And look we are still running out of disk space it did nothing. They harmed a company that is the bigger point, but this is bitcoin no one sees that part. Take down the capitalist is the motto here.
Well - a good retort (and I know you like to argue) - I think that the model of wasting blockchain space did need to be stopped but for sure maybe it hasn't worked perfectly. As far as "taking down the capitalist" I think that Bitcoin gambling sites are still doing very well. If they were dedicated to fixing the blockchain they would have more than one dev working on it Peter is the only one working on the problem. But now Gavin is focusing on his this payment protocol. We are in beta and he is adding more protocols to a beta, and the protocol is already broken. It requires a centralized CA. So if you can call bitcoin decentralized then go for it, but it isn't and I don't call it decentralized anymore when I explain it people. I call it p2p that is the correct term for it.
|
|
|
isn't it like someone is creating web service that accepts bitcoin payment he have to set up this anyway? which would mean the more services accept bitcoin the more distributed network?
No a lot of services use a merchant tool setup, from like bitpay or coinbase.
|
|
|
Also anyone know what the foundation is going to do? They still have his site as a silver member.
|
|
|
This is complete and utter bullshit and just paints all you mods who are trying to White Knight for Theymos as scummy sycophants. You can't ban someone for trolling and leave Crumbs to post. That proves beyond a shadow of a doubt that the ban is not for trolling, which makes the ban for personal reasons. Since I was the one to initially put in the request, I feel that I can disclose this. Crumbs has already been temp banned in the past and is currently on the chopping block for a permanent ban. So everyone you have an issue with your just going to temp ban and then permanent ban... If the person doesn't do anything that is illegal, why do you have to ban at all? It just shows you are not doing a good job in moderating if you just ban people. Let the community decided with the ignore button if they want someone to be ban someone from their view. It is funny how a forum about software that frees you so much, yet this is becoming like so strict to be here. I just can't wait until the day I come here and I have to pay to view the forum. I know it is coming, bitcoin foundation is bleeding into this forum. Also I think if Matthew N. Wright is banned for scams, when is TF going to get the ban? Alright he is Theymos' buddy that is why. This whole forum is a joke, if it wasn't for the 70K+ members and the deep pockets of some people I would have leave along time ago.
|
|
|
You can't shrink the blockchain size. Its idiotic of the devs to force everybody to download the entire thing as part of Bitcoin QT, it makes it sound like if you're not downloading it all you're somehow using a 3rd party service to store your coins. No, you're not. 99.99% of people will never need the whole chain and there's no point to having it. Just use electrum; its not a 3rd party API, its a superior client.
*facepalm* someone needs to read why the bitcoin-qt client needs the entire blockchain. This allows it to be trustless, that means it relies on nothing and can validate transactions and blocks. Electrum uses a 3rd party server, which if you connect to a cancer server, then you can be fooled to think you have bitcoins you really may not.
|
|
|
So I have seen a lot of people getting hacked left and right. I do feel sorry even thou I think people should be able to spot scams. I will be launching a bitcoin accepting site soon so security has been on my mind. Disclaimer no site is 100% impossible to hack, your job as admin or programmer, is to make it very difficult, that at some point it becomes too much time for the hacker to spend or not enough rewards for the time spent hacking it. 1) So the first method is probably the best method. It is cold storage or offline funds. This is great for websites, that want to accept payments for a product / service / don't need to move funds around. One way to do this is to create addresses on an offline computer. For that you can use armory or vanitygen. Then what I like to do is have a php script that can read the csv file and import into a mysql table that will then correspond to an order, using table relationships. I also like to make a one way hash with a salt of each address while also using the mysql AES function. This way I have multiple lines of verification incase someone got my mysql login and decided to change the addresses in the table. This doesn't protect against a full compromise of server, but does protect your funds in that event. Now I also verify payments by using a bitcoind and having options txindex=1, blocknotify attached to a php script that checks the transactions of each block. Then using gettransaction you can check each output if they are a payment to any of your addresses then just marked it as paid. 2) My next method is using bitcoind to accept and send payments. My first rule is buy a good computer and keep it in your home, this should be for the bitcoind. I also would set it up with a server distro of linux with an IDS/good firewall. Bitcoind has accounts and that is great for keeping a "balance" of a user. That should be a backup system. Too many times have people have showed me using that as a backend. I always use it to compare and make sure mysql is update on balances or to detect an attack in progress. I also suggest building a proxy that can check withdraws against the balance of the bitcoind. I usually make 5 BTCs and greater a threshold so anything over that becomes a manual withdraw or a scale of 1/3 of the balance or greater. I usually have it email me that transaction and use the createrawtransaction api call. 3) My final method and one that I hardly talk about but probably going to be thing for more advance companies. Is the custom client or as I call it the read-only wallet. The great thing about bitcoin is that it is open source as you all know by this point, so many people have created libraries to interact with the network or using the bicoind source code and stripping out everything you didn't need. This made me think about writing my own client, in theory I was trying to keep all sending of payments within inside this application and only have one RPC call, which is getnewaddress. The pros about this situation is if someone did get into your server they wouldn't be able to connect to the client on another machine and send a false rpc connection to send the whole balance to their address. So the basic principles of this is that you have 3 machines. One is your frontend webserver, one is your mysql server, and the last would be this server that handles all your payments, by connecting to your mysql running a few queries to make sure everything is up and up. Then sending out your withdraw or an email if a few rules were broken. I can't talk to much about this but I have 3 of them deployed in different sites that I was hired to build and they are doing great. I think this is the future, bitcoind got us to this point but now we have to look on to future. Just some tips for securing any linux server... - Encrypt the swap and ram
- Encrypt the hard drive, it is a performance hit a little
- I use both fail2ban and denylist
- Custom IDS
- Application firewalls, but when you get the funds, do a hardware firewall
I welcome more people to join this thread with how they secure their sites, hopefully we can help more people. This doesn't protect from shady individuals or scams.
