Page 4,418«..1020..4,4174,4184,4194,420..4,4304,440..»

UK government can force encryption removal, but fears losing, experts say – The Guardian

March 29, 2017 | Author: admin

On Sunday Home Secretary Amber Rudd on Sunday called on organisations like WhatsApp to make sure that they dont provide a secret place for terrorists to communicate with each other. Photograph: Yui Mok/PA

The government already has the power to force technology firms to act as it wants over end-to-end encryption, but is avoiding using existing legislation as it would force it into a battle it would eventually lose, security experts have said.

The Investigatory Powers Act, made law in late 2016, allows the government to compel communications providers to remove electronic protection applied to any communications or data.

On Sunday the Home Secretary Amber Rudd called on organisations like WhatsApp, which is owned by Facebook, to make sure that they dont provide a secret place for terrorists to communicate with each other. Rudd hinted at new legislation if they did not cooperate, despite the existing legislation already allowing the government to force such cooperation.

Alec Muffett, who is a technical advisor and board member for the Open Rights Group, said that using the existing legislation would lead the government into an argument it will lose though they may buy some time forcing people to pay lip-service to it.

Eventually they will lose the battle because they will never (for instance) coerce the global open-source community to comply, Muffett said. Government time and money would be better spent elsewhere pursuing criminals through human means and by building upon metadata than in attempting to combat secure communication across the internet as an abstract entity.

Muffett, who previously worked at Facebook and was the lead engineer for adding end-to-end Encryption to Facebook Messenger, added that actually attempting to enforce the law as it stands would require a massively illiberal and misconceived business case to be thrust upon Facebook/WhatsApp in order to force it to undermine its own security technologies.

It would be an ugly battle, and (win or lose) it would be self-defeating, Muffett said. People would flee a less secure, less competitive Facebook and move to other platforms ones with less cordial government relationships, or with no corporate presence at all.

Antony Walker, the deputy CEO of techUK, added that the existing law already gives the UK a strong range of powers that enable the security services to do their job. He said: This legislation was put in place following an extensive and rigorous process of parliamentary scrutiny focused on ensuring the checks necessary to keep a democratic society secure.

End-to-end encryption is the best defence we have available to keep the data and services we all rely on safe from misuse. From storing data on the cloud to online banking to identity verification, end-to-end encryption is essential for preventing data being accessed illegally in ways that can harm consumers, business and our national security.

Tony Anscombe, senior security evangelist at information security firm Avast, said that any attempt to actually use the powers would be bound to introduce major security vulnerabilities. Banning encryption in order to get to the communications of a select few opens the door to the communications of many, and renders us all less secure and our lives less private, he said.

If you build a backdoor, its there for everybody to access. And if you store that data you collect, even in encrypted form, how secure is it? All these data breaches we hear about show our privacy is regularly being breached by hackers, so the action suggested by the home secretary would only open us all up to further invasions of privacy.

In the initial draft of the investigatory powers bill, the only limits to the governments power to force the removal of electronic protection is a requirement that it consults with an advisory board beforehand, and that any specific obligation must be reasonable and practicable. The technical capability notice can even be issued to people outside the UK, and require them to do, or not to do, things outside the UK.

After technology firms warned that the law could end electronic privacy in Britain, the government made a small concession, promising that no company would be compelled to remove encryption of their own services if it was not technically feasible. It did not, however, provide a definition of technological feasibility.

See more here:
UK government can force encryption removal, but fears losing, experts say - The Guardian

Read More..
Posted in Encryption | Leave a Comment

Justice Department anti-terror chief keeps pressing on encryption – Politico (blog)

March 29, 2017 | Author: admin

Acting Assistant Attorney General for National Security Mary McCord said Tuesday that metadata is of limited use in terror probes. | AP Photo

The head of the Justice Departments counterterrorism branch is keeping the pressure on for action to allow investigators to obtain access to encrypted communications.

Acting Assistant Attorney General for National Security Mary McCord said Tuesday that metadata is of limited use in terror probes and the problem the FBI refers to as going dark remains a real problem for law enforcement.

All the metadata in the world cannot replace content when it comes to the short lead time that we have between inception of an attack and committing an attack, McCord told a George Washington University conference on online extremism.

When its that fast, metadata is just not going to answer that.These are the times where encrypted communications and the inability of law enforcement to get into those communications.is so important to find a solution.

McCord praised social media platforms for removing content that seems to fuel radicalization and violates sites terms of service, but she also called on tech companies to explore automated solutions that can prevent such content from appearing even for a brief time on websites.

A daily briefing on politics and cybersecurity weekday mornings, in your inbox.

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

I encourage them to put even more effort into automation, machine learning to see if there arent ways to prevent certain contentthe most violent, the most inciteful to terrorism to keep that from ever posting, she said.

The veteran prosecutor said one challenge with takedown systems that require human intervention is that disturbing content can go viral in certain circles very quickly. Once that information spreads on the internet, taking down from one or two sites may be ineffective, she said.

A senior law enforcement official who spoke at the same conference Monday, FBI General Counsel James Baker, said the bureau isnt pushing specific legislation on encryption at the moment but is trying fuel continued public discussion about the costs of encryption.

The Obama administration punted on the contentious encryption issue during its final year in office. The Trump administration has yet to stake out a clear position on the question.

Josh Gerstein is a senior reporter for POLITICO.

Go here to read the rest:
Justice Department anti-terror chief keeps pressing on encryption - Politico (blog)

Read More..
Posted in Encryption | Leave a Comment

Questions for the FBI on Encryption Mandates – Freedom to Tinker

March 29, 2017 | Author: admin

I wrote on Monday about how to analyze a proposal to mandate access to encrypted data. FBI Director James Comey, at the University of Texas last week, talked about encryption policy and his hope that some kind of exceptional access for law enforcement will become available. (Heres a video.) Lets look at what Director Comey said about how a mandate might work.

Here is an extended quote from Director Comeys answer to an audience question (starting at 51:02 in the video, emphasis added):

The technical thing, look, I really do think we havent given this the shot it deserves. President Obama commissioned some work at the end of his Administration because hed heard a lot from people on device encryption, [that] its too hard. [No], its not too hard. Its not too hard. It requires a change in business model but it is, according to experts inside the U.S. government and a lot of people who will meet with us privately in the private sector, no one actually wants to be seen with us but we meet them out behind the 7/11, they tell us, look, its a business model decision.

Take the FBIs business model. We equip our agents with mobile devices that I think are great mobile devices and weve worked hard to make them secure. We have designed it so that we have the ability to access the content. And so I dont think we have a fatally flawed mobile system in the FBI, and I think nearly every enterprise that is represented here probably has the same. You retain the ability to access the content. So look, one of the worlds I could imagine, I dont know whether this makes sense, one of the worlds I could imagine is a requirement that if youre going to sell a device or market a device in the United States, you must be able to comply with judicial process. You figure out how to do it.

And maybe that doesnt make sense, absent an international component to it, but I just dont think we, and look, I get it, the makers of devices and the makers of fabulous apps that are riding on top of our devices, on top of our networks, really dont have an incentive to deal with, to internalize the public safety harm. And I get that. My job is to worry about public safety. Their job is to worry about innovating and selling more units, I totally get that. Somehow we have to bring together, and see if we cant optimize those two things. And really, given my role, I should not be the one to say, heres what the technology should look like, nor should they say, no I dont really care about that public safety aspect.

And what I dont want to have happen, and I know you agree with me no matter what you think about this, now I think youre going to agree with what Im about to say, is we cant have this conversation after something really bad happens. And look, I dont want to be a pessimist, but bad things are going to happen. And even I, the Director of the FBI, do not believe that we can have thoughtful conversations about optimizing things we care about in the wake of a serious, serious attack of any kind.

The bolded text is the closest Director Comeycame to describing how he imagines a mandate working.He doesnt suggest that its anything like a complete proposaland anyway that would be too much to ask from an off-the-cuff answer to an audience question. But lets look at what would be required to turn it into a proposal that can be analyzed. In other words, lets extrapolate from Director Comeys answerand try to figure out how he and his team might try to build out a specific proposal based onwhat he suggested.

The notional mandate would apply at least to retailers (if youre going to sell or market a device) who sell smartphones to the public in the United States. That would include Apple (for sales in Apple Stores), big box retailers like Best Buy, mobile phone carriers shops, online retailers like Amazon, and the smaller convenience stores and kiosks that sell cheap smartphones.

Retailers would be required comply with judicial process. At a minimum, that would presumably mean that if presented with a smartphone that they had sold, they could extract from it any data encrypted by the user. Whichdata, and under what circumstances? That would have to be specified, but its worth noting that there is a limited amount the retailer can do to control how auserencrypts data on the device. So unless we require retailers to prevent the installation of new software onto the device (and thereby put app stores, and most app sellers, out of business), there would need to be major carve-outs to limit the mandates reachto include only cases where the retailer had some control. For example, the mandate might apply only to data encrypted by the software present on the device at the time of sale. That could create an easy loophole for users who wanted to prevent extraction of their encrypted data (by installing encryption software post-sale), but at least it would avoid imposing an impossible requirement on the retailer. (Veterans of the 1990s crypto wars will remember how U.S. software products oftenshipped without strong crypto, to comply with export controls, but post-sale plug-ins adding crypto were widely available.)

Other classes of devices, such as laptops, tablets, smart devices, and server computers, would either have to be covered, with careful consideration of how they are sold and configured, or they would be excluded, limiting the coverage of the rule. There would need to be rules about devices brought into the United States by their user-owners, or if those devices were not covered, then some law enforcement value would be lost. And the treatment of used devices would have to be specified, including both devices made before the mandate took effect (which would probably need to be exempted, creating another loophole) and post-mandate devices re-sold by a user of merchant: would the original seller or the re-seller be responsible, and what if the reseller is an individual?

Notice that we had to make all of these decisions, and face the attendant unpleasant tradeoffs, before we even reached the question of how to design the technical mechanism to implement key escrow, and how that would affect the security and privacy interests of law-abiding users. The crypto policy discussion often gets hung up on this one issuethe security implications of key escrowbut it is far from the only challenge that needs to be addressed, and the security implications of a key escrow mechanism are far from the only potential drawbacks to be considered.

Director Comey didnt go to Austin to present an encryption mandate proposal. But if he or others do decideto push seriouslyfor a mandate, they ought to be ableto lay outthe details of how they would do it.

Here is the original post:
Questions for the FBI on Encryption Mandates - Freedom to Tinker

Read More..
Posted in Encryption | Leave a Comment

How to Analyze An Encryption Access Proposal – Freedom to Tinker

March 29, 2017 | Author: admin

It looks like the idea of requiring law enforcement access to encrypted data is back in the news, with the UK government apparently pushing for access in the wake of the recent London attack. With that in mind, lets talk about how one can go about analyzing a proposed access mandate.

The first thing to recognize is that although law enforcement is often clear about what result they wantgetting access to encrypted datathey are often far from clear about how they propose to get that result. There is no magic wand that can give encrypted data to law enforcement and nobody else, while leaving everything else about the world unchanged. If a mandate wereto be imposed, this would happen viaregulation of companies products or behavior.

The operation of a mandate would necessarily be a three stage process: the government imposes specificmandate language,which induceschanges in product design and behavior by companies and users, thereby leading toconsequencesthat affect the public good.

Expanding this a bit, we can lay out some questions that a mandate proposal should be prepared to answer:

These questions are important because they expose the kinds of tradeoffs that would have to be made in imposing a mandate. As an example, covering a broad range of devices might allow recovery of more encrypted data (with a warrant), but it might be difficult to write requirements that make sense across a broad spectrum of different device types. As another example,all of the company types that you might regulate come with challenges: some are mostly located outside your national borders, others lack technical sophistication, otherstouchonly a subset of the devices of interest, and so on. Difficult choices aboundand if you havent thought about how you would make those choices, then you arent in a position to assert that the benefits of a mandate areworth the downsides.

To date, the FBI has not put forward any specific approach. Nor has the UK government, to my knowledge. All they have offered in their public statements are vague assertions that a good approach must exist.

If our law enforcement agencies want to have a grown-up conversation about encryption mandates, they can start by offering a specific proposal, at least for purposes of discussion. Then the serious policy discussion can begin.

Go here to see the original:
How to Analyze An Encryption Access Proposal - Freedom to Tinker

Read More..
Posted in Encryption | Leave a Comment

Apple iOS 10.3 will introduce encryption which makes it MORE difficult for cops and spooks to crack into ISIS nuts … – The Sun

March 29, 2017 | Author: admin

Tech giant risks angering security services by toughening up the system which protects information stored on its smartphones

APPLE has launched new software which could make it even more difficult for spies or cops to access data stored on terrorists iPhones.

The tech giant has just announced the release of iOS 10.3, the latest operating system for iPad and iPhone.

Getty Images

It comes fitted with a new file system which will protect the information stored on smartphones using a super tough form of encryptioncalledApple File System (APFS).

This is excellent news for anyone worried about hackers accessing their bank details or other private and potentially compromising information.

But its bad news for investigators who want to get access to the messages stored on suspects gadgets.

Apple famously refused to unlock an iPhone used by the San Bernardino terrorists,who killed 14 people at a Christmas party on December 2 2015.

Encryption is a controversial issue right now, because policeare furious that software like WhatsApp lets terrorists communicate in total secrecy using strong encryption.

The problem lies in the fact that companies like Apple or Facebook, owners of WhatsApp, do not hold master keys which let them crack encryption.

Cops want to get a "backdoor" into suspects' devices and the apps they use to communicate.

However, this could prove disastrous because hackers would potentially be able to exploit the vulnerability.

Apple's new operating system will also introduce new and faster animations designed to make the phone feel snappier to use.

The new file system should also give a speed boost to the phone, as it will allow data to be accessed more quickly.

If you have an iPhone, Apple will automatically ask you to download the software.

You can visit the Apple homepage for more information.

We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368

Go here to see the original:
Apple iOS 10.3 will introduce encryption which makes it MORE difficult for cops and spooks to crack into ISIS nuts ... - The Sun

Read More..
Posted in Encryption | Leave a Comment

Crowdfunding: affordable bee surveillance for hive health – Scoop.co.nz (press release)

March 29, 2017 | Author: admin

Press Release Hivemind Ltd

New Zealands smart hive innovation company, Hivemind, is launching a crowdfunding campaign on Indiegogo to help beekeepers check their hives remotely, and take proactive action to keep their bees safe and happy.Press release: Hivemind, Christchurch, New Zealand, 29 March 2017

Hivemind crowdfunds affordable bee surveillance for hive health

Smart hive minder helps beekeepers #savebees and maintain #healthyhives

Hive Strength Monitor with WiFi alerts beekeepers of early signs of trouble

Tracks and reports changes in bee activity, hive temperature and humidity

Enables proactive just-in-time beehive protection

Helps reduce bee and honey loss from pests, disease, hunger, and swarming

New Zealands smart hive innovation company, Hivemind, is launching a crowdfunding campaign on Indiegogo to help beekeepers check their hives remotely, and take proactive action to keep their bees safe and happy.

The Hive Strength Monitor with WiFi campaign aims to develop and commercialise an affordable and accessible WiFi version of Hiveminds flagship satellite-based Hive Strength Monitor for all beekeepers.

It is targeted at responsible beekeepers, commercial pollinators, and honey lovers alike around the world who are committed to keeping all bee colonies happy and strong.

Remote bee monitoring saves bees

The benefit of the new Hive Strength Monitor with WiFi and Smartphone App is the ability for beekeepers to see from their mobile device that their bees are happy and busy doing what they should be doing pollination and honey.

The system comes with sensors and remote monitoring software that measures bee activity and hive conditions, and alerts beekeepers of changes in, humidity, temperature, and bee numbers.

With the hives connected to their own WiFi network, beekeepers can open their Hivemind app to quickly assess the condition and wellbeing of their hives. Large-scale deployments can also install a WiFi hotspot to provide intensive hive monitoring at minimal monthly fees.

Our Hive Strength Monitor can also help beekeepers pick up any early signs of trouble and to act quickly to prevent or minimise both loss of their bees and potential spread of disease, says Hivemind Director, Berwyn Hoyt.

Any sudden changes in activity or temperature could mean the bees are swarming, or dying off due to disease or hunger, or that the honey from the hives is being robbed by wasps. Hivemind data alerts can allow beekeepers to proactively assess the situation and mitigate any risk to their hives quickly.

After two years in development, the launch of Hiveminds maiden satellite model designed for commercial bee pollinators and manuka honey producers, was partly funded by the New Zealand Governments Callaghan Innovation Today, there are close to 300 commercial Hivemind installations across New Zealand, Australia and the US, with customers reporting increases in their honey yields by as much as 18%.

Mike Everly at Forest & Bees Native Honey was one of Hiveminds early adopters. He explains, Our manuka honey hives are placed in very remote sites in New Zealand, many accessible only by helicopter. Knowing what is happening through the season is critical to decisions about if and when we may need to add boxes, and when we need to harvest. Using this data, we selectively check on areas and make much better management decisions. I could not be happier with the data and information the Hivemind system provides.

Keeping bees happy

The importance of the role bees play in the survival of our planet cant be understated. Pest invasions, diseases, fungi, pesticides, overcrowding, and diminishing food sources are contributing to poor hive health, swarming, and colony collapse.

Keeping bees happy has become a primary environmental concern where technology can play a significant role, says Hoyt. With better understanding of bee behaviour and hive conditions, beekeepers and commercial pollinators can potentially prevent swarms, dying colonies, and the spread of disease by mitigating risks early.

We hope that with enough support, our WiFi enabled Hive Strength Monitor and smartphone app can help beekeepers worldwide to better understand and optimise the condition, health and yield of their managed honey bee colonies, says Hoyt. The United States market in particular has a large pollination industry, which has recently been troubled by disease and Colony Collapse Disorder.

Hiveminds crowd funding campaign is now live on Indiegogo: http://hivemind.co.nz/hive-monitor

Thank you for your support!

About Hivemind

Hivemind is an apiculture innovation company established in Christchurch New Zealand in 2012 by brothers Berwyn, Ben and Bryan Hoyt. The Hivemind Scales and Hive Strength Monitor are the companys flagship products launched in 2014. Since then, close to 300 Hivemind Hive Strength monitor systems have sold to commercial beekeepers and pollinators across New Zealand, Australia, and more recently, the United States. Hiveminds smart hive technology achieved finalist recognition for innovation in the both the 2016 NZ Hi Tech Awards and the 2016 NZ Innovation Awards. Visit http://www.hivemind.co.nz

Ends

Notes:

How will the Hivemind Hive Strength Monitor for WiFi work?

The new Hivemind Hive Strength Monitor for WiFi will enable beekeepers to remotely monitor their hives and record the data for review online at hivemind.co.nz.

Sensors and technology developed by Hivemind attach to the front of a hive to collect data on:

Bee numbers entering and leaving the hive to track whether and by how much bee numbers increase in spring, what time of day the bees start and stop flying, and how activity compares to other nearby hives connected to the system

Brood temperature to determine whether the queen is laying, if the brood is healthy, or alerts the beekeeper if the hive gets too cold and needs insulating

External ambient temperature which can be compared with the internal temperature to explain bee activity

Hive humidity to determine whether the bees are getting enough water and can provide an early cue about hive diseases

The data is then transmitted automatically from the hive via the users own WiFi to Hiveminds smartphone app. Users can then log in to their hive data from their mobile device and quickly check the condition of their hives and bee activity without disturbing the bees by unnecessarily opening and moving hives. The app will also enable them to link and share photos, notes and other reminders to the charts, and show the effects of their beekeeping management.

Content Sourced from scoop.co.nz Original url

View original post here:
Crowdfunding: affordable bee surveillance for hive health - Scoop.co.nz (press release)

Read More..
Posted in Crowd Funding | Leave a Comment

Bitcoin Unlimited Miners May Be Preparing a 51% Attack on Bitcoin … – Bitcoin Magazine

March 29, 2017 | Author: admin

Although it is hard to say how big the chance actually is, Bitcoin Unlimited miners may soon start mining bigger blocks. If they do, they will diverge from the current Bitcoin protocol to split off to a new blockchain. This could also result in two separate currencies, by many exchanges referred to as BTC and BTU.

However, it increasingly seems that not everyone in favor of a Bitcoin Unlimited hard fork wants to settle for a coin-split. Instead, several prominent Bitcoin Unlimited proponents have indicated that it may be better to ensure only their chain survives. This is probably also the only chance it has to be widely considered the real Bitcoin rather than a spinoff altcoin.

To ensure that only one chain survives, they have suggested that the (original) Bitcoin blockchain can be made unusable. That way it would die off and only the Bitcoin Unlimited chain would remain.

Specifically, if miners favorable toward Bitcoin Unlimited are able to overpower the remaining Bitcoin miners with a majority of hashrate, its been suggested they could launch a 51% attack.

Here is a brief overview.

Former Bitcoin Lead Developer Gavin Andresen

Gavin Andresen is the former lead developer of Bitcoin Core (then called Bitcoin-QT or simply Bitcoin). He has since contributed to Bitcoin XT and Bitcoin Classic. He now endorses Bitcoin Unlimited though he does not contribute to the project nor is he a member.

Although Andresen has in the past argued that a minority chain would be unlikely to sustain itself, he now acknowledges such a chain could, in fact, survive. As such, he noted on Twitter last February that preventing a minority-hashrate fork from confirming any transactions is a good idea.

More recently, on Reddit, Andresen elaborated on what the most effective way to attack the original Bitcoin chain would be. The former lead developer wrote:

It would be even more destructive to mine an 11-block-long empty chain, then wait until the slow chain gets 9 blocks until announcing it to the network. Or keep them guessing; choose a chain length at random, from 1 to some secret N, and orphan that many blocks at a time. Allow a couple normal blocks, then do it again.

It would be impossible for exchanges to know how many confirmations were safe for deposits and would be a nightmare for their withdrawal accounting.

Additionally, he said he wasnt sure whether such an attack would be immoral or not.

Im not even sure this kind of thing should be considered immoral majority hashpower acting selfishly for their own economic benefit (both short and long term) is the basic incentive structure that makes Bitcoin work.

And last weekend, Andresen on Twitter further distanced himself from a moral endorsement of such an attack. Instead, echoing comments he made on Reddit, Andresen claimed to have merely been exercising adversarial thinking.

Though he did add that an attack is very likely to happen.

BTC.TOP Pool Operator Jiang Zhuoer

BTC.TOP is a relatively new Chinese mining pool. Launched in late 2016, the pool currently controls some 5 percent of hash power on the Bitcoin network.

BTC.TOP is operated by Jiang Zhuoer, a former employee at China Mobile in Shanghai. Much like several other small mining pools that have appeared over the past six months, BTC.TOP has been signaling support for Bitcoin Unlimited.

In an interview with Cryptocoins News in March, Zhuoer was the first who explicitly said a 51% attack against the original Bitcoin blockchain, if it were to survive after Bitcoin Unlimited miners split off, is on the table.

We have prepared $100 million USD to kill the small fork of CoreCoin, no matter what [proof-of-work] algorithm, sha256 or scrypt or X11 or any other GPU algorithm, he said, of course referring to the continuation of the current Bitcoin protocol as CoreCoin.

The different hash algorithms mentioned by Zhuoer refer to a potential proof-of-work algorithm change Bitcoin users could deploy if the chain is attacked; a nuclear defense some Bitcoin Core developers have suggested may be proposed in such a scenario. (Whether this should still be considered Bitcoin or yet another spinoff altcoin is subject to different debate.)

Show me your money, Zhuoer added. We very much welcome a CoreCoin change to [proof of stake].

(If no proof-of-work algorithm succeeds in deterring the attack, a proof-of-stake consensus algorithm where coin holders rather than miners vote on the longest chain may be an alternative solution. But since this is unproven and perhaps insecure, this seems highly unlikely.)

Bitcoin Unlimited Chief Scientist Peter Rizun

Peter Rizun (better known as Peter R) refers to himself as the chief scientist of Bitcoin Unlimited, and has been one of the driving forces as the projects secretary.

Last week, Rizun, along with bitcoin.com business developer Jake Smith, visited the offices of Coinbase and BitPay to promote Bitcoin Unlimited. Coming back from these visits, Rizun published a blog post on Medium. The message Rizun said he had gotten from these companies is that a hard fork to larger blocks should be decisive and absolute.

Rizun described three levels of anti-split protection that could accomplish this. The first is an explanation of how mining would probably be unprofitable on the original Bitcoin chain decreasing the odds of the chain surviving in the first place.

The second level, however, is a type of 51% attack on a minority of miners. Once a majority of hash power signals support for Bitcoin Unlimited, Rizun wrote, the majority could reject (orphan) any blocks that do not signal this support.

Miners will orphan the blocks of non-compliant miners prior to the first larger block to serve as a reminder to upgrade. Simply due to the possibility of having blocks orphaned, all miners would be motivated to begin signaling for larger blocks once support definitively passes 51%. If some miners hold out (e.g., they may not be paying attention regarding the upgrade), then they will begin to pay attention after losing approximately $15,000 of revenue due to an orphaned block.

(It should be noted that this attack can be trivially subverted. Especially now that the attack is known, miners can, and probably will, signal fake support. Indeed, at least one small pool has literally signaled support with a poop emoticon.)

If the original Bitcoin blockchain survives even after these two levels, Rizun explained that a subset of miners in favor of Bitcoin Unlimited could disrupt this chain by exclusively producing empty blocks on the original chain. This would prevent any and all transactions from confirming as long as the attack is ongoing.

To address the risk of coins being spent on this chain (replay risk), majority miners will deploy hash power as needed to ensure the minority chain includes only empty blocks after the forking point.

And in line with the strategy described by Gavin Andresen:

This can easily be accomplished if the majority miners maintain a secret chain of empty blocks built off their last empty block publishing only as much of this chain as necessary to orphan any non-empty blocks produced on the minority chain.

(This attack can be waited out until the attackers funds run out, and perhaps dismantled altogether. Discussion on potential strategies is ongoing on the Bitcoin-development mailing list. And of course, there is the potential of a proof-of-work algorithm change.)

While noting that he doesnt necessarily endorse the strategy, Rizun predicted that a coin-split would be avoided in this way: a safe upgrade procedure, he later noted on Reddit.

Rizun also submitted his ideas to the Bitcoin-development mailing list. (Where it was, unsurprisingly, forcefully dismissed.)

Bitmain Co-CEO Jihan Wu

Jihan Wu is the co-CEO of Chinese ASIC-hardware producer Bitmain. AntPool is Bitmains mining pool, and BTC.com, another mining pool, is a subsidiary of Bitmain.

Wu is a vocal proponent of Bitcoin Unlimited as well, and announced to Bloomberg that he would switch the hash power in his pool to Bitcoin Unlimited in anticipation of a hard fork which he has since indeed done. (Though, notably, BTC.com has not.)

And in an interview with Forbes, Wu said he wouldnt rule out attacking the Bitcoin blockchain, or, undermining Core as it is described in the article.

It may not be necessary to attack it, he said. But to attack it is always an option.

Thanks to Libbitcoin lead developer Eric Voskuil for feedback.

Original post:
Bitcoin Unlimited Miners May Be Preparing a 51% Attack on Bitcoin ... - Bitcoin Magazine

Read More..
Posted in Bitcoin | Leave a Comment

Bitcoin Scam Site Warning MiningPeak – The Merkle

March 29, 2017 | Author: admin

Whenever a new bitcoin cloud mining site launches, there is plenty of reason to scrutinize the platform. There have been numerous bitcoin cloud mining scams, all of which successfully defrauded investors. It is doubtful MiningPeak is a legitimate company, as there are a lot of questions that remain unanswered. Right now, the company does not warrant an investment.

Glancing over the MiningPeak website, it is evident this company has little to no honest intention. Although the platform design is not bad by any means, there is a huge lack of information. Moreover, the company only launched on March 27th, yet they somehow claim to have over 690 investors already. Rest assured that number is fake and only serves to make people believe the company is legitimate.

The one thing investors hope to see from a bitcoin cloud mining company is whether or not they have the hardware to back up the claims. So far, that does not appear to be the case, as there is absolutely no evidence of MiningPeak even owning a single bitcoin miner. No one should be surprised by this, though, as hardly any bitcoin cloud mining company has the equipment required to run a successful business.

What makes MiningPeak even more suspicious is how their investment plans guarantee fixed returns on a daily basis. It is impossible to offer the same amount of money while active in the bitcoin mining world. A total of three investment plans is offered, which return between 3.6% and 4.56% on a daily basis. It is always baffling how investing more money into these scams will automatically grant higher daily returns.

MiningPeak would not be a proper bitcoin Ponzi scheme without offering a lucrative affiliate program. Investors will earn 5% commission for every new investor, they bring to this platform. However, for those referrals who become an official partner, the affiliate will earn 10% commission. Keep in mind these profits can only be earned once the affiliate is an active investor of the platform. This is just another ploy by a fraudulent company to attract as much funds as possible before disappearing.

One thing that will not surprise anyone is how MiningPeak is apparently registered as a company in the United Kingdom. Once again, this recurring scheme of getting a UK company number at a cheap cost makes these companies appear more legitimate. Do not be fooled by this tactic, as the company number means nothing for the validity of this business. Moreover, the address listed on the site will not house any mining equipment, that much is a foregone conclusion.

As one would expect, the MiningPeak team lists no personal information on the website. Any company in the bitcoin mining world needs to be transparent about who is working for them, yet this scam prefers not to do so. The WHOIS information reveals no additional details either, as everything is WHOISGuard protected. We do know the domain name will expire in February of 2018, albeit it is doubtful MiningPeak will still be around by that time.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Read the rest here:
Bitcoin Scam Site Warning MiningPeak - The Merkle

Read More..
Posted in Bitcoin | Leave a Comment

Is Ethereum The New Bitcoin? | The Huffington Post – Huffington Post

March 29, 2017 | Author: admin

Why is Ethereum sudden rise?

During the last month, Ether, or the digital asset that fuels the whole Ethereum blockchain, has grown more than 300%, reaching its all time high of about $60 a few days ago.

At present time, Ether has a value of $50.59 with a market capitalization of $4,469,204,016, the second most important cap right after Bitcoin ($16,278,519,837).

But why this sudden rise? Why the younger brother of bitcoin rose so much during the last few days?

As often happens in the financial markets, the answer is not only one, but a combination of many factors that more or less affect the trading.

Lets see the most crucial facts.

In period of political and economic uncertainty, people often decide to invest in non traditional assets.

For example, when Donald Trump was elected president, investors started to buy bitcoins and the stronger demand drove the digital currency price.

The same thing happens when bitcoin faces a period of crisis, so that altcoins (or how all the other digital currencies besides bitcoin are defined) start to become the new alternative.

In fact, during those days Bitcoin is facing a great issue: the block size debate.

Just for those who dont know, the block size debate is an open discussion about the possibility to increase the size of the blocks which the bitcoin blockchain is composed by, in order to have faster transactions and maybe lower fees.

In order to solve this issue, the bitcoin community and developers are deciding how to proceed and how to implement a soft or hard fork.

In the latest case, this would lead to a disruptive event that would also open the door for a new digital currency to steal part of the Bitcoin-related interest.

Of course, this issue is causing a growing insecurity among investors that are opting for safer and more stable (right now, at least) digital assets such as Ethereum.

As you can see, in fact, bitcoin price is falling down and the Ethereum one is rising. This cannot be considered only a coincidence.

Another important news that drove the Ethereum price is the one occurred on March 10th, when the U.S. Securities and Exchange Commission (SEC) rejected a rule change that would have allowed the creation of the first Bitcoin ETF to begin trading on the Bats BZX Exchange.

The initial hope about the approval of Winklevoss proposed ETF pushed bitcoin as high as $1,327, hitting its all-time high. But the denial caused a collapse - momentary, at least - of the bitcoin price with a drop of $300, so investors began to favor Ethereum.

We have to say, in fact that the greatest part of Ether trading volume comes always from Bitcoin/Ether trades.

Ethereum Enterprise Alliance

Another main factor that is influencing the Ether rally is that its underlying technology - the Ethereum blockchain - is reaching much interest among big companies.

In fact, a new working group called the Enterprise Ethereum Alliance was recently created in order to connect large enterprises to technology vendors with the main goal of working on new projects with the use of the distributed ledger.

Major companies that are involved in the Enterprise launch include JPMorgan, IBM, Microsoft and Intel among the others.

Of course, this move added more legitimacy to the ether digital asset.

Also, we need to tell that this new Enterprise Ethereum Alliance requires ether to be transferred and stored in order to get full access to the applications that use Ethereum.

In fact, we should remember that any application or contract need an ether transaction to be correctly executed and stored in the Ethereum blockchain.

Clarified briefly how the so-called dapps can work on the Ethereum blockchain and having this in mind, we also need to say that recently there are more and more projects, tokens and ICOs launched on the network.

The Ethereum digital assets, in fact, recently hitted a market capitalization of about $260 million ($262,877,525 USD according to March 24th data) with projects like Golem, DAO and Augur and more coming soon.

For example, Brave Browser is going to launch a new ICO later this year for its project of a new web and mobile browser that reward users that decide to switch on ads.

Also, Storj decided to move its tokens from Counterparty to Ethereum because of its active development, speed in executing transactions and negligible fees.

This means that more projects are exploiting the Ethereum blockchain with the immediate consequence of an increasing of the ether price and amount of transactions executed within the ledger.

Start your workday the right way with the news that matters most.

Go here to read the rest:
Is Ethereum The New Bitcoin? | The Huffington Post - Huffington Post

Read More..
Posted in Bitcoin | Leave a Comment

Oracle cloud storage embraces ZFS Storage Appliance – TechTarget

March 29, 2017 | Author: admin

Oracle rolled out a new "cloud converged storage" option to enable customers to extend their on-premises storage into the company's public cloud without an external cloud gateway.

Every cloud storage option has its pros and cons. Depending on your specific needs, the size of your environment, and your budget, its essential to weigh all cloud and on-prem options. Download this comprehensive guide in which experts analyze and evaluate each cloud storage option available today so you can decide which cloud model public, private, or hybrid is right for you.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Oracle's ZFS Operating System 8.7 launched today allows users to transfer file- and block-based data between the high-performance ZFS Storage Appliance and the object-based Oracle Storage Cloud. Data going into the appliance can also be object-based.

Steve Zivanic, vice president of storage infrastructure at Oracle, said the Oracle cloud storage "looks, feels and acts" just like another disk to the ZFS Storage appliance. He compared the level of integration to Apple's iPhone and iCloud storage.

