+## v4.1.5
+
+### Notable Changes
+
+#### Server hardening
+
+Security is an ongoing endeavor, and to that end, several improvements have been
+made to the NanoPow server implementation. First, the temporary HTML file
+written to disk to provide puppeteer with a secure context has been replaced
+with an intercepted request to load an invalid HTTPS URL which provides the
+secure context required by WebGPU while also mitigating a TOCTOU attack vector.
+Second, numerous Node `http` and `server` variables have been set with
+reasonable constant values to implement basic rate limiting and connection
+timeouts. Third, the server now listens on `localhost` instead of `::1` so that
+the IP address can be extracted; this works best in tandem with reverse proxy
+rules that can forward real IPs instead of potentially spoofed addresses.
+
+#### Bug fixes
+
+Some minor bugs included the comparison of the low 32 bits of each nonce to the
+difficulty and the device load loop that continuously checks for the GPU. These
+issues have been fixed.
+
+#### Performance improvements
+
+The `GPUBindGroup` was the same for both `work_generate` and `work_validate`
+pipelines, so it is now saved as a static variable, initialized once, and used
+for both. Compute results are also now initialized once as a static variable and
+reused throughout execution to avoid additional memory allocations. A call to
+`Math.random()` was eliminated by implementing a new "sliding randomness" value
+for each search seed. The NanoPow module is now cached as a puppeteer handle,
+and work calls are now split by action instead of using a generic evaluate
+function in order to avoid unnecessary JSON serialization. Finally, a trivial
+dispatch upon WebGPU load completion compiles and caches the compute shader
+prior to actual work calls.
+
+### Other Changes
+
+Reduce workgroup size to 64 to improve portability between GPU vendors.
+
+Capture logging over IPC from server process spawned by CLI.
+
+Lower timeout duration when tool is busy.
+
+Allow difficulty of zero.
+
+Throw an error if work to be validated does not match the nonce returned by the
+compute result.
+
+Add max HTTP header size limit to launch script to protect server process.
+
+Check more generate calls in test script, and reduce run size of benchmark.
+
+Tweak error messaging.
+
+
+
projects / nano-pow.git / commitdiff