nice article.

the US healthcare = innocent people sacrificed to the Free Markets idol.

I am still waiting for a major web wallet to get hacked...

what "Bitcoin rules" were you expecting them to follow? your "Bitcoin rules"?

Please do not mix things. There are two separate issues:
1. - the security of the server that your client is talking to.
2. - the security of the software running on your computer.

1. It is completely impossible for an Electrum server to steal your coins, because transactions are signed locally. The only way to steal your coins would be to compromise your own computer.
2. Someone gaining access to the server that distributes the software could insert malicious code in the software that is being distributed. (the tar.gz or .zip file, or the executable). Such an attack would only affect the users who downloaded and installed software between the time of the attack and the time where the attack is discovered. This kind of attack is possible for any type of bitcoin client (even the official one). It is mitigated by scrutiny from the community.

Please understand that the situation is very different if you use a web wallet such as blockchain.info. If you use a web wallet, points 1 and 2 are not distinct; an attacker who gains control of the server will modify the javascript code that is sent by the server. The danger is amplified by the fact that your web browser will update the javascript code running on your computer everytime you use the service, and not just when you decide to upgrade your client. Thus, if the server is compromised, then the attacker can quickly replace the javascript code running in the web browser of all clients, and do whatever they want.

have you learned - at your expenses - what 'single point of failure' means?

what do you mean, abe is down?!?
it works perfectly for me: http://abe.john-edwin-tobey.org/

If you have problems accessing it, I can restore the Abe instance at ecdsa.org, but I 'd rather not to because it slows down the Electrum server.

I would like to revive this thread, with a quote from Rick Falkvinge:
“Once people have tasted what it’s like being without a gatekeeper […], then there is no going back, is there?”

source: Eurobit

I did not know about that. if that's the case, then I guess it's possible to use both.

it would be possible if blochchain.info and strongcoin.com agreed to use the same deterministic key generation algorithm.

but that's not the case right now. if you do that, your wallets will diverge because they keep creating different keys.

yes.

I compared the last 50 transactions relayed by my Electrum server with the list displayed at http://blockchain.info/ip-address/78.47.154.42

Results:
- accuracy: 36%
- false positive rate: 64%

Technically, it's not too bad, because the number of possible IPs in the network is quite large.
However, I don't think that such a high error rate makes the data useful for any purpose.
Maybe they should publish a list of n IPs that could have relayed the transaction, with a percentage of confidence.

The probability of being hit by a meteorite depend on the mass of the meteorite (and also on the shape and composition of the meteorite, but we will not consider these parameters here).
There is a mass that maximizes the probability; smaller meteorites have an increased probability of being destroyed by the atmosphere, and larger meteorites tend to be less common than smaller ones.

It is possible to express the probability of very unlikely events as the mass of a meteorite having same probability of hitting you during a period of one year.
(some practical work will need to be done to calibrate the conversion, but this is not infeasible)

Armed with this new conceptual framework, we can convert the length of a private key into kilograms.
Hashes per second spent by an attacker on a key change the mass of the object (nonlinearly)

Useful, isn't it?

A quick note on Bitcoin aliases.

In order to be used for signatures, Bitcoin aliases need to have the following properties:
 1.- cannot be hijacked (redirected to another Bitcoin address) by an attacker
 2.- cannot be tampered by their owner (i.e. the owner cannot secretely change their alias and pretend they did not sign something they actually signed).
Aliases stored on a website and secured by their owner might have property 1, but they do not have the second property.
I believe that Bitcoin aliases will need to be stored in a blockchain-based storage such as Namecoin or DIANNA.

I will update my proposal (http://ecdsa.org/bitcoin_URIs.html), and the way aliases are handled in Electrum in order to reflect this.

no, this will not be sufficient.
if you could not compile the original client, perhaps you should try libbitcoin?

FUD.

Electrum 0.41 has support for remote wallets.
With this you can generate addresses on a website without leaving the private keys on the server.

This is possible because Electrum uses a "type 2" deterministic wallet;
this means that it is possible to generate new addresses without the wallet seed.

Electrum 0.41 includes two new files:
*remote_wallet.py : a script that is run on a remote server and can be queried with jsonrpc
*remote.php : An example in php. See it live here: http://ecdsa.org/remote.php

Here is how to create and use a remote wallet:

On your local machine, create a new wallet, and create a neutralized copy (without seed):
Copy the neutralized_wallet to your webserver.
On your webserver, edit the configuration variables in remote_wallet.py (username, password, wallet path).
Then, start the script:
On your local machine, start Electrum with the --remote option:
Your local wallet will be synchronized with the remote wallet.
If you visit remote.php on your server, you can create new adresses in the remote wallet.
Everytime a new address is created on the remote wallet, it will show up in the local wallet.

Note that the remote wallet does not need to be connected to an Electrum server.
All this script does is generate new addresses, and tell your local wallet how many it generated.

I made a new release, version 0.41

changelog:
* 'create' and 'restore' commands are now distinct, so that it is possible to create offline wallets. https://en.bitcoin.it/wiki/Electrum#Offline_wallet
* Support for remote wallets. (demo here: http://ecdsa.org/remote.php. Detailed explanation: https://bitcointalk.org/index.php?topic=65136.0

hopefully complete documentation is here: https://en.bitcoin.it/wiki/Electrum#List_of_commands

nice!
there's been an increase of traffic on the servers, I guess it has to do with the release of the Qt version

Thanks for the Windows build!

I have started to write documentation on the wiki page:
https://en.bitcoin.it/wiki/Electrum
Please feel free to improve or augment it!