or: How to earn 2000 Ether in less than 20 minutes
For the past few month, I have been working with Subutai, and I thought I would have a look at some of the possibilities with my engineering glasses on.
Subutai is an Open Source Peer to Peer Cloud platform and while open source cloud stuff have been seen before (Docker for example), Subutai is promising some quite unique features and possibilities.
A few days back on the official Subutai Blog, the founder and CTO of OptDyn (the company behind Subutai) Alex Karasulu made a new blog post. In that blog post, he mention:
Perhaps the most attractive application blueprint is our just released Blockchain-in-a-Box, which offers a private blockchain with a full development and test environment for Solidity Smart Contracts (available now on the Bazaar!). Over the next few releases you’ll see more new features that will make the P2P cloud irresistible.
Well, while the idea definitely wasn’t mine, I am the guy responsible for any and all bugs and quirks in that blueprint, so let me walk through what it does, and what it can do, starting pretty much with nothing but a browser and a working Internet connection.
Once signed up and logged in, a Peer is needed to install our Blockchain in a Box.
Blockchain in a Box is quite a resource demanding blueprint, so ideally it should be run on a private Peer. Subutai does provide a number of free peers, so for this walk through I will be using one of those. Head to the Peer section in the left sidebar and select one or more peers as favorites.
Once a few peers has been added as favorites, head over to the “Products” and select the “Application Blueprints” tab. On the Application Blueprints, select the “Blockchain in a Box”:
Once clicking on the “Build” button, a dialog of settings will be shown:
Let me briefly run through these settings.
The first “ethereumPassword” is the password for the first account on a Private blockchain. The value is ignored if either testnet or rinkeby is used.
The “ethereumNetworkId” is the id of the blockchain if a private blockchain is used.
The “ethereumNetork” can be set to either “testnet” (Ropsten), “rinkeby” or “private”. If private is selected, network id and password _must_ be set.
The “environmentName” is – well – the name of the environment (doh!). You can only have one environment with a specific name so this is most relevant when deploying more than one.
Finally the “containerSize”. It can be selected between “LARGE” or “HUGE”.
When done filling in the options, click “Start”.
On the next screen, ports can be exposed. The Blockchain in a Box blueprint doesn’t expose any ports, so click “Next”.
On this screen a Peer must be selected. Blockchain in a Box uses only one peer and Subutai Bazaar will already have selected the best of the available peers:
Click “Next” and on the final screen, click “Finish”.
Subutai will now build the “Environment”. The environment will consist of two containers:
One of these containers will contain the actual Blockchain in a Box, while the other (ansible-server) is responsible for running Ansible.
The build itself will take a while (I have seen 30 minutes on my own private peer with a slow Internet connection and perhaps 10 minutes on a peer with a fast Internet connection).
Once the Ansible playbook has been fully executed, we can use the Subutai Control Center to access the Blockchain in a Box:
To verify that our private blockchain is indeed running and mining, double click on the “Mist” icon on the desktop:
2180 Ether in less than 20 minutes! Only with Subutai! Too bad they are not real, but I am sure they will figure out how to do that too 🙂
In the next post I will write more about how to actually develop a smart contract on this private blockchain.
I use Paypal quite a lot for handling online purchases. One problem with Paypal is that none of the big electronic component suppliers support it, so I have been looking at easier ways to handle that.
A few weeks ago, a friend of mine pointed me to Payoneer. According to their web site they will provide you with a US account and provide you with a prepaid master card for said account. They also specifically stress Paypal in the FAQ:
Initially I was quite impressed with Payoneer’s service – I had my spankling new Mastercard within a week or so and activating it took seconds. Now I had a Mastercard with a balance of zero, so I wanted to transfer some funds from my Paypal account.
To make a long story short – adding the account to Paypal turned out to be impossible and a phone call to Paypal’s helpdesk confirmed my suspicion – Paypal do NOT support Payoneer after too many fradulent accounts.
Payoneer could possibly argue that this is a Paypal problem and that is indeed partially true. However, IF Payoneer is still guilty of lying on their web-site, so I’ll say this is a Payoneer problem.
I live within 2 minutes walk from a street packed with restaurants and bars, probably more than 30 of them. Most – if not all – of these, provide WiFi Internet access as a service for their customers, and most – if not all – of these put their servers and point-of-sales (POS) terminals on the same network.
Of course it is pretty easy to understand what is happening here. The restaurant or bar owner know little, or nothing, about IT. The vendor or supplier of the point of sales system cares little, or not at all, about anything except selling point of sales terminals, and while this vendor will probably be tasked with setting up the network, their staff know next to nothing about the consequences of their decisions.
As a result, anybody who can connect to the outlet’s public WiFi can poke around the network with absolutely no risk of being detected. This in turn leads to a number of “interesting” problems.
The very first problem is that these uncontrolled public WiFi networks put the owner at an enormous risk resulting from potential illegal actions performed by the users. This could range from piracy (downloading copyrighted material) to serious offences such as distribution of child pornography. Since most of these semi-public WiFi access points uses a shared password that is distributed to all customers on request (if not actually pasted on the wall somewhere) there is no way the individual users can be identified.
Click on the image to go to the original article.
Or another one:
Click on the image to go to the original article.
Denial of Service
The second potential problem is various means of denial-of-service (DoS) attacks. Having a device on the same network as servers and POS terminals, it would be relatively easy to render the Internet connection or indeed the network itself completely useless. Downloading a popular bittorrent could easily fill the available bandwidth completely, and ARP flooding/poisoning could easily be used to ensure that the entire network would only serve one specific client.
I honestly do not know if a typical POS terminal will continue operating if the server is unreachable, but I imagine this could potentially put the POS terminal out of service for the duration of the attack.
Finally network sniffing. ARP flooding/poisoning/spoofing will trick most – if not all – cheap consumer access points, which means it is trivial for anybody who is connected to capture all network traffic. That includes traffic from other customer’s phones, tablets and laptops, and traffic from and between the point of sales terminals and the server (presumably running a centralized accounting application of some sort). This all sounds pretty nerdy and something that would require significant skills. Think again! Hell – I got an app for my Android phone which will quite happily do this for me – without any knowledge needed whatsoever (DroidSheep).
DroidSheep is a bit of a toy really. It will collect “sessions” for a number of services (Google, Facebook, Email etc.) but that is about it. There are of course more serious tools available. An application such as Ettercap is potentially much more dangerous. Ettercap will, like DroidSheep, use ARP poisoning to ensure that all network traffic is captured. It also contains plugins that can trick servers into sending passwords in clear text (or at least in a form that can be analyzed and cracked later) or force the servers to disconnect from the network.
To solve the problems listed above, a number of changes needs to be implemented:
This one is so simple it is almost a no-brainer. When putting together a network of potentially vulnerable servers, make sure that network is isolated completely from unknown users.
Force users to “sign-up” with a valid e-mail address so that the users can be identified.
Separate Exit Strategies
Route unknown users through an anonymizing network such as for example Tor. This would ensure that no illegal traffic can be tied to the business owner.
I have a weakness for movies that are so bad that they become unintentionally funny. The master of the genre is of course Edward D. Wood, Jr. who spend his entirely life making a long line of absolutely brilliantly poor movies.
One movie however stands out as so poor that it makes Ed Wood look extremely talented and that is Manos: The Hands of Fate.
Some highlights from the reviews around the web:
Some films are so bad, they’re good. Meaning “fun” or “entertaining” or at least “interesting”… But few films can claim to be so dreadful, you actually feel physical pain while viewing them. So bad are these damned few that you don’t experience them or watch them: you “endure” them. This is the mother of all such films!
“Manos the hands of fate” is without a doubt the most inept and atrociously awful film ever made. Its poorness is so extreme that of itself it is the film’s strongest selling emphasis. The script is non-existent, the acting makes Steven Seagal look like a member of the Royal Shakespeare Company and the editing could have less horrendously botched by a blind Eskimo with no arms. It is also painfully slow. this film makes its approximately 70 minute running time and make you feel like you’ve aged ten years. That’s what makes a film truly bad: the fact that despite its overbearing weaknesses it isn’t even entertaining!
The story…well, I guess it’s supposed to be one of those “innocents get lost and stumble upon supernatural evil” deals. Actually, it’s more like an “irritating family gets lost and stumbles upon a group of vague cultists and their creepy hired hand Torgo” deal.
There’s much more, of course, but “Manos” is like a train wreck, or a natural disaster: I could describe it to you, but you’d never understand the full level of horror unless you witness it for yourself. So go ahead, watch it, I dare you. At least you can take comfort in the knowledge that, after you’ve seen it, nothing else you watch will be quite so bad.
After seeing this movie I ran through the house screaming at the top of my lungs for several hours pausing occasionally only to bang my head repeatedly on the floor. And that was the MST3K version!! Imagine seeing this movie pure and undiluted! It’s too horrible to conceive!
And here it is – the pure and undiluted horror that is Manos: