Monthly Archives: February 2014

Mt Gox is down in Bitcoin heist, “transaction malleability” to blame

The latest in the Bitcoin saga is a crisis at Mt Gox, one of the major Bitcoin exchanges in the world. A few judicious news clippings will give you a sense of the chaos.

Bitcoinity-mt-gox-crash

From Reuters: Bitcoin exchange Mt. Gox goes dark in blow to virtual currency

The website of Mt. Gox suddenly went dark on Tuesday with no explanation, and the company’s Tokyo office was empty – the only activity was outside, where a handful of protesters said they had lost money investing in the virtual currency.

Hours later, Mt. Gox CEO Mark Karpeles told Reuters in an email: “We should have an official announcement ready soon-ish. We are currently at a turning point for the business. I can’t tell much more for now as this also involves other parties.” He did not elaborate on the details or give his location.

From the New York Times: Apparent Theft at Mt. Gox Shakes Bitcoin World

On Monday night, a number of leading Bitcoin companies jointly announced that Mt. Gox, the largest exchange for most of Bitcoin’s existence, was planning to file for bankruptcy after months of technological problems and what appeared to have been a major theft. A document circulating widely in the Bitcoin world said the company had lost 744,000 Bitcoins in a theft that had gone unnoticed for years. That would be about 6 percent of the 12.4 million Bitcoins in circulation.

The document circulating widely is this crisis plan.

For several weeks MtGox customers have been affected by bitcoin withdrawal issues that compounded on themselves. Publicly, MtGox declared that “transaction malleability” caused the system to be subject to theft, and that something needed to be done by the core devs to fix it. Gox’s own workaround solution was criticized, and eventually a fix was provided by Blockchain.info. The truth, it turns out, is that the damage had already been done. At this point 744,408 BTC are missing due to malleability-related theft which went unnoticed for several years. The cold storage has been wiped out due to a leak in the hot wallet.

The underlying problem is “transaction malleability”, and how Mt Gox’s software didn’t account for it when approving trades. From Ed Felten’s Freedom to Tinker:

It has been known since roughly 2011 that signed transactions are slightly “malleable” in the sense that it is possible to modify a signed transaction in certain minor ways, without invalidating the signature. The critical details about payment—who is paying how much, and to whom—can’t be changed, but certain peripheral information can be modified in a way that causes the transaction ID to change. [Technical detail for crypto nerds: This happens because the transaction ID is computed by hashing a set of fields that is a superset of the fields covered by the signature.]

The mostly dormant crypto nerd in me rolls my eyes, but of course this was not an obvious problem to those first looking at Bitcoin. I don’t know off hand if other cryptocoins like Dogecoin have the same transaction malleability flaw.

Advertisements

goto considered harmful – security systems and how they fail

Apple devices are subject to a bug in a core crypto library where one line of errant code – the self-describing bug “goto fail;” – causes SSL connections to be untrustworthy.

IOS systems have a patch (and you should upgrade now); we’re waiting for the OS X hotfix.

Some good analysis on Twitter of late, and this article on Wired: Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’

Apple released iOS 7.0.6 yesterday to patch the bug in its implementation of SSL encryption — the internet’s standard defense against eavesdropping and web hijacking. The bug essentially means that when you’re e-mailing, tweeting, using Facebook or checking your bank account from a shared network, like a public WiFi or anything tapped by the NSA, an attacker could be listening in, or even maliciously modifying what goes to your iPhone or iPad.

How to test if you are at risk? The aptly named gotofail.com has a simple and non-destructive test.

Obituary: Rich Wiggins (1956-2014)

Rich-wiggins-photo-obit

Obituary: Richard “Rich” Walker Wiggins (February 28, 1956 – February 8, 2014)

Passed away February 8, 2014 in Holt, MI. Born Feb. 28th, 1956, in Chicago, IL, and raised in Decatur, AL, Rich was a proud son of a chief engineer of NASA’s Skylab Space Station. A high achiever throughout his life, Rich attended Michigan State University, where he worked later for many years as a systems programmer and manager, retiring as a Senior Information Technologist in 2010. Always a visionary, Rich will be remembered primarily as a champion of the Internet — speaking, teaching, and publishing about its potential. An outstanding communicator, he wrote one of the earliest books about the Internet — “The Internet for Everyone: A Guide for Users and Providers“, published by McGraw-Hill in 1994. The vanity plate on his car? “INTRNET”.

Rich was consulted by and featured in numerous national media venues, including The New York Times (his beloved, must-read newspaper). Local TV and radio stations called upon him frequently for appearances and commentary. With his good friend Charles Severance, he appeared regularly on a popular segment of WKAR‘s AM 870 NewsTalk radio program, debating contemporary technology topics and giving computer advice to callers. Rich and Chuck also co-hosted a national television program — “Internet: TCI“, from 1994-1997. An enthusiastic team leader, Rich played a significant role in moving Michigan State University forward into the new world of the Internet.

Rich was a brilliant, charming and complicated man who made friends everywhere. He was eager to debate politics and discuss the latest news with anyone, and was known as a relentless punster. Warm weather was one of his passions; he could be seen wearing shorts and sandals well into November, adamantly refusing to acknowledge the end of summer. He loved Lake Michigan, Key West, Canada, MSU’s Summer Circle plays, the Moody Blues, Wendy’s iced tea, and El Azteco. Rich treasured all of his friends, relatives, and colleagues. He is gone from us far too soon.

Rich was preceded in death by his parents, Herbert H. Wiggins, Sr. and Ethel Gardiner Wiggins; and his brothers, David and Herbert Jr. He is survived by numerous cousins.

A Memorial Service will be held Saturday, March 1, 2014 at Palmer, Bush & Jensen Family Funeral Homes Holt-Delhi Chapel, Holt, MI. Visitation will begin at 12:00PM, followed by a 1:00PM service. Friends are invited to gather afterwards for refreshments. In lieu of flowers, Rich requested specifically that donations be made to the Michigan State University Veterinary Teaching Hospital. Condolences can be made at www.palmerbush.com.

Slack, first impressions

Slack-logo

I’m trying out Slack. Here are some first impressions.

The system has many familiar components. It feels like an IRC network, complete with a set of well thought out bots and useful integrations with development tools. Unlike most IRC nets, it comes with a rich set of web and native clients that make it feel like something that ordinary people could use and not just the ubergeeks. For the ubergeeks, it also has a very competent IRC client support.

The experience of the system varies tremendously depending on who you have on your team. If they have somewhere else to talk, then you might never get the critical mass you need to have a real conversation online. About a third of the people I’m inviting actually start to use the system, and most of those have some IRC channel time in their background.

The web client and the Android client for Slack are both very capably executed and feel like sound, solid pieces of engineering. It adds a lot of confidence to using the system to have such nice tools to work with.

I have integrations configured for RSS feeds, for Github (issues and commits), and for Google Hangouts. There’s a rich API, or so it seems, and lots of other systems that have had integrations built for them. I have ambitions but no infrastructure yet to write my own code or better yet borrow other people’s code to extend the system. I’m not much more advanced yet than getting the “hello world” style post-to-Slack-from-the-command-line capability going, but it did work, so I have high hopes.

The slack server I have set up is running on their free trial, which has a limited number of integration slots. I think that by cleverly enabling and disabling services that I can try enough of them to build up some experience with the system, but not necessarily run everything in production. I get 5 for free, and Github, Hangouts, RSS, Twitter, and the incoming webhook make up that 5.

If you’d like to see what I’ve built and join in, drop me a line and I can send you an invite.

Sawnee EMC (north of Atlanta, GA) power outage map

Sawnee EMC has a recently new power outage map, including a map optimized for mobile access. The press release they issued back in November 2013 has a lot more details.

Sawnee EMC serves electrical customers in portions of Forsyth, Fulton, Dawson, Lumpkin, Cherokee, Hall, & Gwinnett counties, in an area north of Atlanta, Georgia.

Sawnee-emc-service-area-map

The Atlanta area is expecting severe weather and ice the week of February 12, 2014, according to the Atlanta Journal-Constitution.

But this time, it’s not just the snow. It’s the ice that has forecasters and government leaders most concerned. And the worst of the storm may not roll through until Wednesday, according to chief meteorologist Glenn Burns with Channel 2 Action News.

“Do be prepared for massive power outages as this is likely to be a massive weather event,” Burns said Monday evening.

For more power information in the Atlanta area see the Georgia Power outage map.

Bitcoin volatility after Mt Gox downtime

Depending on the source you get a slightly different story, but the results are the same: there is a lot of volatility in Bitcoin pricing in early February 2014 because of problems at the Mt. Gox exchange. So much for a technologically pristine, mathematically pure, decentralized currency; when your “foreign exchange” depends on a very small number of businesses, it can have systematic vulnerabilities.

Mtgox-bitcoin-feb-9-2014

Coindesk, Why Mt. Gox, the World’s First Bitcoin Exchange, is Dying

Mt. Gox, the world’s original and once-largest bitcoin exchange, appears to be in a state of disarray after it suspended bitcoin withdrawals to work on what it said were technical issues. Meanwhile, the clamour of angry customer voices is growing.

The exchange’s moves have had a negative impact on the bitcoin markets. The price of 1 BTC plunged from $850 at the start of the week to $681, according to the CoinDesk Bitcoin Price Index, in the wake of the Gox announcement.

Business Insider quotes the Mt Gox letter to customers on the freeze in withdrawals:

We apologize for the sudden short notice. All bitcoin withdrawal requests will be on pause, and the withdrawals in the system will be returned to your MtGox wallet and can be reinitiated once the issue is resolved. The trading platform will perform as usual for the needs of our customers. 



Our team will resolve this problem as soon as possible and will provide an update on Monday, February 10, 2014 (JST).



The graph at top shows that Bitcoin on the Mt Gox exchange has lost more than 25% of its value, with data from Bitcoinity.

Much more discussion on Reddit’s /r/bitcoin.

decoding radio digital modes without a radio, using WebSDR and fldigi

I’m interested in decoding radio digital modes without actually having a radio. The idea is that by using a web-based software defined radio (to tune in the signals) and the fldigi program (to decode the signals) that I should be able to “listen” to digital modes and start to explore the digital parts of the amateur and broadcast radio bands.

Fldigi-HB9ERN

I think I have all of the components, but I have yet to be able to get everything to work as expected. Here’s what I have:

WebSDR from http://websdr.ewi.utwente.nl:8901/ . This is a software-defined radio tuning to the radio airwaves at the University of Twente in the Netherlands; it runs in your browser. There are 87 of these systems running around the world, listed at websdr.org.

fldigi from http://www.w1hkj.com/Fldigi.html . This software for Windows, Linux and OS X, runs on your local system and takes an audio signal and decodes it in one of many digital modes.

Soundflower from https://code.google.com/p/soundflower/ . This is a Mac system extension that allows you to redirect the audio output of one program (e.g. your browser) into the audio input of another program (e.g. fldigi). Not strictly necessary because the fldigi can also just decode whatever it hears through the computer’s built in microphone. I picked up the recommendation from an article on HamRadioAndVision.

A number of people have done Youtube videos describing what they are doing to make this work. For example, OZ9AEC has a 6 minute Youtube from 2009 shows reception in single channel and multichannel mode. He doesn’t use Soundflower, just the built in mic of his Mac.

Not described here – and probably what I need to figure out next – are two key bits of information. Where do you tune to pick up digital signals? And, more importantly, which decoder do you use? It’s not hard to pick out which modulation is being used if you have some practice, but as of this writing I couldn’t readily tell you what WEFAX sounds like compared to RTTY. Still sorting through those details before I can claim to have mastered this.

Note also that this should work with a local software-defined radio as well, or even with a “hardware-defined radio” placed near your mic or patched in with a mic cable.