Bitcoin Forum
March 19, 2024, 08:50:13 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [33] 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 ... 326 »
  Print  
Author Topic: [DEAD] DeepBit.net PPS+Prop,instant payouts, we pay for INVALID BLOCKS too  (Read 1601093 times)
cdhowie
Full Member
***
Offline Offline

Activity: 182
Merit: 107



View Profile WWW
April 05, 2011, 08:18:27 PM
 #641

Worker processing and JSON API doesn't allow attacker to steal user's money or account. There is no function to change user's bitcoin address with worker password or api token. Someone may even use random password for main account and never use it again to prevent it's interception Smiley)
Right, that's pretty much what I'm saying -- implementing digest auth for mining doesn't seem worthwhile, given that damage can only result if the user is dumb enough to use a shared password for a worker.  Attacks under the user's identity can be easily detected.

If it wasn't clear, I was only bringing up a possible attack against a normal bitcoind in response to this:

This standard was started by bitcoind, and is used outside of pools.
I was trying to illustrate that digest auth is pointless for mining accounts, and offers only the illusion of protection for a normal bitcoind.

Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ

Thanks to ye, we have the final piece.

PGP key fingerprint: 2B7A B280 8B12 21CC 260A  DF65 6FCE 505A CF83 38F5

SerajewelKS @ #bitcoin-otc
1710838213
Hero Member
*
Offline Offline

Posts: 1710838213

View Profile Personal Message (Offline)

Ignore
1710838213
Reply with quote  #2

1710838213
Report to moderator
1710838213
Hero Member
*
Offline Offline

Posts: 1710838213

View Profile Personal Message (Offline)

Ignore
1710838213
Reply with quote  #2

1710838213
Report to moderator
1710838213
Hero Member
*
Offline Offline

Posts: 1710838213

View Profile Personal Message (Offline)

Ignore
1710838213
Reply with quote  #2

1710838213
Report to moderator
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
jgarzik
Legendary
*
Offline Offline

Activity: 1596
Merit: 1091


View Profile
April 05, 2011, 09:29:55 PM
 #642

It's very simple:  using Digest auth by default will reduce potential for problems, over existing practice of using Basic auth.  Is SSL better?  Yes.  Do potential problems exist even with Digest?  Yes.  But neither of those factors implies that Digest is useless, given current client implementations and practices.

Remember:  don't let perfect be the enemy of good.

Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 06, 2011, 07:20:28 AM
Last edit: April 07, 2011, 05:21:54 AM by [Tycho]
 #643

Difficulty period of ~68978.89245792 just ended this night and new difficulty is ~82347.22294654 (~19% increase) Smiley

During this period we have found 263 blocks with average 68128.4106 shares per block, which is ~1.23% better than expected.
Our hashrate is about 90 GH/s and peak value yesterday was over 100 GH/s.

UPDATE:
  • You can try to enable history column in you advanced settings
    If history column is enabled, you can see your shares/total shares, average speed and balance change for each block

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
os008
Member
**
Offline Offline

Activity: 79
Merit: 10



View Profile
April 06, 2011, 10:28:32 AM
 #644

Thank you for all the new features; making this pool better very fast. Keep it up Smiley.

2x5850 @ 600[M|K]H/s
nster
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
April 06, 2011, 05:45:01 PM
 #645

I've already said it and I'll say it again, feature-wise and in general, this is by far the best pool. Sure the fees are the highest on the market, but they are offset by LP and failed block payouts, which IMO, as long as slush doesn't implement LP, deepbit is actually cheaper than slush. Having such a large hashrate, this is, for most, the most attractive pool to join.

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
konstancja
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
April 06, 2011, 05:49:05 PM
 #646

thanks  for having long polling support
Doctor Mushies
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
April 06, 2011, 07:58:41 PM
 #647

Tycho:
Can I get help with reseting, or recovering a lost account password?
nster
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
April 06, 2011, 10:39:47 PM
 #648

Hey, [Tycho], recently slush made this post in his thread:

In connection to recent security issues of other bitcoin site I want to clarify, that pool application does not store account passwords in paintext, but as hashes with random salt to avoid possible dictionary attacks. Also pool sources are built on technologies which does not allow SQL injection in any form. Finally, the profile page is using techniques against Cross site request forqery attack. It makes impossible to modify (for example) wallet address from malicious javascript. I care about overall pool security a lot.


Could you confirm you have something of the sort? It would put my mind and several other's people's mine at ease

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
new_in_this
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
April 07, 2011, 03:07:53 AM
 #649

PayPal mining?  Shocked
nster
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
April 07, 2011, 03:31:41 AM
 #650

PayPal mining?  Shocked

an AF joke

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
mjsbuddha
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


yung lean


View Profile
April 07, 2011, 03:44:27 AM
 #651


though there's no reason he couldn't convert the bitcoins at the current mt. gox rate and deposit it directly into a paypal account.
nster
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
April 07, 2011, 03:59:20 AM
 #652


though there's no reason he couldn't convert the bitcoins at the current mt. gox rate and deposit it directly into a paypal account.

wayyyyyyyy too much work

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 07, 2011, 05:25:25 AM
 #653

though there's no reason he couldn't convert the bitcoins at the current mt. gox rate and deposit it directly into a paypal account.
wayyyyyyyy too much work
Actually this IS possible and i'm working on it. There is already API for automatic exchange, but i have no paypal accounts with allowed incoming transactions, so testing it is not so easy :)

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 07, 2011, 05:30:04 AM
 #654

Hey, [Tycho], recently slush made this post in his thread:
In connection to recent security issues of other bitcoin site I want to clarify, that pool application does not store account passwords in paintext, but as hashes with random salt to avoid possible dictionary attacks. Also pool sources are built on technologies which does not allow SQL injection in any form. Finally, the profile page is using techniques against Cross site request forqery attack. It makes impossible to modify (for example) wallet address from malicious javascript. I care about overall pool security a lot.
Could you confirm you have something of the sort? It would put my mind and several other's people's mine at ease
Yes, of course. I'm not storing plaintext account passwords, only as salted hashes - that's why your main password is shown as "hidden" if used as worker's password. There is no SQL in my pool and it's protected against injections. Cross-site form forgery is not possible too.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
nster
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
April 07, 2011, 05:51:03 AM
 #655

couldn't you ask a mod to change the thread title to ~90 instead of 70?

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
April 07, 2011, 08:47:53 AM
 #656

Also, the "BTC in last 24 hours" in history column is real earning, not theoretical or expected value.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
Fiyasko
Legendary
*
Offline Offline

Activity: 1428
Merit: 1001


Okey Dokey Lokey


View Profile
April 07, 2011, 03:09:02 PM
 #657

Also, the "BTC in last 24 hours" in history column is real earning, not theoretical or expected value.

wich is a giagantic peice of the site that i love

Could you make it so that your pool shows how many Blocks (50gen's) that we've found, I've found One on slushs' pool and i've been mining in Deepbit for 3x the length that i've mined in Slushs' pool.
 But the #1 that bugs me is the rate of auto payout!, it needs to be Much more than Once a day without

http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
bombo999
Member
**
Offline Offline

Activity: 107
Merit: 10


View Profile
April 07, 2011, 03:37:43 PM
 #658

Also, the "BTC in last 24 hours" in history column is real earning, not theoretical or expected value.

wich is a giagantic peice of the site that i love

Could you make it so that your pool shows how many Blocks (50gen's) that we've found, I've found One on slushs' pool and i've been mining in Deepbit for 3x the length that i've mined in Slushs' pool.
 But the #1 that bugs me is the rate of auto payout!, it needs to be Much more than Once a day without

I disagree.  Deepbit has one of the best implemented and most flexible payout configurations of any pool.  There is no delay for block confirmation, there is customization for payout threshold which triggers the automatic daily payments and on top of all that there is a pay now button. 
nster
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
April 07, 2011, 05:47:50 PM
 #659

Also, the "BTC in last 24 hours" in history column is real earning, not theoretical or expected value.

wich is a giagantic peice of the site that i love

Could you make it so that your pool shows how many Blocks (50gen's) that we've found, I've found One on slushs' pool and i've been mining in Deepbit for 3x the length that i've mined in Slushs' pool.
 But the #1 that bugs me is the rate of auto payout!, it needs to be Much more than Once a day without

I disagree.  Deepbit has one of the best implemented and most flexible payout configurations of any pool.  There is no delay for block confirmation, there is customization for payout threshold which triggers the automatic daily payments and on top of all that there is a pay now button. 

agreed, and since he s a big pool, if he did payout too often, he would flood the Bitcoin transfers or wtv and slow everything down.

167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Smiley Please be kind if I helped
jgarzik
Legendary
*
Offline Offline

Activity: 1596
Merit: 1091


View Profile
April 07, 2011, 05:50:05 PM
 #660

agreed, and since he s a big pool, if he did payout too often, he would flood the Bitcoin transfers or wtv and slow everything down.

Not with the new 'sendmany' transaction, designed specifically for pool operators and similar situations.


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [33] 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 ... 326 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!