Archive by Author

December 2013 Project of the Month, CPU Miner

“Pooler” is the admin for cpuminer. Here is my interview with him on cpuminer

d.: Tell me about your project, cpuminer…

Pooler: cpuminer was started by Jeff Garzik, a former Red Hat engineer and one of the core developers of Bitcoin. When Litecoin, a clone of Bitcoin using a different hashing algorithm, was launched two years ago, cpuminer was forked and modified to work with it. This initial adaptation was written entirely in C, so I became interested in discovering what kind of performance benefits could be gained by rewriting the most important pieces of code in assembly language for both the x86 and x86-64 architectures.

The performance boost turned out to be very noticeable: the optimized routines were able to mine over two times faster than the original C code. As time passed, I became more and more interested in this project, and decided to start maintaining it. Bugs were fixed, new functionalities were added, and new optimizations for various microarchitectures were introduced.

d.: I’d also like to know what sort of community activity you all have; is there a central place where folks discuss cpuminer?

P: Up until now I’ve done most of the coding myself, probably also due to the fact that the assembly code that I wrote for cpuminer is relatively complex and can take quite some time to understand, but from time to time I receive pull requests for new features and bug fixes. Most discussions about cpuminer take place in a dedicated thread at bitcointalk.org I also see people chat about it every day in the #litecoin channel on Freenode IRC.

d.: What is your view of BitCoin’s influence on other financial software?
P: I believe Bitcoin, and more in general the very idea of a decentralized currency whose security is guaranteed by cryptographic algorithms, has started quite a revolution in the financial world. Many payment processors already exist for Bitcoin and Litecoin, allowing merchants to easily accept payments in bitcoins just like they do with credit cards or PayPal. The fact that anyone can manage his or her bitcoins without the need for a bank or other centralized institution drastically changes the way people relate to money, and creates a new niche of software tools that allow people to interact with their savings. The influence of cryptocurrencies is growing so quickly that I wouldn’t exclude that in the near future banks and e-commerce businesses will be forced to start supporting bitcoins and litecoins as well.

d.: Why LiteCoin, it seems like BitCoin is the 900lb gorilla here…
P: Litecoin is not inherently better than Bitcoin, of course, just like the euro is not inherently better than the US dollar. cpuminer can also mine bitcoins, but it mainly targets Litecoin as Bitcoin mining has now moved to specialized hardware, thus making CPU mining bitcoins way too unprofitable. On the other hand, the recent surge in the price of Litecoin has brought the profitability of CPU mining to new heights, drawing renewed interest in cpuminer.

d.: Who can benefit the most from cpuminer?
P: Anybody who has a computer with a modern, energy-efficient processor and wants to use it to generate some litecoins. Mining may or may not be profitable depending on how much one pays for electricity, though, so it is important to consider all factors before starting. Online calculators exist that allow potential miners to estimate their profits. Aside from actual miners, cpuminer is very useful for developers, as it constitutes the simplest way to test mining-related functionalities and does not require any specialized hardware.

d.: – Have you seen the current climate around personal privacy impact your project?
P: Not really. While one of the main targets of the project is to implement certain cryptographic algorithms so that they can be executed as fast as possible, the project itself has little interest from a purely cryptographic standpoint. I do have noticed that most developers working on cryptocurrency-related projects seriously value their anonymity and privacy, but I think it’s always been like that… just think of Bitcoin’s creator, Satoshi Nakamoto, whose identity remains a mystery to this day.

d.: – What’s the best way to get the most out of using cpuminer?
P: I think one of the best features of cpuminer is that it can detect the characteristics of the CPU it is run on and automatically use the most suitable algorithm implementation. This means that there’s no need to play with options and flags to get the best performance from it.

d.: You have noted the virus risk here; what is the key takeaway from this for users and potential users?
P: Botnet operators have been illegally running miners on their victims’ computers for a long time, and this has caused antivirus suites to
recognize most mining software as malware. Since a malicious programmer could actually exploit this false positive to distribute modified versions of cpuminer, it is important that end users only download binaries from the official repository at SourceForge.

d.: – Are you all doing anything else to mitigate this issue?
P: Since cpuminer is not malware and we have nothing to hide, I believe using techniques to circumvent antivirus defenses would be totally inappropriate. False positives are always possible, so if a given antivirus doesn’t give the ability to whitelist a specific application that the user knows it is safe to use, the problem is with the antivirus, not with the application.

d: What was the first big thing that happened for your project?
P: I think this project would now be largely abandoned if it wasn’t for the launch of Litecoin two years ago, so I would definitely cite that as one of the most important events in the history of cpuminer. It is now utterly pointless to mine bitcoins using ordinary computers, as specialized hardware can mine them a lot faster. This is not the case with Litecoin, as its hashing algorithm is much friendlier to ordinary CPUs.

d.: – What was the net result for that event / effort?
P: The fact that cpuminer can mine litecoins at decent speeds on modern CPUs has brought a lot of new interest to our project. The price of Litecoin has skyrocketed this past month, and many people are willing to invest into it. Not many people have enough money to buy specialized hardware, though. CPU mining, on the other hand, requires no initial investment, and gives pretty much anybody the opportunity to easily earn their first litecents.

d: What is the next big thing for cpuminer?
P: I am currently working on adapting cpuminer to support a new mining protocol, known as “getblocktemplate”, which is typically used for solo mining and by pools. This will make it easier for Bitcoin developers to test mining functionalities, and will finally allow them to get rid of the obsolete internal miner that is still present in the official client for debugging purposes only. I’m also looking forward to write optimized implementations of the Litecoin hashing algorithm for the upcoming 64-bit ARM architecture.

d.: – How long do you think that will take?
P: A full implementation of the “getblocktemplate” protocol may take some time, as the protocol itself allows for a considerable number of extensions. As for the AArch64 implementation, I will postpone its release at least until I can test it on an actual device.

d.: – Do you have the resources you need to make that happen?
P: Unfortunately my job and more urgent projects don’t leave me much time to work on adding new features. Other than that, I’m always looking forward to improving cpuminer!

d.: If you had it to do over again, what would you do differently for cpuminer?
P: I think Jeff Garzik did an excellent job when he wrote the original cpuminer. I don’t think I would have done anything much differently.

d.: – Why?

P: I like the simplicity and modularity of his code. I particularly like how cpuminer conforms to the KISS (“Keep it simple, stupid”) principle, and never tried to provide unneeded fancy functionalities but just tries to do one thing really well.

Thank you to Pooler for taking the time to provide this id-depth look at cpuminer. Congratulations on being selected as the December 2013 Project of the Month!

New (OSS) Releases Thursday…

We’ve been seeing some cool releases coming out of some of the projects hosted on SourceForge; here are just a few…

eXo Platform  - Social Collaboration has announced a Premium edition they describe as, “a breakthrough new enterprise service that combines the centralized framework of a portal with the functionality of social networks to deliver on the promise of a connected and collaborative workplace.” With social media being key to how many folks operate these days, it’s clear there is traction to be had here.

The QT Bitcoin Trader team has announced a new release, the source is here. This tool supports these exchanges: Mt.Gox, BTC-e, Bitstamp and BTCChina. This software helps you open and cancel orders quickly. They also offer real time data monitoring. QT Bitcoin is developed on pure Qt, and uses OpenSSL. If you’re into crypto-currencies, this might be for you.

Finally, FF Multi Converter has also released version 1.6.0. In case you are not familiar with them, FF Multi Converter is a simple graphical application which enables you to convert audio, video, image and document files between all popular formats, using and combining other programs. It uses ffmpeg for audio/video files, unoconv for document files and PythonMagick library for image file conversions. The application is written in python and PyQt.

Need some new software to check out? There you go!

HPCC Systems new release and more…

One of our favorite things to do is to let our community know about cool projects on our site. Today, we’re going to highlight 3 projects that have new releases…

The first is HPCC Systems; HPCC is an OSS  Enterprise level package for “Big Data Analysis.” HPCC has released version 4.2.0:

This latest release includes many new enhancements including, but not limited to the following:

  • ECL Visualizations including the new cellFormatter bundle for displaying HTML and Javascript code
  • Technical Preview of more ECL Watch improvements such as query manipulation, multiple fixed spray options and a new ZAP button for easy bug reporting
  • New features in ECL Plugin for Eclipse

See the full release announcement here.

