Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 782. (Read 4671575 times)

Is it possible to upload compiled miner somewhere or give instructions on how can I compile it?
Thanks for the great work!

A second update from our part time developer tewinget on documentation and cleanup of source code -> https://forum.getmonero.org/9/work-in-progress/2373/documentation-and-cleanup-of-source-code?sort=date_desc

What is this mysterious DRK coin being alluded to in your sig?  No XMR donations accepted?

Any details on performance? (And cpu load?)

Have you ever posted pix of your mining setup?

i know of no such coin, nor do i mine anything besides monero

What about you building in a 1% to devfund-fee instead of a 5% to claymore?

Welcome back.

Monero...still have some after all this time very good coin

Great :-)

EDIT: Oh, just saw it was you who funded the remainder. Great job and thanks!

This is now at 100%.

Wolf0 will always do a good job, if nothing else, because he has a reputation to maintain! 

I am sure Wolf will do his best! Early optimization gains are easier than later ones. Eventually there is a point of diminishing returns.

That's nice, I would like to see Wolf not hold back on this project. I've read that his previous code was only "partly optimized'. Impress us!

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

That's funny, because BlockaFett was online today at Today at 10:52:40 AM : https://bitcointalksearch.org/user/blockafett-340495 and you post is from Today at 12:30:06 PM. 

   

Thanks for clarifying Fluffy, and it's true I have seen you say several times that MyMonero is more for convenience but if you want the best security then use SimpleWallet.

I wish I hadn't posted now, I will sign off.  Good luck with your upcoming DB release.

BF

That's fair enough, and I apologise for misreading your comment as trolling.

Two things, then. First up, it hasn't occurred (at all) since that thread, and at the time I could not reproduce it by regular access even from different machines around the globe. I also couldn't reproduce finding the errant code (as it would appear by default, ie. without fudging JS versioning) either via archive.org or in Bing / Google's cache. Since then I have checked periodically to see if it is appearing, but have not seen the session-to-cookie snippet pop up. The snippet has not existed on the server in any way, shape, or form for many, many months, and so I can only assume it was isolated and unexpected. Needless to say that if it *is* ever reproducible by me then I will be able to tackle the exact cause and fix it from there.

Which leads me to the second thing I wanted to mention: I made it clear in that original thread, and it behoves repeating, web-based wallets are not "safe". Where a local wallet has a set of security risks (eg. a deviant local process can hijack your transactions as they are being built and redirect the funds) web wallets open up an additional class of security risks: trusting code that is delivered live, and passes through multiple points on the Internet. Using MyMonero involves trusting your ISP, trusting CloudFlare, trusting the CA, trusting MyMonero, and trusting the various data providers en-route, each and every time you use the web wallet. That having been said, MyMonero represents a smaller attack surface than a Bitcoin / altcoin-based web wallet where the keys are held on the server, as MyMonero is unable to spend funds independently of the user. Thus this attack would involve serving up compromised JavaScript, which would be noticed were it done on any sort of scale.

To that end, I'd like to reiterate my original comment from our previous discussion on the security of MyMonero:


One final bootnote: the view key is sent to the MyMonero server every single time, so we don't state that "no keys" are sent to the server, merely that the spend key is not. That is a factually correct statement, barring any number of circumstances outside of our control, such as a user's ISP being compromised. I hope it is unnecessary for me to qualify that statement every time I make it:)

What I'd like to know is, does the vulnerability still exist or not?

It's certainly good to point out with a clear disclosure that it did exist, but if has in fact been fixed then I'm not going to include a footnote about a former vulnerability every time someone asks a question about how MyMonero works. That's silly -- you would have to include such a disclosure about every site or piece of software that has ever had a vulnerability, which is pretty much all of them.

Hi Fluffy.  No it is me, Blockafett.  I can confirm that if you want but I would have to recover the account details as I scrambled the password - the reason is I didn't like how BCT was taking up all my time trying to argue with the dozens of posts a day attacking the main coin I am interested in coming from a minority of users here who get a kick out of bullying people and generally make life hell for anyone interested in that coin, now I just use the official forum and hardly look at BCT and life is much better.  I made this second account when I came back temporarily.

Please don't get me wrong, I am not saying that I think that this was done deliberately to hurt Monero users, because I don't - if it was, it wouldn't be intermittent - it's more likely to be a CloudFlare cache issue / test code as we discussed, I explained this in that thread.  

The reason I posted the above, is because I don't think it's fair for users to hear that private keys are never sent to the server, because they were (are?) being, for whatever reason.

You can be 100% honest but this can still undermine user's security - priv keys are stored on their local HD in clear text, and also sent up the wire to your server, so there are many ways these can be collected / intercepted / cached.

I don't think it's unfair for me to point this out - if I was a MyMonero user (i'm not, but I have invested in Monero before) I would want to know this.  So with Smooth here now saying priv keys are never sent, when 5 months ago I showed they were being, for whatever reason, is just not true, and he knows that very well because we spoke about it there.

A lot of users here care about security, I think it's fair to point this out, and users have a right to know this vulnerability existed so they can take corrective action.

And I'm not trolling, I never mentioned this issue on this thread once before, just on a separate thread in the alt section, I would have expected some official announcement here - maybe this happened already, and this issue is fixed.  I don't know.  

If this happened on the other coin I mentioned, I think we all know there would be like 20 posts a day from Icebreaker and crew accusing the dev of being a "scammer!!!" in gigantic red posts as usual and generally trying to make people's lives there a misery for their own agenda - I haven't done that, but I don't like that it seems like users don't have this information when it's 6 months old already, which is why I posted it.  And I do have issues with Smooth as I have stated before but that is not something I want to comment on here, but is the reason I felt I should post today.

So to clarify, this is not a "Scam" accusation in any way, just I think users have the right to know their keys might have been compromised by anyone with access to their PC all the way up to MyMonero ISP / servers.  

What is the situation then, has this vulnerability been fixed or is CloudFlare still serving the code that sends the private keys?  Apologies if this was announced already, but I didn't see it and I did a quick search on the thread earlier too.