Fairbrix fiasco

[michaelmclees]

As those of you who keep an eye on this thread know, I recently led a Tenebrix spinoff, Fairbrix, project.  There is likely some confusion as to what happened.

First, I would like to make clear that I am not a programmer.  I don't understand much of what is involved in the creating of Bitcoin-style cryptocurrencies.  That said, there were a few people who helped me along the way, doing most of the work, if I'm honest.  As far as I'm concerned, none of them intentionally misprogrammed anything or attempted to attack Fairbrix after either release.

So do we think what happened?  The initial release was flawed, in that a programming error made every found block after 100 worthless.  Why was this not found earlier?  I was attempting to resolve the problem of premining.  Instead of mining lots of blocks myself or loading the genesis block with millions of coins, I tried to keep the promise I had made that as many people as possible could mine the initial coins before things got difficult.  In retrospect, this was a mistake, as mining the 150 blocks as I said I would, would have revealed the problem.

After the problem was discovered, we had a chat in IRC about it and decided to re-release Fairbrix, this time with the blocks after 100 properly generating coins.  Unfortunately, the release was not accompanied by a good (easy) Windows release.  Linux users and those familiar with Git (I am not) began to mine away, confirming that the new code was good.  Later, a successful Windows build was released.

By this time, many of the initial users were still working with the original release, and others, growing frustrated with the haphazard nature of the release, gave up altogether.  These things combined meant that an inadequate amount of hashing power was being devoted to the Fairbrix re-release.

At some point, someone with significant power attacked the chain, forking it, and invalidating everyone else's coins.  And here we are.

I expect a better release, under a new name to come.  It will be properly tested and released to thwart potential attackers.  Stay tuned.

[freequant]

michaelmclees, your chain is up and running fine now.
All you need is not a new "better" release, but more hashing power to protect the blockchain against attacks.
If you keep rebooting the coin and resetting the blockchain, people will just give up.

[zillagod]

I expect a better release, under a new name to come.  It will be properly tested and released to thwart potential attackers.  Stay tuned.

I wouldn't do that until you know what happened. I expect you'll find that it was a result of old & new clients working the same chain. If you reboot it yet again I doubt many will both with it.

[Bobnova]

If you do reboot it, change the initial block so the old clients can't cause issues.

[caston]

This was supposed to be called FairBrix not UnfairBrix.

[iopq]

This was supposed to be called FairBrix not UnfairBrix.

it was actually supposed to be called FailBrix but someone made a typo

[worldinacoin]

Maybe you should try to plug the 51% vulnerability first before releasing it again.

[coblee]

Maybe you should try to plug the 51% vulnerability first before releasing it again.

How do you plug the 51% vulnerability?

[worldinacoin]

Maybe you can check with how Geistgeld did it?

[coblee]

GeistGeld doesnt have this vulnerability plugged. GG fixed the ArtForz attack, which is also fixed in Fairbrix and Tenebrix. The 51% attack exists in all crypto currencies.

[zillagod]

Is it possible that the solution to "GPU Hostile" crypto-currencies lies within the IE9 Hardware Acceleration and an older lesser known work around for previous anti-parallel computing by the cryptocommunity?

Maybe a modded hardware accelerator could turn GPU's into APU hybrids and could crunch at tens of thousands times faster than every CPU on the network combined. A mere 1 GH /s machine would be a beast...I would shutter to think what a 68 GH /s farm would do.

I would love to claim this as my own idea but it in fact is the (theoretical) brain child of a couple of iOS engineers I know. They (theoretically) adapted it from from previous failed attempts at cryptographers to prevent parallel computing in cracking MD5 hashes.  "GPU Hostility" was solved a while back.

I would also speculate that someone needed a testnet and really didn't want to disrupt Tenebrix as there is already an exchange and pool. I would venture to say this theoretical attacker may in fact have nothing against Fairbrix and is developing a Solidcoin killer.

All just theory on my part.  

~BCX~


PS I would also guess the test is complete and I wouldn't worry about it.

And that, theoretically, would be fscking hilarious. One would hope that this theory would be published at some point, after the testing is done, of course.

[Bitcoin Oz]

Is it possible that the solution to "GPU Hostile" crypto-currencies lies within the IE9 Hardware Acceleration and an older lesser known work around for previous anti-parallel computing by the cryptocommunity?

Maybe a modded hardware accelerator could turn GPU's into APU hybrids and could crunch at tens of thousands times faster than every CPU on the network combined. A mere 1 GH /s machine would be a beast...I would shutter to think what a 68 GH /s farm would do.

I would love to claim this as my own idea but it in fact is the (theoretical) brain child of a couple of iOS engineers I know. They (theoretically) adapted it from from previous failed attempts at cryptographers to prevent parallel computing in cracking MD5 hashes.  "GPU Hostility" was solved a while back.

I would also speculate that someone needed a testnet and really didn't want to disrupt Tenebrix as there is already an exchange and pool. I would venture to say this theoretical attacker may in fact have nothing against Fairbrix and is developing a Solidcoin killer.

All just theory on my part.  

~BCX~


PS I would also guess the test is complete and I wouldn't worry about it.

Everywhere you go cancer happens.

[bulanula]

Is it possible that the solution to "GPU Hostile" crypto-currencies lies within the IE9 Hardware Acceleration and an older lesser known work around for previous anti-parallel computing by the cryptocommunity?

Maybe a modded hardware accelerator could turn GPU's into APU hybrids and could crunch at tens of thousands times faster than every CPU on the network combined. A mere 1 GH /s machine would be a beast...I would shutter to think what a 68 GH /s farm would do.

I would love to claim this as my own idea but it in fact is the (theoretical) brain child of a couple of iOS engineers I know. They (theoretically) adapted it from from previous failed attempts at cryptographers to prevent parallel computing in cracking MD5 hashes.  "GPU Hostility" was solved a while back.

I would also speculate that someone needed a testnet and really didn't want to disrupt Tenebrix as there is already an exchange and pool. I would venture to say this theoretical attacker may in fact have nothing against Fairbrix and is developing a Solidcoin killer.

All just theory on my part.  

~BCX~


PS I would also guess the test is complete and I wouldn't worry about it.

May this attacker actually be you and your buddies over at Cupertino ?

[caston]

The other possibility is that the windows binaries were in some way different to the linux source so when the Windows users came online there was a sudden net split.

[Lolcust]

Given that the net currently operates as intended with same windows binaries around, no, that is not consistent with evidence.

Having said that, did anyone invite theymos to take a look at the blockchain ?

[CoinHunter]

Is it possible that the solution to "GPU Hostile" crypto-currencies lies within the IE9 Hardware Acceleration and an older lesser known work around for previous anti-parallel computing by the cryptocommunity?

Maybe a modded hardware accelerator could turn GPU's into APU hybrids and could crunch at tens of thousands times faster than every CPU on the network combined. A mere 1 GH /s machine would be a beast...I would shutter to think what a 68 GH /s farm would do.

I would love to claim this as my own idea but it in fact is the (theoretical) brain child of a couple of iOS engineers I know. They (theoretically) adapted it from from previous failed attempts at cryptographers to prevent parallel computing in cracking MD5 hashes.  "GPU Hostility" was solved a while back.

I would also speculate that someone needed a testnet and really didn't want to disrupt Tenebrix as there is already an exchange and pool. I would venture to say this theoretical attacker may in fact have nothing against Fairbrix and is developing a Solidcoin killer.

All just theory on my part.  

~BCX~


PS I would also guess the test is complete and I wouldn't worry about it.

Caitlin Upton, is that you? Dressed up to look like an internet troll? Well let's see, I carefully analysed your text bitcoinexpress and summed it up like this.

I personally believe that U.S. Americans are unable to do so because, uh, some . . . people out there in our nation don't have maps and, uh, I believe that our, uh, education like such as in South Africa and, uh, the Iraq, everywhere like such as, and, I believe that they should, our education over HERE in the U.S. should help the U.S., uh, or, uh, should help South Africa and should help the Iraq and the Asian countries, so we will be able to build up our future, for our children

[FreeTrade]

As those of you who keep an eye on this thread know, I recently led a Tenebrix spinoff, Fairbrix, project.  There is likely some confusion as to what happened.

First, I would like to make clear that I am not a programmer.  I don't understand much of what is involved in the creating of Bitcoin-style cryptocurrencies.  That said, there were a few people who helped me along the way, doing most of the work, if I'm honest.  As far as I'm concerned, none of them intentionally misprogrammed anything or attempted to attack Fairbrix after either release.

So do we think what happened?  The initial release was flawed, in that a programming error made every found block after 100 worthless.  Why was this not found earlier?  I was attempting to resolve the problem of premining.  Instead of mining lots of blocks myself or loading the genesis block with millions of coins, I tried to keep the promise I had made that as many people as possible could mine the initial coins before things got difficult.  In retrospect, this was a mistake, as mining the 150 blocks as I said I would, would have revealed the problem.

After the problem was discovered, we had a chat in IRC about it and decided to re-release Fairbrix, this time with the blocks after 100 properly generating coins.  Unfortunately, the release was not accompanied by a good (easy) Windows release.  Linux users and those familiar with Git (I am not) began to mine away, confirming that the new code was good.  Later, a successful Windows build was released.

By this time, many of the initial users were still working with the original release, and others, growing frustrated with the haphazard nature of the release, gave up altogether.  These things combined meant that an inadequate amount of hashing power was being devoted to the Fairbrix re-release.

At some point, someone with significant power attacked the chain, forking it, and invalidating everyone else's coins.  And here we are.

I expect a better release, under a new name to come.  It will be properly tested and released to thwart potential attackers.  Stay tuned.

Thanks for your candor, Michael.

I'd like to see you succeed with this - clearly you don't have the right technical skills and need lots of hlep, but you have the right attitude.

I'd like to suggest that when you relaunch, you premine enough to distribute to people who had successfully mined in previous attempts rather than wiping them out. This supports people who support you, is fair, and will give confidence to people if the next attempt doesn't go successfully their support won't be wasted.

Disclosure: I didn't manage to successfully mine any Fairbrix myself so I don't seek any distribution.

[worldinacoin]

I have a connect of 3, 2300 blocks but doesn't seem to increase further.  Is it normal or is there any issues?  I have opened the port.

[michaelmclees]

I have a connect of 3, 2300 blocks but doesn't seem to increase further.  Is it normal or is there any issues?  I have opened the port.

I've got 6 with blocked ports and blocks are downloading normally.  5706 blocks right now.

[worldinacoin]

I deleted everything and reinstall it now loads quite ok at more than 5740 and 6 connections.  It was ok on one computer, not ok on this computer till now.

[dayfall]

One of these altcurrencies needs to attempt to implement a forked chain detection algorithm.

[thirdlight]

I have a connect of 3, 2300 blocks but doesn't seem to increase further.  Is it normal or is there any issues?  I have opened the port.

That was the old version. Count is now 2303. Someone somewhere is still mining...

[michaelmclees]

I don't know why anyone would mine that.  For all I know, it's still producing blocks with 0 coins.

If you wish to mine Fairbrix, https://github.com/coblee/Fairbrix is the one to use.

[Red]

Why don't you add in a rolling block lock. Say locking blocks 1 hour old. That would limit any CPU attack to the ability to only erase transactions less than an hour old.

I know about the chicken and egg problem. How do anonymous peers know which block to lock? But in this case there is one known "non-anonymous" peer that is implicitly trusted. It is owned and operated by "michaelmclees".

When you reach critical mass and add an exchange to the fairbrix network. That adds a second non-anonymous peer. Though no one will "implicitly" trust the exchange, if miners go with a fork unsupported by the exchange there will be no place to reap their rewards.

If an exchange changes forks, it would result in brix they sold to customers for dollars disappearing. Since the exchange is non-anonymous actual police are likely to show up and arrest them for fraud. I presume exchanges will be monitoring any chain swap attacks closely.

[Lolcust]

Exchanges already have just such a mechanism (though timestamp-based locking holds promise too... anyone willing to try thing out on GeistGeld ?)

[Red]

Exchanges already have just such a mechanism (though timestamp-based locking holds promise too... anyone willing to try thing out on GeistGeld ?)

Just curious, what mechanisms to the mechanisms to the exchanges currently use?

[Lolcust]

Exchanges already have just such a mechanism (though timestamp-based locking holds promise too... anyone willing to try thing out on GeistGeld ?)

Just curious, what mechanisms to the mechanisms to the exchanges currently use?

Basically, they watch out for reorgs that affect more than their "confirmation horizon" and shut trades down. Recent fairly cunning i0coin run-in managed to get around that, though (don't recall the details) so those mechanisms might need some refining.

For all practical intents and purposes that is "kinda lock-in"

[Red]

For all practical intents and purposes that is "kinda lock-in"

Yes, I completely agree. I've been away from the *coin world for about a year. Just trying to get the lay of the land.

I always thought the original bitcoin philosophy, of defending everyone's shared history based on the implausibility of >51% CPU power attacks, died when coders put in the first hard coded block lock. Since then the question has been, "How much history can we leave at risk?" What you call a "confirmation horizon" is exactly what I am suggesting. Otherwise, the definition of "confirmed" becomes non-sensical.

I figured exchanged must have long ago solved this problem. It simply doesn't make any sense for multiple exchanges to trade on different branches. The notion of, "Everyone stop trading, while we (exchanges) discuss this among ourselves." makes perfect sense.

