[9 TH] Bitparking Pool, DGM 0%,vardiff,stratum,Merge Mining - page 56.

juhakall

sr. member

Activity: 658

Merit: 250

Quote from: redtwitz on May 10, 2013, 07:31:02 PM

I'll register a new account when the current block finishes. If I understood DGM well enough, I could lose more BTC abandoning the current round than I have in altcoins...

I'm under the impression that you should have no reason to think like that. In a fair payout method, all shares should have the same expected payout, and not depend on history at all. With DGM (and most other methods as well), the actual payout per share will have lots of variance, but it should average out after a long enough time, even over multiple accounts that are mining only occasionally.

DGM is really hard to understand, and unlike with PPLNS, I still haven't grasped it well enough to be 100% sure of the above. However, it would be a very lousy payout method if miners were forced to stay on the pool to not lose their expected payouts.

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: doublec on May 10, 2013, 07:30:30 PM

I don't know where it's getting port 52333 from. It should be port 8337. Where did you get the source from? Try:

Code:

ixcoind -addnode=50.116.37.18:8337

I got the Windows "package" from here, I thought it was the closest to the "official" binary.

Now forcing port 8337 didn't seem to do the magic. I think I need another devcoind.exe or compile it myself...

Code:

trying connection 50.116.37.18:8337 lastseen=-352287.1hrs lasttry=-380064.8hrs
ThreadMessageHandler started
ThreadRPCServer started
connected 50.116.37.18:8337
sending: version (85 bytes)
...
socket no message in first 60 seconds, 0 1
disconnecting node 50.116.37.18:8337

pyra-proxy

hero member

Activity: 490

Merit: 500

Quote from: redtwitz on May 10, 2013, 07:31:02 PM

Quote from: doublec on May 10, 2013, 05:09:22 PM

Someone asked me if they could sign a message using one of the keys (ie. the bitcoin key) to prove ownership of the other addresses and have them changed. The problem with this is it leaves the pool open to social engineering. If the bitcoin key was kept on Vircurex too I don't know if it's the hacker then trying to withdraw funds from the pool. It's a bad situation. I'm open to suggestions.

I'd lose about 0.015 BTC in altcoins if there's no way to change my addresses (so I'm not terribly worried), but I'll share my thoughts:

If the attacker has the private keys to the BTC address, he'll probably also have those for the others. I doubt there are many users that use Vircurex for BTC but not for the altcoins, so the signing method you referred to shouldn't be able to make things worse.
My IP, wallet addresses and even user name might be known to the attacker, but I should be able to provide a piece of information that he can't possibly have: the local port number my miner is currently using.
Some users might be using the same user name here and at your pool. Unless the forum account was registered after the breach, that should be difficult to exploit.
This is probably too impractical given the size of the user base, but if a user still has access to his bitcoin address (but isn't in possession of the private key), the altcoins could be converted to BTC. This way, there's no risk of somebody introducing his own addresses.

I'll register a new account when the current block finishes. If I understood DGM well enough, I could lose more BTC abandoning the current round than I have in altcoins...

I like the idea of enabling an "auto-trade" of alts to btc if you can sign a message with your btc address. If your btc address was on vircurex you should probably get a new address immediately so social engineering should not be a problem there. I suspect I'm not alone in using vircurex directly for alts and personal wallets for btc?

redtwitz

full member

Activity: 231

Merit: 100

Quote from: doublec on May 10, 2013, 05:09:22 PM

Someone asked me if they could sign a message using one of the keys (ie. the bitcoin key) to prove ownership of the other addresses and have them changed. The problem with this is it leaves the pool open to social engineering. If the bitcoin key was kept on Vircurex too I don't know if it's the hacker then trying to withdraw funds from the pool. It's a bad situation. I'm open to suggestions.

I'd lose about 0.015 BTC in altcoins if there's no way to change my addresses (so I'm not terribly worried), but I'll share my thoughts:

If the attacker has the private keys to the BTC address, he'll probably also have those for the others. I doubt there are many users that use Vircurex for BTC but not for the altcoins, so the signing method you referred to shouldn't be able to make things worse.
My IP, wallet addresses and even user name might be known to the attacker, but I should be able to provide a piece of information that he can't possibly have: the local port number my miner is currently using.
Some users might be using the same user name here and at your pool. Unless the forum account was registered after the breach, that should be difficult to exploit.
This is probably too impractical given the size of the user base, but if a user still has access to his bitcoin address (but isn't in possession of the private key), the altcoins could be converted to BTC. This way, there's no risk of somebody introducing his own addresses.

I'll register a new account when the current block finishes. If I understood DGM well enough, I could lose more BTC abandoning the current round than I have in altcoins...

doublec

legendary

Activity: 1078

Merit: 1005

Quote from: matt4054 on May 10, 2013, 07:25:15 PM

Unfortunately, I get a TCP error "connection refused" trying to connect to 50.116.37.18 on port 52333 Sad

I don't know where it's getting port 52333 from. It should be port 8337. Where did you get the source from? Try:

Code:

ixcoind -addnode=50.116.37.18:8337

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: doublec on May 10, 2013, 07:13:01 PM

Try adding 50.116.37.18 as a node for both DVC and IXC:

Code:

ixcoind -addnode=50.116.37.18

Unfortunately, for Devcoind.exe I get a TCP error "connection refused" trying to connect to 50.116.37.18 on port 52333 Sad

Code:

ThreadRPCServer started
ThreadIRCSeed started
ThreadSocketHandler started
ThreadMessageHandler started
ThreadOpenConnections started
trying connection 50.116.37.18:52333 lastseen=-352286.5hrs lasttry=-380064.3hrs
connection timeout
IRC connect failed
IRC waiting 71 seconds to reconnect
connection timeout

But it worked for Ixcoin! Getting closer, maybe the ports from devcoin.conf needs tweaking, I used the sample .conf file from this thread

doublec

legendary

Activity: 1078

Merit: 1005

Quote from: matt4054 on May 10, 2013, 06:44:07 PM

I guess I'll not be the only one having difficulties installing Devcoin and Ixcoin tonight. Both clients refuse to download the chain: they try to bootstrap from IRC, fail to connect to IRC and stay idle. Anyone had success here installing the Windows binaries? Both IXC and DVC... one user suggested 64bit to be a problem (I don't have any 32bit left to test)

Try adding 50.116.37.18 as a node for both DVC and IXC:

Code:

ixcoind -addnode=50.116.37.18

Quote

doublec: your own coin-wallet service would definitely be a big plus in such a situation.

I'll try and get something together for this in the coming week.

matt4054

legendary

Activity: 1946

Merit: 1035

I guess I'll not be the only one having difficulties installing Devcoin and Ixcoin tonight. Both clients refuse to download the chain: they try to bootstrap from IRC, fail to connect to IRC and stay idle. Anyone had success here installing the Windows binaries? Both IXC and DVC... one user suggested 64bit to be a problem (I don't have any 32bit left to test)

I'm too frustrated to take hours putting up a dev env to compile them on my current machine. I was supposed to start a nice week-end and chill off. There are times I would just like things not to go awry, so unexpectedly... I'll think I'll renounce my merged alt coins for now and maybe go back to a pure PPS pool like 50BTC, I'm fed up with fear, uncertainty and doubt I had these days due to various troubles, and this includes unlucky PPLNS / DGM pools

I know I look like a whining bastard here, but bad luck in series is getting on my nerves. EDIT: yes whining auto-detected so I'll not switch pool but wait for a solution to the IXC/DVC not being installable.

doublec: your own coin-wallet service would definitely be a big plus in such a situation.

Edit2: just saw your proposal to edit addresses exceptionally, it's very much appreciated too, now I know I have a chance to recover the alt coins at least. I can sign messages with my BTC address so it should be fine. Thank you for allowing me to go to sleep with hope ;-)

ssateneth

legendary

Activity: 1344

Merit: 1004

Emailed

doublec

legendary

Activity: 1078

Merit: 1005

Quote from: superfastkyle on May 10, 2013, 06:05:02 PM

Please do what you can to help us. I know this is 100% not your fault but I setup all deposit addresses with vircurex (even btc). And I had several of my friends do the same for ease of use. I hate to have to tell them their coins are gone too.

