Hello, Bitfinex provides lot of functionality, but there are few things i'm not sure I understand. what exactly these order types mean? (Limit, Market, Stop, Trailing stop, Fill or Kill) where can I read more on these, any guides? or can someone explain? also if you guys could recommend good modern book on trading I'd be very happy  Regards There you go: http://en.wikipedia.org/wiki/Order_%28exchange%29But I don't wanna be a party-pooper --> If you don't know the basics, you will get killed on trading with professionals. Bitfinex is providing services to professional forex/stock traders and they know exactely what they do. If you try to have an edge trading against them, you will have a bad time. (Sorry) I've turned my 2.5 BTC to 4 since you've answered to my post. I guess I need to learn more about this stuff. I like it  You will eventually lose everything! Well, at least there's a good chance for the average user to lose a position at some point. The secret is to calculate that in, and not have *all* in one position. It happened several times before that the exchange rate drops by 80%. I don't want to sound too much like a teacher here, as I have too much at stake too, was too close to being liquidated too, and in my history of Bitcoin speculation lost my share as well. It's all that old greed'n'fear game, eh? Nevertheless: Congratulations on your success! :-) Ente |
|
|
|
Hah. It wasn't so much "maybe later, leave us alone", but more like: "yes! when this reaches high priority, this is exactly what we're going to do!" The answer to this is: new wallet format is highest priority, especially now that we have all the multi-sig hooks in place. And we fixed the RAM issues... and we have resources to handle other things! To address your points directly: we will have support for both compressed and uncompressed. Along with the ability to migrate old wallets. Compressed will be default, but have the capability to handle uncompressed. Standard usermode, will by default, derive all wallets from the same seed, thus requiring one backup per user, not per wallet. But in Adv and Expert, you will have the option to create different seeds which spawn wallets with different backups, encryption passwords and security profiles. This is exceptionally important when it comes to offline wallets and multi-sig, having this flexibility. The new wallet format will also have a much-more-flexible encryption scheme. It will allow for arbitrary data to be stored from set of different encryption and key-stretching options. It would technically allow the user to do very complex things, though none of those complexities will be default. But it allows us to build cool things into it -- like the ability to encrypt comments&labels with your publickey&chaincode, thus all your watching-only wallets can decrypt the data, and thus that data can be backed up and synchronized between devices (as long as you don't store the WO wallet with it!) Or multiple people in an organization can easily synchonize meta-data just by having the WO wallet. There's a lot of cool things we can do with it. This only scratches the surface Stay tuned! --- P.S. - When I said this was high-priority, it was originally because we were really anxious to get some multi-sig features implemented, and we thought that we would have to wait for the new wallet format to do it. With the availability of lockboxes right now we are actually going to prioritize that first, and then work on the new wallet which will provide much more flexible multi-sig. Because, we want to take our time with the new wallets, and if there's already a usable multi-sig solution out there, then we won't be as rushed. Oh my gosh! That sounds fabulous! :-) "Stay tuned"? I feel like shortly before christmas here! Oh boy oh boy! I really am happy with all that! :-) Ente |
|
|
|
|
..good question..
Imagining a custom malware which only attacks linux and Armory, and your online computer is infected, I am not sure how secure we are.
The attacker needs to find an exploit for the offline computer. If he has an exploit to run his code, he can use it via USB, audio, QR, or whatever other clever way you use to move the unsigned data to the offline computer.
So, as I guess, it's just playing "which way is less likely to have a bug or exploit, audio, QR, USB?".
As long as the transferred data can't be verified by the user by eye or ear, we can't be sure there's no malicious data in it, and have to blindly rely on the offline computer having no security hole?
What do you people think?
Ente
|
|
|
|
Ok, I just crapped my pants - I won't be using --satoshi-port=9150 anymore, I think you are right and I was connecting to an outside node (while I had massive disconnections, synch and balances were OK all the time, so Armory wasn't in "offline" mode but connected to a node).
..good thing all blocks are cryptographically signed and will be verified locally, right? :-) Ente Armory doesnt verify the blocks it reads, it trusts Bitcoin Core to do that. Ill let you imagine how nasty that can get when an attacker gets to connect to your instance of Armory as its "good" node. Oopsie..  Got it work in a somewhat acceptable setting.
This is my bitcoin.conf:
proxy=127.0.0.1:9050
listen=1
port=8331
My Tor is set to run its proxy on 9050 by default.
8331 is a port I chose for Armory to connect to. Armory has to run with the --satoshi-port=8331 switch.
In my firewall, I added a rule to block all network traffic to port 8331. This way only localhost can connect to a socket listening on that port. This seems to work fine. Observing bitcoin, it only connects to nodes through the Tor proxy besides Armory, locally.
Thank you! I too will eventually play with bitcoin, Armory and TOR. Since we are at it already: It shouldn't make any problems to have one bitcoin-core listen/connect to both TOR and clearnet, through two ports, at the same time? It would be some kind of bitcoin clearnet-TOR gateway that way I imagine.. Ente |
|
|
|
|
I want Armory to be in Debian repos!
However..
- It only makes sense when all dependencies are there too. Especially bitcoin-core, which isn't there as far as I know.
- bitcoin-core and Armory would have to be updated in the repo quickly when an update is available. Noone wants outdated nodes out there, vulnerable to the latest bitcoin-stealing bug which is already updated and publically known..
- It would have to be in the regular, stable repo. At least at some point. People who mess with "unstable" or "backports" won't have problems installing Armory the regular way. I, at least, would rather stick to the regular way.
I don't know if those points can be solved any time soon.
To help out, I'll double the (still unknown) bounty you started. At least within reasonable limits and if the outcome seems worthwile.
Ente
|
|
|
|
|
Dear Armory devs,
(I take great pleasure in seeing you devs are too many to address individually now!)
any news on the new wallet format?
I have two requests in mind:
1) It would be great to have support for both "uncompressed" and "compressed" addresses and private keys. As it is now, I can't export my compressed privkeys from my android Schildbach wallet to Armory (as a backup, for watching transactions and having quick access).
2) The new deterministic wallet "standard" defines a tree, where each branch can be an address or another fork (which then has more branches, addresses, or a whole new "tree").
Right now I have several wallets in Armory, for security, privacy and accounting reasons.
I would absolutely *love* it to have one meta-wallet-tree (with one file, one seed and one backup), and have the GUI seperate this into several "wallets" the way I have it now.
Important would be that no inputs/outputs are mixed in between the "wallets". Also, we would need some clever way to have different passwords for the "wallets" and support for mixed online and offline "wallets" in one meta-wallet-tree.
This would be a killer feature for me, I'll gladly do a bounty for this if it helps.
I suggested this like half a year ago, back then it was "interesting, maybe later".
What do you think?
What can I do to make this happen?
Ente
|
|
|
|
|
I'm in!
As one of my next projects I'll play with a Raspberry Pi, Armory, and some additional hardware pieces to build a secure, convenient Armory offline signer.
I'll make it all public and open source. And I have some vision of making this an "Armory corp" product :-)
Ente
|
|
|
|
Ok, I just crapped my pants - I won't be using --satoshi-port=9150 anymore, I think you are right and I was connecting to an outside node (while I had massive disconnections, synch and balances were OK all the time, so Armory wasn't in "offline" mode but connected to a node).
..good thing all blocks are cryptographically signed and will be verified locally, right? :-) Ente |
|
|
|
|
Yep, had this discussion twice in the last days.
Thanks Mark.
Oh, and those discussions might even be tougher with females ;-)
Ente
|
|
|
|
First of all, my apologies if I'm going the wrong route for this type of question. I realize the development team has a very full plate with development and responding to threads such as this. If proper protocol is to plug this into an issue / suggesting tracking system, I would be happy to do so - I just didn't see one in my looking around.
