|
The Cryptocurrency Mining Thread: Just whitelist the trojan
|
#
?
Sep 28, 2017 17:44
|
|
|
|
| # ? May 18, 2024 14:20 |
|
|
Peachfart posted:The Cryptocurrency Mining Thread: Just whitelist the trojan Lol true I mean I get it, and I'm glad Windows flags miner programs because the last thing I want is a hidden miner. But the legacy miner provides their source code and you're the one running it so Nicehash 2.0 does not I do not believe but it also doesn't trip up anything so far. Which is weird.
|
|
#
?
Sep 28, 2017 17:47
|
|
|
Any Trojan that gets me 40 bucks a month is a pretty good one.
|
|
#
?
Sep 28, 2017 17:47
|
|
|
1gnoirents posted:Lol true 1gno how much $ have you mined? Are you exchanging to cash or gift cards ? Just curious
|
|
#
?
Sep 28, 2017 18:05
|
|
|
Comfy Fleece Sweater posted:1gno how much $ have you mined? Are you exchanging to cash or gift cards ? Just curious $611.77 since June 29th with one 1080 full time and a 1080ti roughly half the time. Thats after all fees and I just deposit it in my bank account directly from Coinbase (yeah I know they could forge ACH checks but im watching it). Total investment in my mining machine is $513 including the 1080. I dont really count the 1080ti since I was getting one for gaming anyway. My plan is to sell off the 1080 at the first hint of a close Volta release date and then swap the 1080ti in when I can replace that card if mining is still viable then. edit: I know how sad this sounds, but I am terrible at managing money and budgeting. However I went full anal with mining since I was pretty sure I was going to lose somehow. As a result, I actually started budgeting everything and my life is literally better because of buttcoins. I forgot something pretty important. My mining machine runs at 255 watts from the wall and my home pc runs at 330 watts from the wall. Those figures above include an estimated $29 in electricity every month. 1gnoirents fucked around with this message at 18:48 on Sep 28, 2017 |
|
#
?
Sep 28, 2017 18:40
|
|
|
Well that's not bad for turning on a computer
|
|
#
?
Sep 28, 2017 18:45
|
|
|
Basically crypto is  for enthusiasts
|
|
#
?
Sep 28, 2017 18:55
|
|
|
1gnoirents posted:Lol true yeah I'm sure no one ever finds malicious code hiding in open source projects
|
|
#
?
Sep 28, 2017 21:13
|
|
|
QuarkJets posted:yeah I'm sure no one ever finds malicious code hiding in open source projects I was thinking about mentioning that but I kind of have faith in the ultraparanoid part of the buttmining crowd to actually look at it
|
|
#
?
Sep 28, 2017 21:48
|
|
|
1gnoirents posted:I was thinking about mentioning that but I kind of have faith in the ultraparanoid part of the buttmining crowd to actually look at it lol this has been a common and continuing problem in the bitcoin community: of the people who are paranoid enough to look at source code, none are knowledgeable enough to understand it (see the famous "what is the purpose of #include?" and "HOW DO WE AUDIT THE BLOCKCHAIN" sagas)
|
|
#
?
Sep 28, 2017 21:49
|
|
|
QuarkJets posted:lol this has been a common and continuing problem in the bitcoin community: of the people who are paranoid enough to look at source code, none are knowledgeable enough to understand it (see the famous "what is the purpose of #include?" and "HOW DO WE AUDIT THE BLOCKCHAIN" sagas) ...these sound entertaining.
|
|
#
?
Sep 28, 2017 22:14
|
|
|
Pretty sure they'd be mentioned in divabot's book, but I haven't finished reading it Multiple open source wallets have turned out to have a developer-implemented kill switch that eventually stole everyone's money, and that's probably the easiest kind of software to inspect in this space. You'd think that all of these brilliant captains of industry would take the time to inspect the source code of the software that handles literally all of the money that they received from 2nd mortgaging their house.
|
|
#
?
Sep 28, 2017 22:48
|
|
|
QuarkJets posted:Pretty sure they'd be mentioned in divabot's book, but I haven't finished reading it nah, i didn't mention those particular shitshows, though I should have. mostly the problem is that all code in the cryptocurrency "space" (if you will) is an utter loving shitshow: Uptrenda posted:I was looking at the EtherDelta code not long ago and concluded it was too terrible to save. the hardest part in slipping something malicious into such code is that it's rare to find a blockchain coder that smart.
|
|
#
?
Sep 28, 2017 23:42
|
|
|
I mean there's the Ethereum hack that basically just told the network "yeah, I totally transferred this, you don't need to check my balance, Im good for it" for millions of dollars If that's not high quality coding
|
|
#
?
Sep 29, 2017 00:35
|
|
|
divabot posted:nah, i didn't mention those particular shitshows, though I should have. Hey hey, the hackers who steal bitcoins appear to be the smartest bitcoiners.
|
|
#
?
Sep 29, 2017 03:24
|
|
|
Comfy Fleece Sweater posted:I mean there's the Ethereum hack that basically just told the network "yeah, I totally transferred this, you don't need to check my balance, Im good for it" for millions of dollars ... please elaborate because that sounds like a wonderful story.
|
|
#
?
Sep 29, 2017 03:25
|
|
|
I remember reading something once about the programming model of the Ethereum Virtual Machine being really non-intuitive to deal with especially since you can easily run out of gas. random guess: it's like Java except you can get exceptions thrown out of random bullshit code you don't expect to throw, and most people don't handle the failure cases gracefully.
|
|
#
?
Sep 29, 2017 04:30
|
|
|
tehinternet posted:... please elaborate because that sounds like a wonderful story. Goon user divabot tells it much better in his book : The DAO: the steadfast iron will of unstoppable code Excerpt from Attack of the 50 Foot Blockchain by David Gerard You just learned chemistry and the first thing you built was a giant bomb and you can’t understand why it blew up in your face. – brockchainbrockshize, /r/ethereum1 Not content with their existing sales of Internet fairy gold, some Ethereum developers at German blockchain startup Slock.it came up with an even more complicated scheme: The DAO – a Decentralized Autonomous Organization, with “The” as part of the name. This was a smart contract on Ethereum which would take people’s money and give it to projects voted on by the contributors as worth funding: a distributed venture capital firm. The DAO’s Mission: To blaze a new path in business organization for the betterment of its members, existing simultaneously nowhere and everywhere and operating solely with the steadfast iron will of unstoppable code.2 Bold in original. I’m sure there are no obvious problems there that jump right out at you. The DAO launched on 30 April 2016, got massive publicity and became the biggest crowdfunding in history up to that time, with over $150 million in ETH from 11,000 investors in DAO tokens. Fourteen per cent of all Ether was in The DAO. It was also the most prominent smart contract of all time, achieving much mainstream press coverage. It proceeded to illustrate just about every potential issue that has ever been raised with smart contracts. The DAO’s legal footing was uncertain, and widely questioned. Selling tokens in The DAO closely resembled trading in unregistered securities – particularly when DAO tokens themselves hit cryptocurrency exchanges – and the SEC had come down on similar schemes in the past. There was no corporate entity, so it would default in most legal systems to being a general partnership, with the investors having unlimited personal liability, and the creators and the designated “curators” of the scheme likely also being liable. Shortly before the go-live date, researchers flagged several mechanisms in the design of The DAO that would almost certainly lead to losses for investors, and called for a moratorium on The DAO until they could be fixed.3 Worse, on 9 June a bug was found in multiple smart contracts written in Solidity, including The DAO: if a balance function was called recursively in the right way, you could withdraw money repeatedly at no cost. “Your smart contract is probably vulnerable to being emptied if you keep track of any sort of user balances and were not very, very careful.”4 This was not technically a bug in Solidity, but the language design had made it fatally easy to leave yourself wide open. The principals decided to proceed anyway, Stephen Tual of Slock.it confidently declaring on 12 June “No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery”5 … and on 17 June, a hacker used this recursive call bug to drain $50 million from The DAO. And nobody could stop this happening, because the smart contract code couldn’t be altered without two weeks’ consensus from participants. The price of ETH promptly dropped from $21.50 to $15. (Tual posted on 9 July a hopeful list of reasons why the attacker might give all the ether back, just like that. Because it would be in their rational self-interest.6 This didn’t happen, oddly enough.) Ethereum Foundation principals discussed options including a soft fork or a hard fork of the code or even of the blockchain itself, or a rollback of the blockchain. The community wrangled with the philosophical issues: this contract had been advertised as “the steadfast iron will of unstoppable code,” but it appeared only the hacker had read the contract’s fine print in sufficient detail.7 Some seriously debated whether this should even be regarded as a “theft”, because code is law and intent doesn’t matter (unlike in real-world contracts operating in a legal system, or indeed in fraud law). Others argued that the market integrity of the Ethereum smart contract system required that incompetent contracts, which The DAO certainly was, had to be allowed to fail. (The proposed soft fork solution was to blacklist transactions whose result interacted with the “dark DAO” the attacker had poured the funds into. This would have been an avenue for a fairly obvious denial-of-service attack: flood Ethereum with costly computations that end at the dark DAO. In computer science terms, this approach could only have worked by first solving the halting problem: you would need to be able to determine the outcome of any possible Ethereum program without actually running it and observing the result.8) The DAO was shut down soon after, and on 20 July the Ethereum Foundation — several of whose principals were curators of The DAO9 and/or heavily invested in it — changed how the actual code of Ethereum interpreted their blockchain (the “immutable” ledger) so as to wind back the hack and take back their money. The blockchain was “immutable,” so they changed how it was interpreted. The “impossible” bailout had happened. This illustrated the final major problem with smart contracts: CODE IS LAW until the whales are in danger of losing money. Ethereum promptly split into two separate blockchains, each with its own currency – Ethereum (ETH), the wound-back version, supported by the Ethereum Foundation, and Ethereum Classic (ETC), the original code and blockchain – because this was too greedy even for crypto fans to put up with. Both blockchains and currencies operate today. Well done, all. Apologists note that The DAO was just an experiment (a $150 million experiment) to answer the question: can we have a workable decentralized autonomous organization, running on smart contracts, with no human intervention? And it answered it: no, probably not. https://davidgerard.co.uk/blockchain/the-dao/
|
|
#
?
Sep 29, 2017 05:49
|
|
|
Speaking of Ethereum and its smart contracts language (solidity), when Ethereum posted their coding contest there was that great hackernews post that basically started with "solidity is utter garbage and makes PHP 4 looks like a work of genius" and was a laundry list of poor design choices for a computing language seemingly made by amateurs e: found it: https://news.ycombinator.com/item?id=14691212 quote:Solidity has far worse problems than not being an advanced research language. Just being a sanely designed normal language would be a big step up. Solidity is so riddled with bizarre design errors it makes PHP 4 look like a work of genius. Yeah let me just put the deed to my house in this garbage fire. I like the idea of simultaneously not permitting memory management and also not doing any garbage collection at all, and the compiler simply replacing some numbers with completely different numbers
|
|
#
?
Sep 29, 2017 08:42
|
|
|
EVGA 1080 FTW2 arrived, time to print some ZEC  also sold the 1050ti which was only 2.7sols / w 
|
|
#
?
Sep 30, 2017 00:29
|
|
|
Jesus H Christ. I don't know what's worse, that the hack happened or that a sufficient number of people could arbitrarily decide to wind back the clock if the market doesn't do what they want it to. What a shitshow.
|
|
#
?
Oct 2, 2017 02:05
|
|
|
CODE IS LAW, THE BLOCKCHAIN IS IMMUTABLE ... until we decide that it isn't
|
|
#
?
Oct 2, 2017 03:58
|
|
|
tehinternet posted:Jesus H Christ. I don't know what's worse, that the hack happened or that a sufficient number of people could arbitrarily decide to wind back the clock if the market doesn't do what they want it to. QuarkJets posted:CODE IS LAW, THE BLOCKCHAIN IS IMMUTABLE A whole lot of people had objections to smart contracts for years. But even we didn't think that when push came to shove, they'd just say "lol immutability guarantee" the moment the big boys were in danger of losing their money.
|
|
#
?
Oct 2, 2017 09:20
|
|
|
1gnoirents posted:Lol true
|
|
#
?
Oct 2, 2017 13:20
|
|
|
Splicer posted:Wasn't there a miner or a wallet a while back where the "source code" didn't actually match the executable on the website? Wouldn't be surprised, but it's also not necessarily malicious. Most builds aren't actually reproducible unless you're specifically focusing on that as a goal. It's probably malicious though.
|
|
#
?
Oct 2, 2017 17:47
|
|
|
And it was found out presumably by somebody checking the source code, which is the whole idea
|
|
#
?
Oct 2, 2017 17:54
|
|
|
Slapping a trojan into an open source project isn't as difficult as you might think. The bittorrent client Transmission has had it happen a couple of times now.
|
|
#
?
Oct 2, 2017 18:04
|
|
|
1gnoirents posted:And it was found out presumably by somebody checking the source code, which is the whole idea You can't really do that (easily) with a non-reproducible build. That's the problem. Things like timestamps, the order you iterate through inodes on your FS, or the number of threads you use to compress resources can lead to different checksums on every build or for different people, even if the source is identical. You have to specifically go after these deltas if you want a reproducible build. It's a worthy goal for security-sensitive software but it does take specific engineering effort to make it happen. Some discussion on it regarding Debian's builds: https://lwn.net/Articles/630074/ Paul MaudDib fucked around with this message at 18:08 on Oct 2, 2017 |
|
#
?
Oct 2, 2017 18:05
|
|
|
1gnoirents posted:And it was found out presumably by somebody checking the source code, which is the whole idea
|
|
#
?
Oct 2, 2017 20:40
|
|
|
Splicer posted:No, it was found out when several months later everyone using the software suddenly found out their wallets were empty. Uh oh lol
|
|
#
?
Oct 2, 2017 21:01
|
|
|
Right as I started to use Nicehash instead of mining Ethereum directly
|
|
#
?
Oct 2, 2017 21:07
|
|
|
Comfy Fleece Sweater posted:Right as I started to use Nicehash instead of mining Ethereum directly It'll be just fiiiiiine! Seriously though, if that poo poo was gonna happen I figure it would have happened when mining was bringing in 5x what it is now.
|
|
#
?
Oct 3, 2017 01:30
|
|
|
tehinternet posted:It'll be just fiiiiiine! Why? Do you think the maintainer(s) of Nicehash are better at timing peaks than anyone else?
|
|
#
?
Oct 3, 2017 02:50
|
|
|
QuarkJets posted:Why? Do you think the maintainer(s) of Nicehash are better at timing peaks than anyone else? No, I mean why wouldn't they take the money and run after it dipped so much? Ahhhh okay, after typing that out, I get what you're saying. You're talking the price of BTC. Yeah, good point. They could be holding on for $10,000 BTC! TO THE MOON
|
|
#
?
Oct 3, 2017 12:14
|
|
|
I guess it only hurts you if you're a HODLER  If you're cashing out on burritos or newegg giftcards.... 
|
|
#
?
Oct 3, 2017 16:23
|
|
|
I traded some of my butts for other shitcoins which hopefully will go up even though there is no reason for them to change in value or even be worth anything.
|
|
#
?
Oct 4, 2017 15:54
|
|
|
[quote="“Stealthgerbil”" post="“477046543”"] I traded some of my butts for other shitcoins which hopefully will go up even though there is no reason for them to change in value or even be worth anything. [/quote] Sounds like a terrible idea but I must ask : which ones ?
|
|
#
?
Oct 4, 2017 16:41
|
|
|
arent they all basically tied to the value of buttcoin because its easiest to covert to them BTC then real money instead of from altcoin to real money? The only benefit is that are more volatile and may spike higher but more likely crash harder
|
|
#
?
Oct 4, 2017 21:03
|
|
|
Comfy Fleece Sweater posted:Sounds like a terrible idea but I must ask : which ones ? Mostly vertcoins and digibytes. I have been mining zcash and monero though.
|
|
#
?
Oct 5, 2017 14:46
|
|
|
|
| # ? May 18, 2024 14:20 |
|
|
Stealthgerbil posted:Mostly vertcoins and digibytes. I have been mining zcash and monero though. The correct response to someone saying this is to call them a nerd/fag and give them a wedgie I too have diversified my altcoin holdings because one of them might explode and make me rich. It wont and the only thing exploding will be my PSU, but still, same. Fauxtool fucked around with this message at 23:28 on Oct 5, 2017 |
|
#
?
Oct 5, 2017 23:21
|
|