how difficult would it be to allow p2pool miners to add custom messages to the blocks they find

Why are people so hellbent on adding useless messages inside the chain?

It's just bloat

true. i thought it'd be a neat "perk" of actually crafting your own block

artisanally crafted blocks, right here

:P

How do you connect to a different p2pool sidechain if you want to? I have a user asking how to use my Docker image for p2pool with mini but no idea how to change it.

just need the peerlist, and a tweaked config.json

xmrvsbeast.com/p2pool/sidechains.html should be able to get everything you need from there

ideal with a docker image, as you can have it grab the config and peer list automagically

^ That doc should definitely be easier to find

merope: Agreed, could not find it anywhere on my own ☹️

<pauliouk> "ideal with a docker image, as..." <- Would have to publish a distinct Docker image as I don't want people using that chain by default really.

any insider tips i should know before giving p2pool a go?

Not that I know of. Just gotta figure out how to set it up, and then you just mine

Not much else to it

sweet - that much should be fine as i will just add it to my ubuntu monero node

is it much the same as bitcoin where each share gets part of the coinbase from the actual block?

yes

imagine if you actually had to pay for cloud mining twitter.com/jonnyplatt/status/1470714901412954112

no way you'd earn $45k in a few weeks, that's for sure

I thought AWS could kill any high processor intensive tasks, and auto kill miners

but I'm guessing if you're paying for services which are high CPU usage anyway... ouch.

ah later in the thread he says the miner earned $800

AWS only blocks free trial accounts, they don't block paid accounts

well shit, that must hurt

kinda like finding out someone stole your lambo and binned it into a tree

only without insurance.

Wonder if there is AWS insurance...

I know the people I work for should really take out insurance

fekin ssh keys all over the shared network :/

ugh. my keys only live on one laptop and one phone. I use ssh-auth forwarding whenver I have to get multiple hops away

I've got a key auth server, port knocked, all my keys live there

<hyc> "imagine if you actually had to..." <- A bunch of weird things going on in that screenshot

First, it's the extremely outdated version of xmrig (5.6 vs the current 6.12)

Then the fact that the author talks about the hacker earning "only 6 XMR", but on supportxmr it shows over 33 XMR already paid

probably the malware downloads its own build of xmrig

I can't see them voluntarily donating 1% to xmrig authors, anyway

Nope, it's downloading straight from github

48Jv9K8UwtGCyVK6j1oiDfVMYgMov57Y9777LZ12Uc4sFKk94ZjG68MUCE8m7zZMmY1VbS7xyDyr65qiE5zVs54e39ovuVZ

hyc the screenshot shows download of the official github release, just old. So it's 1%

But if they run only for 15 minutes at a time, donation never kicks in

hmm, 15 minutes each time... smart

should help avoid detection for a little while

one thing I have just noticed though, I've spun up a new vpn a few days ago and haven't got around to setting up ssh certs, so just logged in with the password. Connection drops out a lot, the cert ones stay connected

The 15 minute thing is because they were running on AWS lambda, and apparently stuff can only run for 15 minutes at a time on that

So basically it runs for 15 minutes, stops, then immediately spawns another instance

so it's only a coincidence that they avoid the donation

Honestly, thinking from an attacker's perspective, I think that 1% is a small price to pay for the convenience of having to compile stuff yourself nor worry about distributing your miner

Even something as simple as compiling it yourself would constitute a fingerprint

yeah, pulling from a well known github link is certainly easier

But I would expect them to at least pick the latest release lol

unless they've been up to no good for a long time, and thats the version they trust :P

or it was a botnet, thats been running a while too

one of my old VPS's got caught by a botnet a few years ago because some douche was running an old xml-rpc script that got pwned

grabbed its scripts for a tor hidden service, and grabbed the xmrig binary from there too

so how long before we see the log4j botnets?

I'm sure we already are 🙃

global is at 3.2gh/s :P so yeah probably already happening

and im sure they're point at minexmr, even tho its dead simple to run p2pool