Pages:
Author

Topic: Antbleed: A remote shutdown backdoor in antminers - page 3. (Read 8124 times)

legendary
Activity: 1204
Merit: 1028
Just block the function by the method which OP provided and end of story, I wonder if someone could actually opens a backdoor in their backdoor and shuts down their miners?
It's just like microsoft, they have backdoors in their software, firmware in windows 10 which runs in the back ground and bypasses the user's settings.
How? while you are on metered connection it disconnects your wifi and doesn't allow you to connect until you plug the cable and then it starts to auto update and automatically removes the metered connection ticker no matter what you do it will update the windows.
But shutting down remotely? that's too much extreme.

This is bitcoin, supposed to be the pinnacle of open source development, anything that resembles windows is a disaster. Collecting data, remotely shutting down mining machines and so on, shouldn't be tolerated, it shouldn't even be an option. Everyone in mining should be boycotting bitmain. If I had the money I would start a mining business that guarantees those things will never be possible because it will be hardcoded to never collect data and never take any remote orders finding a way to isolate all the stuff that doesn't need to be shared over the internet.
sr. member
Activity: 254
Merit: 1258
Looks like your shouting racism to avoid discussion, if you think the fact that Bitmain is Chinese isn't relevant you're crazy.

what if i told you most of the hardware was in places like mongolia..
thats like saying something canadian is american...'cos its north america'

what if i told you mining hardware is also in other places like georgia iceland etc
what if i told you jihan is just one person that cannot be at multiple farms at once.
what if i told you that jihan doesnt control 70% of hardware.

i shouted the racism card once.. yet everyone else shouted shill or insult in many post..
but i can yawn off all the people that can only reply "wrong coz ur a shill" without actually addressing the context with anything meaningful


I know my regions of China and I know exactly what Johan does it's obvious, he turns entire villages into employees and makes them dependent on him, China has 91 ethnic minorities and most of them are extremely poor,  all he needs to do is find the villages that are close enough to cities and can either extended internet and build warehouses or bring them to cities. This means he's going to stick to most northern China just due to climate but also due to the tier ranking cities there are a lot more tier 3 cities up north if I remember correctly. (Though I think it's Guiyang that is the poorest and that's down south) This means Jihan can get entire communities dependent on him for cheap, if I an American know this there is without a doubt this if not being the case has been taken into consideration. When it comes to mining hardware in other locations anything in Europe is not even close to comparable due to their higher electric cost, their tax rates, the quality control, regulations and labor cost. It's not even comparable and silly to not be conserned, the only nations that could shift it would be more Asian countries like India but the temperature and converting their factories to more technology industry would cost more.
hero member
Activity: 588
Merit: 541
Just block the function by the method which OP provided and end of story, I wonder if someone could actually opens a backdoor in their backdoor and shuts down their miners?
It's just like microsoft, they have backdoors in their software, firmware in windows 10 which runs in the back ground and bypasses the user's settings.
How? while you are on metered connection it disconnects your wifi and doesn't allow you to connect until you plug the cable and then it starts to auto update and automatically removes the metered connection ticker no matter what you do it will update the windows.
But shutting down remotely? that's too much extreme.
legendary
Activity: 4424
Merit: 4794
I know my regions of China and I know exactly what Johan does it's obvious, he turns entire villages into employees and makes them dependent on him


lol now your exaggerating
it only needs maybe 5 people to run and maintain a mining farm. 2 during day 2 during night and a fifth person to cover any sickness or breaks. .. not "entire villages".

also i hav travelled to many countries and have seen how media try to make anything not western to seem like cave dwellers
EG photo's of africa of mud huts
EG photos of mongolia as temples and monks
EG photos of thailand as clear water oceans with funny shaped inhabitable land masses poking out the water.

yet the reality is different. mongolia for instance is very industrialised and has for the last few decades been developed very quickly, i hope you can see passed the idea of monasteries and monks and poor people in rice fields.
P.S i dont even donate to oxfam because i have seen how they waste funds and how the reality of africa works


, China has 91 ethnic minorities and most of them are extremely poor,  all he needs to do is find the villages that are close enough to cities and can either extended internet and build warehouses or bring them to cities.
This means he's going to stick to most northern China just due to climate but also due to the tier ranking cities there are a lot more tier 3 cities up north if I remember correctly. (Though I think it's Guiyang that is the poorest and that's down south) This means Jihan can get entire communities dependent on him for cheap,


the amount of internet traffic is very low for asic farms. infact the only data needed to be transmitted in is literally a couple hashes.. and a difficulty requirement. and then ~10 later a solved hash. everything else is just done locally. not over the internet
remember ASICS have no hard drives and dont need to see tx/block data. all they need is the hash. which can be handed to them remotely from stratums around the world. and then everything else is then local.

It's not even comparable and silly to not be conserned, the only nations that could shift it would be more Asian countries like India but the temperature and converting their factories to more technology industry would cost more.


again you have not looked deep enough. iceland, north canada, georgia etc. oh and a couple other places in eastern europe/slavic regions


as for you and others screaming that im a shill or only defending X. is more narrow minded
i simply look at the big picture. and i am not pigeon holed into blindly supporting anyone.
i have no need to kiss anyone asses. in my eyes dvs are temporary. so no one should rely and depend on any particular dev. the sooner the software can support itself dynamically via user settings and then finding network consensus without dev spoon feeding. the better

one minute im being called things for supporting A, then B, then C , then D... much simpler explanation is that i simply dont support z

arguing endlessly
"this guy doesnt support Z and has been seen to not care about A means he is shil for A"
"this guy doesnt support Z and has been seen to not care about B means he is shil for B"
"this guy doesnt support Z and has been seen to not care about C means he is shil for C"
is silly. maybe because i see A, B, C as temporary drama which has been exaggerated by Z into trying to make A,B,C look bad just to pressure Z into being blindly followed. where by attacking A,B,C,D,E is simply doing the opposite of holding a
open diverse decentralised peer network.
copper member
Activity: 1330
Merit: 899
🖤😏
Could it be there out of the goodness of heart to give their cloud mining clients the possibilities such as checking the status of their rented miners remotely and knowing there is actually a miner working and giving them freedom over their rented miners? but then home miners are home miners not cloud mining contractors so why the hell did they also include the code on their sale which were shipping out?

But seriously these little fuckers are worse than c-i-a and nazis lol they have total control and centralization in their back pocket.
legendary
Activity: 1806
Merit: 1024
You know I really think that people being shills is extremely blown out of proportion but when there is so much money being spent to prop up BU and how ridiculous these post are getting I'm starting to definitely believe shilling is happening.

It's not out of proportion. Roger Ver pays 30 (+X ?) people to spread his propaganda.

There are huge economic interests at stake for these people.

ya.ya.yo!
legendary
Activity: 1806
Merit: 1024
I'm not an expert like franky1 or Lauda, but it certainly sounds serious to me. [...]

franky1 is not an expert. He is simply a paid shill. Now he is endorsing obvious fraud by Jihan Wu (Bitmain). So he seems to have criminal aspirations as well.

I didn't say their behavior is benevolent. I said they fucked up, meaning it was stupid of them to leave this backdoor in there, although clearly their intent was not malicious. [...]

The probability that the Antminer backdoor was implemented without malicious intent is exactly ZERO.

ya.ya.yo!
legendary
Activity: 2674
Merit: 3000
Terminated.
what if i told you most of the hardware was in places like mongolia..
thats like saying something canadian is american...'cos its north america'
What if I told you that you're a hypocrite? You don't have any source to back this up and I know it (yet you keep asking for sources).

what if i told you jihan is just one person that cannot be at multiple farms at once.
He can most certainly run several farms.

what if i told you that jihan doesnt control 70% of hardware.
He has produced 70% of the hardware.

1. BU miners have already threatened to attack and destroy the non-BU chain after a split, this is documented
Correct.

2. BU miners under Bitmain lead, have ASICBOOST, so they can invoke a 30% gain at any given time, on their own miners
This is partially correct. You're overestimating. ASICBOOST can save about ~20% in energy costs. However, at current profit margins of ~1% that translates to a ~2000% increase in profits.

3. Now Antbleed has been revealed; a method that, until 48 hours ago, could have been used to destroy everyone elses Antminer on the planet at their discretion
Any Antminer that is not behind a 'disallow by default' firewall (which is very uncommon for home miners).
sr. member
Activity: 378
Merit: 250
Bitmain fucked up, with no malice as is revealed by the open nature of their code on github. Malware writers do not publish their code for the whole world to see.
This is a false conclusion fallacy. Just because they have published their code on GitHub that premise does not in any way follow to a logical conclusion of benevolent behavior. The backdoor exists in all miners, and can be exploited by malicious actors. Whether that actor is going to be Bitmain or someone else is not of high importance.

I didn't say their behavior is benevolent. I said they fucked up, meaning it was stupid of them to leave this backdoor in there, although clearly their intent was not malicious. They admitted it was stupid of them and every BU supporter should acknowledge the same. This failure does not make Segwit better from the investing standpoint. Core supporters can spin this any way they like, but the fact is Segwit does not suddenly become our savior because one man on the competitor team screwed up.

From the investing standpoint BU, Segwit are too controversial changes to bring to a safe haven crypto. If Bitcoin is willing to lose its safe haven status, I am afraid it will become not relevant much sooner than if it kept the status quo.
legendary
Activity: 1834
Merit: 1094
Learning the troll avoidance button :)
Reading the patch thread the remote kill is needed if someone confiscates the mining units or steals em.
Seems a bit overkill though but in the name of coin security someone would appreciate the feature and phone home does the job.
The problem I have with this explanation is that the way the kill switch was implemented is way more complex and convoluted than it needs to be. It sounds like what they had done was fully implemented the feature but not the rest of the service they were going to provide, but they implemented this feature in such a weird way. The phone home code sets a global variable which is then read by another completely unrelated thread which sets another global variable which is what then actually does the mining shutdown part when the machine requests work. That is just way more complicated than it needs to be. The full feature could have just been implemented in the same function that they wrote for the phoning home, but instead it sets global variables used by other functions and threads.

I tend to imagine a meme whenever someone codes a convoluted means to solving a puzzle. Of course this one was an incomplete version of it so maybe it was just global for testing and forgotten but as you pointed out there are better ways to get the cogs set up.



Then there is what they teach people in school
"Commenting is the "art" of describing what your program is going to do in "high level" English statements."
(With a slight snicker to anyone that can say that with a straight face to a room of coders)
http://www.cs.utah.edu/~germain/PPS/Topics/commenting.html

But usually code just follows the easiest route which is using global vars to test it out and in this case presumes the other person can just magically use interpretation to figure what it all does. Hence Open-Source code.

"The controversy around this code has brought our attention to improve the design in order to address vulnerabilities that were pointed out by the community recently."

All in all looks like a lesson in beta-testing has occurred another good day in Development land ^^.


I can see why they would be pissed with the Chinese group for running the miners and wanted to brick them all remotely. Now it all makes sense ^^. That kill-switch is a don't tread on me flag and nuclear revenge button all in one.

(Nice find its in Cbc Beta too)

___
"In 2017, Bitmain’s own miners were withheld and sold without its consent in Canada." (Bitmain mini-note)

(Neither Bitmain nor Great North Data is doing interviews, but their lawyers both issued statements.

Daniel Simmons, the lawyer representing Great North Data, noted in an email to CBC News that the company "continues to carry on business as usual without interruption at its facilities in Labrador."

Meanwhile, Megan Taylor, who represents Bitmain, says her client "has no direct knowledge of the current status of their equipment," and Great North is no longer hosting for Bitmain.)

--
As an aside I never put together the place the Vikings visited on Discover Canada ad's and the great powerful hashing of Bitcoin but that's not a bad way to boost the economy of the New Fy's besides offshore drilling, as long as you find the right partners the wheels will keep chugging on the Bitcoin economy.
http://www.cbc.ca/news/canada/newfoundland-labrador/data-storage-bitcoins-western-labrador-1.3694238
donator
Activity: 1414
Merit: 1051
Spondoolies, Beam & DAGlabs
staff
Activity: 3458
Merit: 6793
Just writing some code
Reading the patch thread the remote kill is needed if someone confiscates the mining units or steals em.
Seems a bit overkill though but in the name of coin security someone would appreciate the feature and phone home does the job.
The problem I have with this explanation is that the way the kill switch was implemented is way more complex and convoluted than it needs to be. It sounds like what they had done was fully implemented the feature but not the rest of the service they were going to provide, but they implemented this feature in such a weird way. The phone home code sets a global variable which is then read by another completely unrelated thread which sets another global variable which is what then actually does the mining shutdown part when the machine requests work. That is just way more complicated than it needs to be. The full feature could have just been implemented in the same function that they wrote for the phoning home, but instead it sets global variables used by other functions and threads.
legendary
Activity: 1834
Merit: 1094
Learning the troll avoidance button :)
https://blog.bitmain.com/en/antminer-firmware-update-april-2017/

Patched.

I think this is just one of many unintentional holes out there waiting to be found. One day something will be uncovered by someone who's only out for the lulz.

Reading the patch thread the remote kill is needed if someone confiscates the mining units or steals em.
Seems a bit overkill though but in the name of coin security someone would appreciate the feature and phone home does the job.

We will continue the development of this feature to provide a technical protection for mining rig owners to host their miners in remote locations. We will add a switch to this feature, and this switch will be closed by default.

As long as someone bothers to read the code the feature sounds decent enough sum up steal my miner I brick it lol, kind of sounds like a douche thing a reseller could do to someone depending on how it is used though.
sr. member
Activity: 254
Merit: 1258


all i read is racial slurs against a country.
now to the real debate BITCOIN network code
long term view not temporary drama that is forgotton about after minutes/days

think about the big picture
Looks like your shouting racism to avoid discussion, if you think the fact that Bitmain is Chinese isn't relevant you're crazy.
legendary
Activity: 3512
Merit: 4557
Am I paranoid again?  Huh

No you're not paranoid, Jihan is.

copper member
Activity: 2898
Merit: 1465
Clueless!
Only someone with a paid agenda or a recent brainosuction would ignore these simple facts:

1. BU miners have already threatened to attack and destroy the non-BU chain after a split, this is documented
2. BU miners under Bitmain lead, have ASICBOOST, so they can invoke a 30% gain at any given time, on their own miners
3. Now Antbleed has been revealed; a method that, until 48 hours ago, could have been used to destroy everyone elses Antminer on the planet at their discretion

There is no certainty, but there is certainly a possibility, to combine 2+3, to achieve 1, which would be the destruction of the alternative chain, at least a temporary disruption, that could be the edge required to turn their BU chain into the winner.

Am I paranoid again?  Huh

Fact. They stalled shipping of L3+'s for a month plus due to 'firmware problem'. They really used them to mine themselves and stalled the units to paid customers to use them to stop seq witness till consensus. A nice payday. Run diff up by 33% to boot. The April 15th folk are getting units now with Jan dated firmware on them, so that surely was a lie now.



An added benifit is this patch will get rid of the nasty Jan date on the firmware to boot.

Bitmain. Evil pays. (tm bitmain)
sr. member
Activity: 368
Merit: 266
Only someone with a paid agenda or a recent brainosuction would ignore these simple facts:

1. BU miners have already threatened to attack and destroy the non-BU chain after a split, this is documented
2. BU miners under Bitmain lead, have ASICBOOST, so they can invoke a 30% gain at any given time, on their own miners
3. Now Antbleed has been revealed; a method that, until 48 hours ago, could have been used to destroy everyone elses Antminer on the planet at their discretion

There is no certainty, but there is certainly a possibility, to combine 2+3, to achieve 1, which would be the destruction of the alternative chain, at least a temporary disruption, that could be the edge required to turn their BU chain into the winner.

Am I paranoid again?  Huh

I'm not an expert like franky1 or Lauda, but it certainly sounds serious to me.  It sounds like a "doom switch" for sure.  But, I think that its revelation will have foiled the plot if there was a plot at all. So, I think it's not so big of a deal now that it has been exposed. It sure is an intriguing situation though.
legendary
Activity: 1372
Merit: 1014
Only someone with a paid agenda or a recent brainosuction would ignore these simple facts:

1. BU miners have already threatened to attack and destroy the non-BU chain after a split, this is documented
2. BU miners under Bitmain lead, have ASICBOOST, so they can invoke a 30% gain at any given time, on their own miners
3. Now Antbleed has been revealed; a method that, until 48 hours ago, could have been used to destroy everyone elses Antminer on the planet at their discretion

There is no certainty, but there is certainly a possibility, to combine 2+3, to achieve 1, which would be the destruction of the alternative chain, at least a temporary disruption, that could be the edge required to turn their BU chain into the winner.

Am I paranoid again?  Huh
legendary
Activity: 3430
Merit: 1142
Ιntergalactic Conciliator
Jihan Wu is the final boss to open the gate to the moon guys

Pages:
Jump to: