well damn, he's been here since March.. So his internal calculation: ( value_of_heavily_used_forum_account < $200 ) This is a good reason to find out personal information on people you give loans to.
|
|
|
Let's see who supports GoDaddy <snip>
Note that printcoins.com does not. I have considered GoDaddy evil way before this SOPA thing, and this just hammers the point home.
|
|
|
This is so exciting. Will a fully anonymous person pay back nearly $200 in cash?
|
|
|
So your charging money for something i can do for free with scripts you can find if you Google hard enough (and on my black an white laser printer?)? I'm not saying that this is a stupid idea, it is just not the best idea to try to sell something that is so easy to do on your own for free. Works kinda like selling toast, It works if your a restaurant, but most people would rather make there own toast at home and save money. Edit: I can just pop on over to https://www.bitaddress.org and then just photoshop in a little logo. If you are not willing to spend 5 BTC you can't eat my toast. Obviously you value your time much less than others. This isn't really for end users, but for people that want to sell their own bitcoin bills. They will end up paying more for their paper than they are paying me. They get the ease of just entering in quantity and selecting denomination, and not having to do anything in photoshop. 400 Bills sent to the printer at a push off a button.
|
|
|
I'm just wondering, without a trusted third party, how can someone trust the maker of these bills that the private key is really under the hologram?
Impossible to know. When you buy physical bitcoins off someone you are putting your trust into them. The code to create the PDF will automatically generate the keypair and put the QR codes into the bill. It would take modifying the code to remove the private key. Though the printer could also scan the private key themselves to steal them (or also modify the code to make it record them). That said, when the details of the algorithm are solid and can be translated into php or a bash script, I will be incorporating 3rd party private key addition to the bills (you would print a sheet, sticker it, send it to someone else to print over keypair two and they would sticker and cut it).
|
|
|
Yeah, I hear what you're saying. I guess I just feel like *most* people would operate a company in a reasonable, sustainable way. I feel like MtGox has been around long enough that they have proven they aren't a group of scammers. And if that is the case, they receive no benefit from running their company into the ground by using more money than they are gaining. They receive much more benefit from continuing their operations as-is ($2000-$5000/day) than they would from stealing everyone's funds without reporting it and turning into some sort of fractional-reserve that will eventually go bust.
Let's say you have about 1,000,000 bitcoins in your exchange, but 10,000 are lost due to operational mistakes. Your accounts still say they have 1,000,000 bitcoins. Who do you update for a loss? Do you update their losses? Do you subtract it from your profits? Do you just say, well it isn't like everyone is going to pull out 1,000,000 BTC in one day anyway. Lets just leave it float. No point in rocking the boat for a problem that isn't likely to ever get noticed. What about if you lost 10% of the bitcoins in one day from a hack. Do you eat it, or just say... well no point in rocking the boat. Who will notice. It isn't like anyone is going to pull out 900K in btc in one day. This isn't exactly scamming. This is not exactly stealing. The bitcoins in the DB still exist, they just don't happen to be backed by real bitcoins anymore, and we can make up the losses eventually. And if you want to go to the dark side... (not saying they are) --- Why not just take out a loan for 200K in btc, and upgrade all of the servers and support staff so the whole operation runs at top notch speed. They can just make back the money and then some from all the happy customers. With all this skilled talent, think of our savings in preventing mistakes. ... --- The thing is, they could also be completely transparent and show that they are on the up and up. A full disclosure of all of their bitcoin addresses, along with a list of all balances in their accounts would help. The accounts could just display a code with the balance, and users could verify that the code in their account matches the db record and the same balance. It wouldn't be perfect, but it would at least make it an effort to cheat.
|
|
|
That's awesome, honest and amazing that you reported this.
What's scary is their response: "Please keep the extra $100"
How many people haven't reported surplus deposits? Where is the "extra" money coming from? The OP's issue likely stems from poor systems and management giving away too much money. Incredible.
What's really scary to me is how quickly people put a negative spin on things. This is not the only negative response I've had when I shared this information. You see it as, hey great customer service. I see it as a system that is poorly automated, and fraught with human error. They make enough money that they don't sweat the small stuff, and that is cool and all, but I am always wondering if it will come to light that their errors mean that they do not actually have as much in the way of bitcoins or cash to meet the balances in their accounts. Things I have seen * The major hack which they "rolled back." How much they lost is unknown. * Large pools of money they shift around between single addresses (suggesting to me a human activity rather than an automated bitcoin management system) * The time they sent a large sum of bitcoins into oblivion (I forget how much) * These errors where people are credited extra Maybe they make enough profit per transactions that money slipping through the cracks is no big deal, but if they don't a run on the bank is a possibility. Maybe, maybe not. Why not give them the benefit of the doubt? I don't see any reason to badmouth them or spread fear about them when there isn't any proof to back up what you are saying... It seems overly paranoid and over the top, in my opinion. I suppose you are right. It is just one consideration people should have when dealing with an exchange. I simply am listing the issues that have come up on the board, and note that if the errors outstrip their profits than their balance sheet will not line up, hence the possibility of a run. @plogank was wondering how this could be spun negatively. If I saw my bank making mistakes that made it lose money, I would pull my money out, especially if it wasn't backed by something like FDIC protection. I don't know if I would call this bad mouthing. I am just voicing a concern that I haven't seen mentioned anywhere else. Really I think that mtgox does quite well for itself with all of the volume, and most likely it's profits make for a balanced budget. But I also wouldn't be surprised if I was wrong in this assumption. In other words: I reserve the right at some unknown (maybe non-existant) date to say "I told you so." I have the benefit of never being able to be proved wrong
|
|
|
That's awesome, honest and amazing that you reported this.
What's scary is their response: "Please keep the extra $100"
How many people haven't reported surplus deposits? Where is the "extra" money coming from? The OP's issue likely stems from poor systems and management giving away too much money. Incredible.
What's really scary to me is how quickly people put a negative spin on things. This is not the only negative response I've had when I shared this information. You see it as, hey great customer service. I see it as a system that is poorly automated, and fraught with human error. They make enough money that they don't sweat the small stuff, and that is cool and all, but I am always wondering if it will come to light that their errors mean that they do not actually have as much in the way of bitcoins or cash to meet the balances in their accounts. Things I have seen * The major hack which they "rolled back." How much they lost is unknown. * Large pools of money they shift around between single addresses (suggesting to me a human activity rather than an automated bitcoin management system) * The time they sent a large sum of bitcoins into oblivion (I forget how much) * These errors where people are credited extra Maybe they make enough profit per transactions that money slipping through the cracks is no big deal, but if they don't a run on the bank is a possibility.
|
|
|
Can anyone point to something that will just create a priv/pub pair.
I don't actually want to have the client running, I just want to buy some namecoins off someone, and have an address to store them at (in case some day in the future they are worth something).
|
|
|
Does namecoin work exactly the same way for priv/pub addresses. Can I use the same pair as a namecoin address and a bitcoin address. Can I use what is generated here: https://www.bitaddress.org/to create a namecoin address? Also, is their a blockexplorer for namecoin? What about a nice friendly gui interface that will work on my mac for my wallet?
|
|
|
It might be easier to hook into bitcoind's rpc for creating new addresses rather than rewriting client code in PHP. This means your webserver would need access to a bitcoind, but not necessarily one that is even connected to the network. It could just be for address generation. You could export the keys generated and set them up to be swept by a different bitcoind that can't be compromised by your webserver.
That would be another service to run on a webserver which is a bit heavy duty. Also, getting all the private keys out of it would require using pywallet to export them, and then reimport them into your desktop wallet. I created a php library that uses "bitcoin-off-the-grid" (BOTG) (source: https://bitcointalk.org/index.php?topic=23081.20) which is a bash script. Here is the library: https://github.com/RobKohr/PHP-Bitcoin-Address-CreatorI trimmed out a bunch of stuff from BOTG to make it more script friendly, and wrapped a php exec call to it. It seems to work pretty well.
|
|
|
Centralized storage may be a bad idea, but is there any way around it? I can't see any way for an exchange to exist without an escrow party (or a lot of scamming without escrow). Escrow means centralized. I mean, perhaps the escrow could simply act as such after a trade is booked (i.e., both parties send their funds to the escrow, to then be redistributed to the parties), but that introduces a TON of lag time with trades, which is just asking for problems.
So, what is the solution? I really don't see any besides centralized storage.
An exchange can't get around it as far as I can see. This is why you should only keep coins in the exchange for a limited time while doing an exchange. Get them back to the safety of your wallet once you are done. Your wallet should be the safe place for coins, and an ewallet provider should not be trusted with plain text private keys. Ever. It would be the same as everyone in a city giving a homeless man their cash to hold onto in a cardboard box that he occasionally might walk away from (but his cat will watch it for him). If it disappears, either he made off with it, his cat made off with it, or someone got around his perfect security (duct tape). No one will ever know what happened.
|
|
|
Good point in favor of the "give every customer a new address" method.
I think reusing addresses is a bad idea and should be discouraged. Creating new addresses is free, and it makes it so their is no confusion as to who paid and who didn't. I basically use addresses as "order numbers" so that it is easy to relate an order to a payment.
|
|
|
I created a fork of pywallet which will import a text file of private keys into your wallet. https://github.com/RobKohr/pywalletThe webserver could generate the pubs/privs and when you log in as an admin, you could download that private key list and import into your wallet. I would recommend that you delete the private keys on the webserver after you import them into your wallet.
|
|
|
bitaddress is done all in javascript so that the private keys are never ever seen by the server. If you moved this logic into PHP, that security is lost. What are you trying to build? Your users shouldn't have to trust that you won't steal their private keys, they should know for certain that you can't.
I appreciate the red flag waving. It is important to alert developers to issues like that. I currently have a pdf generator written in php to create bitcoin bills. I use a textarea to paste in addresses from bitaddress to generate the pdf (this is all done on localhost). I would like to just cut out that step and have php generate the addresses and then the pdf. This is so I can package the whole thing up nicely and release it open source. I also want to create a simple ecommerce library that would create the private and public key on the server and keep the private keys encrypted (to be later downloaded by a site owner and decrypted).
|
|
|
Does anyone have an PHP code that can do what is done on this website: https://www.bitaddress.orgNamely create private keys and associated public addresses?
|
|
|
|