Rob Halförd - (Gridcoin)

CODING DEVELOPER
  • Content count

    5,848
  • Joined

  • Last visited

  • Days Won

    325

Rob Halförd - (Gridcoin) last won the day on August 16

Rob Halförd - (Gridcoin) had the most liked content!

About Rob Halförd - (Gridcoin)

  • Rank
    Gridcoin Developer
  • Birthday 06/18/1971

Contact Methods

  • Website
    http://www.gridcoin.us

Profile Information

  • Country
    Falkland Islands (malvinas)
  • Location
    Nakamoto Province
  • Gender
    Male
  • Interests
    Karaoke, Gridcoin

Recent Profile Visitors

5,366 profile views
  1. Gridcoin Research 3.6.0.1/MSI=43.5 Mandatory Upgrade https://github.com/gridcoin/Gridcoin-Research/releases/tag/3.6.0.1 ### Added - Added [V8 stake engine](https://github.com/gridcoin/Gridcoin-Research/wiki/Stake-V8) set to start producing V8 blocks at block 1010000. This fixes several security issues, see wiki for details. - Blocks can now carry identification from the "org" argument/configuration option (@tomasbrod). - Add "reorganize" RPC command (@tomasbrod). ### Changed - Berkeley DB V6+ compatibility, #451 (@xPh03n1x). - Improved poll loading speeds, #497 (@denravonska). - Versions now contain the git hash, #500 (@tomasbrod). - Improved security on NeuralNet votes, #496 (@Foggyx420). - Improved RPC help. It now supports "execute help" and "list help", #512 (@Foggyx420). - Voting is now integrated in wallet as a tab and cleaned up, #416 (@skcin, @JoShoeAh). - Improve low-peer mining ability on testnet (@tomasbrod). - Improve poll error message when low on funds, #415 (@Erkan-Yilmaz). - Code cleanup (@denravonska, @tomasbrod, @Foggyx420, @skcin). ### Removed - Remove RPC commands: - DAO, #486 (@denravonska). - volatilecode, testnet0917, testboinckey, chainrsa, testcpidv2, testcpid, windows error report disabling, list betatest, fDebug4/fDebug5 flags (@Foggyx420). - Set magnitude boost to be removed at 2017-Sep-07 00:00:00 UTC ### Fixed - Fixed security issue where superblocks could be injected, #526 (@tomasbrod). - Fix poll sorting bug, #512 (@skcin)
  2. All, I'm sorry that I have limited time available today as I have to pick up my son, but I wanted to post a public reply regarding my side of the exchange with Martin Grothe from Ruhr in May. He emailed the original vulnerability in the first paper, one that his college security class was able to reverse engineer the Gridcoin CPID check function and expose Gridcoin email addresses. That led to the realization that the biggest result of this was the ability to steal a CPIDs POR rewards if one was smart enough to create code for a replay attack (May 2017). I worked patiently with Martin for about a week, while Gridcoin devs plugged the issue by releasing beacons and keypairs (keypairs for CPIDs). The misunderstanding started to come into play when Martin explained that his team had come up with a solution that relied on creating a NEW cpid each time a researcher wants to join Gridcoin. I expressed that people have an affinity to the EXISTING cpids as credits are tied to them, and it would be better to have a keypair system that allows the RESEARCHER to choose the CPID. I privately released the version we have now, with the ability for RTM to Delete keypairs using a trusted key (in contrast to forcing researchers to create new CPIDs to use Gridcoin). In a nutshell our communication broke down after this, as his side was threatening to go public with the info, and insinuating that his solution was the only viable solution and that I could not possibly create a viable solution to the problem, while my view was he didnt understand the fundamental operations required over his short hacking tenure - therefore, our talks broke down and I started to consider him hostile. Afterwards, I was not aware of new vulnerabilities or for that matter any publications published anywhere, up to this point. In addition we now have Tomas Brod on board, who has been analyzing the code and committing changes over the last 5 months, which I was under the impression plugged all of our smaller vulnerabilities (that need time to be tested and released as a mandatory). I was operating under the assumption that we have tackled or almost tackled (through unreleased code) everything on our security punchlist.
  3. Gridcoin Research 3.6.0.0/MSI=43.4 Leisure Upgrade https://github.com/gridcoin/Gridcoin-Research/releases/tag/3.6.0.0 - Memory allocation fix for syncing from 0 - Tray Icon - Fix startup crash for new users
  4. Gridcoin Research 3.5.9.9/MSI=43.3 Leisure Upgrade https://github.com/gridcoin/Gridcoin-Research/releases/tag/3.5.9.9 - RPC: getblockstats, enhancements to getmininginfo, remove unused commands, add debug1-10 commands - GUI: Prevent crash recv items list, toolbar align, remove unused menus, fix splash screen dismissal bug, allow copy paste for certain fields, TxList double click Message, remove Galaza, diagnostic screen fix, QT58 support, icons - Dependencies: OpenSSL 1.1.0 support, C++11 support - Translations: Lithuanian, Russian, Swedish and Chinese and various other Countries - Buffer overflow protection - Remove dead code - Neural Network: UTC timestamps - Thread Safety: Added global lock - High CPU Usage: Improved - Staking: Removed repetetive block signing and 1 cent staking and reboot bug for beacons, updated beacons in memory after advertising, clearer stake messages, kernel improvements - Log: Use more efficient log command - Config File: Auto Backup - ARM: Optimization to build
  5. Gridcoin Research 3.5.9.8/MSI=43.2 Mandatory Upgrade for Windows Users - Revised Neural Network business logic rule fix inability to stake current superblock - Revised Neural Network magnitude calculation to prevent diluted magnitudes
  6. Hi Andrew I remember that you primarily boinc rosetta and that project has been missing in a lot of the prior superblocks due to us having the wrong base URL in the data entry in the PDS. Someone created a steemit article the other day claiming rewards would be lost after 14 days (based on the misunderstanding between the RSA and the 6 month POR lookback). Although I believe you will be compensated properly based on the wallet finding your last valid POR and calculating what is owed up to the new superblock, could you please let us in on how that works out for you so we have an actual test case logged? Maybe give us your last POR block #, the date of the old block, the new POR block #, the date of the new block, the reward amount and old magnitude and new magnitude if you have it? Thanks!
  7. Hi Rob,

