geebus
|
|
April 07, 2011, 12:51:10 AM |
|
A FairUser post from BitcoinPool's forum: (emphasis added) [...] If that 90% of the getwork you missed contained the answer for the block, chances are you will not (1) find it and (2) get another getwork that contains the answer for the block for several days.
It is in your best interest and the pools for you to be efficiently mining. Please fix your problems before you continue mining in this pool. If you have a problem with that, then go be inefficient in different pool (cause it helps us when you do ;-).
From the first portion's (2), it is apparent that FairUser still does not understand probability when it comes to mining. Either that, or he is purposefully spinning things to seem bad. Not finding a valid solution does not have any effect upon the probability of when you will find a valid solution. And the 2nd part...... That's a great way to treat people that are contributing to you. What was that about gift horses and mouths? Our pool. Our rules. It seems you don't understand that.
|
Feel like donating to me? BTC Address: 14eUVSgBSzLpHXGAfbN9BojXTWvTb91SHJ
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 07, 2011, 12:52:04 AM |
|
Unless you've audited our site
I saw part of pool sources, as I wrote many weeks ago to the forum thread... through attempted attacks
...but I didn't hacked your pool. Those sources were just printed on the homepage for some time (following block is reformated, but code untouched): // GHash/s $numshares = mysql_num_rows(mysql_query("SELECT username FROM shares")); $sampletime = 300; $deltaframe = time() - $sampletime; $sharesbeforedelta=mysql_num_rows(mysql_query("SELECT username FROM shares WHERE datetime < '".$deltaframe."'")); $sharesdelta = (($numshares - $sharesbeforedelta) * pow(2, 32)) / $sampletime; while(strlen($sharesdelta) > 4){ if(strlen($sharesdelta) >= 10 ? $sharesdelta = ($sharesdelta / 1000) : $sharesdelta = $sharesdelta); if(strlen(round($sharesdelta)) >= 7 ? $sharesdelta = ($sharesdelta / 1000) : $sharesdelta = $sharesdelta); if(strlen(round($sharesdelta)) >= 4 ? $sharesdelta = ($sharesdelta / 1000) : $sharesdelta = $sharesdelta); $sharesdelta = round($sharesdelta, 2); if($sampletime > 60 ? $avgstr = ($sampletime/60)."m avg" : $avgstr = ($sampletime)."s avg"); $theReturn = "Estimated Pool Speed (".$avgstr."): ".$sharesdelta." Ghash/s"; }
From this code I see that you were using mysql and inserting parameters directly into sql statements. So no black magic from my side, no speculations. And if you read carefully my previous post, I'm not attacking you, just thinking about possible problems. , or looked at our code directly through successful attacks, you don't know how our site, or pool is coded, and should not comment on it.
As you see, I can read your code even without attacking your site . Edit: I'm just chatting with others about technical stuff, security and so on, it isn't targeted against you anyhow (I'm pretty tired that you take everything personally). And as I don't expect your reaction, I'm not writing it to official bitcoinpool thread. Edit2: I published the code because I expect it is no longer in production. Looks like you followed my advice and removed the mysql_num_rows(mysql_query()) stuff, because pool homepage is little faster even on long rounds...
|
|
|
|
xenon481
|
|
April 07, 2011, 12:52:09 AM |
|
Our pool. Our rules.
It seems you don't understand that.
I do understand that. That's one of the reasons that I'm not registered on your forum. This isn't your thread, therefore your rules don't apply.
|
Tips Appreciated: 171TQ2wJg7bxj2q68VNibU75YZB22b7ZDr
|
|
|
geebus
|
|
April 07, 2011, 01:20:44 AM |
|
Unless you've audited our site
I saw part of pool sources, as I wrote many weeks ago to the forum thread... through attempted attacks
...but I didn't hacked your pool. Those sources were just printed on the homepage for some time (following block is reformated, but code untouched): // GHash/s $numshares = mysql_num_rows(mysql_query("SELECT username FROM shares")); $sampletime = 300; $deltaframe = time() - $sampletime; $sharesbeforedelta=mysql_num_rows(mysql_query("SELECT username FROM shares WHERE datetime < '".$deltaframe."'")); $sharesdelta = (($numshares - $sharesbeforedelta) * pow(2, 32)) / $sampletime; while(strlen($sharesdelta) > 4){ if(strlen($sharesdelta) >= 10 ? $sharesdelta = ($sharesdelta / 1000) : $sharesdelta = $sharesdelta); if(strlen(round($sharesdelta)) >= 7 ? $sharesdelta = ($sharesdelta / 1000) : $sharesdelta = $sharesdelta); if(strlen(round($sharesdelta)) >= 4 ? $sharesdelta = ($sharesdelta / 1000) : $sharesdelta = $sharesdelta); $sharesdelta = round($sharesdelta, 2); if($sampletime > 60 ? $avgstr = ($sampletime/60)."m avg" : $avgstr = ($sampletime)."s avg"); $theReturn = "Estimated Pool Speed (".$avgstr."): ".$sharesdelta." Ghash/s"; }
From this code I see that you were using mysql and inserting parameters directly into sql statements. So no black magic from my side, no speculations. And if you read carefully my previous post, I'm not attacking you, just thinking about possible problems. , or looked at our code directly through successful attacks, you don't know how our site, or pool is coded, and should not comment on it.
