One team will win the $10,000 grand prize to become the inaugural TechCrunch Disrupt Virtual Hackathon champ

Of course, every TechCrunch Hackathon is jam-packed with sponsored contests and prizes galore, and this one is no exception. We already told you about the contests sponsored by BYTON, TomTom and Viond, and now we’re thrilled to announce two new hack contests from the folks at Visa and HERE Mobility.

Visa

The Visa Developer Platform empowers developers to transform great ideas into new digital commerce experiences using Visa’s proprietary APIs. Over the last several years, Visa has fundamentally evolved both its platforms and how it works with partners and clients, to encourage a broadening of the commerce ecosystem. From geo-location to real-time alerts and tokenization, the Visa Developer Platform offers direct access to a growing number of APIs, tools, and support materials so developers can start building easier, faster, and more secure ways to power digital commerce.

In this digital age, consumers expect seamless experiences personalized to their needs. Point of sale is no longer a destination—it’s wherever and whenever the customer wants it. Help Visa reshape commerce and accelerate digital payment acceptance. Build an app that enhances the customer journey and helps provide seamless, secure payment experiences. Consider Visa’s unique payment network data to drive your innovation.

Think about one of the use cases below or create your own to build a solution:

Replace cash with Visa digital solutions to create a more secure way to pay

Leverage data to create value for our businesses, consumers and stakeholders

Build tools to help Small Businesses better manage finances

Create solutions to enable business-to-business payments using virtual accounts

We encourage exploring integrations of Visa Developer APIs with other solutions and capabilities.

Sponsor Prize: We’ve got a prize-pool of over $9K for the best three teams who use Visa Developer APIs. More details coming soon! Register now!

HERE Mobility

The HERE Mobility SDK provides direct access to the Mobility Marketplace so you can build integrated transportation experiences into your application. With this connection you’ll be able to create door-to-door mobility solutions for your users within your app to increase user engagement, customer loyalty, and daily active users.

Develop within your platform of choice with our SDK’s for iOS and Android or execute calls to the Mobility Marketplace through our web app API. Offer your users advanced mobility services such as ride hailing, booking, and ETA tracking, and map and location services covering everything from 2D/3D rendering to forward and reverse geocoding. Request access to the SDK by registering here and you’ll also need to register on Devpost here.

Workshop: Join Adi Rome, Head of the Mobility SDK, on Monday, the 2nd of July at 11 am ET for a tutorial session. During the session we’ll walk you through the Mobility Demand API, and Map & Location package, including sample use cases, workflows and demos. Register here.

Sponsor Prize: Best Use of the HERE Mobility SDK: $6,000 API: https://ift.tt/2MIQ4IO Contact: [email protected]

Competing in our virtual hackathon is free, and you can participate from anywhere. What the hack are you waiting for? Call your most talented dev friends, form your team and sign up today!

via TechCrunch

#IFTTT #TechCrunch

0 notes

ralphmorgan-blog1 · 7 years ago

Text

The Young and the Reckless

I. The Bumper

The trip to Delaware was only supposed to last a day. David Pokora, a bespectacled University of Toronto senior with scraggly blond hair down to his shoulders, needed to travel south to fetch a bumper that he’d bought for his souped-up Volkswagen Golf R.

The American seller had balked at shipping to Canada, so Pokora arranged to have the part sent to a buddy, Justin May, who lived in Wilmington. The young men, both ardent gamers, shared a fascination with the inner workings of the Xbox; though they’d been chatting and collaborating for years, they’d never met in person. Pokora planned to make the eight-hour drive on a Friday, grab a leisurely dinner with May, then haul the metallic-blue bumper back home to Mississauga, Ontario, that night or early the next morning. His father offered to tag along so they could take turns behind the wheel of the family’s Jetta.

An hour into their journey on March 28, 2014, the Pokoras crossed the Lewiston–Queenston Bridge and hit the border checkpoint on the eastern side of the Niagara Gorge. An American customs agent gently quizzed them about their itinerary as he scanned their passports in his booth. He seemed ready to wave the Jetta through when something on his monitor caught his eye.

“What’s … Xenon?” the agent asked, stumbling over the pronunciation of the word.

David, who was in the passenger seat, was startled by the question. Xenon was one of his online aliases, a pseudonym he often used—along with Xenomega and DeToX—when playing Halo or discussing his Xbox hacking projects with fellow programmers. Why would that nickname, familiar to only a handful of gaming fanatics, pop up when his passport was checked?

Pokora’s puzzlement lasted a few moments before he remembered that he’d named his one-man corporation Xenon Development Studios; the business processed payments for the Xbox service he operated that gave monthly subscribers the ability to unlock achievements or skip levels in more than 100 different games. He mentioned the company to the customs agent, making sure to emphasize that it was legally registered. The agent instructed the Pokoras to sit tight for just a minute longer.

