Pages:
Author

Topic: Alternative Block Chains : be safe! - page 87. (Read 1288732 times)

legendary
Activity: 1316
Merit: 1016
October 07, 2011, 12:41:38 PM
#34
Thanks Mr. Andresen, but I'm only running alternative clients in VMs (I'm basically selling all alt. coins for BTC asap  Cheesy)
mrb
legendary
Activity: 1512
Merit: 1027
October 05, 2011, 11:24:21 PM
#33
Guys, there is no point in GPU-mining in VMs!

Alternative chains with GPU-based miners are compatible with standard (trusted) miners that don't need to be virtualized. This means you only need to run the (untrusted) alternative chain app in a VM, and expose its RPC port to the network where the physical miners are running...
hero member
Activity: 780
Merit: 510
Bitcoin - helping to end bankster enslavement.
October 04, 2011, 08:33:01 AM
#32
GPU virtualization is still pretty experimental. Most VMs virtualize some old crap GPU by default. To get hardware access to your actual GPU, in Virtualbox there is an option to do that and it works, sometimes, somewhat. TBH, I havent tried GPU mining in a VM yet, I have used it for CPU mining and then VMs are trivial. Anyone got GPU mining to work in a VM?

Working on it in vSphere 5, I feel I am close to getting it to work.
hero member
Activity: 518
Merit: 500
October 04, 2011, 04:20:53 AM
#31
GPU virtualization is still pretty experimental. Most VMs virtualize some old crap GPU by default. To get hardware access to your actual GPU, in Virtualbox there is an option to do that and it works, sometimes, somewhat. TBH, I havent tried GPU mining in a VM yet, I have used it for CPU mining and then VMs are trivial. Anyone got GPU mining to work in a VM?
hero member
Activity: 518
Merit: 500
October 03, 2011, 02:56:37 AM
#30
vmware is so hard to use Sad

Virtualbox is pretty easy and works great. Its also free.
hero member
Activity: 780
Merit: 510
Bitcoin - helping to end bankster enslavement.
October 02, 2011, 07:45:08 PM
#29
vmware is so hard to use Sad

No it's not it's the easiest product unless you are talking about VSphere.
sr. member
Activity: 280
Merit: 250
Firstbits: 12pqwk
October 02, 2011, 07:10:27 PM
#28
vmware is so hard to use Sad
hero member
Activity: 518
Merit: 500
October 02, 2011, 05:21:48 PM
#27
Some people only have one computer and that must suck.

Fortunately a few decades ago they invented virtual machines. Now anyone can have as many computers and OSs as he likes Smiley
member
Activity: 112
Merit: 11
Hillariously voracious
October 02, 2011, 05:12:28 PM
#26
Mayhaps, mayhaps.
full member
Activity: 154
Merit: 100
October 02, 2011, 05:08:16 PM
#25
Are you sure about that?  What's a network of a few thousand high end machines with great network connectivity, on 24x7, insensitive to CPU or GPU load worth?  Doubly so with some having the keys to a few hundred to a few thousand dollars of electronic currency?

I'd say quite a bit.  It's only a matter of time -- if a big enough % of the bitcoin community is willing to download and run windows exes for every alt currency that comes along all you need is a hijacked forum account of a regular to pull it off.

member
Activity: 112
Merit: 11
Hillariously voracious
October 02, 2011, 04:57:15 PM
#24
If a technological feat is possible, man will do it.  Almost as if it's wired into the core of our being.

touche Cheesy

I like your style.

And an alt chain mining trojan feat is not just possible but borderline trivial.  Not having happened in the 4 or 5 alt chains so far is just pure luck.

Nah, more like this entire funny hobby of making funny alt chains  is just a really small hobby which srz bzns hackers just overlook.
full member
Activity: 154
Merit: 100
October 02, 2011, 04:53:33 PM
#23
AFAIK, the closest we have is that fake miner.  If you think of it as mining a bogus, non-existent vapor coin chain then yes, it qualifies.

If a technological feat is possible, man will do it. Almost as if it's wired into the core of our being.  And an alt chain mining trojan feat is not just possible but borderline trivial.  Not having happened in the 4 or 5 alt chains so far is just pure luck.



member
Activity: 112
Merit: 11
Hillariously voracious
October 02, 2011, 04:49:25 PM
#22
http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29

Software trojans are definitely not a myth.  Has there been a bitcoin related one yet?  Absolutely!  I forget the name, but there was some wallet stealer Windows .exe that promised vastly higher hash rates.   It uploaded wallets to an FTP site instead.


