Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Spawn Web Supercomputer On Way To Chess World Record

Posted by Soulskill on from the distributed-computing-now-with-more-distribution dept.

New submitter DeathGrippe sends in an article from Wired about a new take on distributed computing efforts like SETI@Home. From Wired: "By inserting a bit of JavaScript into a webpage, Pethiyagoda says, a site owner could distribute a problem amongst all the site's visitors. Visitors' computers or phones would be running calculations in the background while they read a page. With enough visitors, he says, a site could farm out enough small calculations to solve some difficult problems. ... With this year's run on the value of Bitcoins — the popular digital currency — security expert Mikko Hyppönen thinks that criminals might soon start experimenting with this type of distributed computing too. He believes that crooks could infect websites with JavaScript code that would turn visitors into unsuspecting Bitcoin miners. As long as you're visiting the website, you're mining coins for someone else."

70 of 130 comments (clear)

  1. Cheap by Anonymous Coward · · Score: 5, Funny

    Better than looking at ads.

    1. Re:Cheap by Cow007 · · Score: 1

      Better than looking at ads.

      You're on to something, it seems like the usefulness and positive benefits to customers, science etc. Is being all but ignored.

      --
      411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
    2. Re:Cheap by Mathness · · Score: 4, Interesting

      It actually could be a fair exchange of resources instead of ads, I use some of yours when visiting your site and "consuming" your work and I give some back by doing some "work" for you. If what I provide is a reasonable use of my resources, I would have no problem with it as long as it is legal.

      --
      Carbon based humanoid in training.
  2. Why stop there... by socceroos · · Score: 3, Funny

    Lets just load a monolithic OS kernel written in javascript into visitor's RAM with the full OSI stack. Distribute your website to these small OSs and have them serve everyone else in the local network....

    1. Re:Why stop there... by Hentes · · Score: 1

      Not that impossible, actually.

  3. At Last! by Anonymous Coward · · Score: 2, Insightful

    At last! A practical form of "micro"-payments

    1. Re:At Last! by Big+Hairy+Ian · · Score: 1

      I saw this and thought is this news? Hackers were caught (Well spotted if not incarcerated) using bot nets to generate bitcoins last year. And one of the principle bitcoin engines is written in Java script just so you can add it to your website. News What News?

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  4. Bitcoin mining in Javascript. by Anonymous Coward · · Score: 5, Informative

    ... only need to get ten trillion users for three days to get 0.001 BTC.

    I can already hear the hoards of criminals running to do this.

    1. Re:Bitcoin mining in Javascript. by ShanghaiBill · · Score: 1

      ... only need to get ten trillion users for three days to get 0.001 BTC.

      Have you used Javascript lately? Modern optimizers are very good. With WebGL you can use Javascript to run code on the GPU.

    2. Re:Bitcoin mining in Javascript. by c · · Score: 1

      ... only need to get ten trillion users for three days to get 0.001 BTC.

      To be honest, I've heard of dumber micro-payment schemes...

      --
      Log in or piss off.
    3. Re:Bitcoin mining in Javascript. by pspahn · · Score: 1

      Did you see it in Superman III?

      --
      Someone flopped a steamer in the gene pool.
    4. Re:Bitcoin mining in Javascript. by c · · Score: 1

      No, it might have been in a Highlander sequel.

      --
      Log in or piss off.
  5. My understanding was this wouldn't work well by FooAtWFU · · Score: 4, Informative

    My understanding was this wouldn't work well for BitCoin, because the raw computing power people are throwing at it with GPUs and ASICs easily dwarfs even significant numbers of zombies, and even WebGL can't help you (too limited an instruction set).

    Of course by this point the matter is hearsay... but still, Bitcoin is a tough nut to crack these days.

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
    1. Re:My understanding was this wouldn't work well by AmiMoJo · · Score: 1

      All the smart people are moving to LiteCoin. BitCoin is basically deal for mining, and the difficulty is going to rapidly increase now that ASIC miners are becoming available.

      LiteCoin is still easy enough that you can make a reasonable ROI with a GPU, barely.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. Yay by Sneftel · · Score: 1

    I'm... kind of okay with this? Modern operating systems are hella-good at maintaining usability under high CPU loads, and the extra electricity consumed by the increased load wouldn't make much of a difference to me. If this is how they want to monetize web content, I'll take it over click-to-mute popunders any day. The "crooks" thing seems like it's just thrown in to increase the shock factor. Why wouldn't the site owners do this?

    --
    The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
    1. Re:Yay by Electricity+Likes+Me · · Score: 1

      Functionally it's identical to blocking ads to prevent.

    2. Re:Yay by TrollstonButterbeans · · Score: 1

      Functionally, this means the ultimate end of javascript. Because this means even ultimately secure code does not mean it can be trusted.

      Nor does it mean secure code isn't malicious, it just isn't malicious in the present sense of the word ....

      And that new abuse that does not fit the historical definition is coming down the pipeline.

      --
      Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
    3. Re:Yay by Electricity+Likes+Me · · Score: 1

      We might see heuristic blocking of javascript come to the fore. Bitcoin miners at the end of the day have to upload to BTC hash servers, and produce BTC hashes.

    4. Re:Yay by Cow007 · · Score: 1

      A fail with a mobile device- the extra power requirements eating up the battery.

      --
      411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
  7. Re:Crooks definition by socceroos · · Score: 1, Insightful

    The Australian Government just passed a law allowing them to claim your money in your bank account as their own if you haven't used it in a while.

    I pick government.

  8. At last!... by TheloniousCoward · · Score: 1

    A practical form of "micro"-payments

    1. Re:At last!... by Anonymous Coward · · Score: 1

      oops, we just plain forgot to turn off the ads

  9. Re:That's not actually criminal by Dunbal · · Score: 2

    For all you may claim that the sign on the back of your front door states that I consented to be raped by you when invited to into your home, you still don't have the right to do it and are a criminal if you do.

    --
    Seven puppies were harmed during the making of this post.
  10. Better or worse than ads? by cervesaebraciator · · Score: 1

    As an alternative revenue stream to ads, this might make sense for some websites. Many of the flashier (so to speak) ads waste many resources as well, but to no productive end other than getting your attention.

  11. Re:That's not actually criminal by im_thatoneguy · · Score: 1

    I was thinking the same thing. I don't know that this is actually illegal or even unethical. We implicitly agree to watch ads etc when we visit a website. This could be a source of revenue far greater than advertising.

  12. Re:That's not actually criminal by FlyMysticalDJ · · Score: 2

    Whenever you visit any web page with Javascript enabled, you are inherently agreeing to execute some code on your system. It doesn't really matter if it's displaying animated kittens are calculating bitcoin blocks. Indeed, we should all hail this as a great thing if it means criminals becoming less criminal...

    I think you've missed the idea. From TFA:

    He believes that crooks could infect websites with JavaScript code that would turn visitors into unsuspecting Bitcoin miners. As long as you're visiting the website, you're mining coins for someone else

    The criminal activity isn't mining bitcoins on someone else's machine, it's putting your code on someone else's website without their consent. It's not a new type of criminal activity, just a new incentive to do it.

  13. What a waste. by viperidaenz · · Score: 1

    You'll need each visitor to stay on your page long enough for them to complete a significant amount of computation and upload the results.
    If the amount they compute is less than what is required to for the fork and join process in the problem, then its easier to not fork and join and do the computation locally.

    Every visitor that doesn't stay long enough wastes resources doing work that is thrown away. They'll also waste your own resources by asking for the input data and never giving you a result. That means its either going to take longer for that piece of input to be computed, because you could have given it to someone who stayed, but you don't know how long it will take to computer because you don't know the load of capacity of the node that is doing the work, so you'll need to wait a relatively long time before giving it to another node - or give the same data to several nodes at once - wasting resources again.

  14. How to block ? by Taco+Cowboy · · Score: 2

    TFA tells us that people can do this or do that to the visitors' computers (or smartphones) but there's no hint on how to block all these ...

    Anyone can share a little insight on what kind of precaution that we can do in order to block out all those things from entering our own device in the first place --- other than not visiting those websites, I mean ...

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:How to block ? by Anonymous Coward · · Score: 2, Funny

      Insert smarmy statement regarding how long I've been running noscript here

    2. Re:How to block ? by Anonymous Coward · · Score: 1

      You could disable Javascript to be sure, or install NoScript and spend a lot of time enabling various Javascript sources every time you visit a new website, trying to figure out what sources are needed to make the site work or if the site is just not worth it. Or you could just not care unless you notice the site slowing down your computer, in which case you would probably get one of those popups from the browser warning you Javascript is using too much CPU and asks if you want to stop it.

    3. Re:How to block ? by Algae_94 · · Score: 2

      As the AC mentioned, you can use NoScript to block these scripts from running on a site. You could also universally disable javascript in the browser. NoScript is the most granular blocking that I'm aware of, and it's granularity is by domain. This means if xyz.com has this sort of script on their site and you block xyz.com, the site would also not be able to do a lot of other javascript stuff. This can be range from no problem for the site to making the site unusable.

    4. Re:How to block ? by Cenan · · Score: 3, Interesting

      The problem with noscript is that once you allow a domain, it's allowed regardless of which site you allowed it on. This is a huge problem, since I might trust domain x to use jQuery's CDN, but not site y. If I allow jQuery CDN it's allowed for both. Try blocking google-analytics for instance, and see how many sites break - for no other reason than that they want analytics to run, and their scripts check for this (or depend on it in some retarded way, I'm not sure). That means in order to use a handful of sites that have retarded dependencies, I have to allow this idiocy for every site i visit.

      The other problem with the granularity is that most professional sites pull in javascript from multiple domains, so it turns into a treasure hunt trying to find the handful of domains you need to unblock before the site works. And it's even more fun when the site has hidden dependencies, that only pop up after you allow a domain on the list - making the already long list expand dynamically. And of course there's no way to see the script you're allowing unless you want to sift through the entire source of the page.

      This is why noscript remains a nerd tool, the menu has a function that allows all scripts on a given site, a ripe choice of you already have the "click through" mentality. What a user sees is "lots of choices, this one makes the problem go away" and once that is learned the whole point of noscript goes the way of Windows UAC - yes, yes, yes, oh shut up.

      TL;DR: noscript is good advice, although it requires far more user maintenance than resonable.

      --
      ... whatever ...
    5. Re:How to block ? by parkinglot777 · · Score: 1

      What I usually do is to temporarily enable javascript of that site (not any others in the list) to see if the content shows up. If it still doesn't, I simply revert the NoScript back and don't go to that site again. If a site requires third party scripts to get all functions up, I don't need it. I understand that it is nice and gives more flexibilities to use others' libraries over the Internet, but I prefer web sites that use their own contents/files.

    6. Re:How to block ? by kmoser · · Score: 1

      Insert lame joke regarding how, in Soviet Russia, Bitcoin mines you!.

    7. Re:How to block ? by thoughtlover · · Score: 1

      I block google-analytics and haven't noticed any problems whether it be http or https traffic. No problems whether it's on a blog or a shopping cart. Blocking Google APIs or GStatic can break functionality, however.

      --
      No sig for you! Come back one year!
    8. Re:How to block ? by Cenan · · Score: 1

      Yeah I rechecked my settings after posting and you're right. It's Google APIs that break stuff. However, site owners still have retarded dependencies on those. I frequently run into problems with sites that have a little map in a widget off to the side. If Google APIs are blocked, the whole site stutters and falls on it's face, when it shouldn't.

      --
      ... whatever ...
  15. IE and Safari don't have WebGL by tepples · · Score: 1

    Microsoft has refused to implement WebGL in any released version of IE for security reasons. Apple implemented it in Safari but disabled it by default on the Mac and restricted it to use only by iAds on iOS.

  16. Is javascript a good idea? by Okian+Warrior · · Score: 1

    I've often wondered if including a programming language in a browser is a good idea.

    On the functionality side, I don't really think it adds much required functionality. The only useful functionality seems to be in validating web form data (Don't let the user submit without required fields, make sure no spaces are in the CC number, &c). The vast majority of these could be handled by changes in the HTML specification with fields specific to type, flags, and so on. Video and other media players should be built-in to the browser and be based on standardized formats.

    There's a number of useless features that everyone clamors for, such as showing text in a box that changes when you click in it (such as "search" boxes), worthless animation, and clever actions that don't appreciably add to readability or access.

    On the negative side, there's the innumerable ways in which the user can be taken advantage of - popups and pop-under, spreading malware, insufficient sandboxing, privacy leakage, tracking, and so on.

    By turning the browser into a general-purpose computer, the industry has created yet another attack vector. All for something which is for the most part a static, read-only experience.

    Microsoft added ActiveX to their E-mail reader, and it was a disaster. I put Javascript on websites in the same category.

    1. Re:Is javascript a good idea? by Kal+Zekdor · · Score: 2

      You would be absolutely correct... if this was 1995. Web sites haven't been a "static, read-only experience" in ages (many of them, anyway). You interact with web pages, not merely consume them, as you would an RSS feed. While I hate javascript with a passion, it has made it possible for us to move from web pages to web apps. Many of the sites most people use everyday would be completely impossible without client side scripting. I wish that scripting would be done in something that doesn't suck as hard as javascript, but that's neither here nor there.

  17. Re:That's not actually criminal by Kaenneth · · Score: 3

    But it's not rape if there is consent, given by passing through the door...

    That's EULA logic, right?

  18. Re:That's not actually criminal by Dunbal · · Score: 1

    Yeah, try it on a judge. Let me know how it went.

    --
    Seven puppies were harmed during the making of this post.
  19. Oh well.. by aliquis · · Score: 1

    it's that or those damn flash ads using up all my computer resources anyway.

    May just as well at least get rid of the ads =P

  20. Re:phone miners? ya right by Phil+Urich · · Score: 1

    But tens or hundreds of thousands of phone miners would. Finally, a step #2 for the classic 1. Hack big company's website 2. ??? 3. Profit! And considering how bloated most big companies' websites are, nobody would even notice.

    --
    I remember sigs. Oh, a simpler time!
  21. "I don't think these guys are very bright" by tepples · · Score: 1
    Anonymous Coward predicted that a web site with a hidden Bitcoin miner might use language like this to get users to run it:

    "Kittens vs. Zombies 3 requires WebGL to function. Please enable or switch to a different browser to continue."

    For one thing, iPad and Surface users can't just "enable or switch to a different browser" without dropping hundreds of dollars on hardware that runs a less-closed operating system. For another, users would react to something that doesn't work in their preferred browser by thinking "I don't think these guys are very bright" and clicking away, if iamhassi's comment is any indication.

  22. Stupid summary, what about this "Chess Record"? by complete+loony · · Score: 2

    I mean it's in the title, got me all interested. Then I read the summary and it's all about a stupid approach to bitcoin mining. So what was this "Chess Record" they were talking about? You expect me to RTFA for that?

    --
    09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    1. Re:Stupid summary, what about this "Chess Record"? by Anonymous Coward · · Score: 1

      Nothing to do with chess.
      Just solving the N-queens problem for a larger N than ever solved before. Yawn.

  23. The Future of Web 3.0 (or whatever version) by reluctantjoiner · · Score: 1

    I like this idea, except it would probably have to use something where mining takes "less work", otherwise, as AC pointed out below, you'd have to have millions of users just to get epsilon money.

