Ubuntu Ethereum private chain
Publish: 2021-05-17 00:11:05
1. Minerhub's wondermole system is a "diskless" mining system based on Linux kernel, which is deeply customized for miners' friends
solve the problem in an all-round way
1. Miracle Moore's Linux kernel has been deeply optimized for more than 200 times to avoid the problem that some hardware failures will directly lead to system crash
2. In view of the situation that many mining software in the market can't connect to the mining pool after restart, miracle Moore perfectly solves the problem by using the function of resetting the image after each restart of the mining machine
3. After testing, the average computing power error and delay share of miracle Moore system in each mine pool are not more than 1.5%, which significantly improves the mining revenue of users
4. After numerous experiments, miracle Moore development team has obtained the optimized VBIOS overclocking setting of graphics card. Compared with the traditional overclocking method, it can further improve the computing power of graphics card by 5% and rece the power consumption by 15%!
solve the problem in an all-round way
1. Miracle Moore's Linux kernel has been deeply optimized for more than 200 times to avoid the problem that some hardware failures will directly lead to system crash
2. In view of the situation that many mining software in the market can't connect to the mining pool after restart, miracle Moore perfectly solves the problem by using the function of resetting the image after each restart of the mining machine
3. After testing, the average computing power error and delay share of miracle Moore system in each mine pool are not more than 1.5%, which significantly improves the mining revenue of users
4. After numerous experiments, miracle Moore development team has obtained the optimized VBIOS overclocking setting of graphics card. Compared with the traditional overclocking method, it can further improve the computing power of graphics card by 5% and rece the power consumption by 15%!
2. This needs to be recharged, but we must pay attention to the risk. This chain is not particularly mainstream. It may be the capital disk or counterfeit currency.
3. Wait, Ethereum is a public chain. Do you mean the token issued above? You can set the total amount
4. Build / env.sh go run build / ci.go install. / CMD / geth
make: * * [geth] error 1
there is no such directory, or the directory has insufficient permissions
make: * * [geth] error 1
there is no such directory, or the directory has insufficient permissions
5. The degree of decentralization of public chain. This kind of public blockchain, represented by bitcoin and Ethereum, is not controlled by a third party. All people in the world can read the data records on the chain, participate in transactions and compete for the bookkeeping rights of new blocks
program developers have no right to interfere with users, and each participant (i.e. node) can freely join and exit the network, and carry out relevant operations according to their wishes
private blockchain is on the contrary. The write permission of the network is fully controlled by an organization or institution, and the data read permission is regulated by the organization, either open to the outside world or with a certain degree of access restrictions
in short, it can be understood as a weakly centralized or multi centralized system. Because the participating nodes are strictly limited and few; Compared with public chain, private chain has shorter time to reach consensus, faster transaction speed, higher efficiency and lower cost
the alliance chain is a blockchain between the public chain and the private chain, which can realize "partial decentralization"
each node in the chain usually has its corresponding entity or organization; Participants join the network through authorization and form a stakeholder alliance to jointly maintain the operation of the blockchain.
program developers have no right to interfere with users, and each participant (i.e. node) can freely join and exit the network, and carry out relevant operations according to their wishes
private blockchain is on the contrary. The write permission of the network is fully controlled by an organization or institution, and the data read permission is regulated by the organization, either open to the outside world or with a certain degree of access restrictions
in short, it can be understood as a weakly centralized or multi centralized system. Because the participating nodes are strictly limited and few; Compared with public chain, private chain has shorter time to reach consensus, faster transaction speed, higher efficiency and lower cost
the alliance chain is a blockchain between the public chain and the private chain, which can realize "partial decentralization"
each node in the chain usually has its corresponding entity or organization; Participants join the network through authorization and form a stakeholder alliance to jointly maintain the operation of the blockchain.
6. Yes, but it is better to use overseas servers. In addition, the server configuration should be medium or above.
7. Public chain: refers to the blockchain that anyone in the world can access to the system at any time to read data, send confirmatory transactions and compete for bookkeeping. For example: bitcoin, Ethereum
private chain: refers to the blockchain whose write permission is controlled by an organization and institution, and the qualification of participating nodes will be strictly limited
alliance chain: refers to a blockchain with several institutions participating in the management. Each institution runs one or more nodes. The data only allows different institutions in the system to read, write and send transactions, and record transaction data together
alliance chain is a relatively new way to apply blockchain technology to enterprises. The public chain is open to all, while the private chain usually only provides services for one enterprise. The alliance chain has more restrictions than the public chain, and usually provides services for the cooperation among multiple enterprises
the difference between alliance chain and public chain is that it requires prior permission. Therefore, not everyone with an Internet connection can access the alliance blockchain. Alliance chain can also be described as semi decentralized. The control of alliance chain is not granted to a single entity, but to multiple organizations or indivials
for alliance chain, consensus process may be different from public chain. The consensus participants of the alliance chain may be a group of pre approved nodes on the network, rather than anyone can participate in the process. Alliance chain allows more control over the network
when it comes to the advantages of alliance chain:
first of all, alliance chain is completely controlled by a specific group, but it is not monopoly. When each member agrees, this control can establish its own rules
secondly, it has greater privacy, because the information used to verify the block will not be disclosed to the public, and only alliance members can process the information. It creates greater trust and confidence for platform customers
finally, compared with the public blockchain, the alliance chain has no transaction costs and is more flexible. A large number of verifiers in public blockchain lead to the trouble of synchronization and mutual protocol. Usually this divergence will lead to bifurcation, but the alliance chain will not
alliance chain technology can be used to optimize the business process of most traditional information systems, especially for business scenarios without strong center, multi-party cooperation and controllable risk. The shared ledger mechanism of alliance chain can greatly rece the reconciliation cost, improve the efficiency of data acquisition, increase the fault tolerance, consolidate the trust foundation, and avoid malicious fraud
with the continuous development of blockchain technology, more and more institutions and enterprises begin to increase the research and application of blockchain. Compared with the public chain, the alliance chain has better landing, and has been supported by many enterprises and the government
alliance chain can be understood as a kind of distributed ledger established by internal institutions to meet the needs of specific instries. This account book is open and transparent to internal institutions. However, if there are relevant business needs and the data of this account book is modified, it is still necessary to join the smart contract
smart contract is a kind of computer protocol which aims to disseminate, verify or execute contracts in an information way. Smart contracts allow trusted transactions without a third party, which are traceable and irreversible
generally speaking, the current mainstream architecture of alliance chain intelligent contract is: system contract + business contract
system contract: the configuration is completed before the node is started. It is generally used for system management (such as bcos precompiled contract (permission management, naming management, etc.), and it is written by the project side, with high security
Business Contract: it is written according to the actual business and needs to be deployed. It is similar to the public chain smart contract. It is written by the general internal organization participants and needs to comply with certain requirements. The security is general< However, there are still security risks in the following aspects:
(1) code language security features
one is to continue to use the main stream public chain programming language and improve on it (such as: the solidness used by bcos), The other is to specify the corresponding smart contract mole (such as fabric's go / Java / node. JS) based on the general programming language. No matter what language is used to program the smart contract, there are security problems in its corresponding language and related contract standards< (2) integer overflow caused by contract execution: no matter which virtual machine is used to execute the contract, all kinds of integer types have corresponding storage width. When trying to save data beyond this range, the signed number will overflow
stack overflow: when there are too many method parameters and local variables defined and the bytes are too large, the program may have errors
denial of service attack: it mainly involves the alliance chain that consumes resources to execute the contract, and the corresponding transaction cannot be completed e to the exhaustion of resources
(3) contract security problems caused by system mechanism
here mainly refers to the alliance chain of Multi Chain Architecture:
if the generation of contract variables depends on uncertain factors (such as the time stamp of this node) or a variable that is not persistent in the ledger, the transaction verification may fail because the reading and writing sets of the variable of each node are different
global variables are not stored in the database, but in a single node. Therefore, if this kind of node fails or restarts, it may cause the global variable value to be no longer consistent with other nodes, and affect node transactions. Therefore, data read, written or returned from the database should not depend on global state variables
when calling the contract of the external chain in the multi chain structure, only the return result of the called chain code function may be obtained, and no transaction will be submitted in any form in the external channel
when a contract accesses external resources, it may expose unexpected security risks of the contract and affect the chain code business logic
(4) business security issues
the smart contract of alliance chain is to complete a business requirement and execute a business, so there may still be security risks in business logic and business implementation, such as function permission mismatch, unreasonable input parameters, and improper exception handling
our suggestions on alliance chain security are as follows:
(1) simplify the design of smart contract to achieve the balance between function and security
(2) strictly implement smart contract code audit (self-evaluation / project team review / tripartite audit)
(3) strengthen the security training for smart contract developers
(4) implement the application of blockchain, It needs to be promoted step by step, from simple to complex. In this process, we should constantly comb the contract and platform related functions / security attributes
(5) consider the idea of devsecops (development + Security + operations)
chain platform security includes: transaction security, consensus security, account security, compliance, RPC security, endpoint security, P2P security, etc
hackers attack alliance chain by means of internal threats, DNS attacks, MSP attacks, 51% attacks, etc
take MSP attack as an example: MSP is the abbreviation of membership service provider in fabric alliance chain. It is a component that provides an abstract member operation framework. MSP abstracts all cryptographic mechanisms and protocols behind the issuance and verification of certificates and user authentication. An MSP can define its own identity, as well as identity management (authentication) and authentication (generation and verification of signatures) rules< Generally speaking, attacks against MSP may exist in the following aspects:
(1) internal threats: a) the current version of MSP allows single certificate control, that is, if an insider holds a certificate that can manage MSP, he can configure the fabric network, such as adding or revoking access rights, Adding identity to CRL (essentially blacklisted identity), too centralized management may lead to security risks. b) If there are sensors and other Internet of things devices connected to the alliance chain, it may spread false information to the chain, and because the sensor itself may not support perfect security protection, it may lead to further attacks
(2) private key leakage, the certificate file of node or sensor is generally stored locally, which may lead to private key leakage, and then lead to witch attack, man in the cloud attack, etc.
(3) DNS attack: when creating a new participant's identity and adding it to MSP, DNS attack may occur in any case. The process of creating certificates to blockchain members may be attacked in many places, such as man in the middle attack, cache poisoning, DDoS. An attacker can convert a simple DNS query into a larger payload, causing DDoS attacks. Similar to Ca attacks, this attack results in certificate tampering and / or theft, such as the permissions and access rights that some blockchain members will have. Sensor networks are particularly vulnerable to DDoS attacks. Smart city is not only faced with the weakness of sensor networks against DDoS attacks, but also the challenge of blockchain system< (4) Ca attack: digital certificate and identity are very important to the operation of MSP. Hyperledger fabric allows users to choose how to run a certification authority and generate encrypted materials. Options include fabric Ca, process built by hyperledger fabric, cryptogen contributors, and own / third party ca. The implementation of these CAS has its own defects. Cryptogen generates all the private keys in a centralized location, which are then fully and securely copied by the user to the appropriate host and container. This facilitates private key disclosure attacks by providing all private keys in one place. In addition to the weakness of the implementation, the whole MSP and the membership of the blockchain run on the Ca, and have the ability to trust that the certificate is valid, and the certificate owner is what they call the identity. If the attack on well-known third-party CA is executed successfully, the security of MSP may be damaged, resulting in forged identity. Another weakness of Ca in hyperledger fabric is how they are implemented in MSP. MSP needs at least one root Ca, and can support as root Ca and intermediate CA as needed. If the root CA certificate is attacked, all certificates issued by the root certificate will be affected
Cheng chain security has launched the alliance chain security solution. With the development of alliance chain ecology, in 2020, Cheng chain security has cooperated with multi provincial network information office to conct multi-level security audit on the alliance chain system of local government, enterprises and institutions from the bottom of the chain to the application layer, and found the loopholes and weaknesses of the alliance chain system with multiple scenarios, multiple applications and multiple forms and its supporting systems
in addition, Cheng Lianan has cooperated with ant blockchain to join the open alliance chain as the first batch of nodes selected by ant blockchain. We will give full play to security technology, service and market
private chain: refers to the blockchain whose write permission is controlled by an organization and institution, and the qualification of participating nodes will be strictly limited
alliance chain: refers to a blockchain with several institutions participating in the management. Each institution runs one or more nodes. The data only allows different institutions in the system to read, write and send transactions, and record transaction data together
alliance chain is a relatively new way to apply blockchain technology to enterprises. The public chain is open to all, while the private chain usually only provides services for one enterprise. The alliance chain has more restrictions than the public chain, and usually provides services for the cooperation among multiple enterprises
the difference between alliance chain and public chain is that it requires prior permission. Therefore, not everyone with an Internet connection can access the alliance blockchain. Alliance chain can also be described as semi decentralized. The control of alliance chain is not granted to a single entity, but to multiple organizations or indivials
for alliance chain, consensus process may be different from public chain. The consensus participants of the alliance chain may be a group of pre approved nodes on the network, rather than anyone can participate in the process. Alliance chain allows more control over the network
when it comes to the advantages of alliance chain:
first of all, alliance chain is completely controlled by a specific group, but it is not monopoly. When each member agrees, this control can establish its own rules
secondly, it has greater privacy, because the information used to verify the block will not be disclosed to the public, and only alliance members can process the information. It creates greater trust and confidence for platform customers
finally, compared with the public blockchain, the alliance chain has no transaction costs and is more flexible. A large number of verifiers in public blockchain lead to the trouble of synchronization and mutual protocol. Usually this divergence will lead to bifurcation, but the alliance chain will not
alliance chain technology can be used to optimize the business process of most traditional information systems, especially for business scenarios without strong center, multi-party cooperation and controllable risk. The shared ledger mechanism of alliance chain can greatly rece the reconciliation cost, improve the efficiency of data acquisition, increase the fault tolerance, consolidate the trust foundation, and avoid malicious fraud
with the continuous development of blockchain technology, more and more institutions and enterprises begin to increase the research and application of blockchain. Compared with the public chain, the alliance chain has better landing, and has been supported by many enterprises and the government
alliance chain can be understood as a kind of distributed ledger established by internal institutions to meet the needs of specific instries. This account book is open and transparent to internal institutions. However, if there are relevant business needs and the data of this account book is modified, it is still necessary to join the smart contract
smart contract is a kind of computer protocol which aims to disseminate, verify or execute contracts in an information way. Smart contracts allow trusted transactions without a third party, which are traceable and irreversible
generally speaking, the current mainstream architecture of alliance chain intelligent contract is: system contract + business contract
system contract: the configuration is completed before the node is started. It is generally used for system management (such as bcos precompiled contract (permission management, naming management, etc.), and it is written by the project side, with high security
Business Contract: it is written according to the actual business and needs to be deployed. It is similar to the public chain smart contract. It is written by the general internal organization participants and needs to comply with certain requirements. The security is general< However, there are still security risks in the following aspects:
(1) code language security features
one is to continue to use the main stream public chain programming language and improve on it (such as: the solidness used by bcos), The other is to specify the corresponding smart contract mole (such as fabric's go / Java / node. JS) based on the general programming language. No matter what language is used to program the smart contract, there are security problems in its corresponding language and related contract standards< (2) integer overflow caused by contract execution: no matter which virtual machine is used to execute the contract, all kinds of integer types have corresponding storage width. When trying to save data beyond this range, the signed number will overflow
stack overflow: when there are too many method parameters and local variables defined and the bytes are too large, the program may have errors
denial of service attack: it mainly involves the alliance chain that consumes resources to execute the contract, and the corresponding transaction cannot be completed e to the exhaustion of resources
(3) contract security problems caused by system mechanism
here mainly refers to the alliance chain of Multi Chain Architecture:
if the generation of contract variables depends on uncertain factors (such as the time stamp of this node) or a variable that is not persistent in the ledger, the transaction verification may fail because the reading and writing sets of the variable of each node are different
global variables are not stored in the database, but in a single node. Therefore, if this kind of node fails or restarts, it may cause the global variable value to be no longer consistent with other nodes, and affect node transactions. Therefore, data read, written or returned from the database should not depend on global state variables
