Topic: [DEAD] DeepBit.net PPS+Prop,instant payouts, we pay for INVALID BLOCKS too - page 294. (Read 1601352 times)

an AF joke

PayPal mining? 

Hey, [Tycho], recently slush made this post in his thread:



Could you confirm you have something of the sort? It would put my mind and several other's people's mine at ease

Tycho:
Can I get help with reseting, or recovering a lost account password?

thanks  for having long polling support

I've already said it and I'll say it again, feature-wise and in general, this is by far the best pool. Sure the fees are the highest on the market, but they are offset by LP and failed block payouts, which IMO, as long as slush doesn't implement LP, deepbit is actually cheaper than slush. Having such a large hashrate, this is, for most, the most attractive pool to join.

Thank you for all the new features; making this pool better very fast. Keep it up .

Difficulty period of ~68978.89245792 just ended this night and new difficulty is ~82347.22294654 (~19% increase)

During this period we have found 263 blocks with average 68128.4106 shares per block, which is ~1.23% better than expected.
Our hashrate is about 90 GH/s and peak value yesterday was over 100 GH/s.

UPDATE:

• You can try to enable history column in you advanced settings
  If history column is enabled, you can see your shares/total shares, average speed and balance change for each block

It's very simple:  using Digest auth by default will reduce potential for problems, over existing practice of using Basic auth.  Is SSL better?  Yes.  Do potential problems exist even with Digest?  Yes.  But neither of those factors implies that Digest is useless, given current client implementations and practices.

Remember:  don't let perfect be the enemy of good.

Right, that's pretty much what I'm saying -- implementing digest auth for mining doesn't seem worthwhile, given that damage can only result if the user is dumb enough to use a shared password for a worker.  Attacks under the user's identity can be easily detected.

If it wasn't clear, I was only bringing up a possible attack against a normal bitcoind in response to this:

I was trying to illustrate that digest auth is pointless for mining accounts, and offers only the illusion of protection for a normal bitcoind.

User who cares about securuty would use separate password for workers.
Worker processing and JSON API doesn't allow attacker to steal user's money or account. There is no function to change user's bitcoin address with worker password or api token. Someone may even use random password for main account and never use it again to prevent it's interception :))

Using encryption is better than not using encryption.  Thanks for that news flash.

Nobody could use TLS before TLS was invented, either.  It's a good thing people didn't give up on creating it.

To elaborate on this a bit: suppose that Mallory does have the ability to intercept Alice's traffic.  Using basic auth, Mallory can extract Alice's username and password, then send his own requests to her bitcoind and do stuff.  He may also be able to authenticate using Alice's credentials to other services (email, etc.).

Using digest auth, Mallory cannot easily extract Alice's username and password, but if Mallory has the ability to intercept traffic he probably has the ability to alter it as well.  He can then execute a MITM attack, change Alice's request payload, and transfer money to himself, possibly even return a response back to Alice that looks like a reasonable response to her original request so that she is not immediately aware of the attack.  Mallory can't try to authenticate using Alice's unknown-to-him credentials elsewhere, but he now has a fair amount of control over her bitcoind.  This is a slightly better scenario, but only marginally.

Using TLS, Mallory would have to compromise Alice's bitcoind private key (or trick Alice into using a forged certificate) in order for any such attacks to be possible.

...because not all users will or can use HTTPS, rendering most of those points moot.

If we are talking about Bitcoin's own RPC mechanism, this should really use TLS anyway, rendering the HTTP auth mechanism irrelevant.  If you're sending requests over the Internet to other bitcoind instances to do things like transfer money, all of the data should be secured.

Please read my original post again.  It's clear that you skipped some parts.

I'm not disputing that, only indicating that there are perfectly reasonable workarounds that exist already, and that any security-conscious user would already be using them.  Besides, digest-mode authentication is really like using a band-aid on a severed limb.  If we're going to spend energy securing the protocol, how about we do it right?

Everything is fine on my side. PM me your login name so i can check your account stats.

What was shown on your account page and in workers table ?

If you are using PPS mode, then there is no "your reward per block", your account balance just increases every hour.

Are you set for Pay-Per-Share?   PPS does not show you payout by block, only Proportional.

   

Hi Tycho! I've been using rpcminer-cuda without problems, but now I've noticed this in my profile:

05.04.2011 18:08:56   0h 25m   31955    None
05.04.2011 17:43:09   0h 49m   61789    None
05.04.2011 16:54:08   0h 59m   74549    None
05.04.2011 15:54:58   0h 19m   25210    None
05.04.2011 15:35:16   0h 42m   55033    None
05.04.2011 14:52:19   0h 23m   30346    None
05.04.2011 14:28:50   0h 02m   3113    None
05.04.2011 14:26:23   0h 30m   38431    None
05.04.2011 13:56:16   0h 07m   9308    None
05.04.2011 13:48:45   0h 34m   42825    None
05.04.2011 13:14:34   0h 42m   53102    None
05.04.2011 12:32:13   0h 30m   40124    None
05.04.2011 12:01:24   0h 26m   33833    None
05.04.2011 11:34:37   2h 18m   181196    None
05.04.2011 09:15:50   2h 35m   203520    None
05.04.2011 06:40:35   1h 36m   123378    None
05.04.2011 05:04:08   0h 00m   871    None
05.04.2011 05:03:23   0h 25m   31564    None
05.04.2011 04:37:58   0h 40m   50619    None
05.04.2011 03:57:42   1h 31m   114299    None
05.04.2011 02:26:00   0h 18m   22245    None
05.04.2011 02:07:55   2h 49m   209771    None
04.04.2011 23:18:31   0h 19m   24617    None
04.04.2011 22:58:37   0h 05m   6482    None
04.04.2011 22:53:05   0h 13m   15859    None
04.04.2011 22:39:33   0h 27m   33861    None
04.04.2011 22:11:54   4h 02m   238749    None
04.04.2011 19:14:14   1h 05m   64308    None
04.04.2011 18:09:00   0h 27m   35344    None
04.04.2011 17:41:39   2h 30m   194227    None

How can it be posible? I've been watching the window and it was working, and I've also been checking my gpu temps and my card was at >60º so it was working... what happened here?

That does not excuse sending cleartext passwords with every request.  Users have been known to do strange things, like re-use passwords.

Decades of security practice has demonstrated that cleartext passwords should never ever be used.