    But if you make mining easier, then everyone else pulls out their old mining rigs and exhausts the supply of coins that much quicker. Unless you build a large amount of inflation into the system, or put an expiry on the coins.

    It would be nice if distributed problems had a standard value. (E.g. The solution to this protein folding problem is worth $1, incidentally giving the currency an intrinsic value). Then some one like Google could distribute the problems ("DistWords"), and website operators would collect the revenue of solved problems.

    --
    Plan My Week for iPhone
  24. Re:phone miners? ya right by ninlilizi · · Score: 1

    Not unless a radical new battery technology becomes ubiquitous first.
    People would notice when their devices are bled dry in the time it takes to find what they want on the site.

  25. CrowdProcess is doing this by goncalopp · · Score: 1

    There a startup named CrowdProcess doing something similar. Their business plan is to pay websites to include their javascript, and sell the computation time to developers. This way, the websites can cover hosting costs without resorting to ads.

  26. Ha Ha... by rthille · · Score: 1

    I posted just this idea on one of the bitcoin stories recently.

    --
    Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
  27. Mining Bitcoins is so over by Animats · · Score: 1

    Mining Bitcoins is over. Doing it with an ordinary CPU is hopeless. Doing it with a GPU barely pays for the power consumption. Doing it with FPGA hardware still sort of works, but not for much longer. Doing it with ASICs requires dealing with slimeballs who insist you pre-pay for hardware and deliver months later, if at all.

    Remember, more than half the Bitcoins that can exist have already been mined, and it gets steadily harder.

    Stealing other people's GPU cycles has a track record of success. But it's hard to do that from JavaScript.

  28. Re:phone miners? ya right by Tyler+Eaves · · Score: 1

    Not really profit. Considering you'd need MILLIONS of javascript miners to equal a single ASIC miner.

    --
    TODO: Something witty here...
  29. It's still unethical by Fred+Ferrigno · · Score: 2

    Whenever you visit any web page with Javascript enabled, you are inherently agreeing to execute some code on your system.

    Just because you tricked the user into running your code doesn't mean it's OK to do whatever you want with their system. Users would never agree to run such code if they knew what it did ahead of time. If your software relies on lazy users who don't understand what they're agreeing to, then congratulations, you're a malware author.

  30. No by YuppieScum · · Score: 1

    We never do that...

    --
    This sig left unintentionally blank.
  31. Already Happening by Flere+Imsaho · · Score: 1

    The ZeroAccess botnet is known to be mining BTC. I've seen estimates of 1-3 million USD worth mined each year. Mind you, difficulty has gone up a lot since I saw that.
    http://en.wikipedia.org/wiki/ZeroAccess_botnet

    --
    It gripped her hand gently. 'Regret is for humans,' it said.
  32. Re:Crooks definition by socceroos · · Score: 1

    That is pretty bad, because you're going to have a hard time 'proving' all your money and belongings are yours rightfully. However, I'd say this Australian one is a little bit worse because it is a proactive law. This Swedish law you refer to sounds like it 'could' be used against you should the government decide to. However, the new Australian law is proactive, they are actually taking your 'unused' money right now, no questions asked.

  33. Re: Crooks definition by Nikker · · Score: 1

    It shouldn't be that hard proving the house and car are yours.

    --
    A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
  34. Re:Slashdot Against Bitcoin? by witherstaff · · Score: 1

    I agree. Real geeks should know that bitcoins aren't worth doing CPU mining. Litecoin is the place for that until all the GPU bitcoin miners move over to LTC.

  35. Didn't we learn this is a stupid idea? by zAPPzAPP · · Score: 1

    This idea is not exactly a new one.

    Just recently there was that thing:
    http://www.cbc.ca/news/technology/story/2013/05/02/technology-esea-bitcoin-mining.html

    The efficiency is so bad, coupled with expected user backlash, it is a dangerous joke at best.

  36. What about botnets? by smutt · · Score: 2

    Why not just purchase a botnet? It's cheaper and easier than getting millions of people to visit a website. And you don't have to limit yourself to JS.

    --
    The Information Revolution will be fought on the command line.
    1. Re:What about botnets? by gl4ss · · Score: 1

      because then you wouldn't have an article about an idea everyone had years ago.

      --
      world was created 5 seconds before this post as it is.
    2. Re:What about botnets? by sociocapitalist · · Score: 1

      Why not just purchase a botnet? It's cheaper and easier than getting millions of people to visit a website. And you don't have to limit yourself to JS.

      Presumably buying a botnet is more expensive than the gain from the mining you would realize with it.

      --
      blindly antisocialist = antisocial
  37. Chess, anyone? by xded · · Score: 2

    Came here for the "chess world record" mentioned in TFT and didn't find a single word about it, neither in TFS nor in TFCs... Did anyone realize how this article is actually about a bunch of guys parallelizing the eight queens puzzle, running it first on anything from browsers to Blackberrys, then porting it to Hadoop, and on the way to break the world record computing the number of solutions for a chess board of 27x27 tiles?

    TFA mentions the word "bitcoin" in the last 2 paragraphs out of 23, and everybody goes crazy about it. Welcome to Slashdot 2013.

  38. 1 / 1000 efficiency by grimJester · · Score: 1

    Yeah, I pulled that number out of my ass, but it's probably not far from the truth. A web giant like Google implementing this on all their sites would probably make an MW worth of profit ($50 an hour?) and waste a GW of electricity worldwide.

    1. Re:1 / 1000 efficiency by ikaruga · · Score: 1

      Not their electricity, not their problem.
      I think the risk of bad publicity and potential lawsuits, from both users and governments, is just not worth it.

  39. Use it For Good by connor4312 · · Score: 1

    Now, if something like this could be used for... real... projects, like Rosetta@Home or other good BOINC projects, they could potentially do some real good.

  40. Re:That's not actually criminal by Anonymous Coward · · Score: 1

    It is EULA logic.

    EULA's mean shit all, at least here in the UK.

    Here, a contract is deemed illegal if it's unfair. It's extremely difficult to prove the fairness of a contract that is written and "signed" prior to money changing hands.

    Even if the only terms in the contract were "1. we hope you enjoy our product and expect that you tell your friends about it if you do enjoy it" there's absolutely jack the company can do to me if I do enjoy the product but remain silent.

    Explain that to me at time of purchase and I'd be considered liable.

  41. No it most definitely could not, this is BS by slashmydots · · Score: 1

    For the last fucking time (hopefully) CPUs and even ideal advanced GPUs like the king of them all, the Radeon 5830 STILL CANNOT MATCH THE NEW ASICs. Normal computers (and TVs and phones) cannot effectively mine bitcoins anymore. You could mine on my i5-2400 24/7 for an entire year straight and come up a couple dollars. Unless anyone has an ASIC miner, they could control 100,000 computers and run them at a nice and undetectable 25% indefinitely and make a tiny, tiny amount of money.

    1. Re:No it most definitely could not, this is BS by neminem · · Score: 1

      Um. I have no idea of the actual math behind running bitcoin miners on different computers, but if you could mine a couple dollars on your computer if you ran it for a year, then if you ran 100,000 computers you'd get a couple hundred thousand dollars a year. If a couple hundred thousand dollars a year is a "tiny, tiny amount of money" to you... could you send me a tiny, tiny amount of money?

  42. Benefit of doubt by tepples · · Score: 1

    WebGL might allow you to access the raw frames being displayed by the video card.

    In other words: it's Microsoft's desire to suck the dick of the RIAA that's behind it.

    I'd be inclined to give Microsoft the benefit of the doubt that someone might be displaying a confidential document on half of a 1920x1080 monitor and a web page on the other half, and the user doesn't want the web page to be able to "steal" the user's employer's trade secrets.