Android: what do we need for application development? (hardware) mac / windows / both?

I am starting a small business (me and 3 co-developers) for an application. The application will run on both iOS and Android. We are looking for some ideas about the hardware we should buy.

Because we have to be "mobile", we need laptops.

We know that we need macbooks for iOS development. Should we continue using macbooks and buy 4 macbooks (also for developers working on Android), or should we split up and buy Windows machines for Android development?

Can anyone recommend what we should buy? The budget is approximately € 2500 / laptop.

Thanks in advance!

PS: sorry for my English. It is not my mother tongue.

ledger: What is the threat model of a Bitcoin HSM / Hardware wallet?


What is the threat model against which they protect and are vulnerable?

Hardware wallets are security devices with different features and hardware, but the general concept is largely identical. A reliable device has cryptographic keys, allows you to view information on a dedicated screen and accepts secure entries through its own interface (buttons or touch screen).

enter the description of the image here

In the security model of the hardware wallet, a user interacts with their untrusted host device to build a transaction by paying an amount to an address, then the transaction is sent to the hardware wallet for the assembly of the transaction, including cryptographic signatures The user is expected to verify the information displayed (that is, the amount) and recognize the transaction on their device. Each transaction needs explicit recognition on the hardware device, and the host cannot perform transactions without that approval.

This is different from the traditional software wallet model where a user interacts with an untrusted host, who by entering the encryption key for the wallet, can make any arbitrary transaction of any amount to any destination.


How much do the commonly established practices on the use of these devices improve the security of storing Bitcoin using them?

Many of the security tips given about the use of hardware wallets provide very little additional security, or only provide the illusion of security rather than really effective measures.

enter the description of the image here

A security measure that is often repeated is to verify that the address in your hardware wallet matches the one you tried to send using the companion application on the host computer. This makes no sense, since the destination address is provided by the untrusted host. The address that does not match would be an indicator of absolutely nothing but a serious failure of the software by the device.


How safe are these devices to store Bitcoin?

Maximum device security is based on trust in the manufacturer, since it is extremely easy for software errors to allow complete theft or loss of funds, and for invisible backdoors to be inserted. History has shown that many of the available devices are plagued by serious code quality problems, have bad options in building the security of their hardware and, otherwise, can be an unsafe option to store funds.

Rear doors

The backdoors in Bitcoin transactions, specifically due to some features of EDCSA, are trivial to produce and are extremely difficult to detect, especially if they are implemented sporadically. ECDSA signatures contain a number that is generated from a supposedly random source, however, if this number is designed to contain third party values, the secret private key or other information can be filtered in addition to being valid. Modern software implementations of the use of ECDSA (deterministic generation) (5) for the nonce secret value, but this is not verifiable without using the private key for validation.

Quality code

All current devices have shown serious problems with their open source ECDSA cryptography implementations, or simply have their code implementation completely closed to evade the analysis.

  1. The Bitcoin Trezor was originally shipped with an ECDSA implementation that is based on a Python library transcribed in c. This code was comically slow and exposed a (very large synchronization side channel attack) (6). Being physically close to the device while signing a transaction exposed enough information during runtime to expose private key material. Trezor has had a considerable amount of bootloader, time analysis, power analysis and hardware vulnerabilities.

  2. The Ledger Nano has an amateur time error in its bootloader that allows to completely avoid security in at least the main processor that handles user input and communication. For most microcontrollers, the memory design has repeated sections and multiple positions in which the data can be accessed, the bootloader simply did not know it and allowed arbitrary changes in the sensitive security code.

  3. The CoinKite hardware series uses micro-ecc, an abandoned "ECDSA for arduino" that contains absolutely no evidence and is vulnerable to at least one synchronization attack.


The use of a hardware wallet to store Bitcoin is not a bulletproof option, it is a considered set of security compensation that requires consideration and understanding of the threats and weaknesses of the devices.

Hardware: Hard disk or UEFI problem (or secure boot)

Please, any help will be appreciated.
installing ubuntu on acer laptop
BIOS: HDD Model Name: None
Hard Disk Serial Number ——–
Gparted can't watch HDD
sudo lsblk -o NAME, FSTYPE, SIZE, MOUNTING POINT, LABEL cannot see
Question: Really HDD is dead or it can be a problem with UEFI, Secure Boot BS, I'm so stupid

Does any desktop PC motherboard require hardware token authentication?

Scenario: I am assembling a desktop computer. I buy an ASUS XYZ motherboard because it won't run, or better yet, its execution status cannot be altered, without pulling the plug, without hardware token authentication. The XYZ motherboard comes with two YubiKeys. If I lose them, I can buy additional copies of ASUS, after posting bonds and passing a DNA test.

I'm kidding about the DNA test. Or maybe not. The question is, is there something like the ASUS XYZ motherboard?

Initially, a previous question seemed to be looking for the same information, but its focus on laptops seems to explain its apparent satisfaction with a software solution geared towards data encryption (for example, Sophos SafeGuard Easy).

paper wallet – paper wallet or handwritten hardware wallet to store Bitcoins?

Most of the people I talk to are convinced that a hardware wallet is the safest place to store their Bitcoins. But I am not so sure if it is not safer if I believe offline in a new system not compromised the keys and write them on paper (two copies in two safe places). Of course, someone could steal the keys. But looking at the hardware wallets, I see those risks:

  1. Seed words must be written, subject to theft
  2. If I or someone else wants to use the device in 10 or 15 years, the firmware will be outdated, the solution could be hacked or I could have the problem of not finding a secure computer with a USB port or accepting the device. This reminds me when I want to get the movies from the 20 year old cameras.
  3. The stick itself plus the seed is harder to hide than a single seed / key. If a criminal finds the stick, he could force me to deliver the seed.
  4. If it is not open source, I need to trust the manufacturer. E.g. The key selection may not be random. If the manufacturer selects a selection of 10 private keys from Mio, I wouldn't realize it, but I could take care of all the clients' Bitcoin credits after a few years.

What do you think, what is the best hodl strategy to store coins safely?

[GET] CompTIA JK0-801 A + Networking and PC hardware practice exam

Attend this CompTIA JK0-801 A + Networking and the PC hardware practice exam will get a good score of 80% on the main exam

https://www.udemy.com/course/compti…-hardware-practice-exam-n/?couponCode=JK0-801

Peace and success! :)

6 practice tests
0.0 (0 ratings)
64 students enrolled
Created by INFO IT HUB
Posted 9/2019
English

:)

Hardware: what to look for in a potentially compromised computer?

This morning, before dawn, the beep of my laptop woke me up. I opened the lid and it was in the BIOS, trying to boot from an external drive. He could not find a drive from which to start, so it will beep, will display the message "Cannot find the boot device" and then search for another.

Tired of a few weeks of overtime every day, in panic, and I was still not fully awake, I just held the power button until it restarted, turned it off from the login screen and went back to sleep.

Now I realize that someone could have attacked (or at least tried to attack it) by booting to another operating system from a flash drive.

Therefore, the question: Is there a way to verify if my laptop is compromised? What kind of trail would be left if they accessed my files, installed something or changed my settings? Is there any way to confirm that it even happened?

I have an Acer Aspire M5-581T with Windows 10 Home edition version 1903.

Some additional details:
I was working late last night to the point that I was falling asleep at my desk, so I don't remember if I turned it off properly (I almost always do it), or if I just closed the lid. I think I closed the lid because I had some things open that I didn't want to lose. When I woke up in the morning, my browser offered to recover an interrupted session. I don't know if the session was interrupted by the possible attacker when they restarted to get to the BIOS, or by me when I restarted in panic.

I live with four roommates, one of whom is quite an expert in technology.

blockchain: wondering about the viability of a hardware wallet

I want to roll my own hardware wallet using a USB stick. I have some concerns

  1. Do I need to download the entire blockchain to create a new wallet?
  2. Do I need to download and store the entire blockchain in the USB to send and receive funds?
  3. Do I have to plug in the USB wallet to send funds?
  4. Do I have to plug in the USB wallet to receive funds?

.

  • I hope the answer to the first question is "no," since I am really not interested in downloading and maintaining a local copy of the entire blockchain. It is a waste of space.
  • I hope the answer to the second question is "no." Because, again, I really don't want to spend time and bandwidth downloading the entire blockchain, and I don't want to have to store it either. Those are gigabytes that could be spent on something else.
  • I hope the answer to question three is "no" for security reasons. I don't want random customers from the other side of the world to transfer my money without my consent.
  • I hope that the answer to question four is "yes" for reasons of convenience. I don't want to have to plug in my wallet every time someone sends me money.

I understand that there is the public key to receive and the private key to send. Am I right in thinking that all you have to keep safe is the private key? If that's the case, surely I don't have to download the entire blockchain?

Bare metal servers – Discount offers – 1 Gbps – Hardware Raid10

Bare metal servers – Discount offers – 1 Gbps – Hardware Raid10

Android x86 – Touch screen firmware instead, how to activate the hardware?

I installed Android x86 8.1 and with some settings silead_ts.fw, I was able to make the touch screen work properly since the one that was originally had errors. But then I installed another x86 distribution: PrimeOS. Now, the touch screen does not work at all, even after replacing the correct silent file under lib/firmware.

I tried to run getevent. While 8.1 detects the touch screen as Silead 1680, PrimeOS does not show this at all. I discovered that the touch screen in PrimeOS seems to work for some.

Is there any way to activate the touch screen? Or debug the problem?
I am using PrimeOS Standard with the Linux kernel 4.14.x