diff --git a/README.md b/README.md new file mode 100644 index 00000000..314d2619 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# lbry.io + +The [lbry.io](https://lbry.io) website diff --git a/controller/Controller.class.php b/controller/Controller.class.php index 24f77820..62da1fe2 100644 --- a/controller/Controller.class.php +++ b/controller/Controller.class.php @@ -13,7 +13,18 @@ class Controller $viewParameters = isset($viewAndParams[1]) ? $viewAndParams[1] : []; $headers = isset($viewAndParams[2]) ? $viewAndParams[2] : []; - static::sendHeaders($headers); + $defaultHeaders = [ + 'Content-Security-Policy' => "frame-ancestors 'none'", + 'X-Frame-Options' => 'DENY', + 'X-XSS-Protection'=> '1', + ]; + + if (IS_PRODUCTION) + { + $defaultHeaders['Strict-Transport-Security'] = 'max-age=31536000'; + } + + static::sendHeaders(array_merge($defaultHeaders, $headers)); if ($viewTemplate === null) { diff --git a/controller/Session.class.php b/controller/Session.class.php index 711895a1..bebd861b 100644 --- a/controller/Session.class.php +++ b/controller/Session.class.php @@ -18,7 +18,10 @@ class Session public static function init() { - session_start(); + session_start([ + 'cookie_secure' => IS_PRODUCTION, // cookie over ssl only + 'cookie_httponly' => true, // no js access + ]); } public static function get($key, $default = null) diff --git a/controller/action/DownloadActions.class.php b/controller/action/DownloadActions.class.php index e0a518de..a7829452 100644 --- a/controller/action/DownloadActions.class.php +++ b/controller/action/DownloadActions.class.php @@ -76,7 +76,7 @@ class DownloadActions extends Actions if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) { - Session::set(Session::KEY_DOWNLOAD_ACCESS_ERROR, 'Please provide a valid email. You provided: ' . $email); + Session::set(Session::KEY_DOWNLOAD_ACCESS_ERROR, 'Please provide a valid email. You provided: ' . htmlspecialchars($email)); } else { diff --git a/lib/tools/Prefinery.class.php b/lib/tools/Prefinery.class.php index dff70648..3d7eb6b9 100644 --- a/lib/tools/Prefinery.class.php +++ b/lib/tools/Prefinery.class.php @@ -60,12 +60,15 @@ class Prefinery $user = static::findUser($email); if (!$user) { + // dont record ip for lbry.io addresses, for testing + $ip = isset($_SERVER['REMOTE_ADDR']) && !preg_match('/@lbry\.io$/', $email) ? $_SERVER['REMOTE_ADDR'] : null; + $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null; $user = Prefinery::createTester(array_filter([ 'email' => $email, 'status' => $inviteCode ? static::STATE_ACTIVE : static::STATE_APPLIED, # yes, has to be ACTIVE to validate invite code 'invitation_code' => $inviteCode, 'referrer_id' => $referrerId, - 'profile' => ['ip' => $_SERVER['REMOTE_ADDR'], 'user_agent' => $_SERVER['HTTP_USER_AGENT']] + 'profile' => ['ip' => $ip, 'user_agent' => $ua] ])); } @@ -128,4 +131,4 @@ class Prefinery class PrefineryException extends Exception { -} \ No newline at end of file +} diff --git a/posts/faq/block-rewards.md b/posts/faq/block-rewards.md index 026b383d..b06b38ae 100644 --- a/posts/faq/block-rewards.md +++ b/posts/faq/block-rewards.md @@ -13,7 +13,7 @@ The source code, and not this file, is the only true definiton of the block rewa Eventually 1,000,000,000 LBRY credits will exist. They are awarded on the following schedule: -* The genesis block creates 400,000,000 credits to be administered by LBRY, Inc. 300,000,000 of these will be given away to the public. +* The genesis block creates 400,000,000 credits to be administered by LBRY, Inc. 300,000,000 of these will be strategically allocated to partners, many of whom have a direct interest in the naming layer. It also includes 100,000,000 earmarked for charity. Additionally, some may be given directly to the public in ways that add value and make sense. 100,000,000 are owned by LBRY directly. * The remaining 600,000,000 are mined in 3 stages: diff --git a/posts/faq/how-to-check-hashrate.md b/posts/faq/how-to-check-hashrate.md index df3111e5..073496e4 100644 --- a/posts/faq/how-to-check-hashrate.md +++ b/posts/faq/how-to-check-hashrate.md @@ -3,4 +3,6 @@ title: How do I check my hashrate? category: mining --- -You check your hashrate using `lbrycrd-cli gethashespersec`. +IF GPU mining please use the pool dashboard or local mining client UI. + +If CPU mining, you check your hashrate using `lbrycrd-cli gethashespersec`. diff --git a/posts/faq/mining-credits.md b/posts/faq/mining-credits.md index f9dee7bf..677ae431 100644 --- a/posts/faq/mining-credits.md +++ b/posts/faq/mining-credits.md @@ -2,8 +2,12 @@ title: How do I mine LBRY credits? category: mining --- +Library Credits (LBC) are mined over a 20-year Proof of Work period. +Block rewards increase every 100 blocks by 1LBC, peak at 500, and decline slowly. -LBRY binaries are out for OS X and Ubuntu. Others may try compiling from source. +For GPU mining, please see our list of [pools](https://lbry.io/faq/mining-pools). Each pool has a slightly different setup so please check their Getting Started page. + +For CPU mining, LBRY binaries are out for OS X and Ubuntu. Others may try compiling from source. ## Mining on Ubuntu @@ -24,4 +28,4 @@ LBRY binaries are out for OS X and Ubuntu. Others may try compiling from source. ## Compiling -LBRY can be compiled quite similarly to Bitcoin. Pester @jackrobison on Slack to fill this in! +Join us on [Slack](https://slack.lbry.io) if you need help compiling from source! diff --git a/posts/faq/mining-pools.md b/posts/faq/mining-pools.md index 8ee5669b..b3cda65e 100644 --- a/posts/faq/mining-pools.md +++ b/posts/faq/mining-pools.md @@ -4,6 +4,7 @@ category: mining --- Absolutely. Here are some links to the pools. Each pool will have instructions on how to join and get set up. +While we try to work with reliable pool operators, LBRY does not officially run or endorse any one pool. - [Pool.MN](https://pool.mn/lbry/index.php?page=gettingstarted) - [SuprNova](https://lbry.suprnova.cc/index.php?page=gettingstarted) diff --git a/posts/news/52-day-in-shoes-venezuelan.md b/posts/news/52-day-in-shoes-venezuelan.md new file mode 100644 index 00000000..86527953 --- /dev/null +++ b/posts/news/52-day-in-shoes-venezuelan.md @@ -0,0 +1,113 @@ +--- +author: lbry +title: 'Walking a Day in Venezuelan Shoes' +date: '2016-07-26 00:09:18' +cover: 'venezuela.jpg' +--- +Javier, a young Venezuelan and cryptocurrency advocate, joined [LBRY’s Slack](http://slack.lbry.io/) earlier this month to get access to our beta and learn more about LBRY’s vision. + +He shared with us a brief look into his life in Venezuela, where a socialist government has mismanaged the economy to the point of destruction. The local currency, the Venezuelan bolivar, is forecast to experience [1,600% inflation next year](http://blogs.wsj.com/economics/2016/07/18/venezuelas-inflation-is-set-to-top-1600-next-year/). Inflation will reach almost 500% this year. + +Venezuelans of all income levels are struggling with crippling shortages of food, medicine, and the most basic everyday products. Riots in the streets are almost a daily occurrence. The President has just given [control of the food supply to the military](http://www.wsj.com/articles/venezuelan-president-puts-armed-forces-in-charge-of-new-food-supply-system-1468335415). + +At the time Javier joined us, we had enabled LBRY Credit (LBC) tipping on our Slack channels. Someone sent Javier a small tip, and he responded: + +>”From the deepest corner of my heart, thanks a lot sir. I live in a poor country and I starve everyday. ... I really hope we get a new president this year. I can wait no longer, if hunger or insecurity doesn't kill me, sadness will." + +We asked him to tell us his story and that is what follows, with minor edits for clarity. + +You can help Javier by sending him BTC or LBC: + +**BTC:** 35jRKCLRXjL5j8sJDJJQZHmHkMNa18EVR5 + +**LBC:** bbBNDgX9WDKEWTaGkCi7yDjcaPdRb6GM4L + +**
Walking a Day in Venezuelan Shoes
** + +*
By Javier [Name Redacted for Safety]
* + +**The day starts** + +You get up early in the morning, you clean yourself, you say hi to your family, you take your breakfast and you go to work, you meet your work schedule, you go to the supermarket and get some food, you get home, share with your family, maybe watch TV news, and then you rest to get ready for another day of living. + +I bet this sounds like the day of most of you, because that is the way it should be: You work to get bread to the table. What could defer this short description of the day of an average worker in Venezuela? The answer might take your breath away. + +While it is true that here in Venezuela you have to comply with these general guidelines, the truth is that sometimes it is not that easy. + +**May the odds be ever in your favor** + +Here’s how your day really looks in modern Venezuela. + +You get up, you clean yourself, you say hi to your family. Up to here everything is normal. Then you have to take the first important decision in your day: Should I have breakfast? + +You get paid monthly $33 VEF (Venezuelan bolivars), which is on average $1.10 US dollars per day. For 1 kg of flour, you must pay $1.4 VEF; for 1Kg of sugar you must pay $1.8; $3 for beans; even for a 2-liter Coke you must pay $1.2. You just can't afford it. + +In order to be able to buy some food, you must stand in long lines at the supermarkets for hours (4 on average) under a hot, 40°C sunny day. + +You must struggle against insecurity. In these lines people get killed by the hands of their fellow citizens. Under anguish and despair they just fall to madness, because these foods are sold on the black market for 4 times their price. Not to mention the constant threat of motorized criminals that even for an smart phone may take your life. + +Getting medicines is not easy. Old people die for lack of medicines to treat high tension and cholesterol. Even a painkiller is something that you will rarely see in a pharmacy. + +Let’s say that you managed to get some food for today, and you are healthy. What’s next? Maybe you want a little distraction – go to movie theater, perhaps. Let me tell you that on a movie and a few snacks you can easily spend $14 VEF (almost 13 days of wages). + +A car? Ha! You must work for two years without spending a single nickel in order to get an old, rusty car. + +A house? That’s 20 years of salary, and you know, don't spend a single bolivar in the meantime, because you'll take longer to save. + +**Don't think out loud** + +Maybe you feel like expressing yourself about the situation that you are living in, but hey! Don't do it on social networks, because the police might go to your home and take you to jail just because you are talking bad of the government or telling the truth. + +**Study. But not for you, for them** + +You can prepare yourself as a professional and get a PhD. But that is worth nothing because a taxi driver can earn a lot more than any professional. (No offense to taxi drivers, I'm truly thankful for your services.) + +Maybe it will work if you study in a government institution. But here, history books aren't what they used to be, because they have rewritten the whole history to make the government look illustrious, victorious, capable. + +**Clap like a seal, nod like an iguana** + +The only people that might have a chance of not going through so much (with the exception of their personal safety) are those who are in favor of and working for the government. + +Having inside work can get you food, a good salary (but not much better), and maybe you can get into any mob (Have you heard of "El cartel de los soles"?) that exists in the different organizations. They exist to get privileges like medicines. + +Take note: Saying "no" is forbidden. Missing a meeting is forbidden. Thinking different is forbidden, at least out loud. + +**Light at the end of the tunnel** + +How can you survive such a... I don't know what to call it. + +You can take my food, you can take my medicines, you can take the peace out of my house. + +But there is something that you will never take from me, and this lives in the Blockchain. + +I'm talking about cryptocurrencies. + +Unlike local currency, cryptocurrencies don't lose their value over time, they reevaluate. This is something that is worth working for. + +If I had 1000 VEF yesterday (in local currency, about $1 US dollar), then today it is enough to buy less products than yesterday. (It's true; prices change wildly from one week to the next.) + +But if yesterday I had 1 BTC, today I’m able to buy more stuff than yesterday. Magic. + +**Something that is worth it** + +And this is just BTC. Now with a twist, LBRY enters the scene. An open source library that allows me, as an artist, to share my multimedia content in exchange for cryptocurrencies. + +Besides freedom of distribution, LBRY is an open source library. Knowledge must be free and accessible to everyone. That is what LBRY aims for. + +**Conclusion** + +I'm a semi-professional young man (I couldn't finish college for monetary reasons), of low resources (unemployed for not being a professional), with an unstable feeding (my fridge broke two years ago), hated for thinking different (crypto-what? That's a lie in the eyes of my fellow countrymen). But it is time to say enough. + +I'm not afraid to express what I’m telling you here. What else could they take from me? Can you call this a life? + +My life from now on (and always should) contributes to the open source community (secrets in my eyes are tyranny) and developing cryptocurrency platforms, because they can't take those from me. Like LBC – a coin that not only will allow me earn the foods I need to survive, but also will help me express myself better to this world and at the same time make it a better place. + +Thanks LBRY team. + +Javier, July 2016 + +You can help Javier by sending him BTC or LBC: + +**BTC:** 35jRKCLRXjL5j8sJDJJQZHmHkMNa18EVR5 + +**LBC:** bbBNDgX9WDKEWTaGkCi7yDjcaPdRb6GM4L diff --git a/view/template/download/_refer.php b/view/template/download/_refer.php index ab555c65..4484ab51 100644 --- a/view/template/download/_refer.php +++ b/view/template/download/_refer.php @@ -1,5 +1,5 @@

Share and Earn

-

Earn for each user who joins via this URL:

+

Earn for each user who joins via this URL:

diff --git a/view/template/page/publish.php b/view/template/page/publish.php index f9b445be..58a630c6 100644 --- a/view/template/page/publish.php +++ b/view/template/page/publish.php @@ -64,7 +64,7 @@

LBRY uses the ground-breaking innovation of the blockchain to leave no one in control of your content except for you (including us!).

- LBRY is an open-source protocol that is controlled by it's users: we could not change the rules even if wanted to. + LBRY is an open-source protocol that is controlled by it's users: we could not change the rules even if we wanted to.

Complete Creator Control

Update your content at any time. Change the price. Change the title. Publish, unpublish. You and only you can do this in LBRY.

@@ -83,7 +83,7 @@
  • Receive $1,000 worth of LBRY credits to hold, use or sell.
    - We make no guarantee of the value of a credit, but credits are actively traded. Current credit price can be seen + We make no guarantee of the current or future monetary value of a credit, but credits are actively traded. Current credit market prices can be seen here or here.
    • diff --git a/web/img/blog-covers/venezuela.jpg b/web/img/blog-covers/venezuela.jpg new file mode 100644 index 00000000..8177c109 Binary files /dev/null and b/web/img/blog-covers/venezuela.jpg differ