Just to add that with bitcoin, responsibility lies in the hands of the users whereby with the normal currency, responsibility lies partly with the banks and partly with the users. In the case of money theft from a bank account, there is a good chance that the user would be fully reimbursed, even if the users were negligent. The people are dumbed down in this day and age to shy away from personal responsibility and always be finding someone else to blame, e.e. governments, banks, etc. The problem is that there's no good way to keep your coins secure. It's not so much a matter of blame -- it's just that there's no good way to keep your coins secure. Every reasonable suggestion I've heard is so complicated it's just not practical. And there's no good way to balance being sure you don't lose access to your own coins with being sure nobody else gains access to them. This is one of the two biggets problems facing Bitcoin today. Try this thought experiment: Reason out an explanation of how to securely hold thousands of dollars worth of Bitcoins such that a typical American adult with somewhat above average computer skills could understand the process and the reasoning behind each step. blockchain.info wallet The key is not being sure "nobody" gains access to them, the critical part is you know exactly who can potentially access them. |
|
|
|
|
So, you stored your wallet in plaintext at somewhere other people may be able to access, and surprised someone robbed you?
|
|
|
|
私下做可以.但一旦当你做大有名气后,我们的PL就会盯上你...
根据我的研究,所有在线赌博最后被警察搞掉的最为重要的线索,就是通过银行内的资金流动追到了真人。如果一切支付都是用比特币……哼哼。 对的,比特币很难找到真人的,可以一切都弄成匿名的。而且比特币可以做成provably fair,理论上彩民应该很青睐。 |
|
|
|
|
Can you develop an alternative game where the I can win what I actually rolled? for example, I rolled a 18, but my bet was on lessthan 64000, so I missed out on a potentially big payout. In this alternative game, if I roll a 18, then I get paid the 1998.853x multiplier or whatever multiplier that would be mathematically correct. I'd like to play this style.
|
|
|
|
Also, it seems Satoshi had something for online wallets. Something Gavin isn't really excited about. New users wouldn't really even need the Bitcoin software. They could download a miner, create an account on mtgox or mybitcoin, enter their deposit address into the miner and point it at anyone's pool server. When the miner says it found something, a while later a few coins show up in their account.
I also think online wallets is the way to go if bitcoin hope to gain any popularity among the non-tech people, though definitely not mybitcoin.com type, more of a blockchain.info type. The desktop client has its purposes, but it'll probably never be properly secured and made usable by a non-tech person. So in that sense, an online wallet is actually more secure, since security is taken care of by a trusted pro. |
|
|
|
|
Can't someone just create a monitoring script, using PHP, and tell us if the current file is valid? Everyone can run this on their own server or host it for others.
|
|
|
|
I don't think Piuk can get to your bitcoin, either, since your blockchain.info wallet is decrypted and encrypted in your browser, and no unencripted private keys ever reach blockchain.info's servers. But I guess he could change the code while no one's looking.
He can't if he continues to be honest as he always has been. Though in the case if he decides to break bad, he can easily obtain your private keys if he wants to, by changing the code of his website. Again, this is highly unlikely since he has an excellent spotless reputation, and disclosed much information about himself and his company. |
|
|
|
|
Another advice, drop the black background, use white. Black background is usually used by non-professional or hackinig/illegal sites, plus I can't open up a site
with black background in my office, co-workers will be curious why I'm browsing a site with black background.
|
|
|
|
|
All your games need a serious facelift, right now they just look amateurish and I wouldn't want to play on your site if you can't even present a decent non-1995 interface.
|
|
|
|
|
If you are completely non-technical, then just use blockchain.info wallet, choose a secure password, utilize their 2 factor authentication feature, install their firefox plugin js checker, back up your encrypted wallet to dropbox after each large transaction. Then basically you are 100% secure, unless the operator piuk decides to break bad. Piuk has revealed his real world identity from the start, so the chances are rather low.
|
|
|
|
what is casascius's real world identity? I seems to have missed it.
His website is pretty clear on that: https://www.casascius.com/It seems to me he's taken enough precautions to minimize risk, probably even more precautions than I would do myself, so I feel pretty confident my measly 2x 10btc coins are safe. Thanks, so UTAH, casascius is a mormon? |
|
|
|
|
what is casascius's real world identity? I seems to have missed it.
|
|
|
|
Man this gives me a lot of anxiety because I plan to buy back some bullion in the near future. How the hell can I unsure, without wasting a lot of money, that what I buy will be real? Buy an ultrasound machine like the ones that dealers have, that's the only way to be sure. Otherwise, you can never be sure. |
|
|
|
Yep, its coming to the point where the 'anonymous' sales pitch used to entice others to start using BTC will be an outright lie. (though it was never really anonymous without the proper precautions)
What are you talking about? trading in bitcoin is anonymous, but when you decide to bring other currencies in to the mix, then you lose anonymity. If you want to remain anonymous at all time, then don't use an exchange. Sell something for bitcoin instead. |
|
|
|
|
wait, is that +4000 BTC for a royal flush?
|
|
|
|
China  |
|
|
|
Minor Security Concern
When you use a Correct 2 factor Password but an incorrect account password, it informs you that the account password is wrong.
IMHO, a website should never verify which password is incorrect when there are two and should give a generic message saying one of the two passwords are incorrect.
Same theory behind when having account name or password wrong, best practice is to say the password or account is wrong.
The Second Issue
It appears that Google Authenticator is not correctly implemented.
Google Authenticator is a Time-based One-time Password (TOTP) algorithm
If you verify that the Google Authenticator password is correct when using a bad account password,it should burn that password.
I have verified this operation with other authenticator based accounts, and if you use a try to reused a code before the time-limit expires it will not let you.
This is designed this way that if the password is intercepted, and used by the User it can't be reused within the Time-Limit.
RFC 4226
RFC 6238
I don't agree with the 1st issue, I want to know which one I got wrong, so I as a legitimate user can correct it. If we went with your implementation of security, imagine if I always typed in the wrong account password for some reason, but I might think google authenticator is broken, since I can't distinguish which password I got wrong. The 2nd issue is really minor, so in less than 30 seconds, some one might be able to make another attempt on my account password, who cares. I can give them 10 years and they wouldn't be able to crack my account password. They either know it by obtaining my password storage file, or they don't. |
|
|
|
Even after everything... all the scams and ponzis. The bucket-shops and "online wallets." The thefts and "hacks." The "credit-ratings" and "savings and trusts." The hits keep on coming. And coming. The latest? You dare ask? New Asset idea, Cambodian rice sharecropping (4% to 6% a year) Feedback wanted!Now, I don't know about you, but I think there comes a time when we need to stand up and say ENOUGH! I think that time is somewhere before "Cambodian rice sharecropping," no matter who brings it to the table, even if it is "goat on a boat." Can this community show some spine, not to mention decency, and say no to this? 4% to 6% a year is probably legit, and since he lives close to Cambodia, what's wrong with investing in Cambodian rice farming? |
|
|
|
|
Bitcoin is not cash, it has features that physical cash will never have, so if you desire these features, you pay the fee. If you don't, then you keep using cash. Why do people increasingly use credit/debit cards? even though credit/debit cards has a ton of fees to the user and the merchant? because they desire the features of the card system.
|
|
|
|
|
国内可能还得等一段时间,用的人太少。不过比特币真的是天生就是给赌博,色情,走私,毒品这些行业用的绝佳货币。
|
|
|
|
|
Show Posts
