salt
Newbie
 Offline
Activity: 29
Merit: 0
|
 |
March 13, 2015, 08:41:47 AM |
|
[gratuitous post to show-off my new signature]  Sunny California here, GingerBread.  does openalias works with separated subdomains? mymonero.com could make some extra moneroj selling personalized mymonero.com/user openaliases. yeah, I actually talked with fluffy about this and he said they had thought about it, but they have bigger fish to fry. I.e., it is doable, but would take time away from actually developing the core, so here we are again, monero being awesome. Yeah, i've experimented with up to 1 level of subdomain so far... so blah.blippity.com I think after that its just too many periods. I own paymonero.com and payxmr.com . If anyone wants an open alias there, let me know. I'll give away the first .... I dunno.... 25 for free for.... a year? After that, 30 XMR for 5 years? Currently, I don't have DNS-SEC set up (because i have to pay godaddy to do it because the site I registered on doesn't have them), so people will get that warning when they use it. i wonder if my registrar will care that I'll have a bajillion text entries.... sure, you'll have to trust me, but if you want to avoid having to register a domain (and subsequent divulge personal information) this is one route. I've been pondering though how to automate a type of security, wherein you would be notified if the dns entry became compromised (e.g., my password was hacked, the registrar was hacked... hrm, perhaps one could put the information into the monero blockchain (first X digits of address, with enough space left for the open alias address..) ... or this could just be an overcomplicated way of saying to just use namecoin as the registrar.... . Most registrars do have DNS entry limits, and it's often annoying to add entries. You may want to look into hosting your own (redundant) DNS. |
|
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
superresistant
Legendary
Offline
Activity: 2128
Merit: 1120
|
|
March 13, 2015, 09:51:57 AM |
|
Hi,
On monero.crypto-pool.fr we discovered a flaw that affect the pool-code.
Someone could be stealing a big amount of hashrate for his profit.
As usual, my friend perl(btctalk)/onishin(irc) found a fix that will
be shared with all pool admins.
I wanted the users to know what's going on.
Go on IRC #monero-pools at 13:00 (1:00 P.M. GMT) for details.
Thanks,
|
|
|
|
|
|
pa
|
|
March 13, 2015, 11:02:31 AM |
|
|
|
|
|
|
|
sorryforthat
|
|
March 13, 2015, 11:32:39 AM |
|
Hi,
On monero.crypto-pool.fr we discovered a flaw that affect the pool-code.
Someone could be stealing a big amount of hashrate for his profit.
As usual, my friend perl(btctalk)/onishin(irc) found a fix that will
be shared with all pool admins.
I wanted the users to know what's going on.
Go on IRC #monero-pools at 13:00 (1:00 P.M. GMT) for details.
Thanks,
Is it possible that this bug has already been utilized by someone? |
|
|
|
|
perl
Legendary
Offline
Activity: 1918
Merit: 1190
|
|
March 13, 2015, 11:42:08 AM |
|
For pool admin you see pb now
And patch your self
One adress used : 496pFkHaZ92H64o2HA4DMejFZuVRL4U5e91sz3Gyn2U4dHrJMMGDpHHVFhg8beNRTijfi3NpGYYf52e oNRgFxSCvGsQAC6V
Rrad log and tcpdump
|
|
|
|
|
|
David Latapie
|
|
March 13, 2015, 12:02:38 PM |
|
Since we are talking about OpenAlias: if you use third level domain (like david.latapie.name), you can replace the first dot with a commercial at, to make it look like a email address (reminder: commercial at means location and email is just a subset - david@paris his meaningful). So david@latapie.name == david.latapie.name. Well, you can replace all dots (I think), so david@latapie@name or david.latapie@name would work too, but this doesn't mean it would make sense for the human behind the keyboard Of course, it is better to also have an email address, to mitigate confusion, much like https://donate.monero.cc/ is meant to mitigate the confusion with donate.monero.cc. |
|
|
|
superresistant
Legendary
Offline
Activity: 2128
Merit: 1120
|
|
March 13, 2015, 12:14:16 PM |
|
Is it possible that this bug has already been utilized by someone?
Yes it is possible. In any system there are exploits and people to use them. |
|
|
|
|
cAPSLOCK
Legendary
Offline
Activity: 3738
Merit: 5127
Whimsical Pants
|
|
March 13, 2015, 12:54:23 PM |
|
Is it true that the devs have no plan to develop an "official" gui? I think i remember reading that some where or hearing someone say something to this effect but i don't remember where.
lovingly FYP. |
|
|
|
|
perl
Legendary
Offline
Activity: 1918
Merit: 1190
|
|
March 13, 2015, 01:03:35 PM |
|
|
|
|
|
|
perl
Legendary
Offline
Activity: 1918
Merit: 1190
|
|
March 13, 2015, 01:09:35 PM |
|
|
|
|
|
|
|
papa_lazzarou
|
|
March 13, 2015, 01:35:16 PM |
|
Is it possible that this bug has already been utilized by someone?
Yes it is possible. In any system there are exploits and people to use them. We can always see if the hashrate reported by pools drops a lot or not. |
|
|
|
|
mmortal03
Legendary
Offline
Activity: 1762
Merit: 1010
|
|
March 13, 2015, 02:47:12 PM |
|
Is it true that the devs have no plan to develop an "official" gui? I think i remember reading that some where or hearing someone say something to this effect but i don't remember where.
lovingly FYP. Beat me to it. |
|
|
|
|
canth
Legendary
Offline
Activity: 1442
Merit: 1001
|
|
March 13, 2015, 03:22:31 PM |
|
http://www.newsbtc.com/2015/03/13/new-company-to-provide-data-on-bitcoin-blockchain/"Implications for Bitcoin In providing financial institutions the means to obtain regulatory compliance through real-time analysis of the blockchain, Chainanalysis plans to automate the travel rule in ensuring that its customers know who they are transacting with. The company makes use of sophisticated in-depth transaction analysis on the blockchain, hence the name Chainanalysis." There's definitely a strong market for privacy/anonymity. My only question is whether or not products that ride on top of BTC vs a separate block chain like XMR will be the mechanism for achieving this. I'm not sure about the outcome, but I'm hedging my BTC bet by holding XMR.
|
|
|
|
GingerAle
Legendary
Offline
Activity: 1260
Merit: 1008
|
|
March 13, 2015, 03:57:48 PM |
|
Is it possible that this bug has already been utilized by someone?
Yes it is possible. In any system there are exploits and people to use them. We can always see if the hashrate reported by pools drops a lot or not. wow, check http://minexmr.com/pools.html unknown + minergate has dropped a lot compared to the screengrab from the digest on wednesday  |
|
|
|
myagui
Legendary
Offline
Activity: 1154
Merit: 1001
|
|
March 13, 2015, 04:05:18 PM |
|
If I understood correctly, the pool exploit that was just uncovered, only affects the honest miners that are on the same pool as a dishonest one. As the dishonest miner is exploiting the pool by boosting his share count, he is getting an unfair percentage of the overall reward distribution whenever a block is found on that pool.
The underlying point is that overall nethash should not be impacted at all, and neither is the total hashrate for any pool that was being exploited. It is only the internal distribution of shares within each pool that would be crooked, and penalizing the honest miners.
Can one of the pool ops confirm if my understanding is correct? Thanks!
|
|
|
|
primer-
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
March 13, 2015, 04:17:34 PM |
|
If I understood correctly, the pool exploit that was just uncovered, only affects the honest miners that are on the same pool as a dishonest one. As the dishonest miner is exploiting the pool by boosting his share count, he is getting an unfair percentage of the overall reward distribution whenever a block is found on that pool.
The underlying point is that overall nethash should not be impacted at all, and neither is the total hashrate for any pool that was being exploited. It is only the internal distribution of shares within each pool that would be crooked, and penalizing the honest miners.
Can one of the pool ops confirm if my understanding is correct? Thanks!
You are correct. |
|
|
|
|
sammy007
Legendary
Offline
Activity: 1904
Merit: 1003
|
|
March 13, 2015, 04:36:01 PM
Last edit: March 13, 2015, 05:42:59 PM by sammy007 |
|
If I understood correctly, the pool exploit that was just uncovered, only affects the honest miners that are on the same pool as a dishonest one. As the dishonest miner is exploiting the pool by boosting his share count, he is getting an unfair percentage of the overall reward distribution whenever a block is found on that pool.
The underlying point is that overall nethash should not be impacted at all, and neither is the total hashrate for any pool that was being exploited. It is only the internal distribution of shares within each pool that would be crooked, and penalizing the honest miners.
Can one of the pool ops confirm if my understanding is correct? Thanks!
It was small fake hashrate because otherwise it would have been disclosed earlier. It's 2nd duplicate shares issue disclosed, first was found months ago. 2nd address is: 47mQnyN3euDeoZABfAScfh5bHFSTouWMDd6wG5j7V1cjWJg6Nm5D2CN9m6JdK3yuM2Y6pHPHSDiFzds 5bs6bwwhBJv8T56g nonce: "3600c0 kh" |
|
|
|
|
mmortal03
Legendary
Offline
Activity: 1762
Merit: 1010
|
|
March 13, 2015, 04:52:38 PM |
|
http://www.newsbtc.com/2015/03/13/new-company-to-provide-data-on-bitcoin-blockchain/"Implications for Bitcoin In providing financial institutions the means to obtain regulatory compliance through real-time analysis of the blockchain, Chainanalysis plans to automate the travel rule in ensuring that its customers know who they are transacting with. The company makes use of sophisticated in-depth transaction analysis on the blockchain, hence the name Chainanalysis." There's definitely a strong market for privacy/anonymity. My only question is whether or not products that ride on top of BTC vs a separate block chain like XMR will be the mechanism for achieving this. I'm not sure about the outcome, but I'm hedging my BTC bet by holding XMR. I think the only thing keeping Monero in the race will be because there is a big enough market for an anonymity that cannot be replicated in Bitcoin. Given that we can't have mandatory mix-ins with Bitcoin if it did implement ring signatures, that makes Monero stand out. Others have talked about Monero's technology being implemented as a sidechain of the Bitcoin blockchain. Is that feasible? |
|
|
|
|
LiteBit
Legendary
Offline
Activity: 1133
Merit: 1050
|
|
March 13, 2015, 05:00:21 PM |
|
Others have talked about Monero's technology being implemented as a sidechain of the Bitcoin blockchain. Is that feasible?
Why use a Bitcoin sidechain when you can use Monero and enjoy privacy at protocol level? ask yourself this. Bitcoin devs and foundation are too political now to implement anything truly innovative. If they wanted to they can implement ring sigs and stealth addresses like cryptonote right onto the Bitcoin blockchain. No need for sidechain. Shadow has done this very thing on the bitcoin codebase. |
|
|
|
|
LiteBit
Legendary
Offline
Activity: 1133
Merit: 1050
|
|
March 13, 2015, 05:13:13 PM |
|
Bitcoin devs and foundation are too political now to implement anything truly innovative. If they wanted to they can implement ring sigs and stealth addresses like cryptonote right onto the Bitcoin blockchain. No need for sidechain. Shadow has done this very thing on the bitcoin codebase.
Yeah they could do anything, but since people like to quote Satoshi: The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime. Because of that, I wanted to design it to support every possible transaction type I could think of.
So they core code is "set in stone", they could make use of Cryptonote on sidechains, but I personally don't see any reason to use it over Monero. btw what Shadow has is not cryptonote, its a messy scammy shit. That's fine he said it's set in stone but it doesn't change the fact that ring sigs & stealth addresses can be applied to the blockchain and they don't need to rely on a sidechain to get that kind of tech. As I said, it's already been done. |
|
|
|
|
|