May 2018. Subscribe to WIRED.

Zohar Lazar

As he and his father waited for permission to enter western New York, David detected a flutter of motion behind the idling Jetta. He glanced back and saw two men in dark uniforms approaching the car, one on either side. “Something’s wrong,” his father said, an instant before a figure appeared outside the passenger-side window. As a voice barked at him to step out of the vehicle, Pokora realized he’d walked into a trap.

In the detention area of the adjoining US Customs and Border Protection building, an antiseptic room with a lone metal bench, Pokora pondered all the foolish risks he’d taken while in thrall to his Xbox obsession. When he’d started picking apart the console’s software a decade earlier, it had seemed like harmless fun—a way for him and his friends to match wits with the corporate engineers whose ranks they yearned to join. But the Xbox hacking scene had turned sordid over time, its ethical norms corroded by the allure of money, thrills, and status. And Pokora had gradually become enmeshed in a series of schemes that would have alarmed his younger self: infiltrating game developers’ networks, counterfeiting an Xbox prototype, even abetting a burglary on Microsoft’s main campus.

Pokora had long been aware that his misdeeds had angered some powerful interests, and not just within the gaming industry; in the course of seeking out all things Xbox, he and his associates had wormed into American military networks too. But in those early hours after his arrest, Pokora had no clue just how much legal wrath he’d brought upon his head: For eight months he’d been under sealed indictment for conspiring to steal as much as $1 billion worth of intellectual property, and federal prosecutors were intent on making him the first foreign hacker to be convicted for the theft of American trade secrets. Several of his friends and colleagues would end up being pulled into the vortex of trouble he’d helped create; one would become an informant, one would become a fugitive, and one would end up dead.

Pokora could see his father sitting in a room outside the holding cell, on the other side of a thick glass partition. He watched as a federal agent leaned down to inform the elder Pokora, a Polish-born construction worker, that his only son wouldn’t be returning to Canada for a very long time; his father responded by burying his head in his calloused hands.

Gutted to have caused the usually stoic man such anguish, David wished he could offer some words of comfort. “It’s going to be OK, dad,” he said in a soft voice, gesturing to get his attention. “It’s going to be OK.” But his father couldn’t hear him through the glass.

II. Kindergarten Security Mistakes

Well before he could read or write, David Pokora mastered the intricacies of first-person shooters. There is a grainy video of him playing Blake Stone: Aliens of Gold in 1995, his 3-year-old fingers nimbly dancing around the keyboard of his parents’ off-brand PC. What captivated him about the game was not its violence but rather the seeming magic of its controls; he wondered how a boxy beige machine could convert his physical actions into onscreen motion. The kid was a born programmer.

Pokora dabbled in coding throughout elementary school, building tools like basic web browsers. But he became wholly enamored with the craft as a preteen on a family trip to Poland. He had lugged his bulky laptop to the sleepy town where his parents’ relatives lived. There was little else to do, so as chickens roamed the yards he passed the time by teaching himself the Visual Basic .NET programming language. The house where he stayed had no internet access, so Pokora couldn’t Google for help when his programs spit out errors. But he kept chipping away at his code until it was immaculate, a labor-intensive process that filled him with unexpected joy. By the time he got back home, he was hooked on the psychological rewards of bending machines to his will.

As Pokora began to immerse himself in programming, his family bought its first Xbox. With its ability to connect to multiplayer sessions on the Xbox Live service and its familiar Windows-derived architecture, the machine made Pokora’s Super Nintendo seem like a relic. Whenever he wasn’t splattering aliens in Halo, Pokora scoured the internet for technical information about his new favorite plaything. His wanderings brought him into contact with a community of hackers who were redefining what the Xbox could do.

To divine its secrets, these hackers had cracked open the console’s case and eavesdropped on the data that zipped between the motherboard’s various components—the CPU, the RAM, the Flash chip. This led to the discovery of what the cryptography expert Bruce Schneier termed “lots of kindergarten security mistakes.” For example, Microsoft had left the decryption key for the machine’s boot code lying around in an accessible area of the machine’s memory. When an MIT graduate student named Bunnie Huang located that key in 2002, he gave his hacker compatriots the power to trick the Xbox into booting up homebrew programs that could stream music, run Linux, or emulate Segas and Nintendos. All they had to do first was tweak their consoles’ firmware, either by soldering a so-called modchip onto the motherboard or loading a hacked game-save file from a USB drive.

Once Pokora hacked his family’s Xbox, he got heavy into tinkering with his cherished Halo. He haunted IRC channels and web forums where the best Halo programmers hung out, poring over tutorials on how to alter the physics of the game. He was soon making a name for himself by writing Halo 2 utilities that allowed players to fill any of the game’s landscapes with digitized water or change blue skies into rain.