when calling the contract of the external chain in the multi chain structure, only the return result of the called chain code function may be obtained, and no transaction will be submitted in any form in the external channel
when a contract accesses external resources, it may expose unexpected security risks of the contract and affect the chain code business logic
(4) business security issues
the smart contract of alliance chain is to complete a business requirement and execute a business, so there may still be security risks in business logic and business implementation, such as function permission mismatch, unreasonable input parameters, and improper exception handling
our suggestions on alliance chain security are as follows:
(1) simplify the design of smart contract to achieve the balance between function and security
(2) strictly implement smart contract code audit (self-evaluation / project team review / tripartite audit)
(3) strengthen the security training for smart contract developers
(4) implement the application of blockchain, It needs to be promoted step by step, from simple to complex. In this process, we should constantly comb the contract and platform related functions / security attributes
(5) consider the idea of devsecops (development + Security + operations)
chain platform security includes: transaction security, consensus security, account security, compliance, RPC security, endpoint security, P2P security, etc
hackers attack alliance chain by means of internal threats, DNS attacks, MSP attacks, 51% attacks, etc
take MSP attack as an example: MSP is the abbreviation of membership service provider in fabric alliance chain. It is a component that provides an abstract member operation framework. MSP abstracts all cryptographic mechanisms and protocols behind the issuance and verification of certificates and user authentication. An MSP can define its own identity, as well as identity management (authentication) and authentication (generation and verification of signatures) rules< Generally speaking, attacks against MSP may exist in the following aspects:
(1) internal threats: a) the current version of MSP allows single certificate control, that is, if an insider holds a certificate that can manage MSP, he can configure the fabric network, such as adding or revoking access rights, Adding identity to CRL (essentially blacklisted identity), too centralized management may lead to security risks. b) If there are sensors and other Internet of things devices connected to the alliance chain, it may spread false information to the chain, and because the sensor itself may not support perfect security protection, it may lead to further attacks
(2) private key leakage, the certificate file of node or sensor is generally stored locally, which may lead to private key leakage, and then lead to witch attack, man in the cloud attack, etc.
(3) DNS attack: when creating a new participant's identity and adding it to MSP, DNS attack may occur in any case. The process of creating certificates to blockchain members may be attacked in many places, such as man in the middle attack, cache poisoning, DDoS. An attacker can convert a simple DNS query into a larger payload, causing DDoS attacks. Similar to Ca attacks, this attack results in certificate tampering and / or theft, such as the permissions and access rights that some blockchain members will have. Sensor networks are particularly vulnerable to DDoS attacks. Smart city is not only faced with the weakness of sensor networks against DDoS attacks, but also the challenge of blockchain system< (4) Ca attack: digital certificate and identity are very important to the operation of MSP. Hyperledger fabric allows users to choose how to run a certification authority and generate encrypted materials. Options include fabric Ca, process built by hyperledger fabric, cryptogen contributors, and own / third party ca. The implementation of these CAS has its own defects. Cryptogen generates all the private keys in a centralized location, which are then fully and securely copied by the user to the appropriate host and container. This facilitates private key disclosure attacks by providing all private keys in one place. In addition to the weakness of the implementation, the whole MSP and the membership of the blockchain run on the Ca, and have the ability to trust that the certificate is valid, and the certificate owner is what they call the identity. If the attack on well-known third-party CA is executed successfully, the security of MSP may be damaged, resulting in forged identity. Another weakness of Ca in hyperledger fabric is how they are implemented in MSP. MSP needs at least one root Ca, and can support as root Ca and intermediate CA as needed. If the root CA certificate is attacked, all certificates issued by the root certificate will be affected
Cheng chain security has launched the alliance chain security solution. With the development of alliance chain ecology, in 2020, Cheng chain security has cooperated with multi provincial network information office to conct multi-level security audit on the alliance chain system of local government, enterprises and institutions from the bottom of the chain to the application layer, and found the loopholes and weaknesses of the alliance chain system with multiple scenarios, multiple applications and multiple forms and its supporting systems
in addition, Cheng Lianan has cooperated with ant blockchain to join the open alliance chain as the first batch of nodes selected by ant blockchain. We will give full play to security technology, service and market
8. Unknown_Error
9. Yes, I've made a lot of money. As long as I insist on playing, the more active I am, the more I can make money every month. Moreover, it's a free game, with added value and unlimited income
Hot content