Bitcoin Forum
June 22, 2017, 10:36:52 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  

Warning: Moderators do not remove likely scams. You must use your own brain: caveat emptor. Watch out for Ponzi schemes. Do not invest more than you can afford to lose.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 ... 1348 »
  Print  
Author Topic: ASICMINER: Entering the Future of ASIC Mining by Inventing It  (Read 3771374 times)
Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994



View Profile
August 29, 2012, 11:14:30 PM
 #321

Does he use Windoze  Roll Eyes

https://bitcointalk.org/index.php?topic=99497.msg1138707#msg1138707

The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
1498171012
Hero Member
*
Offline Offline

Posts: 1498171012

View Profile Personal Message (Offline)

Ignore
1498171012
Reply with quote  #2

1498171012
Report to moderator
1498171012
Hero Member
*
Offline Offline

Posts: 1498171012

View Profile Personal Message (Offline)

Ignore
1498171012
Reply with quote  #2

1498171012
Report to moderator
1498171012
Hero Member
*
Offline Offline

Posts: 1498171012

View Profile Personal Message (Offline)

Ignore
1498171012
Reply with quote  #2

1498171012
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1498171012
Hero Member
*
Offline Offline

Posts: 1498171012

View Profile Personal Message (Offline)

Ignore
1498171012
Reply with quote  #2

1498171012
Report to moderator
SmiGueL
Sr. Member
****
Offline Offline

Activity: 321



View Profile
August 30, 2012, 05:18:18 PM
 #322

GLBSE resets the session ID after login which prevents session fixation. We only whitelist certain html elements for PM's and contracts so no XSS, and we use SSL so no man in the middle session sniffing attacks. Session ID's are not predictable or unencrypted.

I don't know exactly what you mean by this, but I have Google 2FA installed.

When I log in on GLBSE en close the tab without logging out, I can re-open GLBSE after a few hours and it will come back up with me logged in, so I don't have to re-login

I do leave other tabs in my google chrome open, so I never close chrome completely

FYI

Even if you,after you totaly CLOSE Internet Explorer or Firefox, (I don't use Chrome, so can't test it) go to GLBSE your session is still active/logged in.

Actually, after you restart your computer, it is still logged in..

I have 2FA activated, but only have to fill in the auth-key when I use a 'new' computer..

As long as a 'hacker' can't use my SessionID on his own computer, I see no problem, but according to the above this ID won't change since I'm always logged in..


Asicminer Hashrate Charts @ www.asicminercharts.com

Donations BTC: 1SmiGSGWXzD5aZhmw3jyfpBFCgiki45MT
Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994



View Profile
August 30, 2012, 07:30:11 PM
 #323

GLBSE resets the session ID after login which prevents session fixation. We only whitelist certain html elements for PM's and contracts so no XSS, and we use SSL so no man in the middle session sniffing attacks. Session ID's are not predictable or unencrypted.

I don't know exactly what you mean by this, but I have Google 2FA installed.

When I log in on GLBSE en close the tab without logging out, I can re-open GLBSE after a few hours and it will come back up with me logged in, so I don't have to re-login

I do leave other tabs in my google chrome open, so I never close chrome completely

FYI

Even if you,after you totaly CLOSE Internet Explorer or Firefox, (I don't use Chrome, so can't test it) go to GLBSE your session is still active/logged in.

Actually, after you restart your computer, it is still logged in..

I have 2FA activated, but only have to fill in the auth-key when I use a 'new' computer..

As long as a 'hacker' can't use my SessionID on his own computer, I see no problem, but according to the above this ID won't change since I'm always logged in..



Ok. this then qualifies as a major security hazard. We need to advice any shareholder to only run GLBSE as a dedicated user then. Otherwise cross-application hacking is possible. Especially since 2FA doesn't protect you from your shares being dumped to the market!

The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
memvola
Hero Member
*****
Offline Offline

Activity: 924


View Profile
August 30, 2012, 07:43:19 PM
 #324

Ok. this then qualifies as a major security hazard. We need to advice any shareholder to only run GLBSE as a dedicated user then. Otherwise cross-application hacking is possible.

How does cross-application scripting (?) apply to this case?

I think the current scheme is pretty OK actually. Do you have a scenario how a session can be remotely hijacked?
Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994



View Profile
August 30, 2012, 10:17:30 PM
 #325

Ok. this then qualifies as a major security hazard. We need to advice any shareholder to only run GLBSE as a dedicated user then. Otherwise cross-application hacking is possible.

How does cross-application scripting (?) apply to this case?

I think the current scheme is pretty OK actually. Do you have a scenario how a session can be remotely hijacked?


If you can't rely on the security settings of your browser (that's what's the case here) you have to go to the next level and put your applications into a sandbox. The easiest way to achieve that is to setup up a different user account for trusted services, e.g. for logging into email, exchanges and glbse. Another, more fancy solution is to run the insecure stuff in a virtual machine.

I know it's a hassle but if you can't rely on the security model of GBLSE you have to make your own.

I can't list you attack scenarios because it's been a while since I've been reading up on the different possible attack vectors. But sandboxing/different user accounts is an old technique which hardly breaks (unless you run the insecure stuff as root).

The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
Tachikoma
Hero Member
*****
Offline Offline

Activity: 938



View Profile WWW
August 30, 2012, 10:29:11 PM
 #326

This discussion about GLBSE is a useful one but I feel this topic is not the place for it. When I see updates on this topic I hope to read about developments surrounding ASICMINER. I think these GLBSE discussions would be better off in their own topic.

Electrum: the convenience of a web wallet, without the risks | Bytesized Seedboxes BTC/LTC supported
memvola
Hero Member
*****
Offline Offline

Activity: 924


View Profile
August 30, 2012, 11:06:16 PM
 #327

I know it's a hassle but if you can't rely on the security model of GBLSE you have to make your own.

Yes, I do run as different users when it's necessary for security. Yet I didn't really get why I shouldn't rely on GLBSE's model. I'll read about what you said about browser's settings. I won't reply again, since it's apparently off-topic.

This discussion about GLBSE is a useful one but I feel this topic is not the place for it. When I see updates on this topic I hope to read about developments surrounding ASICMINER. I think these GLBSE discussions would be better off in their own topic.

I agree. Though it became relevant because of the possibility of me paying the price as a shareholder. I guess this is best moved to PMs.
VeeMiner
Hero Member
*****
Offline Offline

Activity: 751


bitcoin hodler


View Profile
August 31, 2012, 04:00:36 PM
 #328

so I decided to put some of my very limited budget in ASICMINER. It seems like a trustworthy company that can deliver and make good money in a long run. My question is if we will receive any more information about current development of this company as there hasn't been much discussion about what's going on right now in the thread. I wonder if some of the bigger shareholders have some more information that they would be willing to share with the small investors.
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
August 31, 2012, 04:18:32 PM
 #329

so I decided to put some of my very limited budget in ASICMINER. It seems like a trustworthy company that can deliver and make good money in a long run. My question is if we will receive any more information about current development of this company as there hasn't been much on subject discussion about what's going on right now in the thread. I wonder if some of the bigger shareholders have some more information that they would be willing to share with the small investors.

The board members receive emails with updates.  I don't know how much they are allowed to disclose,.

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
punin
Hero Member
*****
Offline Offline

Activity: 561


View Profile WWW
August 31, 2012, 05:48:55 PM
 #330


GLBSE uses SSL from the browser to Cloudflare and from Cloudflare to the GLBSE server, cloudflare can minify JavaScript (hence the "we may change site content" in their TOS). I have a paid service with them.


OMG you're using cloudflare? So you're trusting all our wealth in hands of a SSL proxy?! I'm out! Cheesy

Head of Product Development
Bitfury Group
www.bitfury.com
VeeMiner
Hero Member
*****
Offline Offline

Activity: 751


bitcoin hodler


View Profile
August 31, 2012, 08:30:20 PM
 #331

The board members receive emails with updates.  I don't know how much they are allowed to disclose,.

yeah, that's what I meant, I would be interested if the board members could give us some information about the recent development
DeaDTerra
Donator
Legendary
*
Offline Offline

Activity: 1064



View Profile
August 31, 2012, 10:44:22 PM
 #332

The board members receive emails with updates.  I don't know how much they are allowed to disclose,.

yeah, that's what I meant, I would be interested if the board members could give us some information about the recent development
I can provide this info if I get a good to go from friedcat
//DeaDTerra
zefir
Donator
Hero Member
*
Offline Offline

Activity: 917



View Profile
August 31, 2012, 10:46:27 PM
 #333

The board members receive emails with updates.  I don't know how much they are allowed to disclose,.

yeah, that's what I meant, I would be interested if the board members could give us some information about the recent development

Hi VeeMiner,

the additional information board members received so far does not exceed what is available here in the forums - at least nothing that would give you an informational advantage over non-board members. To give you a better idea, here is what has been provided so far:

1) a detailed explanation on the relation between ASICMINER and Bitfountain shares and how dividends will be distributed. This is basically a confirmation on what was already written in the IPO posts.
2) an introduction of the people behind Bitfountain, including full names, contact information, and short CV. This is basically to confirm that those people a) are real, b) are capable to deliver what is planned, and c) can be contacted for further questions.

