New England submitted by
New England 6 States Songs: https://www.reddit.com/newengland/comments/er8wxd/new_england_6_states_songs/ NewEnglandcoin
NewEnglandcoin is a clone of Bitcoin using scrypt as a proof-of-work algorithm with enhanced features to protect against 51% attack and decentralize on mining to allow diversified mining rigs across CPUs, GPUs, ASICs and Android phones.
Mining Algorithm: Scrypt with RandomSpike. RandomSpike is 3rd generation of Dynamic Difficulty (DynDiff) algorithm on top of scrypt.
1 minute block targets base difficulty reset: every 1440 blocks subsidy halves in 2.1m blocks (~ 2 to 4 years) 84,000,000,000 total maximum NENG 20000 NENG per block Pre-mine: 1% - reserved for dev fund ICO: None RPCPort: 6376 Port: 6377
NewEnglandcoin has dogecoin like supply at 84 billion maximum NENG. This huge supply insures that NENG is suitable for retail transactions and daily use. The inflation schedule of NengEnglandcoin is actually identical to that of Litecoin. Bitcoin and Litecoin are already proven to be great long term store of value. The Litecoin-like NENG inflation schedule will make NewEnglandcoin ideal for long term investment appreciation as the supply is limited and capped at a fixed number Bitcoin Fork - Suitable for Home Hobbyists
NewEnglandcoin core wallet continues to maintain version tag of "Satoshi v0.8.7.5" because NewEnglandcoin is very much an exact clone of bitcoin plus some mining feature changes with DynDiff algorithm. NewEnglandcoin is very suitable as lite version of bitcoin for educational purpose on desktop mining, full node running and bitcoin programming using bitcoin-json APIs.
The NewEnglandcoin (NENG) mining algorithm original upgrade ideas were mainly designed for decentralization of mining rigs on scrypt, which is same algo as litecoin/dogecoin. The way it is going now is that NENG is very suitable for bitcoin/litecoin/dogecoin hobbyists who can not , will not spend huge money to run noisy ASIC/GPU mining equipments, but still want to mine NENG at home with quiet simple CPU/GPU or with a cheap ASIC like FutureBit Moonlander 2 USB or Apollo pod on solo mining setup to obtain very decent profitable results. NENG allows bitcoin litecoin hobbyists to experience full node running, solo mining, CPU/GPU/ASIC for a fun experience at home at cheap cost without breaking bank on equipment or electricity. MIT Free Course - 23 lectures about Bitcoin, Blockchain and Finance (Fall,2018) https://www.youtube.com/playlist?list=PLUl4u3cNGP63UUkfL0onkxF6MYgVa04Fn CPU Minable Coin
Because of dynamic difficulty algorithm on top of scrypt, NewEnglandcoin is CPU Minable. Users can easily set up full node for mining at Home PC or Mac using our dedicated cheetah software.
Research on the first forked 50 blocks on v1.2.0 core confirmed that ASIC/GPU miners mined 66% of 50 blocks, CPU miners mined the remaining 34%.
NENG v1.4.0 release enabled CPU mining inside android phones. Youtube Video Tutorial
How to CPU Mine NewEnglandcoin (NENG) in Windows 10 Part 1 https://www.youtube.com/watch?v=sdOoPvAjzlE
How to CPU Mine NewEnglandcoin (NENG) in Windows 10 Part 2 https://www.youtube.com/watch?v=nHnRJvJRzZg
How to CPU Mine NewEnglandcoin (NENG) in macOS https://www.youtube.com/watch?v=Zj7NLMeNSOQ Decentralization and Community Driven
NewEnglandcoin is a decentralized coin just like bitcoin. There is no boss on NewEnglandcoin. Nobody nor the dev owns NENG.
We know a coin is worth nothing if there is no backing from community. Therefore, we as dev do not intend to make decision on this coin solely by ourselves. It is our expectation that NewEnglandcoin community will make majority of decisions on direction of this coin from now on. We as dev merely view our-self as coin creater and technical support of this coin while providing NENG a permanent home at ShorelineCrypto Exchange. Twitter Airdrop
Follow NENG twitter and receive 100,000 NENG on Twitter Airdrop to up to 1000 winners Graphic Redesign Bounty
Top one award: 90.9 million NENG Top 10 Winners: 500,000 NENG / person Event Timing: March 25, 2019 - Present Event Address: NewEnglandcoin DISCORD at: https://discord.gg/UPeBwgs
Please complete above Twitter Bounty requirement first. Then follow Below Steps to qualify for the Bounty: (1) Required: submit your own designed NENG logo picture in gif, png jpg or any other common graphic file format into DISCORD "bounty-submission" board (2) Optional: submit a second graphic for logo or any other marketing purposes into "bounty-submission" board. (3) Complete below form.
Please limit your submission to no more than two total. Delete any wrongly submitted or undesired graphics in the board. Contact DISCORD u/honglu69
#5911 or u/krypton
#6139 if you have any issues.
Twitter Airdrop/Graphic Redesign bounty sign up: https://goo.gl/forms/L0vcwmVi8c76cR7m1 Milestones
- Sep 3, 2018 - Genesis block was mined, NewEnglandcoin created
- Sep 8, 2018 - github source uploaded, Window wallet development work started
- Sep 11,2018 - Window Qt Graphic wallet completed
- Sep 12,2018 - NewEnglandcoin Launched in both Bitcointalk forum and Marinecoin forum
- Sep 14,2018 - NewEnglandcoin is listed at ShorelineCrypto Exchange
- Sep 17,2018 - Block Explorer is up
- Nov 23,2018 - New Source/Wallet Release v1.1.1 - Enabled Dynamic Addjustment on Mining Hashing Difficulty
- Nov 28,2018 - NewEnglandcoin became CPU minable coin
- Nov 30,2018 - First Retail Real Life usage for NewEnglandcoin Announced
- Dec 28,2018 - Cheetah_Cpuminer under Linux is released
- Dec 31,2018 - NENG Technical Whitepaper is released
- Jan 2,2019 - Cheetah_Cpuminer under Windows is released
- Jan 12,2019 - NENG v1.1.2 is released to support MacOS GUI CLI Wallet
- Jan 13,2019 - Cheetah_CpuMiner under Mac is released
- Feb 11,2019 - NewEnglandcoin v1.2.0 Released, Anti-51% Attack, Anti-instant Mining after Hard Fork
- Mar 16,2019 - NewEnglandcoin v184.108.40.206 Released - Ubuntu 18.04 Wallet Binary Files
- Apr 7, 2019 - NENG Report on Security, Decentralization, Valuation
- Apr 21, 2019 - NENG Fiat Project is Launched by ShorelineCrypto
- Sep 1, 2019 - Shoreline Tradingbot project is Launched by ShorelineCrypto
- Dec 19, 2019 - Shoreline Tradingbot v1.0 is Released by ShorelineCrypto
- Jan 30, 2020 - Scrypt RandomSpike - NENG v1.3.0 Hardfork Proposed
- Feb 24, 2020 - Scrypt RandomSpike - NENG core v1.3.0 Released
- Jun 19, 2020 - Linux scripts for Futurebit Moonlander2 USB ASIC on solo mining Released
- Jul 15, 2020 - NENG v1.4.0 Released for Android Mining and Ubuntu 20.04 support
- Jul 21, 2020 - NENG v220.127.116.11 Released for MacOS Wallet Upgrade with Catalina
- Jul 30, 2020 - NENG v18.104.22.168 Released for Linux Wallet Upgrade with 8 Distros
- Aug 11, 2020 - NENG v22.214.171.124 Released for Android arm64 Upgrade, Chromebook Support
- Aug 30, 2020 - NENG v126.96.36.199 Released for Android/Chromebook with armhf, better hardware support
NENG v1.4.0 Android Mining, randomSpike Evaluation https://github.com/ShorelineCrypto/NewEnglandCoin/releases/download/NENG_2020_Q3_report/NENG_2020_Q3_report.pdf
- 2018 Q3 - Birth of NewEnglandcoin, window/linux wallet - Done
- 2018 Q4 - Decentralization Phase I
- Blockchain Upgrade - Dynamic hashing algorithm I - Done
- Cheetah Version I- CPU Mining Automation Tool on Linux - Done
- 2019 Q1 - Decentralization Phase II
- Cheetah Version II- CPU Mining Automation Tool on Window/Linux - Done
- Blockchain Upgrade Dynamic hashing algorithm II - Done
- 2019 Q2 - Fiat Phase I
- Assessment of Risk of 51% Attack on NENG - done
- Launch of Fiat USD/NENG offering for U.S. residents - done
- Initiation of Mobile Miner Project - Done
- 2019 Q3 - Shoreline Tradingbot, Mobile Project
- Evaluation and planning of Mobile Miner Project - on Hold
- Initiation of Trading Bot Project - Done
- 2019 Q4 - Shoreline Tradingbot
- Shoreline tradingbot Release v1.0 - Done
- 2020 Q1 - Evaluate NENG core, Mobile Wallet Phase I
- NENG core Decentralization Security Evaluation for v1.3.x - Done
- Light Mobile Wallet Project Initiation, Evaluation
- 2020 Q2 - NENG Core, Mobile Wallet Phase II
- NENG core Decentralization Security Hardfork on v1.3.x - Scrypt RandomSpike
- Light Mobile Wallet Project Design, Coding
- 2020 Q3 - NENG core, NENG Mobile Wallet Phase II
- Review on results of v1.3.x, NENG core Dev Decision on v1.4.x, Hardfork If needed
- Light Mobile Wallet Project testing, alpha Release
- 2020 Q4 - Mobile Wallet Phase III
- Light Mobile Wallet Project Beta Release
- Light Mobile Wallet Server Deployment Evaluation and Decision
- 2021 Q1 - NENG to the Moon?
RandomSpike - NENG core v1.3.0 Hardfork Upgrade Proposal https://github.com/ShorelineCrypto/NewEnglandCoin/releases/download/2020Q1_Report/Scrypt_RandomSpike_NENGv1.3.0_Hardfork_Proposal.pdf
- Major Success - v1.3.x Scrypt randomSpike Release
- randomSpike Overview, Observation, Conclusion
- Ubuntu 20.04 LTS Support on v1.4.0
- NENG core v1.4.0 Upgrade Proposal – Mobile Mining Start on Android Phones
- Table 1 – Mobile Mining Comparison of Electroneum (ETN) and NewEnglandcoin (NENG)
- Linux, Cloud, DockeQEMU virtualization Tech Advancement
- Userland for arm64 android – Easy to Setup or Use
- Alpha Release - GNUroot for 32 bits arm android
NENG Security, Decentralization & Valuation https://github.com/ShorelineCrypto/NewEnglandCoin/releases/download/2019Q2_report/NENG_Security_Decentralization_Value.pdf
- NENG Algorithm Change History
- NENG 1.2.x is subject to Timestamp Attack
- Explanation of Jan 29,2020 Timestamp Attack
- Why Scrypt RandomSpike is Proposed
- Technical Detail - How Scrypt RandomSpike Works
Whitepaper v1.0 https://github.com/ShorelineCrypto/NewEnglandCoin/releases/download/whitepaper_v1.0/NENG_WhitePaper.pdf
- No Hard Fork in 2019 Q2 or in Near Future
- NENG v1.2.x Hard Fork Evaluation
- Post Hard Fork: GPU vs ASIC, Solo vs Pool Mining
- NENG 51% Attack Cost - $10,000 USD
- Decentralization - Solo Mining Up, Mining Pool Down
- What if 51% Attackers Utilize GPU fleet?
- NENG Valuation is Dirt Cheap
- Announcement of NENG Fiat Project for all U.S. Residents
- Announcement for Mobile Miner Project Initiation
DISCORD https://discord.gg/UPeBwgs Explorer http://www.findblocks.com/exploreNENG http://188.8.131.52/exploreNENG http://nengexplorer.mooo.com:3001/
- NENG – CPU Minable, fun, easy full node set up at Home PC
- NENG – Security Against 51% Attack by Design
- Security - Dynamic Diff Short Term, Higher Network Hashrate Long Term
- Decentralization Phase 1- CPU Mining is Key Feature of NENG
- Why Block Time is Gaussian Shaped Random Event
- ASIC is Like Lion, CPU is Like Cheetah
- Decentralization Phase II – Security Against 51% Attack
- Why the Proposed Phase II Hardfork Upgrade will Prevent 51% Attacks?
- What if 51% Attacker re-engineer the software to attack NENG?
- Conclusion - Sound Money, Take Back Monetary Independence, Relive Crypto Dreams with Full Node
Step by step guide on how to setup an explorer: https://github.com/ShorelineCrypto/nengexplorer Github https://github.com/ShorelineCrypto/NewEnglandCoin Wallet
Android with UserLand App (arm64/armhf), Chromebook (x64/arm64/armhf): https://github.com/ShorelineCrypto/NewEnglandCoin/releases/tag/v184.108.40.206
Linux Wallet (Ubuntu/Linux Mint, Debian/MX Linux, Arch/Manjaro, Fedora, openSUSE): https://github.com/ShorelineCrypto/NewEnglandCoin/releases/tag/v220.127.116.11
MacOS Wallet (10.11 El Capitan or higher): https://github.com/ShorelineCrypto/NewEnglandCoin/releases/tag/v18.104.22.168
Android with GNUroot on 32 bits old Phones (alpha release) wallet: https://github.com/ShorelineCrypto/NewEnglandCoin/releases/tag/v1.4.0
Windows wallet: https://github.com/ShorelineCrypto/NewEnglandCoin/releases/tag/v22.214.171.124
addnode ip address for the wallet to sync faster, frequently updated conf file: https://github.com/ShorelineCrypto/cheetah_cpumineblob/mastenewenglandcoin.conf-example
How to Sync Full Node Desktop Wallet https://www.reddit.com/NewEnglandCoin/comments/er6f0q/how_to_sync_full_node_desktop_wallet/ TWITTER https://twitter.com/newenglandcoin REDDIT https://www.reddit.com/NewEnglandCoin/ Cheetah CPU Miner Software https://github.com/ShorelineCrypto/cheetah_cpuminer Solo Mining with GPU or ASIC https://bitcointalk.org/index.php?topic=5027091.msg52187727#msg52187727 How to Run Two Full Node in Same Desktop PC https://bitcointalk.org/index.php?topic=5027091.msg53581449#msg53581449 ASIC/GPU Mining Pools Warning to Big ASIC Miners
Due to DynDiff Algo on top of Scrypt, solo mining is recommended for ASIC/GPU miners. Further more, even for mining pools, small mining pool will generate better performance than big NENG mining pool because of new algo v1.2.x post hard fork.
The set up configuration of NENG for scrypt pool mining is same as a typical normal scrypt coin. In other word, DynDiff on Scrypt algo is backward compatible with Scrypt algo. Because ASIC/GPU miners rely on CPU miners for smooth blockchain movement, checkout bottom of "Latest News" section for A WARNING to All ASIC miners before you decide to dump big ASIC hash rate into NENG mining.
(1) Original DynDiff Warning: https://bitcointalk.org/index.php?topic=5027091.msg48324708#msg48324708
(2) New Warning on RandomSpike Spike difficulty (244k) introduced in RandomSpike served as roadblocks to instant mining and provide security against 51% attack risk. However, this spike difficulty like a roadblock that makes big ASIC mining less profitable. In case of spike block to be mined, the spike difficulty immediately serve as base difficulty, which will block GPU/ASIC miners effectively and leave CPU cheetah solo miners dominating mining almost 100% until next base difficulty reset.
Cminors' Pool http://newenglandcoin.cminors-pool.com/
SPOOL https://spools.online/ Exchange
Features: anonymous sign up and trading. No restriction or limit on deposit or withdraw.
The trading pairs available: NewEnglandcoin (NENG) / Dogecoin (DOGE)
Trading commission: A round trip trading will incur 0.10% trading fees in average. Fees are paid only on buyer side. buy fee: 0.2% / sell fee: 0% Deposit fees: free for all coins Withdraw fees: ZERO per withdraw. Mining fees are appointed by each coin blockchain. To cover the blockchain mining fees, there is minimum balance per coin per account: * Dogecoin 2 DOGE * NewEnglandcoin 1 NENG Latest News Aug 30, 2020 - NENG v126.96.36.199 Released for Android/Chromebook Upgrade with armhf, better hardware support https://bitcointalk.org/index.php?topic=5027091.msg55098029#msg55098029 Aug 11, 2020 - NENG v188.8.131.52 Released for Android arm64 Upgrade / Chromebook Support https://bitcointalk.org/index.php?topic=5027091.msg54977437#msg54977437 Jul 30, 2020 - NENG v184.108.40.206 Released for Linux Wallet Upgrade with 8 Distros https://bitcointalk.org/index.php?topic=5027091.msg54898540#msg54898540 Jul 21, 2020 - NENG v220.127.116.11 Released for MacOS Upgrade with Catalina https://bitcointalk.org/index.php?topic=5027091.msg54839522#msg54839522 Jul 19, 2020 - NENG v18.104.22.168 Released for MacOS Wallet Upgrade https://bitcointalk.org/index.php?topic=5027091.msg54830333#msg54830333 Jul 15, 2020 - NENG v1.4.0 Released for Android Mining, Ubuntu 20.04 support https://bitcointalk.org/index.php?topic=5027091.msg54803639#msg54803639 Jul 11, 2020 - NENG v1.4.0 Android Mining, randomSpike Evaluation https://bitcointalk.org/index.php?topic=5027091.msg54777222#msg54777222 Jun 27, 2020 - Pre-Announce: NENG v1.4.0 Proposal for Mobile Miner Upgrade, Android Mining Start in July 2020 https://bitcointalk.org/index.php?topic=5027091.msg54694233#msg54694233 Jun 19, 2020 - Best Practice for Futurebit Moonlander2 USB ASIC on solo mining mode https://bitcointalk.org/index.php?topic=5027091.msg54645726#msg54645726 Mar 15, 2020 - Scrypt RandomSpike - NENG v22.214.171.124 Released for better wallet syncing https://bitcointalk.org/index.php?topic=5027091.msg54030923#msg54030923 Feb 23, 2020 - Scrypt RandomSpike - NENG Core v1.3.0 Relased, Hardfork on Mar 1 https://bitcointalk.org/index.php?topic=5027091.msg53900926#msg53900926 Feb 1, 2020 - Scrypt RandomSpike Proposal Published- NENG 1.3.0 Hardfork https://bitcointalk.org/index.php?topic=5027091.msg53735458#msg53735458 Jan 15, 2020 - NewEnglandcoin Dev Team Expanded with New Kickoff https://bitcointalk.org/index.php?topic=5027091.msg53617358#msg53617358 Jan 12, 2020 - Explanation of Base Diff Reset and Effect of Supply https://www.reddit.com/NewEnglandCoin/comments/envmo1/explanation_of_base_diff_reset_and_effect_of/ Dec 19, 2019 - Shoreline_tradingbot version 1.0 is released https://bitcointalk.org/index.php?topic=5121953.msg53391184#msg53391184 Sept 1, 2019 - NewEnglandcoin (NENG) is Selected as Shoreline Tradingbot First Supported Coin https://bitcointalk.org/index.php?topic=5027091.msg52331201#msg52331201 Aug 15, 2019 - Mining Update on Effect of Base Difficulty Reset, GPU vs ASIC https://bitcointalk.org/index.php?topic=5027091.msg52169572#msg52169572 Jul 7, 2019 - CPU Mining on macOS Mojave is supported under latest Cheetah_Cpuminer Release https://bitcointalk.org/index.php?topic=5027091.msg51745839#msg51745839 Jun 1, 2019 - NENG Fiat project is stopped by Square, Inc https://bitcointalk.org/index.php?topic=5027091.msg51312291#msg51312291 Apr 21, 2019 - NENG Fiat Project is Launched by ShorelineCrypto https://bitcointalk.org/index.php?topic=5027091.msg50714764#msg50714764 Apr 7, 2019 - Announcement of Fiat Project for all U.S. Residents & Mobile Miner Project Initiation https://bitcointalk.org/index.php?topic=5027091.msg50506585#msg50506585 Apr 1, 2019 - Disclosure on Large Buying on NENG at ShorelineCrypto Exchange https://bitcointalk.org/index.php?topic=5027091.msg50417196#msg50417196 Mar 27, 2019 - Disclosure on Large Buying on NENG at ShorelineCrypto Exchange https://bitcointalk.org/index.php?topic=5027091.msg50332097#msg50332097 Mar 17, 2019 - Disclosure on Large Buying on NENG at ShorelineCrypto Exchange https://bitcointalk.org/index.php?topic=5027091.msg50208194#msg50208194 Feb 26, 2019 - Community Project - NewEnglandcoin Graphic Redesign Bounty Initiated https://bitcointalk.org/index.php?topic=5027091.msg49931305#msg49931305 Feb 22, 2019 - Dev Policy on Checkpoints on NewEnglandcoin https://bitcointalk.org/index.php?topic=5027091.msg49875242#msg49875242 Feb 20, 2019 - NewEnglandCoin v1.2.1 Released to Secure the Hard Kork https://bitcointalk.org/index.php?topic=5027091.msg49831059#msg49831059 Feb 11, 2019 - NewEnglandCoin v1.2.0 Released, Anti-51% Attack, Anti-instant Mining after Hard Fork https://bitcointalk.org/index.php?topic=5027091.msg49685389#msg49685389 Jan 13, 2019 - Cheetah_CpuMiner added support for CPU Mining on Mac https://bitcointalk.org/index.php?topic=5027091.msg49218760#msg49218760 Jan 12, 2019 - NENG Core v1.1.2 Released to support MacOS OSX Wallet https://bitcointalk.org/index.php?topic=5027091.msg49202088#msg49202088 Jan 2, 2019 - Cheetah_Cpuminer v1.1.0 is released for both Linux and Windows https://bitcointalk.org/index.php?topic=5027091.msg49004345#msg49004345 Dec 31, 2018 - Technical Whitepaper is Released https://bitcointalk.org/index.php?topic=5027091.msg48990334#msg48990334 Dec 28, 2018 - Cheetah_Cpuminer v1.0.0 is released for Linux https://bitcointalk.org/index.php?topic=5027091.msg48935135#msg48935135 Update on Dec 14, 2018 - NENG Blockchain Stuck Issue https://bitcointalk.org/index.php?topic=5027091.msg48668375#msg48668375 Nov 27, 2018 - Exclusive for PC CPU Miners - How to Steal a Block from ASIC Miners https://bitcointalk.org/index.php?topic=5027091.msg48258465#msg48258465 Nov 28, 2018 - How to CPU Mine a NENG block with window/linux PC https://bitcointalk.org/index.php?topic=5027091.msg48298311#msg48298311 Nov 29, 2018 - A Warning to ASIC Miners https://bitcointalk.org/index.php?topic=5027091.msg48324708#msg48324708
Disclosure: Dev Team Came from ShorelineCrypto, a US based Informatics Service Business offering Fee for service for Coin Creation, Coin Exchange Listing, Blockchain Consulting, etc.
This is a long one - TL;DR at the end!
If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached
which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone
care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players.
First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if
Why You Should Care About Breaches
The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.
But wait, why would anyone want to use my password? I'm nobody!
It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated.
By the way, according to this post (which looks believable enough to be real)
this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account
If you want to see how many of your accounts are already breached check out Have I Been Pwned
- I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.
How You Can Protect Yourself
Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way.
First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/
- this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!
You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here
or you can search around for some comparison articles.
Some notable choices to consider:
- 1Password - recommend by Troy Hunt, creator of Have I Been Pwned
- LastPass - I use this at work and it's generally good
- BitWarden - free and open source! I use this at home and in some ways it's better than LastPass
- KeePass (and forks) - free, open source, and totally offline; if you don't trust "the cloud" you can trade away some more convenience in exchange for taking full responsibility of your password security (and backups)
Regardless of which one you choose, any of them is 100x better than not using one at all.
Multi-Factor Authentication / Two-Factor Authentication (aka MFA / 2FA)
The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been
. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication)
Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here
or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account!
All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc.
The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP
is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup
which is really convenient, though obviously less secure by some measure.
Notable choices to consider:
- Authy - probably the first big/popular one after Google Authenticator came out (I think) - NOTE: They let you use it on your desktop/browser, too, but this is TOO much convenience! Don't fall for that trap.
- LastPass Authenticator - conveniently links up with a LastPass account, some sites support extra features (like not needing to type a code, just answer a phone notification)
- Yubikey - A real physical MFA device! Some models are compatible with phones, too.
- Duo - this one is more geared towards enterprise, but they have a free option
Some sites/services use their own app, like Blizzard (battle.net)
, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one. Don't forget to save backup codes in an actual secure location!
If you lose your backup codes and
your auth app/physical key you will
be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine. There is such a thing as bad MFA/2FA! However, anything is at least better than nothing.
A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing
What Does This Have To Do With GameDev?
Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).