The hacking free-for-all ended with the release of the second-generation Xbox, the Xbox 360, in November 2005. The 360 had none of the glaring security flaws of its predecessor, to the chagrin of programmers like the 13-year-old Pokora who could no longer run code that hadn’t been approved by Microsoft. There was one potential workaround for frustrated hackers, but it required a rare piece of hardware: an Xbox 360 development kit.

Dev kits are the machines that Microsoft-approved developers use to write Xbox content. To the untrained eye they look like ordinary consoles, but the units contain most of the software integral to the game development process, including tools for line-by-line debugging. A hacker with a dev kit can manipulate Xbox software just like an authorized programmer.

Microsoft sends dev kits only to rigorously screened game-development companies. In the mid-2000s a few kits would occasionally become available when a bankrupt developer dumped its assets in haste, but for the most part the hardware was seldom spotted in the wild. There was one hacker, however, who lucked into a mother lode of 360 dev kits and whose eagerness to profit off his good fortune would help Pokora ascend to the top of the Xbox scene.

Meet the cast of characters behind the Xbox Underground.

Gifted Canadian hacker and the brains of the Xbox Underground.

Programmer who made millions by tricking FIFA Soccer into minting virtual coins.

Australian teenage hacker who turned reckless as the FBI closed in.

Pokora's friend in Delaware, arrested in 2010 for trying to steal a game's source code.

Abruptly vanished from the Xbox hacking scene, causing widespread paranoia.

Owner of a hacked modem that he used to help the Xbox Underground steal software.

III. The Only Education That Mattered

In 2006, while working as a Wells Fargo technology manager in Walnut Creek, California, 38-year-old Rowdy Van Cleave learned that a nearby recycling facility was selling Xbox DVD drives cheap. When he went to inspect the merchandise, the facility’s owners mentioned they received regular deliveries of surplus Microsoft hardware. Van Cleave, who’d been part of a revered Xbox-hacking crew called Team Avalaunch, volunteered to poke around the recyclers’ warehouse and point out any Xbox junk that might have resale value.

After sifting through mountains of Xbox flotsam and jetsam, Van Cleave talked the recyclers into letting him take home five motherboards. When he jacked one of them into his Xbox 360 and booted it up, the screen gave him the option to activate debugging mode. “Holy shit,” Van Cleave thought, “this is a frickin’ dev motherboard!”

Aware that he had stumbled on the Xbox scene’s equivalent of King Tut’s tomb, Van Cleave cut a deal with the recyclers that let him buy whatever discarded Xbox hardware came their way. Some of these treasures he kept for his own sizable collection or handed out to friends; he once gave another Team Avalaunch member a dev kit as a wedding present. But Van Cleave was always on the lookout for paying customers he could trust to be discreet.

The 16-year-old Pokora became one of those customers in 2008, shortly after meeting Van Cleave through an online friend and impressing him with his technical prowess. In addition to buying kits for himself, Pokora acted as a salesman for Van Cleave, peddling hardware at significant markup to other Halo hackers; he charged around $1,000 per kit, though desperate souls sometimes ponied up as much as $3,000. (Van Cleave denies that Pokora sold kits on his behalf.) He befriended several of his customers, including a guy named Justin May who lived in Wilmington, Delaware.

Now flush with dev kits, Pokora was able to start modifying the recently released Halo 3. He kept vampire hours as he hacked, coding in a trancelike state that he termed “hyperfocus” until he dropped from exhaustion at around 3 or 4 am. He was often late for school, but he shrugged off his slumping grades; he considered programming on his dev kit to be the only education that mattered.

Pokora posted snippets of his Halo 3 work on forums like Halomods.com, which is how he came to the attention of a hacker in Whittier, California, named Anthony Clark. The 18-year-old Clark had experience disassembling Xbox games—reverse-engineering their code from machine language into a programming language. He reached out to Pokora and proposed that they join forces on some projects.

Clark and Pokora grew close, talking nearly every day about programming as well as music, cars, and other adolescent fixations. Pokora sold Clark a dev kit so they could hack Halo 3 in tandem; Clark, in turn, gave Pokora tips on the art of the disassembly. They cowrote a Halo 3 tool that let them endow the protagonist, Master Chief, with special skills—like the ability to jump into the clouds or fire weird projectiles. And they logged countless hours playing their hacked creations on PartnerNet, a sandbox version of Xbox Live available only to dev kit owners.

As they released bits and pieces of their software online, Pokora and Clark began to hear from engineers at Microsoft and Bungie, the developer behind the Halo series. The professional programmers offered nothing but praise, despite knowing that Pokora and Clark were using ill-gotten dev kits. Cool, you did a good job of reverse-engineering this, they’d tell Pokora. The encouraging feedback convinced him that he was on an unorthodox path to a career in game development—perhaps the only path available to a construction worker’s son from Mississauga who was no classroom star.

But Pokora and Clark occasionally flirted with darker hijinks. By 2009 the pair was using PartnerNet not only to play their modded versions of Halo 3 but also to swipe unreleased software that was still being tested. There was one Halo 3 map that Pokora snapped a picture of and then shared too liberally with friends; the screenshot wound up getting passed around among Halo fans. When Pokora and Clark next returned to PartnerNet to play Halo 3, they encountered a message on the game’s main screen that Bungie engineers had expressly left for them: “Winners Don’t Break Into PartnerNet.”

The two hackers laughed off the warning. They considered their mischief all in good fun—they’d steal a beta here and there, but only because they loved the Xbox so much, not to enrich themselves. They saw no reason to stop playing cat and mouse with the Xbox pros, whom they hoped to call coworkers some day.

IV. I Mean, It's Just Videogames

The Xbox 360 remained largely invulnerable until late 2009, when security researchers finally identified a weakness: By affixing a modchip to an arcane set of motherboard pins used for quality-assurance testing, they managed to nullify the 360’s defenses. The hack came to be known as the JTAG, after the Joint Test Action Group, the industry body that had recommended adding the pins to all printed circuit boards in the mid-1980s.

When news of the vulnerability broke, Xbox 360 owners rushed to get their consoles JTAGed by services that materialized overnight. With 23 million subscribers now on Xbox Live, multiplayer gaming had become vastly more competitive, and a throng of gamers whom Pokora dubbed “spoiled kids with their parents’ credit cards” were willing to go to extraordinary lengths to humiliate their rivals.

For Pokora and Clark, it was an opportunity to cash in. They hacked the Call of Duty series of military-themed shooters to create so-called modded lobbies—places on Xbox Live where Call of Duty players could join games governed by reality-bending rules. For fees that ranged up to $100 per half-hour, players with JTAGed consoles could participate in death matches while wielding superpowers: They could fly, walk through walls, sprint with Flash-like speed, or shoot bullets that never missed their targets.

For an extra $50 to $150, Pokora and Clark also offered “infections”—powers that players’ characters would retain when they joined nonhacked games. Pokora was initially reluctant to sell infections: He knew his turbocharged clients would slaughter their hapless opponents, a situation that struck him as contrary to the spirit of gaming. But then the money started rolling in—as much as $8,000 on busy days. There were so many customers that he and Clark had to hire employees to deal with the madness. Swept up in the excitement of becoming an entrepreneur, Pokora forgot all about his commitment to fairness. It was one more step down a ladder he barely noticed he was descending.

Microsoft tried to squelch breaches like the Call of Duty cheats by launching an automated system that could detect JTAGed consoles and ban them. But Pokora reverse-engineered the system and devised a way to beat it: He wrote a program that hijacked Xbox Live’s security queries to an area of the console where they could be filled with false data, and thus be duped into certifying a hacked console.

Pokora reveled in the perks of his success. He still lived with his parents, but he paid his tuition as he entered the University of Toronto in the fall of 2010. He and his girlfriend dined at upscale restaurants every night and stayed at $400-a-night hotels as they traveled around Canada for metal shows. But he wasn’t really in it for the money or even the adulation of his peers; what he most coveted was the sense of glee and power he derived from making $60 million games behave however he wished.

Pokora knew there was a whiff of the illegal about his Call of Duty business, which violated numerous copyrights. But he interpreted the lack of meaningful pushback from either Microsoft or Activision, Call of Duty’s developer, as a sign that the companies would tolerate his enterprise, much as Bungie had put up with his Halo 3 shenanigans. Activision did send a series of cease-and-desist letters, but the company never followed through on its threats.

“I mean, it’s just videogames,” Pokora told himself whenever another Activision letter arrived. “It’s not like we’re hacking into a server or stealing anyone’s information.” That would come soon enough.

V. Tunnels

Dylan Wheeler, a hacker in Perth, Australia, whose alias was SuperDaE, knew that something juicy had fallen into his lap. An American friend of his who went by the name Gamerfreak had slipped him a password list for the public forums operated by Epic Games, a Cary, North Carolina, game developer known for its Unreal and Gears of War series. In 2010 Wheeler started poking around the forums’ accounts to see if any of them belonged to Epic employees. He eventually identified a member of the company’s IT department whose employee email address and password appeared on Gamerfreak’s list; rummaging through the man’s personal emails, Wheeler found a password for an internal EpicGames.com account.

Once he had a toehold at Epic, Wheeler wanted a talented partner to help him sally deeper into the network. “Who is big enough to be interested in something like this?” he wondered. Xenomega—David Pokora—whom he’d long admired from afar and was eager to befriend, was the first name that popped to mind. Wheeler cold-messaged the Canadian and offered him the chance to get inside one of the world’s preeminent game developers; he didn’t mention that he was only 14, fearing that his age would be a deal breaker.

What Wheeler was proposing was substantially shadier than anything Pokora had attempted before: It was one thing to download Halo maps from the semipublic PartnerNet and quite another to break into a fortified private network where a company stores its most sensitive data. But Pokora was overwhelmed by curiosity about what software he might unearth on Epic’s servers and titillated by the prospect of reverse-engineering a trove of top-secret games. And so he rationalized what he was about to do by setting ground rules—he wouldn’t take any credit card numbers, for example, nor peek at personal information about Epic’s customers.

Pokora and Wheeler combed through Epic’s network by masquerading as the IT worker whose login credentials Wheeler had compromised. They located a plugged-in USB drive that held all of the company’s passwords, including one that gave them root access to the entire network. Then they pried into the computers of Epic bigwigs such as design director Cliff “CliffyB” Bleszinski; the pair chortled when they opened a music folder that Bleszinski had made for his Lamborghini and saw that it contained lots of Katy Perry and Miley Cyrus tunes. (Bleszinski, who left Epic in 2012, confirms the hackers’ account, adding that he’s “always been public and forthright about my taste for bubblegum pop.”)

To exfiltrate Epic’s data, Wheeler enlisted the help of Sanadodeh “Sonic” Nesheiwat, a New Jersey gamer who possessed a hacked cable modem that could obfuscate its location. In June 2011 Nesheiwat downloaded a prerelease copy of Gears of War 3 from Epic, along with hundreds of gigabytes of other software. He burned Epic’s source code onto eight Blu-ray discs that he shipped to Pokora in a package marked wedding videos. Pokora shared the game with several friends, including his dev kit customer Justin May; within days a copy showed up on the Pirate Bay, a notorious BitTorrent site.

The Gears of War 3 leak triggered a federal investigation, and Epic began working with the FBI to determine how its security had been breached. Pokora and Wheeler found out about the nascent probe while reading Epic’s emails; they freaked out when one of those emails described a meeting between the company’s brain trust and FBI agents. “I need your help—I’m going to get arrested,” a panicked Pokora wrote to May that July. “I need to encrypt some hard drives.”

But the email chatter between Epic and the FBI quickly died down, and the company made no apparent effort to block the hackers’ root access to the network—a sign that it couldn’t pinpoint their means of entry. Having survived their first brush with the law, the hackers felt emboldened—the brazen Wheeler most of all. He kept trespassing on sensitive areas of Epic’s network, making few efforts to conceal his IP address as he spied on high-level corporate meetings through webcams he’d commandeered. “He knowingly logs into Epic knowing that the feds chill there,” Nesheiwat told Pokora about their Australian partner. “They were emailing FBI people, but he still manages to not care.”

Owning Epic’s network gave the hackers entrée to a slew of other organizations. Pokora and Wheeler came across login credentials for Scaleform, a so-called middleware company that provided technology for the engine at the heart of Epic’s games. Once they’d broken into Scaleform, they discovered that the company’s network was full of credentials for Silicon Valley titans, Hollywood entertainment conglomerates, and Zombie Studios, the developer of the Spec Ops series of games. On Zombie’s network they uncovered remote-access “tunnels” to its clients, including branches of the American military. Wriggling through those poorly secured tunnels was no great challenge, though Pokora was wary of leaving behind too many digital tracks. “If they notice any of this,” he told the group, “they’re going to come looking for me.”

As the scale of their enterprise increased, the hackers discussed what they should do if the FBI came knocking. High off the feeling of omnipotence that came from burrowing into supposedly impregnable networks, Pokora proposed releasing all of Epic’s proprietary data as an act of revenge: “If we ever go disappearing, just, you know, upload it to the internet and say fuck you Epic.”

The group also cracked jokes about what they should call their prison gang. Everyone dug Wheeler’s tongue-in-cheek suggestion that they could strike fear into other inmates’ hearts by dubbing themselves the Xbox Underground.

VI. How Do We End It?

Pokora was becoming ever more infatuated with his forays into corporate networks, and his old friends from the Xbox scene feared for his future. Kevin Skitzo, a Team Avalaunch hacker, urged him to pull back from the abyss. “Dude, just stop this shit,” he implored Pokora. “Focus on school, because this shit? I mean, I get it—it’s a high. But as technology progresses and law enforcement gets more aware, you can only dodge that bullet for so long.”

But Pokora was too caught up in the thrill of stockpiling forbidden software to heed this advice. In September 2011 he stole a prerelease copy of Call of Duty: Modern Warfare 3. “Let’s get arrested,” he quipped to his friends as he started the download.

