Dogedarkdev
Legendary
 Offline
Activity: 1708
Merit: 1009
$XVG - The Standard in Crypto as a Currency!
|
 |
April 05, 2018, 03:39:32 PM |
|
Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me: Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.The background is that the "fix" promoted by the devs simply won't fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack will still work, just be a bit slower. Also the over 20 Million XVG which were instamined by the attacker won't be blacklisted, reverted, filtered or rolled-back in anyway according to the verge-dev, so in my opinion you all (the miners and investors) got betrayed about that 20 M coins .. For some it might be only a few coins, for some it might be a lot.. For some this might all be drama for them, I see you there of course.. Just to clarify a few last things: 1. The fix won't fix it. The problem is not alone the drifttime, but also the algo variance. You have to make sure that not X blocks get mined on one algo. Myriad and digibyte had the same issues - they fixed it. Here's a possible fix for the issues: https://github.com/digibyte/digibyte/pull/15 Please DON'T just merge the code like you see it in that commit, you need to actually find the right places in your code and merge it. It's a slightly different codebase, so it won't work with just copy & paste, you actually have to understand and rewrite it to fit to your needs. 2. It's possible to blacklist certain addresses within the blockchain. So if you know on which addresses hacked funds reside, you can simply "blacklist" them directly in the codebase of the coin.
For example you know that the attacker has used address "123abc123acb123abc" as the root for his hacked funds. You can now - at anytime - update your wallet code and just say
"orphan all transactions with the root address "123abc123acb123abc". So even if the hacker moves the funds NOW or in one year, it won't happen as you've blacklisted the originating address.
This was done previously also, not on myriad but on another coin - I can also find that commit for you.
we dont need that commit, we are just rolling forward. technically this person did not break any rules of the source code, and it would cause a huge headache for the exchanges since the coins have already moved (likely were sold)3. I was getting blamed for "judging" too early and posting this info publicly on bitcointalk. I've mixed feelings about this.. Yes, I could have spoken silently to the devs at first and tell them "hey,
something weird is going on on your blockchain" - however in the same time my miners were asking why the pool wasn't finding blocks and I already saw the first tweets about "skimming" and
stuff.. So.. What to do ? Keep the info about the hacker silent with the devs and wait 3-4 days for a (non-working) fix and get my reputation killed totally or just go for a public post about it
and shutdown the pools ? I know, it's a difficult decision and my decision might have been wrong, but hey, I'm neither the attacker nor am I the guy responsible for the coin.. Also I was a bit
astonished that I was actually the first to report the problem.. I was expecting devs watch their coin closely and come up with fixes upfront.. or at least know about what happend.
In my opinion the optimal handling for this problem probably would have been something like this:
1. Contact pools and exchanges to shutdown mining and trading
1a. Tweet/Inform miners about the problem and tell them it's been worked on but takes it's time.
2. Talk about possible problems and mitigation practices with devs/exchanges and pools.. Create a "conference room" for this for example and invite all necessary people there.
3. Find a resolution, roll back the chain or at least filter the malicious coins (as someone as a (big) advantage here which he shouldn't, or?? So some others have a big disadvantage, or not ?)
4. Go back online with the resolution and back to mining.
the 1st step would be to stop your pool, and notify miners that its stopped for now. 2nd would be to contact us. 3rd, let us get something ready to fix it instead of invite the entire forum population to join in the attack. after your initial post the rate of blocks increased 10x. you say you want to end the drama, but never in my life have i seen more drama from a single person. you even quoted me in your OP with something i never said lol
|
_///// [$XVG] ★★★★★WE ARE ON THE VERGE ★★★★★ [MULTI-ALGO] /////_
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
mak013
|
|
April 05, 2018, 03:40:43 PM |
|
Nice try. Thx to ocminer for his work. It`s better to mine anything else then mine nothing and get such support from devs.
|
|
|
|
testingtester
Newbie
Offline
Activity: 13
Merit: 0
|
|
April 05, 2018, 03:44:38 PM |
|
It's really pity that the Suprnova pools will stay closed. When I had a look onto my miner and saw that there was something terrible wrong, I found a message at the official Verge Twitter account, that there WAS a little problem what is fixed now. I could see it on my machine: It was NOT fixed. So it was very appreciated when the Suprnova pool went down and gave a link to the explanation what is going on (this thread). At this point Verge devs had many hours time to inform the exchanges and other pools to suspend trading to get time for a nice solution. But they just let it go. That is not acceptable.
Now even the wallets still are out of sync. Is there any ETA out already, when they get updated?
|
|
|
|
|
|
cryptotum88
|
|
April 05, 2018, 03:47:46 PM |
|
at least 10 new accounts only in previous page some created just to give 1 answer or FUD answer...this is getting ridiculous  And best drama of the year goes to... |
|
|
|
|
|
|
noicyminer
Newbie
Offline
Activity: 13
Merit: 0
|
|
April 05, 2018, 03:52:00 PM |
|
Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:
the 1st step would be to stop your pool, and notify miners that its stopped for now. 2nd would be to contact us. 3rd, let us get something ready to fix it instead of invite the entire forum population to join in the attack. after your initial post the rate of blocks increased 10x. you say you want to end the drama, but never in my life have i seen more drama from a single person. you even quoted me in your OP with something i never said lol The 1st step was done. 2nd seems was done 3rd you didn't fix and after 1st attack,i found my machines is working empty.... There was nio call to attack,just good comunivation about was going on. YOU SHOULD LEARN COMMUNICATE AS WELL |
|
|
|
|
Lw2017
Copper Member
Newbie
Offline
Activity: 278
Merit: 0
|
|
April 05, 2018, 03:52:12 PM |
|
Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me:
Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.
....
This will be my last dealing with XVG. I don't like to get cheated and blamed. As a miner myself I care for what I mine and I care for others as well - you can take it or leave it.
I get why you're pissed off and I'm a total noob here, but I gotta say that I think they need you ocminer. WE need people like you running the pools and keeping an eye on things for the rest of us. In this quickly evolving space we need a lot more than straight up profit-takers. We need people who give a shit about doing this thing right. I hope you change your mind about XVG. I'd use your pool at double the fee exactly because you care about more than profits. same, I think dev on no sleep and alot of stress and accidentaly aimed it at you dude, Kiss , Make up and help each other through it @VERGE DEV AND OC |
EUNO.CO Proof Of Stake (POS), Proof Of Work (POW), Masternodes, 50 Million max supply and almost instant wallet to wallet transactions. |
|
|
|
cryptotum88
|
|
April 05, 2018, 03:55:13 PM |
|
catalogue? only reported what ocminer said... just hope the innocents get out before the whales dump their loads on them
i guess they can't even send their cons to exchange to dump them at this stage LOL exchanges and pools works really well. Do you missed the train Guido and need to buy at dips? |
|
|
|
|
|
lyolyalya
|
|
April 05, 2018, 03:56:36 PM |
|
damn...cryptopia paused the market...seems like my coins are going to dust...
|
|
|
|
|
Dogedarkdev
Legendary
Offline
Activity: 1708
Merit: 1009
$XVG - The Standard in Crypto as a Currency!
|
|
April 05, 2018, 03:57:52 PM |
|
catalogue? only reported what ocminer said... just hope the innocents get out before the whales dump their loads on them
i guess they can't even send their cons to exchange to dump them at this stage LOL exchanges and pools works really well. Do you missed the train Guido and need to buy at dips? there were no issues with any of the exchanges. pools found orphans during the attack. other than that there was no effect on regular users. |
_///// [$XVG] ★★★★★WE ARE ON THE VERGE ★★★★★ [MULTI-ALGO] /////_
|
|
|
|
blindgatsby
Newbie
Offline
Activity: 7
Merit: 0
|
|
April 05, 2018, 03:57:59 PM |
|
Some people are mistaking "being attacked" as being transparent. Something actually happening isn't "drama" - it's truth and facts. Just because someone brings something up and to the point that it's happening and a huge problem isn't someone stirring up drama. Quit being a child and fix your coin.
|
|
|
|
|
stronghandsdeeppockets
Member
Offline
Activity: 266
Merit: 27
|
|
April 05, 2018, 04:00:52 PM |
|
catalogue? only reported what ocminer said... just hope the innocents get out before the whales dump their loads on them
i guess they can't even send their cons to exchange to dump them at this stage LOL exchanges and pools works really well. Do you missed the train Guido and need to buy at dips? there were no issues with any of the exchanges. pools found orphans during the attack. other than that there was no effect on regular users. Yeah no effect lmao, 20m extra XVG out there. Investors didnt pay for that shit No seriously are you trolling? |
|
|
|
|
|
Gaglam
|
|
April 05, 2018, 04:01:27 PM |
|
Okay guys, as the shit keep hitting the fan harder and harder here I need to take a few steps to actually end that drama for me: Suprnova will not reopen any of it's XVG/Verge pools for mining whatsoever. You can mine it freely on any different pool if you like. Withdrawals are possible of course.The background is that the "fix" promoted by the devs simply won't fix the problem. It will just make the timeframe smaller in which the blocks can be mined / spoofed and the attack will still work, just be a bit slower. Also the over 20 Million XVG which were instamined by the attacker won't be blacklisted, reverted, filtered or rolled-back in anyway according to the verge-dev, so in my opinion you all (the miners and investors) got betrayed about that 20 M coins .. For some it might be only a few coins, for some it might be a lot.. For some this might all be drama for them, I see you there of course.. Just to clarify a few last things: 1. The fix won't fix it. The problem is not alone the drifttime, but also the algo variance. You have to make sure that not X blocks get mined on one algo. Myriad and digibyte had the same issues - they fixed it. Here's a possible fix for the issues: https://github.com/digibyte/digibyte/pull/15 Please DON'T just merge the code like you see it in that commit, you need to actually find the right places in your code and merge it. It's a slightly different codebase, so it won't work with just copy & paste, you actually have to understand and rewrite it to fit to your needs. 2. It's possible to blacklist certain addresses within the blockchain. So if you know on which addresses hacked funds reside, you can simply "blacklist" them directly in the codebase of the coin.
For example you know that the attacker has used address "123abc123acb123abc" as the root for his hacked funds. You can now - at anytime - update your wallet code and just say
"orphan all transactions with the root address "123abc123acb123abc". So even if the hacker moves the funds NOW or in one year, it won't happen as you've blacklisted the originating address.
This was done previously also, not on myriad but on another coin - I can also find that commit for you.
we dont need that commit, we are just rolling forward. technically this person did not break any rules of the source code, and it would cause a huge headache for the exchanges since the coins have already moved (likely were sold)3. I was getting blamed for "judging" too early and posting this info publicly on bitcointalk. I've mixed feelings about this.. Yes, I could have spoken silently to the devs at first and tell them "hey,
something weird is going on on your blockchain" - however in the same time my miners were asking why the pool wasn't finding blocks and I already saw the first tweets about "skimming" and
stuff.. So.. What to do ? Keep the info about the hacker silent with the devs and wait 3-4 days for a (non-working) fix and get my reputation killed totally or just go for a public post about it
and shutdown the pools ? I know, it's a difficult decision and my decision might have been wrong, but hey, I'm neither the attacker nor am I the guy responsible for the coin.. Also I was a bit
astonished that I was actually the first to report the problem.. I was expecting devs watch their coin closely and come up with fixes upfront.. or at least know about what happend.
In my opinion the optimal handling for this problem probably would have been something like this:
1. Contact pools and exchanges to shutdown mining and trading
1a. Tweet/Inform miners about the problem and tell them it's been worked on but takes it's time.
2. Talk about possible problems and mitigation practices with devs/exchanges and pools.. Create a "conference room" for this for example and invite all necessary people there.
3. Find a resolution, roll back the chain or at least filter the malicious coins (as someone as a (big) advantage here which he shouldn't, or?? So some others have a big disadvantage, or not ?)
4. Go back online with the resolution and back to mining.
the 1st step would be to stop your pool, and notify miners that its stopped for now. 2nd would be to contact us. 3rd, let us get something ready to fix it instead of invite the entire forum population to join in the attack. after your initial post the rate of blocks increased 10x. you say you want to end the drama, but never in my life have i seen more drama from a single person. you even quoted me in your OP with something i never said lol
1st step would be STOP YOUR SCAM. (would also be the last step)  |
|
|
|
|
|
BitPotus
|
|
April 05, 2018, 04:05:19 PM |
|
Ocminer is a trusted and valued member of the community. Nuff said.
|
|
|
|
|
niab
Newbie
Offline
Activity: 6
Merit: 0
|
|
April 05, 2018, 04:05:43 PM |
|
Why the hell XVG devs werent aware of this bug after 2 other coins got rekt because of this? I mean at least if you don't have anything original in your coin other than the name, take the effort and be aware of the shit happening to your clones.
|
|
|
|
|
|
cryptotum88
|
|
April 05, 2018, 04:07:27 PM |
|
Some people are mistaking "being attacked" as being transparent. Something actually happening isn't "drama" - it's truth and facts. Just because someone brings something up and to the point that it's happening and a huge problem isn't someone stirring up drama. Quit being a child and fix your coin.
and here it is the first brand new message from a brand new account! This predicable FUD start to annoy please use more intelligent method to spread it! |
|
|
|
|
|
aciddude
|
|
April 05, 2018, 04:08:55 PM |
|
The shill and troll accounts are hilarious.
Brandnew verge users registering just to comment nonsense.....
The fact that ~19.5 Million verge has been instamined!
Ocminer did the right thing and the VergeDev just says he's causing drama.
While he could have exploited the hack for his own gains, he took the high road and reported it to the community.... Only to have the paid verge shills and trolls come out in full force.
OCMiner - you did well by reporting this and it's a shame they didn't listen to you.
|
|
|
|
siege3967
Jr. Member
Offline
Activity: 42
Merit: 1
|
|
April 05, 2018, 04:10:04 PM |
|
we were going to reduce the 2 hour drift to 15 minutes, then i brazenly chose 30 seconds. 2 * 15 is 30 seconds which is our blocktime. we decided not to go with that as blocktimes do vary a bit.
we've done a complete rewrite and will be pushing it shortly and contacting our pool ops and exchanges.
i love seeing so many people who aren't even involved in verge talking about it though ;]
Come on, don't lie. We all saw the peercoin GitHub you copied that "fix" from, including the incorrect comment. At least fess up. |
|
|
|
|
CryptoYeff
Newbie
Offline
Activity: 8
Merit: 0
|
|
April 05, 2018, 04:10:44 PM |
|
this should have been handled privately between OCMINER and Justin... OC couldve just shut the pool down and give us- the miners- a heads up that something was wrong and mining was suspended until he spoke with developers. He didnt have to tag it on the dashboard lol. What efforts were made to contact the devs? and if there were any and they went unanswered; how long did you wait? 5 minutes?? At the same time im glad OC saw something wrong and did something about it, i just think it couldve been handled in a more private manner and after the issue was addressed then bring it to the forums. By putting it on blast it definitely increased the damage. Im not a verge fanboy by any means, but i did mine the sH!t out of it and was excited about upcoming events.. if anyone recognizes my name you know i mine xvg x17 on suprnova. Im more upset about the way this unfolded more than the fact it occured-- at the end of the day what did we lose? 20-30 million coins--- who gives a sh!t-- means nothing compared to max supply---- we lost half a day of mining? not the end of the world.
|
|
|
|
|
cryptocronic
Full Member
Offline
Activity: 241
Merit: 100
cryptocronic.com
|
|
April 05, 2018, 04:11:10 PM |
|
So will there be a fork of XVG now? will all the people that have been trading before the exchanges closed lose their coins to the old blockchain?
|
|
|
|
|