Ok, I'm going to do a one off fix for this issue. If users email [email protected] or bitmessage BM-BbgTgGa6LX3yYqwJSwdwrzysvfWjM2u6 with the following:

Your account name
Your bitcoin address registered with that name

I will reply with a message you need to sign using your bitcoin address.

For those of you who do not have the private keys for any of the addresses I'll deal on a case by case basis via email/bitmessage. What you should do now though is register a new account with new coin addresses that you own.

superfastkyle

sr. member

Activity: 437

Merit: 250

Please do what you can to help us. I know this is 100% not your fault but I setup all deposit addresses with vircurex (even btc). And I had several of my friends do the same for ease of use. I hate to have to tell them their coins are gone too.

doublec

legendary

Activity: 1078

Merit: 1005

The other approach I've considered is setting up my own coin wallet service for people to generate addresses, withdraw, etc. Keeping this separate from the pool enables those who manage their own keys to be as secure as possible while the wallet service would be for those that don't care. Someone hacking the wallet service wouldn't affect the pool for example. This could be a possibility in the future if someone else doesn't do it.

doublec

legendary

Activity: 1078

Merit: 1005

Quote from: roy7 on May 10, 2013, 05:39:13 PM

Certainly the way to go. Stay in control of your own coins.

Also, Virc, Bter, and maybe other exchanges will "lose" any deposits from a new block coinbase. (They don't count as deposits any newly minted coins without an Input). It's a bug on the exchange's end but it seems widespread. If bitparking ever started paying that way, your payments would vanish.

Right, every time I think "I should move to coinbase payments" my other inner voice says "but then you have the support cost of explaining to all existing users to register new non-exchange accounts".

roy7

sr. member

Activity: 434

Merit: 250

Quote from: matt4054 on May 10, 2013, 05:32:52 PM

After 10 minutes of thinking, my solution will be radical and easy: I'll re-create another account, and this time I will use my own wallets for every coin. And I would recommend this to anyone creating an account at this point!

Certainly the way to go. Stay in control of your own coins.

Also, Virc, Bter, and maybe other exchanges will "lose" any deposits from a new block coinbase. (They don't count as deposits any newly minted coins without an Input). It's a bug on the exchange's end but it seems widespread. If bitparking ever started paying that way, your payments would vanish.

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: doublec on May 10, 2013, 05:14:41 PM

Thanks for the kind words and ideas. I don't have plans to add passworded accounts as I see this as a differentiator with Bitparking - the owner of the private keys for the registered account owns the funds and it can't be changed. The Vircurex issue shows this has a downside but for those that own their own private keys they know they're safe. If I move to automatic withdraws and/or generated coins in the coinbase then even the pool wouldn't own the coins.

If BitParking wants to keep that difference it's perfectly fine, I just think the Vircurex mishap this evening show the weakness of using addresses that you don't really own (i.e. no private key for it).

After 10 minutes of thinking, my solution will be radical and easy: I'll re-create another account, and this time I will use my own wallets for every coin. And I would recommend this to anyone creating an account at this point!

Quote from: doublec on May 10, 2013, 05:14:41 PM

Transaction fee payout is something I'm considering but if I do that I'll have to change to not paying orphans. Basically the transaction fees pays for the orphans - or so I'm hoping - over time. So far the pool is in debt in that area due to two early orphans when switching to DGM but we'll see. It seems that paying tx fees might be perceived as a better deal than paying orphans by users and it'll be worth switching.

If you want to keep using the fees to pay for orphans that's fine as well, but as you mentioned you are still in deficit because of them. I think there is no good reason to pay for orphans (besides speeding up payout for generated block without waiting for confirmations), while there are good reasons to pay the fees to the miners (that is supposed to become the main income eventually, in many years I mean...). So I would support the move, even if it temporarily means less revenue to the miners.

doublec

legendary

Activity: 1078

Merit: 1005

Quote from: matt4054 on May 10, 2013, 10:37:36 AM

Add separate sub-accounts by worker
Protect accounts with password + 2FA to allow for withdrawal address changes
Include the collected mining fees of each block in the payout
A nice, responsive design web interface

Thanks for the kind words and ideas. I don't have plans to add passworded accounts as I see this as a differentiator with Bitparking - the owner of the private keys for the registered account owns the funds and it can't be changed. The Vircurex issue shows this has a downside but for those that own their own private keys they know they're safe. If I move to automatic withdraws and/or generated coins in the coinbase then even the pool wouldn't own the coins.

