Non-stop Bitcoin Mining

It's no secret I mine Bitcoins, but I don't bring up that I'm not very good for the obvious geek creed reasons. Today I finally made a change to my mining rig that I hope will end the occasional dreaded "Idle Miner Notification" from btcguild.com.

Screen shot of the log file, how interesting and inefficient.

I have small mining setup, a mix of Block Eruptors and a single Butterfly Labs Jalapeno. We started having strange Internet connection issues, and I immediately assumed it was AT&T's fault (to be fair it usually is). Also about the same time bfgminer reported the Jalapeno was sick. Never crossed my mind these issues were related, but once I sent the Jalapeno off to be RMA'd all most of our Internet problems cleared up.

With the Jalapeno gone, bfgminer ran with no problems. With the Jalapeno the program would inexplicably give up, even with the new one back in action this still happens. As a good administrator I'm sure I could have looked for a log or an error message or something, but it is very easy to putty back in, hit the up arrow, enter, ctrl+A+D, and go on with life. I can even do it remotely with TeamViewer because my home PC is on almost all the time (thanks for nothing logmein). Sometimes it goes for months without my need to intervene, other times only hours (and in the middle of the night).

After nearly a year of manual restarts and an immeasurably small loss of Satoshis, I've finally made a script to continually check if bfgminer is running and restart it if it's not. My apologies for not giving credit where it is due, most of this script came from a post on stackoverflow, but I'm not sure where.

It is far from perfect, but so far so good. I'd love to hear anyone's two cents  Satoshis on how to improve it. I also hope this is an aid to other small time miners.

EDIT: March 4, 2014
It didn't take me long to realize this was better to run as a cronjob. The biggest problem I had was multiple screens running, so I changed it over and made my log file a little better.

My first attempt was to remove the pause line and add the script as a cronjob that runs every 5 minutes.

The Ubuntu Wiki CronHowto was helpful, especially the Enable User Level Cron section.

I also update the log file to show a time. For weeks I thought everything was good, because you know, nothing went wrong. I was suspicious something wasn't quite right because the log file never showed the miners being restarted.

Today the power went out, and when the server came back on I expected miners to be running within 5 minutes... they did not. I dug a little deeper and this comment on the Ubuntu forms pointed out my issue. There were a lot of comments about making sure the script was executable and user level cron was set up. My problem specifically had to do with how screen works. I needed a -d for detach. The new script is in the gist, it's been tested and rocks along well.

Ultima VII Party Planner

In an effort to learn more about backbone.js I made a web application that is easily considered beautifully useless (beauty in the eye of the beholder, useless in the eye of everyone else). Really, this is probably one of the finest work of code writing I've accomplished to date and there are maybe ten people in the world who will use it.

Menion makes out like a bandit.

There is plenty of room for improvements, but I'd like to write about it anyway.

The picture is an example of a typical, eight character, all level six party. You have a list of all trainers to go visit, who to train when you get there, and about where they are on the map. It also shows how much gold to take to each trainer, and the total cost of all training.

Link:
http://geekwagon.net/projects/u7pp/

Source:
https://github.com/deplicator/U7PartyPlanner

Gingerbread House Competition 2013

This year was open to anyone to submit a gingerbread house, so Agatha and I cooked up a little hut on stilts for the Hawaiian themed contest. I used the term cooked metaphorically because we really modified a kit and went from there. The only thing we made was icing (see below for secret recipe).

Agatha did all the best parts, like the water, tiki masks, palm trees, and decoration. All I did was construction.

Photo Album I didn't think to take photos while I was at the contest, but I'll add competitors houses here when I get them.

Security Through Obscurity Analogy

I missed my November post, which had me thinking about productivity again. Going back through my notes on blog post ideas I always seem to come back to security.

To be honest, I don't like security. I'd much rather live in a perfect world where it wasn't necessary. On the other hand, the need for security drives innovation.

Poor guy is going to get made fun of by the geek
community for the rest of his acting career, but my gf
thinks he's cute and that's what matters to actors.

One of my favorite misunderstood security phrases is "security through obscurity". Even though it is what it sounds like, Hollywood has been known to misuse it (No Mr. Bond writers--I expect you to Google phrases before you use them).

As an IT guy working for smaller companies I've had the luxury of making practical use of security through obscurity. It comes down to the fact no one cares or knows my servers exist. Even if they did know about them there isn't anything on them worth the effort.

I'd imagine this is true for the majority of businesses, which is why only the big corporations with real secrets higher security experts. The rest of us are okay with patches from Microsoft and Canonical.
For years I've had conversations about the phrase. Eventually I started using an analogy, and then expanded on it.

Think of the idea of security through obscurity as an unlocked box filled with a million dollars somewhere in New York city. No one knows where the box is, what is in it, or even that it exist. The box is obscure. It is secured only by the this fact no one knows about it. If someone was to stumble upon it, they'd get a million dollars.

Now normal security practices might put a luggage lock on this box. If anyone stumbles on it they will see it's locked and move on unaware of the box's value. If this is analogous to the Internet there are now hundreds of thousands of boxes all over the city. Most filled with pocket change and not worth the effort to break the luggage lock. A mischievous person might break into a few boxes just to see if they can, but odds are they will get nothing of value out of it.

Of course, we could extend the analogy to include large corporations that have security experts to better secure their box (maybe a bullet proof master lock). Just like in the real world that will let people know there is something better in that box than the others. Perhaps this makes them a target, maybe it makes some steer clear... I couldn't say, I'm not a mischievous hacker.

All I can say for sure is the luggage lock that protects my worthless box that looks like the other millions of worthless boxes has always worked for me. I enjoy reading others weigh in on these kinds of topics, but when it comes down to it "security through obscurity" is what most of us use because in the grand scheme of things there isn't much worth protecting.

Actual actual reality: nobody cares about his secrets.
(Also, I would be hard-pressed to find that wrench for $5.)

Length trumps complexity

The idea of password length trumping password complexity has been around since before "correcthorsebatterystaple", but lately it's been on my mind because I'm in a class that covers permutation and combination.

The idea can be miss leading. While working out some stuff on a scratch pad the first thing I chose was a five character password comprised of only lower case numbers. The math comes to

26^5 = 11.8 million unique passwords

Increasing the length by one creates 26x more unique passwords.

26^6 = 308.9 million unique passwords 

But doubling the complexity creates 31x more unique passwords.

52^5 = 380.2 million unique passwords

What was my problem? The math seems simple enough, but the problem is I was only considering a simple case. The real world is a bit more complicated than lower case and upper case characters. (also, the interesting thing about exponents is they are exponential).

A better, more real world, example. Consider the complexity of an eight character password that could be made with lower case, upper case, digits, and 14 special characters. This gives 76 characters to pick from.

(26 + 26 + 10 +14)^8 = 1.1 quadrillion unique passwords (short scale)

That's a lot of passwords. But to me that begs the question, "Well how long would it have to be to make 1.1 quadrillion passwords if it was made up of only lower case letters?" The answer is surprisingly short.

26^11 = 3.6 quadrillion unique passwords

We had to go to 11 characters because 26 to the power of 10 is only in the trillions. For three more characters I can make more passwords using only lower case letters. It's a neat little Sunday afternoon experiment, but is this important in any way?

My take away from this is that long simple passwords are going to be easier to remember and more secure. I'm a second year computer science major and have worked in IT for about almost a decade, and I know it is easier for me to remember "icanhazpassword" than "P@sSw04d".

icanhazpassword = 26^15 = 1.7 sextillion possible passwords assuming the attacker knows it is only a lower case password.

 P@sSw04d = 95^8 = 6.6 quadrillion, that is using all ASCII printable characters 

Which brings me to my point; do attackers even bother to check for lower case only? I don't remember the details (and the information is now burred in the Internet), but a while back when the bitcoin exchange mtgox.com was hacked a list of usernames and passwords made it's rounds on the bitcoin forums (all dead links these days). My passwords was 10 characters long and was exposed, in plain text right next to my email. That's an eye opener for anyone. Granted my password was lower/upper and digits (no special characters) but there were plenty of other passwords on there that were more complex.

Now I can't go back and say for sure because I don't have the data, but it would make since the cut off was length not complexity. Odds are they ran a dictionary attack to get all the easy passwords (mine would not have been picked up in a dictionary attack), then a brute force attack for anything else. Based on my password, the brute force attack looked for at least lower/upper and digital characters. Which makes me think even if my password was all lower case, but really long, an attacker isn't going to know to check only lower case. Just to be sure, I like to have something more than just lower case though, but knowing what I know now I don't go nuts with the complexity.

Side note: you look way cooler entering a 32 character password you know well than hunting and pecking for 8 characters and toggling the shift key.