⚠️ PSA for Bassin users:
A security issue was discovered and fixed in the latest Bassin app, but you're not safe until you update it.
Open the Umbrel App Store and update Bassin ASAP.

https://github.com/duckaxe/bassin/issues/23#issuecomment-3640779220

What happened? Bassin uses the ckPool container from hub.docker.com/r/pinkyswear/ckpool-solo - this is linked in the readme: duckaxe/bassin#repositories
Bassin itself does not set a payout address, which can be seen in the code: getumbrel/umbrel-apps@master/bassin/data/config/ckpool.conf.template
Does this mean that the ckPool image i used in Bassin hub.docker.com/r/pinkyswear/ckpool-solo is compromised?

Following a discussion on Discord, I can confirm that the ckPool Docker image I use for Bassin has been compromised.

umbrel decides to make their own, legit docker image at https://github.com/getumbrel/docker-ckpool-solo

https://github.com/getumbrel/umbrel-apps/pull/4230#issuecomment-3641463579

@duckaxe I have created a new ckpool Docker image under the @getumbrel org. It's a drop in replacement for the existing image you're using. You can use it at ghcr.io/getumbrel/docker-ckpool-solo:590fb2a. It builds ckpool-solo from source at the commit 590fb2a which is the current tip of the solobtc branch. (The last version tag is quite a few years old so I presume this is what is considered the latest version)

cross-posted from: https://lemmy.blahaj.zone/post/35291909

cross-posted from: https://lemmy.blahaj.zone/post/35287780

cross-posted from: https://lemmy.blahaj.zone/post/35092926

https://x.com/Public_Pool_BTC/status/1994825500313653418

Public Pool Announcement:

1. Stratum TLS support has been added for end to end privacy. Esp-miner is currently in the process of merging in support as well and this will be the recommended way to connect. (Port 4333). The recommended clear text port has been moved from 21496 to 3333 as well but both will be available.

2. I am ending the affiliate payout program. It hasn't been very popular, requiring monthly attention and I will instead divert the funds to hosting costs and continued 0% block fees.

3. Devices without an ASIC should find another server or service to use. It is likely I will increase the minimum difficulty in the future. Support was initially added for the OG nerdminer for the purposes of fun and learning but since retailers have abused consumer ignorance and these devices are creating unreasonable load on the server, sometimes maliciously with nothing to show for it. If you are one of these people you can always run your own stratum server, many solutions now exist.

cross-posted from: https://lemmy.blahaj.zone/post/35093043

BTC solo miners beware! Both http://zsolo.bid/ and http://luckymonster.pro/ are 100% scam mining pools. They are simply using your hash power for their own gain. My evidence captured here: https://github.com/mweinberg/stratum-speed-test/tree/main/findings

cross-posted from: https://lemmy.blahaj.zone/post/35092594

https://x.com/ckpooldev/status/1994921571102986365

the holidays over, its bitcoin postin time

BTC solo miners beware! Both http://zsolo.bid/ and http://luckymonster.pro/ are 100% scam mining pools. They are simply using your hash power for their own gain. My evidence captured here: https://github.com/mweinberg/stratum-speed-test/tree/main/findings

https://x.com/Public_Pool_BTC/status/1994825500313653418

Public Pool Announcement:

1. Stratum TLS support has been added for end to end privacy. Esp-miner is currently in the process of merging in support as well and this will be the recommended way to connect. (Port 4333). The recommended clear text port has been moved from 21496 to 3333 as well but both will be available.

2. I am ending the affiliate payout program. It hasn't been very popular, requiring monthly attention and I will instead divert the funds to hosting costs and continued 0% block fees.

3. Devices without an ASIC should find another server or service to use. It is likely I will increase the minimum difficulty in the future. Support was initially added for the OG nerdminer for the purposes of fun and learning but since retailers have abused consumer ignorance and these devices are creating unreasonable load on the server, sometimes maliciously with nothing to show for it. If you are one of these people you can always run your own stratum server, many solutions now exist.