sickpig
Legendary
 Offline
Activity: 1260
Merit: 1014
|
 |
October 30, 2013, 07:17:32 PM |
|
If someone was REALLY malicious, they could possibly use those low-level i2c commands to actually do physical damage to the miner - like setting the PLLs to ridiculously high values, or whatever... Maybe write a script that just blasts random values over I2C, and see if you can make something smoke  I can't imagine why anyone would want to do something like that - but it's still something to consider if you are giving root access to random people... yeah this could be done I suppose and it's nasty. the best thing should do like -redacted- change web interface in such a way they could not gan control of the miner or just create a normal user and grant him the right to do the minimum amount of things to let him mining (using sudo maybe) |
Bitcoin is a participatory system which ought to respect the right of self determinism of all of its users - Gregory Maxwell.
|
|
|
|
FiatKiller
|
|
October 30, 2013, 07:23:13 PM |
|
suck if the "renter" installed malicious firmware... lol
|
|
|
|
texaslabrat
Newbie
Offline
Activity: 56
Merit: 0
|
|
October 30, 2013, 07:39:49 PM |
|
If someone was REALLY malicious, they could possibly use those low-level i2c commands to actually do physical damage to the miner - like setting the PLLs to ridiculously high values, or whatever... Maybe write a script that just blasts random values over I2C, and see if you can make something smoke I can't imagine why anyone would want to do something like that - but it's still something to consider if you are giving root access to random people... yeah this could be done I suppose and it's nasty. the best thing should do like -redacted- change web interface in such a way they could not gan control of the miner or just create a normal user and grant him the right to do the minimum amount of things to let him mining (using sudo maybe) I would set it up as a gimped version of the knc hosting model. No ssh access, and strip out all the web interface pages except the login, status, and mining pages. The only thing a 3rd party renter needs to be able to do is log on to the device, change pool settings, and restart the cgminer process. Everything else they can submit a "support ticket" for....and some sort of SLA for response time can be written into the rental agreement. |
|
|
|
|
Biffa
Legendary
Offline
Activity: 3234
Merit: 1225
|
|
October 30, 2013, 08:10:51 PM |
|
Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.
As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password. So change the root password and they can't ssh into the box, they can just use the web admin. To change the root password from ssh just type passwdTry it, change the root password, then logout of ssh and login again with the new root password. You will notice that the web account still uses the old password. If you want to change the web account password its: passwd admin |
|
|
|
Phoenix1969
Legendary
Offline
Activity: 938
Merit: 1000
LIR DEV
|
|
October 30, 2013, 08:12:40 PM
Last edit: November 01, 2013, 06:02:43 PM by Phoenix1969 |
|
Here are some steps to streamline access to your miner through putty..
1. Open the putty session window, and input your I.P. normally in the hostname field, but DO NOT HIT ENTR.
a. Instead, take your mouse pointer, highlight the saved sessions field(with a single left-click), and input your miner's I.P. again.
2. on the window/behavior tab to the left, un-check the "warn before exit" box.
3. on the connection/data tab, enter "root" to the auto-login username field.
4. on the SSH tab, enter "screen -r" into the "remote command" field.
5. back on the Session tab, at bottom of page, check the "close window on exit"....... "always"
6. now hit the SAVE button, and close putty
7. Go to your desktop & right-click for a context menu, and go to new/ shortcut.
8. input the location of putty for starting it. Use full file location to execute putty & input your miner's I.P. address as such...
C:\Users\Ewik\Desktop\putty.exe -load "123.123.123.4" -pw password
click next, input a name for your new shortcut, click finish.
Now, when you click on the shortcut, it will start putty with your miner's ip, and enter "root" for you, and enters your password, enters the "screen -r" for you, and jumps into cgminer window.
it all happens very fast then
click on shortcut... you're in!
BAM
|
|
|
|
Phoenix1969
Legendary
Offline
Activity: 938
Merit: 1000
LIR DEV
|
|
October 30, 2013, 08:15:55 PM
Last edit: October 30, 2013, 08:28:44 PM by Phoenix1969 |
|
Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.
As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password. So change the root password and they can't ssh into the box, they can just use the web admin. To change the root password from ssh just type passwdTry it, change the root password, then logout of ssh and login again with the new root password. You will notice that the web account still uses the old password. If you want to change the web account password its: passwd adminwhen you change the password in the GUI, it changes BOTH the GUI AND the Root passwords. if they don't match, I imagine you loose gui control alltogether, don't you? |
|
|
|
ASIC-K
Sr. Member
Offline
Activity: 280
Merit: 250
Hell?
|
|
October 30, 2013, 08:33:24 PM |
|
just a bit of an update. my mercury is running at 134.4 ghs (from the pool) 141.6 (from cgminer) since .98 firmware. everything is running great except hw errors actually went up for me. its steady at 6.9% and rejected (duplicates mostly) is around 3%. could be worse i guess...
|
|
|
|
|
xyzzy099
Legendary
Offline
Activity: 1068
Merit: 1109
|
|
October 30, 2013, 09:04:05 PM |
|
Those are good points I guess there is no way to give access to just the web interface and block ssh access.
If not I guess the renter would have to prepay enough to justify the risk.
As I said, the root password is not the same as the admin password, you can change the root password to be different to the admin (web login) password. So change the root password and they can't ssh into the box, they can just use the web admin. To change the root password from ssh just type passwdTry it, change the root password, then logout of ssh and login again with the new root password. You will notice that the web account still uses the old password. If you want to change the web account password its: passwd adminI don't think that's actually true... The lighttpd daemon has it's own password file and pays no attention to /etc/shadow for its authentication. |
Libertarians: Diligently plotting to take over the world and leave you alone.
|
|
|
|
bobsmoke
|
|
October 30, 2013, 09:48:37 PM |
|
Did someone noted or ir aware if KNC already upgraded the hosted boxes to 0.98?
|
|
|
|
|
|
Elenelen
|
|
October 30, 2013, 09:58:47 PM |
|
Here are some steps to streamline access to your miner through putty..
1. Open the putty session window, and input your I.P. normally, but do not hit enter.
a. Instead, take your mouse pointer, highlight the saved sessions field, and input your miner's I.P. again.
2. on the window/behavior tab to the left, un-check the warn before exit box.
3. on the connection/data tab, enter "root" to the auto-login username field.
4. on the ssh tab, enter "screen -r" into the remote command field.
5. back on the session tab, at bottom of page, check the close window on exit "always"
6. now hit the SAVE button, and close putty
7. Go to your desktop & right-click for a context menu, and go to new/ shortcut.
8. input the location of putty for starting it. Use full file location to execute putty & input your miner's I.P. address as such...
C:\Users\Ewik\Desktop\putty.exe -load "123.123.123.4"
click next, input a name for your new shortcut, click finish.
Now, when you click on the shortcut, it will start putty with your miner's ip, and enter "root" for you, and wait for a password. as soon as you enter your password, it does the "screen -r" for you, and jumps into cgminer window.
it all happens very fast then
click on shortcut, enterpass, you're in.
BAM
Thank you !! |
|
|
|
|
Holographic
Member
Offline
Activity: 66
Merit: 10
Global Currency for Global Unity
|
|
October 30, 2013, 10:06:14 PM |
|
Did someone noted or ir aware if KNC already upgraded the hosted boxes to 0.98?
My hosted Jupiter jumped from ~490 GH/s to ~560 GH/s like 24 hours ago. I have previously seen similar changes, both negative and positive, around the time they release a new FW version. I think they pretty much upgrade all the hosted miners as soon as the new FW is ready, but I could be wrong. |
|
|
|
|
|
paranoidx
|
|
October 30, 2013, 10:29:09 PM |
|
I was getting 460-480 on eligius. .98 got me to 520-550! Woot! Good stuff.
|
|
|
|
|
shmadz
Legendary
Offline
Activity: 1512
Merit: 1000
@theshmadz
|
|
October 31, 2013, 01:09:52 AM |
|
btw... of all the experimenting on the sats...70-79 seems to be the optimum temp
It takes about 1 and 1/2 hours to 2 hours to see the results on the graph, but looks to be a signifigant difference when you include several machines... about 40 gh/s for me... just by monitoring temps to 70-79 instead of letting them drop to 55-60 overnight. I use cardboard to block a bit of the airflow, and monitor the temps on the GUI, then watch for the results on the graph, and how high they peak over a couple hours. Well worth it for me.
When they said "Over-cooled", they weren't kidding!
