Warning: OpenSSL Consensus Bug

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Warning: OpenSSL Consensus Bug

Post by biolizard89 »

Can anyone provide stats on what fraction of v3 blocks are being orphaned in past 24 hours due to building on v1 blocks?
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Warning: OpenSSL Consensus Bug

Post by phelix »

biolizard89 wrote:Can anyone provide stats on what fraction of v3 blocks are being orphaned in past 24 hours due to building on v1 blocks?
cassini wrote:
phelix wrote:@Cassini, you should be able to notice once F2Pool activated the nuke when only version 3 blocks show up, right?
Last 100 blocks (242409 to 242508):

Code: Select all

74 DiscusFish V3
10 slush V3
13 eligius V3
3  bitminter V3
Last 1000 blocks (241509 to 242508):

Code: Select all

0   DiscusFish V1
684 DiscusFish V3

0   slush V1
101 slush V3

96  eligius V1
43  eligius V3

15  bitminter V1
3   bitminter V3

43  unknown(ghash.io?) V1
0   unknown(ghash.io?) V3

8   EclipseMC V1
0   EclipseMC V3

0   mmpool V1
1   mmpool V3

6   mined by unknown miners
By the way, the last V1 block was block 242312, mined by unknown(ghash.io?).
From this it looks like at most 6% of hashpower has not yet updated. So my guess is: 6% of the blocks from these miners get orphaned.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Warning: OpenSSL Consensus Bug

Post by phelix »

ghash.io/CEX told me they have updated. Orphans of pools to the standard version should now be less than 2%. It was a rough ride but for now things look ok. :mrgreen:
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

cassini
Posts: 336
Joined: Sun May 26, 2013 6:36 pm

Re: Warning: OpenSSL Consensus Bug

Post by cassini »

phelix wrote:ghash.io/CEX told me they have updated.
ACK:
75 DiscusFish V3
9 eligius V3
7 slush V3
5 ghashio V3
4 bitminter V3
(last 100 blocks, 242509 to 242608)
phelix wrote:It was a rough ride
It still is. The last 18 blocks as follows:

Code: Select all

new best=31d112deffa65105f84ff9b45140180ac0c99be93803dba9c87cd9b55be2e78d  height=242590
new best=8b2e2cca4039689b2f34f3707805f292154e37bd719949147147e2bdb56fa739  height=242591
new best=9acb348c1e4c6ae7ca5e795261816bbbeed0c31264f8b20bc29231af4a5ca54f  height=242592
new best=5c97d2c2539dd45013320791524933196db2e1773b2cfd1de88f81300d5896bd  height=242593
new best=6b5dd2293f56275d1b6e7c8e95e7a2cf8588a18b5dce3313148885c028aae347  height=242594
new best=9eca327ca35c34a7249fbd2e5b4f8c8e8d91c209067e0219499ff63f2f49c14f  height=242595
new best=46e9c90dd9ff3209c2f08b62d2bd014e80f39f572d8928022962820c15e41d3a  height=242596
new best=afb16b97b1701f868317e6f031446e2cf070957c249b983c906006e9f9819c0f  height=242597 <---- !!!
new best=7eec752cc1197f57ea25d7ab65e528e0889dc5475c43e28d502668347e39c98a  height=242598
new best=5c3a2c87e1625d25cd6a2f729465be3bfd0f7207e3788643dd3fd38634597bb8  height=242599
new best=7eec752cc1197f57ea25d7ab65e528e0889dc5475c43e28d502668347e39c98a  height=242598 <---- !!!
new best=afb16b97b1701f868317e6f031446e2cf070957c249b983c906006e9f9819c0f  height=242597 <---- !!!
new best=d76bcea78335f9fd66b4a3d3c9c833cd0f52e8f9e9beca316232c39265a91ba2  height=242598
new best=a8113174b14323e25b0731416427a8ac886504261ed179ea196d923e1aab8883  height=242599
new best=63c2b0946f92bd4b7d623a2dbb7e5f5292ae3e98dc8dc6c3c8abaf029b8e188b  height=242600
new best=172e4a8d272a2a0390d7eb6ad354ea51fe4cae4465e1090a5e7aa5e65e484897  height=242601
new best=0219d40b291eafb1e48c4f92cdda0e01b7e66b1f8000302729d1743e26e17413  height=242602
new best=46a49f6582bbc78b6b0a8508d95a8e7d80fe9afc4024f2d97ad1b7df1067da25  height=242603
new best=746de32b1213530eb18459c79e932cc93a2215b44d059de8bf66cbf91e7ddf89  height=242604
new best=2d6bd75bf404424288e78648f9b0e06d014a56c100bfa1ca401a173ee5cde732  height=242605
new best=1e15e969d79ae5c2a3b7522fef556b139cfad01cc4f9b8dcb5279236cf4a2291  height=242606
new best=a259647bb79822ad95e488d618d98ca00cac8a74ed290e85eff686b71d904705  height=242607
new best=67787ad351a8fc678f77ef1ba64bac04dd6fd88d932a55f195e35f6ee4c29485  height=242608

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Warning: OpenSSL Consensus Bug

Post by biolizard89 »

Awesome. Thanks for the great work guys. Looks like we'll get through this mostly unscathed, without too much disruption for end users.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

cassini
Posts: 336
Joined: Sun May 26, 2013 6:36 pm

Re: Warning: OpenSSL Consensus Bug

Post by cassini »

Another 100 blocks have arrived, 242609 to 242708:

64 DiscusFish V3
12 eligius V3
12 slush V3
7 ghash.io V3
4 bitminter V3
1 EclipseMC V3

Looks pretty good. No orphans during the last 100 blocks as far as I can tell.
EclipseMC already mining V3 blocks.
The hashrate graph shows only a small dent during the last few days:
https://bitinfocharts.com/comparison/hashrate-nmc.html

somename
Posts: 80
Joined: Mon Sep 15, 2014 3:12 pm
os: windows

Re: Warning: OpenSSL Consensus Bug

Post by somename »

phelix wrote:Updated OP. Previous version:
phelix wrote:Due to a bug in OpenSSL Linux and Mac 64bit Namecoin Classic (v0.3.80 and earlier) and Namecoin Core clients accept a wider range of cryptographic signature formats than other builds. This brings us into the dangerous situation of potentially forking the network.

Miners
A majority of Namecoin hashrate is going to begin enforcing BIP66 circa Monday (2015-08-03). This means that all mining pools who don't want their blocks rejected after Monday MUST upgrade to Namecoin Core. Either 32-bit or 64-bit will be fine after BIP66 begins enforcement. (Before that point, we still recommend 32-bit). We apologize for the short notice here.

Namecoin Core Repo
Linux binary
Inofficial Windows binary


Users


Do not trust transactions until further notice. Do not purchase new names until further notice. If you have a name that is expiring very soon assume that transactions may be delayed unexpectedly, so renewing those names before the last minute is advisable.
If all goes well things will be mostly working again from Tuesday on (2015-08-04) but you will need to wait for six confirmations (more for important transactions).

(edited as per Biolizard89's suggestions)

1. Links above are "quoted", but from where?

2. Three weeks later, the home page still tells people to use the old version (http://namecoin.info/?p=download). I assume everyone remembers there's a download link on the home page, so why is that link still there?

Can this transition be a bit better managed?

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Warning: OpenSSL Consensus Bug

Post by biolizard89 »

somename wrote:
phelix wrote:Updated OP. Previous version:
phelix wrote:Due to a bug in OpenSSL Linux and Mac 64bit Namecoin Classic (v0.3.80 and earlier) and Namecoin Core clients accept a wider range of cryptographic signature formats than other builds. This brings us into the dangerous situation of potentially forking the network.

Miners
A majority of Namecoin hashrate is going to begin enforcing BIP66 circa Monday (2015-08-03). This means that all mining pools who don't want their blocks rejected after Monday MUST upgrade to Namecoin Core. Either 32-bit or 64-bit will be fine after BIP66 begins enforcement. (Before that point, we still recommend 32-bit). We apologize for the short notice here.

Namecoin Core Repo
Linux binary
Inofficial Windows binary


Users


Do not trust transactions until further notice. Do not purchase new names until further notice. If you have a name that is expiring very soon assume that transactions may be delayed unexpectedly, so renewing those names before the last minute is advisable.
If all goes well things will be mostly working again from Tuesday on (2015-08-04) but you will need to wait for six confirmations (more for important transactions).

(edited as per Biolizard89's suggestions)

1. Links above are "quoted", but from where?

2. Three weeks later, the home page still tells people to use the old version (http://namecoin.info/?p=download). I assume everyone remembers there's a download link on the home page, so why is that link still there?

Can this transition be a bit better managed?
This is certainly a good point. The website is undergoing a transition, and redoing the download page completely is on the to-do list. For the record, now that BIP66 is enforced by all miners, the only people who absolutely need to be using Namecoin Core are the miners. End users can keep using 0.3.80 for the moment, as long as they wait for confirmations. Namecoin Core will be more secure than 0.3.80 since it won't need to wait for as many confirmations, but it doesn't have an integrated name management GUI, which is a problem for some users.

I'm not sure what you mean by "links above are 'quoted'", can you rephrase?
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

josephbisch
Posts: 69
Joined: Sun Nov 23, 2014 3:34 pm
os: linux

Re: Warning: OpenSSL Consensus Bug

Post by josephbisch »

biolizard89 wrote: I'm not sure what you mean by "links above are 'quoted'", can you rephrase?
Maybe somename is asking where the binaries we posted came from (i.e. who built them), not realizing that (in the case of the Linux binaries) because of the reproducible builds, who actually provided the binary is not significant. And I guess it isn't apparent that Phelix built the Windows version just because he was the one that made the forum post about it.

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Warning: OpenSSL Consensus Bug

Post by biolizard89 »

josephbisch wrote:
biolizard89 wrote: I'm not sure what you mean by "links above are 'quoted'", can you rephrase?
Maybe somename is asking where the binaries we posted came from (i.e. who built them), not realizing that (in the case of the Linux binaries) because of the reproducible builds, who actually provided the binary is not significant. And I guess it isn't apparent that Phelix built the Windows version just because he was the one that made the forum post about it.
Ah, ok. For the record, the Linux binary was reproduced by Joseph, Luke-Jr, and midnightmagic. Phelix built the Windows version using EasyWinBuilder (it was not built reproducibly). I would not recommend using the EasyWinBuilder binary for anything critical (we'll try to get Gitian Windows and OSX builds out sometime). The Linux binary is safe to use, and is being used by a significant number of miners.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply