I was just reading in a different bitcointalk thread about how exposed java is. What would YOU recommend? I'd love to try CGMiner if someone could help me with the commands.
I use MPBM on Linux, but that's only because I figured the x6500 would be bound to work best with an application designed by someone who knows the device intimately. As far as CGminer goes, although I've not tried it, my guess would be that "cgminer /?" or "cgminer /help" is probably what you want (sorry, I've never tried it either!).
I hesitate to offer unmitigated advice on this though; regardless of the programming language/run-time architecture, the application is only as secure as the way in which the security is written. Java gets used in the finance world fairly commonly for it's good points; virtually zero cost to using multiple hardware platforms (interpreted code doesn't need re-compiling for different systems) and it's memory managed (memory leaks could be very costworthy in these highly transient environments, doing away with them would speed up development time no end). The insecurity of the run-time is less of an issue in the finance world, as these systems wouldn't be exposed to the internet. They are almost always on a private network, securing such high value targets against internet hackers when there isn't a need for them to have an IP connection would be a vastly unnecessary expense.
I wish my programming was good enough to be able to study the source of these mining apps (not to mention the Satoshi client itself), checking for security pitfalls. Sadly not the case!
Carlton's general Good Advice:
1. Use a dedicated machine to mine
2. (super obviously) only intall the bare minimum mining software (on a brand new OS install)
3. Don't open other networking apps if you can avoid it (open browsers are begging for skilled and motivated attackers to try and find a way in, the longer it's open, the more you're "asking for it")
4. The usual security software (AV, firewall, anti-keylogging...)
5. Use Linux, but only if you're confident in knowing how to set it up (for instance, achieving a firewall in Linux is not as simple as downloading and installing an app)
I really should install linux and learn more about it. I hear it is so much more secure.
I know how you feel, I'm just glad that MPBM forced my hand as I wouldn't have summoned up the tenacity to do it if not for that. You'll find that eveything you need to know is NOT written down in the same place, and if you can imagine the most annoying way that a situation like that can manifest itself, well, you're still not ready because it's worse than you can imagine. But ultimately very rewarding.
So being exposed to bad shit is a good thing in a pool? I don't understand that last part at all.
All pools are exposed to these phenomena; the PPS ones intentionally average out the variance so that to the user, it seems like the payouts tick like clockwork. But behind the scenes, they're getting orphaned blocks, DOA shares and block maturity waits, just like all the solo and p2p miners. I believe Deepbit explicitly pays out to miners who solve orphaned blocks (I guess there must be some advantage to getting these orphaned blocks discovered, despte them being invalid and unspendable).
There is only one way to mine at the fundamental level, there are just various different "front-ends" to it (now that solo mining is only sensible if you have a halfway significant proportion of the total network hashrate)