I also didn't see the answer to this question anywhere else. I saw some mention of it from a year ago where it was a single line change in the python code but this question reaches beyond that, I think. Let me describe my scenario:
Let's say I am dealing with many machines (for the sake of conversation, let's say 2 desktops, 2 laptops, and an offline machine I use for Armory cold storage - all with various OS's). I would like to be able to have a master machine that is responsible for downloading the blockchain and maintaining it for the rest of the machines (especially the laptops since they have limited storage on SSDs). Is there a way to accomplish this? Ideally I would set up Desktop A as the main client that is on all the time and downloads the blockchain. The rest of the machines would use that copy of the blockchain, ideally. I don't necessarily care if the Armory DB is locally stored (for instance having it on a NAS or something on the same network). It would still be a lot less storage overhead than I'm currently dealing with.
Thanks in advance.
Yes, it's been asked before, but it's not implemented yet. The closest you can get to that is to either - have one machine with a regular "online" Bitcoin node, connected to the internet - have all other local clients connect to that "online" node only, with two full blockchains on every node still - use a different, light client, like electrum for example. You could even set up your own electrum server on one computer, as I understand it The general problem, I believe, is that several computers accessing and writing to the same (blockchain-)database will immediately corrupt it, if no precautions are made. So this feature would need a lot of changes under the hood. And probably has a somewhat low demand, for that much effort, compared to other features.. I'm in your boat here. And I run a local "always on" node, where all other nodes connect to when they run, from time to time. Ente |
|
|
|
Check out the Bitcoin Firesafe. It's a chunk of Aluminum or Stainless Steel with a QR Code of your BIP-38 encrypted key engraved into it... so the manufacturer can't have access to your funds, and the instrument is 2-factor secure... i.e. if it is ever stolen from you, it is still useless without the password. If you can remember the password used to encrypt the private key, who not just make the private key the SHA256 hash of the password? Then there's no need to store anything. True. With the BIP0038 approach, you have both more risk (you can lose the QR code) and more security ("2 factor"). Also, the passphrase for a direct SHA256 output needs to be *very* secure, as there are already many automated brainwallet harvester out there. I don't want to imagine how much hashingpower they are throwing at this. Your brainwallet is attacked since the instant it exists. On the other hand, BIP0038 passwords are much more difficult to calculate or to brute-force. Also, attacking your individual QR wallet can only start when someone learned the QR code. Which, normally, you will notice, with enough time to sweep it. For this, I would recommend to cover the QR code. It's no good idea to let everyone know "hey, I spent a lot of time and money on securing my bitcoins, and here they are!". And with the QR code visible on your keychain, it's too easy for others to scan it. Glue a picture of your significant other on it: - Noone will steal it - You can honestly say "that's my most precious thing I have!" :-) Ente |
|
|
|
The only chink in the armor seems to be egopay, I'm not too familiar with it, is it possible to remove it as an option or tie it down to my email address as well?
Good idea. Maybe give the option to remove this altogether. Also email-confirmations are a good idea too. How about a second 2Factor for withdrawal? Then you can't reuse the stolen 2Factor used for the ("failed") login, and can even seperate the second 2Factor to another mobilephone. Which you keep at home or something. Ente |
|
|
|
Also wenn ich wählen dürfte, würde ich auf jeden Fall Levin wählen. Der ist intelligent, ein guter Redner und hat aus Prinzip eine tiefe Begeisterung für Bitcoin. Außerdem sieht er mit seinem hochmodernen Vollbart nicht aus wie der Obernerd  Wer steht sonst noch zur Debatte? Es wurden sieben Vorstände gewählt, sechs von natürlichen Personen, einer von den juristischen Personen. Levin wurde gewählt. Die genauen Kandidaten und Stimmanzahlen folgen im Protokoll. *anstupps* Macht mal das Protokoll bis Do fertig, dann erzähle ich ein paar Sätze beim Leipziger Stammtisch! Mein Fazit? Eine sehr angenehme Runde, heterogen und sympatisch. Entscheidend waren, so mein Eindruck, immer die Fakten, und nicht der Übermittler oder persönliche Präferenzen. Bei mehreren Abstimmungen wurde "vernünftiger" gewählt als ich gehofft hätte. Alle Abstimmungen waren mit deutlicher Mehrheit, oft auch einstimmig. Klasse, ich hatte Freude! Ente |
|
|
|
Steel? Engraved? BIP0038? Finally a commercial solution which does it right! Good work! Ente |
|
|
|
war ich so frei schonmal unseren tisch zu reservieren im puschkin Top! :-) is das ok so, oder wollten wir woanders hin dieses mal?
