Wikipedia:Reference desk/Archives/Computing/2018 May 29
Computing desk | ||
---|---|---|
< May 28 | << Apr | May | Jun >> | May 30 > |
Welcome to the Wikipedia Computing Reference Desk Archives |
---|
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages. |
May 29
[edit]The effect of cryptocurrency "mining" levels of a cyrptocurrency's value
[edit]I dunno which desk this question belongs in, but given that it mostly involves computers, I'm guessing here.
How much is a cyrptocurrency's value affected by the levels at which it is being "mined"? As new "mining" power comes online of a given cryptocurrency, does its value drop?
To give an example, a lot of cryptocurrency mining is done in Iceland. If these mining computers were knocked out (say by a temporary blackout on the Icelandic power grid), what sort of effect would it have, in the immediate or short term, on cryptocurrency prices?
How much of a given cryptocurrency's value is affected by the levels at which it is being "mined", vis-a-vis the levels of which its non-mining holders are buying or selling it? Eliyohub (talk) 14:02, 29 May 2018 (UTC)
- As explained a few questions ago... Mining of cryptocurrency is self-regulated so it remains constant. Say you want your cryptocurrency to mine a new "coin" once a day. The mining process is regulated so it produces one coin a day give or take. If millions of new mining computers go online, the problem gets harder. If millions of computers go offline, the problem gets easier. Overall, the mining rate stays the same. 209.149.113.5 (talk) 16:05, 29 May 2018 (UTC)
- The value of a cryptocurrency is upheld not by national fiat nor by any commodity, only by individual buyers' confidence in its continuing utility as a medium of exchange and investment. About 200,000 transactions daily of bitcoin are carried out by unregulated traders who each offer buy and sell prices in competition. The reported bitcoin price is seen as volatile because trading is quickly affected by news reports and sensations. However the rate of supply by mining of new bitcoins is constant by design, about 80% of the bitcoins that will ever be mined are now in circulation, and in 2140 mining will cease. The cessation is expected and will not be sensational; Bitcoin trading can continue unaffected. An individual bitcoin miner has almost negligible influence on the global value of bitcoin because he is merely one more who can compete against a multitude of traders by offering an attractive sell price. DroneB (talk) 12:52, 30 May 2018 (UTC)
Stop Wikipedia forcing me onto mobile site - Chrome on Android
[edit]I have an Android phone, and use Chrome on it for browsing the web. I have saved the link to my watchist onto the home page, so I can quickly access it on my phone. Unfortunately, when I tap the icon to open it, Wikipedia forces me onto the mobile site (en.m.wikipedia.org) and I have to edit out the m and then re-request desktop site in order to avoid the bloody awful mobile version. I do not seem to have this problem with other websites I have saved in this way. Can anyone help me to fix this? DuncanHill (talk) 20:31, 29 May 2018 (UTC)
- Here are two idea, DuncanHill.
- You could try out User:TheDJ/responsiveContent and see if that makes the mobile version acceptable to you. (It requires you to be logged-in.)
- You could spoof your User-Agent. (Tech-human translation: when your phone requests contents from the WP server, it sends along some information about which browser etc. they use, which the server uses to decide to send you to the mobile site; you can ask your phone to lie to the server and say you're on desktop so that you get the desktop version.) I have not tested it but [1] may work. (Make sure to only spoof for the WP website, else the rest of the web might behave funny.)
- Neither of those is a real answer to the question but either could be acceptable for you. TigraanClick here to contact me 08:48, 30 May 2018 (UTC)
- I have found that clicking the word "Desktop" at the bottom of the page resets the cookie that tells Wikipedia to force mobile mode. 209.149.113.5 (talk) 12:29, 30 May 2018 (UTC)
- Thanks. The Responsive Content thing says it doesn't really benefit mobile users (and it only works with Vector, which is not favoured by me), the spoofing thing seems a bit technical for me! I hadn't noticed the desktop thing at the bottom of the page, thank you. It's just a fag that when I bookmark the desktop url Wikipedia decides that it knows better than me and sends me to the mobile url. DuncanHill (talk) 22:39, 31 May 2018 (UTC)
What is considered to be a backdoor?
