The CryptoLab

Technology for the Crypto Culture

The CryptoLab is your crypto technology resource. It is designed to help you navigate the ever-changing crypto and blockchain technology. I provide education and consulting services and relevant resources related to the technological aspects of the crypto space.

Register For Free Today! Join us on Telegram – CryptoLab

**Education opportunity coming this Fall: Cyber Security. Details coming soon.**

The CryptoLab

Technology for the Crypto Culture

The CryptoLab is your crypto technology resource. It is designed to help you navigate the ever-changing crypto and blockchain technology. I provide education and consulting services and relevant resources related to the technological aspects of the crypto space.

Register For Free Today! Join us on Telegram – CryptoLab

**Education opportunity coming this Fall: Cyber Security. Details coming soon.**

Latest stories

Set Up Pi-hole As Truly Self-Contained DNS Resolver


The full article can be found here –
Learn more about what a DNS recursive resolver is 

Setting up Pi-hole as a recursive DNS server solution

We will use unbound, a secure open source recursive DNS server primarily developed by NLnet Labs, VeriSign Inc., Nominet, and Kirei. The first thing you need to do is to install the recursive DNS resolver:
sudo apt install unbound

Optional: Download the list of primary root servers (serving the domain .). Unbound ships its own list, but we can also download the most recent list and update it whenever we think it is a good idea. Note: there is no point in doing it more often then every 6 months.
wget -O root.hints
sudo mv root.hints /var/lib/unbound/

Configure unbound

Listen only for queries from the local Pi-hole installation (on port 5335)
Listen for both UDP and TCP requests
Verify DNSSEC signatures, discarding BOGUS domains
Apply a few security and privacy tricks


verbosity: 0

port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes

# May be set to yes if you have IPv6 connectivity
do-ip6: no

# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no

# Use this only when you downloaded the list of primary root servers!
# Location of root.hints
root-hints: "/var/lib/unbound/root.hints"

# Trust glue only if it is within the servers authority
harden-glue: yes

# Ignore very large queries.
harden-large-queries: yes

# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
# If you want to disable DNSSEC, set harden-dnssec stripped: no
harden-dnssec-stripped: yes

# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472

# Rotates RRSet order in response (the pseudo-random
# number is taken from Ensure privacy of local IP
# ranges the query ID, for speed and thread safety).
# private-address:
rrset-roundrobin: yes

# Time to live minimum for RRsets and messages in the cache. If the minimum
# kicks in, the data is cached for longer than the domain owner intended,
# and thus less queries are made to look up the data. Zero makes sure the
# data in the cache is as the domain owner intended, higher values,
# especially more than an hour or so, can lead to trouble as the data in
# the cache does not match up with the actual data anymore
cache-min-ttl: 300
cache-max-ttl: 86400

# Have unbound attempt to serve old responses from cache with a TTL of 0 in
# the response without waiting for the actual resolution to finish. The
# actual resolution answer ends up in the cache later on.
serve-expired: yes

# Harden against algorithm downgrade when multiple algorithms are
# advertised in the DS record.
harden-algo-downgrade: yes

# Ignore very small EDNS buffer sizes from queries.
harden-short-bufsize: yes

# Refuse id.server and hostname.bind queries
hide-identity: yes

# Report this identity rather than the hostname of the server.
identity: "Server"

# Refuse version.server and version.bind queries
hide-version: yes

# Prevent the unbound server from forking into the background as a daemon
do-daemonize: no

# Number of bytes size of the aggressive negative cache.
neg-cache-size: 4M

# Send minimum amount of information to upstream servers to enhance privacy
qname-minimisation: yes

# Deny queries of type ANY with an empty response.
# Works only on version 1.8 and above
deny-any: yes

# Do no insert authority/additional sections into response messages when
# those sections are not required. This reduces response size
# significantly, and may avoid TCP fallback for some responses. This may
# cause a slight speedup
minimal-responses: yes

# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
# This flag updates the cached domains
prefetch: yes

# Fetch the DNSKEYs earlier in the validation process, when a DS record is
# encountered. This lowers the latency of requests at the expense of little
# more CPU usage.
prefetch-key: yes

# One thread should be sufficient, can be increased on beefy machines. In reality for
# most users running on small networks or on a single machine, it should be unnecessary
# to seek performance enhancement by increasing num-threads above 1.
num-threads: 1

# more cache memory. rrset-cache-size should twice what msg-cache-size is.
msg-cache-size: 50m
rrset-cache-size: 100m

# Faster UDP with multithreading (only on Linux).
so-reuseport: yes

# Ensure kernel buffer is large enough to not lose messages in traffix spikes
so-rcvbuf: 4m
so-sndbuf: 4m

# Set the total number of unwanted replies to keep track of in every thread.
# When it reaches the threshold, a defensive action of clearing the rrset
# and message caches is taken, hopefully flushing away any poison.
# Unbound suggests a value of 10 million.
unwanted-reply-threshold: 100000

# Minimize logs
# Do not print one line per query to the log
log-queries: no
# Do not print one line per reply to the log
log-replies: no
# Do not print log lines that say why queries return SERVFAIL to clients
log-servfail: no
# Do not print log lines to inform about local zone actions
log-local-actions: no
# Do not print log lines that say why queries return SERVFAIL to clients
logfile: /dev/null

# Ensure privacy of local IP ranges
private-address: fd00::/8
private-address: fe80::/10

Start your local recursive server and test that it’s operational:
sudo service unbound start
dig @ -p 5335

The first query may be quite slow, but subsequent queries, also to other domains under the same TLD, should be fairly quick.
Important steps:
In order to experience high speed and low latency DNS resolution, you need to make some changes to your Pi-hole. These configurations are crucial because if you skip these steps you may experience very slow response times:

Open the configuration file /etc/dnsmasq.d/01-pihole.conf and make sure that cache size is zero by setting cache-size=0. This step is important because the caching is already handled by the Unbound Please note that the changes made to this file will be overwritten once you update/modify Pi-hole.

When you’re using unbound you’re relying on that for DNSSEC validation and caching, and pi-hole doing those same things are just going to waste time validating DNSSEC twice. In order to resolve this issue you need to untick the Use DNSSEC option in Pi-hole web interface by navigating to Settings > DNS > Advanced DNS settings.

Test validation
You can test DNSSEC validation using
dig @ -p 5335
dig @ -p 5335

The first command should give a status report of SERVFAIL and no IP address. The second should give NOERROR plus an IP address.
Configure Pi-hole
Finally, configure Pi-hole to use your recursive DNS server:

BCH Fork 2020


Bitcoin Cash Fork, 15 November 2020: What it Means for YouBitcoin Cash will hard fork on November 15 2020 around 12:00 pm UTC as part of a scheduled protocol upgrade. This upgrade is controversial and will likely result in two chains after the fork. The likely split is between two protocols known as “Bitcoin Cash Node” and “Bitcoin Cash ABC.” At the present time, over 70% of blocks are signaling for Bitcoin Cash Node while less than 1% are signaling for Bitcoin Cash ABC, so Bitcoin Cash Node looks like it will be the dominant chain by far. If your platform does not support the fork and you wish to participate, do not wait until 2 days before the fork to do something, do it now.

C&B – Caleb & BrownC&B will not be supporting the BCH fork. I spoke with Jeff Zylstra this morning and this is what he had to say. “Unfortunately we do not support forks or airdrops 🙁  Token holders will need to withdraw to their personal wallets”Which makes perfect sense on their end. 

Hardware Wallet Support Ledger will suspend their BCH services from the 12th of November at 07:00 UTC for security reasonsTrezor WILL NOT support the BCH fork“SatoshiLabs (aka Trezor) will not be participating in the fork until a decision is made by the community. If you wish to take part in the fork, you should transfer your BCH balance to another wallet which is supporting the coin split, to make sure you receive any coins resulting from the hard fork.”

Exchange SupportKraken will support the Fork.Binance will suspend BCH deposits and withdrawals on the day of the hard fork, then act depending on which of the two presented scenarios comes true: there are two competing chains, or there is no new coin.OKEx has announced their support for the hard fork, stating that, should it be successful, OKEx users holding BCH prior to the fork would receive the two new assets, BCH ABC and BCHN. In the days leading to the fork the BCH margin lending function, spot and margin trading services, and deposit function will all be suspended.Huobi Global made similar statements, adding that “after the community has formed a consensus on BCH naming, we will end the transition period and rename BCHA or BCHN.” FTX also discussed the competing chain scenario, stating, as Binance did, that “users will be credited with the BCH from the chain with the most work done.”In the meantime, Poloniex told its users that they can either hold their BCH which will be converted to BCHABC and BCHSV after the fork, or they can convert their coins into BCHABC and BCHSV before the fork and trade those tokens in the BTC and USDC markets. Both chains will be supported, but if only one remains technically and economically viable “we may rename it BCH,” they said.BitMEX said that the products and indices affected by the fork “will follow one side of the fork only and we aim to keep markets open when the fork occurs,” adding that product and index names will remain unchanged.

Software WalletsI have not found a statement on whether Exodus or Atomic Wallet will be supporting the BCH Fork.ExodusTrying to support all forks of a coin is simply not feasible for Exodus, and is often technically impossible as well. This applies to many of the forks of Bitcoin, Bitcoin Cash, Ethereum, Litecoin, ZCash, EOS, and other assets that have occurred over the years. Many of these forks may offer little to no market value, or they may suffer from a lack of developer support.

IOST Wallet Creation Using Citadel Wallet


It’s taken me months to find a IOST wallet that will allow me to hold my own keys and stake my IOST. I’ve wasted many a man hour going through the process from wallet to wallet only to find out they hold the private keys or I can’t stake my IOST using a particular wallet.
Finally created a solution for us. The Citadel Wallet allows us to:

Hold our own private keys
Stake our IOST to earn IOST rewards

To start the process you can visit the URL below or follow the video I created below the URL

Misc IOST info –

ADA AdaLite Q&A


This is an excerpt from an email I just got from the AdaLite group. It answers some questions that have been posed to them. The only relationship I have with AdaLite is that I stake my ADA with them.


When are the Staking Rewards distributed?

Seems like this is still unclear to many people. Initially, when you first delegate, it takes 15-19 days for your first reward to show up, after that you will be receiving your rewards every 5 days, at the end of the epoch. You can take a look at this picture to better understand the Staking Rewards lifecycle.

If you delegated your stake on or before 13th August you should already see rewards in your wallet. If you first delegated between 14th-18th August, you will receive rewards at the end of current epoch (2nd September).If you first delegated between 19 Aug – 23 Aug you will get first rewards on 8th SeptemberFirst delegations between 24-29 Aug will receive rewards 13th September.

Please remember, you don’t have to withdraw the rewards after each epoch, they are automatically staked!

How are the rewards affected by the pool performance?

We already know exact results for the first 2 epochs where the staking rewards bonus or penalties for pool performance were not applied. ADLT pools brought over 5.4% ROI to our delegators (after fees) which is pretty much market standard among the top pools.

Currently, this ROI was mostly affected by the size of the pool (larger pools had slightly better ROI) but from the last epoch 213 (24th – 28th August) also the pool performance and luck are kicking in. This means that rewards will be affected by the number of blocks the pool minted compared to how many blocks the pool was supposed to mint.

How many blocks is the pool entitled to mine in an epoch is affected by some randomness so it can happen that pool that minted all blocks it was assigned will have under average performance because they were randomly assigned fewer blocks to mint in the epoch and vice versa, a pool that missed some of its blocks can have above-average performance if they randomly received more blocks to mint in the epoch. But in the long run, it should be easy to find out which pools are reliable and which not.

AdaLite Stake Pools update

Our pools are doing really great and we will bring better than average returns to our delegators for epoch 213 as we were lucky and we were assigned a lot of blocks. We expect the ROI for ADLT2 to be around 5.7% and for ADLT we expect even up to 6.5% ROI for the epoch 213 (you will see the exact results after current epoch 214 ends on Wednesday).

As we have been receiving a lot of delegations lately, first two pools are already pretty full and we opened 3rd pool. The saturation level for ADLT2 pool reached 85% which is still good and won’t affect the performance of the pool in a negative way but it would be great if some people from ADLT2 move to the new ADLT3 pool. We received almost 70 million of ADA delegated to ADLT2 in one night last week.

ADLT3: 92229dcf782ce8a82050fdeecb9334cc4d906c6eb66cdbdcea86fb5f ADLT2: ce19882fd62e79faa113fcaef93950a4f0a5913b20a0689911b6f62dADLT: 04c60c78417132a195cbb74975346462410f72612952a7c4ade7e438

What is Pool saturation?

Saturation is a term used to indicate that a particular stake pool has more stake delegated to it than is ideal for the network. This is dependant on the current setting of the network and currently, pools that have more than ~210 million ADA delegated to them are considered saturated and receive penalties for the rewards. 

Staking Rewards withdrawal

Delegators are receiving rewards at the end of the epoch to special Rewards Address which is represented by the Rewards Account Balance on the Staking screen in AdaLite. Once you have some funds on this account, you will see the withdraw button that will allow you to transfer the funds to one of your spending addresses. This operation involves a transaction fee and it is not necessary to do this unless you want to send the rewards away from your wallet. Rewards are automatically staked also when they are sitting in your Rewards Account (you just can’t spend them).

Export transaction history to CSV

We added the possibility to export your transaction history to CSV. Currently, we also display rewards withdrawal transactions here but we don’t display the rewards distribution. It is up to a discussion about what should we be displaying in the export in future – rewards distribution after each epoch or the rewards withdrawal only.

Theta Un-Delegating


Here is a very quick example on how you can un-delegate your Theta Tokens. When you un-delegate your Theta, you must un-delegate all your tokens and re-delegate.

Log into your Theta Wallet via the online wallet . You do not need to log into GPool or any other delegator to un-delegate your tokensAfter you have logged in, click on the Stakes tab.Use the address circled in red from the above image under Holder. This is the address of the Theta Guardian Node you have Delegated against. Do Not use the Guardian Node Summary address to withdraw. The address circled above is from GPool, yours may be different. Highlight your address and use the copy feature of your browser. Click the Withdraw Stake button.Copy the address from the previous page into the field above. Continue the remainder of the process. (I’ll add more when I un-delegate mine)The withdrawal takes about 48 hours to finalize and the coins become available.

ADX Swap


Below is a video that was put together with information from the links found below the video.  If your tokens are staked on the ADX portal or held on a major exchange (Binance, Upbit, Bittrex, Uniswap,, Huobi or HitBTC) they are migrated automatically and you do not need to do anything.

Help with the ADX token swap


How to add the new ADX (contract) in MetaMask

OPTIONAL: After this, we recommend that you add the new ADX to MetaMask so that it shows in “Assets”. Here’s how to do it:

Go to “Assets” in Metamask.,Scroll to the bottom and click “Add Token”Select “Custom Token” and enter 0xade00c28244d5ce17d72e40330b1c318cd12b7c3 – the two other fields (decimals and name) will fill up automatically.Click on “Next” to finish the process.

How to find out whether I hold the new or the legacy ADX?

On Etherscan, the legacy token will show up with the name “AdEx”, symbol ADX and token address 0x4470BB87d77b963A013DB939BE332f927f2b992eOn Etherscan, the new token will show up with the name “AdEx Network”, symbol ADX and token address 0xADE00C28244d5CE17D72E40330B1c318cD12B7c3

Pi-hole Compatible Routers and ISP


List of Routers That May or May Not Work
NetGear Routers seem to work fine
Tp-Link – NoThey don’t allow DNS settings to be set to a local DNS IP address such as

Here is a list of ISP and ease of use

AT&T – works depending on the router used.
Comcast / Xfinity – works if you don’t use their equipment.  If you “rent” their equipment they do not allow you to change their DNS settings. They state “it’s hard coded into the gateway to prevent DNS Hijacks and similar attacks.”
MetroNet – works depending on the router used.
Charter  / Spectrum – works depending on the router used.

Reasons To Care About Your Digital Footprint


You can learn more about your Digital Footprint in a 9 module lesson produced by the Internet Society.

Module 1: What is a Digital Footprint?

This tutorial will review the benefits and costs of your digital footprint.

Module 2: Why did we Start Leaving such Big Footprints?

This tutorial is a case study of how everyday Internet users can build up such a big digital footprint.

Module 3: What is the Economic Bargain for Internet Users?

Everything has a price! This tutorial will look at the economics of your digital footprint.

Module 4: Are Digital Footprints a Problem?

Is loss of privacy on the Internet an issue?

Module 5: Do Different Devices Make Different Digital Footprints?

What’s the difference between a digital footprint made by a smart phone and a tablet?

Module 6: How Can I Manage My Digital Footprints?

While managing your digital footprint isn’t easy, this tutorial will guide you on how you can start making it part of your online routine.

Module 7: Who Is Tracking Me and How Do They Do It?

This tutorial looks at who follows us around the Internet.

Module 8: What Dynamics are at Work in the World of Digital Footprints?

This tutorial gives an overview of the nuances of what a digital footprint can mean in different parts of the world.

Module 9: How Does Legislation Affect Digital Footprints?

The Internet is global, but privacy laws are not. This tutorial looks at how privacy laws in different parts of the world can impact your digital footprint.

CryptoLab VPN Speed Tests


I had one of the users concerned about using the CryptoLab VPN and wondered if it would slow down his internet connection like his current VPN provider does. I’ve been using it for over a year now and I never notice a slowdown. Here are my results.

I ran these tests from my house using Gig Fibre. I’m in the Eastern Time Zone (USA) during this test. This test was conducted on August 16, 2020. Each test was run from the VPN city to St. Louis, MO. London and Sydney were tested to St. Louis, MO and to a local connection in their own city. Your speeds will vary depending on your location and how busy your Internet Service Provider (ISP) is.

Home Baseline no VPN to UniversityHome Baseline no VPN Atlanta to St. Louis, MO Dallas to St. Louis, MO Fremont to St. Louis, MONewark to St. Louis, MO London to St. Louis, MOLondon to London Sydney to St. Louis, MOSydney to Sydney

Internet speed tests might be a bit rigged, but it’s the easiest way to test your speed. That’s why I ran the test from each VPN city to a central city and not the closest city to the VPN connection

How To Find Your IP Address On Mac & Windows


In order to configure your Pi-hole correctly I’ll need to know your current IP range. Below is a video showing you how to find your IP address on both a Mac & Windows computer. To set up your Pi-hole correctly I need your Internal IP range and not the External IP address that your internet provider issues to your internet modem/router.

Internal IP addresses typically will look like the following:192.168.x.x192.

When your Pi-hole is configured I will set the ip address to a standard that will match your network IP range and this information can be found below.

Pi-hole IP – IP –

Pi-hole IP – IP –

If your IP range is not set correctly, your computer will not be able to access the admin pages and you will not be able to access the Pi-hole. If this is the case, you would need to manually re-set the IP address to something that would match your network range.

Recent Posts

Recent Comments