Author

Topic: [ANN][Prelaunch][Feedback] RentAHash (Read 7291 times)

legendary
Activity: 922
Merit: 1003
April 24, 2013, 05:00:08 PM
#10
With your last point I cannot disagree; I would have come to the exact same conclusion in your position. If in a year this has fizzled out and died, and I have been proven merely yet another incompetent teenager with too-high aspirations, you will have full right to say I told you so. That said, I do intend to prove you wrong.
I'll be watching. And thank you for the discussion; I've always found your posts to be quite insightful and deserving of respect.
Cheers.
hero member
Activity: 560
Merit: 500
Ad astra.
April 24, 2013, 02:32:46 PM
#9

The problem is not at all constant hashrate. Let's consider an example to understand this better. You have Internet installed on a new computer. If the computer is connected to the internet it may be difficult to guarantee that at each and every moment BW usage is a specified figure, 1Mbps or 50Kbps or w/e.

What interests however is not this but a means to - provably - deliver this many bytes. If person X buys 1 Thps what he wants and what he should get is a total number of 1000000000000000 hashes. That these are delivered over half an hour or half a minute is less relevant.

The problem is that there's no real way to prove you've in fact delivered these.

Oh, I see - excuse my moment of hopefully temporary stupidity. I agree; without changing the underlying protocol structure, there is no concrete record of a hash being checked. One could look at the submitted nonces - but then you'd have to have control over miner code to ensure accuracy. I suppose I could write a custom miner, but any trust-independent verification procedures I can think of at the moment would require the purchaser to compute the hashes on their own, which rather renders the appeal nonexistent. A problem indeed. I'll take a look at SHA256 internals - it's possible something could be found there, though again it seems likely that completely unforgeable verification would require computation of the hashes by the verifying party, but worth checking out at least.
hero member
Activity: 560
Merit: 500
Ad astra.
April 24, 2013, 02:07:31 PM
#8
As a miner, I leased shares to GPUMax. After its collapse, HashPower sprang up and I used it for a while. It had a few problems which turned out to be fatal: the hashes 'leased' to it did not earn transaction fees or merged mining income; it did not support stratum or GBT or vardiff, which lead to a significant increase in stales; the stability of the service wasn't where it should have been; and the percentage of time when leasing was actually available was quite small.

Txn-fees/merged mining income concerns are a non-issue in a competitive open market; these would be factored into the purchase price of shares. RAH will support GBT, Stratum, and Vardiff. Stability, of course, I cannot guarantee, but wait and see. Leasing would be, essentially, always available - the price would be set by the market, not us.

So you asked for feedback, and you now have mine.

And I thank you for it!

I would ask this: What makes you think resurrecting a similar service would fare any better? As TradeFortress pointed out, in today's ecosystem there really isn't any compelling reason for people to buy shares at above market rates. At least not significantly above. And that puts a tight limit on what price such a service can offer to miners who are currently happy with their merged mining income, transaction fee inclusion, and low stales.

Honestly, because I think no one has done it particularly well yet, and because I think many of the problems faced with these services were tactical rather than strategical. I used GPUMAX; it was atrocious. 10% fee, nonsensical pricing algorithms, unusable interface, the list goes on. HashPower I haven't used extensively, but my impressions seem to be corroborated by yours.

As much as I would love to sell my hashing power at 110% PPS to a stable service, the realist in me is saying that will not happen. It's been tried before and hasn't proven itself to be sustainable.

With your last point I cannot disagree; I would have come to the exact same conclusion in your position. If in a year this has fizzled out and died, and I have been proven merely yet another incompetent teenager with too-high aspirations, you will have full right to say I told you so. That said, I do intend to prove you wrong.
hero member
Activity: 756
Merit: 522
April 24, 2013, 02:06:19 PM
#7
but a guarantee of constant hashrate over any significant time period would be much harder (a 100% guarantee would be impossible without personal hardware backing) - still, I'll look into it, and again thanks.

The problem is not at all constant hashrate. Let's consider an example to understand this better. You have Internet installed on a new computer. If the computer is connected to the internet it may be difficult to guarantee that at each and every moment BW usage is a specified figure, 1Mbps or 50Kbps or w/e.

What interests however is not this but a means to - provably - deliver this many bytes. If person X buys 1 Thps what he wants and what he should get is a total number of 1000000000000000 hashes. That these are delivered over half an hour or half a minute is less relevant.

The problem is that there's no real way to prove you've in fact delivered these.

Frankly, I'm not sure there would be any significant demand for this type of service. Perhaps in the past, but not any longer.

If he manages to solve the delivery problem he can actually use this platform to create a hash future on MPEx, which would certainly be a great market on the mid and long term (because it allows people to hedge an array of risks that are otherwise unavoidable). See this discussion for a little more on that subject.
hero member
Activity: 560
Merit: 500
Ad astra.
April 24, 2013, 01:36:52 PM
#6
The password issue on the other hand is dubious, as many things can happen to a password and there's fundamental problems with the website "login" model that make it impracticable for actual secure applications. Perhaps consider that the people buying hash power are already computer savvy and instead of passwords, use a pgp based system to communicate their orders to the system? At the very least as a backstop measure you could keep everything as is and add a requirement that all orders over X value have to get signature verification (perhaps something like gribble's security model: site spits out a string, user must paste the decoded result somewhere - this can be done with address signatures too). The problems around making X user-settable are left as an exercise to the reader.

I'm not sure I completely agree with your assumption of PGP-savviness, but I certainly agree that PGP verification would be superior to password-based authentication, and it would make implementing a user-accessible API, which I wanted to do anyways, far less of a security risk. It would reduce accessibility somewhat, but the more people who learn how to use PGP the better, and anyways, I'm sure the 80-20 rule applies here. This is extremely useful, thank you.

Finally - the one point of actual interest. A huge problem for the BTC financial sector is that there's no real way to deliver hashing (in the way that one can deliver say 1 kg of gold). If you can come up with a way in which you can verifiably deliver X Ths (that's Terrahash-seconds, just like Joules ie watts-second) to an arbitrary beneficiary MP would be very interested to hear all about it.

Hmm. Without sacrificing direct real-time user control of share destination, this may be difficult - an estimate of likely received hashing power would be possible, as well as real-time statistics, updates, and control, but a guarantee of constant hashrate over any significant time period would be much harder (a 100% guarantee would be impossible without personal hardware backing) - still, I'll look into it, and again thanks.

legendary
Activity: 922
Merit: 1003
April 24, 2013, 01:19:53 PM
#5
Frankly, I'm not sure there would be any significant demand for this type of service. Perhaps in the past, but not any longer.

As a miner, I leased shares to GPUMax. After its collapse, HashPower sprang up and I used it for a while. It had a few problems which turned out to be fatal: the hashes 'leased' to it did not earn transaction fees or merged mining income; it did not support stratum or GBT or vardiff, which lead to a significant increase in stales; the stability of the service wasn't where it should have been; and the percentage of time when leasing was actually available was quite small.

HashPower has been around for a while; it started strong but didn't have staying power. Eventually, people (both buyers and sellers) stopped using it and it dried up. Even after several months of operation, its aggregate hashrate varied between only 25Ghps and 75Ghps. Rarely would you see it significantly above 100Ghps. This shows not many miners were using it. And towards the end, there was hardly any leasing going on at all which suggests that the market for 'buyers of leased shares' had pretty much dried up. The service seems dead now, I just checked.

So you asked for feedback, and you now have mine.

I would ask this: What makes you think resurrecting a similar service would fare any better? As TradeFortress pointed out, in today's ecosystem there really isn't any compelling reason for people to buy shares at above market rates. At least not significantly above. And that puts a tight limit on what price such a service can offer to miners who are currently happy with their merged mining income, transaction fee inclusion, and low stales.

As much as I would love to sell my hashing power at 110% PPS to a stable service, the realist in me is saying that will not happen. It's been tried before and hasn't proven itself to be sustainable.
hero member
Activity: 756
Merit: 522
April 24, 2013, 01:06:52 PM
#4
Other than gpumax there's also Hash Power or something like that (run by ukyo here, ukto on #bitcoin-assets).

1) All user data is completely immutable from creation. No one can hack your account and withdraw to a different address, simply because it is impossible to change the withdrawal address of an account.

This is a very good idea. I wish more people would understand the benefits of immutability and deploy it to everyone's benefit. MPOE uses it for the bonds, BitBet uses it for all the bets, it's a good way to increase solidity of your system. That you had the sense to notice/apply this makes the entire 17yo discussion somewhat irrelevant - plenty of (in their mind) adults are slower than that.

The password issue on the other hand is dubious, as many things can happen to a password and there's fundamental problems with the website "login" model that make it impracticable for actual secure applications. Perhaps consider that the people buying hash power are already computer savvy and instead of passwords, use a pgp based system to communicate their orders to the system? At the very least as a backstop measure you could keep everything as is and add a requirement that all orders over X value have to get signature verification (perhaps something like gribble's security model: site spits out a string, user must paste the decoded result somewhere - this can be done with address signatures too). The problems around making X user-settable are left as an exercise to the reader.

Finally - the one point of actual interest. A huge problem for the BTC financial sector is that there's no real way to deliver hashing (in the way that one can deliver say 1 kg of gold). If you can come up with a way in which you can verifiably deliver X Ths (that's Terrahash-seconds, just like Joules ie watts-second) to an arbitrary beneficiary MP would be very interested to hear all about it.
hero member
Activity: 560
Merit: 500
Ad astra.
April 24, 2013, 05:52:03 AM
#3
I'm curious why someone would want to buy hashpower in the first place, other than (i) money laundering, (ii) double spending, (iii) pool hopping.

RAH could be used for money laundering, but there are far cheaper and easier ways to do so. Pool hopping is likewise possible, though I don't think it's particularly profitable these days as most major pools are hopping-proof. Double spending I've addressed above.

I can think of quite a few reasons to purchase hashpower:

  • Pool testing / launching (especially with a non-PPS pool, initial "seed" hashpower is usually required)
  • Merged mining (i.e., purchase shares at a pool performing merged mining, receive profits in the form of alt coins)
  • "Betting" on returns - purchase shares at a variable share-payrate pool (e.g. PPLNS) in the hopes of making a profit

Most of all, though, RAH is designed to simply enable more efficient market competition. At the moment, there's a fairly large gulf between pool PPS rates - up to a few percentage points in some cases.
vip
Activity: 1316
Merit: 1043
👻
April 24, 2013, 05:20:50 AM
#2
I'm curious why someone would want to buy hashpower in the first place, other than (i) money laundering, (ii) double spending, (iii) pool hopping.
hero member
Activity: 560
Merit: 500
Ad astra.
April 24, 2013, 01:27:57 AM
#1
I'm excited (and a bit terrified) to announce the upcoming launch of RentAHash (RAH), an intermediary system designed to connect buyers and sellers of hashing power in a manner efficient and safe for both involved parties and the chief consumer of my Friday nights over the past few months. Think GPUMAX, just less sucky and not run by a $5M USD Ponzi operator.

First, a disclaimer:

I am a legal minor (age 17). Some members here, for reasons I do not entirely disagree with, prefer to avoid conducting business with minors. My age is neither a hindrance nor an excuse, but if you wish to avoid RAH because of it, let this serve as fair warning. If you have legitimate concerns with my ability to successfully execute a project such as this due to my age, by all means, let me know, but otherwise I have no desire to debate or argue over this.


This community being what it is (40% ex-SA trolls, 30% clueless idiots, 10% intelligent assholes, 10% blatant scammers, 5% psychopaths, 2% bored college kids, 2% eccentric entrepreneurs, 1% Phinneaus Gage, and 1% people who can't count), I think I'll somewhat reverse the usual marketing strategy and start off by attempting to convince you that I fall into whichever of those categories you find least objectionable.

When GPUMAX launched, quite a few prominent members of this community expressed concern over the danger this kind of service could pose to the network. Mike Hearn put it best upon the launch of a similiar service "Hashpower" a few months ago:

Please do not sell hash power like this.

Services like Hashpower and GPUmax are fundamentally bad for Bitcoin. They decrease the security of the network and increase the risk of double spends. They are inherently against the basic design of Bitcoin which is that by mining, miners express their support for a particular chain. By selling your hash power to anonymous miners who may or may not be doing things you would agree with, you make it radically easier to mount an attack on the network.

If the owners of hashpower.com were here, I would ask them to shut their service down. But as they aren't, I will ask you to boycott it instead.

Never forget that mining is voting. It is not just a way to make a quick buck. If you sell your shares you are selling your votes.

While I agree with most of Mike's excellent points, I actually think that this kind of service will help, not hinder, the network. Moreover, I think may even be necessary for the network. Crazy? Perhaps, but hear me out.

First, to address Mike's concerns:

Security risks associated with "anonymous" miners:

RentAHash is pseudononymous much as Bitcoin is. While usernames, IPs, and other such potentially identifying information are not public, the current active clients (share purchasers) are publicly displayed (connection information, name if applicable) along with the approximate amount of hashpower being directed their way. Miners, if they so wish, can limit their share destinations through their choice of either a whitelist or blacklist (default-deny/default-accept). Whether they choose to do so or not, no one can "secretly" purchase hashpower through RAH, just as no one can "secretly" send bitcoins.

Risk of double-spends:

RentAHash limits any individual client to approximately 5% of the current total network hashrate (clients are manually reviewed upon submission to ensure no duplication or proxying takes place). Once a running order has reached this speed, the system automatically adds another order with a different client running in parallel to the first. This continues indefinitely as required; order parallelism is unlimited (the backend algorithm is a bit more complicated, but this is essentially what happens).

"Selling votes":
This is true for RAH just as it is true for pool mining. You take a risk by selling your shares to any potentially untrustworthy entity in return for the reward of increased revenue. If you can realistically solo mine, I encourage you by all means to do so. Most of us, however, don't have that ability. RAH minimizes this risk as much as possible by allowing you full control over where your shares do or do not go. You can use whitelist (default-deny) filtering, blacklist (default-accept) filtering, or no filtering if you should so prefer.

Now, some benefits:

The myriad of pools, protocols, reward division methods, fee structures, share difficulties, and the like is intimidating and confusing, especially for those new to Bitcoin. RAH gets rid of nearly all of this.

Ease of connection:

To mine at RAH, all one need do is register for an account, enter a URL into their miner, and press enter.

Simple, understandable fees and payment:

Fees are 2% flat globally and applied to clients (share purchasers) only, miners need not deal with them at all. Payment is simple PPS, tracked and visible sitewide.

Competitive, open market:

Clients bid for shares; the client (or clients, if multiple orders are running) with the highest bid at any given time receives shares. All relevant market data is completely public. (read: fancy statistics and pretty charts)

Share difficulty independence:

Shares are tracked, purchased, and paid for on a difficulty 1 equivalent basis; though difficulty is set by the client in question, miners need not understand or deal with it at all.

Protocol conversion:

We support all three major protocols (Getwork, Stratum, and Getblocktemplate), and convert between them when possible. Neither miners nor clients need concern themselves with this. Clients set the order protocol at time of purchase, miners connect with whichever protocol they prefer. Our system handles all the rest.

Security:

No system is impenetrable, but we try to approach as close to that asymptote as possible through systemwide default deny, multiple safeguard levels, automated monitoring, and frequent penetration testing.

A few specifics to note:
1) All user data is completely immutable from creation. No one can hack your account and withdraw to a different address, simply because it is impossible to change the withdrawal address of an account. (The only exception: If you absolutely need to, you can sign a password change request with the Bitcoin address registered when you created your account, though this is intended only for emergency use.)
2) Emails are never required or used. To access your account, an attacker must possess both your username and password. To actually steal money from it, they need your username, password, and private key, in which case you're probably screwed anyway. (Constructing arbitrary-high PPS value orders to quickly empty an account is, however, possible; there is no easy way to prevent this. Though our automated monitoring system should theoretically flag the order for manual inspection and shut it down, we highly recommend that you keep your password safe. If password security is an recurring issue for you, I recommend a password manager such as KeePass)
3) We have an active bug bounty of value proportionate to the severity of the exploit. If you find one, let us know - we'll pay you, no questions asked.

And lastly, why is it necessary?

In short, Bitcoin is transitioning from the plaything of early adopters with deep pockets to a serious contender in the financial scene. We just recently hit a $1 billion market cap. Especially with recent fiascos in the EU and general global economic instability, this currency is attracting interest from more than just the far reaches of the early adopter side of the bell curve. With that comes popularity, soaring prices, and optimistic predictions, but also danger. So far, we've been hit with a few psychopath Ponzi operators, many less prominent scammers, a few private key thefts, and a handful of network exploitation attempts. Nothing even near catastrophic. I suspect that, no matter what measures I implement, some hacker cleverer than I will probably attempt to use RAH to implement a double-spend attack. Better the network face that now, in a protected, monitored, limited, and easily terminatable enviroment, rather than when a major government decides Bitcoin is a thread, invests a few million in ASICs, and brings the network to its knees in a matter of hours.

All the above said, the last thing I want to do is hurt, whether directly or otherwise, the Bitcoin network and by extension Bitcoin itself. I'd appreciate any thoughts, concerns, criticism, or comments you'd be gracious enough to send my way. And if RAH ever becomes a serious threat to the network, I will shut it down immediately, regardless of personal cost.

The site is mostly built; I'm putting on a few final touches and running a smorgasbord of tests at this point. Launch will probably happen in a few weeks, assuming nothing goes awry. I put this thread up in an attempt to garner useful feedback, suggestions, concerns, comments on my personal hygiene, large-font trolling, stupid youtube links, etcetera.

Fire away!
Jump to: