New feature: Locking of withdrawal addresses!
You can now lock your account to a specific withdrawal address in Settings. I recommend doing this now - even if you don't think you will be hacked, it's better to be safe than sorry.
You can unlock the address, however it will take 14 days before you are able to withdraw to any address you like. An email alert is automatically sent when there is an unlock request.
Who pentested this site? As a depositor and not a lender I would like to review the pentest. PM'd
|
|
|
I thought my '-1' post that got deleted said everything it needed to, that i did not agree
But then i thought my free speech joke was... well a joke...
I don't think someone saying "I don't support this" would get deleted, even through it conveys no extra information.
|
|
|
Reputation shouldn't be summed up in a single number. You need to look at the individual ratings, and who rated them. Like you won't care about -50 from Supa's sockpuppets.
|
|
|
New feature: Locking of withdrawal addresses!
You can now lock your account to a specific withdrawal address in Settings. I recommend doing this now - even if you don't think you will be hacked, it's better to be safe than sorry.
You can unlock the address, however it will take 14 days before you are able to withdraw to any address you like. An email alert is automatically sent when there is an unlock request.
|
|
|
This isn't looking good ..
|
|
|
ASICMINER is deploying 250TH/s.
|
|
|
TradeFortress,
As an additional layer of security, is there any chance you could give depositors, when initially setting up their account, the option of allowing funds, when withdrawn, to only be sent back to the address that the deposit came from?
As an example, if my account was hacked into, and the hacker made a 1 BTC deposit, then the only funds that could be withdrawn back to the hacker's BTC address would be the deposit he made from that address and any interest made on that 1 BTC.
I'm working on a feature where you can lock in a withdrawal address in settings, and can only unlock it with a 14 day cooling off period. ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
|
|
|
This feels like the BTC pizza - not because of it's price, but because it shows the growth of bitcoin.
|
|
|
Well, you make it sound like you own it, because generally this section is used by owners to announce their services. ![Roll Eyes](https://bitcointalk.org/Smileys/default/rolleyes.gif)
|
|
|
Update:New security feature implemented - your password is now also hashed on the client side via JavaScript before it is sent over HTTP. Some guy with WireShack won't be able to sniff the plaintext ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) Quite late here, I will expand it later to use time specific salts to thwart replay attacks, but now this should do.
|
|
|
This is from the AMC guy who thinks he can mine more bitcoins produced in a year.
|
|
|
Yes, Google Authenticator requires the app on a phone (there's also an unofficial windows version, but that's not really recommended cause it kinda defeats the point). But, I just implemented client hashing via JavaScript. So your password is not sent in plaintext over HTTP, it is hashed on the client & on the server, and again on the server with a salt. ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) Currently, an attacker could submit the same hash if they sniffed the packet (but won't know the plaintext), but I will be working on time specific salts on the client later. If you are having login issues, please try a "hard refresh" (hold down refresh button on Chrome and select the option, Ctrl+F5 on Firefox).
|
|
|
1337 sleuthing skills.
If you have 10 bitcoins, deposit it in coinkenders and you'll get 0.047 in a week.
|
|
|
Post rep, vouches, otc, etc.
|
|
|
It gets even worse. Say you trust MtGox for 50k (you have 50k balance in "USD [tiny print: mtgox IOUs, not actual dollars]"), and you trust MyExchange for 10k. You have 0k balance in MyExchange IOUs.
You wake up one day and see MyExchange's owner ran. No worries, right, you had no exposure to MyExchange, right?
5 minutes earlier, you acted as a "liquidity provider", and exchanged 10k of MtGox USD IOUs for MyExchange USD IOUs. For no fee. With zero indication. And the owner of MyEx now has your Gox IOUs.
If you trust someone with 10k and they run off with it maybe you just misplaced your trust or put too high a number on it? What for were you trusting them that much anyway if you have none of their IOUs? Presumably you hoped to act as liquidity provider and had set up in such a way you would get some kind of fee or something? Otherwise why the heck all that trust in the first place? -MarkM- You don't have to be the person making this stupid mistake. If anyone in your trust network does (and that can extend to infinity), and you have a chain where defaults occur because of this, then you're affected.
|
|
|
Your ideas sound interesting. However, given your substantial changes to the basic model, you should probably start by having security experts comb over the specification of your changes and look for flaws. Having all the C++ developers in the world won't help you if your model isn't sound. Plus, I don't understand all the secrecy. The project, if it has merit, would probably take off better in an atmosphere of open debate as a public project, IMHO.
Absolutely. I'm all in for open discussion and review, and this is an open source project. But that comes a bit later. We're going to have a working proof of concept first ( testnet), and then peer review / discussion with something you can actually use. Kinda like publishing your research in a journal - then it gets peer reviewed. Not announcing the exact details before and have some rogue scientist steal the thunder (with some stuff done wrong). That seems likely given the latest "alt coin of a day created in forty minutes".
|
|
|
It gets even worse. Say you trust MtGox for 50k (you have 50k balance in "USD [tiny print: mtgox IOUs, not actual dollars]"), and you trust MyExchange for 10k. You have 0k balance in MyExchange IOUs.
You wake up one day and see MyExchange's owner ran. No worries, right, you had no exposure to MyExchange, right?
5 minutes earlier, you acted as a "liquidity provider", and exchanged 10k of MtGox USD IOUs for MyExchange USD IOUs. For no fee. With zero indication. And the owner of MyEx now has your Gox IOUs.
|
|
|
There's tons of coins that only marginally changes something - rewards, hashing algorithms, etc. There's innovative coins that adds things like Proof of Stake, but it does it in their way with flaws. There's cool and innovative but centralized cash ins like Ripple. There's also a spot for a non PoW, non PoS, and non centralization/validators/web of debt/checkpointing coin. FeaturesNo waiting an indeterminable amount of time for your transaction to confirm. No "dedicated miners" - mining is incredibly cheap yet spam proof, and there's no reward/incentive/transaction fee because the barrier to mining is a Raspberry Pi. No transaction fees. You can choose to pay for additional double spend protection. No centralization of any kind! In fact, it's more decentralized than bitcoin because of the practically nonexistent barrier to entry for mining, and the lack of mining pools. Cool and fitting name, awesome four letter domain name.. On the scale of "PayPal", not "Bytecoin". OK - so why is this in services?We need a fluent C++ developer to implement the changes as a fork to bitcoin. It's not complex and the scope of the change is like PPCoin's, but the actual concept is different. Would this help bitcoin?When this is shown to be a better model, Bitcoin can migrate to it after the PoW subsidy drops to zero. Or even now - because you're tired of waiting a hour or sometimes days for bitcoin deposits to confirm, right? So - contact me if you'd like to help ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
|
|
|
|