As you see, I can read your code even without attacking your site . Thats old code that hasn't been in place for some time slush. Likewise, not really capable of doing sql injection if no variables are being requested from other functions or from post data, so it's completely safe to pass a static variable to a SQL string without escaping it. Especially if I'm enforcing strict data types on the sql server. Furthermore, the PHP code used to calculate pool hash speed is hardly an indicator of how the rest of our pool and site is coded.
|
Feel like donating to me? BTC Address: 14eUVSgBSzLpHXGAfbN9BojXTWvTb91SHJ
|
|
|
bobR
Member
Offline
Activity: 112
Merit: 10
|
|
April 07, 2011, 07:15:06 PM Last edit: April 07, 2011, 08:20:16 PM by bobR |
|
Well of 349 get works so far 143 had no results that's better than 1/3 that were worthless to hash to the last bit these numbers are from poclbm-mod which continues running even now and has been running since yesterday on at least 5 different blocks
still only seeing like 1 in 8 above 75%
and FYI after 4 days of excluded low efficiency's the pool efficiency is still around 80%
|
|
|
|
bombo999
Member
Offline
Activity: 107
Merit: 10
|
|
April 08, 2011, 12:51:14 AM |
|
Well of 349 get works so far 143 had no results that's better than 1/3 that were worthless to hash to the last bit these numbers are from poclbm-mod which continues running even now and has been running since yesterday on at least 5 different blocks
still only seeing like 1 in 8 above 75%
and FYI after 4 days of excluded low efficiency's the pool efficiency is still around 80%
Why do you use this pool if all you do is complain about it?
|
|
|
|
nster
|
|
April 08, 2011, 01:04:27 AM |
|
Well of 349 get works so far 143 had no results that's better than 1/3 that were worthless to hash to the last bit these numbers are from poclbm-mod which continues running even now and has been running since yesterday on at least 5 different blocks
still only seeing like 1 in 8 above 75%
and FYI after 4 days of excluded low efficiency's the pool efficiency is still around 80%
Why do you use this pool if all you do is complain about it? He troll and likes to call other people trolls. :p Still, it is better to criticize a system and try to find potential flaws then leave it be and see many people getting ripped off by the said system unknowingly
|
167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Please be kind if I helped
|
|
|
xenon481
|
|
April 08, 2011, 03:46:11 AM |
|
Thats old code that hasn't been in place for some time slush. Likewise, not really capable of doing sql injection if no variables are being requested from other functions or from post data, so it's completely safe to pass a static variable to a SQL string without escaping it. Especially if I'm enforcing strict data types on the sql server.
Furthermore, the PHP code used to calculate pool hash speed is hardly an indicator of how the rest of our pool and site is coded.
You yourself said that the problem was injection. Our worry was that your wallet ID may have been changed via injection, [...]
|
Tips Appreciated: 171TQ2wJg7bxj2q68VNibU75YZB22b7ZDr
|
|
|
bobR
Member
Offline
Activity: 112
Merit: 10
|
|
April 08, 2011, 08:25:12 PM |
|
I just making reports trolls here are deciding what's real & whats troll turds "NOT ME" do as you will ... WHO CARES anyway Today was not very different I restarted / re did for a previous version of sdk was just an exercise in useless shit SDK 2.1 made no diff to SDK 2.3 saw NOTHING different as a note i did see an hr with nothing reported....10+ nothing to shows but mining everything REALLY helps Fyi I think i'm down coins since the eff limit even though THE NUMBERS say I'm more eff So what does that say oh ps even slush says ignore nster -- everyone knows he's a troll
|
|
|
|
nster
|
|
April 08, 2011, 09:34:40 PM Last edit: April 08, 2011, 10:39:36 PM by nster |
|
bobR, there are 2 things I have to say: #1 learn english. Your posts are not very clear or comprehensible #2 slush was being sarcastic... http://img.techpowerup.org/110408/Capture142.png
|
167q1CHgVjzLCwQwQvJ3tRMUCrjfqvSznd Donations are welcome Please be kind if I helped
|
|
|
sethsethseth
Sr. Member
Offline
Activity: 257
Merit: 250
Not trusting third parties with my private keys
|
|
April 08, 2011, 10:14:31 PM |
|
The bitcoinpool miner is the only one that works with sdk 2.1 on win7 afaik, which is worth almost 4% more for me in increased hash rate (40mhash total more for me on dual 5970's). I'm solo mining though....
|
SealsWithClubs poker room has over 400 players online. Buy in from .01 to 60btc. BTCSportsMatch lets you bet sports with vig free lines! Best kept secret in bitcoin.... LocalBitcoins.com is very user-friendly now for bank transfers. You don't have to live close to trade when in the same currency area. Electrum client is awesome. Try it. And please stop sending bitcoins to sites run by security newbies, or don't complain when you lose everything.
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 08, 2011, 10:55:02 PM |
|
The bitcoinpool miner is the only one that works with sdk 2.1 on win7 afaik, which is worth almost 4% more for me in increased hash rate (40mhash total more for me on dual 5970's). I'm solo mining though....
bitcoinpool miner is normal m0mchil miner with some cosmetic changes in logging and network layer, but it does not affect hashrate. standard poclbm works for me on sdk2.1 and win7 without any problem...
|
|
|
|
sethsethseth
Sr. Member
Offline
Activity: 257
Merit: 250
Not trusting third parties with my private keys
|
|
April 08, 2011, 11:21:09 PM Last edit: April 08, 2011, 11:49:22 PM by sethsethseth |
|
really? i posted a 50btc bounty in the poclbm thread a while back to whoever had a solution to sdk2.1 + 10.11 drivers with dual 5970's on win7 64bit and this miner was the only one that worked
EDIT: just fired up some other miners and noticed they all work now.... must be the 11.2 driver update.
|
SealsWithClubs poker room has over 400 players online. Buy in from .01 to 60btc. BTCSportsMatch lets you bet sports with vig free lines! Best kept secret in bitcoin.... LocalBitcoins.com is very user-friendly now for bank transfers. You don't have to live close to trade when in the same currency area. Electrum client is awesome. Try it. And please stop sending bitcoins to sites run by security newbies, or don't complain when you lose everything.
|
|
|
Garrett Burgwardt
|
|
April 08, 2011, 11:54:39 PM |
|
The bitcoinpool miner is the only one that works with sdk 2.1 on win7 afaik, which is worth almost 4% more for me in increased hash rate (40mhash total more for me on dual 5970's). I'm solo mining though....
bitcoinpool miner is normal m0mchil miner with some cosmetic changes in logging and network layer, but it does not affect hashrate. standard poclbm works for me on sdk2.1 and win7 without any problem... Yeah it was the only miner that worked for me, 7 x64
|
|
|
|
Zamicol
Newbie
Offline
Activity: 56
Merit: 0
|
|
April 09, 2011, 06:46:18 AM |
|
Hey guys!
All day Earning have been showing this:
Unconfirmed: N/A
So I have no idea how much I have earned. I notice that I can't find any other account that does. Is there a problem with the service?
I switched to Slush's for the moment; at least until I know that my earnings aren't flying away.
|
|
|
|
xenon481
|
|
April 12, 2011, 06:25:34 PM Last edit: April 12, 2011, 06:41:01 PM by xenon481 |
|
According to posts on BitcoinPool's own forum, it appears that the missing payments issue is indeed more widespread than just the one single instance noticed before. The user audaibnjad has so far tracked 2 more blocks for which is hasn't been properly paid. http://www.bitcoinpool.com/forum/viewtopic.php?f=1&t=26Edit: Also, it looks like the user accounts are getting (successfully) brute forced or dictionary attacked and they haven't put in any lockout measures or other some such to prevent it. So I'll say this again, login and check your wallet ID. Change your passwords, and make them secure. If you get compromised and haven't checked your wallet ID, don't say we didn't warn you. Edit2: Also, more concerns from users that are seeing the tell-tale signs that the pool is being attacked by implementations of the pool-hopping exploit. Just wanted to know, are there any plans to reduce the ammount of cheaters (mainly pool hoppers)? it seems that this pool's speed takes a dump whenever it's half way through solving a block.
|
Tips Appreciated: 171TQ2wJg7bxj2q68VNibU75YZB22b7ZDr
|
|
|
grndzero
|
|
April 13, 2011, 02:49:28 AM Last edit: April 13, 2011, 03:07:06 AM by grndzero |
|
According to posts on BitcoinPool's own forum, it appears that the missing payments issue is indeed more widespread than just the one single instance noticed before. The user audaibnjad has so far tracked 2 more blocks for which is hasn't been properly paid. http://www.bitcoinpool.com/forum/viewtopic.php?f=1&t=26In the interest of being objective, Geebus posted that this is due to blocks being invalid and not passing confirmation. This should also fix the discrepancy in the historical payouts. http://www.bitcoinpool.com/forum/viewtopic.php?f=1&t=27Just wanted to know, are there any plans to reduce the ammount of cheaters (mainly pool hoppers)? it seems that this pool's speed takes a dump whenever it's half way through solving a block.
