Month: March 2018

Categories
Apps Security Web

What’s Going on with Cambridge Analytica?

If you’ve paid attention in the news this week, you may have heard the name “Cambridge Analytica” tossed around or something about a “Facebook data breach.” At a glance, it may be hard to tell what these events are all about and how they relate to you. The purpose of this article is to clarify those points and to elucidate what personal information one puts on the internet when using Facebook. As well, we will look at what you can do as a user to protect your data.

The company at the heart of this Facebook data scandal is Cambridge Analytica: a private data analytics firm based in Cambridge, UK, specializing in strategic advertising for elections. They have worked on LEAVE.EU (a pro-Brexit election campaign), as well as Ted Cruz’s and Donald Trump’s 2016 presidential election campaigns. Cambridge Analytica uses “psychographic analysis” to predict and target the kind of people who are most likely to respond to their advertisements. “Psychographic analysis”, simply put, is gathering data on individuals’ psychological profiles and using it to develop and target ads. They get their psychological data from online surveys that determine personality traits of individuals. They compare this personality data with data from survey-takers’ Facebook profiles, and extrapolate the correlations between personality traits and more readily accessible info (likes, friends, age group) onto Facebook users who have not even taken the survey. According to CEO Alexander Nix, “Today in the United States we have somewhere close to four or five thousand data points on every individual […] So we model the personality of every adult across the United States, some 230 million people.”. This wealth of data under their belts is extremely powerful in their business, because they know exactly what kind of people could be swayed by a political ad. By affecting individuals across the US, they can sway whole elections.

Gathering data on individuals who have not waived away their information may sound shady, and in fact it breaks Facebook’s terms and conditions. Facebook allows its users’ data to be collected for academic purposes, but prohibits the sale of that data to “any ad network, data broker or other advertising or monetization-related service.” Cambridge Analytica bought their data from Global Science Research, a private business analytics research company. The data in question was collected by a personality survey (a Facebook app called “thisisyourdigitallife”, a quiz that appears similar to the silly quizzes one often sees while browsing Facebook). This app, with its special academic privileges, was able to harvest data not just from the user who took the personality quiz, but from all the quiz-taker’s friends as well. This was entirely legal under Facebook’s terms and conditions, and was not a “breach” at all. Survey-takers consented before taking it, but their friends were never notified about their data being used. Facebook took down thisisyourdigitallife in 2015 and requested Cambridge Analytica delete the data, however ex-Cambridge Analytica employee Christopher Wylie says, “literally all I had to do was tick a box and sign it and send it back, and that was it. Facebook made zero effort to get the data back.”

This chain of events makes it clear that data analytics companies (as well as malicious hackers) are not above breaking rules to harvest your personal information, and Facebook alone will not protect it. In order to know how your data is being used, you must be conscious of who has access to it.

What kind of data does Facebook have?

If you go onto your Facebook settings, there will be an option to download a copy of your data. My file is about 600 MB, and contains all my messages, photos, and videos, as well as my friends list, advertisement data, all the events I’ve ever been invited to, phone numbers of contacts, posts, likes, even my facial recognition data! What is super important in the realm of targeted advertisement (though not the only info people are interested in) are the ad data, friends list, and likes. The “Ads Topics” section, a huge list of topics I may be interested in that
determines what kind of ads I see regularly, has my character pinned down.Though some of these are admittedly absurd, (Organism? Mason, Ohio? Carrot?) knowing I’m interested in computer science, cooperative businesses, Brian Wilson, UMass, LGBT issues, plus the knowledge that I’m from Connecticut and friends with mostly young adults says a lot about my character even without “psychographic analysis”—so imagine what kind of in-depth record they have of me up at Cambridge Analytica! I implore you, if interested, to download this archive yourself and see what kind of person the ad-brokers of Facebook think you are.

Is there a way to protect my data on Facebook?

What’s out there is out there, and from the Cambridge Analytica episode we know third-party companies may not delete data they’ve already harvested, and Facebook isn’t particularly interested in getting it back, so even being on Facebook could be considered a risk by some. However, it is relatively easy to remove applications that have access to your information, and that is a great way to get started protecting your data from shady data harvesters. These applications are anything that requires you to sign in with Facebook. This can mean other social media networks that link with Facebook (like Spotify, Soundcloud, or Tinder), or Facebook hosted applications (things like Truth Game, What You Would Look Like As The Other Gender, or Which Meme Are You?). In Facebook’s settings you can view and remove applications that seem a little shady.

You can do so by visiting this link, or by going into settings, then going into Apps.

After that you will see a screen like this, and you can view and remove apps from there.

However, according to Facebook, “Apps you install may retain your info after you remove them from Facebook.” They recommend to “Contact the app developer to remove this info”. There is a lot to learn from the events surrounding Facebook and Cambridge Analytica this month, and one lesson is to be wary of who you allow to access your personal information.

Categories
Security

Creating and Remembering Long Passwords – The Roman Room Concept

Comic courtesy of xkcd by Randall Munroe

If you are anything like me, you have numerous passwords that you have to keep track of.  I can also safely assume, that unless you are in the vast minority or people, you also have autofill/remember passwords turned on for all of your accounts. I’m here to tell you that there is an easy way to remember your passwords so that using these convenient insecurities can be avoided.

The practice that I use and advocate for remembering and creating passwords is called The Roman Room. I’ll admit, this concept is not my own. I’ve borrowed it from a TV show called Leverage. I found it to be a neat concept, and as such I have employed it since.  The practice works as follows: Imagine a room, it can be factual or fictional. Now imagine specific, detailed items that you can either “place” in the room, or that exist in the room in real life. This place could be your bedroom, your family’s RV, really anywhere that you have a vivid memory of, and can recall easily. I suggest thinking of items that you know very well, as this will make describing them later easier. Something like a piece of artwork, a unique piece of furniture, or a vacation souvenir. Something that makes a regular appearance in the same spot or something that has a permanence about it.

Now comes the challenging part: creating the password. The difficulty comes in creating a password that fulfills the password requirements at hand. This technique is most useful when you have the option to have a longer password (16+ characters), as that adds to more security, as well as allows for a more memorable/unique password. Let’s say for example that I often store my bicycle by hanging it on my bedroom wall. It’s a black and red mountain bike, with 7 speeds. I could conjure up the password “Black&RedMountain7Sp33d”.

Editor: This is not Tyler's bike.
Image: bicyclehabitat.com

Alternatively, I could create a password that describes that state of the bike opposed to its appearance.  This example reminds me of how the bike looks when its hung on the wall, it looks like its floating. Which reminds me of that scene from ET. I could then create the password “PhoneHomeB1cycle”, or something along those lines. This technique is just something that I find useful when I comes time to create a new password, and as a means to remember them easily that also prevents me from being lazy using the same password again, and again. Though this method doesn’t always generate the most secure password (by that I mean gibberish-looking password), it is a means to help you create better passwords and remember them without having to store them behind yet another password (in a password manager). What good is a password if you can’t remember or have to write it down?

Categories
Operating System

Microcontrollers and the Maker Movement

The maker movement is a growing trend in the DIY world which involve using microcontroller technologies such as Arduino to develop and create small or large scale projects such as home automation, gadgets, robotics and electronic devices. There is no need in prior knowledge!

Projects vary from home automation to robotics but can be used to pretty much anything; automatic door locks, Phone controlled sprinklers and even portable chargers are just a few examples for the endless possibilities. With all the information available over the internet, virtually anyone can create simple projects without a deep knowledge of electricity and programming. Most products come preconfigured, open source and all the documentation is available online. The movement brings collaboration to the front line of development and projects the work you do inside a computer to the outside physical world

Unlike the past, starting your own project is easy and highly available. No longer the mystery of engineering and computer science wizards prevent you from making your own garage opener. The increase in the demand and the growing interest in DIY projects caused an increase in manufacturing which brought down prices – cables, resistors and transistors are sold for less than dollar each and microcontrollers such as the Arduino Uno would cost only 3$. Start your own project in less than 5$, make that pocket change your next adventure!

Microcontrollers have been heavily integrated in Hackathons in recent years. Hackathon is a design sprint-like event that usually takes two to three days in which people collaborate intensively on software projects within the time limitation. These days Hackathons also include hardware competition categories such as robotics and home automation. So if you’re looking for a way to winning your first Hackathon or interested in finding an internship from a Hackathon the microcontroller categories are somewhat simple to compete with years’ worth of knowledge.

Furthermore, since so many people began working on project there was a need for a community to support and help people out so in addition to the online community there also physical hubs that started to pop up. Those are called “Makerspace”, the makerspace is environment which provides the individual with the tools and knowledge to excel in his task and complete his goal. Even here at UMass Amherst there’s a work in progress to build a makerspace where students can come and get introduced to the topic.

In conclusion, the maker movement combined with the Arduino technologies create an endless possibilities for projects and provides a new visual way for anyone to learn physics, programming and circuit design, It is a way for people to express their creativity.

Categories
Hardware

Future Proofing: Spending less and getting more

 

Future proofing, at least when it comes to technology, is a philosophy that revolves around buying the optimal piece of tech at the optimal time. The overall goal of future proofing is to save you money in the long run by purchasing devices that take a long time to become obsolete.

But, you might ask, what exactly is the philosophy? Sure, it’s easy to say that its best to buy tech that will last you a long time, but how do you actually determine that?

There are four basic factors to consider when trying to plan out a future proof purchase.

  1. Does what you’re buying meet your current needs, as well as needs you might have in the foreseeable future?
  2. Can what you’re buying be feasibly upgraded down the line?
  3. Is what you’re buying about to be replaced by a newer, better product?
  4. What is your budget?

I’m going to walk you through each of these 4 ideas, and by the end you should have a pretty good grasp on how to make smart, informed decisions when future-proofing your tech purchases!

Does what you’re buying meet your current needs, as well as needs you might have in the foreseeable future?

 

This is the most important factor when trying to make a future-proof purchase. The first half is obvious: nobody is going to buy anything that doesn’t do everything they need it to do. It’s really the second half which is the most important aspect.

Let’s say you’re buying a laptop. Also, let’s assume that your goal is to spend the minimum amount of money possible to get the maximum benefit. You don’t want something cheap that you’ll get frustrated with in a few months, but you’re also not about to spend a downpayment on a Tesla just so you can have a useful laptop.

Let’s say you find two laptops. They’re mostly identical, albeit for one simple factor: RAM. Laptop A has 4gb of RAM, while Laptop B has 8gb of RAM. Let’s also say that Laptop A is 250 dollars, while Laptop B is 300 dollars. At a difference of 50 dollars, the question that comes to mind is whether or not 4gb of RAM is really worth that.

What RAM actually does is act as short term storage for your computer, most important in determining how many different things your computer can remember at once. Every program you run uses up a certain amount of RAM, with things such as tabs on Google Chrome famously taking up quite a bit. So, essentially, for 50 dollars you’re asking yourself whether or not you care about being able to keep a few more things open.

Having worked retail at a major tech store in my life, I can tell you from experience that probably a little over half of everyone asked this question would opt for the cheaper option. Why? Because they don’t think that more RAM is something that’s worth spending extra money at the cash register. However, lots of people will change their mind on this once you present them with a different way of thinking about it.

Don’t think of Laptop A as being 250 and Laptop B as being 300. Instead, focus only on the difference in price, and whether or not you think you’d be willing to pay that fee as an upgrade.

You see, in half a year, when that initial feeling of spending a few hundred dollars is gone, it’s quite likely that you’ll be willing to drop an extra 50 dollars so you can keep a few more tabs open. While right now it seems like all you’re doing is making an expensive purchase even more expensive, what you’re really doing is making sure that Future_You doesn’t regret not dropping the cash when they had an opportunity.

Don’t just make sure the computer your buying fits your current needs. Make sure to look at an upgraded model of that computer, and ask yourself; 6 months down the line, will you be more willing to spend the extra 50 dollars for the upgrade? If the answer is yes, then I’d definitely recommend considering it. Don’t just think about how much money you’re spending right now, think about how the difference in cost will feel when you wish that you’d made the upgrade.

For assistance in this decision, check the requirements for applications and organizations you make use of. Minimum requirements are just that, and should not be used as a guide for purchasing a new machine. Suggested requirements, such as the ones offered at UMass IT’s website, offer a much more robust basis from which to future-proof your machine.

Can what you’re buying be meaningfully upgraded down the line?

This is another important factor, though not always applicable to all devices. Most smartphones, for example, don’t even have the option to upgrade their available storage, let alone meaningful hardware like the RAM or CPU.

However, if you’re building your own PC or making a laptop/desktop purchase, upgradeability is a serious thing to consider. The purpose of making sure a computer is upgradeable is to ensure that you can add additional functionality to the device while having to replace the fewest possible components.

Custom PCs are the best example of this. When building a PC, one of the most important components that’s often overlooked is the power supply. You want to buy a power supply with a high enough wattage to run all your components, but you don’t want to overspend on something with way more juice than you need, as you could have funneled that extra cash into a more meaningful part.

Lets say you bought a power supply with just enough juice to keep your computer running. While that’s all fine right now, you’ll run into problems once you try to make an upgrade. Let’s say your computer is using Graphics Card A, and you want to upgrade to Graphics Card B. While Graphics Card A works perfectly fine in your computer, Graphics Card B requires more power to actually run. And, because you chose a lower wattage power supply, you’re going to need to replace it to actually upgrade to the new card.

In summary, what you planned to just be a simple GPU swap turned out to require not only that you pay the higher price for Graphics Card B, but now you need to buy a more expensive power supply as well. And, sure, you can technically sell your old power supply, you would have saved much more money (and effort) in the long run by just buying a stronger power supply to start. By buying the absolute minimum that you could to make your computer work, you didn’t leave yourself enough headroom to allow the computer to be upgraded.

This is an important concept when it comes to computers. Can your RAM be upgraded by the user? How about the CPU? Do you need to replace the whole motherboard just to allow for more RAM slots? Does your CPU socket allow for processors more advanced than the one you’re currently using, so you can buy cheap upgrades once newer models come out?

All of these ideas are important when designing a future-proof purchase. By ensuring that your device is as upgradeable as possible, you’re increasing its lifespan by allowing hardware advancements in the future to positively increase your device’s longevity.

Is what you’re buying about to be replaced by a newer, better product?

This is one of the most frustrating, and often one of the hardest-to-determine aspects of future proofing.

We all hate the feeling of buying the newest iPhone just a month before they reveal the next generation. Even if you’re not the type of person that cares about having the newest stuff, it’s to your benefit to make sure you aren’t making purchases too close to the release of the ‘next gen’ of that product. Oftentimes, since older generations become discounted upon the release of a replacement, you’d even save money buying the exact same thing by just waiting for the newer product to be released.

I made a mistake like this once, and it’s probably the main reason I’m including this in the article. I needed a laptop for my freshman year at UMass, so I invested in a Lenovo y700. It was a fine laptop — a little big but still fine — with one glaring issue: the graphics card.

I had bought my y700 with the laptop version of a GTX 960 inside of it, NVidias last-gen hardware. The reason this was a poor decision was because, very simply, the GTX 1060 had already been released. That is, the desktop version had been released.

My impatient self, eager for a new laptop for college, refused to wait for the laptop version of the GTX 1060, so I made a full price purchase on a laptop with tech that I knew would be out of date in a few months. And, lo and behold, that was one of the main reasons I ended up selling my y700 in favor of a GTX 1060 bearing laptop in the following summer.

Release dates on things like phones, computer hardware and laptops can often be tracked on a yearly release clock. Did Apple reveal the current iPhone in November of last year? Maybe don’t pay full price on one this coming October, just in case they make that reveal in a similar time.

Patience is a virtue, especially when it comes to future proofing.

What is your budget?

 

This one is pretty obvious, which is why I put it last. However, I’m including it in the article because of the nuanced nature of pricing when buying electronics.

Technically, I could throw a 3-grand budget at a Best Buy employee’s face and ask them to grab me the best laptop they’ve got. It’ll almost definitely fulfill my needs, will probably not be obsolete for quite awhile, and might even come with some nice upgradeability that you may not get with a cheaper laptop.

However, what if I’m overshooting? Sure, spending 3 grand on a laptop gets me a top-of-the-line graphics card, but am I really going to utilize the full capacity of that graphics card? While the device you buy might be powerful enough to do everything you want it to do, a purchase made by following my previously outlined philosophy on future proofing will also do those things, and possibly save you quite a bit of money.

That’s not to say I don’t advocate spending a lot of money on computer hardware. I’m a PC enthusiast, so to say that you shouldn’t buy more than you need would be hypocritical. However, if your goal is to buy a device that will fulfill your needs, allow upgrades, and be functional in whatever you need it to do for the forseeable future, throwing money at the problem isn’t really the most elegant way of solving it.

Buy smart, but don’t necessarily buy expensive. Unless that’s your thing, of course. And with that said…

 

…throwing money at a computer does come with some perks.

Categories
Linux Operating System Web

Arch Linux and Eduroam on a Raspberry Pi, No Ethernet Cable Required


Raspbian may be the most common OS on Raspberry Pi devices, but it is definitely not alone in the market. Arch Linux is one such competitor, offering a minimalist disk image that can be customized and specialized for any task, from the ground up – with the help of Arch Linux’s superb package manager, Pacman.

The office website for Arch Linux Arm contains all the necessary files and detailed instructions for the initial setup. After a reasonably straightforward process, plugging in the Raspberry Pi will great you with a command line interface, CLI, akin to old Microsoft DOS.

Luckily for those who enjoy a graphical interface, Arch Linux supports a wide variety in its official repository, but for that, we need the internet.  Plenty of tutorials detail how to connect to a typical home wifi, but Eduroam is a bit more challenging. To save everyone several hours of crawling through wikis and forums, the following shall focus on Eduroam.

To begin, we will need root privilege; by default this can be done with the following command:

su

After entering the password, we need to make the file:

nano /etc/wpa_supplicant/eduroam

Quick note: The file doesn’t need to be named eduroam.

Now that we’re in the nano text editor we need to write the configuration for eduroam. Everything except the indentity and password field needs to be copied exactly. For the propose of this Tutorial I’ll be John Smith, jsmith@umass.edu, with password Smith12345.

network={
			ssid=”eduroam”
			key_mgmt=WPA-EAP
			eap=TTLS
			phase2=”auth=PAP”
			identity=”jsmith@umass.edu”
			password=”Smith12345”
	}

Quick note: the quotation marks are required, this will not work without them.

Now that that’s set, we need to set the file permissions to root only, as its never good to have passwords in plain text, unsecured.

chmod og-r /etc/wpa_supplicant/eduroam

Now just to make sure that everything was set properly, we will run

ls -l /etc/wpa_supplicant | cut -d ' ' -f 1,3-4,9

The correct output should be the following

-rw------- root root eduroam

If you named the config file something other than eduroam, it will show up on the output as that name.

Now that that’s all set, we can finally connect to the internet.

wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/eduroam &

Provided everything is set correctly, you will see “wlan0: link becomes ready” halfway through the last line of the page, hit enter and just one more command.

dhcpcd

Now, just to check we’re connected, we’ll ping google

ping google.com -c 5

If everything is set, you should see 5 packets transmitted, 5 packets received.
Now that we’re connected, its best to do a full update

pacman -Syyu

At this point, you are free to do what you’d like with Arch. For the sake of brevity I will leave off here, for extra help I highly recommend the official Arch Linux Wiki. For a graphical UI, I highly recommend setting up XFCE4, as well as a network (wifi) manager.

 

Example of a customized XFCE4 desktop by Erik Dubois

 

 

Disclaimer: UMass IT does not currently offer technical support for Raspberry Pi.

Categories
Operating System

How to use Audacity to Edit Photos

https://orig00.deviantart.net/8c42/f/2013/007/9/8/glitch_art_spider_by_qubodup-d5qqdkl.png
Photo: qubodup on DeviantArt

Glitch art is an increasingly popular form of art that uses digital interference or glitches to make interesting art. In this tutorial I will be showing you how to use Audacity to edit photos as if they are sound, which can create some cool effects.

Here’s what you need:

  • Adobe Photoshop (I use the CC version so your experience may vary.)
  • Audacity (free at Audacity.com)
  • A picture

The first step is to open the image in Photoshop. Go to File> Open > Your_file. After opening, we need to save this file as a format that Audacity can understand. We will use the .tiff format. So go to File>Save As Then go to .tiff next to “Save as type”. See the below photo for an example of how this should look:

Displaying Capture2.PNG

Then Photoshop will ask you about the settings for the .tiff file. Leave everything as it is except “Pixel Order” change it to Per Channel. Per channel splits up where the color data for the photo is stored, allowing us to edit individual parts of the RGB spectrum. See below photo again:

Displaying Capture.PNG

Once the file is saved as a .tiff file, open up Audacity and click File>Import Raw Data then select your .tiff file. Once this is complete Audacity will ask for some settings to import the raw data. Change “encoding” to “U-Law” and “Byte Order” to “Little-endian” then click import. See photo of how it should look below:

Displaying Capture3.PNG

You now have your image in Audacity as a sound file! Here is where the creativity comes in. To glitch up the image, use the effect tab in Audacity and play around with different effects. Most images have a part in the beginning of the file that is needed to open the image so if you get an error trying to open the picture don’t worry; just don’t start the effect so close to the beginning next time. There should also be some noticeable sections in the waveform — these represent the different RGB colors. So if you only select one color, you can make an effect only happen to one color. Once you finish your effects, it’s time to export.

To export go to File>Export. When prompted set the file type to “Other uncompressed files”. See photo of how it should look below:

Displaying Capture.5PNG.PNG

Then click option at the bottom right. For “header” select “RAW (header-less) and for “encoding” select “U-Law” again. Then hit “OK” and save your file. Now you should be able to open the RAW file and see how your work came out. See photo of how it should look below:

Displaying Capture4.PNG

Categories
Security Software Web

What Do Cryptocurrency Miners Do?

You’ve probably heard of Bitcoin. Maybe you’ve even heard of other cryptocurrencies, like Ethereum. Maybe you’ve heard that these cryptocurrencies are mined, but maybe you don’t understand how exactly a digital coin could be mined. We’re going to discuss what cryptocurrency miners do and why they do it. We will be discussing the Bitcoin blockchain in particular, but keep in mind that Bitcoin has grown several orders of magnitude greater in the 9-10 years it’s been around. Though other cryptocurrencies change some things up a bit, the same general concepts apply to most blockchain-based cryptocurrencies.

What is Bitcoin?

Bitcoin is the first and the most well-known cryptocurrency. Bitcoin came about in 2009 after someone (or someones, nobody really knows) nicknamed Satoshi Nakamoto released a whitepaper describing a concept for a decentralized peer-to-peer digital currency based on a distributed ledger called a blockchain, and created by cryptographic computing. Okay, those are a lot of fancy words, and if you’ve ever asked someone what Bitcoin is then they’ve probably thrown the same word soup at you without much explanation, so let’s break it down a bit:

Decentralized means that the system works without a main central server, such as a bank. Think of a farmer’s market versus a supermarket; a supermarket is a centralized produce vendor whereas a farmer’s market is a decentralized produce vendor.

Peer-to-peer means that the system works by each user communicating directly with other user. It’s like talking to someone face-to-face instead of messaging them through a middleman like Facebook. If you’ve ever used BitTorrent (to download Linux distributions and public-domain copies of the U.S. Constitution, of course), you’ve been a peer on a peer-to-peer BitTorrent network.

Blockchain is a hot topic right now, but it’s one of the harder concepts to describe. A blockchain performs the job of a ledger at a bank, keeping track of what transactions occurred. What makes blockchain a big deal is that it’s decentralized, meaning that you don’t have to trust a central authority with the list of transactions. Blockchains were first described in Nakamoto’s Bitcoin whitepaper, but Bitcoin itself is not equivalent to blockchain. Bitcoin uses a blockchain. A blockchain is made up of a chain of blocks. Each block contains a set of transactions, and the hash of the previous block, thus chaining them together.

Hashing is the one-way (irreversible) process of converting any input into a string of bits. Hashing is useful in computer science and cryptography because it’s really easy to get the hash of something, but it’s almost impossible to find out what input originally made a particular hash. Any input will always have the same output, but any little difference will make a completely different hash. For example, in the hashing algorithm that Bitcoin uses called SHA-256, “UMass” will always be:

D79DCC44F746FB74C71CE93CAA65A527AD0A743E7E57F5D5E5A7F21337D742F9

but “UMasss” will be completely different:

3EA2E03CE0286302451E2EAB2ABFEC310A6A164B4F27634FED4E81744A50D4E4

In this 64-character string, each character represents 4 bits. This hash can also be represented as 256 binary bits:

1101011110011101110011000100010011110111010001101111101101110100110001110001110011101001001111001010101001100101101001010010011110101101000010100111010000111110011111100101011111110101110101011110010110100111111100100001001100110111110101110100001011111001

Those are the general details that you need to know to understand cryptocurrency. Miners are just one kind of participant in cryptocurrency.

Who are miners?

Anybody with a Bitcoin wallet address can participate in the blockchain, but not everybody who participates has to mine. Miners are the ones with the big, beefy computers that run the blockchain network. Miners run a mining program on their computer. The program connects to other miners on the network and constantly requests the current state of the blockchain. The miners all race against each other to make a new block to add to the blockchain. When a miner successfully makes a new block, they broadcast it to the other miners in the network. The winning miner gets a reward of 12.5 BTC for successfully adding to the blockchain, and the miners begin the race again.

Okay, so what are the miners doing?

Miners can’t just add blocks to the blockchain whenever they want. This is where the difficulty of cryptocurrency mining comes from. Miners construct candidate blocks and hash them. They compare that hash against a target.

Now get ready for a little bit of math: Remember those 256-bit hashes we talked about? They’re a big deal because there are 2^256 possible hashes (that’s a LOT!), ranging from all 0’s to all 1’s. The Bitcoin network has a difficulty value that changes over time to make finding a valid block easier or harder. Every time a miner hashes a candidate block, they look at the binary value of the hash, and in particular, how many 0s the hash starts with. When a candidate block fails to meet the target, as they often do, the miner program tries to construct a different block. If the number of 0’s at the start of the hash is at least the target amount specified by the difficulty, then the block is valid!

Remember that changing the block in any way makes a completely different hash, so a block with a hash one 0 short of the target isn’t any closer to being valid than another block with a hash a hundred 0’s short of the target. The unpredictability of hashes makes mining similar to a lottery. Every candidate block has as good of a chance of having a valid hash as any other block. However, if you have more computer power, you have better odds of finding a valid block. In one 10 minute period, a supercomputer will be able to hash more blocks than a laptop. This is similar to a lottery; any lottery ticket has the same odds of winning as another ticket, but having more tickets increases your odds of winning.

Can I become a miner?

You probably won’t be able to productively mine Bitcoin alone. It’s like buying 1 lottery ticket when other people are buying millions. Nowadays, most Bitcoin miners pool their mining power together into mining pools. They mine Bitcoin together to increase the chances that one of them finds the next block, and if one of the miners gets the 12.5 BTC reward, they split their earnings with the rest of the pool pro-rata: based on the computing power (number of lottery tickets) contributed.

Takeaways

The U.S. dollar used to be tied to the supply of gold. A U.S. dollar bill was essentially an I.O.U. from the U.S. Federal Reserve for some amount of gold, and you could exchange paper currency for gold at any time. The gold standard was valuable because gold is rare and you have to mine for it in a quarry. Instead of laboring by digging in the quarries, Bitcoin miners labor by calculating hashes. Nobody can make fraudulent gold out of thin air. Bitcoin employs the same rules, but instead of making the scarce resource gold, they made it computer power. It’s possible for a Bitcoin miner to get improbably lucky and find 8 valid blocks in one day and earn 100 BTC, just like it’s possible but improbable to find a massive golden boulder while mining underground one day. These things are effectively impossible, but it is actually impossible for someone to fake a block on the blockchain (The hash would be invalid!) or to fake a golden nugget. (You can chemically detect fool’s gold!)

Other cryptocurrencies work in different ways. Some use different hashing algorithms. For example, Zcash is based on a mining algorithm called Equihash that is designed to be best mined by the kinds of graphics cards found in gaming computers. Some blockchains aren’t mined at all. Ripple is a coin whose cryptocurrency “token” XRP is mostly controlled by the company itself. All possible XRP tokens already exist and new ones cannot be “minted” into existence, unlike the 12.5 BTC mining reward in Bitcoin, and most XRP tokens are still owned by the Ripple company. Some coins, such as NEO, are not even made valuable by scarcity of mining power at all. Instead of using “proof of work” like Bitcoin, they use “proof of stake” to validate ownership. You get paid for simply having some NEO, and the more you have, the more you get!

Blockchains and cryptocurrencies are have become popular buzzwords in the ever-connected worlds of computer science and finance. Blockchain is a creative new application of cryptography, computer networking, and processing power. It’s so new that people are still figuring out what else blockchains can be applied to. Digital currency seems to be the current trend, but blockchains could one day revolutionize health care record-keeping or digital elections. Research into blockchain technology has highlighted many weaknesses in the concept; papers have been published on doublespend attacks, selfish mining attacks, eclipse attacks, Sybil attacks, etc. Yet the technology still has great potential. Cryptocurrency mining has already brought up concerns over environmental impact (mining uses a lot of electricity!) and hardware costs (graphics card prices have increased dramatically!), but mining is nevertheless an engaging, fun and potentially profitable way to get involved in the newest technology to change the world.