Secure Your Code
Securing your code actually has multiple meanings here: Securing access
to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover!
If you're not already using some form of Source Control Management (SCM)
you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who
can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk!
So make sure everyone
on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access.
Additionally you should never commit secrets
(passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository!
Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
- Is my code doing anything "dangerous"? (system-level stuff, memory access, saving passwords anywhere)
- Could someone get the keys to the kingdom (API key, server password, etc) by just opening Cheat Engine and looking at memory values? Or doing a strings/hex edit/decompile/etc on my game executable?
- Am I using outdated libraries/framework/engine? Do they have any known security bugs?
. For other languages you can look at tools like Snyk
or some other alternatives to audit the libraries you use in your project. Unfortunately none that I know of are aimed at game dev in particular, but it's still important to use these tools when you can. In general, be aware of all of your code dependencies and what impact they can have on your game or your customers if there are security bugs.
Impact can range from "can cheat in multiplayer" to "can get IP addresses of all players in the world" or even "can get all information I ever put on my server", etc.
In general you'll want to look into Secure Software Development Lifecycle (commonly SDLC) practices. Microsoft has some information on how they do it
Secure Your Computer
I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.
- Lock your computer when idle - use a password (or PIN or face unlock or whatever your OS uses) - no one should ever be able to walk up to your computer and use it if you're not looking, nor should they be able to get in if they grabbed your closed laptop off the table at starbucks (thanks u/3tt07kjt for reminding me of this one)
- Use full disk encryption (especially on laptops)
- Update your OS for security updates ASAP
- Use anti-virus (yes, Windows Defender is fine) and keep it updated
- Update your web browser ALWAYS (this is your 99% chance attack vector, so don't postpone it!)
- Don't use software that has known, unfixed security problems - FileZilla is a famous example
- Don't install browser extensions that you don't need - a LOT of extensions are either malware from the start or become malware later (my favorite emoji extension started mining bitcoins, FFS!) - check reviews regularly after extensions update
- DO use adblock and privacy extensions - ads are a common attack vector - I recommend uBlock Origin and Privacy Badger at a minimum (note that some legit sites can break and so you'll have to fiddle with settings or whitelist)
- Don't open suspicious or unknown links on e-mail, social media, discord, etc (be sure to hover over the links in this post before clicking them)
- Don't open attachments, ever - unless you were expecting it from that person at that time
- Don't fill out ANY forms (comments, login, registration, etc) on websites that don't have HTTPS (secure) connection - your browser will show this in the address bar, usually
- In general, be suspicious of everything that comes from people you don't know - and even from people you do know if it was unexpected
- E-Mail is (probably) the least secure form of communications ever invented - so try not to use it for sensitive things
Secure Your Website
I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site
and they are relevant even if you don't use DO for your servers.
- Use HTTPS (SSL/TLS) secure connections - it's FREE and EASY thanks to Let's Encrypt
- Don't think your website needs HTTPS? You're wrong; check here if you don't believe me
- KEEP EVERYTHING UPDATED - automate as much as you can
- If you have control over the server, you MUST update the OS, the web server, and any backend application servers/languages/frameworks involved. Equifax breach was due to having out of date server software. BMG breach was worsened by having out of date server software. YOU MUST STAY UPDATED, ALWAYS
- Don't store sensitive personal information - it's a huge pain to be PCI compliant, it's a huge fine if you mess it up - avoid storing any customer information that you don't actually need (see also: GDPR )
- Use secure password storage - see OWASP Password Storage Cheat Sheet (thanks u/3tt07kjt) - do NOT reinvent the wheel, this has been solved already by smarter people than all of us combined
- Follow OWASP Top 10 guidelines - especially if you built the website yourself
- Do not allow access to SSH/Remote desktop/Database services from the whole world; the general public should only ever be able to reach ports 80 and 443 on your web server (and 80 should permanently redirect to HTTPS)
- Use SSH keys instead of passwords on Linux servers
- Don't run your own email server - it's just not worth it; use google apps for business, office 365, zoho, or something else for business email
- Secure your domain registrar account! Don't lose your domain to a bad password or lack of MFA/2FA or an old email address! If your registrar doesn't support actual security then transfer to one that does. (namecheap, namesilo, google domains, amazon aws route53, even godaddy, the absolutely worst web company, has good security options)
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.
