Digests aside the point is we are advising non-techinicals to sign "random letters and numbers" which could lead to legally binding contract. In a legally binding contract, You can't just say "I didn't know i signed a bad contract" when your signature is there. The law will say... welp prove that you didn't know.
|
|
|
I had to cancel a project because at the time I could not think of a solution (So I'm saying In my experience this is a REAL issue) but in the past I have asked users to sign a contract that contained \n\r and other non-ascii characters so when they copy the proposed contract from a website they don't get the non-ascii characters making the signature invalid when the website verifies it. That's the real gravity of the issue.
The reason why I split the discussion is because I can't explain everything with out questions and with lack of questions my point wont be conveyed -- its the only way I can properly communicate this issue is with question asking but I think I just now got it all out.
|
|
|
I am referring to the following link (scroll down to the bottom) https://github.com/bitcoin/bitcoin/issues/2132If you open up the "sign message" box dialogue you will see that the box advises users "Only sign fully detailed statements that you agree too" how ever a contributing developer has advised for users to sign sha256 digests, this is counter-intuitive it leads users open to sign just about anything. so... How do we promote users "Not to sign anything vague" when we are promoting them to sign digests. Which to any users is just a string of random letters and numbers; It doesn’t mean a thing to a non-technical person. I realise that sha256 doesn’t have any (known or mathematically computed) collisions but to a non-technical person that doesn’t mean anything, so with this social engineering flaw in mind we can assume any joe-shmoe can invent his own "predictable digest" or even just provide a base64 encoding of the message the non-technical user wouldn't know a thing of the difference and could agree to things they are unaware of.
|
|
|
Hi! I can see a very interesting project. In fact, I found here what I were thinking to develope. I will analise the code as soon as posible and I will be following the project. Is it functional now?
Its not complete by any means, how ever I try to post only stable builds so it should as of right now display a GUI showing two buttons Button 1 says "Generate Identity", Button 2 says "Load identity". Only the "generate identity" partially is complete it will generate a key. I haven't secured anything at this point like pen-test or make sure the keys generated have high entropy and I don't plan on "securing it" until all the implementations are their --Just to make progress/development/ideas go by quicker. In other words the plan is to get the thin working and then secure the app. The app just requires OpenSSL and GTK (and possibly GDK) Side-note:I'm working on an embedded solution right now but I feel a fan/user-base is needed as well as p2p network established to make the embedded solution more appealing. I will not discuss any details about the embedded solution at this time for the sake of preventing competitors however just know that its near completion and the source-code is planned to be MIT/X11 licensing, however practically I fore-see that it will be GPL at first to get a ROI so an organization could be established with some funds to back it and provide updates, and other planned "secure devices"(that will also be FOSS) and then once the org is established release MIT/X11 licensing. The desktop app it self will be X11/MIT when it is complete for now its just AGPL.
|
|
|
Domain seems to be working again. Also I switched to PHP hosting so I will start posting up the most up to date references on the website and then periodically sync the updates to git-hub for historical purposes. http://BitcoinDevKit.com
|
|
|
Whoa... How did i miss this, I'm working on a C version of P2P encrypted messaging using RSA, I like your white paper looks like it describes an anti-spam measure like hashcash(or comparable to bitcoin) https://github.com/Xenland/P2P-Crypt
|
|
|
The website is taking longer then I thought but only because I require quality, The first tutorial is up for generating a bitcoin address, they are not too in-depth as its ment to intice developers to purchase the packages that come with tutorial videos and example scripts. (Clear your cache if you've been to our site before it seems cache is sticking on some users browsers) Tutorial Link: http://xenland.github.com/Bitcoin-Development-Kit/documentation/tutorials.html
|
|
|
the website will ping the Bitcoin client every so often
Use the monitortx patch instead, much better. Thanks Davout!
|
|
|
The balances are normally attributed to a user_id that the user can login with and check their balance. When a user would like to deposit an address the website code would query the Bitcoin client through JSON command that will generate an address. The newly generated address will be attributed to the user_id as a deposit address. The user then sends the Bitcoins to the address, and the website will ping the Bitcoin client every so often to see if any new bitcoins have been received, If there are new bitcoins the information can be extract to that particular transaction information like "+1 Bitcoin deposited" type of information. You take that information and increase the users current balance value. I'm working on a Bitcoin Development Kit library for PHP that facilitates all these kind of convinces, checking new balances is a planned feature but I'm going to make it official and post it on the github "issues" page. (https://github.com/Xenland/Bitcoin-Development-Kit/issues/5)
Update: This feature of updating balances has been added to the to-do list instead ( https://github.com/Xenland/Bitcoin-Development-Kit/wiki/%28%29-To-Do-Features-%28Notes-to-contributing-developers%29)
|
|
|
https://delecorp.delaware.gov/tin/GINameSearch.jspClick on link and type in United states Police are just sovriegn citizens here to talk you into selling your sovriegn rights away to them. Any one can be a police but only working for county,state,etc seems to be most profitable as its easy to get any afriad of uniform. Why does a ruler need to register as an entity to report expenses to themselves.
|
|
|
Regardless of what corporations have done to courrupt the thought of "merry" thoughts... I wish everyone a SUPER MERRY CHRISTMAS!!!! F**K GIFTS I HAVE MY BEAUTIFUL LIFE to live in the NOW EVERYDAY!!!
|
|
|
I'm no advertising expert but spending a couple million on something that nobody even knows about(and thus nobody can tell another person about if someone even asked) doesn’t sound like smart advertising. As far as I've researched advertising anywhere on time square is at least $4 million/month and long term contracts are required. So i guess I’m just confused about everything. The website doesn’t seem to reflect the advertising that was put out and by that i mean if you are pushing hard on your "AD" caimpain you'd think people would at least spam uptweet but i still see the same traffic the same content of posts no variety. Just confused about the whole thing any ways the website looks great buddy keep it up, looks exactly how you imagined! Updates: here is the webcam (It looks like its still advertising sprint... its weird how the webcam displays only sprint advertisements and in your image it shows the sprint advertisement EVERYWHERE except uptweet.... weird indeed http://www.timessquare2.com/webcams.html
|
|
|
I'm working on a Real P2P messaging system (encrypted channels only) which requires public/private keys. Perhaps this could be the database, You build trust by communication over public key identity, then attach your contract to your P2P identity public, Although my app isn't near complete yet, but I posted here to notify those who would like to help contribute to the project: https://github.com/Xenland/P2P-Crypt
|
|
|
Updates: SQLite3 integrated. Generated identities are saved into the database.
|
|
|
|