This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
18.97.9.168.US.SSL

Verlihub Verlihub 1.1.0.0

Changes in 1.1.0.0
Commit log: https://github.com/verlihub/verlihub/commits/master

File information: Verlihub 1.1.0.0
Posted by verlihub on 2018-02-19 14:18 0 comments 4 likes

Ledokol Ledokol 2.9.5.70

Changes in 2.9.5.70
[ 63] Fixed: Operator list appearance after removing user with opkeyclass condition, report by KCAHDEP
[ 64] Added: CTM uptime with actions
[ 65] Added: More keywords to AVDB search server requests
[ 65] Added: Optional path parameter to avdetforce command
[ 66] Added: Command notification for custom nick change, request by KCAHDEP
[ 67] Added: Main chat rank prize as higher user class defined by configuration, idea by Foxtrot
[ 68] Added: Updated country code list after MaxMindDB names
[ 69] Added: Search and CTM uptime user message control, request by KCAHDEP

File information: Ledokol 2.9.5.70
Posted by ledokol on 2018-02-19 13:49 0 comments 4 likes

Verlihub Python Scripts Blacklist 1.2.3.2

Changes in 1.2.3.2
# 1.2.2.7 - Added country code translation to some messages
# 1.2.2.8 - Added "prox_quote" configuration to limit amount of public proxy lookups per day
# 1.2.2.9 - Added prioritization of public proxy and my lists
# 1.2.2.9 - Removed break on first match
# 1.2.2.9 - Added "prox_getasn" configuration to show GeoIP ASN information on proxy detection
# 1.2.2.9 - Added "extry_getasn" configuration to show GeoIP ASN information on exception lookup
# 1.2.3.0 - Added "myoff" and "exoff" commands to disable or enable items in my and exception lists
# 1.2.3.0 - Added results from my list to find action
# 1.2.3.0 - Added ASN check on connection
# 1.2.3.1 - Added "asn_block" configuration for space separated list of blocked AS numbers
# 1.2.3.1 - Added "asn_except" configuration for space separated list of excepted AS numbers
# 1.2.3.2 - Added "nick_skip" configuration for space separated list of users to skip proxy lookup

File information: Blacklist 1.2.3.2
Posted by vhpython on 2018-02-19 13:21 0 comments 4 likes

Вся правда о Computta и подобных ему сервисов для обычных пользователей - нас с вами

Image
Доброго времени.

Испытал я этот Computta майнер на себе, и хочу привести для вас немного реальной статистики обычного пользователя, с обычным среднестатистическим компьютером, не для профессионалов с профессиональным дорогим оборудованием. Начнём с того что у большинства пользователей обычный компьютер, примерно как у меня, или даже хуже:

Image
Image


Вчера весь вечер перезапускал бенчмарк, обновлял драйверы для моей графической карты, в надежде выжать максимум из моего обычного компьютера. Вот результаты самых высоких значений:

Image
Image


Скорее всего это ещё не о чём не говорит. Вы скажете "ну это приблизительно" и "за очень короткое время". Хорошо, запустил я значит этот майнер также вчера вечером, оказалось что моя простая графическая карта вообще не способна на хорошие результаты, потому программа использует только центральный процессор. В дебаг логах нашёл следующую ошибку:

Code
01:23:52.072 DEBUG [c.y.c.m.impl.XmrClMiner-GPU-0.3] OUT: [01:23:52] Error -61 when calling clCreateBuffer to create hash scratchpads buffer

Кстати именно отсюда и узнал какой майнер на самом деле использует этот проект Computta: github/OhGodAPet/wolf-xmr-miner/issues/9. Ладно, это уже отдельный разговор, двигаемся далее.

При регистрации вам "бесплатно" дают 1 mBTC, потому в дальнейших вычислениях можно свободно вычитать его из общей добычи.