[Lolcust]

It's not so much "discuss among ourselves" as "A girl in Brazil is reorging the blockchain! SHUT ! DOWN ! EVERYTHING !!!"

[Red]

LOL!  New meme for me. Woot!

[iopq]

Basically, they watch out for reorgs that affect more than their "confirmation horizon" and shut trades down. Recent fairly cunning i0coin run-in managed to get around that, though

well, first the guy got the bitcoins and THEN revealed his longer chain that invalidated the older spends

so it doesn't help

[doublec]

well, first the guy got the bitcoins and THEN revealed his longer chain that invalidated the older spends
so it doesn't help

Right, this is what happened. If you want to centralize around the exchange one thought I posted in another thread is have the exchange broadcast to the network the checkpoint for blocks when it confirms a deposit to the exchange database. Nodes then accept this message as a 'lockin' checkpoint. Expanding this to multiple exchanges might be wanted but in the 'one true exchange' case it'd work.

[Lolcust]

I am far from being a Real Programmer, but I have a sort of hunch that various "dynamic lockins" (be they timestamp-based or "magical transaction" based) could open a rather large can of net-scale DoS worms.

Just a bellyfeel, unsupported with code or evidence.

[doublec]

I am far from being a Real Programmer, but I have a sort of hunch that various "dynamic lockins" (be they timestamp-based or "magical transaction" based) could open a rather large can of net-scale DoS worms.

I don't see how an exchange sending out a signed transaction containing a checkpoint to nodes is any different from a coin creator regularly updating the client with a checkpoint and asking for clients to upgrade. The advantage with the former is it's automatic and nodes upgrade automatically.

[OneMINER]

I think that is a very bad idea. Why should I trust exchange operators? Because they are in business and hold coins? That doesn't qualify them to control an aspect of a crypto coin. Which exchange operators would we trust? What if the exchange got hacked and the key stolen? A thief would know who to target to get the key and exchanges are already juicy targets. What if an exchange is sold? Then the buyer(s) gets to do what they want with the chain?

No thank you sir.

I mean no offence by this.

[doublec]

I think that is a very bad idea. Why should I trust exchange operators? Because they are in business and hold coins? That doesn't qualify them to control an aspect of a crypto coin. Which exchange operators would we trust? What if the exchange got hacked and the key stolen? A thief would know who to target to get the key and exchanges are already juicy targets. What if an exchange is sold? Then the buyer(s) gets to do what they want with the chain?

Right, there are problems to resolve. But this is for the specific case of low hash rate chains. It's trust the central authority to provide lockins or have coins stolen by block chain rewriters.

[2112]

Which exchange operators would we trust? What if the exchange got hacked and the key stolen?

It would need to work like the current "certificate storage" in the web browsers. You would put the "public key" for the exchange that holds your coins into your client. If they get hacked you could read about it in the news and remove the key manually, without having to wait for the developer to change anything.

The main obstracle is that this would be a rather complex piece of software, with nontrivial effort required to develop it. But I think this will need to be developed sooner or later, probably as an offshot of libbitcoin.

[OneMINER]

I'd like to see merged mining in both GPU and CPU chains. You don't have to trust anybody and your hash rate goes through the roof. It will mess with the exchange rates but that will get ironed out in the end.

I really see merged mining as a win win.

[Red]

Why should I trust exchange operators?

Which exchange operators would we trust?

What if the exchange got hacked and the key stolen?

Understandably, from the point of view of *coins as crypto-anarchist currencies, this would seem initially distasteful.

However, it is important to note that it *never* makes sense for two different exchanges to trade on different forks. They will always have to take a break from trading to determine which is the correct fork to continue trading on.

Otherwise, forking effectively doubles the number of coins in existence. Bitcoin hoarders pray for that to happen. It never will. Imagine if the chain forked and Euros traded on one branch and Dollars on the other. I could sell my pre-fork coins once for Dollars and again for Euros. Woot!

Not going to happen.

So the reality is, if you chose to continue the fork without the exchanges. You are in the same boat. You have just create a new currency pre-distributed to everyone who also owned *coins before the fork. That is just bad business. You would deserve what you get.

If an exchange got hacked and tried to fork the chain, all the other exchanges would notice, stop, and gather together to repeat the above exercise. Most likely the hacked exchange would be forced back to the consensus branch and be required to repair any client damage. Otherwise they would be bankrupted and sued.

It is an ironic fact, that even in crypto-anarchist currencies, there is a center of the universe. For Fairbrix at this moment, it is michaelmclees. Later it will be the exchanges.

[michaelmclees]

I am not the center of the Fairbrix universe in any way that I'm aware of.

[Red]

At some point, someone with significant power attacked the chain, forking it, and invalidating everyone else's coins.  And here we are.

I expect a better release, under a new name to come.  It will be properly tested and released to thwart potential attackers.  Stay tuned.

You declared the improper forking. You are coordinating a "better release" that everyone will be required to adopt. I'm not sure which fork your release blesses, but your team got to make that decision. As Larry Lessig is fond of saying, "Code is Law".

That is all I mean by center of the universe.

[Lolcust]

I am far from being a Real Programmer, but I have a sort of hunch that various "dynamic lockins" (be they timestamp-based or "magical transaction" based) could open a rather large can of net-scale DoS worms.

I don't see how an exchange sending out a signed transaction containing a checkpoint to nodes is any different from a coin creator regularly updating the client with a checkpoint and asking for clients to upgrade. The advantage with the former is it's automatic and nodes upgrade automatically.

From the top of my graphic-designery meatbrains (so likely a very measly attack), let's consider a situation with 2 exchanges (not implausible), one of which is under attacker's influence (knowingly or not).

Exchange 1 "blesses" block No X on "legit" chain

Exchange 2 transmits a blessing for same block number ("X"), but on a chain synthesized by the attacker.

Attacker then "reveals" his blockchain, and it is "longer" (in the "sum of work" sense, of course)

How does system respond ?

[doublec]

How does system respond ?

My idea doesn't cover multiple exchanges. It would only work with one. More thought would be needed to extend it to other exchanges if needed. This is what I meant by centralizing around the exchange. So for the 'one true exchange' idea I'd see one order book managing deposits, withdraws and orders. This is the entity doing the checkpointing. Perhaps other 'exchanges' use an API to access the order book and provide functionality on top.

[Lolcust]

How does system respond ?

My idea doesn't cover multiple exchanges. It would only work with one. More thought would be needed to extend it to other exchanges if needed. This is what I meant by centralizing around the exchange. So for the 'one true exchange' idea I'd see one order book managing deposits, withdraws and orders. This is the entity doing the checkpointing. Perhaps other 'exchanges' use an API to access the order book and provide functionality on top.

Well, I suspect that the community would treat actual deployment of God-Emperor Exchange even less warmly than it treats large "future development/exotic laundry" premines.

Though I think that Ixcoin could do that with relatively little public relations issues... Maybe we should propose that to the fakepanese guy ?

[coblee]

How does system respond ?

My idea doesn't cover multiple exchanges. It would only work with one. More thought would be needed to extend it to other exchanges if needed. This is what I meant by centralizing around the exchange. So for the 'one true exchange' idea I'd see one order book managing deposits, withdraws and orders. This is the entity doing the checkpointing. Perhaps other 'exchanges' use an API to access the order book and provide functionality on top.

Well, I suspect that the community would treat actual deployment of God-Emperor Exchange even less warmly than it treats large "future development/exotic laundry" premines.

Though I think that Ixcoin could do that with relatively little public relations issues... Maybe we should propose that to the fakepanese guy ?

Well, I'm interested in doing this for Fairbrix. I don't think the community would hate this. With a new currency, you only send coins to the exchanges anyways. So it's not unreasonable for the exchange's view of the chain to be the "right" one in order to prevent an attacker from screwing over the exchange. I'm sure we can come up with things to limit what the exchange can do.

Here are some possible bad things the exchange can do:
- Run its own miners and only accept blocks produce by its miners, thereby reaping all the mined coins
- Do a double spend against its own users. After a user withdraws FBX, the exchange can lock in an different block and reverse that pay out
- Totally kill the chain by locking in a bad block

Somethings we can do is to have the ability to undo a lock. Maybe a kill switch for this block locking functionality. And if the exchange really misbehaves, people will stop using it, and I can always release a new client without this code.

[ewibit]

is there somewhere a stats page for FBX?

[Adamlm]

I don't think so as this coin is considered dead or almost dead.. But it's still possible to connect to FBX network

[markm]

It is still running, serving like BBQcoin used to as a nice quiet low difficulty chain where people who do not have GPUs can pick up coins month after month using their CPUs.

Tenebrix is also still serving that same purpose.

BBQcoin no longer serves that purpose because after a good long run - a year or so maybe, maybe a little more or less - of CPU mining the GPU miners "re-discovered" it and drove its difficulty too high for CPU miners, it went to the exchanges (which alone would have brought it to the GPU miners' attention) and now the CPU miners who mined it all those months get to cash out on it while continuing to quietly CPU-mine Fairbrix and Tenebrix.

-MarkM-