When I was mining there, the speed would fluctuate through out the whole block quite a bit. It looked like people would hop on and request a few getworks, hardly process any, then drop off. A quick check of the user list doesn't show an active user or registered user with that name (subjective as it is) and smells like baiting to me.
|
Ubuntu Desktop x64 - HD5850 Reference - 400Mh/s w/ cgminer @ 975C/325M/1.175V - 11.6/2.1 SDK Donate if you find this helpful: 1NimouHg2acbXNfMt5waJ7ohKs2TtYHePy
|
|
|
xenon481
|
|
April 13, 2011, 03:30:25 AM |
|
According to posts on BitcoinPool's own forum, it appears that the missing payments issue is indeed more widespread than just the one single instance noticed before. The user audaibnjad has so far tracked 2 more blocks for which is hasn't been properly paid. http://www.bitcoinpool.com/forum/viewtopic.php?f=1&t=26In the interest of being objective, Geebus posted that this is due to blocks being invalid and not passing confirmation. This should also fix the discrepancy in the historical payouts. http://www.bitcoinpool.com/forum/viewtopic.php?f=1&t=27Geebus hadn't found the issue yet when I posted about it. But what Geebus found is also very interesting... Out of the last 50 blocks that the pool has found, 4 of them have been invalid. That's an 8% invalid rate over the past 50 blocks! In the mean time (during basically the same time period), Slush's pool has only had 2 invalid blocks out of the past 500 (0.4%). And Tycho's pool pays 48.5BTC for each block found even if it is eventually found to be invalid.
|
Tips Appreciated: 171TQ2wJg7bxj2q68VNibU75YZB22b7ZDr
|
|
|
grndzero
|
|
April 13, 2011, 04:19:00 AM |
|
Geebus hadn't found the issue yet when I posted about it. But what Geebus found is also very interesting... Out of the last 50 blocks that the pool has found, 4 of them have been invalid. That's an 8% invalid rate over the past 50 blocks! In the mean time (during basically the same time period), Slush's pool has only had 2 invalid blocks out of the past 500 (0.4%). And Tycho's pool pays 48.5BTC for each block found even if it is eventually found to be invalid. If they are working on a block and there are 2 other pools that are 5x and 8x faster than them, then that wouldn't exactly surprise me. One of the other pools comes ripping through and finds the solution right before bitcoinpool doesn't seem that far fetched.
|
Ubuntu Desktop x64 - HD5850 Reference - 400Mh/s w/ cgminer @ 975C/325M/1.175V - 11.6/2.1 SDK Donate if you find this helpful: 1NimouHg2acbXNfMt5waJ7ohKs2TtYHePy
|
|
|
xenon481
|
|
April 13, 2011, 04:28:31 AM |
|
Geebus hadn't found the issue yet when I posted about it. But what Geebus found is also very interesting... Out of the last 50 blocks that the pool has found, 4 of them have been invalid. That's an 8% invalid rate over the past 50 blocks! In the mean time (during basically the same time period), Slush's pool has only had 2 invalid blocks out of the past 500 (0.4%). And Tycho's pool pays 48.5BTC for each block found even if it is eventually found to be invalid. If they are working on a block and there are 2 other pools that are 5x and 8x faster than them, then that wouldn't exactly surprise me. One of the other pools comes ripping through and finds the solution right before bitcoinpool doesn't seem that far fetched. That's not how it works. Invalid blocks are a function of how far away (from an average node distance standpoint) the pool's bitcoind is from the rest of the bitcoin network. A high number of invalid block submissions implies that the bitcoind instance is relatively closer to an edge of the network than the center. The pool is working on a block with a prevhash pointing to the previous found block. But if the pool's bitcoind doesn't have the latest information from the blockchain, then it will be working against the wrong prevhash. The further away the pool is from the center of the network, the longer it will take (on average) for the pool to get blockchain updates.
|
Tips Appreciated: 171TQ2wJg7bxj2q68VNibU75YZB22b7ZDr
|
|
|
|