Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB

[anth0ny]

I don't understand what you're saying, then. What's the reason my PC is probably safer than an online bank? I'm not a security expert, or anything, whereas many of the people working for the online bank are.

I'm assuming we're talking about a reputable online bank, of course.

You're less of a target.

Yes, I'm less of a target than a bank.

That doesn't mean I carry tens of thousands of dollars in cash in my wallet or store it under my pillow.

Unless you advertise yourself... "hey, I do x, y, and z to protect my 100btc!"  and your facebook page is in your sig.

There are a lot of people who know I'm a big fan of Bitcoin.

I don't broadcast how much I have or where I store it, but I'd say I'm significantly more of a target than the average Joe.

In any case, I'm not saying that either solution is perfect. What we need is a split key system where I can store half of the key in a fire safe and the other half in an online or traditional bank. But I don't know of any online service that offers this (and I doubt anyone reputable is yet doing it). And doing it using a brick-and-mortar safety deposit box is 1) a pain; and 2) risky in that I might screw something up and accidentally lose all my BTC.

Maybe just doing it using an online storage service. But then I still have the issues of 1) it's a pain; and 2) it's risky in that I might screw something up and accidentally lose all my BTC. Also, the online storage service probably won't have the same policies as an online bank. It needs to be something where I have a memorized password, but where my heirs can get access when I die or become disabled.

[baddw]

Yes, they're a big fat target. (*) But they spend many orders of magnitude more on security than I do.

Breaking into my house is trivial. Breaking into the bank where Coinbase stores their cold wallets is much tougher.

(*) Although, perhaps less of a fat target than you might think, as they surely don't store all their BTC in a single location.

Breaking into your house is trivial, but breaking into a house where there are 20BTC stored in an unencrypted wallet is pretty much astronomical odds..... there'd be less variance for the burgler breaking into 20 houses and stealing diamond rings.  As long as you're not advertising your real name and location in conjunction with your BTC address, I see no reason why this is something that one would reasonably fear.

The odds that are important are the odds that someone is going to break into my house and steal my computer.

They're not high, but they're not astronomically low, either.

But while we're on this subject, if I'm going to store BTC at home, it's going to be in a fire safe, not on a computer, anyway. The risk that my house is going to burn down is also not high, but not astronomically low, either.

(The chance that a house where there are 20BTC stored in an unencrypted wallet will burn down.... Well that's irrelevant.)

(If you live in a high-crime area where break-ins commonly occur, and a computer is a likely candidate to be stolen just for its street value, you should make a copy of your encrypted private keys and put the copy somewhere safe, so if your computer is stolen then you will be able to recover them quickly and transfer the BTC to a new address.) Whereas you can bet that there are literally hundreds of hackers (some intelligent, some not so much) trying to crack Coinbase, et al. on a daily basis.

If you're going to do that, why bother keeping them on the computer in the first place?

That said, I'd say it's still more likely someone is going to break into my house and steal my fire safe (pretending for the moment that I have one), than that someone is going to rob the safety deposit boxes where Coinbase stores their wallets.

Well, I guess it comes down to a matter of trust.  Trust in yourself and your ability to protect your property, versus trust in a third party such as Coinbase, given that they are a much bigger and public target.  

I know that I have my laptop physically with me at almost all times, and it is backed up at least weekly on a hard drive stored in a location under my control.  My important keys (BTC mostly) are replicated up a 3rd time on a USB drive.  All encrypted, of course.  I know, know for a FACT, that if any of these are compromised, I will be aware of it within a short period of time, and be able to move the BTC to another address before the encryption can be cracked.  I also know for a FACT, that without one of these 3 being compromised, I will not ever have to worry about my keys being stolen.

With BTC stored with a third party, there are many unknowns, most of which cannot be verified by me.  How many employees have access?  How many times has the code been audited?  Can I read the code myself?  Do they make their addresses and balances public?  Without a VERY high level of transparency, I can never know for a FACT that the BTC stored with them are safe.  Therefore, I must trust them in order to store my BTC with them.  And I simply will not choose to do that, when there are simple security measures that I can undertake personally, and which will not restrict my use of my BTC in any way, or require me to undertake anything onerous.

[baddw]

What we need is a split key system where I can store half of the key in a fire safe and the other half in an online or traditional bank.

Keeping your entire key in a fire safe: You lose your key if the fire safe is stolen.

Keeping half of your key in a fire safe and half of it in a bank: You lose your key if the fire safe is stolen, OR if it is stolen from the bank.

This would actually be less safe.

EDIT: Well, it would be "safer" in that it would be harder for the BTC to be stolen from that address, but it would be "less secure" in that it increases the chances of YOU not being able to access those BTC.

[anth0ny]

Well, I guess it comes down to a matter of trust.  Trust in yourself and your ability to protect your property, versus trust in a third party such as Coinbase, given that they are a much bigger and public target.

And have experts who are trained in security. And have much more money to spend on security systems.

It does in a sense come down to a matter of trust. I trust experts to implement a better security system than doing it myself.

I know that I have my laptop physically with me at almost all times, and it is backed up at least weekly on a hard drive stored in a location under my control.  My important keys (BTC mostly) are replicated up a 3rd time on a USB drive.  All encrypted, of course.  I know, know for a FACT, that if any of these are compromised, I will be aware of it within a short period of time, and be able to move the BTC to another address before the encryption can be cracked.  I also know for a FACT, that without one of these 3 being compromised, I will not ever have to worry about my keys being stolen.

And what if your house catches on fire while you're sleeping, or if you get into a car accident and go into a coma?

I mean, maybe you don't care about your heirs, or what happens to you if you become incapacitated, but I do.

With BTC stored with a third party, there are many unknowns, most of which cannot be verified by me.  How many employees have access?  How many times has the code been audited?  Can I read the code myself?  Do they make their addresses and balances public?  Without a VERY high level of transparency, I can never know for a FACT that the BTC stored with them are safe.  Therefore, I must trust them in order to store my BTC with them.  And I simply will not choose to do that, when there are simple security measures that I can undertake personally, and which will not restrict my use of my BTC in any way, or require me to undertake anything onerous.

There are always many unknowns. But your choice is your choice, and I'm not trying to tell you what to choose.

[anth0ny]

What we need is a split key system where I can store half of the key in a fire safe and the other half in an online or traditional bank.

Keeping your entire key in a fire safe: You lose your key if the fire safe is stolen.

Keeping half of your key in a fire safe and half of it in a bank: You lose your key if the fire safe is stolen, OR if it is stolen from the bank.

This would actually be less safe.

EDIT: Well, it would be "safer" in that it would be harder for the BTC to be stolen from that address, but it would be "less secure" in that it increases the chances of YOU not being able to access those BTC.

You were the one making the issue about being a target. A split key is less of a target.

That said, good point. But one with a solution. Also keep a signed transaction with a lock_time in the future, and transfer the BTC before that lock_time arrives.

You could also do a two out of three split key or something like that.

Anyway, see, this is why I don't trust myself to single-handedly implement a security system.

[smooth]

That doesn't mean I carry tens of thousands of dollars in cash in my wallet or store it under my pillow.

BTC shares some characteristics with cash but it differs as well. You can make backup copies of encrypted wallets (private keys) such that physical access to the wallets does release the BTC. Likewise you can split the keys so that access to both are required.

Using these properties to create a robust security scheme is a whole separate discussion, likely off topic for the eligius thread, wouldn't you agree?

[anth0ny]

That doesn't mean I carry tens of thousands of dollars in cash in my wallet or store it under my pillow.

BTC shares some characteristics with cash but it differs as well. You can make backup copies of encrypted wallets (private keys) such that physical access to the wallets does release the BTC. Likewise you can split the keys so that access to both are required.

Well, yeah, I alluded to that, and also mentioned some of the problems with trying to implement such a system on your own.

I'm sure some day in the not too distant future someone will come out with a tried and tested, reliable system like this. But right now I don't know of one. And my comparison was only between storing BTC on one's computer and storing it at Coinbase. I still think the latter is usually a little bit safer. (In general. For some people it'll be a lot safer. For a special few it might be less safe.)

Using these properties to create a robust security scheme is a whole separate discussion, likely off topic for the eligius thread, wouldn't you agree?

I have no idea. Should I delete these messages?

[claudesdad]

I'm trying to get one of my Antminer S1's to mine against the Eligius pool - but I can't seem to get the thing to connect.

In the Antminer GUI - I go to

Status -> Miner Configuration

Then on the Pool 1 line I enter :  stratum+tcp://stratum.mining.eligius.st:3334 -u <my wallet address>_worker2S1a -p x -I 9

and I left everything else blank.

but I can't seem to get the S1 to connect and mine.

I've read thru the directions on the Eligius pages and checked a bunch of stuff - and I'm not getting a connection.

I am sitting behind a firewall.  So I just wanted to make sure I had the S1 configuration correct before I started chasing config problems there.

Thanks

[smooth]

I have no idea. Should I delete these messages?

"Stop digging"

[mdude77]

I'm trying to get one of my Antminer S1's to mine against the Eligius pool - but I can't seem to get the thing to connect.

In the Antminer GUI - I go to

Status -> Miner Configuration

Then on the Pool 1 line I enter :  stratum+tcp://stratum.mining.eligius.st:3334 -u <my wallet address>_worker2S1a -p x -I 9

and I left everything else blank.

but I can't seem to get the S1 to connect and mine.

I've read thru the directions on the Eligius pages and checked a bunch of stuff - and I'm not getting a connection.

I am sitting behind a firewall.  So I just wanted to make sure I had the S1 configuration correct before I started chasing config problems there.

This is not cgminer on your PC, so the command line is all wrong.

Try putting in http://stratum.mining.eligius.st:3334 in the first line, your mining address in the second line, and something (like 1234) in the third line.  You don't need or want the -p -I parms.

M

[claudesdad]

I'm trying to get one of my Antminer S1's to mine against the Eligius pool - but I can't seem to get the thing to connect.

In the Antminer GUI - I go to

Status -> Miner Configuration

Then on the Pool 1 line I enter :  stratum+tcp://stratum.mining.eligius.st:3334 -u <my wallet address>_worker2S1a -p x -I 9

and I left everything else blank.

but I can't seem to get the S1 to connect and mine.

I've read thru the directions on the Eligius pages and checked a bunch of stuff - and I'm not getting a connection.

I am sitting behind a firewall.  So I just wanted to make sure I had the S1 configuration correct before I started chasing config problems there.

This is not cgminer on your PC, so the command line is all wrong.

Try putting in http://stratum.mining.eligius.st:3334 in the first line, your mining address in the second line, and something (like 1234) in the third line.  You don't need or want the -p -I parms.

M

Hey - look at that. When I do it correctly - it actually works!

Thanks for the help.

[mdude77]

I just published v3.3 of my Windows only MPoolMonitor.  Only reason I'm posting this here is it now shows the luck stats from Eligius.  As far as I know it's accurate.



See https://bitcointalk.org/index.php?topic=86502.0.

M

[M3kk]

12 days ago no NMC payment?

[TodaysGandalf]

I just published v3.3 of my Windows only MPoolMonitor.  Only reason I'm posting this here is it now shows the luck stats from Eligius.  As far as I know it's accurate.

http://www.mdude.org/mpoolmonitor-eligius-luck.jpg

See https://bitcointalk.org/index.php?topic=86502.0.

M

Schweet lookin piece o' coding you got there mdude77!  You gonna open-source that tool?  I'd love to take that and throw in some code to monitor my miners' health too.

[TodaysGandalf]

blockchain.info is probably going to be the next MtGox...

Bold statement. You just speculating or have some specific information?

Mostly speculating. They like to portray themselves as more secure, when they're really not.

How so? With Blockchain.info, I have my private keys. They cannot run away with the money!

You have your private keys, but who else does as well?

Do you check the html/javascript every time you use the site?

I'm not saying they're doing anything nefarious, but what's to stop a rogue employee (or group of employees, or anyone capable of faking an SSL certificate) from modifying the javascript and stealing the private keys?

Yes, we could all drive ourselves to insanity worrying about the security of our Bitcoins.  The thing is, if some party is clever enough to do script injection on the fly, they are probably going to do some damage and there is little we can do as individuals to avert it.  I believe the facts are that in, what, five years of Bitcoin history, little of that type of security hacking has occurred.  When it HAS happened, it was a VERY high profile heist.  Your 20BTC wallet just isn't worth the effort to focus on you.  Crooks know there is cash in 95% of the houses out there.  Do they break into all 95%?  No, just the most profitable ones.

Mt. Gox got burned by their own stupidity by incorrectly implementing the Bitcoin protocol.  So, nefarious opportunists could use that crack in their code to get paid more than they were entitled to, and Mt. Gox ended up in a piddling mess when their audit came back short of coin.

I use a Blockchain.info online wallet because I like their Android client.  They are not an exchange so they never need to have the access to manipulate my wallet balance.  I NEVER give them my private key to log in, just an account ID (which is NOT my wallet address) and my password (which is NOT my private key).  When they were down for a while, I was able to take my blockchain.info encrypted wallet backup, which I create via dropbox daily, my private key, Multibit wallet software and have my wallet back and running on my PC in 10 minutes.

In actuality a wallet is just an extrapolation of your balance from the blockchain for just your wallet address.  The private key just proves that you have the right to originate transactions using that address via cryptographic means.  Anyone that knows your wallet address can discern how much BTC it contains by digesting the entire blockchain looking for transactions that add and subtract from the balance for that address, it's public information.  That's the process that takes like three hours when you install new wallet software on your PC, longer if it has to go back to the Genesis block.

Blockchain.info got burned and shut down for the majority of the past four days due to a technical issue with MySQL clustering.  Plain and simple.  In my experience with being a datacenter engineer for 20+ years, you have far more exposure to risk on a day-to-day basis from Murphy's Law than criminals.  I've had to recover clustered SQL servers from crashes.  It's not pretty and it's not easy or quick.

Electronics fail, paper gets destroyed, passwords get lost/forgotten.  Keep your wallet data and especially your private keys as safe as, or safer than, you would fiat cash.  Practice safe computing practices.  Back yer shtuff up!  That's the best you can do.  Cryptocurrencies at least have the added advantage in that you can keep multiple copies of credentials safeguarded in multiple ways.

