That should work fine.  Once you install the app you don't even need wifi.  I have an old smartphone I leave on my desk (password protected) to acts as a "token" for about a dozen websites that use 2FA.  Install the google authenticator app.  Enable it on MtGox.  MtGox will display a 2D barcode.  In Google authenticator app click menu button (upper right) > Add new site > Scan barcode.  Use phone's camera to scan the barcode.  You are all set.  BTW most sites use 2FA in TOTP mode (time based one time password) mode.  So make sure the time on your smartphone is relatively accurate.

Can you generate a new address and send it privately by PM.  I prefer to preserve as much psuedo-anonymity as possible.

Depends on the attack vector that the attacker is using.  I mean it isn't 2FA.  MtGox could just offer a second password used only for withdrawals, it would be just as (in)secure.  If the attacker doesn't gain access to the 2nd password your safe, and if they do you lose, not really any different than having a code generator on the potentially compromised computer system.   

Do 2FA correctly or don't.  Advocate less and eventually someone is going to get burned.  0-day java exploits, bitcoin specific malware, etc.  Too much to lose, too difficulty to get it back.  So many people want to spend hundreds of hours after the fact playing internet detective (usually with a 0.00% recovery) when a cheap 2FA done properly would prevent them from ever losing anything to begin with.

We shouldn't be advocating for noobs (especially ones who may not fully understand the reduced security) to half-ass security and then wonder why they get robbed.

Understand though that 2FA means TWO FACTORS.  that is two independent systems that to compromise the account BOTH need to be compromised simultaneously.  Having your authenticator on the same computer you login would be like getting two locks for your front door and putting both keys side by side under the mat.

a) get google authenticator on a smartphone
b) get a yubikey
c) have your account compromised and lose potentially tens of thousands of dollars

1 @ 0.100

Well keypool is a great idea, otherwise the first time you send a tx any backup would become obsolete.  Without a keypool (or deterministic wallet) to avoid fund loss would require continually backing up after every single transaction.

The issue isn't the keypool, the "issue" is that the QT wallet shows users some of their addresses and then (for their own good?) hides some of them.  A user seeing they have 100 addresses and seeing their coins sent to one of their 100 addresses is going to be less confused then a user seing they only have 10 addresses (because the QT wallet "helps" by hiding the other 100) and then seeing their funds go to an address "not" in their wallet.

Abstracting information from users is a good design choice.  Even if the unused keys in the keypool are hidden ONCE AN ADDRESS HAS FUNDS it shouldn't be hidden from the user.

i.e. user sends 1 BTC using 10 BTC output, 9 BTC is sent to unused keypool address 123.  As soon as the tx is created address 123 should be added to the list of addresses.  If the developers wants to it could have the word "change" next to it with a "?" for more info.  Hiding addresses which have been sent funds is just a recipe for fund loss.

High end case, expensive processor, lots of ram, Windows 7, SSD?  None of that does anything but waste money.

With ASICs being shipped only a fool would be investing in GPU rigs ... but if one does buy a GPU rig other than quality PSU, and GPUs themselves everything else should be as cheap as humanly possible to maximize efficiency (MH/$).   Your $1.75 per MH is horrible.  Downright guarantees anyone buying it will never come close to breaking even.

Sorry PayPal will not be available until Wednesday (04/24).  The volatility of the prior week really impacted our cashflow.  Things are starting to get back to normal but moving fiat is always painfully slow.  Sadly neither PayPal nor Dwolla accept bank wires so they tend to lag behind after any disruption.

Exactly in the "betamax" analogy most bitcoin enterprises are in a position similar to content companies.  If Bitcoin succeeds then they are successful as well.  If a superior cryptocurrency replaces Bitcoin they have the potential to take lessons learned (processes, software codebase, fraud prevention, financial partners) and leverage the new system.  Even Sony (major backer of Betamax) was immensely profitable once they embraced VHS fully.

Yes PayPal is that "dumb" (it actually isn't dumb.)  PayPal doesn't give a crap if you lose money.  Investigating hard to prove disputes is costly.  The time to investigate it is worth more than their 2% fee.   They aren't in the business of losing money.


Nope read the PayPal TOS.  There is no seller protection for virtual items.  If disputed as "not authorized" PayPal will refund it.  Period.  They won't even ask for screenshots and won't care what "proof" you supply.

Not going to work any better.   "PayPal I don't recognize this purchase for [insert virtual item here] my account must have been hacked".

^ The account actually could be hacked as the "buyer" is using a stolen paypal account OR it could be the buyer just lying to PayPal about their account being hacked.

PayPal response to you will be ... there is no seller protection for virtual items, transaction reversed, no appeal possible.

Please ensure the bankwire routing number line is completed on your profile.  If it is send an email with your email address (username) to info@tangiblecryptography.com.

If you are going to whine at least get the facts right.  Since March 1st there have been 7,392 blocks producing 184,800 new BTC.  The Bitcoin money supply is growing at roughly a 12% annual rate (12% monetary inflation).



[/quote]

It would depend on what is on the books first.

If there is a sell x @ 100 order on the books (i.e. part of market depth) and you place a buy x @ 110 the trade will execute 100.
If there is a buy x @ 110 order on the books (i.e. part of market depth) and you place a sell x @ 100 the trade will execute 110.

I don't think these attacks have anything to do with destroying Bitcoin.  MtGox infrastructure has proven to be very vulnerable and the effect on price very reliable.  When you attack price goes down and then recovers later.

When the price is $120 - $130 if you could buy coins for $100 instead would you?  If you could then sell them in a week for $130 and then buy more at $100 would you?  Would you do it once only or maybe do it every week?  Some people see theses attacks as a way to make a 30% return on capital a week.  It has worked over and over and over.  Why would they stop?  Hint: they won't until it stops working.

which is why I prefer millicoins. 

I mean at $0.12 per millicoin I can't see how people think they are too expensive*


*As if the nominal value really matters.

You just got goxxed.  MtGox has been offline for 2+ hours now.

Found it:
https://bitcoil.co.il/Doublespend.pdf

If we assume the attacker will have no more than 20% of network hashpower then 3 confirms is sufficient to protect a transaction of up to 763 BTC (~$95,000).

There are times when 6 (or even more) confirmations are necessary however I think at this point the 6-confirms have evolved into religious dogma.  I (personally) had a seller unwilling to transfer a steam game ($5 value) until it had 6 confirms.  For me to even attempt a 1-confirm reversal with say 10% of the network hashing power would have cost me ~$48,000.  That means even if the steam game was $48,000 in the long run I would only break even trying to double spend all 1-confirm attempts.

Of course the 6 confirm "dogma" leads to the "bitcoin is too slow" dogma because everyone "knows" you can't sell a $0.99 candybar without 6 confirms and 6 confirms takes on average 60 minutes (and occasionally could take 2+ hours).

Its not a stupid question.  A miner who can produce a double spend block can also potentially just produce a "legit" block.  25 BTC * $120 = ~$3,000 per block.  There is a real COST for a miner to attempt (with <51% of hashpower) to extend an alternate chain.  The risk is that the rest of the network builds a longer chain and not only does the miner not successfully double spend any blocks produced in the attempt become worthless as orphans.

That cost is what gives the network security.  That cost also means that waiting 6 confirms before transfering a $20 game about as silly as keeping a 1 oz gold bullion in a $50,000 safe guarded 24/7 by fully armed security detail. 

Once again there is no one size fits all.  If you are selling $20 steam games 1 confirm is likely plenty.  An attacker is taking a significant risk attempting to double spend, the risk is in potentially orphaned blocks.  Blocks have economic value and someone with TH/s of computing power has real costs.  The benefit of a double spend ($20 game stolen) is outweighed by the cost of failing (orphaned blocks worth $3,000 each).