LeviWalker
Newbie
Offline
Activity: 26
Merit: 0
|
|
March 25, 2015, 01:13:52 AM |
|
You are correct in theory. If your OpenID account is compromised everything attached to that is also at risk. In the wild, the risk is not much greater than someone compromising only your email account. AFAIK, there is no central list of what a particular OpenID account is tied to. So an attacker would need to know what you were actually using it for to exploit that. If they compromise your email alone, they have all of that anyway. Even if they dont have the password in your email, they can just reset it via your email and by the time you notice, the damage is done. That is why two-factor is the best approach. At least if they do get a password, they also need a land line or cell phone number or a mobile device tied to your account with the authenticator installed under your account. Not impossible by any stretch, but it makes it that much more difficult. Google (and most others) also uses browser fingerprinting and geo-location data to pair with your authentication requests. If you are not in the same general location, with the same browser fingerprint, it will raise flags and prompt you to perform addition validation. I sometimes use several things to obfuscate my usage and most large sites will stop me if I have tried to hit a service with an unusual pattern. Google will send me a text message before opening anything they control.
|
|
|
|
kano
Legendary
Offline
Activity: 4620
Merit: 1851
Linux since 1997 RedHat 4
|
|
March 25, 2015, 05:02:27 AM |
|
Hmm, I think 2FA should really be 2 independent forms of authentication, not 2 ways controlled, even indirectly, by one company, google.
My "other reasons" include issues like the fact that google is an extremely large entity with an extremely large amount of distributed data. Google hires people due to their extensive computer abilities. There's no way that such a company could 100% ensure all security. Hardware access, software access, network access.
Google in countries where security cannot be guarantee due to government interest in their data (e.g. ... USA)
|
|
|
|
DrHaribo (OP)
Legendary
Offline
Activity: 2730
Merit: 1034
Needs more jiggawatts
|
|
March 25, 2015, 07:15:04 AM |
|
587 people already using the new Google login - nice Google login is pretty secure as far as login mechanisms can be secure, at least if you turn on 2-factor authentication. The real threat is the end user's computer being hacked. At that point the hacker is getting all your passwords as you type them in. And yes, he's getting your 2-factor codes as well. A security person at a bank told me this is the biggest problem they have too. I guess that's why some of them give away free anti-virus software. But there's only so much you can do to keep a person from installing application-infected-by-hacker.exe on their computer. It has happened a few times that a Bitminter user got their Google account accessed by a hacker, and every time they changed the password they typed the password right into the keylogger the hacker installed on their computer. 2FA is useless as well. I tell them to wipe the hard drive and reinstall the operating system from a clean source. Some don't know how to do this, and some may think it's too drastic and rather keep the computer in a compromised state.
|
|
|
|
ichtus27
Member
Offline
Activity: 72
Merit: 10
http://leaserig.net/index.jsp?rfid=6679
|
|
March 25, 2015, 07:33:08 AM |
|
Thanks for your reaction on me doc, correcting the settings now and as you say i do the easy perk if needed.
|
|
|
|
LeviWalker
Newbie
Offline
Activity: 26
Merit: 0
|
|
March 25, 2015, 10:35:41 PM |
|
Indeed. Real security is not achievable on a professional grade system much less an end user system. And I totally get where you are coming from with Google. Do some searches for call centers in India holding data for ransom from their clients, its shocking. You just have to do the best you can and limit your losses as much as possible. My goal is not to be completely secure but rather I just try to be more secure than the majority. By not being "low hanging fruit" I can fell pretty good that I will be ok when something happens. I know I am speaking to choir here and, admittedly, BTC is very different in that regard. So I just do what I do with my other bank accounts, have many and keep small amounts in each. My savings is in a credit union account with no electronic access. When I need money from it I have to go in person or get them to mail me a check. Its a pain but I never have to worry about more than a few hundred being stolen when my card is compromised. All things being equal, I trust Google more than anyone else.
|
|
|
|
ichtus27
Member
Offline
Activity: 72
Merit: 10
http://leaserig.net/index.jsp?rfid=6679
|
|
March 27, 2015, 11:55:23 AM |
|
Wat has changed this morning??
I did wat you said Doc and did that last night, now i see that this morning when i was allready at work that from allmost the calm and steady line i ended up last night all miners that i rented got pointy or spikes like they did before of what you told me. What changed, its not sommething i did because i was not near my computer.
greetings ..
|
|
|
|
DrHaribo (OP)
Legendary
Offline
Activity: 2730
Merit: 1034
Needs more jiggawatts
|
|
March 27, 2015, 03:21:40 PM |
|
Wat has changed this morning??
I did wat you said Doc and did that last night, now i see that this morning when i was allready at work that from allmost the calm and steady line i ended up last night all miners that i rented got pointy or spikes like they did before of what you told me. What changed, its not sommething i did because i was not near my computer.
greetings ..
Nothing was changed. If you rent miners and they require a difficulty at 128 or higher, try setting that as the minimum difficulty on your worker. Not sure if that has something to do with the problem..
|
|
|
|
ichtus27
Member
Offline
Activity: 72
Merit: 10
http://leaserig.net/index.jsp?rfid=6679
|
|
March 28, 2015, 07:01:44 AM |
|
I had it good as you said for a let say almost steady line and and overhere (dutch time) at about 9:00 it jumped to a spike line as if i put it back on us server. I was not at home at that time, but if you say you did nothing as well... then i wonder what it was. I didn't get it back as calm as it had become before 9:00. The difficultys i had set after you told me and adjusted to the eu server, then there was that jump that i think 5 miners or so did at about 9:00 clock.. Maybey i or we will find out some day . Thanx for the info.
|
|
|
|
MegaFall
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
March 28, 2015, 08:27:20 PM |
|
Would it be possible to add the ability to add a worker just by pointing the rig at bitminter with the worker name in the credentials?
I.E: I don't have a worker named "S5Rig" but if I were to point my S5 at mint.bitminter.com:3333 with the username_S5Rig in the username field on the S5, it would automatically create a worker named "S5Rig".
|
|
|
|
DrHaribo (OP)
Legendary
Offline
Activity: 2730
Merit: 1034
Needs more jiggawatts
|
|
March 29, 2015, 12:07:07 AM |
|
Auto generating workers?
Coming right up.
|
|
|
|
DrHaribo (OP)
Legendary
Offline
Activity: 2730
Merit: 1034
Needs more jiggawatts
|
|
March 29, 2015, 03:33:00 PM |
|
Auto generation of workers now available. How to use: - Make sure the team effort perk is enabled, under "my account" -> "donations & perks" in the website menu
- Go to the workers page, under "my account" -> "workers" in the website menu
- Turn on "Auto generate workers". It's a checkbox just below your list of workers.
- Now you can set your miners to use new worker names and the workers will be created automatically. No need to manually create each one at the website. Note that this only works for valid worker names.
Valid worker names are 1 to 20 characters long, consisting only of letters and numbers. Auto generating workers make it much easier to set up a large number of miners or to move miners over from a different pool. If you have the same user name in both pools you can even move miners by just changing the pool URL. For compatibility both . (period) and _ (underscore) are allowed for separating user and worker names. Auto generation of workers can be combined with a default worker. If you mine with only the user name or id the worker name you set is invalid, then the default worker is used. If you use only the user name or an invalid worker name and you do NOT have a default worker, then there will be an authentication failure and mining will not be possible.
|
|
|
|
MegaFall
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
March 30, 2015, 08:02:36 PM |
|
Auto generation of workers now available. How to use: - Make sure the team effort perk is enabled, under "my account" -> "donations & perks" in the website menu
- Go to the workers page, under "my account" -> "workers" in the website menu
- Turn on "Auto generate workers". It's a checkbox just below your list of workers.
- Now you can set your miners to use new worker names and the workers will be created automatically. No need to manually create each one at the website. Note that this only works for valid worker names.
