FlexPool has released the first major public release of their FlexFarmer software, releasing version 1.0 for Linux and Windows. I did not cover the exact moment of release because I honestly felt the Alpha and Beta versions were quite good and production ready.
However, one of the main critiques I had about the process when I participated in the Alpha was the farmer private key extraction process. It was a little unwieldly and I recommended a better process. However, what they have gone with makes me very nervous and I don’t think this is it.
FlexPool has enabled a browser based Key Extraction process in the browser. Where you literally type your 24 words into their website and it spits out the secret key based on your mnemonic. Yeah. This ain’t it, FlexPool. Sorry. It almost wouldn’t be as bad if it wasn’t their default option. But it is.
I’m not sure what the right solution is here. Luckily its not my problem to solve. But I think training users to type their mnemonics into web pages is going to backfire spectacularly at some point. Especially since FlexPool makes their website front-end open source and it would be very easy to grab a copy of this, modify it to capture that password and phish users for their keys.
I like, mostly, what FlexPool is doing with FlexFarmer. I think that it really does reduce the barrier of entry for Chia farming and will ultimately help grow the community. I am certainly more positive about the whole thing than Chia Network. But its as big a risk, security wise, as the Chia client keeping all their keys in easily accessible places on disk. These lightweight farmers should improve security from running a full client, not just trade risks.