[CroverNo01]

Just an update to say Blockchain.info contacted me back within 8 hours and fixed the block that was unconfirmed.

and got my wallet updated

thanks for all the input

[davebodger]

I'm trying to get one of my Antminer S1's to mine against the Eligius pool - but I can't seem to get the thing to connect.

In the Antminer GUI - I go to

Status -> Miner Configuration

Then on the Pool 1 line I enter :  stratum+tcp://stratum.mining.eligius.st:3334 -u <my wallet address>_worker2S1a -p x -I 9

and I left everything else blank.

but I can't seem to get the S1 to connect and mine.

I've read thru the directions on the Eligius pages and checked a bunch of stuff - and I'm not getting a connection.

I am sitting behind a firewall.  So I just wanted to make sure I had the S1 configuration correct before I started chasing config problems there.

This is not cgminer on your PC, so the command line is all wrong.

Try putting in http://stratum.mining.eligius.st:3334 in the first line, your mining address in the second line, and something (like 1234) in the third line.  You don't need or want the -p -I parms.

M

I leave off the http:// bit as well.
I find stratum.mining.eligius.st:12234 works best for me. YMMV.

[anth0ny]

How so? With Blockchain.info, I have my private keys. They cannot run away with the money!

You have your private keys, but who else does as well?

Do you check the html/javascript every time you use the site?

I'm not saying they're doing anything nefarious, but what's to stop a rogue employee (or group of employees, or anyone capable of faking an SSL certificate) from modifying the javascript and stealing the private keys?

Yes, we could all drive ourselves to insanity worrying about the security of our Bitcoins.  The thing is, if some party is clever enough to do script injection on the fly, they are probably going to do some damage and there is little we can do as individuals to avert it.

There's always some risk, but storing your BTC with a company which could access it, but claims that they can't, is probably more risky than other things.

Didn't Dropbox do that?

I believe the facts are that in, what, five years of Bitcoin history, little of that type of security hacking has occurred.  When it HAS happened, it was a VERY high profile heist.  Your 20BTC wallet just isn't worth the effort to focus on you.  Crooks know there is cash in 95% of the houses out there.  Do they break into all 95%?  No, just the most profitable ones.

The focus would be on blockchain.info, not on you specifically.

Mt. Gox got burned by their own stupidity by incorrectly implementing the Bitcoin protocol.  So, nefarious opportunists could use that crack in their code to get paid more than they were entitled to, and Mt. Gox ended up in a piddling mess when their audit came back short of coin.

You believe that?  

I use a Blockchain.info online wallet because I like their Android client.  They are not an exchange so they never need to have the access to manipulate my wallet balance.  I NEVER give them my private key to log in, just an account ID (which is NOT my wallet address) and my password (which is NOT my private key).

So where do you think your private key is stored?

With the standard settings, blockchain.info has an encrypted version of your private key.

When they were down for a while, I was able to take my blockchain.info encrypted wallet backup, which I create via dropbox daily, my private key, Multibit wallet software and have my wallet back and running on my PC in 10 minutes.

That's great, but I don't see what blockchain.info is adding. There are other android clients which don't require you to give anyone your private key (encrypted or not).

In actuality a wallet is just an extrapolation of your balance from the blockchain for just your wallet address.  The private key just proves that you have the right to originate transactions using that address via cryptographic means.  Anyone that knows your wallet address can discern how much BTC it contains by digesting the entire blockchain looking for transactions that add and subtract from the balance for that address, it's public information.  That's the process that takes like three hours when you install new wallet software on your PC, longer if it has to go back to the Genesis block.

You're only using one address for all your transactions?

Blockchain.info got burned and shut down for the majority of the past four days due to a technical issue with MySQL clustering.  Plain and simple.  In my experience with being a datacenter engineer for 20+ years, you have far more exposure to risk on a day-to-day basis from Murphy's Law than criminals.  I've had to recover clustered SQL servers from crashes.  It's not pretty and it's not easy or quick.

Electronics fail, paper gets destroyed, passwords get lost/forgotten.  Keep your wallet data and especially your private keys as safe as, or safer than, you would fiat cash.  Practice safe computing practices.  Back yer shtuff up!  That's the best you can do.  Cryptocurrencies at least have the added advantage in that you can keep multiple copies of credentials safeguarded in multiple ways.

And the security of your private key is only as secure as the least secure backup copy.

[mdude77]

Schweet lookin piece o' coding you got there mdude77!  You gonna open-source that tool?  I'd love to take that and throw in some code to monitor my miners' health too.

As soon as I can figure out how to use GitHub.

M

[ajw7989]

has anyone been paid namecoins yet. My last payment was on the 8th