All in all it does not provide valuable information other than a strong indication that those folks are serious and the plan sounds reasonable. I'm pretty sure friedcat will make most of those documents available to the general public at a later date (but for obvious reasons he won't post contact information to the individual developers on a searchable forum).


HTH

LazyOtto
Sr. Member
****
Offline Offline

Activity: 476


View Profile
August 31, 2012, 10:55:57 PM
 #334

Actually, zefir, merely what you have said is comforting. ty

And fits what I was expecting. The board members acting as a 'half-way house' where credibility/sincerity can be established without doing a full-monty to the entire public.

And, I hope, helping to smooth out or suggest clarification of statements before they are released to the unwashed mob who might misinterpret text presented in good faith.
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
August 31, 2012, 11:12:30 PM
 #335

Actually, zefir, merely what you have said is comforting. ty

And fits what I was expecting. The board members acting as a 'half-way house' where credibility/sincerity can be established without doing a full-monty to the entire public.

And, I hope, helping to smooth out or suggest clarification of statements before they are released to the unwashed mob who might misinterpret text presented in good faith.

+1

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
friedcat
Donator
Legendary
*
Offline Offline

Activity: 848



View Profile
September 01, 2012, 07:04:15 AM
 #336

This week I have a way more limited time replying mails and PMs. Please expect a delay as long as 1-2 days. Though much information will be released to the board members only, direct questions from the community are still welcome.

In addition, timely reply will be back normal from next Saturday. Before that, please understand that there may be some delays. Sorry for the inconvenience.

Board members could also ask my partners for answers if I couldn‘t reply very soon.

niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
September 01, 2012, 10:29:24 PM
 #337

There is obviously a race to ASICs with potentially valuable bounty at the end of the rainbow.  Could you comment on what steps have been taken by Bitfountain to ensure security and integrity of their designs?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
DiabloD3
Legendary
*
Offline Offline

Activity: 1162


DiabloMiner author


View Profile WWW
September 01, 2012, 10:36:48 PM
 #338

There is obviously a race to ASICs with potentially valuable bounty at the end of the rainbow.  Could you comment on what steps have been taken by Bitfountain to ensure security and integrity of their designs?

I am not going to publicly state the information I know, but I can tell you this: that isn't an issue.

DutchBrat
Hero Member
*****
Offline Offline

Activity: 868


View Profile
September 01, 2012, 11:40:57 PM
 #339

There is obviously a race to ASICs with potentially valuable bounty at the end of the rainbow.  Could you comment on what steps have been taken by Bitfountain to ensure security and integrity of their designs?

I am not going to publicly state the information I know, but I can tell you this: that isn't an issue.

Maybe it is in the best interest of everyone to not be updated publicly or at all until the ASICs are happily hashing away

BFL isn't saying anything until they have a product and we wouldn't want them rushing out their products (even far below spec) because they read in some thread on some forum that ASICMINER was 3 weeks from mining and producing....

Then again: I would like to know there's actually some progress being made... maybe that could be the role of the board-members

It is 1 thing to trust the people behind ASICMINER whom I have never met/seen (I'm not saying I don't trust you !!!), but it would instil more trust if a couple of the more noticeable board members tell us everything is going as hoped, without giving away any timelines...

I gotta think about this further....
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
September 02, 2012, 12:32:13 AM
 #340

Then again: I would like to know there's actually some progress being made... maybe that could be the role of the board-members

It is 1 thing to trust the people behind ASICMINER whom I have never met/seen (I'm not saying I don't trust you !!!), but it would instil more trust if a couple of the more noticeable board members tell us everything is going as hoped, without giving away any timelines...

There have been ongoing discussions between board members on the email list and I've not seen anything to indicate things aren't proceeding according to plan.

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 ... 1348 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!