The next project is eWorld; they have released a new version, 1.0.1 of their framework that allows for import of mapping data from providers like OpenStreetMap (OSM). You can read their release announcement here.

Finally, PortableApps has also recently released some new stuff. Check out their latest announcements.

We encourage you to give these projects a look!

November 2013 Project of the Month, PasswordSafe

I’ve been a long-time fan of PasswordSafe because it has a single function; password security. We’ve been hearing a lot about security of late, so it’s also a topical matter. Here is my interview with Rony Shapiro who is the admin for this very useful project:

d: Tell me about the PasswordSafe project please; what made you start this, and has your original vision been achieved?

PasswordSafe started off as a free closed-source utility from Bruce Schneier’s consulting firm.  Around 2001, Bruce decided to make the code open source, and chose a volunteer to set it up on SourceForge. Unfortunately, that person got caught up in the dotcom bust, and more or less abandoned the project.

I really wanted to work on this program to scratch my own itch. Specifically, (1) to support grouping entries into topics (such as banks, e-commerce, etc.) and to add a search function (e.g., to look for the entry that contains the word “robot”). Once I put out a version with these features, people started contributing ideas and code. The rest, as they say, is history.

Re “vision”: I dunno about that. It’s a large word. I hope to think that fewer people have had their accounts hacked because of PasswordSafe, but of course there’s no way to test this.

d: Who can benefit the most from PasswordSafe? Have you seen the current climate around personal privacy impact your project?

Any person who has more than one password to protect can benefit from PasswordSafe. Certainly the recent push of privacy-related issues to the headlines has made people more aware of this.

d: – What’s the best way to get the most out of using PasswordSafe?

The best way to get the most out of PasswordSafe is through liberal use of the Generate Password button: Create a separate entry for each site you use, and generate a random password for each. This ensures that (1) even if a single site is compromised, the attacker cannot use the password he’s recovered to access any of your other accounts, and (2) that any dictionary-based attack will fail, or knowing the names of your family members, pets, etc. will not help the attacker.

Another good idea is to use the Notes field to remember the fictitious answers you created for all those silly “security questions” (that should really be called insecurity questions, because they allow an attacker who found out a bit about you to reset your password…)

d: Why did you choose the Artistic 2.0 license

That was the license chosen by Bruce Schneier when he released the project.

d: Did you ever regret choosing this specific license?

I’ve had no problems at all with it.

d: – If you had the chance, what other license would you select and why?

Don’t think I’d choose differently if I had to start over.

d: What was the first big thing that happened for your project? What helped make that happen? What was the net result for that event?

Getting contributions from other people made the project much much better than anything I could have made from it by myself. I guess the first one that made me appreciate this was the autotype feature, added back in 2004. Unfortunately, I don’t have notes on who added it.

d: What is the next big thing for PasswordSafe?

I’ve started working an a new database format that should have some nice features.

d: – How long do you think that will take?

Probably a few months to a year’s worth of evenings and weekends  until something usable will come out of this.

d: If you had it to do over again, what would you do differently for PasswordSafe?

I’d probably take a go at working on it full-time and making a living off it (while keeping it open source, of course), instead of working on it strictly as a hobby.

d: – Any reason you can’t do that now?

I’ve decided to leave that as something to look forward to for my retirement :-)

d: Is there anything else I should know?

Of course: My deep gratitude to everyone who’s contributed to the project over the years, be it via code, translations, bug reports, suggestions, or plain old fashion donations. Special thanks to DK, who’s become a personal friend and companion as well as a coder, critic, and sounding board for my crazier ideas. And of course thanks to SourceForge, for years of hosting.

d: Excellent Rony. Thank you for your contributions to the Open Source community for all that you do.

Open Source Security

Hi folks,

I found this the following article from PCWorld online regarding security vulnerabilities in Open Source projects. I strongly commend this to you all for your own information and the protection of your projects and users.

Note that all projects mentioned from SourceForge in that article were contacted by the researcher who found the issues and also engaged CERT/CC from Carnegie Mellon University. I also directly reached out to them this morning.

Best regards,

Daniel Hinojosa – SourceForge Community Manager