There are to many unknown variables to answer your question...

MadGamer can be correct, but since you're talking about deriving addresses from an xpub, you might aswell derive them using the bitwasp library, use a python script or run an electrum daemon.

The first thing you should do is detect incoming payments... This can be done with the walletnotify option in core, or by querying an api, or with websockets if you're using an electrum daemon.

The next thing is: when you detect an address being funded, you should know which software you're using for a hot wallet... Depending on the software, there are different ways to initiate a payment. core: json-rpc, electrumd: websocket, python, bitwasp: creating + signing a transaction, online wallet: api

You'll probably need some kind of intermediate script that either polls for incoming transactions (either as a daemon, or from the crontab), or which is called by your wallet if a funding tx is detected (depending on your wallet). This script will probably need to call the payment function of whatever hot wallet you have.
I'd strongly suggest not putting your hot wallet on the same machine where you've put your xpub, it kind of defeats the purpose of using an xpub to derive new addresses to start from (unless i'm missing something here).

Thanks for notifying me... It's indeed an invalid json, i'll fix it tomorrow morning

EDIT: had some time, fixed it right away! Thanks for the heads up!
BTW: it's perfectly normal to use your own node, even for smaller projects. As a matter of fact, i'd encourage anybody to use their own node. Using my service requires trust... I could easily modify the respons i send to any query, my node can lag, my node can be the victim of an attack...
That being said: i don't offer wallet services, you can't create desposit addresses, sign transactions,... By keeping these sensitive services away, i kind of mitigate the problem (afaik).

This service is just an easy sollution for anybody who wants medium-complex core functions without running core, probably even from a shared server without any functionality (you can create static pages and use javascript to communicate with an open socket, thus add dynamic functionality without any server side scripts).

Exactly... It's actually a pretty good defense...
If i follow the logic, the encryption key of the wallet file is sha256(salt2.sha256(salt1.password).nickname).

It'll become virtually impossible for an attacker to use a rainbow table using this scheme, and the resulting 256 bit encryption key they use with AES-256-CTR is pretty good if i'm not mistaking

Sorry, but no.
I hate to be the barer of bad news, but unless the perp used an address that can be linked to an online wallet or exchange, you can't get the ip or the email of the receiver. Even if it can be linked to an online wallet or exchange, you'll probably need a court order for this wallet/exchange to fork over the user's details, and even if you get those details they could be fake (fake id, one minute mail, proxy or vpn,...).

Bitcoin is irreversible and pseudo-anonymous. Pseudo-anonymous means that you can follow the outputs when they're being spent and see which address they funded next, but you can't couple a name, email, ip, homeaddress to the address that's being funded (unless, once again, it was an online wallet or exchange's wallet). There are ways to break the link between addresses so it becomes impossible to follow the unspent outputs, if your thief knows anything about bitcoin, he'll probably use a way to break the link between the address he used to scam your friend, and the address he uses to store his ill gotten gains.

Unless the thief is incompetent, you should consider those funds to be gone

Nice work
look great...

I do have one question tough: i was looking up my own node:

https://lightblock.me/lightning-node/03301e633b25d769377bf75ce6b6ed2ec570270bc06c8c02bf33c5bd2aa47da098

It seems the stats are a bit off, my node has been running for way more than a month (iirc)

I'm actually using websocketd (http://websocketd.com/), so the language of the script itself doesn't really matter
Thanks for your offer to help with the development, but at the moment i can handle it... I'm just gauging intrest to see if i'll only develop the functions i need for myself or if i need to develop the full range of functions.

^^ agreed
I just wanted to link to one of those explorers that supports bech32: https://bitupper.com/en/explorer/bitcoin/

It's not mine, but i like the way this guy is starting his explorer so i wanted to give him some support.

BTW, in this case it probably has nothing to do with opening or closing lightning channels, the values are to large, at this moment most segwit implementations only allow channels funded with up to 0.16 BTC (IIRC)

I'm currently developing websocket access to some of the functions of my full node. For a small fee, a developer, site owner or private person could use a secure websocket connection to execute most of the not-wallet-related node functions. This way, he or she get access to some core functionality without having to maintain a full node, he or she can even use javascript to include functionality on webpages on very limited shared hosting formulas.

In the beginning, i was thinking about creating such a websocket daemon for private use and throw away most of the outdated code on mocacinno.com and use a websocket connection instead... However, i tought by myself: maybe somebody else would be interested in such a websocket connection to?

Without further comments, here's a dev console view of the initial test of my websocket daemon... Be advised, only a very small part of the functionality i want to include is currently included:

https://193.70.78.148:9090/node

You'll need a private key in order to complete the handshake and testdrive the websocket... If you're interested in testing it out, send me a PM and i'll give you a testkey
I've modified my code for now, anybody connected is now automatically authenticated for the time being

Currently implemented
Authentication to the websocket:

• Starting the authentication process
• Completing the authentication process
• Querying the authentication status

Blockchain queries:

• Query the current best block hash
• Find a block using a blockhash
• Get the latest block
• Get blockchain info
• Get the current block count
• Query the blockhash for height x

Todo
Blockchain queries:

• get getblockheader for blockhash
• get chaintxstats
• get current difficulty
• get all the mempool info for a certain tx (ancestors, descendants, entry)
• list all tx's in the mempool

Mining:

• get block template (for whatever you'd use it)
• get mining info
• get network hash ps
• submit block

Network:

• get connection count
• get net totals
• get network info

Raw transactions:

• decode raw transaction
• decode script
• get raw transaction
• send raw transaction

Util:

• estimate fee
• estimate smart fee
• validate address
• verify message

Custom:

• analyse unconfirmed transaction
• Have a timestamped message signed by me (an independant partie)
• Calculate optimal fee at this point in time

My feelings exactly!
There are a couple things people should know: there is no central authority, you are your own bank... The content of your wallet file is all a hacker needs to steal from you, and a transaction is irreversible...

Everything else isn't important for the "average" user (IMHO). Everything he/she needs to know can be deducted from these 4 facts, for example: it's not a good idear to give anybody access to your wallet file (not even an online wallet service)... Or: it's not a good idear to pay a random guy over the internet...

Like kingcolex already said, most people don't understand the tech they're using on a day to day basis... An example a bit closer to bitcoin: do you think 50% of the people using an ATM machine know how this machine works on a technical level? Do you think they know how bills and coins are being created by their central bank? Do you think they know how the local or global monetary system works? They don't care, they don't need to care . All they know is: they have to give their employer a bank account number, if the employer sends funds to this number, they can take a plastic card, put it in a slot in the wall and get some weird pieces of paper. He/she can then exchange these pieces of paper for goods or services.

Offcourse, bitcoin still has a long way to go before it becomes as enduser-friendly as it should be (imho).

i guess you probably used one (or more) unspent outputs totalling 14364 XVG as input, and created 2 outputs: 1 output of 500 XVG to the receiver, and an output of 13864 XVG to your change address.

Does your wallet shows your old balance - 500 XVG, or your old balance - 14364?

In the first case (old balance - 500 XVG) above guess is probably correct.
In the last case (balance - 14364), double check if your wallet is completely synced. If so, something else might be going on.

As asked by the OP: a qoute of all his images...

I'm not bidding tough... I usually buy my gold slightly above spot price...

First of all, why do you need a second account? Maybe the reason you have for making a new account isn't a good one.

Secondly, i'd urge you to use a "decent" wallet, and stay away from online wallets.

Thirth, if memory serves me correctly, you don't have to couple a phone number to a blockchain wallet if you don't want to (i can be wrong tough)... If you're using your phone for 2FA, you can just as well use an authenticator app instead.

This question has been asked, answered and discussed hundreds of times, but instead of using the search function, there are still people that repeat it every couple of days...

http://lmgtfy.com/?q=site%3Abitcointalk.org+what+happens+after+21+million+btc+was+mined

You don't need a larger supply... When you spend btc, it isn't burnt... The receiver can spend the funds you sent him/her.

The article was TL;DR;, but as always, i'm very sceptic when it comes to projects like this.

As Red-Apple already said: it's basically a private company that released a token on the ETH chain and is abusing the bitcoin name in order to gain popularity. They claim to have 1 BTC for every 1 WBTC they sell, however, i'm having a lot of questions:

• Who will check they hold 1 BTC for every 1 WBTC they sell
• After a quick browse on bitgo's website, it seems they are a custodian, a wallet service and a processor... In other words: the BTC they hold isn't THEIR BTC, it's their customer's... How much of this BTC is their property?
• So, in reality, let's say they hold 5000 BTC for their clients, and issue 5000 WBTC and sell those 5000 WBTC, they basically just doubled "their" money, right?
• What if one of their clients withdraws (for example) 1000 BTC... Will they actively buy back 1000 WBTC? Or will they just say: "i was holding 1000 BTC for my clients, so i sold 1000 WBTC for 1000 BTC, now i have 1000 BTC for myself and i'm still holding 1000 BTC for my clients... So, if my client asks his 1000 BTC back, i still have 1000 BTC in profit"

I think this one is a grey area... I don't think he should receive -ve, altough a neutral feedback warning him not to repeat this anymore *might* be borderline suitable?

It's not like the dude needs merit in order to spam the forum. His current rank (and signature space) are more than enough for most campaigns, bounties,... This, coupled with the fact he's not really straight up begging, might be enough not to clasify him as a "hardcore merit begger" but give him a warning instead?

This being said: i'm not saying that this behaviour is ok... I don't like the fact that people are using these subtile tacticts to hide pseudo-begging, but i don't know if it's an infraction that's serious enough to really do something about it...

I personally feel like it's a gray area...

If there is a clear scam accusation with ample proof and community consensus about the validity of the scam accusation, an attack ad can actually perform a public service by warning potential victims about a proven scammer or scam tactic. In this case, i feel an attack ad to be justified, i'd even say such an attack ad would add more value to the forum than a "regular" (commercial) ad.

If it's an ad attacking a person or company on unclear grounds, i personally feel the ad should be taken down.
Like i said: it's a grey area... Who decides when there is community consesus about a certain scam? In the end it'll always be Theymos' call.

In any case, an ad should never violate the law in the jurisdiction where the forum is hosted (i believe it's hosted in the US).

Chipmixer is using a "Let's Encrypt" certificate. Last time i used them, those certificates were only valid for 3 months (IIRC). Since the private key is generated on chipmixer's side and never sent to letsencrypt's servers, the private key isn't known to anybody but chipmixer... This should be enough to avoid a MITM attack.

The reason certificates expire has something to do with the fact that the revocation status of an expired certificate is no longer published. This means that an expired certificate can be revoked without the surfer's knowledge.

In Chipmixer's case, i can only assume it's probably just the task of renewing the certificate that hasn't been automated.

Like i said: i don't really know what this altcoin is all about, to tell you the truth, i hold very little alt's (some ETH, LTC, XMR and DOGE, but that's about it).

I've had a look on google images to search for an image of their wallet, and at first glance it looks like LAPO is just a clone of a clone of BTC... At least, the QT wallet is cloned from bitcoinQT, so i'd doubt if the blockchain algo was significantly changed between LAPO and the X11 coin they cloned.

Since they seem to try to run some kind of ICO, i can only guess they cloned an existing coin, added a fat premine and are now trying to become rich by selling their premine (this is my gut feeling, like i said: i haven't done the effort of really analysing the coin, i'm just going on some google images and the text on their website/ann thread/github page).

If they just cloned an existing coin that used the X11 algo, anybody with a working knowledge of mining should have been able to get a GPU miner working, or even better: an ASIC.
It takes just one or two ETH miners that switched to LAPO because they lost money mining ETH in order to completely blow LAPO's difficulty out of proportion. If you have 4 or 5 X11 ASIC's on your network, it becomes allmost impossible to find a valid block with your wallet's cpu miner.

An antminer D3: 17 GH/s (source: https://www.cryptocompare.com/mining/bitmain/antminer-d3/)
A "regular" cpu: 200 Kh/s (source: https://cryptomining-blog.com/tag/x11-cpu-miner/)

5 cpu miners: 1 Mh/s
5000 cpu miners: 1Gh/s
85.000 cpu miners: 17 Gh/s

So, basically, disregarding the difficulty, the time between blocks, the LAPO price or the block reward, if LAPO's network consisted of 2 miners: you (running a cpu miner) and an other guy (running a D3), statistically, only 1 in 85.000 blocks would be found by you, and 84999 in 85000 blocks would be found by the ASIC miner.
Now imagine a network with yourself and 5 D3's

Sure, you could do this... But this project wouldn't belong on the bitcointalk forum IMHO.
The thing you're doing is just building a new paypal, exept your token wouldn't be backed by FIAT money... It would just be a centralised database, vulnerable to exploits, chargebacks, record updates,... It would have nothing to do with the blockchain or crypto currency in general.

It seems lapo is using X11 as it's POW algo. AFAIK, there are several ASIC's on the market for X11 hashing (like the D3, but AFAIK innosilicon, spondoolies and baikal all have X11 ASIC's on the market), so they wouldn't have had to figure out a way to do this, it should have been pretty straightforeward.

These X11 ASIC's have been around for a long time, somebody just has to use them to mine this altcoin (disclaimer: i don't usually visit the altcoin subforum, i don't know LAPO, i have no LAPO, i'm not a LAPO miner,...).