I'm excited (and a bit terrified) to announce the upcoming launch of RentAHash (RAH), an intermediary system designed to connect buyers and sellers of hashing power in a manner efficient and safe for both involved parties and the chief consumer of my Friday nights over the past few months. Think GPUMAX, just less sucky and not run by a $5M USD Ponzi operator.
First, a disclaimer:
I am a legal minor (age 17). Some members here, for reasons I do not entirely disagree with, prefer to avoid conducting business with minors. My age is neither a hindrance nor an excuse, but if you wish to avoid RAH because of it, let this serve as fair warning. If you have legitimate concerns with my ability to successfully execute a project such as this due to my age, by all means, let me know, but otherwise I have no desire to debate or argue over this.
This community being what it is (40% ex-SA trolls, 30% clueless idiots, 10% intelligent assholes, 10% blatant scammers, 5% psychopaths, 2% bored college kids, 2% eccentric entrepreneurs, 1% Phinneaus Gage, and 1% people who can't count), I think I'll somewhat reverse the usual marketing strategy and start off by attempting to convince you that I fall into whichever of those categories you find least objectionable.
When GPUMAX launched, quite a few prominent members of this community expressed concern over the danger this kind of service could pose to the network. Mike Hearn put it best upon the launch of a similiar service "Hashpower" a few months ago:
Please do not sell hash power like this.
Services like Hashpower and GPUmax are fundamentally bad for Bitcoin. They decrease the security of the network and increase the risk of double spends. They are inherently against the basic design of Bitcoin which is that by mining, miners express their support for a particular chain. By selling your hash power to anonymous miners who may or may not be doing things you would agree with, you make it radically easier to mount an attack on the network.
If the owners of hashpower.com were here, I would ask them to shut their service down. But as they aren't, I will ask you to boycott it instead.
Never forget that mining is voting. It is not just a way to make a quick buck. If you sell your shares you are selling your votes.
While I agree with most of Mike's excellent points, I actually think that this kind of service will help, not hinder, the network. Moreover, I think may even be necessary for the network. Crazy? Perhaps, but hear me out.
First, to address Mike's concerns:
Security risks associated with "anonymous" miners:
RentAHash is pseudononymous much as Bitcoin is. While usernames, IPs, and other such potentially identifying information are not public, the current active clients (share purchasers) are publicly displayed (connection information, name if applicable) along with the approximate amount of hashpower being directed their way. Miners, if they so wish, can limit their share destinations through their choice of either a whitelist or blacklist (default-deny/default-accept). Whether they choose to do so or not, no one can "secretly" purchase hashpower through RAH, just as no one can "secretly" send bitcoins.
Risk of double-spends:
RentAHash limits any individual client to approximately 5% of the current total network hashrate (clients are manually reviewed upon submission to ensure no duplication or proxying takes place). Once a running order has reached this speed, the system automatically adds another order with a different client running in parallel to the first. This continues indefinitely as required; order parallelism is unlimited (the backend algorithm is a bit more complicated, but this is essentially what happens).
"Selling votes":
This is true for RAH just as it is true for pool mining. You take a risk by selling your shares to any potentially untrustworthy entity in return for the reward of increased revenue. If you can realistically solo mine, I encourage you by all means to do so. Most of us, however, don't have that ability. RAH minimizes this risk as much as possible by allowing you full control over where your shares do or do not go. You can use whitelist (default-deny) filtering, blacklist (default-accept) filtering, or no filtering if you should so prefer.
Now, some benefits:
The myriad of pools, protocols, reward division methods, fee structures, share difficulties, and the like is intimidating and confusing, especially for those new to Bitcoin. RAH gets rid of nearly all of this.
Ease of connection:
To mine at RAH, all one need do is register for an account, enter a URL into their miner, and press enter.
Simple, understandable fees and payment:
Fees are 2% flat globally and applied to clients (share purchasers) only, miners need not deal with them at all. Payment is simple PPS, tracked and visible sitewide.
Competitive, open market:
Clients bid for shares; the client (or clients, if multiple orders are running) with the highest bid at any given time receives shares. All relevant market data is completely public. (read: fancy statistics and pretty charts)
Share difficulty independence:
Shares are tracked, purchased, and paid for on a difficulty 1 equivalent basis; though difficulty is set by the client in question, miners need not understand or deal with it at all.
Protocol conversion:
We support all three major protocols (Getwork, Stratum, and Getblocktemplate), and convert between them when possible. Neither miners nor clients need concern themselves with this. Clients set the order protocol at time of purchase, miners connect with whichever protocol they prefer. Our system handles all the rest.
Security:
No system is impenetrable, but we try to approach as close to that asymptote as possible through systemwide default deny, multiple safeguard levels, automated monitoring, and frequent penetration testing.
A few specifics to note:
1) All user data is completely immutable from creation. No one can hack your account and withdraw to a different address, simply because it is impossible to change the withdrawal address of an account. (The only exception: If you absolutely need to, you can sign a password change request with the Bitcoin address registered when you created your account, though this is intended only for emergency use.)
2) Emails are never required or used. To access your account, an attacker must possess both your username and password. To actually steal money from it, they need your username, password, and private key, in which case you're probably screwed anyway. (Constructing arbitrary-high PPS value orders to quickly empty an account is, however, possible; there is no easy way to prevent this. Though our automated monitoring system should theoretically flag the order for manual inspection and shut it down, we highly recommend that you keep your password safe. If password security is an recurring issue for you, I recommend a password manager such as KeePass)
3) We have an active bug bounty of value proportionate to the severity of the exploit. If you find one, let us know - we'll pay you, no questions asked.
And lastly, why is it necessary?
In short, Bitcoin is transitioning from the plaything of early adopters with deep pockets to a serious contender in the financial scene. We just recently hit a $1 billion market cap. Especially with recent fiascos in the EU and general global economic instability, this currency is attracting interest from more than just the far reaches of the early adopter side of the bell curve. With that comes popularity, soaring prices, and optimistic predictions, but also danger. So far, we've been hit with a few psychopath Ponzi operators, many less prominent scammers, a few private key thefts, and a handful of network exploitation attempts. Nothing even near catastrophic. I suspect that, no matter what measures I implement, some hacker cleverer than I will probably attempt to use RAH to implement a double-spend attack. Better the network face that now, in a protected, monitored, limited, and easily terminatable enviroment, rather than when a major government decides Bitcoin is a thread, invests a few million in ASICs, and brings the network to its knees in a matter of hours.
All the above said, the last thing I want to do is hurt, whether directly or otherwise, the Bitcoin network and by extension Bitcoin itself. I'd appreciate any thoughts, concerns, criticism, or comments you'd be gracious enough to send my way. And if RAH ever becomes a serious threat to the network, I will shut it down immediately, regardless of personal cost.
The site is mostly built; I'm putting on a few final touches and running a smorgasbord of tests at this point. Launch will probably happen in a few weeks, assuming nothing goes awry. I put this thread up in an attempt to garner useful feedback, suggestions, concerns, comments on my personal hygiene, large-font trolling, stupid youtube links, etcetera.
Fire away!
