That makes sense. I have an android phone that only works with wifi but it should work. I'm going to try it tonight.
That should work fine. Once you install the app you don't even need wifi. I have an old smartphone I leave on my desk (password protected) to acts as a "token" for about a dozen websites that use 2FA. Install the google authenticator app. Enable it on MtGox. MtGox will display a 2D barcode. In Google authenticator app click menu button (upper right) > Add new site > Scan barcode. Use phone's camera to scan the barcode. You are all set. BTW most sites use 2FA in TOTP mode (time based one time password) mode. So make sure the time on your smartphone is relatively accurate.
|
|
|
Winning bids
logicbomb666 1 @ 0.105 1Hq8hGQKX243ZiDrV6cUpVd2KEbjLG1vw7
DeathAndTaxes 1 @ 0.100 1B2GhS5b9f9kWYqDr2zCsRiybbkGs7uiGK
Thanks for all the bids!
Can you generate a new address and send it privately by PM. I prefer to preserve as much psuedo-anonymity as possible.
|
|
|
Depends on the attack vector that the attacker is using. I mean it isn't 2FA. MtGox could just offer a second password used only for withdrawals, it would be just as (in)secure. If the attacker doesn't gain access to the 2nd password your safe, and if they do you lose, not really any different than having a code generator on the potentially compromised computer system.
Do 2FA correctly or don't. Advocate less and eventually someone is going to get burned. 0-day java exploits, bitcoin specific malware, etc. Too much to lose, too difficulty to get it back. So many people want to spend hundreds of hours after the fact playing internet detective (usually with a 0.00% recovery) when a cheap 2FA done properly would prevent them from ever losing anything to begin with.
We shouldn't be advocating for noobs (especially ones who may not fully understand the reduced security) to half-ass security and then wonder why they get robbed.
|
|
|
I don't have a smart phone but I see there may be something similar for windows or for html. Maybe I will have to go with that. I need to get a smartphone but haven't had time to figure that out.
Understand though that 2FA means TWO FACTORS. that is two independent systems that to compromise the account BOTH need to be compromised simultaneously. Having your authenticator on the same computer you login would be like getting two locks for your front door and putting both keys side by side under the mat. a) get google authenticator on a smartphone b) get a yubikey c) have your account compromised and lose potentially tens of thousands of dollars
|
|
|
Well keypool is a great idea, otherwise the first time you send a tx any backup would become obsolete. Without a keypool (or deterministic wallet) to avoid fund loss would require continually backing up after every single transaction.
The issue isn't the keypool, the "issue" is that the QT wallet shows users some of their addresses and then (for their own good?) hides some of them. A user seeing they have 100 addresses and seeing their coins sent to one of their 100 addresses is going to be less confused then a user seing they only have 10 addresses (because the QT wallet "helps" by hiding the other 100) and then seeing their funds go to an address "not" in their wallet.
Abstracting information from users is a good design choice. Even if the unused keys in the keypool are hidden ONCE AN ADDRESS HAS FUNDS it shouldn't be hidden from the user.
i.e. user sends 1 BTC using 10 BTC output, 9 BTC is sent to unused keypool address 123. As soon as the tx is created address 123 should be added to the list of addresses. If the developers wants to it could have the word "change" next to it with a "?" for more info. Hiding addresses which have been sent funds is just a recipe for fund loss.
|
|
|
High end case, expensive processor, lots of ram, Windows 7, SSD? None of that does anything but waste money.
With ASICs being shipped only a fool would be investing in GPU rigs ... but if one does buy a GPU rig other than quality PSU, and GPUs themselves everything else should be as cheap as humanly possible to maximize efficiency (MH/$). Your $1.75 per MH is horrible. Downright guarantees anyone buying it will never come close to breaking even.
|
|
|
Any word on PayPal funds?
Sorry PayPal will not be available until Wednesday (04/24). The volatility of the prior week really impacted our cashflow. Things are starting to get back to normal but moving fiat is always painfully slow. Sadly neither PayPal nor Dwolla accept bank wires so they tend to lag behind after any disruption.
|
|
|
Hence all of their "betamax" comparisons do look rather stupid. Especially for a magazine which supposedly knows the subtle difference between digital and tangible goods.
Exactly in the "betamax" analogy most bitcoin enterprises are in a position similar to content companies. If Bitcoin succeeds then they are successful as well. If a superior cryptocurrency replaces Bitcoin they have the potential to take lessons learned (processes, software codebase, fraud prevention, financial partners) and leverage the new system. Even Sony (major backer of Betamax) was immensely profitable once they embraced VHS fully.
|
|
|
Also, if this is the case, what happen to those people who usually buy virtual items or gold from chinese farmer? they coulda say the same shyit to paypal? is it paypal really that dumb and easy to give people refund??
Yes PayPal is that "dumb" (it actually isn't dumb.) PayPal doesn't give a crap if you lose money. Investigating hard to prove disputes is costly. The time to investigate it is worth more than their 2% fee. They aren't in the business of losing money. i bet paypal will ask the corresponding seller about the complain first right? and the seller can present paypal about the screenshot of the conversation?? for some weird reason, ive never heard about this uproar about reversible/refund to paypal in MMORPG ecosystem.
Nope read the PayPal TOS. There is no seller protection for virtual items. If disputed as "not authorized" PayPal will refund it. Period. They won't even ask for screenshots and won't care what "proof" you supply.
|
|
|
Not going to work any better. "PayPal I don't recognize this purchase for [insert virtual item here] my account must have been hacked".
^ The account actually could be hacked as the "buyer" is using a stolen paypal account OR it could be the buyer just lying to PayPal about their account being hacked.
PayPal response to you will be ... there is no seller protection for virtual items, transaction reversed, no appeal possible.
|
|
|
Hello,
I am trying to sell some bitcoins to you for a bank wire. When I select the bank wire option, it says in red, "This option is not enabled. You need to update your profile." I already have my bank account number and routing number in there, so I am not sure what else you need. I added my mailing address too. Is this just an error caused by the fact that my ACH and bank wire numbers are the same? Thank you.
Please ensure the bankwire routing number line is completed on your profile. If it is send an email with your email address (username) to info@tangiblecryptography.com.
|
|
|
Bitcoin got real public attention in early March. At that point 11 million coins were produced by a very small community. Since then only 7000 new coins has been created If you are going to whine at least get the facts right. Since March 1st there have been 7,392 blocks producing 184,800 new BTC. The Bitcoin money supply is growing at roughly a 12% annual rate (12% monetary inflation). [/quote]
|
|
|
It would depend on what is on the books first.
If there is a sell x @ 100 order on the books (i.e. part of market depth) and you place a buy x @ 110 the trade will execute 100. If there is a buy x @ 110 order on the books (i.e. part of market depth) and you place a sell x @ 100 the trade will execute 110.
|
|
|
Maybe they are just using the attack to make a profit.
That's quite an obvious thing. For those lacking any kind of morale, that way of trying to make money makes sense, naturally. But my main question was: Those wanting to hurt Bitcoin, will they stop at only Ddos attacks ? Without sounding like a conspiracy-theorist, it makes sense to attack something you want to hurt from several angles, no ? I don't think these attacks have anything to do with destroying Bitcoin. MtGox infrastructure has proven to be very vulnerable and the effect on price very reliable. When you attack price goes down and then recovers later. When the price is $120 - $130 if you could buy coins for $100 instead would you? If you could then sell them in a week for $130 and then buy more at $100 would you? Would you do it once only or maybe do it every week? Some people see theses attacks as a way to make a 30% return on capital a week. It has worked over and over and over. Why would they stop? Hint: they won't until it stops working.
|
|
|
10 = 1 Gigoshi 1 = 1 Bitcoin 0.01 = 1 Megoshi 0.00001 = 1 Kiloshi 0.000001 = 1 Hectoshi 0.0000001 = 1 Decoshi 0.00000001= 1 Satoshi
Suddenly, I feel like I am inside a Nintendo game... which is why I prefer millicoins. I mean at $0.12 per millicoin I can't see how people think they are too expensive* *As if the nominal value really matters.
|
|
|
You just got goxxed. MtGox has been offline for 2+ hours now.
|
|
|
Found it: https://bitcoil.co.il/Doublespend.pdfIf we assume the attacker will have no more than 20% of network hashpower then 3 confirms is sufficient to protect a transaction of up to 763 BTC (~$95,000). There are times when 6 (or even more) confirmations are necessary however I think at this point the 6-confirms have evolved into religious dogma. I (personally) had a seller unwilling to transfer a steam game ($5 value) until it had 6 confirms. For me to even attempt a 1-confirm reversal with say 10% of the network hashing power would have cost me ~$48,000. That means even if the steam game was $48,000 in the long run I would only break even trying to double spend all 1-confirm attempts. Of course the 6 confirm "dogma" leads to the "bitcoin is too slow" dogma because everyone "knows" you can't sell a $0.99 candybar without 6 confirms and 6 confirms takes on average 60 minutes (and occasionally could take 2+ hours).
|
|
|
... (orphaned blocks worth $3,000 each).
Stupid question. How did you assign the $3,000 value to an orphaned block? Its not a stupid question. A miner who can produce a double spend block can also potentially just produce a "legit" block. 25 BTC * $120 = ~$3,000 per block. There is a real COST for a miner to attempt (with <51% of hashpower) to extend an alternate chain. The risk is that the rest of the network builds a longer chain and not only does the miner not successfully double spend any blocks produced in the attempt become worthless as orphans. That cost is what gives the network security. That cost also means that waiting 6 confirms before transfering a $20 game about as silly as keeping a 1 oz gold bullion in a $50,000 safe guarded 24/7 by fully armed security detail.
|
|
|
Only one confirmation is risky. Cryptocurrency, being a peer-to-peer supported commodity, has to have more than 1 valid opinion in order to be accepted network-wide. And 6 confirmations isn't that long IMO.
Once again there is no one size fits all. If you are selling $20 steam games 1 confirm is likely plenty. An attacker is taking a significant risk attempting to double spend, the risk is in potentially orphaned blocks. Blocks have economic value and someone with TH/s of computing power has real costs. The benefit of a double spend ($20 game stolen) is outweighed by the cost of failing (orphaned blocks worth $3,000 each).
|
|
|
|