
Javascript Bitcoin Miner - pizza
http://forum.bitcoin.org/index.php?topic=9042.0
======
cookiecaper
It is bad to use a bunch of the user's CPU without any notice. They will
probably notice that your site makes their computer slow and never come back
again. Also, once they find out you've been using their CPU
power/electricity/battery life surreptitiously for private, unshared gain, you
will probably have some angry customers.

Additionally, does this automatically hook in to slush's pool or something?
Bitcoin mining is practically useless on CPU; even the fastest CPUs out get
way, way less than 10mhash. The average length of time to find a block at
9999khash and current difficulty is 1200+ days, so even that estimate is over-
optimistic, so this isn't worth anything if your users don't sit on your site
for 5 years+, unless it's hooked into a pool or some other contraption to pay
on shares instead of blocks.

~~~
Groxx
Interestingly, from post #9:

    
    
      Chrome13-canary: ~15.2k/s
      FF4: ~6.4k/s
      Safari5: ~6.2k/s
      IE9: ~1.6k/s
    

So yeah, massively massively slower than regular GPU mining. Anyone know of a
way to push WebGL into doing hashing functions, and reading the results out?

~~~
trotsky
Cribbing from post #35:

 _And you come to a total of 21,600,000 unique visitors per day that you would
need to your website in order to hash the equivalent of a $100 GPU.

Or make about $8 per day according to the bitcoin calculator right now from 21
million unique visitors.... totally not worth it._

So, yeah. Significantly crapping on the user experience of 21M people by
reducing their battery life, adding heat, adding fan noise, slowing down other
actions - all to substitute for one gpu?

It seems like there must be better ways to ruin your high traffic websites
reputation if that's what you're looking to do.

------
kristiandupont
Regarding angry visitors, I think it is completely fair if you just inform
them of what is going on.

In a way, this is the perfect internet model: I offer my content for free but
visitors pay me with cpu cycles. It's superior to the ad-model because it pays
according to time spent on the page regardless of who the audience is.

It's too bad that it's infeasible because of the very low rate.

~~~
nodata
Why does time spent on the page matter?

~~~
whatusername
It corelates to value derived from the page.

SO the people I deliver the most value to, I extract the most value from. //
WIth an added bonus that I recieve more value from the people with more
expensive computers (aka the wealthier viewers)

~~~
nodata
I don't see how the time spent on a page correlates to value for the reader.
If I read faster or slower than someone else and spend less or more time on
the page, it doesn't change the value provided to me by the article.

~~~
mtinkerhess
On the other hand, if a site provides more value to a visitor, they are more
likely to keep spending more time on the site.

------
pygy_
Going meta:

I've seen in the last few weeks apparently relevant and polite posts that had
been flagged dead[1]. One of these was a post by jashkenas in a CoffeeScrit
thread. This one could hardly have been more on topic.

Is there a new moderation policy, or is it a bot with a happy trigger?

[1] In this thread, <http://news.ycombinator.com/item?id=2566826> , a post by
jhuckestein, and <http://news.ycombinator.com/item?id=2566797> by csomar.

~~~
trotsky
I'd be curious to know the answer to this too - I've seen an increase of "one
off" seemingly acceptable posts being flagged dead, and browsing their post
history it wasn't cases where they were set to auto-dead.

------
HardyLeung
Javascript is way too slow compared to GPU, by at least a factor of 1000 or
more. If you have 1M daily unique visitor and you manage to "steal" 10 CPU
seconds from each of them, the amount of work would be equivalent to 1e6 * 10
/ 1000 = 10000 seconds which is about 2.8 hours of one dedicated GPU-based
mining machine.

~~~
rudiger
Actually, regular CPU miners are nearly 1,000 times slower than GPU miners. I
wouldn't be surprised if a JavaScript miner was several orders of magnitude
slower than _that_ (ie. a million times slower than GPU miners).

What about using gamers' excess GPU to mine Bitcoins in an installable
massively-multiplayer game? Is anyone trying this?

~~~
vabole
I wonder when will the bitcoin mining viruses appear. If done stealthily they
could use spare resources and fall back when other GPU/CPU intensive task is
launched. Such virus could be quite profitable if it spread widely enough.

~~~
Groxx
And easily detectable by owning a laptop (that burning sensation isn't a UTI)
or having fans in your computer (harder to tell if you live near an airport).

------
ck2
You need a year's worth of 3ghz dual core cpu power to make 50 bitcoins.

This is some impressive code but not practical.

And I don't think visitors are going to like you maxing out their cpu.

~~~
seanalltogether
I know plenty of women who spends hours a day playing casual games, if you
embedded a bitcoin miner into a free facebook game you might be able to
generate some decent revenue while they play.

~~~
rudiger
Why not embed a Bitcoin miner in a regular, installable MMO game and use their
_GPU_? A single gamer's GPU could be worth more than thousands of casual
gamers' browsers. Also, MMO gamers can be just as "dedicated". Bonus points
for using Bitcoins as an in-game currency.

~~~
Groxx
Now _that_ is an idea. Make it a casual game, though, so the GPU use of the
game is minimal, maximizing the mining GPU cycles. MMO & other often-graphics-
heavy gamers tend to be a bit fussy about framerates.

~~~
regularfry
Unfortunately, the people who are going to spend a lot of time playing casual
games and the people with chunky GPUs are (in my opinion) not likely to
overlap very much.

~~~
Groxx
Good point. Though even cheap modern cards have a decent amount of horsepower
- the main cost-cutting is shared memory, which doesn't play much of a role in
mining. I can mine close to 1/10th of a coin (on Slush's pool) overnight on my
laptop; multiply that by a few thousand, accounting for only gaming time, and
it's a not-insignificant source of income without even getting very large. 1
block / 50 coins are worth a few hundred US$ right now, and it's entirely
passive on the receiving end.

------
vegai
Great. So now we will have to start blocking Javascript code from sites we
don't trust.

~~~
wladimir
I've been doing this for a long time with the Ghostery firefox plugin. It
blocks all kinds of trackers and other dubious stuff.

------
Klonoar
Neat! Distributed computing with JS is an awesome tech trick, some friends and
I did something similar back during Node Knockout (MapRejuice:
<https://github.com/ryanmcgrath/maprejuice>).

Curious to see what you guys think of the ethical side of it though - do you
let this run on mobile, etc? This will almost definitely cause extra battery
drain on mobile devices, you think it's fine to have this happen without user
consent? ;)

~~~
dave1010uk
BitCoin mining could replace banner ads. I have Flash on my mobile, which
often uses lots of CPU usage for ads. You could argue this is the same.

~~~
Klonoar
Yeah, you could argue this... and then we could just point out that Jobs & co
are right, and Flash has been a battery hog since the dawn of time. This is a
reason why the iPhone can be so performant; you're arguing that it's perfectly
acceptable to degrade the otherwise shockingly good performance of a mobile
device when it can be avoided entirely.

Flash needs to stay out of this argument, as at the end of the day it's still
a real _ethical_ question - how much CPU are you realistically allowed to take
and continually use from a user visiting your page?

------
motters
If there is a Bitcoin bubble you can be sure that there will be people doing
things like this, regardless of whether it's ethical or not. From the site
visitor's point of view they're not getting a cut of the mined coins, so their
high CPU usage is purely a waste and annoyance. If widely deployed, this sort
of browser based CPU wasting enterprise could bring Bitcoin into disrepute and
be an excuse for governments to treat it as a cyber-threat.

~~~
AffableSpatula
banner ads are also, on the whole, a waste and annoyance; so not much of a
change there

It is probably fair to say most people don't care all that much provided their
user experience is not noticeably impacted, but it looks like this work is
failing to deliver in that respect. If they manage to throttle CPU usage
effectively then this is at least a semi-feasible alternative to "monetizing"
traffic.. I find that quite interesting conceptually, even if it doesn't work
in practice at the moment.

~~~
motters
I suppose it's a question of degree. If not too much CPU resource is consumed
then perhaps it is an acceptable way to monetize web sites - although this
would only work for high traffic sites, and would become less lucrative over
time. There is a bit of a moral hazard though, in that it would be in the
interest of the host to consume as much client CPU resource as possible,
without rendering their browsing experience too unpleasant.

------
yatsyk
Idea for browser extension: display warning icon if tab uses all cpu.

~~~
pbhjpbhj
So what you're saying is that my FF has being doing this for the last 7 years
...

------
paulirish
The source of their miner: <http://dpaste.com/hold/544515/>

It actually starts up a web worker with the exact same file and communicates
with itself back and forth, the browser version to the worker version. Not the
first time this technique has been used but it's still pretty new.

------
tlrobinson
Cute, but this is hardly worthwhile unless you have a massive number of users,
in which case you probably don't want to piss them off by wasting their CPUs.

I'm getting about 13K hashes/sec with this JavaScript miner. For comparison,
my GPU gives me _100M hashes/sec_ , and even my 12 CPU cores give me 10M
hashes/sec with the official Bitcoin client.

So you'd need about 1000 concurrent users at all times to match a single
machine. EngineYard SHA1 contestants who used this approach had the same
problem.

Now, if Native Client was widely deployed, or you could somehow rig up
WebGL...

~~~
omarchowdhury
Which GPU do you have?

------
mikegagnon
PluraProcessing.com pays site owners to farm out computations to their
clients. According to PP, site owners can make about $2.60/month/user. The
major catch is that the system only works well when visitors have long visit
durations (e.g. web-based video games). I presume PP necessitates long visit-
durations because short visits won't yield enough computational resources to
make computations economical.

------
rgbrgb
Very interested to see if this could actually be an alternative to ad revenue.

~~~
zbanks
Using <http://www.alloscomp.com/bitcoin/calculator.php> :

On my computer (netbook running Chrome in Ubuntu), bitp.it clocks at
2.2khash/sec. Using this, I'll give 2000hash/sec/user as a conservative
estimate.

If you had 1M daily visits, averaging about 1 minute of interaction (high, but
assuming you have long-form content), you'd have 12000Mhash/day, or about
2.77Mhash/sec.

Plugging this in with current rates, this ends up being $0.08/day. For 1M
views. This is about 3 orders of magnitude lower than just AdWords.

~~~
cjg
Perhaps this means that bitcoin is currently undervalued by three orders of
magnitude.

~~~
rmc
Or that AdWords is three times as good as bitcoin for revenue generation.

------
aarlo
So why does the bitcoin economy reward spending processing power?

I guess our economy does too (quant finance)

~~~
wcoenen
Because you need some way to inject new coins into the system initially.
Bitcoin chose to do this by allowing early users to "mine" the currency.

The traditional approach is to have a central bank which does the minting and
printing, and then the regular banks can borrow that money. Those banks then
lend that money to their customers, possibly creating more virtual currency by
fractional reserve banking.

Bitcoin obviously can't do that because it is a decentralized system. The
traditional approach also has the disadvantage that all currency in
circulation is ultimately borrowed, so there is always more debt than money
unless you allow banks to default. That can only work as long as the economy
is growing fast enough.

I think there are even better alternatives, by modeling currency after trust
and social capital: <http://ripple-project.org/decentralizedcurrency.pdf>

~~~
josephholsten
You should know that people have been trying reputation-style digital
currencies since at least the early nineties. They require a ton of
bootstrapping to get anywhere. That's because you end up with a trading system
that's looks like a foreign exchange market with 7 billion different floating
currencies. And that's assuming only individuals have them, excluding
corporations. You'll notice old cypherpunks have a lot of skepticism toward
the fiat-currency arguments against bitcoin. We've been trying to make fiat-
currencies work. Keeping the rep net up to date is at least as expensive as
mining bitcoins, but with none of the hard-crypto backing to the algorithms.
And it's way more opaque. That's ideal if you're trying to soften shocks
across a national economy. It's less ideal if you've got more self-serving
interests than eyes.

Bitcoin isn't perfect. But we can test it, and if it breaks, we'll see
quickly. Broken rep-net economies are like building markets on pyramid
schemes: people have an incentive to pretend it still works until the damage
is orders of magnitude larger than the economy proper.

And I encourage you to investigate what fractional reserve banking looked like
in the days of specie-backed-currency. Banks still made loans and kept less
than the entire value of their demand accounts on hand. It'll be weird, but
there will be an M2 and an M1 in bitcoin, we aren't technically limited to an
M0 money supply.

------
esrauch
Anyone care to calculate the actual expected revenue you could get from this?

~~~
mtogo
If you have an average consumer box and leave this running during the day, a
few USD a year at current exchange rates.

~~~
vabole
Not even that much. On my old laptop I get a little more than 1000 hash.
Assuming that average computer is twice as fast as mine we get 2 khash/s.
Inserting it in the calculator [1] shows that it would take 6068212 days on
average to calculate one block of 50 bitcoins. That is 332.5 years per
bitcoin. At current rate it means $0.02 per year.

[1] <http://www.alloscomp.com/bitcoin/old_calculator.php>

~~~
mtogo
I stand corrected, thanks.

------
peterbraden
on the ethics of this thing - most people seem to think that using a users cpu
without permission is unethical.

My browser is often brought to it's knees by badly written flash ads - is
there a difference?

~~~
jpr
There is no difference. That's why people who want to retain their sanity
disallow Flash. And it's really fucking close that I don't disable all JS too.

------
dave1010uk
Someone could make a URL shortening service that frames sites, including the
mining JS. Users could sign up and get a % from the mined coins on links that
they share.

As many people are pointing out that GPUs are faster for mining that CPUs,
would you be able to make use of a GPU with WebGL (or GPU-accelerated Flash)?
I guess the GPU computations don't fall in the spec of WebGL though.

~~~
VMG
I think a bitcoin browser plugin would be the sanest choice

~~~
josephholsten
We thought so too! But then we realized that if you're going to download and
install a miner, you probably want one that's actually fast. Browser plugins,
which are almost all javascript these days, are basically the worst of both
worlds from that perspective: slow and require manual installation.

------
BCM43
If this gets more people to install noscirpt, I'll consider it a good thing.

~~~
josephholsten
I hadn't heard of that! I'll be sure to mention it on our opt-out page, along
with adblock.

------
ccarpenterg
Idea: Screensavers with a bitcoin miner. Like SETI@home. Bitcoin@home!

~~~
kes
But who would get the coin?

~~~
Groxx
I'd imagine a particularly good screensaver would be profit-sharing, but
everyone else would run a free one and get all the mining income. Solo-mining
is not really an option any more, and it'd be easy to cheat (detect wins &
claim for yourself), so it'd have to be pool-based to be useful.

------
magicseth
On my machine with chrome, I had to open it up in 4 separate tabs in order to
peg all of my cores. It got pretty warm pretty quickly.

------
tobylane
How long till Adblock adds a bitcoin-block? Can't be soon enough imo.

~~~
josephholsten
We're looking into the best way to let adblock users turn us off, as well as a
cookie based opt-out.

------
anonymous
Bored with bitcoin. One technical flaw and your 'currency' vanishes.

~~~
josephholsten
Fortunately, that's not actually true. If the community agrees when the last
valid block is, all the transactions before that will be accepted as
trustworthy. The DHT (now moving to freenet) ensures that this transaction
history is reliable up to the date of the exploit. Then it's just a social
problem of converting into a less flawed system.

But social problems tend not to end up as near the worst case as is often
feared. What you're describing is like saying that if we break the crypto
underlying git repositories, you can trick the world into thinking you are the
original author of linux. Obviously, no one would fall for that. But every git
commit after the exploit, or from sources lacking a large consensus, would be
of suspect authorship. It's a big problem, but not exactly the way you imply.

------
bitcoin
Just don't end up like this guy who lost $50k USD in Bitcoin earlier today.

<http://helpingmarak.net>

------
zyfo
I hope this doesn't catch on. BItcoin got many merits against current
currencies. This wouldn't be one of them.

That said, it's a nice proof-of-concept. Is there anyway to block this type of
use of CPU without blocking JS?

~~~
sbierwagen
Sure. Set noscript to block-by-default, and don't allow script execution from
malicious domains.

------
naughtysriram
what if a virus or malware or an adware installs a bitcoin miner and starts
mining on zombie machines? wouldn't that be productive?

~~~
pygy_
It is technically the biggest threat against Bitcoin.

The mining process validates the transactions. Transactions are grouped in
blocks. The blocks are chained in one big sequence and the miners validate the
block chain.

Even if a rogue miner validates a block that steals coins, his fork of the
block chain will not be validated by honest miners. As long as the computing
power of the honest miners is above the one of an attacker, the block chain is
safe.

A dishonest, big enough botnet could overpower the honest miners, fork the
block chain and wreak havoc in the system.

\--

The biggest threat to bitcoin is not technical, though, it is financial. The
bitcoin market cap is currently of ~ $50M. If people with deep pockets and
trading experience figure that bitcoin is a threat to their deadline, they can
easily manipulate the market and crash it.

~~~
vabole
What would a scenario of such financial attack look like? Suppose I had $100M
- twice the bitcoin market cap. What would I be able to do to destroy the
bitcoin?

I can think of ways to manipulate bitcoin market with large sums of money, but
nothing that would make bitcoin unusable.

~~~
wmf
You'd buy as many BTC as you can (probably slowly over time), then sell them
all at once for a very low price. Momentum traders would help you by also
selling their BTC when the price starts dropping.

~~~
vabole
This is the strategy of cornering the market and according to wikipedia [1]
"very few attempts to corner the market have ever succeeded; instead, most of
these attempted corners have tended to break themselves spontaneously"

In fact, I think such attack would only create a short term volatility spike
but make bitcoin market sturdier in a long term.

In first phase of the attack you would pour in huge amounts of liquidity which
would attract more people to bitcoin market.

In the selling phase of the attack you would cause a temporary market panic
but only for as long as you sell. And if bitcoin market players managed to
find out about what you are doing, they would profit from it.

Finally, when you are out of money, the market would return to its normal
course.

[1] <http://en.wikipedia.org/wiki/Cornering_the_market>

------
naughtysriram
Just used google's closure compiler <http://closure-compiler.appspot.com/home>
on <http://bitp.it/jsMiner.js> and it saved some 4.11%. While compiling on
advanced mode i get lot of warnings.

~~~
gibybo
If you take the output of the Closure compiler and run it through the compiler
again, it will almost always be smaller the second time. However, the second
will also likely produce javascript that doesn't work because it renames
things that shouldn't have been renamed (and only the original source contains
the information necessary to determine what shouldn't be renamed).

The 4.11% reduction you experienced is likely gained at the expense of
invalidating the code.

------
peteretep
This is a neat-trick, and I ♥ Javascript, so even better.

In terms of ramping this up to actually be a viable revenue source... I guess
you'd need a browser plugin which was hard-core about making sure you agreed
to usage, and verified to the server that you were actually doing the mining
you'd agreed to - and that could tap in to the GPU.

But then, if Bitcoins become worth something meaningful, wouldn't we all be
using our GPU most of the time to be generating them anyway? In which case,
the website starts asking you for the opportunity cost of using your GPU
instead, and you know how much that's worth, and boom, micropayments.

