I don't understand what's your business about. Who needs its own blockchain servers?
LevelDB is an educational toy database. Ripping this out and replacing it with something professional-grade without doing a major rewrite is sure to find buyers. |
|
|
|
i need to improve my connection, this is taking fucking forever  Yeah, this torrent is a good one to debug your connection. I have one machine seeding it and I see various clients reporting download speed in the range from 10kB/s to 10MB/s (100kbps to 100Mbps). |
|
|
|
I'm not sure how much time you would have between "Freeze!" and turning off your computer/laptop.
Nobody yells "Freeze!" anymore. AFAIK all law enforcement is now trained to first create a distraction by e.g. activating the alarm on the suspect's car. There's apparently a great overlap between various computer hackers/fraudsters and the expensive car enthusiasts. Only after the suspect runs away from the computer he gets served with the warrant. |
|
|
|
That's the whole point of my first post. Read it again. Ulbricht's feeble authentication method was to only allow his VPN IP to connect to sshd. This was his decided method to keep out anybody trying to get into the open SSH port. When the feds found the server (through other means), and had the hosts in Iceland copy the server state they discovered this IP address in sshd_config, traced it and found him.
I suggested that the correct way to do this kind of security by obscurity, instead of pasting in your VPN IP to a remote server for anybody to find is to add x rounds to a specific cipher in OpenSSH, so negotiating with it would be impossible, unless you had the secret client you made yourself that matches sshd's algorithms on the server. SSH is not the only protocol you can tweak either. Add another few rounds to your IpSec solution and ditch the port knocking.
It wasn't "feeble authentication", it was "feeble anti-denial-of-service defense". What you proposing is workable, but worsens the denial-of-service attacks by increasing the CPU load. The better way would be to lower the number of rounds instead of increasing it, or change other constants that have no influence of the CPU load. If the goal is to simply make an unmodified program unable to connect then the simplest and least CPU intensive solution is to change the handshaking prompts/response. At least the failure will be immediate and will not require any CPU intensive cryptography before the disconnect. Port knocking (properly, intelligently implemented) is not an authentication measure, but anti-DoS, anti-scan & anti-brute-force measure. Only after successful port knocking the regular, CPU-intensive authentication can be attempted. Without proper port knock nearly all port-scans will fail and nearly all incoming packets are ignored. The objective is to prevent from creating any meaningful load on the defended equipment, no matter what the network protocol is being attacked. I find it quite common that people underestimate the CPU and network load that the SSH daemon under attack can create on a machine. I wouldn't be so quick to venerate Cisco IOS either, considering last year they were caught using unsalted base64 in their so-called new and improved IOS Type 4 hash used for IpSec auth http://tobtu.com/cisco4tosha256.php I don't consider Cisco's implementation (Lock&Key) a "venerable" implementation, it is basically a telnet login (on an alternate port) that always looks like failure. But it is reasonably successful in its main goal: drastically reducing the CPU load on the attacked router/switch and making brute-forcing of any equipment behind it impossible. For any OS different than Cisco IOS there are much better port-knocking implementations available. But the Cisco's implementation is probably the most widely used one and therefore still worth mentioning despite being phased-out and considered obsolete. |
|
|
|
That hasn't kept Svartholm out of solitary confinement since being shipped back to Sweden, so that's not a very good example. I suspect keeping them 'out' is more useful than not-looking-suspicious on the internet. Ulbrich was in a public library when he was arrested, using what was presumably public wifi, so using public resources does not constitute a good defense--as you've said, it's obvious who dun it.
Well, the Svartholm case is still open, but is the good example of "prosecuting a person" is not the same as "prosecuting a computer with certain IP address". There are other cases, where such a defense was successful. While I don't know the specifics of Ulbrich's case I recognize a pattern in similar cases: getting lazy and mentally attached to the same laptop with favorite OS, same network adapter, same phone, same SIM-card, etc. Nobody will comment publicly on pending/unsolved cases, but I've heard some non-public comments from my friends in IT. I've also seen what a skilled sys-admin can do on a Windows Home Edition hotel-loaner machine with telnet and IPsec control panel. I think I have a broad understanding of which cases weren't prosecuted and why. But in general discussing security on an open forum is difficult for a professional. Nearly every person that I know will have the knowledge that is "off record" and shared only with friends. There's this old saying: "Those who know, don't tell. Those who tell, don't know." |
|
|
|
The server running Telnet or sshd, not the client.
Feds already had the server, they didn't need to hack into it. The feds were trying to locate the owner of the server and collect the evidence. No, you proposed port knocking, and kerberos and telnet. Wide open to replay and timing attacks. I proposed adding rounds to OpenSSH on the server, and keeping an encrypted custom version of OpenSSH because the server won't even talk to any clients that don't know the algorithm, that you can download, decrypt and run in under 30 seconds with any live CD.
I proposed to use widely known & deployed technologies (IPsec&Kerberos) for which attacks are theoretical/academic or of concern to the paranoia-security-set only. A form of port knocking is still widely deployed and used on nearly all Cisco IOS routers/switches (Cisco Lock&Key) and nobody is proposing that as an only line of defense, only as the first one, essentially a defense against port-scanning and password-brute-forcing. What you proposed is a textbook example of "security by obscurity": changing a constant in the cipher implementation. I still think that "security by obscurity" is a valuable tool in evasion and counter-intelligence, but not discussed in the cryptography textbooks. So custom crypto engineering is 'fraternity' level while running telnet and kerberos, behind port knocking will defeat the FBI. I look forward to your white paper
I reread your posts in this thread and I noticed that you've numerous times tried to switch the subject of the discussion. Normally I would suggest the standard "switch to decaf", but this thread is about Silk Road and they didn't sell coffee. So I don't know what you should switch to, sorry. |
|
|
|
The federal agent with the telnet or SSH 0day won't be slowed down by port knocking. A secret algorithm however is a different story.
Yeah, mythical omnipotent "Feds" with access to secret OS-independent "0days" that hack back the telnet clients (not the server)! I think this the new height of paranoia that I've encountered. Also, how would they know you maintained the bitbucket server when you access it through Tor, and the only thing sitting on it is an encrypted file with no knowledge of what's inside. You could also just download regular OpenSSH from the yandex.ru openbsd port mirror and manually edit it, compile and run, all in Tails easily, or another live distro. You could do this on a phone running Replicant, I build my own kernels on the device should be no prob building OpenSSH.
He could of also run a paid botnet with tinyscheme, puppet and emacs receiving ED25519 signed JSON feeds never having to touch http/ssh/anything. Could have automatically moved his servers every x amount of time inside a sea of 300+ decoy gateways and it would have cost him under 1% of his revenues. I guess he also could have lived in Russia too for that matter.
I don't think you have your threat model right for the things you keep proposing. Or maybe you keep changing your threat model, I don't fully understand your writing. What I proposed was an excellent defense for a single person trying to evade being by using various locations and various machines with various OS-es. As a second line of defense if located that single person wants to hide behind plausible deniability to evade or weaken prosecution. What you were originally proposing (modifying a cipher by changing an implementation constant) would be a decent defense for an already known group of people (lets say a fraternity) who want to hide their internal communication from competing groups (other malicious pranking fraternity) and also spread and weaken possible prosecution of their own malicious pranks. |
|
|
|
Load up tails
Connect to private bitbucket clone you made and download new OpenSSH over Tor
Run it
Reboot all evidence is gone.
If you're busted they find a generic tails disc. Obviously what you download from the private bitbucket server will be encrypted, preferably with AES-GCM or anything that isn't block encryption/XTS for reasons Niels Ferguson laid out in his objections about XTS to NIST. (read his paper, mind blown).
I still disagree with you. The knowledge and access to "the private bitbucket server" is still very incriminating. And this: Port knocking makes the operator feel secure, it doesn't actually do anything except security through obscurity.
is just a trope. Security through obscurity is an excellent defense when the defending group is small (like one person). Intelligent port knocking will look quite innocuous and will enable a range (or ranges) of possible sources, not a single address. And instead of SSH (Swiss Army Crutch of bad sysadmins) use good old telnet reinforced with IPsec or Kerberos. |
|
|
|
In the future, should anybody be foolish enough to run a similar service and risk life in prison, this is not how it's done. If you're going to go for security through secret kind of a deal to protect your open SSH port then manually add +x amount of AES or ChaCha20 rounds to OpenSSH on both the server and your client. Now only that specific SSH install can even negotiate a session. ie: add 3 rounds to AES, every attacker must have exactly same setup. This is much better than port knocking security theater or pasting in your VPN IP so the FBI can use it to find you.
Your advice is questionable legally and operationally. 1) From the legal point of view, finding such a modified software would be a definite proof that the law enforcement located a true culprit 2) From the operational point of view the need to compile/carry your own modified software makes it difficult to be truly mobile and evasive While "port knocking" could be construed a "security theater" it has offsetting advantages. 1) From the operational point of view intelligent port knocking can be done without specific tools. You can do it yourselves from any computer or you can describe it to somebody over the phone and have unrelated people knock on your ports to disperse the attention and the resources of the adversary 2) From the legal point of view it would be easier to "reasonably deny" the actions made using a shared/unmodified computer. Like one of the PirateBay guys who's now imprisoned and all the evidence prosecution has was from a machine anyone in his office could access. |
|
|
|
So in order to run both bitcoind and testnet at the same time do I make two bitcoin.conf files and place one in the .bitcoin directory and one in testnet3 directory with different port settings?
It works just fine (and for more than one coin) provided: 1) don't change the coin's default P2P port, you'll get de-prioritized and will get less connections 2) the arguments processing is somewhat convoluted and the "testnet" daemon will look into "mainnet" .conf file, therefore it is better to have single such file and set the "testnet" (and others that you want to differ) through the command line. You can leave "port" and "rpcport" at the defaults. I've been running 4 coin daemons on a single computer with a single hard-linked *.conf file for many years now. Edit: I forgot about one thing: 3) it seems like some hackers monitor coins P2P networks for IP addresses running multiple daemons and do extremely aggressive scans for hackable services on those addresses. Maybe they think that they discovered a coin exchange or some such high-value target? Don't know the real reason, but observed this effect multiple times. So if you are e.g. running sshd on the default port on the same IP address prepare to have serious CPU load from failed ssh login attempts. |
|
|
|
|
Raspbery Pi actually has a very efficient parallel processor available on chip: AlphaMosaic VideoCore. The problem is that its architecture and toolchain are secret and can only be obtained after signing a very expensive NDA with Broadcom.
Programming AmVc would certainly be very stimulating intellectual experience, but you won't be able to share it here.
|
|
|
|
Not so. We proved there were no semantic leaks from OpenSSL in the numbers on the stack via exhaustive testing some time ago and removed all use of OpenSSL from the script code (except the calls out for signature verification, of course— so only signature verification and the accompanying signature serialization are handled by it).
So this "semantic leak" is now only apparent in the block layout on the wire and on the disk? But the "abstract virtual machine" of Bitcoin script cannot discover its internal bit ordering? Do I understand you right? 1b) ostensibly allowing emulating iteration by mutual recursion of P2SH invocations
Also not so, very intentionally not. Then can you state again what is the possible attack that the "opcode limit" is protecting against? Thanks. |
|
|
|
We are not talking about von Neumann architecture. We are talking about a small non-TC stack machine without mutability and a fixed opcode limit. In this case the set of allowable programs absolutely does shrink, and more importantly, the space of accepting inputs for (most) given scripts shrinks. This is easy to see --- consider the program OP_VERIFY. There would be one permissible top stack element in a typed script; in untyped script every legal stack element in (0x80|0x00)0x00* is permissible.
That said, nobody actually said that anything about the space of provable programs. What I said is that script would be easier to analyze. This is obviously true because of the tighter restrictions on stack elements, as I already illustrated. As another example, consider the sequence OP_CHECKSIG OP_CHECKSIG which always returns zero. One reason this is true today is that the output of OP_CHECKSIG always has length one while the top element of its accepting input always has length > one. To analyze script today you need to carry around these sorts of length restrictions; with typing you only need to carry around the data that CHECKSIG's output is boolean and its input is a bytestring.
I'm sorry I haven't kept with the advances in the theoretical computer science. But I believe we have already discussed the "non-TC" chestnut here and the consensus was that one can abuse P2SH to escape the "no-loops" restriction. Let me try to dig the thread and I will edit this message later. Edit: https://bitcointalk.org/index.php?topic=431513.msg6533466#msg6533466The operative words were "opcode limit" in the "Turing complete language vs non-Turing complete (Ethereum vs Bitcoin)" thread. |
|
|
|
I absolutely agree that additional type data makes for software which is easier to analyze. The question isn't the result of the program being provable, the question is of the implementations of the interpreter being simple enough to have even a small chance of having multiple absolutely identically behaving implementations, since we are performing this inside of a consensus system.
You continue to miss the point completely.
I apologize for writing too ambiguously the first time. I'm going to try to linearize my thoughts better now: 1) Given the current Bitcoin script language with the following problems (amongst others): 1a) implicit conversions between integers and bit strings with semantics depending on precise detail of OpenSSL implementation (word size, word order in a large integer, byte order in a word) 1b) ostensibly allowing emulating iteration by mutual recursion of P2SH invocations 2) a non-binary compatible but only morally-compatible scripting language featuring: 2a) explicit type conversion operators and type tagging of the stack storage, in particular clean conversions between integers and bit strings 2b) somehow type-safe or type-checking implementation of P2SH invocation that verifies both arguments and return values 3) will allow writing a completely new scripting interpreter 3a) in a theoretically strong programming language like a Lisp subset that is provable (Lisp because I'm most familiar with it, but there are many other candidates, I did not keep up with recent developments in the theoretical computer science) 3b) that can be mechanically/automatically verified and proven to obey certain theorems and conditions 4) said interpreter then can be translated 4a) to C/C++/Java/etc. via completely mechanical translation or manual pattern-based transliteration of a very restricted subset Lisp to be incorporated in a software-only implementation 4b) to SystemC/Verilog/VHDL/etc. to be synthesized into a logic circuit (with stack memory) for the hardware-assisted implementations and for additional verification The 4a) output in a restricted C++ subset could then replace the current, completely improvised, implementation in Bitcoin core. Because of subset C++ use it most likely would be longer in terms of lines of code, but it would be also much simpler to analyze. The 3b) step has an additional problem that all the existing Lisp provers use only conventional ring of integers arithmetic. Since Bitcoin depends on an elliptic curve over a finite field the proving software would have to be extended to efficiently handle that. From my school days algebra I remember that the stratification group->ring->field significantly influences the complexity of proofs. Sliding back from "ring of integers" to "abelian group of elliptic curves" could potentially greatly reduce the set of theorems that could be mechanically proven. I realize that the points 1-4 still read like a complex sentence in a patent application. I'm not good at writing easy to read essays. But from the purely technical point of view the two-level process is the way to maximize correctness (1st language for proving/verification, 2nd language for implementation/integration). |
|
|
|
Typed data on the stack makes writing correct code much harder, I can't say that I've ever wished for that. I general prefer the stack be "bytes" and everything "converts" them to the right type. Yes, additional constraints would make things like your provably undependable code easier, but they do so by adding more corner cases that an implementation must get right. I'm also a fan of analyizability, but that always has to be second seat to consensus safeness.  This claim about "typed data" and "provability" is false. There are actual proofs of that coming from the people involved in designing/implementing Algol 68. I don't have any references handy, but in broad terms the progression "classic Von Neumann" -> "type-tagged Von Neumann" -> "static-typed Von Neumann/Harvard modification" strictly increases the set of programs that have provable results. I also remember than in the USA IBM did pay for some academic research about "PL/I without implicit type coercion" that had similar results. As an aside to the theoretical results: in school I had side income helping debug/fix/extend several RPN-style / Forth-style language interpreters including then-popular commercial implementations by Tektronix & HP in their IEEE-488 lab-control equipment. For that application type-tagging was (and is) a godsend both for human programming and for automated program analysis/translation. |
|
|
|
I just went and measured. In the wake of the mess of power cables, airflow is around 2.3 m/s. In a similar position above, not in cable wake, airflow is about 3.8 m/s. If you feel around with your hand, the effect is quite distinct. There is no noticeable effect from ethernet cables, though.
The performance and reliability of most servers is not significantly affected by airflow resistance. If a server gets a little bit too hot, it increases the fan speed. With SP30s, the fans are running full blast anyway, and the performance is affected by internal temperature. I would think that this would be a bit more sensitive than MTTR/MCTR for some 10 kW racks.
Imagine what you could achieve if you actually opened the Spondoolies' cases and blew the air over their radiators using large centrifugal fans. Obviously, don't do that with customer's equipment, experiment with your own. I understand that as a prepaid hoster, you care very little MTTR/MCTR, downtime isn't hitting your pocket. Also, the expected useful lifetime of Bitcoin miner is much shorter than a general purpose server, so you may in fact see very little failures before your customers liquidate their equipment. I've posted couple of months ago on the Spondoolies' thread regarding just that: Just take away the external metal casing. Flip the machine on its side. Borrow a good centrifugal "air mover" from a neighborhood water damage repair contractor and some baffling that they use to direct the air. Also borrow a contact-less thermometer to understand the why the SP10 casing is badly designed for cooling and creates unnecessary temperature gradients. I don't know if Spondoolies' firmware has a "seized fan" shutdown programmed in, so you'll have to experiment with which fans can be removed.
The alternative is just to dress in your best cold weather clothes and photograph yourself near your Spondoolies' machines. You'll have a nice memento.
I haven't used Spondoolies' hardware personally, but I do have relevant experience of restarting bankrupt batch data processing facilities filled out with racks of 1U and 2U hardware from Dell and Sun. It had the same symptoms: the bottom was getting hot and the intake air had to be really cool. Neither Dell nor Sun field service technicians were giving us any trouble after seeing our temporary facility w.r.t. warranties and service contracts. We've actually lowered the rate of faults due to seized fans and accumulation of dust and debris. Only hard drive failures had increased.
The physics of it is really simple: it doesn't make sense to first concentrate the heat only to dissipate it right afterwards. But my point of view is different than yours, you are just providing the hosting service, whereas I talk like end-user minimizing the overall costs. Your customers obviously do care about the appearances, whereas I cared much more about things like avoiding downtime, minimizing staff workload, maximizing their morale and nearly zero about how it looked. |
|
|
|
You only pay for the power you use. If you have a 1 MW transformer connected and energized, it only uses about 10-15 kW of power (the so-called no-load losses due to imperfect magnetic properties of the iron in the transformer). At $0.10/kWh, that might cost you $1000 a month. If you connect 200 kW of bitcoin miners, it then costs you about $15,800 per month. Add in the air conditioning costs for those miners, and you're looking at something in excess of $20,000 per month.
The amount of power used by an air conditioner is related to the load. Many people calculate A/C load in terms of square footage, but that is only accurate when the load is mostly conductive losses through walls and ceilings plus typical office-type equipment. Once you start adding loads like Bitcoin miners, the amount of time your A/C unit has to be on goes way up.
"Keeping the lights on" uses a very small amount of power. Typical lighting loads might be 1.5 W per square foot. Our server racks, once full, will use about 500 W per square foot. One server rack full of SP30s uses several times as much power as all the lights in our building.
If a real estate agency is paying for this while a building is between tenants or up for remodeling, they are either going to be pissed off or they are not paying attention. My guess is the latter.
Essentially there's nothing wrong with what you wrote above, except that it shows that you don't understand the needs of a premium property landlord. "Keeping the lights on" takes much more than simply keeping the light on: the property needs to be attractive, safe, desirable, etc. To be honest I don't completely understand the large landlords either, but at least I spoke (not negotiated) with them on several occasions and have some understanding. Neither did I work for Victoria's Secret, but again spoke with friends who did. What I could say: If somebody comes with an idea how to turn hot aisles in their Bitcoin mine towards the windows and combine it with bikini fashion show in those hot aisles, then landlords like CBRE will offer you really competitive electricity prices with their leases. The only downside will be that you'll have to travel worldwide, but again CBRE will cover the costs. I have seen some rate schedules for power usage that are use-it-or-lose-it, or where you get a sudden decrease in price if you use a little more power. In a case like that, I can see how it might make sense to consume more. For the real estate case, though, I'm either not following your argument or not agreeing with it.
I get a tingle that you are getting closer to understanding dealing with large landlords. Nope, but poorly arranged cables impede airflow. The power cables (not pictured) are a more significant contributor to airflow resistance. Also, haphazardly wired network cables result in mistakes during maintenance.
Ha ha, impeded airflow! One of my coworkers had actual numbers for MTTR (Mean Time To Repair/Reconfigure/Replace) and MCTR ('Cost' instead of 'Time') for tight racks vs. slack racks (after a merger of two companies with vastly different cultures) and the numbers aren't supporting the claims of the OCD crowd. I however understand your position when marketing yourself to the owners of Spondoolies' hardware which is in large part "status symbol" crowd. |
|
|
|
Oups. Sorry. My bad English.
Not care, but responsibility.
We see all users behind the NAT as one user and kick/ban him
We can't distinguish with guarantee a situation of one or several users.
Each node has a right to kick connection or ban IP, even it is IP for whole continent
Obviously they have the "right to kick/ban". The question: is do they really want to do it? Stupid anti-DoS defenses are actually quite common way how people loose market reach of their web portals when their target audience moves to a different way of accessing the Internet. |
|
|
|
|
Show Posts