    at which time is the harvester running? Syncing with syncdpor2 want download day 207, but on https://download.gridcoin.us/download/harvest/ there are only the past days 205 and 206 available.

    Thanks,
    Peter

    1. bibi

      bibi

      The sync process tries to delete from directories project and cpid, but writes to projects and cpids (plural), so effective does not delete bevore syncing.

      From which process is Projects\project_projects_NeuralNetwork.dat locked?

      I have the last version v3.4.9.7-g-research running.

      debug2.log

    2. bibi

      bibi

      Ok, I found it in modPersistedDataSystem.vb. cpid and cpids are both deleted, projects too. I try to understand what happens. But without the harvest files from today RAC and mag remains zero for all CPIDs.

  8. Gridcoin Research 3.5.9.7/MSI=43.1 Mandatory Upgrade for Windows Users - Neural Network business logic rule fix inability to stake current superblock
  9. So we figured out in the chatroom the issue was something different than what we were looking for the whole time. If you do an execute currentcontractaverage (with a fully synced NN node), you will see the pending superblock is not valid. The fix for this requires an upgrade. I am working on fixing the business logic rule now, we should have an upgrade within an hour. Thanks for the patience.
  10. Just for the windows users, this is an attempt to bring the neural network up to 3596, so we can stake a superblock. I see only 49% upgraded so far, and the 78e6* hash is the current popular hash, (execute neuralhash), and my node for example is hashing a 78e6* (in the neural network window, at the bottom of the page where the grand total beacon count is), so if we do not have a squirrely "superblock rejection" issue, we still might make it if we can get 3 more percent to upgrade. The exchanges do not need to upgrade.
  11. The neural report shows the current hashes of the future superblock opinions staked by the neural network delegate nodes (Neural nodes who participate on a given day) over a recent time period (about half a day) with each nodes vote diminishing over time. Its goal is to come to quorum on the popular neural network hash for the next superblock. Its obviously not working. The reasons could include: No supermajority on the latest version Bad upcoming superblock due to proj avg being out of range, proj count divided by whitelist count, or avg Magnitude Md5 hash differences in the source files over the nodes Quorum Hash Algorithm region problems etc I realize this is painful and we (the devs) apologize for the pain. We will take this up again in the dev (slack) chatroom and see whats going on. I think we will need to actually mock up a fake superblock in testnet and try to force it in testnet with more logging, to see what is being rejected.
  12. It looks like we may finally see some improvement with the current superblock situation: The popular hash of d996 is gaining popularity quickly (execute neuralreport). We will probably stake one within a few hours. All 24 projects are in d996, and the average magnitude is 44 (IE within range) and has an average project RAC of about 125000, so I see no reason for it to get rejected.
  13. Gridcoin Research 3.5.9.6b/MSI=43.0 Mandatory Upgrade for Windows Leisure for Linux/Mac/Unix - Neural Network enhancement to help stake current superblock
  14. Sorry, Its actually 'execute getstaketime' I was thinking of. The CPID must not be set as Investor (IE your email is actually set in the config), therefore the CPID will show in list rsa, and then getstaketime should report your earliest stake. This time is used when the vote weight is determined, and causes the wallet to go and find a block that you signed, in order to prove the magnitude to others. Try running that, and lets see if it matches your earliest first, and optionally you can always try to re-vote on the poll as a researcher, as new votes on distinct polls overwrite old votes.