[Pushpool Web Frontend] Simplecoin v5.0 Opensource PHP/MySQL - NEW RELEASE

[simplecoin]

Are there any good products you'd recommend to check for sql injection vulnerability?  I've seen the SQL Inject Me Firefox addon at https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/   - seems to be marked as Experimental though, so not quite confident about using that.

acunetix has a thorough security package.

[1715554907]

1715554907

[1715554907]

1715554907

[1715554907]

1715554907

[mich]

"Past shares" and "Past invalid" takes values after finding block only? In table "Top 30 Lifetime Shares" column "Shares" is 0. It is correct, in case of Round shares already much more then 0?

Update Main Page Settings does not work in Admin Panel

[simplecoin]

"Past shares" and "Past invalid" takes values after finding block only? In table "Top 30 Lifetime Shares" column "Shares" is 0. It is correct, in case of Round shares already much more then 0?

Update Main Page Settings does not work in Admin Panel

Yes, past is relative to shares before current round. This avoids a nasty amount of sql overhead.
I'll have Admin Panel working again shortly.

[mich]

Yes, past is relative to shares before current round. This avoids a nasty amount of sql overhead.
I'll have Admin Panel working again shortly.
[/quote]

I've change default value "NULL" in table 'webUsers' col's 'share_count' and 'stale_share_count' to 0 - now table shows current shares

[simplecoin]

Yes, past is relative to shares before current round. This avoids a nasty amount of sql overhead.
I'll have Admin Panel working again shortly.

I've change default value "NULL" in table 'webUsers' col's 'share_count' and 'stale_share_count' to 0 - now table shows current shares
[/quote]

Good to know. I had solved shares before this was implemented, so it never came up.

[mich]

Button "Lost Password" is there just for anturage? I haven't found any code serves this event...

[simplecoin]

Button "Lost Password" is there just for anturage? I haven't found any code serves this event...

It's just a relic from mining pool v1.... Looks like it was a stub. I'll get to it in the next version.

Which reminds me....

v3 features not yet in repo:
Memcached support
No more shares_history (what a nightmare that was)
Improved block handling.
Dynamic stats/setting caching (more responsive/less overhead)
Process locking
Drastically improved cronjobs.
Live round stats.
Just to name a few improvements....

[AnnihilaT]

Button "Lost Password" is there just for anturage? I haven't found any code serves this event...

It's just a relic from mining pool v1.... Looks like it was a stub. I'll get to it in the next version.

Which reminds me....

v3 features not yet in repo:
Memcached support
No more shares_history (what a nightmare that was)
Improved block handling.
Dynamic stats/setting caching (more responsive/less overhead)
Process locking
Drastically improved cronjobs.
Live round stats.
Just to name a few improvements....

Looking forward to seeing how you have tackled this.... im in the midst of dealing with these same issues... especially the whole shares_history nightmare and the associated monster queries.

[simplecoin]

Button "Lost Password" is there just for anturage? I haven't found any code serves this event...

It's just a relic from mining pool v1.... Looks like it was a stub. I'll get to it in the next version.

Which reminds me....

v3 features not yet in repo:
Memcached support
No more shares_history (what a nightmare that was)
Improved block handling.
Dynamic stats/setting caching (more responsive/less overhead)
Process locking
Drastically improved cronjobs.
Live round stats.
Just to name a few improvements....

Looking forward to seeing how you have tackled this.... im in the midst of dealing with these same issues... especially the whole shares_history nightmare and the associated monster queries.

Good news then.... I just pushed the initial v3 to the expiremental repo. This is no upgrade script, nor a simple upgrade path... yet. You'll need to merge these as appropriate.

As for moving shares history back into shares (AFTER adding new shares fields), I used this sql:
INSERT INTO shares (username, our_result, time, blockNumber, score) SELECT username, our_result, time, blockNumber, score FROM shares_history WHERE shares_history.counted = '0'

Also, I recommend using a separate instance of memcache than pushpool. Don't want your pool cache eaten by web data.

[oseido]

Hi to all.
We are very impressive about Simplecoin Pushpool Web Frontend. We have start an italian minig pool with this amazing opensource software, and we are in testig. We are also meditating to enable ssl support, but because certificate was self-signed (we have a L.A.M.P system redyrected on dyndns.org) we are finding a way for make certificate not affected about the orrible browser ssl self-signed warning.
We hope tath people can test the server.
Tnx a lot for simplecoin again!!

oseido

Chemtrail Italia Cooperative Bitcoin Mining Pool

http://chemtrail.dyndns.org:8080/
Mining Port = 8332

[simplecoin]

Added a forum for discussion and support since I'm often afk in irc. Feel free to give your fellow admins help and share your solutions.

[simplecoin]

More updates to v3 pushed to repo.

[simplecoin]

Just added capability to offload heavy stats to replicated server (less stress on your pool sql server).

[Paul4games]

Siplecoin here is a feature request:
-add an api so that an application could create an new worker when he wants(for example you have 5 computers and you want to create an application that when it's run on that computer it will automatically create an new username+password from that computer+link it to you're account, for example that worker to be linked to my account or so)&retrive them from the server.Or if i'm mining with 2 pcs and using the same username+password is there any problem?or this would work to?

[simplecoin]

Siplecoin here is a feature request:
-add an api so that an application could create an new worker when he wants(for example you have 5 computers and you want to create an application that when it's run on that computer it will automatically create an new username+password from that computer+link it to you're account, for example that worker to be linked to my account or so)&retrive them from the server.Or if i'm mining with 2 pcs and using the same username+password is there any problem?or this would work to?

While the idea sounds great, it's also seems like it might add an exploit.

However, you can use the same miner name/pass on multiple workers.

[Paul4games]

Siplecoin here is a feature request:
-add an api so that an application could create an new worker when he wants(for example you have 5 computers and you want to create an application that when it's run on that computer it will automatically create an new username+password from that computer+link it to you're account, for example that worker to be linked to my account or so)&retrive them from the server.Or if i'm mining with 2 pcs and using the same username+password is there any problem?or this would work to?

While the idea sounds great, it's also seems like it might add an exploit.

However, you can use the same miner name/pass on multiple workers.

Could you please explain futher what exploit it could add?and i see that you fixed the full path disclousure bugs, good job!

[phorensic]

Button "Lost Password" is there just for anturage? I haven't found any code serves this event...

It's just a relic from mining pool v1.... Looks like it was a stub. I'll get to it in the next version.

Which reminds me....

v3 features not yet in repo:
Memcached support
No more shares_history (what a nightmare that was)
Improved block handling.
Dynamic stats/setting caching (more responsive/less overhead)
Process locking
Drastically improved cronjobs.
Live round stats.
Just to name a few improvements....

Looking forward to seeing how you have tackled this.... im in the midst of dealing with these same issues... especially the whole shares_history nightmare and the associated monster queries.

Good news then.... I just pushed the initial v3 to the expiremental repo. This is no upgrade script, nor a simple upgrade path... yet. You'll need to merge these as appropriate.

As for moving shares history back into shares (AFTER adding new shares fields), I used this sql:
INSERT INTO shares (username, our_result, time, blockNumber, score) SELECT username, our_result, time, blockNumber, score FROM shares_history WHERE shares_history.counted = '0'

Also, I recommend using a separate instance of memcache than pushpool. Don't want your pool cache eaten by web data.

This is interesting.  Can you explain further why you axed shares_history and what shares_counted is for?  Is it just a lighter version of shares_history?  How big does your original shares table get?  I mean, where are your old shares held?  I also noticed shares_counted is MyISAM instead of InnoDB, is that because it's a temporary table?

[simplecoin]

Shares history was essentially an extension of shares, but it required lots of additional joins and unions. It made queries painfully processor intensive when they didn't need to be.

Shares counted is the counted sum of valid/invalid shares per round.

As for MyIsam, that was an oversight, I'll fix that before the code is finalized.

[phorensic]

How does your new setup query faster if "sahres" is larger than two tables - "shares" and "shares_history"...besides indexing.  Xenland and I have discussed and applied indexing to our setups, so I'm curious.

[simplecoin]

shares is only as large as the current round. Why split that data into 2 tables, when you need to join or union them every time?

after the current round confirms I condense the shares into shares_counted to drastically lower the amount of data.