[POOL][Scrypt][Scrypt-N][X11] Profit switching pool - wafflepool.com

[LPCobris]

Hi!
Does anyone knows what is happening to BTC?

Is droping like a rock!

LPC

[bbbbbb2014]

Hi!
Does anyone knows what is happening to BTC?

Is droping like a rock!

LPC

I have no idea. No big news headlines. But I'll repeat my request. What about payments in other crypto currencies?

[utahjohn]

Hi!
Does anyone knows what is happening to BTC?

Is droping like a rock!

LPC

I have no idea. No big news headlines. But I'll repeat my request. What about payments in other crypto currencies?

Holy shit! BTC is dropping DOGE also:

DOGE Average All Exchanges    
$609.93
   
$501.43
   
$483.56

These are the prices being paid with Bitcoin (1 BTC = $485.00) on the exchanges. We convert them to the USD equivalent.

source: dogepay.com

checking DOGE/BTC now 0.00000102 ... might buy a few while market is down, I have seen BTC drop below 400 before and quickly rise back.

see: https://bitcoinwisdom.com/markets/bitstamp/btcusd

looks like has been steadily dropping, don't buy yet!

LTC also falling.  maybe ASIC miners flooding market ...

removing my balances from all markets for the time being ... wait till it settles down ...

Not current info but this is quite disturbing:
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/this-finance-expert-thinks-bitcoin-will-fall-99-percent-by-june/

Seriously thinking of moving to scrypt-n only and just hold my scrypt coins until markets recover ...

See also : http://alpha-t.net/news/letter-managing-director/

[Don007]

Hi!
Does anyone knows what is happening to BTC?

Is droping like a rock!

LPC

Ouch, I didn't knew it already was under the 500 again.

I've read something about rumours from China.. You will find some more information about this on this forum.

[phzi]

Just thinking about it, who has experience with vertcoin here? I was thinking whats the MH/BTC/ Profit ratio with this? say you want to chuck 10-14 x R9 290x at it

I am averaging about 0.012BTC/MH/day with vertcoin right now (running 10x R9 290).  But that MH value is ~50% of my scrypt(1024,1,1) hashrate.  So compared to wafflepool, it would be about .006BTC/MH/day.

Mind you, I'm speculating on vertcoin, so I'm not exchanging immediately.

projectxpps.com is pretty awesome if anyone wants a good vertcoin pool, btw.  PPS and 0% fee right now.

Where do you think that client.reconnect command originated anyway?  It was not sent by your legitimate stratum servers, that's for sure.  And not just anyone can send it, it must arrive on your open stratum connection, or forged to look like it, in order to be processed.  Or the attacker must have been able to break your active stratum connection, or wait for it to break naturally, and then redirect you to a rogue server in order to send you that client.reconnect command.

I watched the attack occur and did some analysis (apparently unlike yourself?), and I don't believe there was any prior 'redirect' to a rogue server.  My prior comments are more then just speculation... The client.reconnect command appeared to come from the legitimate stratum server.  Aka, was "forged to look like it" as you suggest above.  I explained above in reasonable detail exactly how such an attack could be potentially replicated.  Go try it yourself if you have enough knowledge.

The only other attack method I can imagine based on what I observed, would be TCP injection at (a) key router(s) (by modifying packets and re-calculating header checksums).  But, I highly doubt this is the case (else it probably would have been more wide-spread).

I can also assure you that it is still possible at this moment to capture the TCP headers of traffic destined for other servers on OVH right now - more complicated then it was a few months ago since they have been patching their switches, but still possible. The TCP header of course contains the miner IP, port, and current TCP sequence number - which, given the right setup, would be sufficient to counterfeit a packet from the stratum server.  You might want to read about TCP injection attacks relating to TCP sequence prediction, if you were not aware this is possible: http://en.wikipedia.org/wiki/TCP_sequence_prediction_attack

FYI: I don't talk about things I am not knowledgeable about.  I have nothing to prove (obviously unlike yourself), but I can assure you my knowledge of networking is higher then you might like to believe.

What/where is this patch?

It is not a complete solution, but it does help to a degree, if the next attack mirrors the previous one.  Client.reconnect commands were included in the stratum mining protocol for a reason. The 'patch' to which you are referring is built into the latest versions of kalroth cgminer and veox sgminer.  Just check their docs for use of no-client-reconnect option.  But be forewarned, some pools might legitimately utilize the command, either now or in the future, so to enable it could break certain functionality.  But poolwaffle has stated that he does not ever use it, so safe to use here.

It is a complete solution tho...  If a pool wants to re-direct my miners somewhere else before the pool goes offline or something, I don't care - that's what fail-overs are for.  There is no overly useful case for Client.reconnect that I can imagine.  The stratum commands client.reconnect and client.get_version were added to cgminer in v2.8.2, as an aside.

In the copy of sgminer I am running, I simply disabled the client.reconnect ability entirely.  Was a 5 second patch.

The reason Slush added client.reconnect to the protocol, btw:

* Implemented method client.reconnect(host, port), so pool can now easily balance clients between backends or gracefully shutdown a backend without a miner outage.

After it was requested by eleuthria:

Please just adopt the two commands I posted about previously:  A redirect command for a poolserver to send miners elsewhere, and a server restart notification [with timer] so a pool can attempt a graceful restart rather than suddenly dropping connections.

[gtraah]

Just thinking about it, who has experience with vertcoin here? I was thinking whats the MH/BTC/ Profit ratio with this? say you want to chuck 10-14 x R9 290x at it

I am averaging about 0.012BTC/MH/day with vertcoin right now (running 10x R9 290).  But that MH value is ~50% of my scrypt(1024,1,1) hashrate.  So compared to wafflepool, it would be about .006BTC/MH/day.

Mind you, I'm speculating on vertcoin, so I'm not exchanging immediately.

projectxpps.com is pretty awesome if anyone wants a good vertcoin pool, btw.  PPS and 0% fee right now.

Where do you think that client.reconnect command originated anyway?  It was not sent by your legitimate stratum servers, that's for sure.  And not just anyone can send it, it must arrive on your open stratum connection, or forged to look like it, in order to be processed.  Or the attacker must have been able to break your active stratum connection, or wait for it to break naturally, and then redirect you to a rogue server in order to send you that client.reconnect command.

I watched the attack occur and did some analysis (apparently unlike yourself?), and I don't believe there was any prior 'redirect' to a rogue server.  My prior comments are more then just speculation... The client.reconnect command appeared to come from the legitimate stratum server.  Aka, was "forged to look like it" as you suggest above.  I explained above in reasonable detail exactly how such an attack could be potentially replicated.  Go try it yourself if you have enough knowledge.

The only other attack method I can imagine based on what I observed, would be TCP injection at (a) key router(s) (by modifying packets and re-calculating header checksums).  But, I highly doubt this is the case (else it probably would have been more wide-spread).

I can also assure you that it is still possible at this moment to capture the TCP headers of traffic destined for other servers on OVH right now - more complicated then it was a few months ago since they have been patching their switches, but still possible. The TCP header of course contains the miner IP, port, and current TCP sequence number - which, given the right setup, would be sufficient to counterfeit a packet from the stratum server.  You might want to read about TCP injection attacks relating to TCP sequence prediction, if you were not aware this is possible: http://en.wikipedia.org/wiki/TCP_sequence_prediction_attack

FYI: I don't talk about things I am not knowledgeable about.  I have nothing to prove (obviously unlike yourself), but I can assure you my knowledge of networking is higher then you might like to believe.

What/where is this patch?

It is not a complete solution, but it does help to a degree, if the next attack mirrors the previous one.  Client.reconnect commands were included in the stratum mining protocol for a reason. The 'patch' to which you are referring is built into the latest versions of kalroth cgminer and veox sgminer.  Just check their docs for use of no-client-reconnect option.  But be forewarned, some pools might legitimately utilize the command, either now or in the future, so to enable it could break certain functionality.  But poolwaffle has stated that he does not ever use it, so safe to use here.

It is a complete solution tho...  If a pool wants to re-direct my miners somewhere else before the pool goes offline or something, I don't care - that's what fail-overs are for.  There is no overly useful case for Client.reconnect that I can imagine.  The stratum commands client.reconnect and client.get_version were added to cgminer in v2.8.2, as an aside.

In the copy of sgminer I am running, I simply disabled the client.reconnect ability entirely.  Was a 5 second patch.

The reason Slush added client.reconnect to the protocol, btw:

* Implemented method client.reconnect(host, port), so pool can now easily balance clients between backends or gracefully shutdown a backend without a miner outage.

After it was requested by eleuthria:

Please just adopt the two commands I posted about previously:  A redirect command for a poolserver to send miners elsewhere, and a server restart notification [with timer] so a pool can attempt a graceful restart rather than suddenly dropping connections.

Hey Phzi,

 Thanks for the response bro, You seem to have similar cards to myseld, I just want to PM you for a query, I dont want to annoy people here they may say I am off-topic.

[jimlite]

Yeah scrypt-n, GPU coin looks promising. Low difficulty, and if you can't sell for a good price, you can buy mining equipment with it.

[comeonalready]

Where do you think that client.reconnect command originated anyway?  It was not sent by your legitimate stratum servers, that's for sure.  And not just anyone can send it, it must arrive on your open stratum connection, or forged to look like it, in order to be processed.  Or the attacker must have been able to break your active stratum connection, or wait for it to break naturally, and then redirect you to a rogue server in order to send you that client.reconnect command.

I watched the attack occur and did some analysis (apparently unlike yourself?), and I don't believe there was any prior 'redirect' to a rogue server.  My prior comments are more then just speculation... The client.reconnect command appeared to come from the legitimate stratum server.  Aka, was "forged to look like it" as you suggest above.  I explained above in reasonable detail exactly how such an attack could be potentially replicated.  Go try it yourself if you have enough knowledge.

The only other attack method I can imagine based on what I observed, would be TCP injection at (a) key router(s) (by modifying packets and re-calculating header checksums).  But, I highly doubt this is the case (else it probably would have been more wide-spread).

I can also assure you that it is still possible at this moment to capture the TCP headers of traffic destined for other servers on OVH right now - more complicated then it was a few months ago since they have been patching their switches, but still possible. The TCP header of course contains the miner IP, port, and current TCP sequence number - which, given the right setup, would be sufficient to counterfeit a packet from the stratum server.  You might want to read about TCP injection attacks relating to TCP sequence prediction, if you were not aware this is possible: http://en.wikipedia.org/wiki/TCP_sequence_prediction_attack

FYI: I don't talk about things I am not knowledgeable about.  I have nothing to prove (obviously unlike yourself), but I can assure you my knowledge of networking is higher then you might like to believe.

What/where is this patch?

It is not a complete solution, but it does help to a degree, if the next attack mirrors the previous one.  Client.reconnect commands were included in the stratum mining protocol for a reason. The 'patch' to which you are referring is built into the latest versions of kalroth cgminer and veox sgminer.  Just check their docs for use of no-client-reconnect option.  But be forewarned, some pools might legitimately utilize the command, either now or in the future, so to enable it could break certain functionality.  But poolwaffle has stated that he does not ever use it, so safe to use here.

It is a complete solution tho...  If a pool wants to re-direct my miners somewhere else before the pool goes offline or something, I don't care - that's what fail-overs are for.  There is no overly useful case for Client.reconnect that I can imagine.  The stratum commands client.reconnect and client.get_version were added to cgminer in v2.8.2, as an aside.

In the copy of sgminer I am running, I simply disabled the client.reconnect ability entirely.  Was a 5 second patch.

The reason Slush added client.reconnect to the protocol, btw:

* Implemented method client.reconnect(host, port), so pool can now easily balance clients between backends or gracefully shutdown a backend without a miner outage.

You are missing the point completely and if you cannot imagine another attack scenario, then your imagination is limited.  If you happen to look back through this thread, you will find that I was the first to suggest that client.reconnect was being used as part of the attack.  And if you look closely, you will find that I spelled out the exact potential attack scenario that you are  preaching as gospel, and ironically enough now "teaching" me how it could be carried out.  And also that mostly all of the ideas you presented as your own were only summaries of ideas that others had posted here before you -- with the notable exceptions of your misconceptions, that is.

It is all in the thread history.  I am not going to correct your errors, as you can continue to believe whatever it is you wish to believe, but I am only posting this response as an advisory to others not to place too much value in your "facts", as some of them are only your opinions, misconceived as a result of misinterpreting relevant details.  Simply stated, you are drawing false conclusions from an incomplete set of actual facts.

FYI: I don't talk about things I am not knowledgeable about.  I have nothing to prove (obviously unlike yourself), but I can assure you my knowledge of networking is higher then you might like to believe.

Really?  If you're going to claim that you have nothing to prove, then why try to point out "your knowledge" before the very same sentence containing that claim even ends?  This is the reason that I included some relevant wisdom from Hawking in my earlier reply.  You're funny -- as in you amuse me like a clown, for those readers here who are fans of Joe Pesci in Goodfellas.

[utahjohn]

ROFL. And it was me who contacted Kalroth to notify of exploit going on.  Not blowing my own horn but for now I am happy that both Kalroth cgminer and Veox sgminer are patched ... Now onto pool related issues, I think that waffle has to embrace scrypt-n coins as scrypt is becoming less and less profitable.  As mentioned earlier (by many others besides myself) there are several choices:
1. wafflepool can start a scrypt-n only port for mining (and become #1 scrypt-n multipool).  I think multipool.us already announced a partner scrypt-n pool
1.5 mine both  
2. coders can help ThirtyBird with development of kernel-switching mining client.
3. All of the above
4. Have an autotrading bot that can catch advantageous times to BUY/SELL  like what happens to BTC a page or so after this.  Make it a userpass selectable option like d=256, t=0 to specify a percentage of how much of your shares you want to trade using the bot.
Client/pool authentication sounds like it will be a long way off, for now let's concentrate on regaining profitabilty.

[phzi]

Let's analyze how ridiculous this guy is, before I put his dribble on ignore and forget about it:

You are missing the point completely and if you cannot imagine another attack scenario, then your imagination is limited.

I never said anything regarding other attack scenarios... I have talked about the recent hijackings. Obviously there are a ton of ways to hijack purposed mining rigs, the same as there are a ton of typical computers with CPUs and GPUs that could be hijacked for mining.

If you happen to look back through this thread, you will find that I was the first to suggest that client.reconnect was being used as part of the attack.

Good for him, is he looking for a pat on the back?  Because frankly, I am unsure why this matters to this current conversation.

And also that mostly all of the ideas you presented as your own were only summaries of ideas that others had posted here before you -- with the notable exceptions of your misconceptions, that is.

I definitely haven't claimed anything I've said was my original invention.  Usually, you'll see when I post, I am responding to something - expanding conversation.  You know... the point of a forum?

I am definitely NOT here to argue with someone like comeonalready that cannot even present an argument, and instead falls back on ad hominem and un-evolving attacks.  If you want to actually debate something with me of relevance in this thread, then that might be interesting.  Instead, comeonalready seems intent on having a bigger e-penis then actually trying to learn something, or explain why exactly he thinks something like:

It is all in the thread history.  I am not going to correct your errors, as you can continue to believe whatever it is you wish to believe, but I am only posting this response as an advisory to others not to place too much value in your "facts", as some of them are only your opinions, misconceived as a result of misinterpreting relevant details.  Simply stated, you are drawing false conclusions from an incomplete set of actual facts.

Notice he didn't point out a single thing that I have said that is wrong.  If it's in the thread history, why isn't he quoting it?

This guy must be flat out threatened by me, and annoyed that his thread e-penis is in danger. lol

You're funny -- as in you amuse me like a clown

Heh, awesome.  I was going to say the same thing about you.  Trolls that think they can actually win an argument without providing a contradiction with evidence to any quotation and are unbelievably priceless.

Peace out!

[utahjohn]

Gotta laugh again "e-penis" cracks me up
Again the hostility and arguing ...  I find this quite amusing in a way .. grow up! I'm happily retired now and mining coins is a hobby for me If it can become profitable again all the better.  I do believe that there must be an alternative to fiat currency but that too seems a long way off  Bitcoin is barely being recognized yet although there are some ATM's for it now in Boston if I remember correctly (C.R.S) Bottom line: Bitcoin is still too strongly linked with fiat currency to become a medium of exchange for goods and services for the unforseeable future.  Instead all cryptocoins are dumped for immediate profit ... I'm holding many different coins in the hope that fiat currency will become outmoded and cryptocoins will become a better medium of exchange (if I live that long LOL)
Look at Auroracoin meant to be an alternative to fiat for Iceland.  It was AUR/BTC 0.80  a week or so ago before the "Airdrop", traded to death, maybe will recover I am holding some.  GPUcoin has a future being exchanged for goods although their buy of GPU's to be exchange for coins is a a bit of a loss right now, on ebay GPU's can be had for much less as miners are dumping on market while they can get at least close to ROI before scrypt coins become totally unprofitable with GPU.  Sorry for the long rant LOL.  Opinions about the cryptocoin industry?

[comeonalready]

Notice he didn't point out a single thing that I have said that is wrong.  If it's in the thread history, why isn't he quoting it?

Simply because I do not care to educate you as it is not my burden to bear.  You may continue wallowing in blissful ignorance if you so choose, and it is perfectly fine by me.  And that you have also reached an incorrect conclusion as to why I did not bother to quote history in order to prove you wrong is in itself amusing.

Others here have already pointed out flaws in some of your arguments, but you were yelling too loudly to hear them.

[utahjohn]

BTC on the rise again almost to where it was, I should have bought when it was at bottom of trough and sold now for a tidy profit oh well was not watching

[bbbbbb2014]

ROFL. And it was me who contacted Kalroth to notify of exploit going on.  Not blowing my own horn but for now I am happy that both Kalroth cgminer and Veox sgminer are patched ... Now onto pool related issues, I think that waffle has to embrace scrypt-n coins as scrypt is becoming less and less profitable.  As mentioned earlier (by many others besides myself) there are several choices:
1. wafflepool can start a scrypt-n only port for mining (and become #1 scrypt-n multipool).  I think multipool.us already announced a partner scrypt-n pool
1.5 mine both  
2. coders can help ThirtyBird with development of kernel-switching mining client.
3. All of the above
Client/pool authentication sounds like it will be a long way off, for now let's concentrate on regaining profitabilty.

It's clear we all should go into the scrypt-n direction. But how much RAM do you guys have installed? 4 gigs, 6 gigs, 8 gigs?

It is not entirely clear to me how Scrypt hashing works with 2 gigs of RAM and Scrypt-n (with N=11) needs .... .... 4 times as much RAM?

How come?

[suchmoon]

ROFL. And it was me who contacted Kalroth to notify of exploit going on.  Not blowing my own horn but for now I am happy that both Kalroth cgminer and Veox sgminer are patched ... Now onto pool related issues, I think that waffle has to embrace scrypt-n coins as scrypt is becoming less and less profitable.  As mentioned earlier (by many others besides myself) there are several choices:
1. wafflepool can start a scrypt-n only port for mining (and become #1 scrypt-n multipool).  I think multipool.us already announced a partner scrypt-n pool
1.5 mine both  
2. coders can help ThirtyBird with development of kernel-switching mining client.
3. All of the above
Client/pool authentication sounds like it will be a long way off, for now let's concentrate on regaining profitabilty.

It's clear we all should go into the scrypt-n direction. But how much RAM do you guys have installed? 4 gigs, 6 gigs, 8 gigs?

It is not entirely clear to me how Scrypt hashing works with 2 gigs of RAM and Scrypt-n (with N=11) needs .... .... 4 times as much RAM?

How come?

I might be wrong, but I think it's about RAM on the graphics card, and that's part of the reason why Scrypt-N11 performs at half the hashrate of Scrypt-N10 on the same hardware. I'm running my rigs with the same 4GB as always, it doesn't seem to require any more system RAM.

[bbbbbb2014]

I might be wrong, but I think it's about RAM on the graphics card, and that's part of the reason why Scrypt-N11 performs at half the hashrate of Scrypt-N10 on the same hardware. I'm running my rigs with the same 4GB as always, it doesn't seem to require any more system RAM.

But no, all people talk about having 8 gigs of ram.

[suchmoon]

I might be wrong, but I think it's about RAM on the graphics card, and that's part of the reason why Scrypt-N11 performs at half the hashrate of Scrypt-N10 on the same hardware. I'm running my rigs with the same 4GB as always, it doesn't seem to require any more system RAM.

But no, all people talk about having 8 gigs of ram.

Well, they can talk all they want. Maybe Windows needs that much, I don't know. This is BAMT with 4 cards and vertminer:

Mem:   2830160k total,  1320704k used,  1509456k free

PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
20   0  591m  162m  67m S    3  6.0  25:58.63 vertminer


As you can see it's even less than 4GB total, I probably forgot to disable Intel graphics.

[utahjohn]

Just thinking about it, who has experience with vertcoin here? I was thinking whats the MH/BTC/ Profit ratio with this? say you want to chuck 10-14 x R9 290x at it

I am averaging about 0.012BTC/MH/day with vertcoin right now (running 10x R9 290).  But that MH value is ~50% of my scrypt(1024,1,1) hashrate.  So compared to wafflepool, it would be about .006BTC/MH/day.

Mind you, I'm speculating on vertcoin, so I'm not exchanging immediately.

projectxpps.com is pretty awesome if anyone wants a good vertcoin pool, btw.  PPS and 0% fee right now.


After it was requested by eleuthria:

Please just adopt the two commands I posted about previously:  A redirect command for a poolserver to send miners elsewhere, and a server restart notification [with timer] so a pool can attempt a graceful restart rather than suddenly dropping connections.

Nice! projectxpps.com looks even better to me.  I am going to be switching my rig a card at a time over to scrypt-n.

I am still seeing a lot of DC's on some pools ... clearly to me client.reconnect was not a solution, DC rate remains the same even after upgrading to latest scrypt miner.

Clarification : Even after client.reconnect was disabled by the patch I am showing high DC's on only a few pools, 0 on others that I am actively mining.  Checking miner logfile and see if anything unusual there.

Stratum connection to Pool interrupted a few times. But no warning from Kalroth's patch about possible exploit ...

[Ch3rub]

^^
Guys, do you need to install/re-compile cgminer to mine vertcoins? I'm on BAMT same as above and would like to try it but I'm not sure if it's just config change in cgminer's config file or I need another cgminer version... or I need different BAMT? 

[utahjohn]

vertminer or sgminer (i think will do scrypt-n) not sure.. I am still in process of researching move to scrypt-n ...