[edit]Hello. I'm writing a WP article about backdoors. So I wonder what is safe to call a backdoor on Wikipedia. I mean that if someone call something a backdoor, another one may say "It's not a backdoor, it's just a service account fot technical support", or "it's not a backdoor, it's just a mandatory telemetry you have aggreed/must aggree with according to our EULA" or "it's not a backdoor, it's just a useful feature". So what kind of security- and privacy-undermining functionality, like accounts with hardcoded credentials or authentication bypasses in artifically-crafted solutions, or malware preinstalled by vendor, is it safe to call a backdoor on Wikipedia? — Preceding unsigned comment added by KOLANICH (talk • contribs) 22:14, 29 May 2018 (UTC)
- @KOLANICH: We have the article Backdoor_(computing). Does that help? RudolfRed (talk) 22:21, 29 May 2018 (UTC)
- @RudolfRed: It doesn't. It doesn't have a list of definitions what is considered to be a backdoor even if some entities may claim it is not. I mean, if I wrote "Hardcoded credentials found in a product X of a vendor Y is a backdoor", someone would have asked if I have a proof for that hardcoded credentials are really a backdoor, not a "tech support password", and I will not have: security companies usually put descriptions of backdoors (where they explicitly call them to be backdoors) into their blogs (and some people consider them as a non-reliable source only because it is a blog), but in CVEs backdoors are usually not called backdoors, but "authentication bypass" or "hardcoded credentials". So we need a proof that a backdoor is a backdoor not involving any "reliable source" saying explicitly that it is a backdoor. One of the solution is a some list of common backdoor types explicitly calling that anything matching the definitions in the list is a backdoor. KOLANICH (talk) 07:06, 30 May 2018 (UTC)
- @KOLANICH: First of all, may I suggest the Help Desk for future questions of that nature, since this is about editing Wikipedia?
- Thank you for the suggestion.
- In such cases where there is a real controversy about the use of a certain term, such that saying X is Y in Wikipedia's voice (i.e. "X is Y") would not be supported by the whole of reliable sources, we nevertheless have enough sourcing to say X is described as Y by Z (i.e. "according to Z, X is Y"). You must be careful to only include relevant opinions though (e.g. don't put "Joe, baker in Arkansas, thinks it is flat (ref to Joe's blog)" in the article Shape of the Earth), see WP:DUEWEIGHT (and more generally the whole of WP:NPOV) for details.
- In the case at hand, a blog post from a reputable security company is probably enough to support an attributed statement (e.g. "According to Norton, FooTech's implementation of BarAlgorithm is backdoored (ref to Norton blog)"). TigraanClick here to contact me 08:34, 30 May 2018 (UTC)
- @Tigraan: Could you take a look at Draft:List_of_vendor-shipped_backdoors ? Not all the rows are attributed to well-known security companies (Kaspersky, DrWeb, McAfee, Eset, Avira, Rapid7, etc), I wonder if I should remove them, or keep and just modify the text somehow? KOLANICH (talk) 21:27, 30 May 2018 (UTC)
- Have those vulnerabilities been mentioned in the media? Often, a backdoor of some kind is mentioned in the news once it is discovered. You don't need a major security company to make note of it. 209.149.113.5 (talk) 12:00, 31 May 2018 (UTC)
- @209.149.113.5: Sorry for the long delay, I have just noticed your message. Yes, most of them were called backdoors by news websites. But are they reliable sources? News on these sites are usually written by journalists who are usually not cybersecurity experts. KOLANICH (talk) 10:27, 3 June 2018 (UTC)
- @KOLANICH: First of all, please avoid replying inside someone's replies, it makes it hard to follow the conversation if someone then answers to the answer etc.
- As it stands, Draft:List_of_vendor-shipped_backdoors is probably not going to mainspace. Its very existence is questionable per WP:OR / WP:LSC, but maybe it could be saved (for instance by deciding only to list the vulns that have been specifically described as backdoors by at least one or at least two reputable security companies/researchers); however, the current content is not appropriate:
- The title and the general tone are questionable when it comes to WP:NPOV since it seems intended to name and shame vendors (no matter what your intention was, what counts is what the reader sees).
- The section "about this list" is about as unencyclopedic as you can get (the most egregious example being
if you find an earlier date please replace it
, or the editorsplaining of how we use references). It should probably be ditched altogether (if the list cannot be understood without it, it means the list must be made easier to read). - In the list itself, the date is going to be a nightmare to maintain, though I am not sure how to proceed (that is certainly valuable information). I see no point in providing vendor's countries (especially if that info is just pulled from the linked wp article). I am not convinced four columns for brand/OEM/firmware/component are needed (just put the level(s) that secondary sources blame as the cause of the vuln).
