Take advantage of the US Dollar Index for Binary Options!

TokenClub Bi-Weekly Report — Issue 114(5.4–5.17)

TokenClub Bi-Weekly Report — Issue 114(5.4–5.17)

https://preview.redd.it/kkhj7agzz5251.png?width=875&format=png&auto=webp&s=f47007e7923d8f40d98e3ba7d08a31c3729a0bd3
Hello everyone, thank you for your continued interest and support. In the past two weeks, various tasks of TokenClub have been progressing steadily. The product development and community operation progress this week are as follows:
1. TokenClub Events
1)TokenClub & 499Block reached strategic cooperation in live broadcasting
On May 28th, TokenClub and 499Block reached a strategic cooperation to jointly build a live broadcast ecosystem in the vertical field of blockchain.
2)520e events
When 520 comes, TokenClub launches live interactive interaction. During the event, participate in interactive questions in the live broadcast room or forward the live poster to Twitter and the telegram group, and upload a screenshot to have the opportunity to extract 520, 1314 red envelope rewards

https://preview.redd.it/apyee28406251.png?width=1080&format=png&auto=webp&s=9c9798db931ad6611d6c258907120610ae11ff11

3)Text version of live content is abailable on Medium
In order to better understand the live broadcast of TokenClub by overseas communities, we translated the live broadcast content into English and uploaded it to TokenClub’s Medium official account, so that the community’s small partners can view it.


https://preview.redd.it/hhmu3pl506251.png?width=1080&format=png&auto=webp&s=fae9d42dcdee9d079219d1ffe612fc573bad01e8
4)Preview: TokenClub’s self-media grandma is invited to participate in the golden financial theme live event
From May 29th to June 4th, Golden Finance will hold a five-day live broadcast of the theme of “Finding Double Coins”. Grandpa Coin will express his views on June 3, welcome to pay attention.

2.TokenClub Live
1) Summary
Recently, Binance Co-founder He Yi, TRON founder Sun Yuchen, Hobbit HBTC founder Ju Jianhua, OSL chairman Dave, BlockVC founding partner Xu Yingkai, Outlier Ventures founder amie Burke, Bitribe founder SKY, CryptoBriefing CEO Han Kao , Huarai Group / Vice President, Global Market and Business Leader Ciara, Guosheng Securities Blockchain Research Institute Sun Shuang, Tongtongtong Research Institute CEO Song Shuangjie, Jin Tiancheng Law Firm Senior Partner Yu Bingguang, Binance China Jiang Jinze, principal researcher of Blockchain Research Institute, Meng Yan, vice president of Digital Asset Research Institute, co-founder of Primitive Ventures & director of Coindesk advisory board-Dovey Wan, founding partner of Genesis Capital & co-founder of Kushen Wallet Ocean Liao Yangyang, Binance C2C-Kathy, Binance OTC-Coco, Binance Contract & Options-Justin, Binance VIP-Jennifer, Binance Broker-Jess, Binance Mining Pool-Denny, Harbin Institute of Technology Blockchain Research Executive Deputy Director Xu Zhifeng, dForce founder Yang Mindao, Mars Finance co-founder Shang Silin, Cobo & Yuchi co-founder Shenyu, well-known investor Xu Zhe, CasperLabs CEO Mrinal Manohar, CasperLabs co-founder Scott Walker, Chairman of Rock Tree Omer Ozden, Nova Club incubation team leader & Waterdrop Capital partner Zheng Yushan, Rolling Stone miner founder Alex Lam, BitUniverse coin founder Chen Yong, Odaily Planet Daily founder and CEO Mandy Wang Mengdie, Binance stablecoin BUSD project responsible Helen Tu and senior expert of TokenClub blockchain and cryptocurrency investment strategy-Zao Shen talks with you about blockchain things ~
On May 18, Block 101 Binance Key Account Manager Luna talked to Primitive Ventures co-founder, non-profit bitcoin development fund Hardcore Fund executive director, and Coindesk advisory board director-Dovey Wan, to understand “C and C How is the Goddess of Crypto Assets made? “Dovey Wan shared with us on asset allocation, investment judgment, entrepreneurship, DCEP, etc.


https://preview.redd.it/0dsry36906251.png?width=1080&format=png&auto=webp&s=a7f6f4b852547d2e43114f81a981f7aa6ea10f61
On May 19, Block 101 Yingge talked with Sun Zeyu, the founding partner of Genesis Capital and co-founder of Kushen Wallet, to share the theme of “Blockchain Investment Experience”. This investor, who is rated as “reliable” by insiders, recommends that novices try not to touch contracts, do not stay overnight even when making contracts, be alert to risks, refuse gambling, and rationally analyze investments.

On May 20th, 499Block ’s two-year birthday carnival “Global Hot Chain, Keeping Together for Every Year” celebration was held in the TokenClub Live Room. The cross-border AMA Solitaire + popular day group anchor live video sharing, including Binance Co-founder He Yi, TRON founder Sun Yuchen, Hobbit HBTC founder Ju Jianhua, OSL chairman Dave, BlockVC founding partner Xu Yingkai, Outlier Ventures founder amie Burke, Bitribe founder SKY, CryptoBriefing CEO Han Kao, Huobi Group / Vice President Global Markets and Dozens of blockchain leaders from home and abroad, such as Ciara, the business leader, all appeared on the scene, and 499Block became a popular beauty angel group to help the interactive host.


https://preview.redd.it/ga6ey51b06251.png?width=1280&format=png&auto=webp&s=d94cc1a03640538ec1e99443c8cbb7a5e77596de
On May 20, Sun Shuang, senior researcher of Guosheng Securities Blockchain Research Institute, Song Shuangjie, Jin Tong, CEO of Tongzhengtong Research Institute were jointly invited by Lingang Xinyefang, Lingang Innovation Management School, and Binance China Blockchain Research Institute. Tian Bingguang Senior Partner Yu Bingguang, Binance China Blockchain Research Institute Chief Researcher Jiang Jinze, Vice President of Digital Assets Research Institute Meng Yan, and many experts talked about the “Critical Digital RMB DCEP” in the live broadcast, one A feast of intertwined thoughts is worth watching again!

On May 21st, Ocean Liao Yangyang, the founder of Block 101 Seven Seven Dialogue Force Field, focused on the “big enlightenment era of digital assets”, Ocean shared with us his entrepreneurial experience, the first pot of gold, public chain, currency circle and Analysis of the current market. Regarding the future of Bitcoin, Ocean feels that he can work hard towards the direction of digital gold and become a substitute or supplement for gold. He is determined to see more, because the ceiling of the entire industry is very high, and he still cannot see its end point. The index level is rising, far from being over.

On May 22, “In the name of the Pizza Festival, we came to a different live broadcast” Bringing Goods “”, which was organized by the girls in the 101-day group of the block: June 6, July 7, Sisi, Yingge, Qianjiangyue , Dialogue: Binance First Sister, Binance C2C-Kathy, Binance OTC-Coco, Binance Contract & Options-Justin, Binance VIP-Jennifer, Binance Broker-Jess, Binance Mining Pool-Denny. We have explained to us one by one about C2C, OTC, contract options, etc. If you are interested, please move to the live room.


https://preview.redd.it/a9am0j5e06251.png?width=1080&format=png&auto=webp&s=7f8d0e80492027a000d4e719ec727b56cc27d94f
On May 22, Block 101 Sisi Dialogue Xu Zhifeng, executive deputy director of the Blockchain Research Center of Harbin Institute of Technology, shared the theme: “Strategy of Great Powers: Seizing New Highlands of Blockchain Technology”. He expressed his views on his own currency circle experience, entrepreneurship, blockchain technology, DECP, etc. Xu Zhifeng is very optimistic about the future development of blockchain. He said: “Ten years later, blockchain will become a very common industry. We are the Internet industry and have never changed.”

On May 23, the old Chinese doctor Zao Shen from the coin circle went online ~ The theme of this issue: If you want to be short, you must be able to sing first, and if you want to be long, you must be patient. If the meal is not fragrant, the game is not good, and the happiness of the past has drifted into the distance, just because the daily reading is still a loss, and the head is hurt. Don’t panic, the old Chinese doctor Zao Shen of the currency circle will adopt the Trinity Interventional Therapy and precise care to regenerate life. Don’t move quickly to the live room to see what “therapy” is.

On May 25, Block 101, July 7th conversation with dForce founder Yang Mindao, talked about “DeFi opportunities and challenges.” Yang Mindao believes that the four biggest benefits of DeFi are: programmability; non-custodial nature; non-licensing; composability. He believes that the current public chain market is seriously homogenized, and the most promising public chain is Ethereum. Ethereum is the best and largest in terms of developer group, ecology, and technological evolution, and can absorb the advantages of each public chain. At the same time, he is also extremely optimistic about DeFi, “DeFi application value is gradually verified, and the value of this type of token will gradually become more prominent.”

On May 26th, Mars Finance co-founder Shang Silin Hardcore Dialogue Cobo & Yuchi co-founder Shenyu and well-known investor Xu Zhe. The trend of “financialization” in the digital asset industry is becoming more and more obvious, and the friends of miners need to master more and more skills. Unveiling the mystery of hedging for everyone.

On May 26th, Nova Superstar Dialogue Phase 13 focused on the Silicon Valley star project CasperLabs, specially invited CasperLabs CEO Mrinal Manohar, CasperLabs co-founder Scott Walker, Rock Tree chairman Omer Ozden, and Nova Club incubation team leader Water Capital Partners Zheng Yushan, discuss CasperLbs together.
On May 26, Block 101 Sisi talked with the founder of the Rolling Stone Miner, Alex Lam, and took us into the “post-worker life” of a PhD in finance. Alex shared the reasons for entering the coin circle, the first pot of gold, mining, pitted pits, investment experience and opportunities in the digital currency industry. Alex said: Bitcoin exceeds US $ 100,000, and it will be in the second half of next year or the year after.
On May 27th, Block 101 Yingge talked with BitUniverse founder Chen Yong and shared the theme: “Who” needs grid trading. Chen Yong mainly introduced the currency trading tool of Bitcoin. In his view, grid trading has changed an investor’s concept-from stud into a batch of positions and positions. Regarding the price of Bitcoin, Chen Yong believes that the price of Bitcoin may reach one hundred thousand dollars around 2030.

On May 28, Block 101 Binance Mining Pool Wu Di talked to Mandai Wang Mengdie, founder of Planet Daily Odaily, to learn more about the process of “media entrepreneurs marching into the blockchain from venture capital circles”. Mandy believes that the core competence in the media industry is high-quality original content, which is the most basic but difficult to stick to. The initial focus of entering the mixed media industry of the dragon and dragon is to focus and amplify value.

On May 29th, Block 101 Qianjiangyue Dialogue Hellen Tu, the project leader of Binance Stablecoin BUSD project, talked with everyone about the stablecoin “Life and Death”, Hellen shared the stablecoin in detail, and published his own the opinion of. For details, please move to the live room.

On May 30th, Zaoshen came to share the theme: Dongfeng blowing, bullets flying, unlimited chase? In this issue, Zao Shen shared with you the recent international financial situation and various major events in the United States in the past week, which extended to the impact on the currency circle and answered various questions about investment strategies. Friends who want to know more details can move to the live room of Zao Shen.
3.TokenClub operation data
-Live data: 13 live broadcasts in the past two weeks, with over 800,000 views. TokenClub hosted a total of 870 live broadcasts with a total of 45.06 million views.
-Binary trade data: In the past two weeks, guess the rise and fall to participate in a total of 1268 times, the amount of participation exceeded 2 million TCT. At present, it is guessed that the rise and fall function has participated in a total of 1.11 million times, with a cumulative participation amount of 498 million TCT.
-Chat data: In the past two weeks, a total of 19271 messages have been generated. A total of 4.85 milliom messages have been launched since the function was launched.
-Mini-game data: The mini-game has participated in a total of 4212 times in the past two weeks. A total of 1,66 million self-functions have been online.
-Cut leeks game data together: Since the game was launched, the total number of user participation in the game was 962612 TCT total consumption was 6,27 million gift certificate total consumption was 15,95million and TCT mining output was 161496.
-TokenClub KOL data: Over the past two weeks, the total reading volume of the BTCGrandpa article has been viewed by more than 300,000 people.
-Social media data: At present, the number of Weibo official accounts is 18033 and the number of Twitter followers is 1332 and we have opened the official Medium account this week, welcome to follow.
-Telegram official group data: In the past 2 weeks, there were 238 chats in the group, and the total number of Telegram official groups is currently 2906.
-Medium data: Medium official account u/TokenClub has published 5 excellent articles, official announcements and updates are published in English, welcome to follow.
4.Communities
1)Overseas Community
TokenClub held an event for forwarding Twitter and telegram group chats for overseas users. Bitcoin halved in less than two weeks, overseas users are more active in the telegram group, and some friends are more concerned about Binance Block 101 live broadcast, aggregation exchange, TCT usage and other issues, the administrator responded in time.On May 12th, when Bitcoin was halved, TokenClub organized a forwarding Twitter, telegram group chat prize event and participating in a live question asking interactive prize event for overseas users. There are many live broadcast events in the near future. The live broadcast poster information will be released to overseas users as soon as possible. The follow-up TokenClub will translate and broadcast high-quality live broadcast content to Twitter and Medium. Bitcoin halved, overseas users are more active in the telegram group, and some partners are more concerned about block 101 live broadcast, bitcoin future price trend, TCT usage and other issues, the administrator responded in time in the group.


https://preview.redd.it/2nrknnyo06251.png?width=1080&format=png&auto=webp&s=fb98b385c0caf7e65c7b3b2bb1edd782ec126905
2)Domestic community
Sweet Orange Club Weekly News
Last Friday, a holiday, the community opened the red envelope rain event, and brought a sincere gift to everyone while relaxing in the holiday. At the same time, it also sent the most sincere blessings to all mothers in the community on Mother’s Day. Thank you for your long-term support and help to the Orange Club community.

Hundred-day scheduled investment event (Phase II)
The fourth week of the second 100-day fixed investment plan held this week has been awarded, and everyone is still very active in this event. This week, the Bitcoin halving market was also opened in advance. The small partners participating in the fixed investment should now have a certain floating win, so we adopt the correct cycle investment strategy to believe that it can bring unexpected benefits to everyone.
Sign in the lottery.
On the evening of May 3rd and May 10th, TCT Fortune Free Academy carried out the 51st and 52nd week sign-in sweepstakes, and rewarded the small TCT partners who had always insisted on signing in. In these two sign-in sweepstakes, the lucky friends received 20–180TCT as a reward. In addition, during the lucky draw, the college friends also actively expressed their opinions on the topic of this year’s bull market.

The Leek Paradise Community Conference will continue as usual every Sunday at 20:00. During the conference, members will discuss recent hot topics, including gifts and blessings for Mother ’s Day, and the halving of Bitcoin everyone is paying attention to. At the end, the friends in the group also showed a rare enthusiasm at the first sight. It seems that the market still affects the mood. The members routinely started a red envelope rain to cheer for the participating partners and encourage everyone to maintain patience and confidence. Of course, at the same time, we are encouraging ourselves to see the community meeting next week. Come on!

TokenClub volunteer community, sign in red envelopes every day, as long as you sign in every day, you can get good benefits, friends join us quickly! In the past two weeks, the community has conducted active partners.
Volunteer community: Change to the currency circle consultation and pass the analysis of Grandma Coin and Panda analysts, support TokenClub in action, and continue to vote for TCT. In the last month, we have worked hard to learn the rain god’s strategy. We have doubled the coins in our hands. The community WeChat group has recently injected fresh students. We look forward to more people joining! Volunteer community, will continue to work hard for TokenClub
TCT has been listed on Binance、Okex、Gate.io、ZB-M、MXC、Biki、Coinex、BigOne、Coinbene、Cybex、SWFT、Loopring、Rootrex etc.
TokenClub website: www.tokenclub.com
Telegram:https://t.me/token\_club
submitted by tokenclubtct to u/tokenclubtct [link] [comments]

[LONG] My Story of Disillusionment with and Disappointment in the World and Myself

Intro.
This might be a long one. I hope someone reads the thing, I put like 3 hours into writing it. A brief story of my life and how it all led up to this moment, where I am disillusioned with my self-image, my life choices, and certain aspects of the world, and have no idea what to do next. Warning: this whole thing might be a little depressing to read.
Childhood.
I am a 20yo Russian male. During my childhood, I was made to believe that I am capable of doing something great and doing better than anyone. At the same time I developed a very non-conformist life stance and very often rejected things and ideas simply because they were too popular for my taste, and I couldn't feel special whilst enjoying them. Of course, in turn, society rejected me, as it does with anyone who doesn't play by the rules. Oh well.
My only redeeming quality was that I considered myself pretty smart. Which is even easier to assume, when at the same time you think that you're different from everyone else. Now, I know that to some extent, I was indeed smarter than most people in certain areas. Unlike most people I knew back then, often with bare minimum efforts I was able to maintain near perfect grades at school. I was also enjoying learning new things and reading more than an average person. So, let's just say, I had a basis to assume I was a smart dude.
I wasn't happy and content with my life, though. I never had real friends, because I only hung out with people when they were my classmates/roommates/co-workers, and after we parted ways, I rarely if ever contacted them afterwards. I always enjoyed doing things you usually do in solitude more, because when I was alone, I wouldn't be afraid that someone could hurt me for being different. Because of that, I was never in a romantic relationship.
High School.
Still, life was going okay. By the end of school, I kind of accepted my social deficiency and I wanted to focus on improving the world and become a successful person - for myself. I was facing a dilemma, though. Despite the fact that I was doing great in school, the idea of having to invest four years of my time into studying something really specific, and then having to work another 20-30 years on the same job was terrifying, because I had no idea what I liked to do! Nothing seemed interesting to me, I didn't have a passion for doing anything... Thanks to my video game addiction, which made me lazy as fuck, probably. I also needed to meet my criteria for success with my future job, which included being financially successful. I grew up in top 1% income family, so... I always felt the pressure to outperform or at least match my parents' income.
Enter trading. My dad discovered investing several years ago (we don't live in US, so most of the people aren't as financially savvy, so he never thought about investing before then). I was always curious about financial independence and markets, but now I was seeing it all done in front of me, I realized that it might be a good opportunity to make a lot of money and become successful without being socially adept, which is something absolutely required in business or politics. So, I asked my father to open a brokerage account for me in the US, and started swing trading (trading in weekly/monthly time frames). I could only trade slow and small because of the trade restrictions put on accounts <$25k and <21yo in the US. Still, it was going well, but in hindsight I was just lucky to be there during a great bull market.
Even before I thought trading and more importantly investing were the ways smart people make money. I thought simply because I was conventionally smart, I had a talent or an innate ability to pick innovative stocks and do venture investing when I grow some capital. I truly believed in that long before I was introduced to financial markets, I believed that my surface level understanding of multiple areas of cutting edge and emerging technology would give me an edge compared to all the other investors.
US Community College and Return Back.
In the end, I've decided I want to go to a US community college and study finance and become a trader and later an investor, but I didn't want to work for a fund or something like that (lazy ass). I wanted to use my knowledge and skill and my own money to grow my net worth and make a living. I didn't really like the process of trading, I just needed the money to live by while I was trying to figure out what else to do with my life. Because I thought I were smart, I thought this would come easily to me. Boy was I wrong. From the nicest of conditions in my hometown, I was suddenly moved into a foreign setting, on the other side of the planet away form my family and mates, with a video game addiction and laziness that ruined my daily routine and studying as well. The fact that I didn't like my major was not helping. My grades fell from A- in the first quarter to C+ in the last. I gained +30% from my normal weight. I was stressed out, not going outside and sitting at my computer desk for days at a time, skipping all the classes I could if they were not absolutely essential for my grades, living on prepared foods. I never got out of my shell and barely talked to anyone in English, all of my friends were Russian speaking. I wasted an opportunity to improve my speaking, although aside from that my English skills satisfy me.
By the end of community college, last summer, I was left with B grades that wouldn't let me transfer anywhere decent, and the extreme stress that I put myself through started taking a toll on my mental health. I was planning to take a break and go back to Russia for several months, and transfer back to a US uni this winter. Needless to say, you can't run from yourself. It didn't really become much better after a few months in Russia. I didn't want to study finance anymore, because it was boring and I was exhausted. I still had the video game addiction, still was lazy and gained some more extra pounds of weight. I was not sleeping at all, extremely sleep deprived for months. Because of this and lack of mental stimulation I started to become dumber. And all that was happening where I didn't really have to do anything: not study or work, just sit around the house and do whatever I wanted. Turns out, these conditions didn't help me to get out of the incoming depression.
Finally, around November, when I already sent out all of my transfer applications and already got some positive answers from several universities, I knew I didn't have much time left at home, and I had to leave soon. But I really, really didn't want to go back. It was scarier than the first time. I was afraid of new changes, I just wanted for the time to stop and letting me relax, heal... I was having suicidal thoughts and talked about it with my family and my therapist. They were all supportive and helped me as much as they could. But I was the only person who could really help myself. If I wanted to breathe freely, I had to admit defeat and not go back to the US to continue my education. It was extremely hard at first, but then I just let go. I decided to find a temporary job as an English tutor and give myself time to think. Then I remembered that I had a bunch of money in my trading account. I still thought that I was pretty smart, despite failing college, so I figured, why not try move it to Russian brokers who don't have trading restrictions, and do it full time? Which is exactly what I did. And I started to study trading all by myself at a fast pace. I was now trading full time and it was going sideways: +10% in December, -20% in January. Then, something incredible happened. I was already in a shitty place in life, but I still had some hope for my future. Things were about to get much worse. I'm in the late January, and I discovered for myself that the whole financial industry of the world was a fraud.
Brief Explanation of My Discoveries.
In the image of the financial industry, there are several levels of perceived credibility.
In the bottom tier, there is pure gambling. In my country, there were periods when binary options trading and unreliable Forex brokers were popular among common folk, but these were obvious and unsophisticated fraudsters who were one step away from being prosecuted. There are also cryptocurrencies that don't hold any value and are also used only for speculation/redistribution of wealth. There is also a wonderful gambling subreddit wallstreetbets where most users don't even try to hide the fact that what they are doing is pure gambling. I love it. But the thing is, this is trading/investing for the people who have no idea what it is, and most people discredit it as a fraud, which it, indeed, is. These examples are 99% marketing/public image and 1% finance. But these offer x10-1000 returns in the shortest time span. Typical get-rich-quick schemes, but they attract attention.
Then, there is trading tier. You can have multiple sub levels here, in the bottom of this tier we would probably have complex technical analysis (indicators) and daily trading/scalping. I was doing this in the DecembeJanuary. At the top would be people who do fundamental analysis (study financial reports) and position trade (monthly time frames). Now, there is constant debate in the trading community whether technical analysis or fundamental analysis is better. I have a solid answer to the question. They work in the same way. Or rather, they don't work at all.
You'd ask: "Why you didn't discover this earlier? You were in this financial thing for several years now!" Well, you see, unlike on the previous level, here millions of people say that they actually believe trading works and there is a way to use the available tools to have great returns. Some of these people actually know that trading doesn't work, but they benefit from other traders believing in it, because they can sell them courses or take brokerage fees from them. Still, when there are millions around you telling you that it works, even a non-conformist like me would budge. Not that many people actually participate in the markets, so I thought that by being in this minority made me smart and protected from fraudsters. Lol. All it took for me to discover the truth is to accidentally discover that some technical indicators give random results, do a few google searches, reach some scientific studies which are freely available and prove that technical and fundamental analysis don't work. It was always in front of me, but the fucking trading community plugged my ears and closed my eyes shut so I wasn't able to see it. Trading usually promises 3-15% gain a month.
A huge shock, but surely there was still a way for me to work this out? Active investing it is!
The next level, active investing, is different from trading. You aim for 15-50% yearly returns, but you don't have to do as much work. You hold on to stocks of your choice for years at a time, once in a while you study the markets, re balance your portfolio, etc. Or you invest your money in a fund, that will select the stocks of their choice and manage their and your portfolio for you. For a small fee of course. All of these actions are aimed at trying to outperform the gain the market made as a whole, and so called index funds, which invest in basically everything and follow the market returns - about 7-10% a year. And if I ever had any doubts in trading, I firmly believed that active investing works since I was a little kid (yes I knew about it back then). And this is where the real fraud comes in.
The whole Wall Street and every broker, every stock exchange in the world are a part of a big fraud. Only about 10-20% of professional fund managers outperform the market in any 15 year period. If you take 30 years, this dwindles to almost nothing, which means that no one can predict the markets. These people have no idea what they are doing. Jim Cramer is pure show-business and has no idea what's going on. Warren Buffet gained his fortune with pure luck, and for every Buffet there are some people who made only a million bucks and countless folks who lost everything.
Wall Street. They have trillions of dollars and use all that money and power and marketing to convince you that there is a way to predict where the stocks are going without being a legal insider or somehow abusing the law. They will make you think you can somehow learn from them where to invest your money on your own or they will make you believe that you should just give it to them and they will manage it for you, because they know how everything works and they can predict the future using past data.
They won't. They don't. They can't. There are studies and statistics to prove it countless times over the span of a 100 years. But they will still charge you exchange fees, brokerage fees and management fees anyway. And they also manipulate certain studies, lobby where and when they need it, and spread misinformation on an unprecedented scale, creating a positive image of themselves. And everyone falls for that. Billions of people around the globe still think it's all legit.
Passive index investing is the last level. You just put your money in the market and wait. Markets will go up at a predetermined rate. If there's a crisis, in 10 years no one will even remember. Markets always go up in the end. But passive index investing can only give you only 7% inflation-adjusted returns a year. Not enough to stop working or even retire early, unless you have a high-paying job in a first-world country. I don't.
Despite all that, to put it simply, this is the only type of investing that works and doesn't involve any kind of fraud or gambling. It's the type of investing that will give you the most money. If you want to know why it is like that and how to do it, just go to financialindependence. They know this stuff better than any other sub. Better than investing, trading or any other sub where non-passive-index investing is still discussed as viable strategy.
Back to me.
My whole being was fucked over, my hopes and dreams and understanding of success and how this world works were shattered. I realized, I had no future in financial industry, because only middlemen make money in there, and I quit college needed to get there. Frankly, I wouldn't want to work there even if I had the opportunity. The pay is good, but the job is boring and I wouldn't want to be a part of this giant scheme anyway. But even if I wanted to go back, I also couldn't. Russia is in a worsening crisis and my parents could no longer afford a US university and now with coronavirus it's even worse. Good thing I quit before it all happened. I learned a valuable lesson and didn't lose that much money for it (only about 10% of my savings). God knows where it would lead me if I continued to be delusional. But now that my last temporary plans for the future were scrapped, I had no idea what to do next.
The future.
With the reality hitting me, I would lie if I say it didn't all come full circle and connect to my past. I realized that I was stupid and not intelligent, because I was living in a made-up world for years now. But even if I were intelligent, pure wit would not give me the success and fortune that I was craving, because trading and active investing were a no-go for me, and business/politics require a very different, extroverted mindset, different education and interest from my own. My only redeeming quality in a hopeless introvert world, my perceived intelligence was taken away from me and rendered useless at the same time.
Besides, failing at that one thing made me insecure about everything and now I think of myself as an average individual. So, if 8 out of 10 businesses fail, I shouldn't start one because I will probably fail. And if most politicians don't get anywhere, why should I bother? If average salary in my country is X, I shouldn't hope for more. I stopped believing in my ability to achieve something. First, I failed at education and now I failed... Professionally? I don't know how to describe it, but my life recently was just an emotional roller coaster. I just feel like a very old person and all I want calmness and stability in my life. I was very lazy before just because, but now I feel like I also don't want to do anything because I feel I would just fail. It feels better now I don't have to worry about trading anymore and I got rid of that load... But I am still miserable and perhaps worse than ever, maybe I just don't understand and feel it because I've become slow and numb. The only positive thing that happened to me recently, is that I finally started losing weight and about 1/4 of the way back to my normal weight.
As for my future, am looking at several possibilities here. So far the parents are allowing my miserable life to continue and they let me live with them and buy me food. I don't need anything else right now. But it can't go on like this forever. The thought of having a mundane low-paying job in this shithole of a country depresses me. I will probably temporarily do English tutoring if there's demand for such work. My old school friends want me to help them in their business and my dad wants me to help him in his, I and probably should, but I feel useless, pathetic and incapable of doing anything of value. And business just seems boring, difficult and too stressful for me right now. Just not my cup of tea.
I am also looking at creative work. I love video games, music, films and other forms of art. I love the games most though, so I am looking into game dev. I don't really like programming, I have learned some during school years, but the pay would probably be higher for a programmer than an creator of any kind of art. However, I think I would enjoy art creation much more, but I don't have any experience in drawing and only some limited experience in music production. And I am not one of these kids who always had a scrapbook with them at school. Having to make another life choice paralyzes me. I am leaning towards art. I don't feel confident in my ability to learn this skill from scratch, but I think it's my best shot at finding a job that would make me happy.
So perhaps, when this whole pandemic is over, I'll go to Europe and get my degree, get a job there and stay. American Dream is dead to me, and Europe is cheaper, closer, safe and comfortable. Just the thing for a person who feels like they are thrice their real age.
Outro.
Thanks for coming to my TED Talk. Special thanks if you read the whole thing, it means a whole lot to me, an internet stranger. But even if no one reads it, feels good to get this off my chest. I actually cried during writing some parts. Holy shit, this might be the longest and smartest looking thing my dumbed down head could manage to generate since college. I hope that you're having a great day. Stay healthy and be careful during this fucking pandemic. All the best.
submitted by OberV0lt to TrueOffMyChest [link] [comments]

Vault 7 - CIA Hacking Tools Revealed

Vault 7 - CIA Hacking Tools Revealed
March 07, 2017
from Wikileaks Website


https://preview.redd.it/9ufj63xnfdb41.jpg?width=500&format=pjpg&auto=webp&s=46bbc937f4f060bad1eaac3e0dce732e3d8346ee

Press Release
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency.
Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence (below image) in Langley, Virgina.
It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including,
  1. malware
  2. viruses
  3. trojans
  4. weaponized "zero day" exploits
  5. malware remote control systems

...and associated documentation.
This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.
The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include,

  1. Apple's iPhone
  2. Google's Android
  3. Microsoft's Windows
  4. Samsung TVs,

...which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA).
The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers.
The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI - below image), had over 5000 registered users and had produced more than a thousand,
hacking systems trojans viruses,
...and other "weaponized" malware.


https://preview.redd.it/3jsojkqxfdb41.jpg?width=366&format=pjpg&auto=webp&s=e92eafbb113ab3e972045cc242dde0f0dd511e96

Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more codes than those used to run Facebook.
The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.
The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that,
"There is an extreme proliferation risk in the development of cyber 'weapons'.
Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade.
But the significance of 'Year Zero' goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."

Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

Wikileaks has also decided to Redact (see far below) and Anonymize some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout,
Latin America Europe the United States

While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero") already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Analysis

CIA malware targets iPhone, Android, smart TVs
CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA's DDI (Directorate for Digital Innovation).
The DDI is one of the five major directorates of the CIA (see above image of the CIA for more details).
The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.
The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell's 1984, but "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom's MI5/BTSS.
After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone.
Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.
CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop.
The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
A similar unit targets Google's Android which is used to run the majority of the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year.
"Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
These techniques permit the CIA to bypass the encryption of, WhatsApp
  1. Signal
  2. Telegram
  3. Wiebo
  4. Confide
  5. Cloackman
...by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
CIA malware targets Windows, OSx, Linux, routers
The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.
This includes multiple local and remote weaponized "zero days", air gap jumping viruses such as "Hammer Drill" which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ("Brutal Kangaroo") and to keep its malware infestations going.
Many of these infection efforts are pulled together by the CIA's Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as "Assassin" and "Medusa".
Attacks against Internet infrastructure and webservers are developed by the CIA's Network Devices Branch (NDB).
The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB's "HIVE" and the related "Cutthroat" and "Swindle" tools, which are described in the examples section far below.
CIA 'hoarded' vulnerabilities ("zero days")
In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis - rather than hoard - serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers.
Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability.
If the CIA can discover such vulnerabilities so can others.
The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities.
The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.
"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts.
The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability.
As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers.
By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone at the expense of leaving everyone hackable.
'Cyberwar' programs are a serious proliferation risk
Cyber 'weapons' are not possible to keep under effective control.
While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber 'weapons', once developed, are very hard to retain.
Cyber 'weapons' are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.
Securing such 'weapons' is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces - sometimes by using the very same 'weapons' against the organizations that contain them.
There are substantial price incentives for government hackers and consultants to obtain copies since there is a global "vulnerability market" that will pay hundreds of thousands to millions of dollars for copies of such 'weapons'.
Similarly, contractors and companies who obtain such 'weapons' sometimes use them for their own purposes, obtaining advantage over their competitors in selling 'hacking' services.
Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booz Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.
A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.
Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information.
The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.
U.S. Consulate in Frankfurt is a covert CIA hacker base
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate ("Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover.
The instructions for incoming CIA hackers make Germany's counter-intelligence efforts appear inconsequential: "Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport" Your Cover Story (for this trip) Q: Why are you here? A: Supporting technical consultations at the Consulate. Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.
Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area - including France, Italy and Switzerland.
A number of the CIA's electronic attack methods are designed for physical proximity.
These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace.
The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media.
For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use.
To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos).
But while the decoy application is on the screen, the underlying system is automatically infected and ransacked.
How the CIA dramatically increased proliferation risks
In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7", the CIA's, weaponized malware (implants + zero days) Listening Posts (LP) Command and Control (C2) systems, ...the agency has little legal recourse.
The CIA made these systems unclassified.
Why the CIA chose to make its cyber-arsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'.
To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet.
If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet.
Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution.
This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.
Conventional weapons such as missiles may be fired at the enemy (i.e. into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts.
Ordnance will likely explode. If it does not, that is not the operator's intent.
Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams.
For instance, attempted "malware injections" (commercial jargon) or "implant drops" (NSA jargon) are being called "fires" as if a weapon was being fired.
However the analogy is questionable.
Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its 'target'. CIA malware does not "explode on impact" but rather permanently infests its target. In order to infect target's device, copies of the malware must be placed on the target's devices, giving physical possession of the malware to the target.
To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers.
But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.
A successful 'attack' on a target's computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization's leadership rather than the firing of a weapons system.
If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target's territory including observation, infiltration, occupation and exploitation.
Evading forensics and anti-virus
A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as, Apple
  1. Microsoft
  2. Google
  3. Samsung
  4. Nokia
  5. Blackberry
  6. Siemens
  7. anti-virus companies,
...attribute and defend against attacks.
"Tradecraft DO's and DON'Ts" contains CIA rules on how its malware should be written to avoid fingerprints implicating the "CIA, US government, or its witting partner companies" in "forensic review".
Similar secret standards cover the, use of encryption to hide CIA hacker and malware communication (pdf) describing targets & exfiltrated data (pdf) executing payloads (pdf) persisting (pdf), ...in the target's machines over time.
CIA hackers developed successful attacks against most well known anti-virus programs.
These are documented in, AV defeats Personal Security Products Detecting and defeating PSPs PSP/DebuggeRE Avoidance For example, Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin". While Comodo 6.x has a "Gaping Hole of DOOM".
CIA hackers discussed what the NSA's "Equation Group" hackers did wrong and how the CIA's malware makers could avoid similar exposure.

Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.
The majority of these projects relate to tools that are used for,
penetration infestation ("implanting") control exfiltration
Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants.
Special projects are used to target specific hardware from routers to smart TVs.
Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks' "Year Zero".
UMBRAGE
The CIA's hand crafted hacking techniques pose a problem for the agency.
Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible.
As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover,
keyloggers
  1. password collection
  2. webcam capture
  3. data destruction
  4. persistence
  5. privilege escalation
  6. stealth
  7. anti-virus (PSP) avoidance
  8. survey techniques

Fine Dining
Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out.
The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations.
The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff.
The OSB functions as the interface between CIA operational staff and the relevant technical support staff.
Among the list of possible targets of the collection are,
  • 'Asset'
  • 'Liason Asset'
  • 'System Administrator'
  • 'Foreign Information Operations'
  • 'Foreign Intelligence Agencies'
  • 'Foreign Government Entities'
Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types.
The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained.
This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.
Improvise (JQJIMPROVISE)
  1. 'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector
  2. selection for survey/exfiltration tools supporting all major operating systems like,
  3. Windows (Bartender)
  4. MacOS (JukeBox)
  5. Linux (DanceFloor)
  6. Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools
based on requirements from 'Fine Dining' questionnaires.
HIVE
HIVE is a multi-platform CIA malware suite and its associated control software.
The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.
The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.
Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider.
The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients.
It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant.
If a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.
The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.
Similar functionality (though limited to Windows) is provided by the RickBobby project.
See the classified user and developer guides for HIVE.

Frequently Asked Questions

Why now?
WikiLeaks published as soon as its verification and analysis were ready. In February the Trump administration has issued an Executive Order calling for a "Cyberwar" review to be prepared within 30 days.
While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.
Redactions
Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete. Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
Archive attachments (zip, tar.gz, ...), are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
Attachments with other binary content, are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
Tens of thousands of routable IP addresses references, (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
Binary files of non-public origin, are only available as dumps to prevent accidental invocation of CIA malware infected binaries.
Organizational Chart
The organizational chart (far above image) corresponds to the material published by WikiLeaks so far.
Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far.
It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.
Wiki pages
"Year Zero" contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian.
Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.
The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).
What time period is covered?
The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first).
WikiLeaks has obtained the CIA's creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order.
If it is critical to know the exact time/date contact WikiLeaks.
What is "Vault 7"
"Vault 7" is a substantial collection of material about CIA activities obtained by WikiLeaks.
When was each part of "Vault 7" obtained?
Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.
Is each part of "Vault 7" from a different source?
Details on the other parts will be available at the time of publication.
What is the total size of "Vault 7"?
The series is the largest intelligence publication in history.
How did WikiLeaks obtain each part of "Vault 7"?
Sources trust WikiLeaks to not reveal information that might help identify them.
Isn't WikiLeaks worried that the CIA will act against its staff to stop the series?
No. That would be certainly counter-productive.
Has WikiLeaks already 'mined' all the best stories?
No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They're there.
Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.
Won't other journalists find all the best stories before me?
Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.
submitted by CuteBananaMuffin to conspiracy [link] [comments]

FlowCards: A Declarative Framework for Development of Ergo dApps

FlowCards: A Declarative Framework for Development of Ergo dApps
Introduction
ErgoScript is the smart contract language used by the Ergo blockchain. While it has concise syntax adopted from Scala/Kotlin, it still may seem confusing at first because conceptually ErgoScript is quite different compared to conventional languages which we all know and love. This is because Ergo is a UTXO based blockchain, whereas smart contracts are traditionally associated with account based systems like Ethereum. However, Ergo's transaction model has many advantages over the account based model and with the right approach it can even be significantly easier to develop Ergo contracts than to write and debug Solidity code.
Below we will cover the key aspects of the Ergo contract model which makes it different:
Paradigm
The account model of Ethereum is imperative. This means that the typical task of sending coins from Alice to Bob requires changing the balances in storage as a series of operations. Ergo's UTXO based programming model on the other hand is declarative. ErgoScript contracts specify conditions for a transaction to be accepted by the blockchain (not changes to be made in the storage state as result of the contract execution).
Scalability
In the account model of Ethereum both storage changes and validity checks are performed on-chain during code execution. In contrast, Ergo transactions are created off-chain and only validation checks are performed on-chain thus reducing the amount of operations performed by every node on the network. In addition, due to immutability of the transaction graph, various optimization strategies are possible to improve throughput of transactions per second in the network. Light verifying nodes are also possible thus further facilitating scalability and accessibility of the network.
Shared state
The account-based model is reliant on shared mutable state which is known to lead to complex semantics (and subtle million dollar bugs) in the context of concurrent/ distributed computation. Ergo's model is based on an immutable graph of transactions. This approach, inherited from Bitcoin, plays well with the concurrent and distributed nature of blockchains and facilitates light trustless clients.
Expressive Power
Ethereum advocated execution of a turing-complete language on the blockchain. It theoretically promised unlimited potential, however in practice severe limitations came to light from excessive blockchain bloat, subtle multi-million dollar bugs, gas costs which limit contract complexity, and other such problems. Ergo on the flip side extends UTXO to enable turing-completeness while limiting the complexity of the ErgoScript language itself. The same expressive power is achieved in a different and more semantically sound way.
With the all of the above points, it should be clear that there are a lot of benefits to the model Ergo is using. In the rest of this article I will introduce you to the concept of FlowCards - a dApp developer component which allows for designing complex Ergo contracts in a declarative and visual way.
From Imperative to Declarative
In the imperative programming model of Ethereum a transaction is a sequence of operations executed by the Ethereum VM. The following Solidity function implements a transfer of tokens from sender to receiver . The transaction starts when sender calls this function on an instance of a contract and ends when the function returns.
// Sends an amount of existing coins from any caller to an address function send(address receiver, uint amount) public { require(amount <= balances[msg.sender], "Insufficient balance."); balances[msg.sender] -= amount; balances[receiver] += amount; emit Sent(msg.sender, receiver, amount); } 
The function first checks the pre-conditions, then updates the storage (i.e. balances) and finally publishes the post-condition as the Sent event. The gas which is consumed by the transaction is sent to the miner as a reward for executing this transaction.
Unlike Ethereum, a transaction in Ergo is a data structure holding a list of input coins which it spends and a list of output coins which it creates preserving the total balances of ERGs and tokens (in which Ergo is similar to Bitcoin).
Turning back to the example above, since Ergo natively supports tokens, therefore for this specific example of sending tokens we don't need to write any code in ErgoScript. Instead we need to create the ‘send’ transaction shown in the following figure, which describes the same token transfer but declaratively.
https://preview.redd.it/id5kjdgn9tv41.png?width=1348&format=png&auto=webp&s=31b937d7ad0af4afe94f4d023e8c90c97c8aed2e
The picture visually describes the following steps, which the network user needs to perform:
  1. Select unspent sender's boxes, containing in total tB >= amount of tokens and B >= txFee + minErg ERGs.
  2. Create an output target box which is protected by the receiver public key with minErg ERGs and amount of T tokens.
  3. Create one fee output protected by the minerFee contract with txFee ERGs.
  4. Create one change output protected by the sender public key, containing B - minErg - txFee ERGs and tB - amount of T tokens.
  5. Create a new transaction, sign it using the sender's secret key and send to the Ergo network.
What is important to understand here is that all of these steps are preformed off-chain (for example using Appkit Transaction API) by the user's application. Ergo network nodes don't need to repeat this transaction creation process, they only need to validate the already formed transaction. ErgoScript contracts are stored in the inputs of the transaction and check spending conditions. The node executes the contracts on-chain when the transaction is validated. The transaction is valid if all of the conditions are satisfied.
Thus, in Ethereum when we “send amount from sender to recipient” we are literally editing balances and updating the storage with a concrete set of commands. This happens on-chain and thus a new transaction is also created on-chain as the result of this process.
In Ergo (as in Bitcoin) transactions are created off-chain and the network nodes only verify them. The effects of the transaction on the blockchain state is that input coins (or Boxes in Ergo's parlance) are removed and output boxes are added to the UTXO set.
In the example above we don't use an ErgoScript contract but instead assume a signature check is used as the spending pre-condition. However in more complex application scenarios we of course need to use ErgoScript which is what we are going to discuss next.
From Changing State to Checking Context
In the send function example we first checked the pre-condition (require(amount <= balances[msg.sender],...) ) and then changed the state (i.e. update balances balances[msg.sender] -= amount ). This is typical in Ethereum transactions. Before we change anything we need to check if it is valid to do so.
In Ergo, as we discussed previously, the state (i.e. UTXO set of boxes) is changed implicitly when a valid transaction is included in a block. Thus we only need to check the pre-conditions before the transaction can be added to the block. This is what ErgoScript contracts do.
It is not possible to “change the state” in ErgoScript because it is a language to check pre-conditions for spending coins. ErgoScript is a purely functional language without side effects that operates on immutable data values. This means all the inputs, outputs and other transaction parameters available in a script are immutable. This, among other things, makes ErgoScript a very simple language that is easy to learn and safe to use. Similar to Bitcoin, each input box contains a script, which should return the true value in order to 1) allow spending of the box (i.e. removing from the UTXO set) and 2) adding the transaction to the block.
If we are being pedantic, it is therefore incorrect (strictly speaking) to think of ErgoScript as the language of Ergo contracts, because it is the language of propositions (logical predicates, formulas, etc.) which protect boxes from “illegal” spending. Unlike Bitcoin, in Ergo the whole transaction and a part of the current blockchain context is available to every script. Therefore each script may check which outputs are created by the transaction, their ERG and token amounts (we will use this capability in our example DEX contracts), current block number etc.
In ErgoScript you define the conditions of whether changes (i.e. coin spending) are allowed to happen in a given context. This is in contrast to programming the changes imperatively in the code of a contract.
While Ergo's transaction model unlocks a whole range of applications like (DEX, DeFi Apps, LETS, etc), designing contracts as pre-conditions for coin spending (or guarding scripts) directly is not intuitive. In the next sections we will consider a useful graphical notation to design contracts declaratively using FlowCard Diagrams, which is a visual representation of executable components (FlowCards).
FlowCards aim to radically simplify dApp development on the Ergo platform by providing a high-level declarative language, execution runtime, storage format and a graphical notation.
We will start with a high level of diagrams and go down to FlowCard specification.
FlowCard Diagrams
The idea behind FlowCard diagrams is based on the following observations: 1) An Ergo box is immutable and can only be spent in the transaction which uses it as an input. 2) We therefore can draw a flow of boxes through transactions, so that boxes flowing in to the transaction are spent and those flowing out are created and added to the UTXO. 3) A transaction from this perspective is simply a transformer of old boxes to the new ones preserving the balances of ERGs and tokens involved.
The following figure shows the main elements of the Ergo transaction we've already seen previously (now under the name of FlowCard Diagram).
https://preview.redd.it/9kcxl11o9tv41.png?width=1304&format=png&auto=webp&s=378a7f50769292ca94de35ff597dc1a44af56d14
There is a strictly defined meaning (semantics) behind every element of the diagram, so that the diagram is a visual representation (or a view) of the underlying executable component (called FlowCard).
The FlowCard can be used as a reusable component of an Ergo dApp to create and initiate the transaction on the Ergo blockchain. We will discuss this in the coming sections.
Now let's look at the individual pieces of the FlowCard diagram one by one.
  1. Name and Parameters
Each flow card is given a name and a list of typed parameters. This is similar to a template with parameters. In the above figure we can see the Send flow card which has five parameters. The parameters are used in the specification.
  1. Contract Wallet
This is a key element of the flow card. Every box has a guarding script. Often it is the script that checks a signature against a public key. This script is trivial in ErgoScript and is defined like the def pk(pubkey: Address) = { pubkey } template where pubkey is a parameter of the type Address . In the figure, the script template is applied to the parameter pk(sender) and thus a concrete wallet contract is obtained. Therefore pk(sender) and pk(receiver) yield different scripts and represent different wallets on the diagram, even though they use the same template.
Contract Wallet contains a set of all UTXO boxes which have a given script derived from the given script template using flow card parameters. For example, in the figure, the template is pk and parameter pubkey is substituted with the `sender’ flow card parameter.
  1. Contract
Even though a contract is a property of a box, on the diagram we group the boxes by their contracts, therefore it looks like the boxes belong to the contracts, rather than the contracts belong to the boxes. In the example, we have three instantiated contracts pk(sender) , pk(receiver) and minerFee . Note, that pk(sender) is the instantiation of the pk template with the concrete parameter sender and minerFee is the instantiation of the pre-defined contract which protects the miner reward boxes.
  1. Box name
In the diagram we can give each box a name. Besides readability of the diagram, we also use the name as a synonym of a more complex indexed access to the box in the contract. For example, change is the name of the box, which can also be used in the ErgoScript conditions instead of OUTPUTS(2) . We also use box names to associate spending conditions with the boxes.
  1. Boxes in the wallet
In the diagram, we show boxes (darker rectangles) as belonging to the contract wallets (lighter rectangles). Each such box rectangle is connected with a grey transaction rectangle by either orange or green arrows or both. An output box (with an incoming green arrow) may include many lines of text where each line specifies a condition which should be checked as part of the transaction. The first line specifies the condition on the amount of ERG which should be placed in the box. Other lines may take one of the following forms:
  1. amount: TOKEN - the box should contain the given amount of the given TOKEN
  2. R == value - the box should contain the given value of the given register R
  3. boxName ? condition - the box named boxName should check condition in its script.
We discuss these conditions in the sections below.
  1. Amount of ERGs in the box
Each box should store a minimum amount of ERGs. This is checked when the creating transaction is validated. In the diagram the amount of ERGs is always shown as the first line (e.g. B: ERG or B - minErg - txFee ). The value type ascription B: ERG is optional and may be used for readability. When the value is given as a formula, then this formula should be respected by the transaction which creates the box.
It is important to understand that variables like amount and txFee are not named properties of the boxes. They are parameters of the whole diagram and representing some amounts. Or put it another way, they are shared parameters between transactions (e.g. Sell Order and Swap transactions from DEX example below share the tAmt parameter). So the same name is tied to the same value throughout the diagram (this is where the tooling would help a lot). However, when it comes to on-chain validation of those values, only explicit conditions which are marked with ? are transformed to ErgoScript. At the same time, all other conditions are ensured off-chain during transaction building (for example in an application using Appkit API) and transaction validation when it is added to the blockchain.
  1. Amount of T token
A box can store values of many tokens. The tokens on the diagram are named and a value variable may be associated with the token T using value: T expression. The value may be given by formula. If the formula is prefixed with a box name like boxName ? formula , then it is should also be checked in the guarding script of the boxName box. This additional specification is very convenient because 1) it allows to validate the visual design automatically, and 2) the conditions specified in the boxes of a diagram are enough to synthesize the necessary guarding scripts. (more about this below at “From Diagrams To ErgoScript Contracts”)
  1. Tx Inputs
Inputs are connected to the corresponding transaction by orange arrows. An input arrow may have a label of the following forms:
  1. [email protected] - optional name with an index i.e. [email protected] or u/2 . This is a property of the target endpoint of the arrow. The name is used in conditions of related boxes and the index is the position of the corresponding box in the INPUTS collection of the transaction.
  2. !action - is a property of the source of the arrow and gives a name for an alternative spending path of the box (we will see this in DEX example)
Because of alternative spending paths, a box may have many outgoing orange arrows, in which case they should be labeled with different actions.
  1. Transaction
A transaction spends input boxes and creates output boxes. The input boxes are given by the orange arrows and the labels are expected to put inputs at the right indexes in INPUTS collection. The output boxes are given by the green arrows. Each transaction should preserve a strict balance of ERG values (sum of inputs == sum of outputs) and for each token the sum of inputs >= the sum of outputs. The design diagram requires an explicit specification of the ERG and token values for all of the output boxes to avoid implicit errors and ensure better readability.
  1. Tx Outputs
Outputs are connected to the corresponding transaction by green arrows. An output arrow may have a label of the following [email protected] , where an optional name is accompanied with an index i.e. [email protected] or u/2 . This is a property of the source endpoint of the arrow. The name is used in conditions of the related boxes and the index is the position of the corresponding box in the OUTPUTS collection of the transaction.
Example: Decentralized Exchange (DEX)
Now let's use the above described notation to design a FlowCard for a DEX dApp. It is simple enough yet also illustrates all of the key features of FlowCard diagrams which we've introduced in the previous section.
The dApp scenario is shown in the figure below: There are three participants (buyer, seller and DEX) of the DEX dApp and five different transaction types, which are created by participants. The buyer wants to swap ergAmt of ERGs for tAmt of TID tokens (or vice versa, the seller wants to sell TID tokens for ERGs, who sends the order first doesn't matter). Both the buyer and the seller can cancel their orders any time. The DEX off-chain matching service can find matching orders and create the Swap transaction to complete the exchange.
The following diagram fully (and formally) specifies all of the five transactions that must be created off-chain by the DEX dApp. It also specifies all of the spending conditions that should be verified on-chain.

https://preview.redd.it/fnt5f4qp9tv41.png?width=1614&format=png&auto=webp&s=34f145f9a6d622454906857e645def2faba057bd
Let's discuss the FlowCard diagram and the logic of each transaction in details:
Buy Order Transaction
A buyer creates a Buy Order transaction. The transaction spends E amount of ERGs (which we will write E: ERG ) from one or more boxes in the pk(buyer) wallet. The transaction creates a bid box with ergAmt: ERG protected by the buyOrder script. The buyOrder script is synthesized from the specification (see below at “From Diagrams To ErgoScript Contracts”) either manually or automatically by a tool. Even though we don't need to define the buyOrder script explicitly during designing, at run time the bid box should contain the buyOrder script as the guarding proposition (which checks the box spending conditions), otherwise the conditions specified in the diagram will not be checked.
The change box is created to make the input and output sums of the transaction balanced. The transaction fee box is omitted because it can be added automatically by the tools. In practice, however, the designer can add the fee box explicitly to the a diagram. It covers the cases of more complex transactions (like Swap) where there are many ways to pay the transaction fee.
Cancel Buy, Cancel Sell Transactions
At any time, the buyer can cancel the order by sending CancelBuy transaction. The transaction should satisfy the guarding buyOrder contract which protects the bid box. As you can see on the diagram, both the Cancel and the Swap transactions can spend the bid box. When a box has spending alternatives (or spending paths) then each alternative is identified by a unique name prefixed with ! (!cancel and !swap for the bid box). Each alternative path has specific spending conditions. In our example, when the Cancel Buy transaction spends the bid box the ?buyer condition should be satisfied, which we read as “the signature for the buyer address should be presented in the transaction”. Therefore, only buyer can cancel the buy order. This “signature” condition is only required for the !cancel alternative spending path and not required for !swap .
Sell Order Transaction
The Sell Order transaction is similar to the BuyOrder in that it deals with tokens in addition to ERGs. The transaction spends E: ERG and T: TID tokens from seller's wallet (specified as pk(seller) contract). The two outputs are ask and change . The change is a standard box to balance transaction. The ask box keeps tAmt: TID tokens for the exchange and minErg: ERG - the minimum amount of ERGs required in every box.
Swap Transaction
This is a key transaction in the DEX dApp scenario. The transaction has several spending conditions on the input boxes and those conditions are included in the buyOrder and sellOrder scripts (which are verified when the transaction is added to the blockchain). However, on the diagram those conditions are not specified in the bid and ask boxes, they are instead defined in the output boxes of the transaction.
This is a convention for improved usability because most of the conditions relate to the properties of the output boxes. We could specify those properties in the bid box, but then we would have to use more complex expressions.
Let's consider the output created by the arrow labeled with [email protected] . This label tells us that the output is at the index 0 in the OUTPUTS collection of the transaction and that in the diagram we can refer to this box by the buyerOut name. Thus we can label both the box itself and the arrow to give the box a name.
The conditions shown in the buyerOut box have the form bid ? condition , which means they should be verified on-chain in order to spend the bid box. The conditions have the following meaning:
  • tAmt: TID requires the box to have tAmt amount of TID token
  • R4 == bid.id requires R4 register in the box to be equal to id of the bid box.
  • script == buyer requires the buyerOut box to have the script of the wallet where it is located on the diagram, i.e. pk(buyer)
Similar properties are added to the sellerOut box, which is specified to be at index 1 and the name is given to it using the label on the box itself, rather than on the arrow.
The Swap transaction spends two boxes bid and ask using the !swap spending path on both, however unlike !cancel the conditions on the path are not specified. This is where the bid ? and ask ? prefixes come into play. They are used so that the conditions listed in the buyerOut and sellerOut boxes are moved to the !swap spending path of the bid and ask boxes correspondingly.
If you look at the conditions of the output boxes, you will see that they exactly specify the swap of values between seller's and buyer's wallets. The buyer gets the necessary amount of TID token and seller gets the corresponding amount of ERGs. The Swap transaction is created when there are two matching boxes with buyOrder and sellOrder contracts.
From Diagrams To ErgoScript Contracts
What is interesting about FlowCard specifications is that we can use them to automatically generate the necessary ErgoTree scripts. With the appropriate tooling support this can be done automatically, but with the lack of thereof, it can be done manually. Thus, the FlowCard allows us to capture and visually represent all of the design choices and semantic details of an Ergo dApp.
What we are going to do next is to mechanically create the buyOrder contract from the information given in the DEX flow card.
Recall that each script is a proposition (boolean valued expression) which should evaluate to true to allow spending of the box. When we have many conditions to be met at the same time we can combine them in a logical formula using the AND binary operation, and if we have alternatives (not necessarily exclusive) we can put them into the OR operation.
The buyOrder box has the alternative spending paths !cancel and !swap . Thus the ErgoScript code should have OR operation with two arguments - one for each spending path.
/** buyOrder contract */ { val cancelCondition = {} val swapCondition = {} cancelCondition || swapCondition } 
The formula for the cancelCondition expression is given in the !cancel spending path of the buyOrder box. We can directly include it in the script.
/** buyOrder contract */ { val cancelCondition = { buyer } val swapCondition = {} cancelCondition || swapCondition } 
For the !swap spending path of the buyOrder box the conditions are specified in the buyerOut output box of the Swap transaction. If we simply include them in the swapCondition then we get a syntactically incorrect script.
/** buyOrder contract */ { val cancelCondition = { buyer } val swapCondition = { tAmt: TID && R4 == bid.id && @contract } cancelCondition || swapCondition } 
We can however translate the conditions from the diagram syntax to ErgoScript expressions using the following simple rules
  1. [email protected] ==> val buyerOut = OUTPUTS(0)
  2. tAmt: TID ==> tid._2 == tAmt where tid = buyerOut.tokens(TID)
  3. R4 == bid.id ==> R4 == SELF.id where R4 = buyerOut.R4[Coll[Byte]].get
  4. script == buyer ==> buyerOut.propositionBytes == buyer.propBytes
Note, in the diagram TID represents a token id, but ErgoScript doesn't have access to the tokens by the ids so we cannot write tokens.getByKey(TID) . For this reason, when the diagram is translated into ErgoScript, TID becomes a named constant of the index in tokens collection of the box. The concrete value of the constant is assigned when the BuyOrder transaction with the buyOrder box is created. The correspondence and consistency between the actual tokenId, the TID constant and the actual tokens of the buyerOut box is ensured by the off-chain application code, which is completely possible since all of the transactions are created by the application using FlowCard as a guiding specification. This may sound too complicated, but this is part of the translation from diagram specification to actual executable application code, most of which can be automated.
After the transformation we can obtain a correct script which checks all the required preconditions for spending the buyOrder box.
/** buyOrder contract */ def DEX(buyer: Addrss, seller: Address, TID: Int, ergAmt: Long, tAmt: Long) { val cancelCondition: SigmaProp = { buyer } // verify buyer's sig (ProveDlog) val swapCondition = OUTPUTS.size > 0 && { // securing OUTPUTS access val buyerOut = OUTPUTS(0) // from [email protected] buyerOut.tokens.size > TID && { // securing tokens access val tid = buyerOut.tokens(TID) val regR4 = buyerOut.R4[Coll[Byte]] regR4.isDefined && { // securing R4 access val R4 = regR4.get tid._2 == tAmt && // from tAmt: TID R4 == SELF.id && // from R4 == bid.id buyerOut.propositionBytes == buyer.propBytes // from script == buyer } } } cancelCondition || swapCondition } 
A similar script for the sellOrder box can be obtained using the same translation rules. With the help of the tooling the code of contracts can be mechanically generated from the diagram specification.
Conclusions
Declarative programming models have already won the battle against imperative programming in many application domains like Big Data, Stream Processing, Deep Learning, Databases, etc. Ergo is pioneering the declarative model of dApp development as a better and safer alternative to the now popular imperative model of smart contracts.
The concept of FlowCard shifts the focus from writing ErgoScript contracts to the overall flow of values (hence the name), in such a way, that ErgoScript can always be generated from them. You will never need to look at the ErgoScript code once the tooling is in place.
Here are the possible next steps for future work:
  1. Storage format for FlowCard Spec and the corresponding EIP standardized file format (Json/XML/Protobuf). This will allow various tools (Diagram Editor, Runtime, dApps etc) to create and use *.flowcard files.
  2. FlowCard Viewer, which can generate the diagrams from *.flowcard files.
  3. FlowCard Runtime, which can run *.flowcard files, create and send transactions to Ergo network.
  4. FlowCard Designer Tool, which can simplify development of complex diagrams . This will make designing and validation of Ergo contracts a pleasant experience, more like drawing rather than coding. In addition, the correctness of the whole dApp scenario can be verified and controlled by the tooling.
submitted by Guilty_Pea to CryptoCurrencies [link] [comments]

FlowCards: A Declarative Framework for Development of Ergo dApps

FlowCards: A Declarative Framework for Development of Ergo dApps
Introduction
ErgoScript is the smart contract language used by the Ergo blockchain. While it has concise syntax adopted from Scala/Kotlin, it still may seem confusing at first because conceptually ErgoScript is quite different compared to conventional languages which we all know and love. This is because Ergo is a UTXO based blockchain, whereas smart contracts are traditionally associated with account based systems like Ethereum. However, Ergo's transaction model has many advantages over the account based model and with the right approach it can even be significantly easier to develop Ergo contracts than to write and debug Solidity code.
Below we will cover the key aspects of the Ergo contract model which makes it different:
Paradigm
The account model of Ethereum is imperative. This means that the typical task of sending coins from Alice to Bob requires changing the balances in storage as a series of operations. Ergo's UTXO based programming model on the other hand is declarative. ErgoScript contracts specify conditions for a transaction to be accepted by the blockchain (not changes to be made in the storage state as result of the contract execution).
Scalability
In the account model of Ethereum both storage changes and validity checks are performed on-chain during code execution. In contrast, Ergo transactions are created off-chain and only validation checks are performed on-chain thus reducing the amount of operations performed by every node on the network. In addition, due to immutability of the transaction graph, various optimization strategies are possible to improve throughput of transactions per second in the network. Light verifying nodes are also possible thus further facilitating scalability and accessibility of the network.
Shared state
The account-based model is reliant on shared mutable state which is known to lead to complex semantics (and subtle million dollar bugs) in the context of concurrent/ distributed computation. Ergo's model is based on an immutable graph of transactions. This approach, inherited from Bitcoin, plays well with the concurrent and distributed nature of blockchains and facilitates light trustless clients.
Expressive Power
Ethereum advocated execution of a turing-complete language on the blockchain. It theoretically promised unlimited potential, however in practice severe limitations came to light from excessive blockchain bloat, subtle multi-million dollar bugs, gas costs which limit contract complexity, and other such problems. Ergo on the flip side extends UTXO to enable turing-completeness while limiting the complexity of the ErgoScript language itself. The same expressive power is achieved in a different and more semantically sound way.
With the all of the above points, it should be clear that there are a lot of benefits to the model Ergo is using. In the rest of this article I will introduce you to the concept of FlowCards - a dApp developer component which allows for designing complex Ergo contracts in a declarative and visual way.

From Imperative to Declarative

In the imperative programming model of Ethereum a transaction is a sequence of operations executed by the Ethereum VM. The following Solidity function implements a transfer of tokens from sender to receiver . The transaction starts when sender calls this function on an instance of a contract and ends when the function returns.
// Sends an amount of existing coins from any caller to an address function send(address receiver, uint amount) public { require(amount <= balances[msg.sender], "Insufficient balance."); balances[msg.sender] -= amount; balances[receiver] += amount; emit Sent(msg.sender, receiver, amount); } 
The function first checks the pre-conditions, then updates the storage (i.e. balances) and finally publishes the post-condition as the Sent event. The gas which is consumed by the transaction is sent to the miner as a reward for executing this transaction.
Unlike Ethereum, a transaction in Ergo is a data structure holding a list of input coins which it spends and a list of output coins which it creates preserving the total balances of ERGs and tokens (in which Ergo is similar to Bitcoin).
Turning back to the example above, since Ergo natively supports tokens, therefore for this specific example of sending tokens we don't need to write any code in ErgoScript. Instead we need to create the ‘send’ transaction shown in the following figure, which describes the same token transfer but declaratively.
https://preview.redd.it/sxs3kesvrsv41.png?width=1348&format=png&auto=webp&s=582382bc26912ff79114d831d937d94b6988e69f
The picture visually describes the following steps, which the network user needs to perform:
  1. Select unspent sender's boxes, containing in total tB >= amount of tokens and B >= txFee + minErg ERGs.
  2. Create an output target box which is protected by the receiver public key with minErg ERGs and amount of T tokens.
  3. Create one fee output protected by the minerFee contract with txFee ERGs.
  4. Create one change output protected by the sender public key, containing B - minErg - txFee ERGs and tB - amount of T tokens.
  5. Create a new transaction, sign it using the sender's secret key and send to the Ergo network.
What is important to understand here is that all of these steps are preformed off-chain (for example using Appkit Transaction API) by the user's application. Ergo network nodes don't need to repeat this transaction creation process, they only need to validate the already formed transaction. ErgoScript contracts are stored in the inputs of the transaction and check spending conditions. The node executes the contracts on-chain when the transaction is validated. The transaction is valid if all of the conditions are satisfied.
Thus, in Ethereum when we “send amount from sender to recipient” we are literally editing balances and updating the storage with a concrete set of commands. This happens on-chain and thus a new transaction is also created on-chain as the result of this process.
In Ergo (as in Bitcoin) transactions are created off-chain and the network nodes only verify them. The effects of the transaction on the blockchain state is that input coins (or Boxes in Ergo's parlance) are removed and output boxes are added to the UTXO set.
In the example above we don't use an ErgoScript contract but instead assume a signature check is used as the spending pre-condition. However in more complex application scenarios we of course need to use ErgoScript which is what we are going to discuss next.

From Changing State to Checking Context

In the send function example we first checked the pre-condition (require(amount <= balances[msg.sender],...) ) and then changed the state (i.e. update balances balances[msg.sender] -= amount ). This is typical in Ethereum transactions. Before we change anything we need to check if it is valid to do so.
In Ergo, as we discussed previously, the state (i.e. UTXO set of boxes) is changed implicitly when a valid transaction is included in a block. Thus we only need to check the pre-conditions before the transaction can be added to the block. This is what ErgoScript contracts do.
It is not possible to “change the state” in ErgoScript because it is a language to check pre-conditions for spending coins. ErgoScript is a purely functional language without side effects that operates on immutable data values. This means all the inputs, outputs and other transaction parameters available in a script are immutable. This, among other things, makes ErgoScript a very simple language that is easy to learn and safe to use. Similar to Bitcoin, each input box contains a script, which should return the true value in order to 1) allow spending of the box (i.e. removing from the UTXO set) and 2) adding the transaction to the block.
If we are being pedantic, it is therefore incorrect (strictly speaking) to think of ErgoScript as the language of Ergo contracts, because it is the language of propositions (logical predicates, formulas, etc.) which protect boxes from “illegal” spending. Unlike Bitcoin, in Ergo the whole transaction and a part of the current blockchain context is available to every script. Therefore each script may check which outputs are created by the transaction, their ERG and token amounts (we will use this capability in our example DEX contracts), current block number etc.
In ErgoScript you define the conditions of whether changes (i.e. coin spending) are allowed to happen in a given context. This is in contrast to programming the changes imperatively in the code of a contract.
While Ergo's transaction model unlocks a whole range of applications like (DEX, DeFi Apps, LETS, etc), designing contracts as pre-conditions for coin spending (or guarding scripts) directly is not intuitive. In the next sections we will consider a useful graphical notation to design contracts declaratively using FlowCard Diagrams, which is a visual representation of executable components (FlowCards).
FlowCards aim to radically simplify dApp development on the Ergo platform by providing a high-level declarative language, execution runtime, storage format and a graphical notation.
We will start with a high level of diagrams and go down to FlowCard specification.

FlowCard Diagrams

The idea behind FlowCard diagrams is based on the following observations: 1) An Ergo box is immutable and can only be spent in the transaction which uses it as an input. 2) We therefore can draw a flow of boxes through transactions, so that boxes flowing in to the transaction are spent and those flowing out are created and added to the UTXO. 3) A transaction from this perspective is simply a transformer of old boxes to the new ones preserving the balances of ERGs and tokens involved.
The following figure shows the main elements of the Ergo transaction we've already seen previously (now under the name of FlowCard Diagram).
https://preview.redd.it/06aqkcd1ssv41.png?width=1304&format=png&auto=webp&s=106eda730e0526919aabd5af9596b97e45b69777
There is a strictly defined meaning (semantics) behind every element of the diagram, so that the diagram is a visual representation (or a view) of the underlying executable component (called FlowCard).
The FlowCard can be used as a reusable component of an Ergo dApp to create and initiate the transaction on the Ergo blockchain. We will discuss this in the coming sections.
Now let's look at the individual pieces of the FlowCard diagram one by one.
1. Name and Parameters
Each flow card is given a name and a list of typed parameters. This is similar to a template with parameters. In the above figure we can see the Send flow card which has five parameters. The parameters are used in the specification.
2. Contract Wallet
This is a key element of the flow card. Every box has a guarding script. Often it is the script that checks a signature against a public key. This script is trivial in ErgoScript and is defined like the def pk(pubkey: Address) = { pubkey } template where pubkey is a parameter of the type Address . In the figure, the script template is applied to the parameter pk(sender) and thus a concrete wallet contract is obtained. Therefore pk(sender) and pk(receiver) yield different scripts and represent different wallets on the diagram, even though they use the same template.
Contract Wallet contains a set of all UTXO boxes which have a given script derived from the given script template using flow card parameters. For example, in the figure, the template is pk and parameter pubkey is substituted with the `sender’ flow card parameter.
3. Contract
Even though a contract is a property of a box, on the diagram we group the boxes by their contracts, therefore it looks like the boxes belong to the contracts, rather than the contracts belong to the boxes. In the example, we have three instantiated contracts pk(sender) , pk(receiver) and minerFee . Note, that pk(sender) is the instantiation of the pk template with the concrete parameter sender and minerFee is the instantiation of the pre-defined contract which protects the miner reward boxes.
4. Box name
In the diagram we can give each box a name. Besides readability of the diagram, we also use the name as a synonym of a more complex indexed access to the box in the contract. For example, change is the name of the box, which can also be used in the ErgoScript conditions instead of OUTPUTS(2) . We also use box names to associate spending conditions with the boxes.
5. Boxes in the wallet
In the diagram, we show boxes (darker rectangles) as belonging to the contract wallets (lighter rectangles). Each such box rectangle is connected with a grey transaction rectangle by either orange or green arrows or both. An output box (with an incoming green arrow) may include many lines of text where each line specifies a condition which should be checked as part of the transaction. The first line specifies the condition on the amount of ERG which should be placed in the box. Other lines may take one of the following forms:
  1. amount: TOKEN - the box should contain the given amount of the given TOKEN
  2. R == value - the box should contain the given value of the given register R
  3. boxName ? condition - the box named boxName should check condition in its script.
We discuss these conditions in the sections below.
6. Amount of ERGs in the box
Each box should store a minimum amount of ERGs. This is checked when the creating transaction is validated. In the diagram the amount of ERGs is always shown as the first line (e.g. B: ERG or B - minErg - txFee ). The value type ascription B: ERG is optional and may be used for readability. When the value is given as a formula, then this formula should be respected by the transaction which creates the box.
It is important to understand that variables like amount and txFee are not named properties of the boxes. They are parameters of the whole diagram and representing some amounts. Or put it another way, they are shared parameters between transactions (e.g. Sell Order and Swap transactions from DEX example below share the tAmt parameter). So the same name is tied to the same value throughout the diagram (this is where the tooling would help a lot). However, when it comes to on-chain validation of those values, only explicit conditions which are marked with ? are transformed to ErgoScript. At the same time, all other conditions are ensured off-chain during transaction building (for example in an application using Appkit API) and transaction validation when it is added to the blockchain.
7. Amount of T token
A box can store values of many tokens. The tokens on the diagram are named and a value variable may be associated with the token T using value: T expression. The value may be given by formula. If the formula is prefixed with a box name like boxName ? formula , then it is should also be checked in the guarding script of the boxName box. This additional specification is very convenient because 1) it allows to validate the visual design automatically, and 2) the conditions specified in the boxes of a diagram are enough to synthesize the necessary guarding scripts. (more about this below at “From Diagrams To ErgoScript Contracts”)
8. Tx Inputs
Inputs are connected to the corresponding transaction by orange arrows. An input arrow may have a label of the following forms:
  1. [email protected] - optional name with an index i.e. [email protected] or u/2 . This is a property of the target endpoint of the arrow. The name is used in conditions of related boxes and the index is the position of the corresponding box in the INPUTS collection of the transaction.
  2. !action - is a property of the source of the arrow and gives a name for an alternative spending path of the box (we will see this in DEX example)
Because of alternative spending paths, a box may have many outgoing orange arrows, in which case they should be labeled with different actions.
9. Transaction
A transaction spends input boxes and creates output boxes. The input boxes are given by the orange arrows and the labels are expected to put inputs at the right indexes in INPUTS collection. The output boxes are given by the green arrows. Each transaction should preserve a strict balance of ERG values (sum of inputs == sum of outputs) and for each token the sum of inputs >= the sum of outputs. The design diagram requires an explicit specification of the ERG and token values for all of the output boxes to avoid implicit errors and ensure better readability.
10. Tx Outputs
Outputs are connected to the corresponding transaction by green arrows. An output arrow may have a label of the following [email protected] , where an optional name is accompanied with an index i.e. [email protected] or u/2 . This is a property of the source endpoint of the arrow. The name is used in conditions of the related boxes and the index is the position of the corresponding box in the OUTPUTS collection of the transaction.

Example: Decentralized Exchange (DEX)

Now let's use the above described notation to design a FlowCard for a DEX dApp. It is simple enough yet also illustrates all of the key features of FlowCard diagrams which we've introduced in the previous section.
The dApp scenario is shown in the figure below: There are three participants (buyer, seller and DEX) of the DEX dApp and five different transaction types, which are created by participants. The buyer wants to swap ergAmt of ERGs for tAmt of TID tokens (or vice versa, the seller wants to sell TID tokens for ERGs, who sends the order first doesn't matter). Both the buyer and the seller can cancel their orders any time. The DEX off-chain matching service can find matching orders and create the Swap transaction to complete the exchange.
The following diagram fully (and formally) specifies all of the five transactions that must be created off-chain by the DEX dApp. It also specifies all of the spending conditions that should be verified on-chain.

https://preview.redd.it/piogz0v9ssv41.png?width=1614&format=png&auto=webp&s=e1b503a635ad3d138ef91e2f0c3b726e78958646
Let's discuss the FlowCard diagram and the logic of each transaction in details:
Buy Order Transaction
A buyer creates a Buy Order transaction. The transaction spends E amount of ERGs (which we will write E: ERG ) from one or more boxes in the pk(buyer) wallet. The transaction creates a bid box with ergAmt: ERG protected by the buyOrder script. The buyOrder script is synthesized from the specification (see below at “From Diagrams To ErgoScript Contracts”) either manually or automatically by a tool. Even though we don't need to define the buyOrder script explicitly during designing, at run time the bid box should contain the buyOrder script as the guarding proposition (which checks the box spending conditions), otherwise the conditions specified in the diagram will not be checked.
The change box is created to make the input and output sums of the transaction balanced. The transaction fee box is omitted because it can be added automatically by the tools. In practice, however, the designer can add the fee box explicitly to the a diagram. It covers the cases of more complex transactions (like Swap) where there are many ways to pay the transaction fee.
Cancel Buy, Cancel Sell Transactions
At any time, the buyer can cancel the order by sending CancelBuy transaction. The transaction should satisfy the guarding buyOrder contract which protects the bid box. As you can see on the diagram, both the Cancel and the Swap transactions can spend the bid box. When a box has spending alternatives (or spending paths) then each alternative is identified by a unique name prefixed with ! (!cancel and !swap for the bid box). Each alternative path has specific spending conditions. In our example, when the Cancel Buy transaction spends the bid box the ?buyer condition should be satisfied, which we read as “the signature for the buyer address should be presented in the transaction”. Therefore, only buyer can cancel the buy order. This “signature” condition is only required for the !cancel alternative spending path and not required for !swap .
Sell Order Transaction
The Sell Order transaction is similar to the BuyOrder in that it deals with tokens in addition to ERGs. The transaction spends E: ERG and T: TID tokens from seller's wallet (specified as pk(seller) contract). The two outputs are ask and change . The change is a standard box to balance transaction. The ask box keeps tAmt: TID tokens for the exchange and minErg: ERG - the minimum amount of ERGs required in every box.
Swap Transaction
This is a key transaction in the DEX dApp scenario. The transaction has several spending conditions on the input boxes and those conditions are included in the buyOrder and sellOrder scripts (which are verified when the transaction is added to the blockchain). However, on the diagram those conditions are not specified in the bid and ask boxes, they are instead defined in the output boxes of the transaction.
This is a convention for improved usability because most of the conditions relate to the properties of the output boxes. We could specify those properties in the bid box, but then we would have to use more complex expressions.
Let's consider the output created by the arrow labeled with [email protected] . This label tells us that the output is at the index 0 in the OUTPUTS collection of the transaction and that in the diagram we can refer to this box by the buyerOut name. Thus we can label both the box itself and the arrow to give the box a name.
The conditions shown in the buyerOut box have the form bid ? condition , which means they should be verified on-chain in order to spend the bid box. The conditions have the following meaning:
  • tAmt: TID requires the box to have tAmt amount of TID token
  • R4 == bid.id requires R4 register in the box to be equal to id of the bid box.
  • script == buyer requires the buyerOut box to have the script of the wallet where it is located on the diagram, i.e. pk(buyer)
Similar properties are added to the sellerOut box, which is specified to be at index 1 and the name is given to it using the label on the box itself, rather than on the arrow.
The Swap transaction spends two boxes bid and ask using the !swap spending path on both, however unlike !cancel the conditions on the path are not specified. This is where the bid ? and ask ? prefixes come into play. They are used so that the conditions listed in the buyerOut and sellerOut boxes are moved to the !swap spending path of the bid and ask boxes correspondingly.
If you look at the conditions of the output boxes, you will see that they exactly specify the swap of values between seller's and buyer's wallets. The buyer gets the necessary amount of TID token and seller gets the corresponding amount of ERGs. The Swap transaction is created when there are two matching boxes with buyOrder and sellOrder contracts.