Though he was turning cocky as he swung from network to network without consequence, Pokora still took pride in how little he cared about money. After seizing a database that contained “a fuckton of PayPals,” Pokora sang his own praises to his associates for resisting the temptation to profit off the accounts. “We could already have sold them for Bitcoins which would have been untraceable if we did it right. It could have already been easily an easy fifty grand.”

But with each passing week, Pokora became a little bit more mercenary. In November 2011, for example, he asked his friend May to broker a deal with a gamer who went by Xboxdevguy, who’d expressed an interest in buying prerelease games. Pokora was willing to deliver any titles Xboxdevguy desired for a few hundred dollars each.

Pokora’s close relationship with May made his hacker cohorts uneasy. They knew that May had been arrested at a Boston gaming convention in March 2010 for trying to download the source code for the first-person shooter Breach. A spokesperson for the game’s developer told the tech blog Engadget that, upon being caught after a brief foot chase, May had said he “could give us bigger and more important people and he could ‘name names.’” But Pokora trusted May because he’d watched him participate in many crooked endeavors; he couldn’t imagine that anyone in cahoots with law enforcement would be allowed to do so much dirt.

By the spring of 2012, Pokora and Wheeler were focused on pillaging the network of Zombie Studios. Their crew now included two new faces from the scene: Austin “AAmonkey” Alcala, an Indiana high school kid, and Nathan “animefre4k” Leroux, the homeschooled son of a diesel mechanic from Bowie, Maryland. Leroux, in particular, was an exceptional talent: He’d cowritten a program that could trick Electronic Arts’ soccer game FIFA 2012 into minting the virtual coins that players get for completing matches, and which are used to buy character upgrades.

While navigating through Zombie’s network, the group stumbled on a tunnel to a US Army server; it contained a simulator for the AH-64D Apache helicopter that Zombie was developing on a Pentagon contract. Ever the wild man, Wheeler downloaded the software and told his colleagues they should “sell the simulators to the Arabs.”

The hackers were also busy tormenting Microsoft, stealing documents that contained specs for an early version of the Durango, the codename for the next-generation Xbox—a machine that would come to be known as the Xbox One. Rather than sell the documents to a Microsoft competitor, the hackers opted for a more byzantine scheme: They would counterfeit and sell a Durango themselves, using off-the-shelf components. Leroux volunteered to do the assembly in exchange for a cut of the proceeds; he needed money to pay for online computer science classes at the University of Maryland.

The hackers put out feelers around the scene and found a buyer in the Seychelles who was willing to pay $5,000 for the counterfeit console. May picked up the completed machine from Leroux’s house and promised to ship it to the archipelago in the Indian Ocean.

But the Durango never arrived at its destination. When the buyer complained, paranoia set in: Had the FBI intercepted the shipment? Were they now all under surveillance?

Wheeler was especially unsettled: He’d thought the crew was untouchable after the Epic investigation appeared to stall, but now he felt certain that everyone was about to get hammered by a racketeering case. “How do we end this game?” he asked himself. The answer he came up with was to go down in a blaze of glory, to do things that would ensure his place in Xbox lore.

Wheeler launched his campaign for notoriety by posting a Durango for sale on eBay, using photographs of the one that Leroux had built. The bidding for the nonexistent machine reached $20,100 before eBay canceled the auction, declaring it fraudulent. Infuriated by the media attention the saga generated, Pokora cut off contact with Wheeler.

A few weeks later, Leroux vanished from the scene; rumors swirled that he’d been raided by the FBI. Americans close to Pokora began to tell him they were being tailed by black cars with tinted windows. The hackers suspected there might be an informant in their midst.

VII. Person A

The relationship between Pokora and Clark soured as Pokora got deeper into hacking developers. The two finally fell out over staffing issues at their Call of Duty business—for example, they hired some workers whom Pokora considered greedy, but Clark refused to call them out. Sick of dealing with such friction, both men drifted into other ventures. Pokora focused on Horizon, an Xbox cheating service that he built on the side with some friends; he liked that Horizon’s cheats couldn’t be used on Xbox Live, which meant fewer potential technical and legal headaches. Clark, meanwhile, refined Leroux’s FIFA coin-minting technology and started selling the virtual currency on the black market. Austin Alcala, who’d participated in the hack of Zombie Studios and the Xbox One counterfeiting caper, worked for Clark’s new venture.

As the now 20-year-old Pokora split his energies between helping to run Horizon and attending university, Wheeler continued his kamikaze quest for attention. In the wake of his eBay stunt, Microsoft sent a private investigator named Miles Hawkes to Perth to confront him. Wheeler posted on Twitter about meeting “Mr. Microsoft Man,” who pressed him for information about his collaborators over lunch at the Hyatt. According to Wheeler, Hawkes told him not to worry about any legal repercussions, as Microsoft was only interested in going after “real assholes.” (Microsoft denies that Hawkes said this.)

In December 2012 the FBI raided Sanadodeh Nesheiwat’s home in New Jersey. Nesheiwat posted an unredacted version of the search warrant online. Wheeler reacted by doxing the agents in a public forum and encouraging people to harass them; he also spoke openly about hiring a hitman to murder the federal judge who’d signed the warrant.

Wheeler’s bizarre compulsion to escalate every situation alarmed federal prosecutors, who’d been carefully building a case against the hackers since the Gears of War leak in June 2011. Edward McAndrew, the assistant US attorney who was leading the investigation, felt he needed to accelerate the pace of his team’s work before Wheeler sparked real violence.

On the morning of February 19, 2013, Wheeler was working in his family’s home in Perth when he noticed a commotion in the yard below his window. A phalanx of men in light tactical gear was approaching the house, Glocks holstered by their sides. Wheeler scrambled to shut down all of his computers, so that whoever would be dissecting his hardware would at least have to crack his passwords.

Over the next few hours, Australian police carted away what Wheeler estimated to be more than $20,000 worth of computer equipment; Wheeler was miffed that no one bothered to place his precious hard drives in antistatic bags. He wasn’t jailed that day, but his hard drives yielded a bounty of incriminating evidence: Wheeler had taken frequent screenshots of his hacking exploits, such as a chat in which he proposed running “some crazy program to fuck the fans up” on Zombie Studios’ servers.

That July, Pokora told Justin May he was about to attend Defcon, the annual hacker gathering in Las Vegas—his first trip across the border in years. On July 23, McAndrew and his colleagues filed a sealed 16-count indictment against Pokora, Nesheiwat, and Leroux, charging them with crimes including wire fraud, identify theft, and conspiracy to steal trade secrets; Wheeler and Gamerfreak, the original source of the Epic password list, were named as unindicted coconspirators. (Alcala would be added as a defendant four months later.) The document revealed that much of the government’s case was built on evidence supplied by an informant referred to as Person A. He was described as a Delaware resident who had picked up the counterfeit Durango from Leroux’s house, then handed it over to the FBI.

Prosecutors also characterized the defendants as members of the “Xbox Underground.” Wheeler’s prison-gang joke was a joke no longer.

The hackers cracked jokes about what they should call their prison gang. Everyone dug Wheeler's tongue-in-cheek suggestion that they could strike fear into the hearts of other inmates by dubbing themselves the Xbox Underground.

Though he knew nothing about the secret indictment, Pokora was too busy to go to Defcon and pulled out at the last minute. The FBI worried that arresting his American coconspirators would spur him to go on the lam, so the agency decided to wait for him to journey south before rolling up the crew.

Two months later, Pokora went to the Toronto Opera House for a show by the Swedish metal band Katatonia. His phone buzzed as a warm-up act was tearing through a song—it was Alcala, now a high school senior in Fishers, Indiana. He was tittering with excitement: He said he knew a guy who could get them both the latest Durango prototypes—real ones, not counterfeits like the machine they’d made the summer before. His connection was willing to break into a building on Microsoft’s Redmond campus to steal them. In exchange, the burglar was demanding login credentials for Microsoft’s game developer network plus a few thousand dollars. Pokora was baffled by the aspiring burglar’s audacity. “This guy’s stupid,” he thought. But after years of pushing his luck, Pokora was no longer in the habit of listening to his own common sense. He told Alcala to put them in touch.

The burglar was a recent high school graduate named Arman, known on the scene as ArmanTheCyber. (He agreed to share his story on the condition that his last name not be used.) A year earlier he’d cloned a Microsoft employee badge that belonged to his mother’s boyfriend; he’d been using the RFID card to explore the Redmond campus ever since, passing as an employee by dressing head to toe in Microsoft swag. (Microsoft claims he didn’t copy the badge but rather stole it.) The 18-year-old had already stolen one Durango for personal use; he was nervous about going back for more but also brimming with the recklessness of youth.

Around 9 pm on a late September night, Arman swiped himself into the building that housed the Durangos. A few engineers were still roaming the hallways; Arman dove into a cubicle and hid whenever he heard footsteps. He eventually climbed the stairs to the fifth floor, where he’d heard there was a cache of Durangos. As he started to make his way into the darkened floor, motion detectors sensed his presence and light flooded the room. Spooked, Arman bolted back downstairs.

He finally found what he was looking for in two third-floor cubicles. One of the Durangos had a pair of stiletto heels atop the case; Arman put the two consoles in his oversize backpack and left the fancy shoes on the carpet.

A week after he sent the stolen Durangos to Pokora and Alcala, Arman received some surprising news: A Microsoft vendor had finally reviewed an employment application he’d submitted that summer and hired him as a quality-assurance tester. He lasted only a couple weeks on the job before investigators identified him as the Durango thief; a stairwell camera had caught him leaving the building. To minimize the legal fallout, he begged Pokora and Alcala to send back the stolen consoles. He also returned the Durango he’d taken for himself, and not a moment too soon: Jealous hackers had been scoping out his house online, as a prelude to executing a robbery.

Pokora spent all winter hacking the Xbox 360’s games for Horizon. But as Toronto was beginning to thaw out in March 2014, he figured he could spare a weekend to drive down to Delaware and pick up the bumper he’d ordered for his Volkswagen Golf.

“Y’know, there’s a chance I could get arrested,” he told his dad as they prepared to leave. His father had no idea what he was talking about and cracked a thin smile at what was surely a bad joke.

VIII. "This Life Ain't For You"

After an initial appearance at the federal courthouse in Buffalo and a few days in a nearby county jail, Pokora was loaded into a van alongside another federal inmate, a gang member with a powerlifter’s arms and no discernible neck. They were being transported to a private prison in Ohio, where Pokora would be held until the court in Delaware was ready to start its proceedings against him. For kicks, he says, the guards tossed the prisoners’ sandwiches onto the floor of the van, knowing that the tightly shackled men couldn’t reach them.

During the three-hour journey, the gang member, who was serving time for beating a man with a hammer, counseled Pokora to do whatever was necessary to minimize his time behind bars. “This life ain’t for you,” he said. “This life ain’t for nobody, really.”

Pokora took those words to heart when he was finally brought to Delaware in early April 2014. He quickly accepted the plea deal that was offered, and he helped the victimized companies identify the vulnerabilities he’d exploited—for example, the lightly protected tunnels that let him hopscotch among networks. As he sat in rooms and listened to Pokora explain his hacks with professorial flair, McAndrew, the lead prosecutor, took a shine to the now 22-year-old Canadian. “He’s a very talented kid who started down a bad path,” he says. “A lot of times when you’re investigating these things, you have to have a certain level of admiration for the brilliance and creativity of the work. But then you kind of step back and say, ‘Here’s where it went wrong.’”

One day, on the way from jail to court, Pokora was placed in a marshal’s vehicle with someone who looked familiar—a pale 20-year-old guy with a wispy build and teeth marred by a Skittles habit. It was Nathan Leroux, whom Pokora had never met in person but recognized from a photo. He had been arrested on March 31 in Madison, Wisconsin, where he’d moved after the FBI raid that had scared him into dropping out of the Xbox scene. He’d been flourishing in his new life as a programmer at Human Head Studios, a small game developer, when the feds showed up to take him into custody.

As he and Leroux rode to court in shackles, Pokora tried to pass along the gang member’s advice. “Look, a lot of this was escalated because of DaE—DaE’s an asshole,” he said, using the shorthand of Wheeler’s nickname, SuperDaE. “You can rat on me or do whatever, because you don’t deserve this shit. Let’s just do what we got to do and get out of here.”

Unlike Pokora, Leroux was granted bail and was allowed to live with his parents as his case progressed. But as he lingered at his Maryland home, he grew convinced that, given his diminutive stature and shy nature, he was doomed to be raped or murdered if he went to prison. His fear became so overpowering that, on June 16, he clipped off his ankle monitor and fled.

He paid a friend to try to smuggle him into Canada, nearly 400 miles to the north. But their long drive ended in futility: The Canadians flagged the car at the border. Rather than accept that his escape had failed, Leroux pulled out a knife and tried to sprint across the bridge onto Canadian soil. When officers surrounded him, he decided he had just one option left: He stabbed himself multiple times. Doctors at an Ontario hospital managed to save his life. Once he was released from intensive care and transported back to Buffalo, his bail was revoked.

When it came time for Pokora’s sentencing, his attorney argued for leniency by contending that his client had lost the ability to differentiate play from crime. “David in the real world was something else entirely from David online,” he wrote in his sentencing memorandum. “But it was in this tenebrous world of anonymity, frontier rules, and private communication set at a remove from everyday life that David was incrementally desensitized to an online culture in which the line between playing a videogame and hacking into a computer network narrowed to the vanishing point.”

After pleading guilty, Pokora, Leroux, and Nesheiwat ultimately received similar punishments: 18 months in prison for Pokora and Nesheiwat, 24 months for Leroux. Pokora did the majority of his time at the Federal Detention Center in Philadelphia, where he made use of the computer room to send emails or listen to MP3s. Once, while waiting for a terminal to open up, a mentally unstable inmate got in his face, and Pokora defended himself so he wouldn’t appear weak; the brawl ended when a guard blasted him with pepper spray. After finishing his prison sentence, Pokora spent several more months awaiting deportation to Canada in an immigration detention facility in Newark, New Jersey. That jail had PCs in the law library, and Pokora got to use his hacker skills to find and play a hidden version of Microsoft Solitaire.