Zivanic said Oracle's new cloud converged storage option would enable customers to eliminate the need to buy a cloud gateway as well as the "cloud entrance tax" charged by some backup software and on-premises infrastructure vendors. He said customers asked Oracle for a way to avoid paying for "cloud access licenses" to move data out of their on-premise storage hardware.

"We were thinking they meant cloud service subscriptions. But, no, they were very clear," Zivanic said. "What they meant is they are actually paying hardware vendors just for the right to subscribe to public cloud storage. That's analogous to paying AOL for the right to access the Internet circa 2000. There's no value add, and customers eventually look for more direct routes to avoid this middle layer."

He said the Oracle ZFS Appliance supports OpenStack Swift APIs and is designed to transfer file- and block-based data only to Oracle cloud storage. Zivanic said a customer would need to buy a third-party gateway to use an outside public cloud such as Amazon or Google, but Oracle would not charge a "cloud access license" fee.

"We are not integrating the ZFS Storage Appliance with anything but the [Oracle] Storage Cloud with this particular announcement," Zivanic said. "If somebody wants to use a ZFS [appliance] with any other cloud, they can definitely use that. There's absolutely no lock-in. Everything we have is based on industry standards."

Zivanic said the Oracle ZFS Storage Appliance does not support the Amazon S3 API, but the Oracle Storage Cloud does support the popular S3 API.

Marc Staimer, founder of Dragon Slayer Consulting, said upcoming products aim to help enterprises move data from one cloud to another, but it would still be difficult to shift data between public clouds.

"When you put data in any of these clouds, it's like the Hotel California from The Eagles. You can check in but you're not going to check out very easily, because of the enormous amount of time and high cost to move it out," Staimer said. "And more importantly, you're not going to get the free data migration services to move it in. How are you going to move petabytes of data over the wire in any short period of time? Cloud storage is incredibly sticky."

Use cases that Oracle cited for its cloud converged storage include backup and recovery, archives, development and testing, snapshot replicas and elastic application storage. Oracle said the new option is also well suited to DevOps environments by enabling the use of a single API for both on-premises and Oracle cloud storage.

Dave Vellante, chief researcher at Wikibon, said Oracle's approach of using the same infrastructure in the cloud as on premises is a "smart move" and unusual in the IT business. He said Microsoft (with its Azure Stack) and, to a lesser extent, IBM come closest at this point, and major clouds such Amazon Web Services (AWS) have no on-premises strategy.

"Everyone talks about hybrid cloud, but no one really has integrated hybrid cloud," Vellante said. "What they have is some level of orchestration and management, but often it's clumsy, not well documented and definitely not seamless. If Oracle delivers, this is a strong example. They're not 100% there in terms of execution, but their strategy and where they're spending money is moving toward that direction."

Zivanic said the ZFS Storage Appliance runs 70% to 90% of all I/O through DRAM cache on the front end and offers disk, flash and cloud options for persistent storage. An all-flash storage pool is a new option enabled with the latest operating system release.

The ZFS cloud software that is part of the new 8.7 operating system release is available at no additional cost to customers.

Staimer said he compared the cost of Oracle cloud storage to options from other major vendors and found the Oracle's offerings to be equivalent or less, depending on the service and any cloud access storage "taxes" such as cloud gateways or third-party software that might need to be taken into account.

The rollout is part of Oracle's pledge to go cloud-first with its technology, which was a key strategy with its Oracle Database 12c Release 2 in Sept. 2016.

"I'm not totally surprised that Oracle has rolled this out, but I am surprised that they get to be the leader in the market here," Mike Matchett, a senior analyst and consultant at Taneja Group, wrote in an email. "Why doesn't Dell EMC have this straightforward offering with their enterprise storage and cloud solutions? Despite having all the parts at hand for years, they failed to integrate together the obvious and long-desired converged solution."

He said some legacy vendors don't even offer cloud services. "Maybe they were hoping this cloud thing would just blow over," Matchett wrote.

Matchett said most Oracle storage makes its way into enterprise through the database, but he thinks users outside the database realm might want to look at Oracle storage because of its cost, scalability and performance and the new converged cloud offering.

Oracle also added deeper integration between ZFS Storage Appliance and the Oracle Database through the Oracle Intelligent Storage Protocol 2.0. The database passes along "hints" on every I/O to enable the ZFS Storage Appliance to prioritize I/Os and auto-tune the system, according to Nancy Hart, director of product management for the Oracle ZFS Storage Appliance.

One key capability for customers using ZFS Storage Appliance with Oracle cloud storage is data reduction. The system stores the hash table for deduplicated/compressed data in the metadata that is wrapped up with the object in Oracle cloud storage, according to Hart. So, if a user deduped data at one data center and stored it in the cloud, and a colleague wanted to restore the data to a ZFS Storage Appliance in another city, the colleague could rehydrate the data because the hash table comes with it, she said.

Oracle makes cloud licensing changes

Oracle on-premises vs. cloud licensing

Cloud has impact on Oracle licensing

See original here:
Oracle cloud storage embraces ZFS Storage Appliance - TechTarget

Read More..
Posted in Cloud Storage | Leave a Comment