From Diagrams To ErgoScript Contracts

What is interesting about FlowCard specifications is that we can use them to automatically generate the necessary ErgoTree scripts. With the appropriate tooling support this can be done automatically, but with the lack of thereof, it can be done manually. Thus, the FlowCard allows us to capture and visually represent all of the design choices and semantic details of an Ergo dApp.
What we are going to do next is to mechanically create the buyOrder contract from the information given in the DEX flow card.
Recall that each script is a proposition (boolean valued expression) which should evaluate to true to allow spending of the box. When we have many conditions to be met at the same time we can combine them in a logical formula using the AND binary operation, and if we have alternatives (not necessarily exclusive) we can put them into the OR operation.
The buyOrder box has the alternative spending paths !cancel and !swap . Thus the ErgoScript code should have OR operation with two arguments - one for each spending path.
/** buyOrder contract */ { val cancelCondition = {} val swapCondition = {} cancelCondition || swapCondition } 
The formula for the cancelCondition expression is given in the !cancel spending path of the buyOrder box. We can directly include it in the script.
/** buyOrder contract */ { val cancelCondition = { buyer } val swapCondition = {} cancelCondition || swapCondition } 
For the !swap spending path of the buyOrder box the conditions are specified in the buyerOut output box of the Swap transaction. If we simply include them in the swapCondition then we get a syntactically incorrect script.
/** buyOrder contract */ { val cancelCondition = { buyer } val swapCondition = { tAmt: TID && R4 == bid.id && @contract } cancelCondition || swapCondition } 
We can however translate the conditions from the diagram syntax to ErgoScript expressions using the following simple rules
  1. [email protected] ==> val buyerOut = OUTPUTS(0)
  2. tAmt: TID ==> tid._2 == tAmt where tid = buyerOut.tokens(TID)
  3. R4 == bid.id ==> R4 == SELF.id where R4 = buyerOut.R4[Coll[Byte]].get
  4. script == buyer ==> buyerOut.propositionBytes == buyer.propBytes
Note, in the diagram TID represents a token id, but ErgoScript doesn't have access to the tokens by the ids so we cannot write tokens.getByKey(TID) . For this reason, when the diagram is translated into ErgoScript, TID becomes a named constant of the index in tokens collection of the box. The concrete value of the constant is assigned when the BuyOrder transaction with the buyOrder box is created. The correspondence and consistency between the actual tokenId, the TID constant and the actual tokens of the buyerOut box is ensured by the off-chain application code, which is completely possible since all of the transactions are created by the application using FlowCard as a guiding specification. This may sound too complicated, but this is part of the translation from diagram specification to actual executable application code, most of which can be automated.
After the transformation we can obtain a correct script which checks all the required preconditions for spending the buyOrder box.
/** buyOrder contract */ def DEX(buyer: Addrss, seller: Address, TID: Int, ergAmt: Long, tAmt: Long) { val cancelCondition: SigmaProp = { buyer } // verify buyer's sig (ProveDlog) val swapCondition = OUTPUTS.size > 0 && { // securing OUTPUTS access val buyerOut = OUTPUTS(0) // from [email protected] buyerOut.tokens.size > TID && { // securing tokens access val tid = buyerOut.tokens(TID) val regR4 = buyerOut.R4[Coll[Byte]] regR4.isDefined && { // securing R4 access val R4 = regR4.get tid._2 == tAmt && // from tAmt: TID R4 == SELF.id && // from R4 == bid.id buyerOut.propositionBytes == buyer.propBytes // from script == buyer } } } cancelCondition || swapCondition } 
A similar script for the sellOrder box can be obtained using the same translation rules. With the help of the tooling the code of contracts can be mechanically generated from the diagram specification.

Conclusions

Declarative programming models have already won the battle against imperative programming in many application domains like Big Data, Stream Processing, Deep Learning, Databases, etc. Ergo is pioneering the declarative model of dApp development as a better and safer alternative to the now popular imperative model of smart contracts.
The concept of FlowCard shifts the focus from writing ErgoScript contracts to the overall flow of values (hence the name), in such a way, that ErgoScript can always be generated from them. You will never need to look at the ErgoScript code once the tooling is in place.
Here are the possible next steps for future work:
  1. Storage format for FlowCard Spec and the corresponding EIP standardized file format (Json/XML/Protobuf). This will allow various tools (Diagram Editor, Runtime, dApps etc) to create and use *.flowcard files.
  2. FlowCard Viewer, which can generate the diagrams from *.flowcard files.
  3. FlowCard Runtime, which can run *.flowcard files, create and send transactions to Ergo network.
  4. FlowCard Designer Tool, which can simplify development of complex diagrams . This will make designing and validation of Ergo contracts a pleasant experience, more like drawing rather than coding. In addition, the correctness of the whole dApp scenario can be verified and controlled by the tooling.
submitted by eleanorcwhite to btc [link] [comments]

Tools & Info for SysAdmins - Mega Summary Q4 (Over 80 Items)

Hi sysadmin,
Each week I thought I'd post these SysAdmin tools, tips, tutorials etc with just one link to get it in your inbox each week (with extras). Let me know any ideas for future version in the comments!
This week is mega list of all the items we've featured to in the last 3 months, broken down into categories, for you to explore at your leisure. I hope you enjoy it.

Free Tools

Free MailFlow Monitor. Rejection / Delay Text Alerts, Group Policies, Alerts By SMTP Code, Trouble Shooting Tools including header analysis. MailFlow Monitor is EveryCloud’s (Our) free, cloud-based, round-trip tool that sends you an alert as soon as there is an issue with your email flow. Settings are adjustable to allow you to choose how much of a delay is acceptable and which types of bounce alerts you want to see. Helps you get to the bottom of a problem before users (or your boss) have even noticed it.

Postman is a popular, free app to make API development faster and easier. It offers a powerful GUI, saved history of requests, flexible monitoring, automated testing with collection runner, mock servers, and unlimited collections, environments, tests, and sharing. It also provides detailed documentation.

Microsoft Sysinternals Suite is all their utilities in one convenient file. Contains the all the individual troubleshooting tools as well as help files, but not non-troubleshooting tools like the BSOD Screen Saver or NotMyFault. A shout out to azers for recommending this one.

RichCopy is a simple tool written by a Microsoft engineer named Derk Benisch. It provides a much-appreciated graphical interface for the very popular Robocopy command-line utility.

Windows Update MiniTool is an alternative to the standard (and sometimes overbearing) Windows Update. It allows you to control updates by giving you the power to search, install, and block Windows updates in any way you like.

Space Monger gives you a graphical image of your whole disk, where large files and folders are easily identified. This handy tool can be run from a USB drive, so you don't even need to install it. Thanks for this one and Windows Update MiniTool go to mikedopp.

UNetbootin is a terrific, cross-platform utility for creating bootable live USB drives for Ubuntu and other Linux distributions without burning a CD. Thanks go to Gianks for this one.

CopyQ is a clipboard manager that adds some advanced editing and scripting capabilities. It monitors the system clipboard and saves text, HTML, images and more into customized tabs. From there, the saved content can be copied and pasted directly into any application. Clipboard history is easily searchable and can be filtered. Suggested by majkinetor.

Desktop Info provides a quick view of every kind of metric about your Windows system right on your desktop. The display looks like wallpaper but stays resident in memory and updates in real time. Gives you a quick way to monitor what any system is up to, while using very little memory and requiring almost nothing from the CPU. This one was recommended by mikedopp.

Healthstone is a lightweight, self-hosted, agent-based system-monitoring solution that runs lots of customizable health checks. The dashboard runs on a Windows or Linux server, and it has agents for the Windows and Linux hosts you want to monitor. You can customize the dashboard to send notifications via email, Pushbullet, or NodePoint tickets whenever a client stops checking in or any of the configured checks fail. Configuration is retrieved from the dashboard by all agents in the form of templates, which are stored in the templates folder and can be customized for your needs. Thanks to mikedopp for this one!

Rufus is another utility for formatting and creating bootable USB flash drives. This one works with MRB/GPT and BIOS/UEFI. Rufus is about twice as fast as UNetbootin, Universal USB Installer, or Windows 7 USB download tool when creating a Windows 7 USB installation drive from an ISO. It is also marginally faster for creating a Linux bootable USB from ISOs. We first heard of this one from Gianks, but there were quite a few others who shared the recommendation as well.

Axence netTools is a set of ten free tools for network scanning and monitoring. Includes: Netwatch (multiple host availability and response-time monitoring); Network port and service scanner; Wintools (view of launched processes/services, remote register editor and Windows event log view, HDD/RAM/CPU details, custom queries based on WMI protocol); TCP/IP workshop and SNMP browser; Traceroute; NetStat (list of inbound and outbound connections and open ports); Local info (tables with local configuration details, TCP/UDP stats); Lookup (DNS and WHOIS records); Bandwidth test; and NetCheck (LAN hardware and wiring quality check). This was recommended by DollarMindy as an "easy ping monitor with email alerts."

MediCat USB is a a bootable troubleshooting environment with Linux and Windows boot environments and troubleshooting tools. A complete Hiren's Boot Disk replacement for modern hardware that follows the Ubuntu release cycle with a new update released every 6 months. The DVD version was originally recommended to us by Spikerman "for when you need to helpdesk warrior."

MobaXterm is an enhanced terminal for remote computing. It brings all the key remote network tools (SSH, X11, RDP, VNC, FTP, MOSH) and Unix commands (bash, ls, cat, sed, grep, awk, rsync) to Windows desktop in a single, portable .exe file that works out of the box. The free version includes full X server and SSH support, remote desktop (RDP, VNC, Xdmcp), remote terminal (SSH, telnet, rlogin, Mosh), X11-Forwarding, automatic SFTP browser, plugins support, portable and installer versions but only 12 sessions, 2 SSH tunnels, 4 macros, and 360 seconds for Tftp/Nfs/Cron. Thanks go out to lazylion_ca for suggesting this one.

WinDirStat provides free, open-source graphical disk-usage analysis for MS Windows. You'll get a sub-tree view with disk-use percent and a list of file extensions ordered by usage. This tool was recommended by ohyeahwell, who likes to use it "for freespace as it can be deployed via ninite pro."

IIS Crypto allows administrators to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. You can also reorder SSL/TLS cipher suites from IIS, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions. EOTFOFFTW tells us, “This tool has been very helpful in configuring SSL settings for Windows IIS servers.”

Ditto saves all your clipboard items so you can access them later. It works with anything that can be put on the clipboard—images, text, html and custom formats. The simple interface includes search and sync functions for ease of finding what you need. Thanks go to Arkiteck for suggesting this one!

Malwarebytes Anti-Malware should be your first stop if you suspect a malware infection. It is the most-effective malware remover—featuring deep scans and daily updates—and blocks malware, hacker, viruses, ransomware and malicious websites that slip through your traditional antivirus. Also available as a full AV program that you can buy if you wish to do so.

Termius is a complete command-line solution providing portable server management for UNIX and Linux systems—whether a local machine, a remote service, Docker Container, VM, Raspberry Pi, or AWS instance (similar to Putty for Android). This cross-platform Telnet, Mosh-compatible and SSH client. Securely access Linux or IoT devices to quickly fix issues from your laptop or phone. Thanks for this one go to blendelabor.

WSUS Offline Update lets you safely patch any computer running Microsoft Windows and Office—even when there's no connection to the Internet or a network of any sort. More specifically, you first run WSUS Offline Update on a machine that has Internet connectivity to download the updates you need and copy the resulting update media to a USB drive. You then use the USB drive to run the update on the target computers. Recommended by mikedopp.

SystemRescueCd is a Linux system rescue disk that allows you to administer or repair your system and data after a crash. It can be booted via CD/DVD, USB or installed directly on the hard disk. Many system utilities like GParted, fsarchiver, filesystem tools and basic tools (editors, midnight commander, network tools) are included, and it works on Linux and Windows computers, desktops and servers. Supports ext3/ext4, xfs, btrfs, reiserfs, jfs, vfat, ntfs—as well as network filesystems such as Samba and NFS.

KiTTY is a fork of PuTTY, the popular Telnet and SSH client. It runs on Windows and can perform all the tasks of PuTTY plus many more. Features include portability, predefined command shortcuts, sessions filter, session launcher, automatic log-on script, URL hyperlinks, automatic command and password, running locally saved scripts in remote sessions, ZModem integration, icons for each session, transparency, unfortunate keyboard input protection, roll-up, quick start of duplicate sessions, configuration box, automatic saving, Internet Explorer integration for SSH Handler, binary compression, clipboard printing, PuTTYCyg patch, background images/transparency and organizing sessions you save in a folder hierarchy.

WinMTR is a free, open-source Windows application that integrates the functions of the traceroute and ping utilities into a single, convenient network diagnostic tool. Many thanks to generalmx for suggesting both this and SystemRescueCd!

Free Services

SSL Labs SSL Server Test is a free online service that will run a deep analysis on the configuration for any SSL web server. Simply enter the hostname, and you'll get a detailed report highlighting any problems found on each server.

Draw.io is a free, browser-based diagramming application that's terrific for creating flowcharts and org charts. It's available as an online application with optional integration to various cloud storage options.

ImmuniWeb® SSLScan allows you to test SSL/TLS security and implementation for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. Checks SSL certificate expiration for subdomains, insecure third-party content, and email servers’ SPF, DKIM, and DMARC implementation. Credit for this one goes to pixl_graphix.

BadSSL.com offers a simple, free way to test a browser's security setup. This helpful service was suggested by Already__Taken who advises you to "test what your MITM proxy will happily re-sign and present to you as a valid site."

Testssl.sh is a free command line tool that checks a server's service on any port for the support of TLS/SSL ciphers, protocols, recent cryptographic flaws and more. Recommended by stuck_in_the_tubes who likes it "for when you need to assess protocol encryption without the use of external services."

Tips

For access to all of the sysinternals tools on any Windows box with internet, just Win+R and open \\live.sysinternals.com\tools. It's a public SMB share with all of the tools that Microsoft hosts. Thanks to jedieaston for the tip.

BASH keyboard shortcut: 'Control + r' initiates a name/command lookup from the bash history. As you type, this 'reverse incremental search' will autocomplete with the most-recent match from your history.

Podcasts

Darknet Diaries podcast relates the fascinating, true stories of hackers, defenders, threats, malware, botnets, breaches, and privacy. The show's producer, Jack Rhysider, is a security-world veteran who gained experience fighting such exploits at a Security Operations Center. Thanks to unarj for suggesting this one.

StormCast is a daily 5-10 minute podcast from the Internet Storm Center covering the latest information security threat updates. New podcasts are released late in the day, so they're waiting for you to listen on your morning commute. While the format is compact, the information is very high-level and provides a real overview of the current state of affairs in the info-sec world.

Microsoft Cloud IT Pro podcast is hosted by Scott and Ben, two IT Pros with expertise in SharePoint, Office 365 and Azure. The podcast focuses primarily on Office 365 with some discussion on Azure, especially as it relates to Office 365 in areas such as Azure AD and Mobile Device Management (MDM) or Mobile Application Management (MAM).

Datanauts podcast keeps you up to date on developments in data center and infrastructure related to cloud, storage, virtualization, containers, networking, and convergence. Discussions focus on data center compute, storage, networking and automation to explore the newest technologies, including hyperconvergence and cloud.

Cloud Architects is a podcast on best practices, the latest news, and cutting-edge Microsoft cloud technologies. Nicolas Blank, Warren du Toit and Chris Goosen host discussions with various experts in the cloud space to gather helpful guidance and ideas.

Risky Business is a weekly podcast that covers both the latest news and thoughtful, in-depth discussions with the top minds in the security industry. Hosted by award-winning journalist Patrick Gray, it is a terrific way to stay up to date on information security.

The rollBak is a podcast on systems engineering, DevOps, networking, and automation—along with the odd discussion on software development or information security. Conversation is casual with the intention of making complex topics approachable in a way that fosters learning.

Tutorials

Get Started in PowerShell3 is a great jump start video series on starting out in PowerShell. According to sysadmin FireLucid, "It's a great broad overview of how it works and I found it extremely useful to have watched before starting on the book."

Websites

Ask Woody is a no-nonsense news, tips, and help site for Windows, Office, and more. You can post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through their forums. Recommended to us by deeperdownunder.

Learn X in Y minutes is a community-driven site that provides quick syntax for many popular programming languages. Here are direct links for some common ones, kindly provided by ssebs:

WintelGuy offers a handy collection of useful links, calculators, resources, and tools for the sysadmin. Thanks LateralLimey for the recommendation!

How-To Geek is a website dedicated to explaining today's technology. Content is written to be useful for all audiences—from regular people to geeky technophiles—and the focus is to put the latest news and tech into context.

EventSentry is a comprehensive, well-organized resource for Windows security events and auditing on the web. It allows you to see how events correlate using insertion strings and review the associated audit instructions. This was recommended by _deftoner_ as an “online DB where you can search for Windows Event Log by id, os, error code, etc. I do a lot of auditing on a big network thru event log ids, and sometimes I found rare errors—and there is not a good db with all of them. Not even Microsoft has one.”

Books

The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win tells the story of an IT manager's efforts to save his company's dysfunctional IT dept. The company's new IT initiative, code named Phoenix Project, is behind schedule and hugely over budget. Bill is given 90 days to resolve the entire mess—or have his entire department outsourced. An entertaining read, with elements that seem familiar to most system admins. Comes highly recommended by sp00n_b3nd3r.

UNIX® and Linux® System Administration Handbook, 5th Edition, is a comprehensive guide written by world-class, hands-on experts. It covers best practices for every area of system administration—including storage management, network design and administration, security, web hosting, automation, configuration management, performance analysis, virtualization, DNS, security, and management of IT service organizations. You'll learn all about installing, configuring, and maintaining any UNIX or Linux system, even those that supply core Internet and cloud infrastructure. A great resource for anyone responsible for running systems built on UNIX or Linux.

Taming Information Technology: Lessons from Studies of System Administrators (Human Technology Interaction Series)was suggested by AngryMountainBiker, who describes it as "essentially an ethnographic study of system administrators. The authors videotaped and otherwise documented SA's over a period of time and were able to break down a number of fascinating incidents and how to improve the art. I'm disappointed this hasn't been recommended reading for all SA's and maybe more importantly, their bosses, who too often don't really know what SA's do."

Learn Active Directory Management in a Month of Lunches is a practical, hands-on guide for those who are new to Active Directory. It covers the administration tasks that keep a network running smoothly and how to administer AD both from the GUI tools built into Windows and from PowerShell at the command line. Provides best practices for managing user access, setting group policies, automating backups, and more. All examples are based in Windows Server 2012.

CheatSheets

Sans Digital Forensics and Incident Response Cheat Sheets provide a collection of assorted, handy incident response cheat sheets. It's a helpful reference for commands, process, tactics, tips, tools and techniques that was compiled by Sans DFIR, the experts in incident-response training.

Blogs

Ned Pyle's blog from Microsoft's Directory Services Team contains a wealth of posts on best practices and solutions to common issues. While no longer actively maintained by Ned Pyle, the library of information already posted is incredibly valuable. Thanks to azers for bringing this to our attention.

Happy SysAdm has been providing resources, solutions and tips for system administrators since 2010. The blog is written by a Senior Systems Administrator with close to 15 years experience in designing, scripting, monitoring and performance-tuning Microsoft environments going all the way back to Windows 3.1/95/NT4.

Stephanos Constantinou's Blog shares the author's original scripts for PowerShell, Microsoft Active Directory, Microsoft Exchange On-Premise and Online (Office 365) and Microsoft Azure. His current focus is on retrieving data from systems, editing it and automating procedures. You'll also find a section with some PowerShell tutorials.

Have a fantastic week!!
u/crispyducks (Graham @ EveryCloud)

P.S. Some Extra Free Tools We Put In The Email Version

Clonezilla is free, open-source software for disk cloning, disk imaging, data recovery, and deployment—helping with system deployment, bare metal backup, and recovery. Cloning efficiency is optimized by the program's approach of saving/restoring only used blocks in the hard disk.

SPF Record Testing Tools is a query tool designed to help you deploy SPF records for your domain. It validates if an SPF record exists and whether it is formatted correctly and entered into your DNS as a proper TXT record.

PS Remote Registry module contains functions to create, modify, or delete registry subkeys and values on local or remote computers. This one was recommended to us by IhaveGin.

PowerCopy GUI was recommended by Elementix, who described it as "similar to RichCopy, but it uses .Net, PowerShell, and Robocopy. A good (non-install) alternative." The tool allows you to set up predefined options, one-click access to help and log file, and instant error analysis.

Gitbash is a package containing bash and a collection of other, separate *nix utilities like ssh, scp, cat, find and others—compiled for Windows—and a new command-line interface terminal window called mintty. Recommended by sysacc who tells us he's been "dealing with log files lately and I've been using...Gitbash a LOT... It's part of the Git tools, I love having access to Linux commands on Windows."

Easy2Boot is a collection of grub4dos scripts to be copied onto a grub4dos-bootable USB drive. Each time you boot, the E2B scripts automatically find all the payload files (.ISO, .IMA, .BIN, .IMG, etc.) on the USB drive and dynamically generate the menus. Thanks to Phx86 who says it "creates a very versatile USB drive. It checks a lot of marks other various tools did not. Formats NTFS, your ISO boot disks doubles as standard NTFS storage. Drag and drop .ISO files to the correct folder, then boot directly to them. Boot menu reads the .ISO files and builds a menu based on what is loaded on the drive. No fiddling around with custom boot menus when you add a new .ISO."

CCleaner is the fastest way to eliminate temporary files and Windows Registry problems. Our own Matt Frye says, "When a machine is having problems, this is almost always the tool I use first. It also helps to ensure privacy by getting rid of traces left behind (such as cookies) by web browsers."

Netwrix Auditor Free Community Edition is a great auditing/monitoring tool for the Windows sysadmin. It lets you see changes and access events in your hybrid cloud IT environment, so you can stop worrying you'll miss critical changes to AD objects, file server permissions, Windows Server configuration or other security incidents.

WinSCP is an SFTP client and FTP client for Windows with a GUI, integrated text editor, scripting and task automation. It allows you to copy files between a local computer and remote servers via FTP, FTPS, SCP, SFTP, WebDAV or S3 file transfer protocols.

Why am I doing this each week?
I want to be mindful of the rules of the subreddit, so if you’d like to know more about my reasons for doing this, please visit the bottom of the sister post on SysAdminBlogs:
https://www.reddit.com/SysAdminBlogs/comments/a560s6/tools_info_for_sysadmins_mega_summary_q4_over_80/
You can view last weeks post here: https://www.reddit.com/sysadmin/comments/a2zuhy/tools_info_for_sysadmins_linux_rescue_disk_telnet/

Edit 1: As some of you may know this post got caught in site wide filters today. It's since been released as you can see, but whilst that was all happening I set up a new subreddit /ITProTuesday. We'll post them in here each week to, so please subscribe if you want to make sure you don't miss out on them!

Edit 2: I'm greatly honoured by the gold!! Thank you anonymous user.
submitted by crispyducks to sysadmin [link] [comments]

Online Trading Strategy - YouTube Make 10 usd Every 50 Seconds Trading Binary Options 100% ... Euro US Dollar Currency Trading Using 60 Seconds Binary Options Trading Strategy Learn Index Trading Index Binary Options System Banker 11 Pro Review 2 Minutes Strategy Binary Options 2020 (IQ Options) - YouTube Binary Options EURO US Dollar 5 Point Decimal Trading Strategy

I use these indicators mostly for trading binary options. I find it helps with a cross of scalping and a little bit longer trades. meaning i place trades that last 5-15 min depending on how the market is moving at any given point in time. Using the US Dollar Index as a Binary Options Tool. Compare the chart above, which is the chart of crude oil vs USD, and that below which is the chart of the USD Index. Notice that as the USD Index is rising, the value of crude oil vs the US Dollar is decreasing. As long as the USD Index is rising, crude oil will keep dropping. With this information, these are the following trade types that ... This popular binary options tool offers a free demo account to help you get started. The minimum deposit is just $10 for the Real Account. And for the premium VIP account, the minimum deposit is $3,000. Customer support is currently offered via email, phone, and live chat. Finally, this broker offers multiple convenient deposit and withdrawal methods to help you trade easily. IQ Option Key ... This tool is the FREE version of the Honest Predictor indicator, a trend predictor with an expiry time implemented that is especially suitable for Binary Options. To facilitate the testing of the indicator before purchasing, I created this freely downloadable version that has exactly the same features as the payed version, but with one limitation: it can be attached only to one chart at a time ... CONTACT US; PREMIUM. LIFETIME ACCESS; SPECIAL OFFER. $64 PREMIUM MEMBERSHIP. JOIN CONTACT US . NEW ADDITIONS. FXCash indicator: High WinRate Buy/Sell Arrow Signal Non Repaint View More #3 Top Rated Profitable Mt4 EA’s Unlimited (15in1) Bundle View More #2 Top Rated Profitable Custom Mt4 Systems (15in1) Bundle View More #1 Top Rated Profitable Custom Mt4 Indicators (30in1) Bundle View More ... Vdub Binary Options SniperVX v1 Designed for Binary Options 60 sec trading upwards Notes on chart Please note the signal generated are configure to be super fast on candle opening. The down side to this is signals may switch direction mid stream. ITM candlesticks signals generated went 6/300 Losses on a 1 min chart. the blue line indicates reversal zones. Buy /... The us dollar index binary options tool. Written by on March 13, 2015. binary options trading classes us based, stock can you really make money trading options business, Binary options apple stock insider trading, stock options trading strategies for volatile markets newsletters, penny stock trading australian strategies platforms, eztrader pinocchio binary options trading strategy, trade ... Customizable interactive chart for U.S. Dollar Index with latest real-time price quote, charts, latest news, technical analysis and opinions. Trading binary options may not be suitable for everyone. Trading CFDs carries a high level of risk since leverage can work both to your advantage and disadvantage. As a result, the products offered on the website may not be suitable for all investors because of the risk of losing all of your invested capital. You should never invest money that you cannot afford to lose, and never trade with ... Apache/2.4.18 (Ubuntu) Server at campgladiator.com Port 443

[index] [8658] [8446] [25352] [19021] [15229] [16206] [19517] [2699] [22721] [8095]

Online Trading Strategy - YouTube

IQ Options -https://affiliate.iqoption.com/redir/...Please subscribe and leave a like for more videos.Online trading is a very risky investment/profession. It i... IMPORTANT UPDATE we have dropped latest stable and working strategy on 4th November 2018 check and watch below https://www.youtube.com/watch?v=DH1vM4Ygt2w&fe... binary options trading platform, binary option signals, trade binary options,best binary options broker trading platform binary options reviews trading systems best trading platform We show you here our 60 second binary option trading strategy, the 5 point decimal, 5 point trading system that made us over $20,000 with one of our favorite binary options trading broker ... http://www.4dreview.com/bobanker11proreview.php Trading indices can be very profitable index binary options Banker 11 Pro has posted stunning results , even ... IQ Option Withdraw proof $15736 dollar IQ Option dollar Withdraw proof IQ Option $15736 dollar Withdraw proof! $15736 USD earn in 15 working days options, binary options, binary options trading ...

http://binary-optiontrade.oballa.cf