So what do you think? Is this the "killer app" for Bitcoin we have been waiting for?
If you ask and get a rational explanation back as to how that high yield is reached - sure. If not, then you're just going to a casino. |
|
|
|
That aside, I hope that the next niche market for Bitcoin will be tipping.
Every blog (also non-bitcoin blogs) should have a bitcoin address and QR, so that readers can donate, if they like what they read. Not a try-before-you-buy. More like a tip. Pay the blogger 0.1 BTC if you were entertained/educated/thrilled/surpised/whatever.
Every youtube video should also have a QR appended in the first or final part of the video. Give a small tip, if you like the Video!
Non bitcoin blogs and vidoes would expose bitcoins to a gigantic crowd of people in a non-pushy way. Some of them will think "What is this bitcoin-thing anyway" and before you know it, they start posting here!
-
Please send your favorite bloggers a PM suggesting that they put a bitcoin donation jar up there on their site. Help them set it up!
I do this all the time.
I'd suggest a Bitcoin<->Flattr bridge. As far as I know, the Flattr API allows for this and "all" that's needed is an implementation. This is what one of the Flattr employees said last year: We need one that accept bitcoins, and gives us Euros. Then we can add it as a funding option. Can't find any.
http://forum.flattr.net/showthread.php?tid=550&page=4Which is a solved problem this year. |
|
|
|
- Tihan was fired, and no longer acting on behalf of Bitcoinica LP.
Who fired Tihan??
I'd assume the investment fund that he represented. Correct. According to posts by those two persons themselves, [at least] two persons knew the LastPass password and, more crucially, that the password was insecure (i.e, not randomly generated but a known string). One of those persons was Tihan - who selected it, the other Zhou - who knew where it came from. It will be interesting to hear, whenever that might be, where all the USD went - something MtGox seem to have information on according to Mark's posts. (And I'm sure lots of people here would be interested in seeing the IP address from the X-Originating-IP field in the hotmail-sent "Your LastPas pasword is" mail quoted earlier by Zhou) As to the source code release itself, which is the reason why the known string became useable for both an inside as well as an outside intrusion - the latter much more implausible, I believe the question marks as to its origin still haven't been cleared. |
|
|
|
Zhou Tong, can you check your github private repo if it was indeed genjix who cloned it on May 31, or there isn't a log that you can get that info from?
I'm assuming there is an access log because it's a private repo, but I may be wrong, ofcourse.
It seems Zhou heard the same, instead of checking logs: Agreed. But one of the team members explicitly released the source code and that caused the hacker to correctly guess LastPass account. (At least this is the most "right" version of the story I've heard.) http://news.ycombinator.com/item?id=4242713 |
|
|
|
Hacker, or somebody, can't spell or purposely misspelled word: LASTPAS; OFFICALY
And the hacker used hotmail. Surely an IP can be traced via them/there.
The spelling is most certainly on purpose, and Hotmail last time I checked (years ago) includes a header in outgoing mail called X-Originating-IP. It will surely turn out to belong to a TOR exit node or anonymizing service. |
|
|
|
All credentials were encrypted by a reputable password management service. I claim no expertise to judge the security of the master password but it was very long. Its status as a master password and its use in all respects were fully understood by the Consultancy upon acceptance.
If the Consultancy deemed this password to be unfit for ongoing use, they certainly had the opportunity and the duty to change it. Who created that account and configured it to use that particular master password? If it was someone with basic security knowledge, it's a setup to be able to claim plausible deniability later. If it wasn't, well, then it's just bad security practices not having changed it knowing its origin. |
|
|
|
Edit: The API key was changed, but someone had a LastPass account with the same password as that, and was actively updating it with new passwords.
It's unlikely that anyone who uses LastPass would actively use an external string as master password without understanding the security implications. It's likely it was done on purpose. |
|
|
|
I'm not stalking anyone, just trying to bring more attention to this situation and the fact that this is allowed on these forums, even shady hacker-type forums would have banned this user by now for such acts.
I've never used an "ignore" button as often as I do here anywhere else. Not even close. But it works fine. Some threads become quite amusing when they're filled with people on the ignore list talking to each other, but at least I don't have to read it all. |
|
|
|
What country? If it's Germany, Sweden, Denmark or Australia, yes.
Pre-order from late January (IIRC) arrived in Sweden today. |
|
|
|
LastPass has your encrypted passwords. They don't, however, have the decryption key.