I'm running naked case with a huge blower fan blowing across it and my temps are low 40's but the hashrate reported is only around 450. I turned the blower fan off and my hashrate jumped to 550 in fairly short order (less than half an hour I think, probably closer to 15 minutes) but when I noticed that the temps were going into the 70's I immediately turned the fan back on, and the hashrate promptly dropped back to 450. Does anyone else know about the longevity concerns of running at 70+ degrees? Anyone else noticing similar results? This is on 0.98 firmware btw. |
"You have no moral right to rule us, nor do you possess any methods of enforcement that we have reason to fear." - John Perry Barlow, 1996
|
|
|
Phoenix1969
Legendary
Offline
Activity: 938
Merit: 1000
LIR DEV
|
|
October 31, 2013, 01:30:44 AM |
|
btw... of all the experimenting on the sats...70-79 seems to be the optimum temp
It takes about 1 and 1/2 hours to 2 hours to see the results on the graph, but looks to be a signifigant difference when you include several machines... about 40 gh/s for me... just by monitoring temps to 70-79 instead of letting them drop to 55-60 overnight. I use cardboard to block a bit of the airflow, and monitor the temps on the GUI, then watch for the results on the graph, and how high they peak over a couple hours. Well worth it for me.
When they said "Over-cooled", they weren't kidding!
I'm running naked case with a huge blower fan blowing across it and my temps are low 40's but the hashrate reported is only around 450. I turned the blower fan off and my hashrate jumped to 550 in fairly short order (less than half an hour I think, probably closer to 15 minutes) but when I noticed that the temps were going into the 70's I immediately turned the fan back on, and the hashrate promptly dropped back to 450. Does anyone else know about the longevity concerns of running at 70+ degrees? Anyone else noticing similar results? This is on 0.98 firmware btw. it was asked to knc, and posted as an email reply... yes the machines are rated to run up to 105 C, and 70 is well within that range... I experimented for two weeks now on 3 different machines.....the sweetspot is right there in the 70-75 range. Since each asic board is different, I customize each thru airflow separately. |
|
|
|
seanrarey
Full Member
Offline
Activity: 168
Merit: 100
BuyAnythingWithBitcoin.com
|
|
October 31, 2013, 01:33:58 AM |
|
Hum. Take the machine apart, run it at temps well outside what the designers intended, act shocked when performance drops. Is anybody else shaking their heads? |
|
|
|
shmadz
Legendary
Offline
Activity: 1512
Merit: 1000
@theshmadz
|
|
October 31, 2013, 01:44:22 AM |
|
Hum. Take the machine apart, run it at temps well outside what the designers intended, act shocked when performance drops. Is anybody else shaking their heads? I'm shaking my head. In my experience miners run better and longer when they run cooler. I had no idea this Jupiter was from another planet.  |
"You have no moral right to rule us, nor do you possess any methods of enforcement that we have reason to fear." - John Perry Barlow, 1996
|
|
|
|
DPoS
|
|
October 31, 2013, 01:46:16 AM |
|
Hum. Take the machine apart, run it at temps well outside what the designers intended, act shocked when performance drops. Is anybody else shaking their heads? you missed the whole 'let's yank 4 VRMs off and ship firmware that bakes the remaining VRMs well over spec and flood the chips with HW errors' part of KNC history right? |
|
|
|
edgar
Legendary
Offline
Activity: 1859
Merit: 1001
|
|
October 31, 2013, 02:02:13 AM |
|
unfortunately seanrarey didnt miss the 'pour ignorant scorn on random strangers' classes that some of our more uppity colleagues have taken it upon themselves to partake in..
they know who im referring to...
|
|
|
|
|
davewr2013
Full Member
Offline
Activity: 238
Merit: 100
Bitcoin For All
|
|
October 31, 2013, 02:03:45 AM |
|
Hum. Take the machine apart, run it at temps well outside what the designers intended, act shocked when performance drops. Is anybody else shaking their heads? I'm shaking my head. In my experience miners run better and longer when they run cooler. I had no idea this Jupiter was from another planet. Hmm wellll -- Jupiter is another planet as I recall... My Saturn is running at about 50 to 52.5. Hash rate is 282 GHash to 303 Ghash is short bursts. There seems to be no need to heat it up. |
Give me this day my daily Bitcoin...
|
|
|
seanrarey
Full Member
Offline
Activity: 168
Merit: 100
BuyAnythingWithBitcoin.com
|
|
October 31, 2013, 02:12:33 AM |
|
unfortunately seanrarey didnt miss the 'pour ignorant scorn on random strangers' classes that some of our more uppity colleagues have taken it upon themselves to partake in..
they know who im referring to...
LOL. No worries, just makes for interesting "full circle" reading |
|
|
|
|