That's it, for now
I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.
TL;DR (y u words so much??)
... in general... in general... in general...
- Use a password manager so you can have different, random, secure passwords on every account on every website/service/game
- Use MFA/2FA on every account, if possible
- Lock your computer when idle/away
- Use full disk encryption on laptops
- Update your operating system (we all hate Windows Update, but it really is for our own good)
- Use anti-virus (Windows Defender is fine)
- Update your browser
- Use good adblockeprivacy blocker browsers extensions
- Don't use browser extensions that you don't really need (they could be a trojan horse of bitcoin mining later)
- Don't trust anything sent by anyone, unless you were expecting it and know it's safe
- E-mail is the least secure form of communications in use these days; don't trust it for sensitive things
- Use source control for your game code (git, mercurial, etc)
- Lock down access to your source code
- Don't put secrets (passwords, API keys/tokens, social security numbers, credit card numbers) in your code repository
- Don't do dumb things like store your AWS keys in your game for players to just find with simple tools
- Check your code dependencies for security bugs, update them when needed
- Use HTTPS on your website
- Update your web server OS and software
- Use secure password storage (don't reinvent this wheel, it's been solved by way smarter people)
- Use SSH keys instead of passwords for Linux servers
- Use a firewall to block the world from getting in with SSH/Remote desktop/database direct connections
- Only allow your own IP address (which can change!) into the server for admin tasks
- Don't run your own email server, let someone who knows what they are doing handle that for you
- Secure your domain registrar account, keep email address up to date
I sure wrote those 2 words a lot.
Why Should I Trust This Post?
Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things.
If you want my appeal to authority
answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products.
Edit: Fixed some typos and added some more links
More edit: added a few more points and links
One of the most commonly used pieces of Bitcoin mining software is the Linux-based CGMiner. It has been around for a long time now (almost six years). It has also been coded entirely in the programming language C. This means it’s compatible with almost all operating systems. It’s also based on the code for the early popular mining software CPUMiner. The CGMiner uses a command line ... Once you select the type mining process for Bitcoin mining, here we suggest the best cloud and traditional mining software for Windows, Mac, and Linux. Best Bitcoin Mining Tools For 2020 1. Multiminer. Multiminer is a user-friendly mining tool if you are a beginner. Cryptocurrency is a highly volatile platform and you need a stable working ... On the Windows front you could choose between Windows 10, Windows 8.1.1, Windows 7. Not a huge list, but on the Linux front you could choose from hundreds of different operating systems. We’re going to hit on the most common Linux mining OS, Ubuntu. At the end of this article we will also touch on Simple Mining OS, which is Linux based and is showing some great promise! If you are a solo miner: the mining software connects your Bitcoin miner to the blockchain. If you mine with a pool: the software will connect you to your mining pool. If you are cloud mining: you do not need mining software. Quick Tip. Mining is not the fastest way to get bitcoins. Buying bitcoin is the fastest way. Read Our Buying Guide. Why Do You Need a Bitcoin Mining Operating System ... MultiMiner ist für Windows, Mac OS X und Linux erhältlich und ermöglicht es Ihnen, Mining-Geräte (z.B. ASICs, FPGAs) ohne Aufwand zwischen verschiedenen Kryptowährungen (z.B. Litecoin, Bitcoin) zu wechseln. Es nutzt die zugrundeliegende Mining-Engine zur Erkennung verfügbarer Mining-Hardware und lässt Sie die Coins auswählen, die Sie abbauen möchten. MultiMiner verfügt über viele ...
Cryptocurrency mining - the only 3 options you really have left in today's mining environment. Newbie guide for those who want to try solo bitcoin and litecoin mining, using bfgminer and cgminer. The config files shown in the video are available in the... Latest Video: http://bit.ly/BW10000 1. Buy Bitcoins: http://bit.ly/BWCoinbase 2. Best Crypto Exchange: http://bit.ly/BWBinance 3. ROBINHOOD http://bit.ly/ROB... How to solo mining bitcoin with your Bitcoin wallet CPU mining on PC Run your wallet - Help - Debug Window - Console for start mining writte: setgenerate true -1 for controle mining: getmininginfo ... We discuss how mining in bitcoin works and the differences between SOLO MINING VS MINING POOLS. Hope this video brings you a lot of value! Let´s keep on learning!