Will you put your ass on the line to defend that statement as an absolute truth? I already do, and have been doing so for quite some time. I personally verified LastPass' crypto architecture including reading through the javascript they serve my browser before trusting them. What I would want to see, but it needs to be dragged through W3C first, is the ability for web clients to verify signatures of code blocks served to them and warn the user if the code block changes. Yes, my Bitcoin wallet password is stored in LastPass as well. |
|
|
|
We're talking about a major password leak at LinkedIn, but we're comfortable to have ALL of our passwords stored on an online service (!). Reading more about LastPass and watching the video on how to use it, I understand that LastPass saves the passwords online, so it can "restore" them to another browser on the same or another computer. Moreover, there are features to store auto-fill information (address, email, etc), so you don't have to fill it every time on every site.
Can you imagine the impact if this site has a similar leak of user data?
LastPass has your encrypted passwords. They don't, however, have the decryption key. |
|
|
|
What I think it says is that my bank has a lot of leeway since my country, while being an EU member, hasn't adopted the euro as national currency. Posting this here since it might offer some more information as to why MtGox, like myself, has seen SEPA transfers taking longer than next business day.
... and now finally my bank has gotten back to me after performing an in-depth investigation of the regulatory framework: 1) They still claim (and I believe them) that they're allowed to pick and choose which SEPA countries to allow transfers to. They are required to accept transfers from all, though. 2) Since 1st of January all SEPA transfers must indeed be completed end of next business day. They will change their terms of services after having had this pointed out to them. (Thanks to everyone in this thread). |
|
|
|
|
Regarding "omg it's been four days you have my money i will contact the authorities":
15 odd years or so someone abused my VISA to buy software on the Internet. Back then my main card was still a debit card, connected to the bank account I used for paying bills and where I got my pay check automatically deposited.
They cleaned me out. When I contacted the bank they were very understanding, they investigated the purchases and found it was quite obvious I hadn't done them.
The estimate they gave me until I'd have the money back in my account was 3-6 months. No interest.
Perspective.
|
|
|
|
FYI, I've now received a response from the ECB to questions I raised about my bank and its policy of not allowing SEPA transfers to all participating countries. The provision of SEPA payments is not mandatory for banks at the moment. The recently adopted Regulation 260/2012 establishing technical and business requirements for credit transfers and direct debits in euro will, however, make pan-European payments in euro mandatory from 1 February 2012 for banks and other payment service providers in euro area Member States, and from 31 October 2016 for non-euro area Member States. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2012:094:0022:0037:EN:PDF Best regards, EUROPEAN CENTRAL BANK Directorate Communications Press and Information Division What I think it says is that my bank has a lot of leeway since my country, while being an EU member, hasn't adopted the euro as national currency. Posting this here since it might offer some more information as to why MtGox, like myself, has seen SEPA transfers taking longer than next business day. |
|
|
|
I can find a lot of interesting information about SEPA if I search, and if I follow links posted here. Yet, my bank tells me that while they mostly support SEPA they take it upon themselves to block transfers to certain SEPA countries (my bank specifically does not allow transfers to Romania, Bulgaria and Lichtenstein). I've sent a question to the ECB asking if that's allowed but I don't expect a respons for another few weeks at least. While researching this I found a list, somewhere, with the names of banks and whether they were participating in some or all of three different aspects of SEPA. In my country, only the two very largest banks seemed to participate in all three, my bank was only listed under one of the headings (credit transfer). http://epc.cbnet.info/content/adherence_databaseThus I'm not at all sure all the info linked to can be said to always apply. |
|
|
|
Trading tools are essential to any currency and Bitcoin is no different. If you think Bitcoin can be successful without efficient markets for trading Bitcoin, you are mistaken.
That's your view, and you're entitled to have it. Just as I am entitled to disagree. (I'm both old enough, educated enough and with enough job experience to consider my viewpoint well founded. I'm sure you are too.) |
|
|
|
Good luck-- I share your view that coming up with better ways of playing zero-sum games is not the way to make the world a better place.
A lot of us share that view. Bitcoin, for unfortunate reasons, has attracted a good number of people who seem to believe that trading is a good way for people to "make money". It doesn't make the world a better place. Not on Wall Street, not in Bitcoin. I'm somewhat surprised Zhou shared that view, and very pleasantly surprised that you do Gavin. Zhou - I'm sure you'll go on to create awesome. Good luck! |
|
|
|
As is standard for SEPA customers should expect a 1 to 5 working day delay from the time the withdrawal is initiated until seeing funds arrive in your personal bank account.
This is bullshit. Could be, but if so my bank publishes the same bullshit. When I make a SEPA transfer they tell me to expect "3 to 5 days" before it's in the receiver's account. In actuality I usually see 2-3 days. |
|
|
|
Moreover, we have lots of happy players around the forums who you can ask about our service. *unasked* StrikeSapphire is just an overall feelgood(tm) place. As to noob friendly (I'd have to start a separate thread for Sapphire praising) they're indeed. It's a proper site with all the info in the right place and a good user interface. It's where I finally learned to play craps, actually  |
|
|
|
|
Show Posts
