Bitcoin Forum
October 23, 2017, 04:46:18 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  

Warning: Moderators do not remove likely scams. You must use your own brain: caveat emptor. Watch out for Ponzi schemes. Do not invest more than you can afford to lose.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 ... 1348 »
  Print  
Author Topic: ASICMINER: Entering the Future of ASIC Mining by Inventing It  (Read 3846184 times)
LazyOtto
Sr. Member
****
Offline Offline

Activity: 476


View Profile
September 03, 2012, 08:08:22 AM
 #401

I am also invested in ASICMINER
Why? Seeing how you disapprove of the approach so much.

The plan has been stated since the first page of this thread. Well before you had any chance to invest.
1508733978
Hero Member
*
Offline Offline

Posts: 1508733978

View Profile Personal Message (Offline)

Ignore
1508733978
Reply with quote  #2

1508733978
Report to moderator
1508733978
Hero Member
*
Offline Offline

Posts: 1508733978

View Profile Personal Message (Offline)

Ignore
1508733978
Reply with quote  #2

1508733978
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508733978
Hero Member
*
Offline Offline

Posts: 1508733978

View Profile Personal Message (Offline)

Ignore
1508733978
Reply with quote  #2

1508733978
Report to moderator
1508733978
Hero Member
*
Offline Offline

Posts: 1508733978

View Profile Personal Message (Offline)

Ignore
1508733978
Reply with quote  #2

1508733978
Report to moderator
1508733978
Hero Member
*
Offline Offline

Posts: 1508733978

View Profile Personal Message (Offline)

Ignore
1508733978
Reply with quote  #2

1508733978
Report to moderator
Luke-Jr
Legendary
*
Offline Offline

Activity: 2240



View Profile
September 03, 2012, 08:32:16 AM
 #402

I'd appreciate if people would stop trolling and putting words in my mouth.
midnightmagic raised some important points, and as an investor I think they should be fully taken into consideration. It's really that simple.

LazyOtto
Sr. Member
****
Offline Offline

Activity: 476


View Profile
September 03, 2012, 08:43:09 AM
 #403

I'd appreciate if people would stop trolling and putting words in my mouth.
midnightmagic raised some important points, and as an investor I think they should be fully taken into consideration. It's really that simple.
His post was properly replied to in the subsequent post by DutchBrat:
https://bitcointalk.org/index.php?topic=99497.msg1153777#msg1153777

I.e., read the IPO-OP!

If midnightmagic doesn't want to invest under those terms, that's his decision.

--

You stirred up the hornet's nest with this unsupported assertion:

ASIC vendors are advised to implement an alternative algorithm ...

You have ignored my multiple requests to show where such an advisory is given.

The fallout of your unfounded statement has now moved to:
https://bitcointalk.org/index.php?topic=105494.msg1155021#msg1155021
Luke-Jr
Legendary
*
Offline Offline

Activity: 2240



View Profile
September 03, 2012, 09:06:40 AM
 #404

I'd appreciate if people would stop trolling and putting words in my mouth.midnightmagic raised some important points, and as an investor I think they should be fully taken into consideration. It's really that simple.
His post was properly replied to in the subsequent post by DutchBrat:
https://bitcointalk.org/index.php?topic=99497.msg1153777#msg1153777
No, that reply didn't really address the concerns he brought up.

You stirred up the hornet's nest with this unsupported assertion:
ASIC vendors are advised to implement an alternative algorithm ...
There's no reason this statement of fact should be controversial at all.

matthewh3
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
September 03, 2012, 09:09:19 AM
 #405

I also don't like the idea of the company solo mining before selling the chips tho I don't mind them doing both at the same time.

SebastianJu
Legendary
*
Offline Offline

Activity: 1932


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
September 03, 2012, 10:33:31 AM
 #406

Am i not sure but wouldnt the p2p-characteristic of bitcoin network be a protection in itself? I mean even when the developers would be replaced with some greedy persons that want to earn money maybe by killing asic-companies and explain it to the community as a threat to the network... wouldnt this only work when the majority of the network would agree? I mean they could simply disable automatic update for the wallet and still work on the old fork. So nothing would happen. Am i right?

kano
Legendary
*
Online Online

Activity: 2240


Linux since 1997 RedHat 4


View Profile
September 03, 2012, 11:02:38 AM
 #407

Am i not sure but wouldnt the p2p-characteristic of bitcoin network be a protection in itself? I mean even when the developers would be replaced with some greedy persons that want to earn money maybe by killing asic-companies and explain it to the community as a threat to the network... wouldnt this only work when the majority of the network would agree? I mean they could simply disable automatic update for the wallet and still work on the old fork. So nothing would happen. Am i right?

