[DEAD] DeepBit.net PPS+Prop,instant payouts, we pay for INVALID BLOCKS too

[cdhowie]

Worker processing and JSON API doesn't allow attacker to steal user's money or account. There is no function to change user's bitcoin address with worker password or api token. Someone may even use random password for main account and never use it again to prevent it's interception )

Right, that's pretty much what I'm saying -- implementing digest auth for mining doesn't seem worthwhile, given that damage can only result if the user is dumb enough to use a shared password for a worker.  Attacks under the user's identity can be easily detected.

If it wasn't clear, I was only bringing up a possible attack against a normal bitcoind in response to this:

This standard was started by bitcoind, and is used outside of pools.

I was trying to illustrate that digest auth is pointless for mining accounts, and offers only the illusion of protection for a normal bitcoind.

[jgarzik]

It's very simple:  using Digest auth by default will reduce potential for problems, over existing practice of using Basic auth.  Is SSL better?  Yes.  Do potential problems exist even with Digest?  Yes.  But neither of those factors implies that Digest is useless, given current client implementations and practices.

Remember:  don't let perfect be the enemy of good.

[[Tycho]]

Difficulty period of ~68978.89245792 just ended this night and new difficulty is ~82347.22294654 (~19% increase)

During this period we have found 263 blocks with average 68128.4106 shares per block, which is ~1.23% better than expected.
Our hashrate is about 90 GH/s and peak value yesterday was over 100 GH/s.

UPDATE:

• You can try to enable history column in you advanced settings
  If history column is enabled, you can see your shares/total shares, average speed and balance change for each block

[os008]

Thank you for all the new features; making this pool better very fast. Keep it up .

[nster]

I've already said it and I'll say it again, feature-wise and in general, this is by far the best pool. Sure the fees are the highest on the market, but they are offset by LP and failed block payouts, which IMO, as long as slush doesn't implement LP, deepbit is actually cheaper than slush. Having such a large hashrate, this is, for most, the most attractive pool to join.

[konstancja]

thanks  for having long polling support

[Doctor Mushies]

Tycho:
Can I get help with reseting, or recovering a lost account password?

[nster]

Hey, [Tycho], recently slush made this post in his thread:

In connection to recent security issues of other bitcoin site I want to clarify, that pool application does not store account passwords in paintext, but as hashes with random salt to avoid possible dictionary attacks. Also pool sources are built on technologies which does not allow SQL injection in any form. Finally, the profile page is using techniques against Cross site request forqery attack. It makes impossible to modify (for example) wallet address from malicious javascript. I care about overall pool security a lot.

Could you confirm you have something of the sort? It would put my mind and several other's people's mine at ease

[new_in_this]

PayPal mining? 

[nster]

PayPal mining? 

an AF joke

[mjsbuddha]

PayPal mining? 

an AF joke

though there's no reason he couldn't convert the bitcoins at the current mt. gox rate and deposit it directly into a paypal account.

[nster]

PayPal mining? 

an AF joke

though there's no reason he couldn't convert the bitcoins at the current mt. gox rate and deposit it directly into a paypal account.

wayyyyyyyy too much work

[[Tycho]]

PayPal mining?  :o

an AF joke

though there's no reason he couldn't convert the bitcoins at the current mt. gox rate and deposit it directly into a paypal account.

wayyyyyyyy too much work

Actually this IS possible and i'm working on it. There is already API for automatic exchange, but i have no paypal accounts with allowed incoming transactions, so testing it is not so easy :)

[[Tycho]]

Hey, [Tycho], recently slush made this post in his thread:

In connection to recent security issues of other bitcoin site I want to clarify, that pool application does not store account passwords in paintext, but as hashes with random salt to avoid possible dictionary attacks. Also pool sources are built on technologies which does not allow SQL injection in any form. Finally, the profile page is using techniques against Cross site request forqery attack. It makes impossible to modify (for example) wallet address from malicious javascript. I care about overall pool security a lot.

Could you confirm you have something of the sort? It would put my mind and several other's people's mine at ease

Yes, of course. I'm not storing plaintext account passwords, only as salted hashes - that's why your main password is shown as "hidden" if used as worker's password. There is no SQL in my pool and it's protected against injections. Cross-site form forgery is not possible too.

[nster]

couldn't you ask a mod to change the thread title to ~90 instead of 70?

[[Tycho]]

Also, the "BTC in last 24 hours" in history column is real earning, not theoretical or expected value.

[Fiyasko]

Also, the "BTC in last 24 hours" in history column is real earning, not theoretical or expected value.

wich is a giagantic peice of the site that i love

Could you make it so that your pool shows how many Blocks (50gen's) that we've found, I've found One on slushs' pool and i've been mining in Deepbit for 3x the length that i've mined in Slushs' pool.
 But the #1 that bugs me is the rate of auto payout!, it needs to be Much more than Once a day without

[bombo999]

Also, the "BTC in last 24 hours" in history column is real earning, not theoretical or expected value.

wich is a giagantic peice of the site that i love

Could you make it so that your pool shows how many Blocks (50gen's) that we've found, I've found One on slushs' pool and i've been mining in Deepbit for 3x the length that i've mined in Slushs' pool.
 But the #1 that bugs me is the rate of auto payout!, it needs to be Much more than Once a day without

I disagree.  Deepbit has one of the best implemented and most flexible payout configurations of any pool.  There is no delay for block confirmation, there is customization for payout threshold which triggers the automatic daily payments and on top of all that there is a pay now button. 

[nster]

Also, the "BTC in last 24 hours" in history column is real earning, not theoretical or expected value.

wich is a giagantic peice of the site that i love

Could you make it so that your pool shows how many Blocks (50gen's) that we've found, I've found One on slushs' pool and i've been mining in Deepbit for 3x the length that i've mined in Slushs' pool.
 But the #1 that bugs me is the rate of auto payout!, it needs to be Much more than Once a day without

I disagree.  Deepbit has one of the best implemented and most flexible payout configurations of any pool.  There is no delay for block confirmation, there is customization for payout threshold which triggers the automatic daily payments and on top of all that there is a pay now button. 

agreed, and since he s a big pool, if he did payout too often, he would flood the Bitcoin transfers or wtv and slow everything down.

[jgarzik]

agreed, and since he s a big pool, if he did payout too often, he would flood the Bitcoin transfers or wtv and slow everything down.

Not with the new 'sendmany' transaction, designed specifically for pool operators and similar situations.