Запустил майнер, внимание, на полную мощность, это значит что все 4 ядра работают на 100%. Утром когда я встал, а всего прошло ровно 6 часов, я первым делом побежал к компьютеру, и вот что увидел:

Image


За 6 часов беспрерывной работы я накопал 0.0025 mBTC. Опять ничего не понятно, то-ли мало, то-ли нормально. Ладно, тут я решил немного посчитать. И так, если 6 часов делают 0.0025 mBTC то 24 часа делают следующее:

Code
0.0025 mBTC * 4 раза (по 6 часов) = 0.01 mBTC

Это один полный день при загруженности в 100% - наверное много электроэнергии. Поехали дальше. Допустим перед нами стоит задача добыть 1 mBTC, и так считаем:

Code
0.01 mBTC * 100 дней = 1 mBTC

100 дней чтобы добыть 1 mBTC. На сайте Computta сказано что минимальная сумма для снятия равна 10 mBTC:

Quote
We have a minimum required amount for withdrawal of only 10 mBTC

10 mBTC, ну ладно, погнали считать дальше если до сих пор не ясен итог. Не забываем что у нас уже есть 1 халявный mBTC:

Code
100 дней * 9 mBTC = 900 дней

Жесть, 900 дней чтобы снять добытые монеты - в году всего 365 дней. Итого:

Нам нужно потратить 2.5 года - два с половиной года, при этом майнить каждый день, каждую секунду, используя свой процессор на 100%, чтобы заработать эти сраные 10 mBTC. Но это ещё не всё, давайте переведём mBTC в реальные BTC для того чтоб понять сколько мы заработали за 2.5 года:

Code
1 mBTC = 0.001 BTC

Берём наши 10 mBTC и получаем следующий результат:

Code
0.001 BTC * 10 штук = 0.01 BTC

Посмотрим на официальный курс BTC на данный момент в Google:

Image


Вы видите что там написано? Просто допустим что курс не меняется все эти 2.5 года, вы за всё это время заработаете 10.000 рублей - десять тысяч рублей. Теперь посчитайте сколько электроэнергии вы потратите за всё это время, сколько вы за неё заплатите. Сколько из вас меняет пасту раз в пол года у себя на процессоре? 5% людей это делает. Вы на самом деле спалите себе компьютер и останетесь ни с чем.

Почему ни с чем - спросите вы. Да потому что все эти заработанные 1-3 или больше mBTC вы даже не сможете снять и перевести себе в кошелёк, не забывайте что их надо добыть минимум 10.

Но вот что меня затрагивает больше всего:

Через полгода когда вы бросите это дело, на вашем счету Computta будут лежать заработанные до сих пор 1-3 mBTC. Один прекрасный день, чувак написавший эту программу почистит все ваши счета т.к. вы не смогли с них снять, и даже если взять 10.000 пользователей из которых у каждого осталось по 3 mBTC на счету:

Code
10.000 счетов * 3 mBTC = 30.000 mBTC = 30 BTC = 31.174.791 RUB

Опять же, используем курс в данную минуту. Ребята, 30 миллионов рублей за пол года всего с 10.000 пользователей - а их скорее всего в десятки или сотни раз больше во всём мире.

Теперь вам ясно как люди у которых есть мозги и воля наеб*ть обычных людей с обычными компьютерами, зарабатывают миллиарды? Хватит кормить их. За счёт этого и работает весь рынок майнинга для домашних пользователей. Таких сервисов тысячи, в каждой стране по сотне, и на каждый сервис есть своя аудитория.

Эту тему можно продолжать ещё дальше, например главная замануха - приглашения друзей-друзей, так называемые рефералы. За счёт этих рефералов и растёт количество пользователей которое я упомянул выше, и оно приумножается ещё в сотни, может быть тысячи раз.

Короче, респект всем биткоинерам, не дайте этим толстосумам обмануть вас, не пользуйтесь подобными схемами. Делайте деньги более умными и доступными для обычных людей способами.
Posted by RoLex on 2017-12-15 20:16 1 comment 3 likes

Everything you need to know about Bitcoin cold storage

Image
Imagine opening your Bitcoin wallet. To your surprise, it's empty and there's no way to recover the money you lost. How do you feel?

Every Bitcoin user faces the problem of securely storing their money. Unlike the banking system, there's little recourse when things go wrong, and little margin for error. Thefts and losses can be prevented, but they can't be rolled back. Preventing these losses is the goal of cold storage.

Cold storage is an important subject with a steep learning curve. To make the topic more approachable, this article introduces core Bitcoin concepts when needed. It concludes by discussing a new Bitcoin feature that could simplify the safe storage of funds.

When to use cold storage

Like any powerful tool, cold storage can cause damage if misused. Consider using cold storage only if all of these apply:

  • You need to store significant sums of bitcoin securely.
  • You need infrequent, but secure access to the funds.
  • You trust yourself with the security of your funds more than you trust a third party.

Beginners should pay close attention to the risk of accidentally losing funds through simple cold storage mistakes. Consider practicing with pocket change before using cold storage for meaningful amounts of bitcoin.

Keys to the kingdom

Although we sometimes speak of a person "owning" bitcoin, this is misleading. A more accurate way to think about the relationship might be to imagine a tamper-proof vault designed to hold paper bills.

The vault dispenses the cash it holds to anyone who can prove they know a unique number called the private key. The legal and moral rights of the person attempting to gain access to the funds in the vault are irrelevant. The vault accepts an unlimited number of access attempts by anyone.

Although you might be tempted to try guessing the vault's private key, doing so is useless. The range of possible numbers is virtually infinite. You could make millions of guesses per second for millions of years without success.

Bitcoin stores funds in the electronic equivalent of this imaginary vault called an address. As with the vault, funds at an address may be unlocked by anyone knowing the unique private key.

Despite its apparent complexity, Bitcoin security boils down to one simple rule: keep secret the private keys for all addresses at which you store funds. A close corollary to this rule would be: maintain secure backups of all private keys.

Data is money

To a thief on a network, Bitcoin private keys represent more than just data - they're money. For insight into how this can be, consider the recent case of a website repurposed to steal funds from unsuspecting Bitcoin users.

Listen to Bitcoin was a popular service for the real-time monitoring of transactions on the Bitcoin network. Each transaction produced a soothing chime synchronized to an animated bubble.

The creator of the site eventually sold it. Shortly after the sale, problems began to surface. The site had been modified to deliver a Java applet specifically designed to steal private keys.

Numerous such exploits have been reported, with many victims along the way. The ease, speed, and anonymity with which many of these attacks can be carried out should give pause to anyone holding large sums of Bitcoins in a vulnerable wallet.

How private keys work

Our imaginary vault didn't require the private key itself to gain access. Instead, it required the user to prove knowledge of the private key. Asking directly for the private key would permit any eavesdropper to discover it. Likewise, spending funds from a Bitcoin address requires proof of knowledge of the private key - not the key itself.

To understand how this works, imagine Alice wants to pay Bob 10 BTC. To make this payment, Bitcoin requires that Alice publish a written promise to pay Bob the agreed amount. This promise is called a transaction. Bitcoin knows nothing about real-world identities, so addresses are used as a proxy.

Image


Alice pays Bob: Transaction from Alice to Bob for 10 BTC. The transaction posted to the network substitutes real-world identities with addresses controlled by Alice and Bob, respectively.

If this were the end of the story, it would be very easy to steal from Alice by forging transactions from her address. Bitcoin prevents this kind of theft by requiring that each transaction bear an unforgeable digital signature.

Alice's wallet software adds a digital signature by processing the transaction together with the private key to her address. Changing the transaction in any way also changes the signature. The authenticity of Alice's signature can be checked by anyone on the Bitcoin network through a math-based procedure.

Image


Alice to Bob transaction: Two transactions from Alice to Bob. The first transfers 10 BTC, and the second transfers 2 BTC. The same private key gives a unique, unguessable signature for each transaction.

By signing the transaction, Alice proves knowledge of her private key and authorizes the transfer of funds. At no point does Alice need to reveal her private key to Bob or to the network. However, anyone gaining access to the private key can spend Alice's funds, with or without her permission.

Hot wallets and cold storage

To make payments, a Bitcoin wallet needs to perform four basic tasks:

  1. Generate and store one or more private keys.
  2. Create valid transactions.
  3. Digitally sign transactions using private keys.
  4. Broadcast signed transactions to the network.

The need to do all four tasks creates a security dilemma: private keys kept on a network-connected device are vulnerable to theft via network-based attacks, but a network is needed to broadcast transactions.

A hot wallet combines all functions into a single system, typically running on a single computer. Many hot wallets encrypt private keys to deter their use if stolen, but the threat remains. For example, keyloggers, clipboard loggers, and screen capturers can transmit decrypted keys used during manual operations. What a hot wallet may lack in security, it makes up for in convenience. Managing funds and sending payments can be accomplished from a single device.

Image


Hot wallet: An unsigned transaction is digitally signed with one of possibly several private keys. The signed transaction is then broadcasted to the network. A network-based attacker gaining access to decrypted keys can steal funds.

Cold storage resolves the network security dilemma through quarantine. A specially-created offline environment hosts all operations that either create or use private keys. Private keys remain secure from network-based attacks through strict isolation of the offline environment from the network.

Image


Cold storage: A transactions is signed on an offline device and returned to an online device, from which it is broadcast. A network-based attacker can't steal private keys.

The process starts by generating an unsigned transaction on an online device. The transaction is then moved via USB or other connection to an offline environment, where it is signed. The signed transaction is then moved back to the online environment, from which it is broadcast to the network. At no point does the private key contact a system connected to the network.

Both hot wallets and cold storage can be used together, just as a saving accounts and purse are often used by the same person. Cold storage funds are held securely, but are hard to access. Hot wallet funds are kept ready to spend at a moment's notice, but are stored less securely.

Cold storage in practice often represents a balance between security and convenience. The more securely we try to store funds, the more difficult and error-prone it becomes to manage them.

Hardware

An offline environment plays a key role in most cold storage schemes. Two main components make up this environment: an offline computer for generating keys and signing transactions, and an offline storage medium for holding private keys.

Offline computers can be configured with a range of security features, depending on budget, the value of funds being stored, and perceived threat.

At one extreme, a computer currently in service can be taken offline by temporarily disconnecting the network card or cable. Although easily implemented, this approach offers little protection against attacks that are tolerant to intermittent network connectivity.

A dedicated offline computer with a permanently-disabled network connection offers a more robust alternative. These system are sometimes called air-gapped computers. They're often equipped with secure operating systems such as Linux. Many use strongly-encrypted hard drives.

In the absence of a dedicated offline computer, a secure operating system can be booted from removable media such as CD's and USB drives. Many Linux distributions, including Ubuntu, support this option.

Private keys may either be stored directly on an offline computer or stored separately. A variety of external media can be used, including paper, plastic cards, hard drives, removable USB drives, and even the human brain. Even if private keys are stored on the hard drive of an offline computer directly, these other media are often used to store backups.

Cold storage in practice

Cold storage methods can be divided into two broad categories based on how private keys are maintained. With a manual keystore, the user maintains a collection of private keys directly. With a software keystore, private key maintenance is under the full control of software.

Manual keystore

If flexibility and software minimalism are your goals, consider using manual cold storage. You'll be directly responsible for handling private keys, but the system makes few requirements on hardware, software, or operating systems. Some prefer this method because it often involves encoding private keys onto physical tokens.

A manual keystore can be implemented through the following steps:

  1. Using an offline device, generate one address or private key pair for each cold storage address you plan to use. Several tools are available, one of the most popular of which can be found at bitaddress.org.
  2. Transfer a copy of each cold storage address or private key to your offline medium of choice such as paper, plastic, or USB drive. This is the keystore.
  3. Transfer funds from a hot wallet or exchange into each of the active cold storage addresses.
  4. To spend funds, transfer the appropriate private key into a hot wallet to sign a transaction.

Step #4 poses the biggest challenge under a manual keystore system because wallets vary in how they handle external private keys and change addresses. Some wallets don't accept external private keys at all. Before committing to manual cold storage, learn how your wallet works with external private keys.

Image


Spending with a manual keystore: The private key must be transferred to the hot wallet, via a USB drive or QR code, and at least temporarily held. While being held, the key may be vulnerable to network-based theft.

Notice that spending funds from cold storage requires the transfer of a private key into a hot wallet. Unfortunately, this risks unintended transmission of the key to a network-based attacker. Holding the key in memory only, or sending change to a newly-created cold storage change address are both possible workarounds. However, neither approach completely eliminates the threat.

Backup media are often selected to be complementary to the primary keystore medium. For example, if paper wallets are kept in a secure on-site location, a backup printed on plastic might be kept in a safety deposit box.

Software keystore

If the thought of maintaining private keys yourself leaves you uneasy, consider a wallet that handles the job for you. Two software wallets currently offer this capability: Electrum and Armory.

Software keystores employ two devices, an online computer and a single-use offline computer. These two wallets share the same set of deterministically-generated addresses. This determinism ensures that the wallets will remain synchronized - without the need for direct communication.

Image


Software keystore: New addresses are generated from a deterministic algorithm, enabling both an online and offline wallet to share the same addresses without direct communication. Only the offline wallet generates private keys.

Funds are moved from cold storage via a multi-step procedure. The online wallet first prepares an unsigned transaction. Next, the transaction is signed by the offline computer. Finally, the signed transaction is broadcast to the network by the online computer. A physical medium such as a USB stick shuttles the transaction between computers, however more secure methods such as QR codes could be used in principle.

Image


Spending from a software keystore: Each wallet maintains the same set of deterministically-generated addresses. A transaction is created on the online wallet, signed with the offline wallet, and returned to the online wallet from which it is broadcasted. The private key used for signing is never revealed to the online wallet.

A variety of hardware can be used to implement this system. For example, Cold Pi and Pi-Wallet offer a portable, dedicated platform for running Armory cold storage from a small form-factor open source computer. Trezor takes this approach one step further with an all-in-one device running custom software. More typically, the offline wallet runs on a dedicated offline computer.

Backups of deterministic wallet keystores are relatively simple. Each wallet uses a seed as a reproducible starting point for generating addresses and private keys. The seed is often represented as a series of words, but QR code representations are also used. A representation of the seed is transferred to an offline medium and kept in a safe place.

Multisignature storage

Implementing cold storage correctly takes technical skill and fine attention to detail. Bitcoin's private key system exposes a single point of leverage, a private key. As a result, spending from addresses is easy for users and thieves alike. This situation leaves little margin for security errors.

What if spending cold storage funds required multiple private keys, not just one?

Multisignature addresses offer the potential for more convenient and secure bitcoin storage options. Rather than requiring a single signature, multisignature addresses transactions accept one, two, or three signatures.

Although the benefit might not be obvious, consider what this capability offers third-party services. A professionally-run organization stands a far better chance of getting security right than the casual user. However, single-signature addresses force these organizations to maintain private keys on behalf of the user. Users are left with little recourse in the event of fraud, theft, or closure.

Image


A bank-like multisignature account: Both Alice and her bank must sign all transactions. Provided that Alice securely stores key #2, an attacker needs to compromise both Alice and her bank to spend funds.

Multisignature addresses enable a bank-like organization to offer financial services in which funds may only be moved in collaboration with the user. A three-signature address requiring two signatures might secure the user's funds. One key would be held by the service. Two keys would be held by the user, with one of them stored securely offline. Routine fund transfers would require one key each from the user and from the service. Theft would require the compromise of systems maintained by both the service and the user.

Image


Multisigning Alice: Alice uses both of her keys to withdraw funds, without approval of the bank.

Should the service ever be shut down, the user can move funds by signing a transaction with the two keys she holds.

The recent introduction of multisignature addresses has already led to the launch of professionally-managed storage services. Currently available options include GreenAddress and BitGo.

Conclusions

When using Bitcoin, data is money. Private keys represent a prime target for network-based attacks. Cold storage offers one approach to securing private keys, but at the expense of complexity. Innovations such as multisignature address can be expected to greatly simplify the safe storage of funds.

Keep your money safely.
Posted by RoLex on 2017-12-12 16:55 0 comments 5 likes