Valid worker names are 1 to 20 characters long, consisting only of letters and numbers. Auto generating workers make it much easier to set up a large number of miners or to move miners over from a different pool. If you have the same user name in both pools you can even move miners by just changing the pool URL. For compatibility both . (period) and _ (underscore) are allowed for separating user and worker names. Auto generation of workers can be combined with a default worker. If you mine with only the user name or id the worker name you set is invalid, then the default worker is used. If you use only the user name or an invalid worker name and you do NOT have a default worker, then there will be an authentication failure and mining will not be possible. Awesome.
|
|
|
|
SimCity
Newbie
Offline
Activity: 10
Merit: 0
|
|
April 11, 2015, 07:18:22 PM |
|
I dont know but this pool is kind of not paying me for the hash im putting in.. Anyone have any idea why? So i moved to a different pool for now.. Also when i started on this pool earlier i was getting 0.001 pay, then 0.0004, then i overclock, and gives me 0.0008. So when i first started mining on this pool it gave me .001 and my hash rate was 2,200, and right now its overclocked to 2,800 and its giving me 0.0008 and now its at 0.0000000.. I would post my screenshot of the shifts work effort but there was no add pic attachment on here. And all this was within a few days.
|
|
|
|
|
bronan
|
|
April 16, 2015, 08:11:38 AM |
|
I was looking at the OpenID 2.0 as an option and I shied away because of what I perceived to be security issues. Please correct me if I'm wrong, coz I'm not too sure about it all, but doesn't the new OpenID 2.0 mean that google logs you in to the web site, the pool credentials are no longer the control of access? i.e. someone only needs access to your google account to login to the web site? I find google very persistent at keeping me logged in even when I logout on my browser, so I'm very much NOT a fan of google security (for other reasons also ) The only way to make sure that your out of google is to use for instance gmail/google+ and logout using the top bar, i agree its pretty hidden for most users but you could have known google actually wants you to never logout (they allways wanna spy on you ). The downside is if you use google for syncing data (bookmarks and stuff), anything after you logged off will not be synced. I found if you do not really logoff even opening a private browser page is being tracked by google... so its pretty persistened.
|
|
|
|
Vene
Member
Offline
Activity: 133
Merit: 11
|
|
April 19, 2015, 07:12:47 AM |
|
4 days without a block an then stale block comes. Now already a day without a block. So 5 days no payout just electricity costs. Few days before also more than 3 days without a block. Will this bad luck soon come to an end ?
|
|
|
|
no141
|
|
April 19, 2015, 07:20:36 AM |
|
I've been looking though the history, I don't think bitminter ever had a block come close to the work needed for that stale block at 205,335,750,976 shares. And now coming to 53,000,000,000 on this current work. It could end at any time or I don't see it possibly going past 500,000,000,000 shares total. Sadly, I am figuring this pool is really due for an awful long block like that.
|
|
|
|
Vene
Member
Offline
Activity: 133
Merit: 11
|
|
April 19, 2015, 03:23:24 PM |
|
I've been looking though the history, I don't think bitminter ever had a block come close to the work needed for that stale block at 205,335,750,976 shares. And now coming to 53,000,000,000 on this current work. It could end at any time or I don't see it possibly going past 500,000,000,000 shares total. Sadly, I am figuring this pool is really due for an awful long block like that.
Yup, never took so long for a block. Now also my best shifts wont be payed out. Cant burn miner to the core all the time. Still waiting for a valid block. Almost 6 days now...
|
|
|
|
HerbPean
Legendary
Offline
Activity: 1638
Merit: 1005
|
|
April 19, 2015, 03:50:20 PM |
|
Anyone else got nothing in MNC unconfirmed section but we still have 2 blocks not fully confirmed ?
Thanks
Herb
|
|
|
|
DrHaribo (OP)
Legendary
Offline
Activity: 2730
Merit: 1034
Needs more jiggawatts
|
|
April 19, 2015, 06:46:47 PM |
|
Anyone else got nothing in MNC unconfirmed section but we still have 2 blocks not fully confirmed ?
Sorry, I was doing some upgrades on the web server and it put the unconfirmed balances out of action for a while. Should be back to normal again now. Yup, never took so long for a block.
I guess this is not what you'd like to hear, but when the pool was new and very small we had a couple 14-day rounds. Also at some point we had a block that took 11x difficulty amount of work. Luck that bad is quite rare though. But I believe there are pools that have had even worse rounds than that.
|
|
|
|
|