|
|
|
Yeah your framework is leaking you probably would like to change your bitcoind username and password and mysql database username and password.
Can you mention how is that leaking? I'd like to fix that. It looks like you fixed, but still change your bitcoind username and password and your mysql username and password those leaked out.
|
|
|
I went to register http://coinberg.com and got a funny redirect so I won't ruin the surprise but it was a nice laugh.
|
|
|
Yeah your framework is leaking you probably would like to change your bitcoind username and password and mysql database username and password.
|
|
|
Are you looking for a dedicated server ?
probably a bit pricy for a project i could do a VPS dual core 3.40 ghz intel xeon E3 4GB RAM 250GB harddrive shared ip shared high speed low ping bandwidth 200mbps 0.15btc per month ports have to be forwarded manually but thats about it. i can also offer backups and truecrypt encrypted drives What location?
|
|
|
Why are you so against web wallets?
Because I am against people losing funds, 4100BTC were stolen, that is like a bank heist to me. That means we failed on educating the public and new people that web wallets have so much risk. The problem was withing Inputs.io I'd never let that much btc get transferred from it in a short period of time without the owners verification (to allow such a large amount of funds to go through it). Then the security measures.. and so on. How would he have stopped it? They got access to the wallet file copied it and setup their own bitcoind and sent the files, there is no way you can stop that attack. Other than writing your own bitcoind which 90% of the people here can't and probably don't want to do for the fear of breaking it. The moral of the story is don't use web wallets, people are too inexperienced for running that. I have had security training and I went to a top school for CS, I know how to handle these things like the big boys and I have amazing ideas for web wallets, but I will never make that moral decision to put the community at risk.
|
|
|
I got 41% of 20btc back
Who is the troll now! That is what you get for trusting a scammer
|
|
|
Armory makes it really easy to do this. I mean paper wallets can get crazy there are people that have special computers, some people even have special printers, me I just use an offline computer with armory to create it.
|
|
|
Everyone in this thread, look at bitcoin-qt and armory together the safes way to handle bitcoins on your computer. Otherwise the best way would be paper wallets, I have a lot of paper wallets.
bitaddress.org or do u have a quick tutorial for doing such I actually use armory for my paper wallets, it so easy.
|
|
|
Everyone in this thread, look at bitcoin-qt and armory together the safes way to handle bitcoins on your computer. Otherwise the best way would be paper wallets, I have a lot of paper wallets.
|
|
|
1.5GB is not going to be enough, I am looking for something around 100GB+ I probably could make it work with 50GB. Also would your bandwidth be able to handle this? This project is kinda far out in my timeline, but I am starting to work on it more and more. Hopefully more hosters will see this thread and weight in.
|
|
|
@goat business opportunity. We start a web wallet, give it 3 months when the balance is about ~$5-10million or more. I can do a better job, I make sure the server catches fire, the datacenter's fire system will happen to be off that day for testing . NO backups we pay 30% to people and buy a ferrari and island. Lets do it. Cause all these people are still wanting inputs to come back.
|
|
|
The only web wallet that's worth using is coin base.
coinbase could run like inputs too Highly unlikely but anything is possible!
|
|
|
Ips are from Australia where you are located... TOTALLY NOT AN INSIDE JOB.
That's expected, and the attacker rented an Australian server to proxy as close to my geographical location so it won't raise alarms with email recoveries. Wouldn't you think if it was an inside job, I'd use another IP? TF- Don't bother answering the trolls. They are not your investors. It is obvious to those of us who invested with you that you were hacked and are the biggest victim here. Just keep us posted on the remaining assets and options. +1 to this and +10 to the ignore button; the insulting 12 year olds and their indisputable "Omg yuu musta stolenz da bitcoinez!" argument were starting to piss *me* off. Can't imagine how TF feels. What a terrible shame this is. Not just for TF, but for the whole community. Inputs was starting to take off as a viable new service; CL had become the de facto place to invest if Asicminer stock returns were underwhelming; we *all* lose when one of the Good Guys takes a hit like this. Pissy little children might not grasp that "subtle" concept but I'm sure the rest of us do. Just keep us in the loop, TF, and don't let the bastards get you down. LMAO WOW You can't be this stupid and in bitcoins, it isn't possible... REALLY Just isn't possible, he clearly took the $1 million dollars, cashed it out on gox and is now playing on your situation to make you feel like he didn't do it. Some of the smartest people in the community agree with me, so yeah I am going to watch my wealth in my local wallet now You go watch it... oh that is right someone took yours sorry...
|
|
|
|