- No clear inclusion criterion (cf. above).
- TigraanClick here to contact me 12:19, 31 May 2018 (UTC)
- Not quite to shame (some individuals (including pets) can be shamed, everything else has no shame), but just a list of states and companies somehow related to backdoors. The columns for stages of supply chain are because (unfortunately) we cannot know for sure who to blame for a backdoor, so we don't try to do it in the article and just give the info. It's up to reader to draw any conclusions from it. For example that flag of China appears in the list more frequently may mean nothing, because most of devices are manufactured and even developed in China nowadays, so Pr(China|backdoor)/Pr(China) may be even lower than for other states. In fact the original version of the list contained only a single column where one of the companies from the columns in the current version was put. I have added more columns for neutrality. The purpose of the list was to determine the relationship between states and conditional probability of inserting of a backdoor to drive consumer decisions. I don't mean that the article is original research (since I have tried to be neutral and just retelling third-parties findings combined with publicly available information), there we just stockpiling data.
- Unfortunately, I don't know how to throw the section "about this list" away.
- Firstly it describes the "date" column. In fact I'd like to have the date the backdoor was introduced in that column, but it's nearly impossible to achieve. So the content of that column is quite arbitrary, the meaning of it is quite simple "according to the sources and public information, the backdoor was present at least before this date, and we want the date in this column to be as lower, as possible, to get a better estimate for the backdoor planting date". This column may be useful because it gives us some estimate on the amount of time it takes to discover a backdoor, and some estimate on the history of cyberwarfare: if we assume that the backdoors are put because states make companies to put them, then we get some estimate on the date a state started to use this tactics in cyberwarfare.
- The similar problems we have with the flags. I would prefer to have there the flag of the state having the most possibilities to cause the planting of the backdoor, but it's impossible to know from public info. So we put there a flag of the state which (former) citizens have created the product because the ones who created a product have influence on what a product will be and because (former) citizens are the ones who the most vulnerable to pressure by that state.
- KOLANICH (talk) 19:36, 31 May 2018 (UTC)
- @KOLANICH: Let's wait for a third opinion when your article gets reviewed, but I have a distinct feeling that your objectives are not aligned with Wikipedia's. In particular
The purpose of the list was to determine the relationship between states and conditional probability of inserting of a backdoor to drive consumer decisions
reeks of WP:RGW. TigraanClick here to contact me 11:29, 1 June 2018 (UTC)
- @KOLANICH: Let's wait for a third opinion when your article gets reviewed, but I have a distinct feeling that your objectives are not aligned with Wikipedia's. In particular
- Have those vulnerabilities been mentioned in the media? Often, a backdoor of some kind is mentioned in the news once it is discovered. You don't need a major security company to make note of it. 209.149.113.5 (talk) 12:00, 31 May 2018 (UTC)
- @Tigraan: Could you take a look at Draft:List_of_vendor-shipped_backdoors ? Not all the rows are attributed to well-known security companies (Kaspersky, DrWeb, McAfee, Eset, Avira, Rapid7, etc), I wonder if I should remove them, or keep and just modify the text somehow? KOLANICH (talk) 21:27, 30 May 2018 (UTC)
- @KOLANICH: First of all, may I suggest the Help Desk for future questions of that nature, since this is about editing Wikipedia?
- @RudolfRed: It doesn't. It doesn't have a list of definitions what is considered to be a backdoor even if some entities may claim it is not. I mean, if I wrote "Hardcoded credentials found in a product X of a vendor Y is a backdoor", someone would have asked if I have a proof for that hardcoded credentials are really a backdoor, not a "tech support password", and I will not have: security companies usually put descriptions of backdoors (where they explicitly call them to be backdoors) into their blogs (and some people consider them as a non-reliable source only because it is a blog), but in CVEs backdoors are usually not called backdoors, but "authentication bypass" or "hardcoded credentials". So we need a proof that a backdoor is a backdoor not involving any "reliable source" saying explicitly that it is a backdoor. One of the solution is a some list of common backdoor types explicitly calling that anything matching the definitions in the list is a backdoor. KOLANICH (talk) 07:06, 30 May 2018 (UTC)