Transaction fee payout is something I'm considering but if I do that I'll have to change to not paying orphans. Basically the transaction fees pays for the orphans - or so I'm hoping - over time. So far the pool is in debt in that area due to two early orphans when switching to DGM but we'll see. It seems that paying tx fees might be perceived as a better deal than paying orphans by users and it'll be worth switching.

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: roy7 on May 10, 2013, 05:04:49 PM

I don't use Vircurex but I was assuming they meant the wallets that host your coins while deposited at Vircurex. Do they have an online wallet service too?

Nope actually not, I was referring to the deposited coins. I am leaving them just to avoid selling them at market rate when the market is low. Now I assume they're gone, and more important, I assume it would be pointless to mine any further on BitParking before I had the chance to re-create IXC and DVC wallet.

I'm angry, because it's not the first time that I lose money due to the tiny bits of trust that any "coiner" must have in exchanges at some point, if he wants to use the coins for anything useful. One of my friend still has >2K euros stuck in the BTC24 fiasco. Etc, etc...

Even if the coins were not stolen, any further payout send at old Vircurex address are likely to be lost as far as I understand.

doublec

legendary

Activity: 1078

Merit: 1005

Quote from: matt4054 on May 10, 2013, 05:03:00 PM

Yes this really sucks. The fact that:

1) many of use used Vircurex for alt-MM-coins (I was even advertised with referral)
2) you just can't change payout addresses
3) Vircurex just got hacked (apparently)

Together that means I can throw my account away, and lost coins.
Might be Vircurex pure fail but common... it sucks, it really does.
I think I will never want to depend on hosted wallets again.
But running all alt-chains on your own machine is a pain too.

Yes, this is a problem. Bitparking has read only addresses and the owner of the private key for the registered address basically owns the funds. What you might be able to do is ask Vircurex for the private key for the addresses. You could import these into your own client, withdraw, then immediately transfer. It's unlikely any hacker is constantly monitoring the alt coin wallets. It may not be possible for Vircurex to provide this though.

You don't need to run all alt-coins all the time on your own machine. You can run once, get an address, register with that and never run the client again until you want to use the funds. You can even withdraw from bitparking without needing to run your client. This is how I do things.

Someone asked me if they could sign a message using one of the keys (ie. the bitcoin key) to prove ownership of the other addresses and have them changed. The problem with this is it leaves the pool open to social engineering. If the bitcoin key was kept on Vircurex too I don't know if it's the hacker then trying to withdraw funds from the pool. It's a bad situation. I'm open to suggestions.

roy7

sr. member

Activity: 434

Merit: 250

I don't use Vircurex but I was assuming they meant the wallets that host your coins while deposited at Vircurex. Do they have an online wallet service too?

matt4054

legendary

Activity: 1946

Merit: 1035

Quote from: redtwitz on May 10, 2013, 04:33:02 PM

Quote from: Kumala on May 10, 2013, 03:36:39 PM

After investigating the security breach [in Vircurex] we have to come to the conclusion that the attacker has been able to get root access to the systems.

Therefore we need to assume that the wallets might have been copied, thus DO NOT deposit funds. Everyone will be getting a new set of addresses.

Yes this really sucks. The fact that:

1) many of use used Vircurex for alt-MM-coins (I was even advertised with referral)
2) you just can't change payout addresses
3) Vircurex just got hacked (apparently)

Together that means I can throw my account away, and lost coins.
Might be Vircurex pure fail but common... it sucks, it really does.
I think I will never want to depend on hosted wallets again.
But running all alt-chains on your own machine is a pain too.

Topic: [9 TH] Bitparking Pool, DGM 0%,vardiff,stratum,Merge Mining - page 56. (Read 163893 times)