Topic: Blockchain.info - Bitcoin Block explorer & Currency Statistics - page 23. (Read 482544 times)

Yup.  Seems like this feature on Blockchain.info needs an overhaul.  Any response from site operators regarding this?

As far as I know they are never purged, and it would be utterly foolish to do so, but I suggest to wait for an official answer anyway.

In any case a good approach is to use two wallets: one "light" and another one "tight". The light one has less security measures and contains only small amounts of coins, to be used daily. The tight one keeps most of your balance, and should have all security you can get. The paper wallets could be linked to the tight one, and in this case it might make more sense not to archive them.

(anyway even if those watch-only addresses would be deleted, they could be re-added from your paper wallet itself – they are there just for convenience)

Looks like the 'my wallet 1.9 firefox add on' has not been updated in a while and is now defunct - I can log on with the My Wallet in browser add-on (I have less than $20 worth of hot bitcoins in the wallet so didn't think I was risking much).

I'll assume it's just a repeat of this cloudflare issue unless there is a further update.

Also note this if you've not found it already:

  https://bitcointalksearch.org/topic/inline-javascript-found-blockchaininfo-152494

Wow.  Scary.

From looking around, my best guess is that the e-mail addy is correct.

If ~piuk coded in some sort of a checksum sanity check thing for the javascript, I could imagine that the e-mail addy might not have gotten updated even if support has migrated onward to some part of the increasingly large effort.

I tried going to the web site in an incognito window and saw no warning signs.  But I did not attempt to log in until I understand this issue better.  I'm on a version of chromium built from source about a year ago.

I would say that whatever you do, don't type in your password until we get some official feedback.  And get a copy of the block of text (but don't publish it.)  BTW, when exactly in the login process do you get the issue?

Might be that it is a benign thing which could be cleared up by clearing your cache or cookies or something, but I wouldn't take any chances until there is more feedback from official sources.  At least not if the account has any significant funds and/or your password is sensitive (e.g, you re-used it elsewhere which is not a great idea as I'm sure you know.)

Please ping back and let us know what's up if you figure it out.  Other interesting things to know would be browser, platform, country, ISP if you feel inclined to share the info.

I've been getting the following errors when I attempt to log in to my wallet:


Unknown src attribute data (followed by a large block of text)

then

*** Serious Error - Javascript inconsistencies found. Maybe malicious - Do not Login! Please contact [email protected]

This email address looks dodgy to me.

Anyone else getting this or is it just me?

In which case a pool could swallow a bit of latency and make sure a block looks like it's been relayed from elsewhere.

There are still blocks listed as "Relayed by Bitlc.net", which closed early last year. That "Relayed by" attribution itself is incorrect.

Agreed.  And I don't really care who mined the block when it comes to determining who relayed the block.


And I was interested in who relayed the block.  I agree, mining doesn't mean relaying.


Yes, I hadn't seen that particular page before.  Now that you've provided the link, I can see that blockchain.info has an error in that particular page.


Perhaps a pool operator that doesn't want anyone to know that they are approaching 50% of the hash power?  If there is an incentive to report the correct information, then there is almost certainly an incentive to report false information.

Ah, I see.

You're right.  That page is broken.

I don't really care who relayed the block when it comes to determining who mined the block.  They are two separate things.  I was interested in which pool mined the block.  Just because someone relay's the block, doesn't mean that they mined it, hence the current issue with the way BlockChain.info assigns which pool mines a block.

Yes, someone could place a tag in their Coinbase signature when they mine a block and that could create false attribution.  I just don't see the incentive to do so other than by a pool operator who's trying to hide the fact that they solved a block.  With blocks being solved randomly, it would be pointless to consistency fake the data.

Here - https://blockchain.info/blocks/BitMinter

But how is that going to tell me who relayed the block to blockchain.info? 


Only people who don't bother learning what the word "relayed" means.


But that wouldn't tell us who "relayed" the block?

Also, is the information in the coinbase a cryptographicly secure signature?  Or is it just a tag placed there by the mining pool?  If it's just a tag, then what keeps others from copying the tag to create a false attribution to the wrong pool?

Where does blockchain.info "attribute" that block to BitMinter?

I'm saying that "Relayed By" shouldn't be used.  The CoinBase signature should be used instead.  The only issue with http://blockorigin.pfoe.be/blocklist.php is that it uses each pool's own website which isn't a great external validation.  Having a third party validate the information would be nice.  Of course, unscrupulous pools could probably change their CoinBase randomly from time to time in order to hide the fact that they solved a block. 

Anyway, Blockchain's use of Relayer causes people to get upset when they report a block is solved by a pool when it isn't.  If they used the CoinBase signature, then it wouldn't be as big of an issue.

No, I'm not talking about the relayed by information, but the Coinbase signature.  For example, look at https://blockchain.info/tx/336820af0a7b342883e7a60d96db82d5e1e329d5702c6316b0afad756347fb12 which you'll see this for the Coinbase:

03885c04094269744d696e746572062f503253482f2cfabe6d6dda14175dc3ce8af0faaa59c23d3 dc93a91ac6f1f32079db879f8c2560e4d6ea0010000000000000009757331602a00000010003a22 d2990200000000
(decoded) �\   BitMinter/P2SH/,�mm�]�Ί��Y�==�:��o2��y��VMn�
   us1`*:"ҙ

Inside that, you have BitMinter.  Most pools have an unique Coinbase signature, but blockchain.info doesn't seem to be parsing it correctly. 

Here's the Coinbase of another block that was attributed to BitMinter, but wasn't actually a BitMinter solved block - https://blockchain.info/tx/74f96248d0986d9ca4db75bec14e6bc44d3a9ed487063abf010048329099c64f which has a Coinbase of 03235c0403e23d02062f503253482f
(decoded) #\�=/P2SH/

Today I held a presentation about Rublon (automatic two-factor authentication for web apps) at KBBS 2014 (http://kbbs.uz.zgora.pl). One of your users asked us to get in touch with you because he would like to be able to protect his Blockchain.info account with Rublon.

This is how it works:
http://www.youtube.com/watch?v=JNorW7vvMR0

In comparison to traditional two-factor solutions, Rublon does not require you to use your mobile phone. It's based on trusted devices. Once you add your laptop to your trusted devices, all you will have to do is just enter your password in order to log in.

Sorry, I haven't read through the 151 pages of this thread to see if these suggestions have already been made, but I'll add it here.

Two features that would be nice to add to the wallet:

(1) Have a way to filter out dust/spam transactions when viewing your transaction history.
(2) Have a way to view your 'spendable' balance.  I have many watch only addresses in my wallet, but just a couple that the blockchain wallet has the private key for. 

Thanks,

John

Does Blockchain.info relay non-standard TXs? Just wondering how that 1 satoshi spam got relayed.

Hello, can you tell me if it is possible to identify the source address when receiving payments using the "Receive Payment API"?

When the callback page is called I can see the destination address and the newly created payment deposit address, but no source address from where the payment originated.

Thanks!