Braiins Mini Miner Offers Bitcoin Mining and Gaming Fun

The BMM 100 Mini Miner from Braiins is perfect for solo miners who want to decentralize the network and enjoy retro gaming. #BitcoinMining #MiningMondays

Braiins has introduced the BMM 100 Mini Miner, an innovative device allowing Bitcoin enthusiasts to not only mine but also engage in gaming activities. This miner, with a hash rate of 1 terahash per second and a power consumption of just 40 watts, is ideal for home-based miners who want to decentralize the Bitcoin network. What sets the BMM 100 apart is its ability to play the classic game DOOM,…

Do you want to build a Bitcoin mining rig? Cryptos Now Sells Single ASICs

The Bitcoin mining industry began as a cottage industry with individual miners able to mine Bitcoin on a laptop. Over time, the technology became more specialized and sophisticated, with large facilities taking over the industry.

Cryptos Mining Tech is betting that the launch of its at-home mining program will encourage bitcoin miners to continue mining.

Bitcoin miners play an instrumental crucial role in the security of the Bitcoin blockchain. The transactions are compiled into blocks, which are added to the chains as new blocks are added. Successful miners are rewarded with newly minted bitcoin (6.25 BTC) along with fees added to each transaction for the block. It's a lucrative payout if you're able to locate a block. It is easy to cut into your profits if you have to set up and operate your own bitcoin mining rig. In addition, the cost of mining at home has typically been prohibitive.

ASIC bitcoin mining rigs will be available for purchase from Crypto's retail program, so users can build their own in their homes instead of buying them from the manufacturer in bulk. You can get the WhatsMiner series from MicroBT and the Antminer series from Bitmain for between $8,100 and $10,400.

"We're excited to partner with Bitmain and MicroBT for top-notch ASIC mining hardware that has the greatest hashrate and the most efficient energy consumption.

Support for at-home bitcoin mining

While running your own machine does not mean you are totally on your own. Your rig can still be a part of a mining pool, allowing any rewards found by the pool to be shared with you in proportion to the hashrate you contribute. Joining a pool can increase your return on investment (ROI).

Using a profitability calculator, such as the one available on Braiins, can help you calculate your potential ROI, once you factor in the costs of the gear and electricity necessary to run your rig.

#bitcoinmining #bitcoin #cryptocurrency #crypto #blockchain #bitcoinnews #bitcoins #btc #forex #bitcointrading #ethereum #bitcoincash #money #investment #bitcoinprice #trading #binaryoptions #forextrader #cryptocurrencies #business #invest #cryptotrading #investing #bitcoinexchange #forextrading #entrepreneur #binary #litecoin #bitcoinusa #bhfyp

Visit here: https://cryptosminingtech.com

You can find more information on BTC miner ultimate.

Slush Pool Operator Braiins Set to Rollout Upgrades

Braiins, a cryptocurrency mining pool operator based in Prague, is rebranding its company’s operation and bringing all of its products under a single umbrella.

Updates Are Coming

Braiins is the company behind Slush Pool, the original cryptocurrency mining pool with a hash rate of 5.32 Eh/s, per its website. After operating in the mining sector for some years, it appears to be set for a brand makeover and it's pushing out some upgrades for its popular products — Slush Pool and Braiins OS.

According to Braiins Creative Director Luboš Buračinský, Slush Pool customers should expect upgrades on the payout processes and the inclusion of more tokens.

“For Slush Pool, we are about to release a completely reworked payout section,” he told Bitcoin Magazine. “The new features allow for much more in terms of payouts settings when it comes to frequency, destination, payout conditions, etc. Furthermore, we will add support for more coins. And of course, we continually keep adding tweaks to the product UX.”

Braiins OS, on the other hand, will include a feature that allows users to install it from a memory card onto a flash memory.

Braiins launched Braiins OS in 2008. At the time, Jan Čapek, the company’s CEO, was driven by the need to create an open-source alternative to the closed-source mining firmware being used with Slush Pool. The initial release was targeted at mining devices only, but it has evolved since then.

“Retail miners should find this especially useful, now that certain hardware manufacturers decided to permanently restrict access via [cryptographic network protocol Secure Shell],” Buračinský said.

Speaking on the rebrand, Čapek praised the company’s efforts in recent years.

“We have continuously worked to redefine the mining industry and set new standards throughout the past six years,” he said. “Slush Pool, Braiins OS, and any future products we might release require unified and smooth branding that will tell the world who built them.”

Braiins has undergone several changes since taking control of the mining pool, expanding its product portfolio significantly to meet the demands of an ever-increasing customer base.

Holding Its Own

While a number of mining companies have closed shop thanks to the recent crypto winter, Braiins has been able to weather the storm and come out stronger.

“We suppose a lean operation and generally crypto-neutral local environment makes it a little easier for us,” said Buračinský. “As for the growth, I think it's fair to say we saw certain growth following the BTC exchange rate improvement. Not to forget, the user churn typically also reflects the decrease thereof.”

Indeed, Prague is one of the most crypto-friendly cities in the world. It currently boasts over 150 venues where bitcoin can be used as a means of payment including bars, hotels and restaurants. The Czech government is relatively liberal when it comes to cryptocurrency policies. The Czech central bank even published a document in 2017 called “Don’t Be Afraid of Bitcoin,” in which it noted that crypto doesn't offer any threat to conventional banking.

This article originally appeared on Bitcoin Magazine.

from Cryptocracken Tumblr http://bit.ly/2WJVY4f via IFTTT

New Braiins OS and Braiins OS+ Firmware for Antminer S9 ASICs

There is a new major release of the Braiins OS open source miner firmware for Bitmain’s most popular S9 series of ASIC miners available now. In fact there are now two different versions available Braiins OS community edition and Braiins OS+ enterprise edition, both available for free, with a different feature set and some specifics we’ll cover in a moment. You can use the new Braiins OS or OS+ to replace the original Bitmain firmware on Antminer S9, S9i and S9j and soon hopefully the newer S17 and T17 models will also be supported along with other devices in the future. Braiins OS is fully open-source and customizable so you can tweak it to fit your needs, it supports AsicBoost, supports Stratum V1 and V2 implementation, uses a custom BOSminer developed from scratch in Rust and provides some extra useful features that can help you tweak your ASIC miners and get more of your hardware. The Braiins OS community edition is completely free and open-source without the need to pay for it or any developer fees, unlike the case with some other custom firmware solutions.

The new Braiins OS+ enterprise edition is built on top of the standard community editions and has some extra features available, most interesting of which are the auto-tuning feature to increase hashrate and the low power mode for maximum efficiency as well as the pre-heat option. The rest is like in the standard edition, but the extra features allow you to tweak even better your performance or energy efficiency, depending on your specific needs. The small catch with the Braiins OS+ enterprise edition is that for the extra features you get you will have to agree to the 2% built-in developer fee, however you will also get a 50% reduction (from 2% to 1%) of the pool fee if you use the miners with Braiins OS+ on the Slush Pool for mining. Thanks to the auto-tuning feature in which algorithms automatically evaluate the optimal frequencies for hashing chip-by-chip, instead of treating the entire machine as one single unit the extra performance you may get from a miner should be much more than the fee that you will need to pay.

– For more information and to download and try the new Braiins OS and OS+…

https://cryptoveins.com/new-braiins-os-and-braiins-os-firmware-for-antminer-s9-asics/

Slush Pool Operator Braiins Set to Rollout Upgrades

Braiins, a cryptocurrency mining pool operator based in Prague, is rebranding its company’s operation and bringing all of its products under a single umbrella.

Updates Are Coming

Braiins is the company behind Slush Pool, the original cryptocurrency mining pool with a hash rate of 5.32 Eh/s, per its website. After operating in the mining sector for some years, it appears to be set for a brand makeover and it's pushing out some upgrades for its popular products — Slush Pool and Braiins OS.

According to Braiins Creative Director Luboš Buračinský, Slush Pool customers should expect upgrades on the payout processes and the inclusion of more tokens.

“For Slush Pool, we are about to release a completely reworked payout section,” he told Bitcoin Magazine. “The new features allow for much more in terms of payouts settings when it comes to frequency, destination, payout conditions, etc. Furthermore, we will add support for more coins. And of course, we continually keep adding tweaks to the product UX.”

Braiins OS, on the other hand, will include a feature that allows users to install it from a memory card onto a flash memory.

Braiins launched Braiins OS in 2008. At the time, Jan Čapek, the company’s CEO, was driven by the need to create an open-source alternative to the closed-source mining firmware being used with Slush Pool. The initial release was targeted at mining devices only, but it has evolved since then.

“Retail miners should find this especially useful, now that certain hardware manufacturers decided to permanently restrict access via [cryptographic network protocol Secure Shell],” Buračinský said.

Speaking on the rebrand, Čapek praised the company’s efforts in recent years.

“We have continuously worked to redefine the mining industry and set new standards throughout the past six years,” he said. “Slush Pool, Braiins OS, and any future products we might release require unified and smooth branding that will tell the world who built them.”

Braiins has undergone several changes since taking control of the mining pool, expanding its product portfolio significantly to meet the demands of an ever-increasing customer base.

Holding Its Own

While a number of mining companies have closed shop thanks to the recent crypto winter, Braiins has been able to weather the storm and come out stronger.

“We suppose a lean operation and generally crypto-neutral local environment makes it a little easier for us,” said Buračinský. “As for the growth, I think it's fair to say we saw certain growth following the BTC exchange rate improvement. Not to forget, the user churn typically also reflects the decrease thereof.”

Indeed, Prague is one of the most crypto-friendly cities in the world. It currently boasts over 150 venues where bitcoin can be used as a means of payment including bars, hotels and restaurants. The Czech government is relatively liberal when it comes to cryptocurrency policies. The Czech central bank even published a document in 2017 called “Don’t Be Afraid of Bitcoin,” in which it noted that crypto doesn't offer any threat to conventional banking.

This article originally appeared on Bitcoin Magazine.

[Telegram Channel | Original Article ]

Braiins, a cryptocurrency mining pool operator based in Prague, is rebranding its company’s operation and bringing all of its products under a single umbrella.

Updates Are Coming

Braiins is the company behind Slush Pool, the original cryptocurrency mining pool with a hash rate of 5.32 Eh/s, per its website. After operating in the mining sector for some years, it appears to be set for a brand makeover and it's pushing out some upgrades for its popular products — Slush Pool and Braiins OS.

According to Braiins Creative Director Luboš Buračinský, Slush Pool customers should expect upgrades on the payout processes and the inclusion of more tokens.

“For Slush Pool, we are about to release a completely reworked payout section,” he told Bitcoin Magazine. “The new features allow for much more in terms of payouts settings when it comes to frequency, destination, payout conditions, etc. Furthermore, we will add support for more coins. And of course, we continually keep adding tweaks to the product UX.”

Braiins OS, on the other hand, will include a feature that allows users to install it from a memory card onto a flash memory.

Braiins launched Braiins OS in 2008. At the time, Jan Čapek, the company’s CEO, was driven by the need to create an open-source alternative to the closed-source mining firmware being used with Slush Pool. The initial release was targeted at mining devices only, but it has evolved since then.

“Retail miners should find this especially useful, now that certain hardware manufacturers decided to permanently restrict access via [cryptographic network protocol Secure Shell],” Buračinský said.

Speaking on the rebrand, Čapek praised the company’s efforts in recent years.

“We have continuously worked to redefine the mining industry and set new standards throughout the past six years,” he said. “Slush Pool, Braiins OS, and any future products we might release require unified and smooth branding that will tell the world who built them.”

Braiins has undergone several changes since taking control of the mining pool, expanding its product portfolio significantly to meet the demands of an ever-increasing customer base.

Holding Its Own

While a number of mining companies have closed shop thanks to the recent crypto winter, Braiins has been able to weather the storm and come out stronger.

“We suppose a lean operation and generally crypto-neutral local environment makes it a little easier for us,” said Buračinský. “As for the growth, I think it's fair to say we saw certain growth following the BTC exchange rate improvement. Not to forget, the user churn typically also reflects the decrease thereof.”

Indeed, Prague is one of the most crypto-friendly cities in the world. It currently boasts over 150 venues where bitcoin can be used as a means of payment including bars, hotels and restaurants. The Czech government is relatively liberal when it comes to cryptocurrency policies. The Czech central bank even published a document in 2017 called “Don’t Be Afraid of Bitcoin,” in which it noted that crypto doesn't offer any threat to conventional banking.

This article originally appeared on Bitcoin Magazine.

Bitcoin’s First Public Mining Pool Is Rebranding

The company behind Slush Pool, the first cryptocurrency mining pool to make its services publicly available, is rebranding.

The Prague-based company Braiins is perhaps less well-known than Slush Pool, one of the largest bitcoin mining pools as it makes up more than 9 percent of the cryptocurrency’s hashrate today.

Yet Braiins has been operating it since it purchased the historic mining pool six years ago. Now, Braiins is moving to make its involvement with Slush Pool more obvious, in part with a redesign of its logo and all its product websites.

Braiins creative director Luboš Buračinský told CoinDesk:

“After running and developing Slush Pool for the last six years more or less in the background, we’re going to take a more visible public position.”

With the rebrand, Braiins wants all its products to fall under one banner. “The rebranding will also unify our other products and services, including Braiins OS,” Buračinský continued.

Miners need to run what’s known as “firmware” on their mining devices to monitor the performance. Braiins OS, launched September of last year, differs from other mining firmwares because it’s open-source — it’s not closed off like other proprietary firmwares.

“If you own the hardware, you should be able to have full control of it without worrying about some ‘hidden features’,” the project announcement post explains.

In addition, Braiins plans to release several new updates to their products in the coming months. The firm is working on a new “payout” feature for the mining pool, which would allow miners to have more control of how they get paid.

Further, Braiins “replacing the CGMiner with Rust implementation” for Braiins OS,  which would make “adding new hardware much easier,” according to the firm.

Bitcoin mining stock photo image via Shutterstock

This news post is collected from CoinDesk

Recommended Read

Editor choice

BinBot Pro – Safest & Highly Recommended Binary Options Auto Trading Robot

Do you live in a country like USA or Canada where using automated trading systems is a problem? If you do then now we ...

9.5

Demo & Pro Version Try It Now

Read full review

The post Bitcoin’s First Public Mining Pool Is Rebranding appeared first on Click 2 Watch.

More Details Here → https://click2.watch/bitcoins-first-public-mining-pool-is-rebranding

Will This Vulnerability Finally Compel Bitmain to Open Source Its Firmware?

As if Bitmain’s year hasn’t been rough enough, having posted big losses and laying off entire departments, its flagship product now has a firmware vulnerability.

A few weeks ago, Bitcoin Core contributor James Hilliard discovered an exploit in Bitmain’s S15 firmware. The pseudonymous Twitter user 00whiterabbit, also known simply as “john,” subsequently wrote exploit code based on Hilliard’s findings. A video proving that the exploit code worked was shared on Hilliard’s Twitter account last week.

Hilliard is offering to disclose the vulnerability to Bitmain but under one condition: Bitmain would have to comply to the GNU General Public License (GNU GPL), the popular open source license that the Chinese mining giant is currently breaching, and open source its firmware.

“Bitmain firmware is very buggy in general,” Hilliard told Bitcoin Magazine, “and it's important for the health of the Bitcoin network that users be able to fix the bugs Bitmain introduces.”

The Exploit

Hilliard, who is perhaps best known for proposing BIP91, discovered the vulnerability several weeks ago by auditing a firmware update file on Bitmain’s support site. While details have not yet been disclosed, the exploit was found in firmware of the S15, the company’s most powerful SHA256 miner in store. Hilliard thinks the same vulnerability almost certainly exists in all of Bitmain’s mining firmware.

“I’m also quite sure there are many other vulnerabilities in the firmware,” he added. “It is very poorly designed when it comes to security.”

When exploited, the vulnerability gives users root access to the machine — which is supposed to be impossible. In theory, this can be done remotely using just the IP address of the miner, and means the machine can be reprogrammed to do just about anything. This includes mining to a different Bitcoin address or having it stop mining entirely. The firmware could also be replaced by different firmware altogether (such as Braiins OS or Dragonmint firmware).

In practice, however, it’s unlikely the machines can be remotely exploited at all. For one, as long as the miner is properly firewalled and/or protected with a strong username and password, it cannot be broken into. And second, without access to the firmware’s source code, it's difficult to make compatible custom firmware. As such, this specific vulnerability is perhaps not the main issue. “The bigger problem is that Bitmain firmware is generally quite buggy,” said Hilliard.

Indeed, this is not the first time a vulnerability has been found in Bitmain’s firmware. In early 2017, an anonymous security engineer found that almost all Antminer machines could be shut down remotely. Dubbed “Antbleed,” this previous vulnerability could have probably knocked about half of all hash power on the Bitcoin network offline. It was arguably not just a problem for Antminer owners, but a security risk for the entire Bitcoin network.

The License

Hilliard and 00whiterabbit have not released the exploit code — but they are developing a version of it to be released eventually. The two are also willing to disclose the vulnerability to Bitmain, allowing the hardware producer to patch their firmware and fix the vulnerability. But only if Bitmain stops breaching the GNU GPL.

Bitmain’s firmware is built on the Linux operating system as well as cgminer: open source mining software developed by Hilliard and others. Both Linux and cgminer are licensed under the GNU GPL. This widely used open source license allows anyone the freedom to run, study, share and modify the software — under the condition that the resulting software is free, too.

“Legally, therefore, Bitmain’s firmware should be open source as well,” Hilliard explained. “But Bitmain doesn’t seem to care about following copyright law. Unfortunately, closed source firmware is not a good thing to have on the Bitcoin network, as stuff like Antbleed can be hidden in it. It's a centralization risk.”

It is not very clear why the mining giant is breaching the GNU GPL. Hilliard suspects it is “probably to prevent users from overclocking their machines and support costs associated with that.” Others have suggested Bitmain may prefer to keep its firmware closed source because this makes it harder for attackers to find vulnerabilities.

So far, Bitmain has not commented on the exploit at all, and its firmware is still closed source. As such, there is little reason to believe the company will change its ways now — though Hilliard remains hopeful Bitmain will comply with the GPU GPL and encourages users to file a request to have the code open sourced.

“In the past they have released what appeared to be the real source, presumably because there was public pressure to do so,” Hilliard said. “So, maybe?”

Bitroin Magazine reached out to Bitmain to ask what the company knew of the vulnerability that Hilliard found and if it had plans to fix it. We also asked if they had any intention of complying with the GNU GPL. In response, a Bitmain spokesperson issued the following statement:

"We are truly grateful to the open-source community in identifying potential vulnerabilities and we are actively investigating the matter. We will continue to do what is necessary to ensure the best and safest possible mining experience for Antminer customers."

This article originally appeared on Bitcoin Magazine.

from InvestmentOpportunityInCryptocurrencies via Ella Macdermott on Inoreader https://bitcoinmagazine.com/articles/will-vulnerability-finally-compel-bitmain-open-source-its-firmware/

New Post has been published here https://is.gd/Qey4my

Bitmain's Latest Bitcoin Miner Update Activates Controversial 'AsicBoost'

This post was originally published here

Bitcoin mining computer manufacturer Bitmain has released a software update for its Antminer s9 devices, using controversial code to allow them to more efficiently mine bitcoin.

Bitmain announced Monday that the just-released firmware will support “overt AsicBoost” functionality, bringing a speed boost to the miners. Notably, while Bitmain is only just now enabling these mining devices to use AsicBoost, the chips were already capable of supporting the function on a hardware level.

In particular, the post claims that this will ensure Bitmain’s machines remain effective at mining the number one cryptocurrency by market capitalization, while simultaneously increasing the hashrate of the bitcoin network and reducing its energy footprint.

The company explained that it previously had not intended to release software supporting the AsicBoost method due to concerns that the software may be protected by patents. However, the company’s legal counsel had decided that there presently is no specific patent claim over the software.

According to the announcement:

“Now we are pleased to give Antminer users whose miners have the capability to support this function a choice to avail this advantage without any negative impact on the Bitcoin protocol. This variant of the ‘overt AsicBoost’ simply uses version bits different from those that other manufacturers have been using. It is equally transparent because it can be seen in the blockheader of boosted blocks.”

Bitmain added that it also intends to release firmware supporting the same functionality for its Antminer R4, S9i, S9j, T9 and T9+ miners next week.

AsicBoost has seen some controversy in the past, with Bitcoin Core developers claiming that miners using the method – which exploits a flaw in bitcoin’s proof-of-work algorithm to mine bitcoin a 20 percent hike in efficiency –were engaging in unfair practices that could harm the network.

While Bitmain was accused of covertly using AsicBoost in April 2017, the company denied using it in any production capacity.

Bitmain’s software release comes days after software startup Braiins announced it would publish open-source code to enable AsicBoost on the Antminer S9 on its own.

In a blog post last Thursday, the startup said it had independently verified that the miner was capable of supporting AsicBoost, though it said miners would save about 13 percent of energy costs, rather than the 20 percent claimed last year.

In today’s announcement, the company noted that its btc.com and Antpool bitcoin mining pools both implemented AsicBoost from March 2018.

Bitcoin mining image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

#crypto #cryptocurrency #btc #xrp #litecoin #altcoin #money #currency #finance #news #alts #hodl #coindesk #cointelegraph #dollar #bitcoin View the website

New Post has been published here https://is.gd/Qey4my

Will This Vulnerability Finally Compel Bitmain to Open Source Its Firmware?

As if Bitmain’s year hasn’t been rough enough, having posted big losses and laying off entire departments, its flagship product now has a firmware vulnerability.

A few weeks ago, Bitcoin Core contributor James Hilliard discovered an exploit in Bitmain’s S15 firmware. The pseudonymous Twitter user 00whiterabbit, also known simply as “john,” subsequently wrote exploit code based on Hilliard’s findings. A video proving that the exploit code worked was shared on Hilliard’s Twitter account last week.

Hilliard is offering to disclose the vulnerability to Bitmain but under one condition: Bitmain would have to comply to the GNU General Public License (GNU GPL), the popular open source license that the Chinese mining giant is currently breaching, and open source its firmware.

“Bitmain firmware is very buggy in general,” Hilliard told Bitcoin Magazine, “and it's important for the health of the Bitcoin network that users be able to fix the bugs Bitmain introduces.”

The Exploit

Hilliard, who is perhaps best known for proposing BIP91, discovered the vulnerability several weeks ago by auditing a firmware update file on Bitmain’s support site. While details have not yet been disclosed, the exploit was found in firmware of the S15, the company’s most powerful SHA256 miner in store. Hilliard thinks the same vulnerability almost certainly exists in all of Bitmain’s mining firmware.

“I’m also quite sure there are many other vulnerabilities in the firmware,” he added. “It is very poorly designed when it comes to security.”

When exploited, the vulnerability gives users root access to the machine — which is supposed to be impossible. In theory, this can be done remotely using just the IP address of the miner, and means the machine can be reprogrammed to do just about anything. This includes mining to a different Bitcoin address or having it stop mining entirely. The firmware could also be replaced by different firmware altogether (such as Braiins OS or Dragonmint firmware).

In practice, however, it’s unlikely the machines can be remotely exploited at all. For one, as long as the miner is properly firewalled and/or protected with a strong username and password, it cannot be broken into. And second, without access to the firmware’s source code, it's difficult to make compatible custom firmware. As such, this specific vulnerability is perhaps not the main issue. “The bigger problem is that Bitmain firmware is generally quite buggy,” said Hilliard.

Indeed, this is not the first time a vulnerability has been found in Bitmain’s firmware. In early 2017, an anonymous security engineer found that almost all Antminer machines could be shut down remotely. Dubbed “Antbleed,” this previous vulnerability could have probably knocked about half of all hash power on the Bitcoin network offline. It was arguably not just a problem for Antminer owners, but a security risk for the entire Bitcoin network.

The License

Hilliard and 00whiterabbit have not released the exploit code — but they are developing a version of it to be released eventually. The two are also willing to disclose the vulnerability to Bitmain, allowing the hardware producer to patch their firmware and fix the vulnerability. But only if Bitmain stops breaching the GNU GPL.

Bitmain’s firmware is built on the Linux operating system as well as cgminer: open source mining software developed by Hilliard and others. Both Linux and cgminer are licensed under the GNU GPL. This widely used open source license allows anyone the freedom to run, study, share and modify the software — under the condition that the resulting software is free, too.

“Legally, therefore, Bitmain’s firmware should be open source as well,” Hilliard explained. “But Bitmain doesn’t seem to care about following copyright law. Unfortunately, closed source firmware is not a good thing to have on the Bitcoin network, as stuff like Antbleed can be hidden in it. It's a centralization risk.”

It is not very clear why the mining giant is breaching the GNU GPL. Hilliard suspects it is “probably to prevent users from overclocking their machines and support costs associated with that.” Others have suggested Bitmain may prefer to keep its firmware closed source because this makes it harder for attackers to find vulnerabilities.

So far, Bitmain has not commented on the exploit at all, and its firmware is still closed source. As such, there is little reason to believe the company will change its ways now — though Hilliard remains hopeful Bitmain will comply with the GPU GPL and encourages users to file a request to have the code open sourced.

“In the past they have released what appeared to be the real source, presumably because there was public pressure to do so,” Hilliard said. “So, maybe?”

Bitroin Magazine reached out to Bitmain to ask what the company knew of the vulnerability that Hilliard found and if it had plans to fix it. We also asked if they had any intention of complying with the GNU GPL. In response, a Bitmain spokesperson issued the following statement:

"We are truly grateful to the open-source community in identifying potential vulnerabilities and we are actively investigating the matter. We will continue to do what is necessary to ensure the best and safest possible mining experience for Antminer customers."

This article originally appeared on Bitcoin Magazine.

from Cryptocracken Tumblr https://ift.tt/2E22OXD via IFTTT

Braiins OS: An Open Source Alternative to Bitcoin Mining Firmware

Braiins OS wants to redefine open-source mining software.

The project recently rolled out the initial release of its ASIC miner firmware. The operating system is advertised as “the very first fully open-source, Linux-based system for cryptocurrency embedded devices,” an alternative to the factory-default firmware that comes with most popular mining hardware.

Upon visiting the project’s website, visitors are greeted with a clear message, a mantra that resonates with its related industry’s ethos: “Take back control.”

Rethinking Open Source in an Open Source Space

Further down on its website, the project invites community members to “[say] goodbye to backdoors, closed systems and hidden features.” This promise of transparency is an implicit reference to the contrasting opacity of its biggest competitor’s mining software.

Bitmain advertises its software as open source. But Jan Čapek, CEO of braiins, the company behind the eponymous OS and Slush Pool, explained to Bitcoin Magazine that too many features of Bitmain’s code are covertly closed off, making it impossible to provide a proper software image — a record of the state of the mining system at a given time.

Essentially, Čapek indicates that a few key components are missing to make Bitmain’s code full open source, such as the FPGA code. Without these pieces, users cannot parse together a full image of the mining client.

“The problem is that most of the people out there are not able to build a complete S9 image as it is not quite obvious that all the components are provided by Bitmain. To build a complete system you need the first stage bootloader (sometimes called SPL), u-boot, Linux kernel, Linux system (buildroot/openwrt?), FPGA bitstream (+ sources) and cgminer sources. So, there is quite more things that are to be reviewed that are still closed source and open quite a few questions,” he said, “For example, why is the FPGA code still closed?”

Even without these closed systems, other softwares may include “backdoors” or “hidden features” — a practice that braiins OS rejects as well.

In Bitmain’s case, there was a backdoor baked into the code.

Known as Antbleed, the feature was introduced in July of 2016, and it gave Bitmain the ability to remotely shutdown most of its active Antminer hardware, most notably the S9. Bitmain claimed that the backdoor was there so that it could police stolen or hijacked hardware, telling Bitcoin Magazine that the company “never intended to use this feature on any Antminer without authorization from its owner.”

Regardless of its purposes, stated or otherwise, Antbleed was the primary motivation behind braiins OS, Čapek said.

A Bid For Transparency, Flexibility

Braiins OS’s initial release leverages OpenWrt, “a generic embedded Linux distribution that allows [it] a great deal of flexibility,” Čapek said, and its central meta project is open to developers on GitHub.

Per Čapek’s earlier statement, the software offers a more complete, customizable kit than the factory defaults that companies like Bitmain provide with their hardware. “None of the manufacturers provide an easy, documented or central way of building an image and running it on their hardware,” he said in our interview, chalking this up to “probably [a] lack of transparency.”

As an alternative, braiins OS “can be used to build the entire firmware image,” he continued. This includes a tool to configure and run this firmware for specified hardware, something its competitors currently don’t offer.

For its rollout, braiins OS will only be compatible with the Antminer S9 and DragonMint TI, as those are the most commonly used mining rigs currently in use. Going forward, the team plans to open up integration for other devices as well, including the Whatsminer M10.

The project will also look to integrate with more mining pools as it gains traction among developers. Currently, “Slush Pool is one of the few pools that supports the version rolling extension of stratum protocol (BIP310),” Čapek said.

This is in part due to caution. Čapek told us that braiins OS didn’t want to have too many different images installed for the rollout “just in case there were any serious issues with transitions from factory firmware.” Seeing as this is “an alpha release,” he continued, “massive deployment was not desirable.”

In the meantime, the team looks forward to the community enriching its project, and Čapek indicated that they’ll be taking notes on developer activity in order to improve the project in future releases.

“Currently, we are already gathering feedback from the community. The next release with regards to S9 will bring additional features like per hashboard frequency and voltage configuration.”

An earlier version of this article incorrectly indicated that braiins is an offshoot of Satoshi Labs. The article has since been corrected.

This article originally appeared on Bitcoin Magazine.

from Cryptocracken Tumblr https://ift.tt/2PcDXro via IFTTT

Slushpool Unveils Braiins OS Allowing Bitcoin Miners ‘To Take Back Control’

Braiins Systems, the Czech operator of the first Bitcoin mining pool Slush Pool, revealed an alpha version of its Braiins OS operating system September 23, aimed at “pleasing” miners.

Open Source ‘First’

Braiins, which by its own admission has not “drawn much attention to itself” while running Slush Pool, wrote in a blog post about the release it wished to “change” its image, becoming more of an active force in altering the Bitcoin mining landscape.

Described as the “very first fully open-source, Linux based system for cryptocurrency embedded devices,” Braiins OS attempts to introduce process standards for miners in light of difficulties developers encountered in previous years.

“We believe in open source. If you own the hardware, you should be able to have full control of it without worrying about some “hidden features”. This is unfortunately not the case with majority of current mining hardware,” they wrote in the blog post.

During the years of operating Slush Pool, we have encountered many cases of non-standard behaviour from mining devices which caused unnecessary issues. So why not make a firmware that follows standards and works predictably with our pool, benefiting both the users and us as the operator?

Anti-Antbleed

Those “hidden features” were a likely reference to Antbleed, the scandal involving major mining hardware manufacturer Bitmain in early 2017 during which it emerged several versions of its Antminer device could be “backdoored.”

Bitmain soon released a code fix, being forced to issue a statement denying its involvement after facing heavy criticism.

“We never intended to use this feature on any Antminer without authorization from its owner,” it said at the time.

For Braiins meanwhile, mining is only the first step in its plans. Going forward, it hopes to expand the offering to allow Bitcoin users to run Bitcoin and Lightning Network nodes.

“Please beware that Braiins OS is in alpha stage and has not been tested on a large scale yet,” the post added.

“While we would not recommend deploying it on large farms for now[.]”

What do you think about Braiins OS? Let us know in the comments below!

Images courtesy of Shutterstock

The post Slushpool Unveils Braiins OS Allowing Bitcoin Miners ‘To Take Back Control’ appeared first on Bitcoinist.com.

from Cryptocracken Tumblr https://ift.tt/2O5mMYj via IFTTT

Understanding Bitcoin, the Demos: How to Become a Bitcoin Power User

The Understanding Bitcoin conference held in Malta from April 5 to April 7, 2019, was all about turning regular Bitcoin users into power users.

Bitcoin hardware and software is often more configurable than people realize (or they do realize this but are unable to take advantage of it). Spread throughout the conference were 18 demos by leading Bitcoin developers and experts illustrating how to make the most out of available Bitcoin tools.

For your convenience, here is an overview of all of the demos:

Blockstream Green’s Hardware Wallet

Blockstream Green (formerly known as Green Address and Green Bits) is the mobile and desktop wallet from blockchain development company Blockstream. To secure your coins, the wallet offers multisig security, which means that any transaction from the wallet must be signed off on through several methods. If a potential thief compromises one of these methods — for example, learning your PIN code or stealing your phone — they still can’t access any funds. One such additional protection method can be a hardware wallet, which is particularly secure as it never touches the internet and can, therefore, not be hacked online.

In this demo, Blockstream engineer Domenico Gabriele showed how to help secure Blockstream Green with a hardware wallet.

Trezor Multisig With Electrum

As mentioned above, hardware wallets are generally considered one of the most secure ways of storing your coins. However, even (some) hardware wallets are subject to certain very advanced attacks (for example, supply chain attacks or attacks where hackers have physical access to the device). One solution to counter these types of attacks is to secure funds with multisig, using several hardware wallets (ideally stored in different locations) to secure the same coins. The same trick can be used to securely share the same funds between multiple people.

In this demo, SatoshiLabs CTO Pavol Rusnak showed how to set this up with an Electrum wallet.

Core From Scratch

The only way to be sure that the bitcoin payments you receive are valid according to all of Bitcoin’s protocol rules is by using a full node as your wallet or connecting your wallet to your full node. This sounds easy enough, but it also means you need to be sure that the software you are running is, in fact, a full Bitcoin node and not malware. One fairly accessible way of checking this is by verifying that Bitcoin Core developers cryptographically signed the Bitcoin Core software you are running.

In this demo, Blockstream engineer Alekos Filini showed how to set up the most-used full node on the network today, Bitcoin Core, from scratch.

ABCore on Android

While probably a bit excessive for most users today, it is technically possible to run a full node on (some) Android phones or on other Android devices, such as some TV boxes. This brings the same top-notch level of security directly to mobile devices or would allow you to run a full node on a TV box from your home (to which you could connect your mobile wallet, for example).

In this demo, Bitcoin developer Udi Wertheimer showed how to install ABCore on Android.

Cyphernode

While a typical full node lets you receive regular payments securely, it is usually not very flexible from the outset. Cyphernode is a project specifically designed to leverage a full node to support a broader range of use cases, which makes it more useful for merchants, applications and other services.

In this demo, Bull Bitcoin CEO Francis Pouliot showed how to set up Cyphernode.

C-Lightning With Core

The Lightning Network is Bitcoin’s overlay network for fast and cheap transactions and c-lightning is one of the main implementations of the Lightning protocol. Running a Lightning node (and potentially connecting your phone to it) allows you to benefit from this new and rapidly growing technology.

In this demo, Blockstream engineer Christian Decker showed how to install c-lightning on a Raspberry Pi.

Nodl Box

The Nodl Box is a hardware device that supports one-click installations of various Bitcoin applications. Most notably, it allows you to easily run a Bitcoin Core full node and the lnd Lightning implementation, as well as a block explorer (to look up transaction histories) and the BTCPay Server for merchants (to accept payments).

In this demo, Nodl Box developer Ketominer showcased the Hodl Box and several applications, including BTCPay Server and multiple Lightning wallets.

Nix-Bitcoin

While any Bitcoin full node allows you to accept payments and create new transactions, the software is typically highly configurable beyond that. Utilizing this configuration, a node can be tuned to offer more privacy, or require less disk space, or rely on different security assumptions. The Nix-Bitcoin project tries to make much of this configuration as accessible as possible.

In this demo, Blockstream researcher Jonas Nick showcases Nix-Bitcoin with a specific emphasis on using it for Lightning.

Thor Turbo

To use the Lightning Network, users must first open at least one Lightning channel with another Lightning Network user. This requires a regular, on-chain bitcoin payment, however, which can take from a couple of minutes to several hours to confirm, or in some cases even longer. A new service by bill payment service Bitrefill, Thor Turbo, allows users to take a shortcut and open a channel with Bitrefill instantly with an unconfirmed bitcoin transaction.

In this demo, Bitrefill COO John Carvalho demonstrated how to use Thor Turbo.

Spark and Charge

Spark is a Lightning wallet for mobile and web browsers, which can be connected to a c-lightning implementation run at home (or on a server). This allows you to fully and securely benefit from the Lightning Network’s fast and cheap transactions on the go. Charge is a payment processing system, also based on c-lightning, specifically designed for merchants who’d like to accept Lightning payments.

In this demo, Bitcoin developer Nadav Ivgi showcased how to install and use Spark and Charge.

Using Slush Pool and “De-Eviling” the S9

Mining machines are usually delivered with firmware specifically created for the machine. While this firmware does what it needs to do to mine (usually connected to a mining pool), it does not necessarily utilize the full potential of the hardware. (One noteworthy example is that, while Bitmain’s S9 machines were technically able to apply AsicBoost technology, this option was not included in the firmware.) Braiins, the company behind Slush Pool, released the open-source Braiins OS firmware last year, which can be run on mining hardware to take advantage of the full potential of the machines.

In this demo, Braiins CEO Jan Čapek showed how to set up the Bitmain S9 with Braiins OS firmware. The demo also showed how to connect a mining machine to Slush Pool.

Wasabi

When using Bitcoin, you leave a trail of transactions on the blockchain. This allows for blockchain analysis, which can ultimately be used to connect Bitcoin addresses to your real-world identity, which is very bad for privacy. The Wasabi wallet is one of several privacy-enhancing tools available today which effectively allow you to mix your coins with coins of other Wasabi users, breaking the transaction trail for all.

In this demo, Wasabi developer Adam Ficsor showed how to use Wasabi Wallet.

JoinMarket

JoinMarket is another privacy solution available today. Like the Wasabi wallet, users “mix” their coins with one another, breaking the transaction trail for all. But where Wasabi Wallet users must sometimes wait several hours for other users to join in before a mix can take place, JoinMarket works instantly, because mixing partners are paid to join in the mix.

In this demo, JoinMarket developer Adam Gibson showed how to install JoinMarket and how to leverage it as a regular user. (The demo did not show how to use it as a liquidity provider, however, which is slightly more complex.)

Electrum Personal Server

The Electrum wallet is one of the most popular bitcoin wallets available today and has been for several years. Electrum wallet users generally rely on Electrum servers, however, which introduces some security and privacy tradeoffs. Using the Electrum Personal Server, Electrum wallet users locally connect to their own private server instead, offering the benefits of the Electrum wallet without any of the tradeoffs.

In this demo, Electrum developer Chris Belcher shows how to set up and use an Electrum Personal Server.

goTenna Mesh Networks

A goTenna is a small hardware device that transmits messages over radio waves; together with similar devices owned by other people, it can create a mesh network. Combined with the Samourai Wallet, goTenna can locally broadcast bitcoin transactions without the internet, for someone with an internet connection to pick up and forward to the Bitcoin network.

In this demo, goTenna engineer Richard Myers showed how to send a bitcoin transaction over the goTenna network.

LoRaWAN Network

The LoRaWAN Network is another solution to locally transmit bitcoin transactions over radio waves for someone with an internet connection to pick up and transmit to the Bitcoin network. It is cheaper to set up than goTenna but also more experimental.

In this demo, Blockstream engineer Valerio Vaccaro showcased sending a bitcoin transaction over the LoRaWAN network.

SMS Push Transaction

Since bitcoin transactions are ultimately nothing but a couple of lines of data, they can be sent over any media that supports text messages. This, of course, includes SMS, offering another way of sending bitcoin transactions for intermediaries to pick up and transmit to the Bitcoin network, even without the internet. Indeed, there exists a phone number that will do exactly this.

In this demo, SatoshiLabs CTO Pavol Rusnak showcased sending a bitcoin transaction over SMS using the Electrum wallet.

Blockstream Satellite Network

The Blockstream satellite network broadcasts Bitcoin blocks and transactions from space to Earth. This allows (almost) anyone with a satellite dish to sync with the Bitcoin blockchain without requiring access to the internet. Besides benefiting users in areas where there is no internet connection at all, this can also offer cost, privacy and censorship-resistant benefits.

In this demo, Blockstream CEO Adam Back and head of the Blockstream satellite project Chris Cook showcased receiving Bitcoin blocks over the Blockstream satellite network.

This article originally appeared on Bitcoin Magazine.

[Telegram Channel | Original Article ]

The Understanding Bitcoin conference held in Malta from April 5 to April 7, 2019, was all about turning regular Bitcoin users into power users.

Bitcoin hardware and software is often more configurable than people realize (or they do realize this but are unable to take advantage of it). Spread throughout the conference were 18 demos by leading Bitcoin developers and experts illustrating how to make the most out of available Bitcoin tools.

For your convenience, here is an overview of all of the demos:

Blockstream Green’s Hardware Wallet

Blockstream Green (formerly known as Green Address and Green Bits) is the mobile and desktop wallet from blockchain development company Blockstream. To secure your coins, the wallet offers multisig security, which means that any transaction from the wallet must be signed off on through several methods. If a potential thief compromises one of these methods — for example, learning your PIN code or stealing your phone — they still can’t access any funds. One such additional protection method can be a hardware wallet, which is particularly secure as it never touches the internet and can, therefore, not be hacked online.

In this demo, Blockstream engineer Domenico Gabriele showed how to help secure Blockstream Green with a hardware wallet.

Trezor Multisig With Electrum

As mentioned above, hardware wallets are generally considered one of the most secure ways of storing your coins. However, even (some) hardware wallets are subject to certain very advanced attacks (for example, supply chain attacks or attacks where hackers have physical access to the device). One solution to counter these types of attacks is to secure funds with multisig, using several hardware wallets (ideally stored in different locations) to secure the same coins. The same trick can be used to securely share the same funds between multiple people.

In this demo, SatoshiLabs CTO Pavol Rusnak showed how to set this up with an Electrum wallet.

Core From Scratch

The only way to be sure that the bitcoin payments you receive are valid according to all of Bitcoin’s protocol rules is by using a full node as your wallet or connecting your wallet to your full node. This sounds easy enough, but it also means you need to be sure that the software you are running is, in fact, a full Bitcoin node and not malware. One fairly accessible way of checking this is by verifying that Bitcoin Core developers cryptographically signed the Bitcoin Core software you are running.

In this demo, Blockstream engineer Alekos Filini showed how to set up the most-used full node on the network today, Bitcoin Core, from scratch.

ABCore on Android

While probably a bit excessive for most users today, it is technically possible to run a full node on (some) Android phones or on other Android devices, such as some TV boxes. This brings the same top-notch level of security directly to mobile devices or would allow you to run a full node on a TV box from your home (to which you could connect your mobile wallet, for example).

In this demo, Bitcoin developer Udi Wertheimer showed how to install ABCore on Android.

Cyphernode

While a typical full node lets you receive regular payments securely, it is usually not very flexible from the outset. Cyphernode is a project specifically designed to leverage a full node to support a broader range of use cases, which makes it more useful for merchants, applications and other services.

In this demo, Bull Bitcoin CEO Francis Pouliot showed how to set up Cyphernode.

C-Lightning With Core

The Lightning Network is Bitcoin’s overlay network for fast and cheap transactions and c-lightning is one of the main implementations of the Lightning protocol. Running a Lightning node (and potentially connecting your phone to it) allows you to benefit from this new and rapidly growing technology.

In this demo, Blockstream engineer Christian Decker showed how to install c-lightning on a Raspberry Pi.

Nodl Box

The Nodl Box is a hardware device that supports one-click installations of various Bitcoin applications. Most notably, it allows you to easily run a Bitcoin Core full node and the lnd Lightning implementation, as well as a block explorer (to look up transaction histories) and the BTCPay Server for merchants (to accept payments).

In this demo, Nodl Box developer Ketominer showcased the Hodl Box and several applications, including BTCPay Server and multiple Lightning wallets.

Nix-Bitcoin

While any Bitcoin full node allows you to accept payments and create new transactions, the software is typically highly configurable beyond that. Utilizing this configuration, a node can be tuned to offer more privacy, or require less disk space, or rely on different security assumptions. The Nix-Bitcoin project tries to make much of this configuration as accessible as possible.

In this demo, Blockstream researcher Jonas Nick showcases Nix-Bitcoin with a specific emphasis on using it for Lightning.

Thor Turbo

To use the Lightning Network, users must first open at least one Lightning channel with another Lightning Network user. This requires a regular, on-chain bitcoin payment, however, which can take from a couple of minutes to several hours to confirm, or in some cases even longer. A new service by bill payment service Bitrefill, Thor Turbo, allows users to take a shortcut and open a channel with Bitrefill instantly with an unconfirmed bitcoin transaction.

In this demo, Bitrefill COO John Carvalho demonstrated how to use Thor Turbo.

Spark and Charge

Spark is a Lightning wallet for mobile and web browsers, which can be connected to a c-lightning implementation run at home (or on a server). This allows you to fully and securely benefit from the Lightning Network’s fast and cheap transactions on the go. Charge is a payment processing system, also based on c-lightning, specifically designed for merchants who’d like to accept Lightning payments.

In this demo, Bitcoin developer Nadav Ivgi showcased how to install and use Spark and Charge.

Using Slush Pool and “De-Eviling” the S9

Mining machines are usually delivered with firmware specifically created for the machine. While this firmware does what it needs to do to mine (usually connected to a mining pool), it does not necessarily utilize the full potential of the hardware. (One noteworthy example is that, while Bitmain’s S9 machines were technically able to apply AsicBoost technology, this option was not included in the firmware.) Braiins, the company behind Slush Pool, released the open-source Braiins OS firmware last year, which can be run on mining hardware to take advantage of the full potential of the machines.

In this demo, Braiins CEO Jan Čapek showed how to set up the Bitmain S9 with Braiins OS firmware. The demo also showed how to connect a mining machine to Slush Pool.

Wasabi

When using Bitcoin, you leave a trail of transactions on the blockchain. This allows for blockchain analysis, which can ultimately be used to connect Bitcoin addresses to your real-world identity, which is very bad for privacy. The Wasabi wallet is one of several privacy-enhancing tools available today which effectively allow you to mix your coins with coins of other Wasabi users, breaking the transaction trail for all.

In this demo, Wasabi developer Adam Ficsor showed how to use Wasabi Wallet.

JoinMarket

JoinMarket is another privacy solution available today. Like the Wasabi wallet, users “mix” their coins with one another, breaking the transaction trail for all. But where Wasabi Wallet users must sometimes wait several hours for other users to join in before a mix can take place, JoinMarket works instantly, because mixing partners are paid to join in the mix.

In this demo, JoinMarket developer Adam Gibson showed how to install JoinMarket and how to leverage it as a regular user. (The demo did not show how to use it as a liquidity provider, however, which is slightly more complex.)

Electrum Personal Server

The Electrum wallet is one of the most popular bitcoin wallets available today and has been for several years. Electrum wallet users generally rely on Electrum servers, however, which introduces some security and privacy tradeoffs. Using the Electrum Personal Server, Electrum wallet users locally connect to their own private server instead, offering the benefits of the Electrum wallet without any of the tradeoffs.

In this demo, Electrum developer Chris Belcher shows how to set up and use an Electrum Personal Server.

goTenna Mesh Networks

A goTenna is a small hardware device that transmits messages over radio waves; together with similar devices owned by other people, it can create a mesh network. Combined with the Samourai Wallet, goTenna can locally broadcast bitcoin transactions without the internet, for someone with an internet connection to pick up and forward to the Bitcoin network.

In this demo, goTenna engineer Richard Myers showed how to send a bitcoin transaction over the goTenna network.

LoRaWAN Network

The LoRaWAN Network is another solution to locally transmit bitcoin transactions over radio waves for someone with an internet connection to pick up and transmit to the Bitcoin network. It is cheaper to set up than goTenna but also more experimental.

In this demo, Blockstream engineer Valerio Vaccaro showcased sending a bitcoin transaction over the LoRaWAN network.

SMS Push Transaction

Since bitcoin transactions are ultimately nothing but a couple of lines of data, they can be sent over any media that supports text messages. This, of course, includes SMS, offering another way of sending bitcoin transactions for intermediaries to pick up and transmit to the Bitcoin network, even without the internet. Indeed, there exists a phone number that will do exactly this.

In this demo, SatoshiLabs CTO Pavol Rusnak showcased sending a bitcoin transaction over SMS using the Electrum wallet.

Blockstream Satellite Network

The Blockstream satellite network broadcasts Bitcoin blocks and transactions from space to Earth. This allows (almost) anyone with a satellite dish to sync with the Bitcoin blockchain without requiring access to the internet. Besides benefiting users in areas where there is no internet connection at all, this can also offer cost, privacy and censorship-resistant benefits.

In this demo, Blockstream CEO Adam Back and head of the Blockstream satellite project Chris Cook showcased receiving Bitcoin blocks over the Blockstream satellite network.

This article originally appeared on Bitcoin Magazine.

Will This Vulnerability Finally Compel Bitmain to Open Source Its Firmware?

As if Bitmain’s year hasn’t been rough enough, having posted big losses and laying off entire departments, its flagship product now has a firmware vulnerability.

A few weeks ago, Bitcoin Core contributor James Hilliard discovered an exploit in Bitmain’s S15 firmware. The pseudonymous Twitter user 00whiterabbit, also known simply as “john,” subsequently wrote exploit code based on Hilliard’s findings. A video proving that the exploit code worked was shared on Hilliard’s Twitter account last week.

Hilliard is offering to disclose the vulnerability to Bitmain but under one condition: Bitmain would have to comply to the GNU General Public License (GNU GPL), the popular open source license that the Chinese mining giant is currently breaching, and open source its firmware.

“Bitmain firmware is very buggy in general,” Hilliard told Bitcoin Magazine, “and it's important for the health of the Bitcoin network that users be able to fix the bugs Bitmain introduces.”

The Exploit

Hilliard, who is perhaps best known for proposing BIP91, discovered the vulnerability several weeks ago by auditing a firmware update file on Bitmain’s support site. While details have not yet been disclosed, the exploit was found in firmware of the S15, the company’s most powerful SHA256 miner in store. Hilliard thinks the same vulnerability almost certainly exists in all of Bitmain’s mining firmware.

“I’m also quite sure there are many other vulnerabilities in the firmware,” he added. “It is very poorly designed when it comes to security.”

When exploited, the vulnerability gives users root access to the machine — which is supposed to be impossible. In theory, this can be done remotely using just the IP address of the miner, and means the machine can be reprogrammed to do just about anything. This includes mining to a different Bitcoin address or having it stop mining entirely. The firmware could also be replaced by different firmware altogether (such as Braiins OS or Dragonmint firmware).

In practice, however, it’s unlikely the machines can be remotely exploited at all. For one, as long as the miner is properly firewalled and/or protected with a strong username and password, it cannot be broken into. And second, without access to the firmware’s source code, it's difficult to make compatible custom firmware. As such, this specific vulnerability is perhaps not the main issue. “The bigger problem is that Bitmain firmware is generally quite buggy,” said Hilliard.

Indeed, this is not the first time a vulnerability has been found in Bitmain’s firmware. In early 2017, an anonymous security engineer found that almost all Antminer machines could be shut down remotely. Dubbed “Antbleed,” this previous vulnerability could have probably knocked about half of all hash power on the Bitcoin network offline. It was arguably not just a problem for Antminer owners, but a security risk for the entire Bitcoin network.

The License

Hilliard and 00whiterabbit have not released the exploit code — but they are developing a version of it to be released eventually. The two are also willing to disclose the vulnerability to Bitmain, allowing the hardware producer to patch their firmware and fix the vulnerability. But only if Bitmain stops breaching the GNU GPL.

Bitmain’s firmware is built on the Linux operating system as well as cgminer: open source mining software developed by Hilliard and others. Both Linux and cgminer are licensed under the GNU GPL. This widely used open source license allows anyone the freedom to run, study, share and modify the software — under the condition that the resulting software is free, too.

“Legally, therefore, Bitmain’s firmware should be open source as well,” Hilliard explained. “But Bitmain doesn’t seem to care about following copyright law. Unfortunately, closed source firmware is not a good thing to have on the Bitcoin network, as stuff like Antbleed can be hidden in it. It's a centralization risk.”

It is not very clear why the mining giant is breaching the GNU GPL. Hilliard suspects it is “probably to prevent users from overclocking their machines and support costs associated with that.” Others have suggested Bitmain may prefer to keep its firmware closed source because this makes it harder for attackers to find vulnerabilities.

So far, Bitmain has not commented on the exploit at all, and its firmware is still closed source. As such, there is little reason to believe the company will change its ways now — though Hilliard remains hopeful Bitmain will comply with the GPU GPL and encourages users to file a request to have the code open sourced.

“In the past they have released what appeared to be the real source, presumably because there was public pressure to do so,” Hilliard said. “So, maybe?”

Bitroin Magazine reached out to Bitmain to ask what the company knew of the vulnerability that Hilliard found and if it had plans to fix it. We also asked if they had any intention of complying with the GNU GPL. In response, a Bitmain spokesperson issued the following statement:

"We are truly grateful to the open-source community in identifying potential vulnerabilities and we are actively investigating the matter. We will continue to do what is necessary to ensure the best and safest possible mining experience for Antminer customers."

This article originally appeared on Bitcoin Magazine.

[Telegram Channel | Original Article ]

During the Unconfiscatable conference in Las Vegas over the weekend, the Bitcoin developers panel discussed the use of simplified-payment-verification (SPV) by wallet software. The spark for this particular discussion was a recent conversation on Twitter around whether or not the use of Neutrino, which is a new SPV protocol with additional privacy protections, should be encouraged.

I must be stupid, I fail to see how LN users getting rid of theirs full nodes is an improvement for Bitcoin. LN won't thrive without a strong L1 layer.https://t.co/SyR7vJ9FfY pic.twitter.com/imgWEENVUh

— LaurentMT (@LaurentMT) January 19, 2019

This panel was moderated by Programming Blockchain instructor Jimmy Song, and the other participants on the panel were Mempool Partners founder Johnny Dilley, applied cryptography consultant Peter Todd, and Braiins Systems CEO Jan Čapek.

SPV wallets were described by Satoshi Nakamoto in the Bitcoin white paper, although the theoretical fraud proofs that would provide an additional layer of security for this type of wallet have yet to materialize in the real world.

It’s Okay for Users to Have a Choice

When Song first brought up the topic of SPV wallets to the panelists, Dilley noted that the idea of adding opt-in SPV functionality to Bitcoin Core has recently been an area of interest for the project’s contributors.

“The idea [is] that we can get to a kind of middleground where you concede some trust barriers in exchange for being able to lower your resource burden,” explained Dilley. “But there should be no expectation that that concession is something that must apply network wide. You must opt into that concession.”

Dilley made it clear that it’s vital for users to understand the tradeoffs they’re making when they degrade the security of their node to SPV level.

Peter Todd: Professional Party Pooper

Per usual, Todd played the part of pointing out the potential dangers of this type of Bitcoin wallet software.

“Neutrino, purely as a protocol to get information from a peer, has obvious improvements over the status quo,” said Todd. “But light clients are just straight up dangerous for the ecosystem.”

Todd went on to advocate a system where miners are able to add anything they want to blocks in an effort to force users to validate more information about the state of the Bitcoin network on their own.

“This is the client-side validation viewpoint where essentially there are no rules for what is allowed in a block,” explained Todd. “Thus, what a transaction means is something you have to determine purely client side because if you don���t do that, someone can put garbage that makes you think you got paid and you actually didn’t, and that block won’t be rejected.”

“All this stuff about intermediary things where yeah this sort of works but if miners collude you’re really screwed I think creates very, very, very dangerous consequences for Bitcoin,” Todd added.

In Todd’s view, simply trusting a 3rd party, such as Coinbase or Blockstream, with validation is preferable to blindly trusting a majority of miners.

“[SPV validation] is incredibly dangerous because now you have given away this trust to a group of people who can self select by buying a bunch of hardware,” said Todd. “That’s the sort of thing that makes 51% attacks profitable.”

Dilley added a concluding statement on the topic of light wallets:

“I would say it works, but you have dramatically worse trust properties than under [specific] conditions . . . As long as you understand what you’re opting into, then you can do whatever you want. But you have to understand that you’re making direct and known tradeoffs about the characteristics of your payments and your sending and payables or whatever.”