No, I mean a documented case of malware propagating through distribution of alt-chains specifically ?
full member
Activity: 154
Merit: 100
October 02, 2011, 04:45:14 PM
#21
http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29

Software trojans are definitely not a myth.  Has there been a bitcoin related one yet?  Absolutely!  I forget the name, but there was some wallet stealer Windows .exe that promised vastly higher hash rates.   It uploaded wallets to an FTP site instead.
member
Activity: 112
Merit: 11
Hillariously voracious
October 02, 2011, 04:39:50 PM
#20
Was there a documented case of malware propagation via this route, or is this more or less a "what if..." Infosec Comparative E-Masculinity thing Cheesy ?
full member
Activity: 154
Merit: 100
October 02, 2011, 04:29:22 PM
#19
It's hard enough to get the half-baked alt chain software to run at all (and speed is of the essence knowing they are all quickly collapsing pyramids) never mind configuring a VM with appropriate hardware access.  Here are steps I've taken which I think are "good enough" to be advice -- it's worked for me for 4 shitcoin chains so far.

1.  Don't use Windows and pre-built .exes.  Just don't.  Ever.  Nothing inherently wrong with Microsoft software, but it is well understood and commonly used by the botnet types.  Staying out of the monoculture is a form of security by obscurity.
2.  Create a new account with no group membership.  I call mine "goatse" for obvious but nostalgic reasons.  Make absolutely sure that account doesn't have read or write access outside of their home directory.   Make doubly sure they can't read the raw hard drive device.
3.  Log out of your main account and into that account whenever compiling or running the alt chain software.  Remember that compilation & installation scripts are code!
4.  Do not browse exchange sites you have coinage in and definitely do not save passwords in the browser when logged in as this account.
5.  If you log into this account via ssh DO NOT enable X proxying.  It's trivial to read your keystrokes, do screen captures, etc when X is proxied.  Let me repeat this one, make sure X proxying is disabled.  If you can type 'xterm' and see it show up on your main account's screen you're vulnerable. 

And yes, I even follow this for official bitcoin software.  On a different account than "goatse" of course.

legendary
Activity: 1652
Merit: 2164
Chief Scientist
September 14, 2011, 06:49:14 PM
#18
I would STRONGLY suggest you look into this Gavin.

Relevant discussion on the bitcoin-dev mailing list is here:
  http://sourceforge.net/mailarchive/message.php?msg_id=28082081
hero member
Activity: 780
Merit: 510
Bitcoin - helping to end bankster enslavement.
September 14, 2011, 05:56:14 PM
#17
Although I don't think the fiasco with Namecoin is over and I do believe we have made it hard for BitcoinExpress.  With that said I looked into the block chain rewrite this is real and can be done while lagitamitly mining bitcoins.  This exploit is quite scary for Bitcoins as a person with 20% of the hash rate can write the block chain.

The good news is it can be fixed and Namecoin is a test of such fixes.

I would STRONGLY suggest you look into this Gavin.
legendary
Activity: 4354
Merit: 1783
Linux since 1997 RedHat 4
September 13, 2011, 11:40:17 PM
#16
...
Why not instead of making posts like this you take some adult leadership initiative and start cleaning up the toxic community that you are allowing to fester out here?  From your passive support through inaction of attacks on alt chains and now it is growing even wider.  You claim to have a thick skin as that is what it takes to lead projects like this, well it also takes a back bone.  You know as well as many of the people here that the alt coins provide much more to learn by being viable than having the community out attacking them.  Grow a pair and speak up, if there is one thing that will kill Bitcoin it is you and this community.  You have yet to condemn the attackers and you have yet to reign in the toxic community growing around Bitcoin, I surely hope your goals are not too see the whole project Blighted?  What would you think if you were a first time noob and came to see all this going on?  At some point people are going to start wondering if a gimpy blind retarded monkey could do a better job leading this project, why don't you start getting involved in the community, take a stance and be a leader, surround yourself with the right people to develop cryptocurrency and help foster an environment that will bring respectable businesses and users into the system.  At some point a leader has to step away from the technical details and stand up and be a leader.
LOL it's an open source project - there are no 'leaders' as you describe them.
No one can force anyone to do anything.

It's not some toxic community that you can clean up and you can't stop people from attacking the chains - though anyone with half an inkling of sense would realise that you can't stop that even in the closed source world Tongue

Try some adult thought beyond a gimpy lack of understanding of reality Smiley
member
Activity: 112
Merit: 11
Hillariously voracious
September 13, 2011, 05:55:58 PM
#15
One would think that someone who even tries to code knows to rather not say such things to programmers, lol Smiley
Pages:
Jump to: