04:50:19 <gingeropolous> how difficult would it be to allow p2pool miners to add custom messages to the blocks they find
09:51:27 <merope> Why are people so hellbent on adding useless messages inside the chain?
09:51:32 <merope> It's just bloat
15:19:35 <gingeropolous> true. i thought it'd be a neat "perk" of actually crafting your own block
15:20:40 <hyc> artisanally crafted blocks, right here
15:25:22 <pauliouk> :P
16:43:13 <sethsimmons> How do you connect to a different p2pool sidechain if you want to? I have a user asking how to use my Docker image for p2pool with mini but no idea how to change it.
16:43:44 <pauliouk> just need the peerlist, and a tweaked config.json
16:43:58 <sech1> https://xmrvsbeast.com/p2pool/sidechains.html
16:44:01 <pauliouk> https://xmrvsbeast.com/p2pool/sidechains.html    should be able to get everything you need from there
16:44:31 <pauliouk> ideal with a docker image, as you can have it grab the config and peer list automagically
17:00:07 <merope> ^ That doc should definitely be easier to find
17:03:12 <sethsimmons> merope: Agreed, could not find it anywhere on my own ☹️
17:03:27 <sethsimmons> <pauliouk> "ideal with a docker image, as..." <- Would have to publish a distinct Docker image as I don't want people using that chain by default really.
17:04:30 <Guest54> any insider tips i should know before giving p2pool a go?
17:05:55 <merope> Not that I know of. Just gotta figure out how to set it up, and then you just mine
17:06:02 <merope> Not much else to it
17:10:59 <Guest54> sweet - that much should be fine as i will just add it to my ubuntu monero node
17:11:48 <Guest54> is it much the same as bitcoin where each share gets part of the coinbase from the actual block?
18:09:15 <hyc> yes
18:11:47 <hyc> imagine if you actually had to pay for cloud mining https://twitter.com/jonnyplatt/status/1470714901412954112
18:12:07 <hyc> no way you'd earn $45k in a few weeks, that's for sure
18:13:10 <pauliouk> I thought AWS could kill any high processor intensive tasks, and auto kill miners
18:13:28 <pauliouk> but I'm guessing if you're paying for services which are high CPU usage anyway... ouch.
18:13:46 <hyc> ah later in the thread he says the miner earned $800
18:14:07 <merope> AWS only blocks free trial accounts, they don't block paid accounts
18:14:08 <pauliouk> well shit, that must hurt
18:15:03 <pauliouk> kinda like finding out someone stole your lambo and binned it into a tree
18:15:12 <pauliouk> only without insurance.
18:15:25 <pauliouk> Wonder if there is AWS insurance... 
18:17:34 <pauliouk> I know the people I work for should really take out insurance
18:17:46 <pauliouk> fekin ssh keys all over the shared network :/
18:19:51 <hyc> ugh. my keys only live on one laptop and one phone. I use ssh-auth forwarding whenver I have to get multiple hops away
18:21:16 <pauliouk> I've got a key auth server, port knocked, all my keys live there
18:32:49 <merope> <hyc> "imagine if you actually had to..." <- A bunch of weird things going on in that screenshot
18:33:17 <merope> First, it's the extremely outdated version of xmrig (5.6 vs the current 6.12)
18:33:49 <merope> Then the fact that the author talks about the hacker earning "only 6 XMR", but on supportxmr it shows over 33 XMR already paid
18:34:42 <hyc> probably the malware downloads its own build of xmrig
18:34:56 <hyc> I can't see them voluntarily donating 1% to xmrig authors, anyway
18:36:18 <merope> Nope, it's downloading straight from github
18:36:22 <merope> https://twitter.com/jonnyplatt/status/1470714913098289153/photo/1
18:36:33 <merope> 48Jv9K8UwtGCyVK6j1oiDfVMYgMov57Y9777LZ12Uc4sFKk94ZjG68MUCE8m7zZMmY1VbS7xyDyr65qiE5zVs54e39ovuVZ
18:38:23 <sech1> hyc the screenshot shows download of the official github release, just old. So it's 1%
18:38:52 <sech1> But if they run only for 15 minutes at a time, donation never kicks in
18:39:49 <pauliouk> hmm, 15 minutes each time... smart
18:39:59 <pauliouk> should help avoid detection for a little while
18:49:49 <pauliouk> one thing I have just noticed though, I've spun up a new vpn a few days ago and haven't got around to setting up ssh certs, so just logged in with the password. Connection drops out a lot, the cert ones stay connected
18:52:55 <merope> The 15 minute thing is because they were running on AWS lambda, and apparently stuff can only run for 15 minutes at a time on that
18:53:16 <merope> So basically it runs for 15 minutes, stops, then immediately spawns another instance
19:10:42 <hyc> so it's only a coincidence that they avoid the donation
19:13:42 <merope> Honestly, thinking from an attacker's perspective, I think that 1% is a small price to pay for the convenience of having to compile stuff yourself nor worry about distributing your miner
19:14:11 <merope> Even something as simple as compiling it yourself would constitute a fingerprint
19:14:12 <hyc> yeah, pulling from a well known github link is certainly easier
19:14:37 <merope> But I would expect them to at least pick the latest release lol
19:22:58 <pauliouk> unless they've been up to no good for a long time, and thats the version they trust :P
19:23:08 <pauliouk> or it was a botnet, thats been running a while too
19:23:42 <pauliouk> one of my old VPS's got caught by a botnet a few years ago because some douche was running an old xml-rpc script that got pwned
19:24:48 <pauliouk> grabbed its scripts for a tor hidden service, and grabbed the xmrig binary from there too
20:59:03 <pauliouk> so how long before we see the log4j botnets?
21:00:36 <sethsimmons> I'm sure we already are 🙃
21:00:54 <pauliouk> global is at 3.2gh/s :P so yeah probably already happening
23:57:57 <gingeropolous[m]> and im sure they're point at minexmr, even tho its dead simple to run p2pool