Status as of Friday, June 2, 2017
Posted: Fri Jun 02, 2017 8:36 am
Here's some notes for today:
- Weekly database cleanup took longer than expected this morning, and the high database load caused shares to be delayed. Unfortunately, there's not much we can do about this problem, because if we didn't clean up old data from the database, we would have had 5TB of shares by now from years ago. However, someone pointed out a problem I never considered: when shares are delayed, the WAMP data calculated off those shares is also delayed. Over the weekend, I'll add a timestamp for when data from the database-operator is effective, so that during these periods people who are switching pools or renting miners aren't misled because profitability might be different than what is coming from the API.
- Note that during periods of delayed share inserts, no money is lost and balances are simply updated later.
- From Internet research and from what customers have said here, I think that I have an idea as to how we can deal with the password reset problem. I think that the solution is to deploy it in conjunction with 2-factor authentication. There will be three fields: password, Authy 2-factor, and E-Mail address. If 2-factor authentication is disabled (the default), then no password resets will be allowed under any circumstances. If 2-factor authentication is enabled, then password resets can occur through E-Mail. That way, there are still two pieces of information required to log in regardless of whether it is a normal login or password reset.
- Last night, we finally updated the "coins mined per day" chart, which was on the "website wishlist." Now, it queries by algorithm. There is no x11 data yet, because recording per algorithm will start tomorrow.
- In addition to the proposed 2-factor/password reset and getting out the latest performance improvements this weekend, we also plan to perform a security audit on systems surrounding Prohashing. We're not that concerned about the system itself, which has never had evidence of any intrusions, but about companies surrounding the system, like the recent Verizon Wireless issues and social media accounts being used to attack other systems. For example, I plan to close my facebook account to reduce the probability of someone somehow using information from there to start a chain of events to attack this site.