Yep - as I said above:
...
The only algorithms that will ever go into the BTC Block-Chain will be those that are agreed by the developers and the community - not some random company who wants to rule BTC

Remember the very first line ... the heading ... in Satoshi's paper:

Bitcoin: A Peer-to-Peer Electronic Cash System

The point of "Peer-to-Peer" is that there is NO central control - but you suggesting, that your choice, of ASIC developers should have central control is simply ludicrous.
...
I highlighted in orange the specific words Smiley
Both of course, the developers and the community.

So the community can also tell the devs to piss off by voting by not upgrading.

Pool: https://kano.is Here on Bitcointalk: Forum BTC: 1KanoPb8cKYqNrswjaA8cRDk4FAS9eDMLU
FreeNode IRC: irc.freenode.net channel #kano.is Majority developer of the ckpool code
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
SebastianJu
Legendary
*
Offline Offline

Activity: 1932


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
September 03, 2012, 11:07:34 AM
 #408

But developers are normal people too, so it might be possible that they are replaced with corrupt people. Does the community then still have a chance? I mean most of the people would download the new hashingtype automatically and wouldnt care about. I guess that would be more than 51%. So it could be possible to overtake bitcoin when the devs are corrupted? Or wouldnt that work?

DutchBrat
Hero Member
*****
Offline Offline

Activity: 868


View Profile
September 03, 2012, 11:28:28 AM
 #409

But developers are normal people too, so it might be possible that they are replaced with corrupt people. Does the community then still have a chance? I mean most of the people would download the new hashingtype automatically and wouldnt care about. I guess that would be more than 51%. So it could be possible to overtake bitcoin when the devs are corrupted? Or wouldnt that work?

If the Devs, the big mining companies and the miners are all corrupt, then there will probably be mass-adoption of BitCoin

Because then it will be just like any other fiat currency  Wink
nedbert9
Sr. Member
****
Offline Offline

Activity: 252

Inactive


View Profile
September 03, 2012, 02:32:40 PM
 #410

I'm not sure why I'm wasting my breath.  GLBSE operator and the beneficiaries of the the stolen ASICMINER shares, with the exception of Jatarul who sold back to me, could care less about what I have to say.
I've chosen to take a break, probably a permanent distancing, from this forum because of this incident.  I do not believe in the 'finders keepers' mentality and dislike those that support instantaneous transfers over fraud controls and will happily benefit from fraud.  Nefario, who had the opportunity to make this right for 30 BTC, other beneficiaries, including a forum staff member who specifically benefited by ~160 shares and then offered me 0.64 BTC as a consolation (grr) has left me feeling that this is just not the place for me to hang out in.

With that said I wanted to clarify some of my comments, clear up some fallacies and offer a very serious warning.

I specifically told nedbert9  that GLBSE is not vulnerable to session hijacking attacks, so I don't know why he stated that it was. GLBSE resets the session ID after login which prevents session fixation.

We need to be clear on terms to understand my point and Nefario's statement.  Nefario is right that Session Fixation was not the method used - I can't comment if Session Fixation is not possible with GLBSE.  This is my mistake to describe what happened to my GLBSE account as a result of Session Fixation.
However, I was a victim of a session hijack.  Session Fixation describes a specific attack scenario, while session hijack can be considered a more vague term for any compromise of an authenticated session.
My apologies to Nefario for continuing to use the Session Fixation term.  Still, I stand by my belief that my session was hijacked (and that it was facilitated by freenode's web interface)

I maintain that Nefario's management of the client-side environment for the GLBSE web app is a security risk.  This led to my GLBSE session being hijacked.
Dutchbrat and Smiguel's experience points out the same client side behavior that allowed for my session to be hijacked.
GLBSE can claim no responsibility for lax control of sessions on the client side, but any honest assessment of session management for security sensitive sites will point to the same conclusion.

Taken from
http://stackoverflow.com/questions/805895/how-come-closing-a-tab-doesnt-close-a-session-cookie

Point (a convenient excuse if attempting to deny responsibility for security)
"The session cookie is per-process not per window. So even if you selected New Window you'd still get the same session id. This behavior makes sense. You wouldn't want a user to re-sign in each time they opened a new window while browsing your site."

Counter point
"In such circumstances, the tab closing isn't the main issue. It's controlling the expiration of the session more actively. You'll want to implement some sort of activity timeout on the client in JS that automatically logs out after no user activity. You'll find this type of behavior on most banking sites"

Going further than the counter point is my personal feeling that if a site that consists of a single browser tab experience (no popups) and that site dev isn't using JS to invalidate the authenticated session when the DOM (page) object for the site is closed the site dev is horribly negligent and just doesn't give a shit about what happens on the client side.

I've asked Nefario to answer the counter point in the GLBSE 2.0 testing thread.  Why doesn't Nefario take client session management more seriously?

DiabloD3's comment about enabling 2FA for each and every GLBSE activity is very good advice.  By 2FA design, even if your session is hijacked the attacker will not have the 2FA auth code to take any action within your account.  Here's the scary part.  GLBSE's 2FA measures might be buggy.   Take a look at this quote.

Even if you,after you totaly CLOSE Internet Explorer or Firefox, (I don't use Chrome, so can't test it) go to GLBSE your session is still active/logged in.

Actually, after you restart your computer, it is still logged in..

I have 2FA activated, but only have to fill in the auth-key when I use a 'new' computer..

I emphasize *might* be buggy.  It is not for me to say.

Finally.
Ok. this then qualifies as a major security hazard. We need to advice any shareholder to only run GLBSE as a dedicated user then. Otherwise cross-application hacking is possible. Especially since 2FA doesn't protect you from your shares being dumped to the market!


Yes, don't trust GLBSE or any other site that takes a "use at your own risk" attitude.  This is especially pertinent for the anonymity loving Bitcoin related sites.  Isolate your web session with GLBSE as much as possible.  Use unique email address, unique and strong password, enable 2FA for every action and open GLBSE in it's own full browser process - not a tab - and terminate that process when done.
DiabloD3
Legendary
*
Offline Offline

Activity: 1162


DiabloMiner author


View Profile WWW
September 03, 2012, 03:29:37 PM
 #411

DiabloD3's comment about enabling 2FA for each and every GLBSE activity is very good advice.  By 2FA design, even if your session is hijacked the attacker will not have the 2FA auth code to take any action within your account.  Here's the scary part.  GLBSE's 2FA measures might be buggy.   Take a look at this quote.

Even if you,after you totaly CLOSE Internet Explorer or Firefox, (I don't use Chrome, so can't test it) go to GLBSE your session is still active/logged in.

Actually, after you restart your computer, it is still logged in..

I have 2FA activated, but only have to fill in the auth-key when I use a 'new' computer..

I emphasize *might* be buggy.  It is not for me to say.

Problem is three fold. First, 2FA enabled does not require 2FA for every action, you have to click ALL the boxes to do this. Second, there is no 2FA option for buying/selling, only transferring assets between GLBSE accounts and withdrawing BTC and password changing and logging in, thus flash crashes using your assets is still possible. Third, GLBSE can (but doesn't) set cookies for session only, which means closing the browser clears the session cookies, but you should manually log out anyhow so this is the least problematic of the three.

I have brought this up with nefario before, he has not fixed it yet.

MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
September 03, 2012, 03:36:14 PM
 #412

It was said before, it will need (apparently) to be said again: GLBSE is a bad choice for security and other reasons.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
piotr_n
Legendary
*
Offline Offline

Activity: 1750


aka tonikt


View Profile WWW
September 03, 2012, 03:38:47 PM
 #413

Guys, I tell you: get out of GLBSE, as soon as you can!

It doesn't matter what authentication method and how many of them you will use, because Nefario is a fucking thief and he can steal you whatever he wants, whenever he wants - as long as you "keep" it on his server.

But don't sell your ASICMINER shares!
Only withdraw them from GLBSE.
Check out my latest project: https://bitcointalk.org/index.php?topic=105437.0
... and ask friedcat to move your assets off GLBSE.
It is possible.

And friedcat (unlike Nefario) is a guy that you can trust - I give you my word on that, fwiw with my 10-14 ignores Tongue

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
ciuciu
Donator
Hero Member
*
Offline Offline

Activity: 588


View Profile
September 03, 2012, 03:48:34 PM
 #414

It was said before, it will need (apparently) to be said again: GLBSE is a bad choice for security and other reasons.

You are the worst alternative porno Mircea. You just stole 4500btc from MPOE.

DutchBrat
Hero Member
*****
Offline Offline

Activity: 868


View Profile
September 03, 2012, 03:51:17 PM
 #415

Guys:

I know I am not always on topic, but please let's keep GLBSE malfunctions/competitors out of this thread !

makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
September 03, 2012, 04:00:50 PM
 #416

Mining majority cannot change the algorithm, only an economic majority can. I don't think anyone would be able to get most BFL miners to switch without a good reason, anyway - it's simply too risky since "greed" won't fly with the non-BFL miners.
This isn't entirely true. As I know you're fully aware, if an ASIC manufacturer with much greater than 50% of the network hashpower has implemented some new secret hashing algorithm, they can declare that the Bitcoin network is switching to their new algorithm and that they'll use their 51% to prevent any transactions ever confirming for users that remain on the old one. They can't force everyone to change to their algorithm, but they can render the existing one useless quite easily.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
LazyOtto
Sr. Member
****
Offline Offline

Activity: 476


View Profile
September 03, 2012, 04:00:57 PM
 #417

I second that motion.

Surely there is a GLBSE specific thread.

Let's try to get back to, stay on, ASICMINER / Bitfountain specific issues.

--

Chain attacks are also well covered in other threads in general.

Or here which was spun off of this one:
https://bitcointalk.org/index.php?topic=105494.msg1155021#msg1155021
Luke-Jr
Legendary
*
Offline Offline

Activity: 2240



View Profile
September 03, 2012, 06:47:46 PM
 #418

Mining majority cannot change the algorithm...
This isn't entirely true. ...
Replied on the other thread.

novusordo
Sr. Member
****
Offline Offline

Activity: 447



View Profile
September 03, 2012, 07:01:55 PM
 #419

Seriously, people discussing GLBSE's security: GTFO of this thread. I put it on my watchlist for updates on ASICMINER, not GLBSE.



░░░░░░░░░░░░░▄███▄
░░░░░░░░░░▄███▀░▀███▄
░░░░░░░▄███▀░░░░░░░▀███▄
░░░░▄███▀░░░░█████░░░░▀███▄
▄███▀░░░░███████████░░░░▀███▄
██▀░░░░█████████▀▀▀█████░░░░▀██
██░░██████████▀░░░░░▀▀▀███▄░░██
██░░███████░░░░░░░░░░░░░░░░░░██
██░░█████░░░░░░░░░░░░░░░░░░░░██
██░░███████▄▄▄▄█▄░░░░░░░░░░░░██
██░░███████████████▄░░░░░░░░░██
██░░█████████████████▄░░░░░░░██
██░░███████████████▄░███▄░░░░██
██░░████████████▄░███▄░░██▄░░██
██▄░░░░██████▄░███▄░░██░░░░░▄██
▀███▄░░░░█████▄░░██░░░░░▄███▀
░░░░▀███▄░░░░████░░░░░▄███▀
░░░░░░░▀███▄░░░░░░░▄███▀
░░░░░░░░░░▀███▄░▄███▀
░░░░░░░░░░░░░▀███▀
EAR1000 ACT TOKEN


░░░░░░░░░░░░░▄███▄
░░░░░░░░░░▄███▀░▀███▄
░░░░░░░▄███▀░░░░░░░▀███▄
░░░░▄███▀░░░░█████░░░░▀███▄
▄███▀░░░░███████████░░░░▀███▄
██▀░░░░█████████▀▀▀█████░░░░▀██
██░░██████████▀░░░░░▀▀▀███▄░░██
██░░███████░░░░░░░░░░░░░░░░░░██
██░░█████░░░░░░░░░░░░░░░░░░░░██
██░░███████▄▄▄▄█▄░░░░░░░░░░░░██
██░░███████████████▄░░░░░░░░░██
██░░█████████████████▄░░░░░░░██
██░░███████████████▄░███▄░░░░██
██░░████████████▄░███▄░░██▄░░██
██▄░░░░██████▄░███▄░░██░░░░░▄██
▀███▄░░░░█████▄░░██░░░░░▄███▀
░░░░▀███▄░░░░████░░░░░▄███▀
░░░░░░░▀███▄░░░░░░░▄███▀
░░░░░░░░░░▀███▄░▄███▀
░░░░░░░░░░░░░▀███▀
piotr_n
Legendary
*
Offline Offline

Activity: 1750


aka tonikt


View Profile WWW
September 03, 2012, 07:15:32 PM
 #420

Seriously, people discussing GLBSE's security: GTFO of this thread. I put it on my watchlist for updates on ASICMINER, not GLBSE.
Don't you think that for some people, the security of this project's assets might be equally important as the security of the actual manufacturing of the chip?
GLBSE's security = ASICMINER security.
Don't you understand it?

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 ... 1348 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!