Ich mag das Puschkin, und habe den Eindruck, dass es doch mehr Leute dorthin schaffen als z.B. ins Versteck. Sobald wir mal eine Location finden, die (direkt) Bitcoins akzeptiert..? Ente |
|
|
|
Are there any problems with using a vpn connection instead of a usb ? What are some possible security risks?
If the VPN connection is based on OpenVPN, which uses OpenSSL by default, there would be for example the heartbleed bug, if it is not yet fixed on the machine you use. So windows servers are not affected by this bug. Microsoft uses something called sstp to secure vpn. It totally depends on the software used. But in genertal, the more complex and big a system is, the more points of failure there are. And here, we have two instead of one computer, they both are online, and you have a vpn in between. Enhanced physical security may be worth it, depending on the situation. Nice to know that noone can just break in, grab a computer, and has everything he needs. Edit: The important part is to distinguish two designs: - "security measures in parallel", like a chain where you only have to break the weakest link (break one of the two computers or the VPN) - "security measures in series", like layers where you have to break through all of them (like n-of-m, on paper wallets, encrypted) Besides that, a "safe fallback" is good. "If anything irregular happens, it all shuts down and is fine" (like full hdd encryption for example). Also, consider every single component to be compromised. A million bonus points for designing a setup where every single component may be compromised at the same time, and you still don't lose :-) Ente Ente |
|
|
|
Confirmed. Earlier today, http://filippo.io/Heartbleed/#bitfinex.com said "vulnerable", now says "fixed". I just got a reply from Raphael. They are finished with fixing their servers. For now, all withdrawals are on hold. They are regenerating the ssl keys at this very moment.Thank you, BitFinex team! Ente |
|
|
|
without going into too much detail, my account at Bitfinex was compromised just a few hours ago. my funds are safe due to quick response time on my part, but i am concerned. details of the attack suggest that my password was not known to the attacker, so i'm wondering how they managed to initiate a withdrawal. could this be related? my account was accessed (no 2FA then), my position was closed and hacker tried to run with the btc (3:40 UTC, today)!! Fortunately , the withdrawal verification hindered him from getting the btc out. Where can I solicit the btc wallet he tried to send my btc to ?? Ouch! Thanks for posting this! You should see the destination address in "withdrawals - recently" Ente |
|
|
|
My question is, does all your money in your account get used up for lending immediately? Or does the system only use part of your money depending on the demand? Still trying to wrap my head around the whole process.
Nope, no "auto-lending". You have three wallets in your account, one for one function. You can easily move funds between them. Only funds in the "deposit" wallet can be lent out. And only when you actively create an offer (and someone takes it), or you take an offer to lend out. You are doing absolutely right, learning the ins and outs with a smaller amount first. I recommend this to everyone, unless you really know what you are doing ;-) Ente |
|
|
|
Hello everyone, Thank you for the feature requests, we always evaluate them although we don't add them all unfortunately. On another note, we are happy to present you the result of our first audit on our BTC reserves: https://bitcointalk.org/index.php?topic=560457We would like to perform regularly more such audits, including for our LTC reserves (and why not USD reserves once professional forms jump onto this market). Have a good day Raphael Bitfinex team That's a great step forward, getting even more professional and all! :-) Congrats! Ente |
|
|
|
|
Show Posts
