Well, here the situation is different. The "core development team" has full access to the code base and is actively moving the target because they disagree with the "new brooms". Do you understand the difference?
Until 'M' tells me different or 'Q' proves it in second degree predicate logic as a formal theorem I'll let them worry about why our 'Cousins' might prefer we move a little slower.(*) (*) Heck Maybe I might even sleep, I hear one should do so at least once a week whether one needs to or not. -MarkM- |
|
|
|
the GUI is really in need
This is the PHP GUI we're talking about, right? The one the big fishies from the financial sector want to plug an embeddable module into instead of using RPC to talk JSON in? Have you seen the PHP one whoozit(*) was showing in some other thread? So far "John Smith"(**)'s -qt GUI has been looking pretty good, what exactly do the way-awesome professional armchair^H^H^H^H^H^H^H^too busy doing real work to help out designers say is wrong with it, exactly?(***) (*) Not their real forum-alias last time I checked. (**) Their real forum-alias, last time I checked. (***) Or are we talking about the guy designing the "safebit" GUI? -MarkM- |
|
|
|
Care to be more specific? What would those problems be?
This isn't secret at all, they are in broad agreement with the goals of libbitcoin: 1) sensible modulatization and abstraction layers 2) make the engine embeddable in other projects, eg. PHP engines 3) byte-endian cleanness 4) sensible test harness AFAIK the "core development team" only agrees that (4) is a valid goal. I just wanted to add that I'm not representing any "big fish(es)", I'm just a "pilot fish". 1) I wasn't aware that JSON is not sensible. Thanks for the heads-up.(*) 2) C/C++ isn't embeddable in PHP engines? Holy something, thanks again for another major heads-up.(**) 3) Yeah I had just started to encounter mentions of that earlier this wakeperiod. 4) Far out, some other codemonkey gets stuck with that drudgery, nice. (*) The other port? What other port? Hush, I don't want to think about that. Its not something PHP needs to know. (**) When the heck did that happen? What the heck is PHP itself written in nowadays? -MarkM- |
|
|
|
Tah-dah! Enter DeVCoin! The "big fish" of DeVCoin have millions of DeVCoins, they are developers, and the mining rewards are rigged in their(*) favour instead of in favour of miners(**)! The thot plickens!  -MarkM- (*) Them: "developers". Of open source software, hardware, literature, firmware, etc etc etc... (**) "Miners": typically owners of closed-source capital equipment "means of production"? |
|
|
|
|
Output values are set by scripts.
For example there are scripts that will not output their coins to another address/transaction unless/until a transaction that signs them runs the script.
Such transactions thus either output no coins (signature was wrong) or the programmed output value the script exists to to "output in the case the signature is correct".
Scripts can also set the output values of multi-output scripts. For example suppose there exists a transaction with 100 outputs, each of which will be zero in the case of a wrong signature, 0.01 BTC in the event of a correct signature.
Transactions can be constructed setting the output of that multi-output script to this new transaction we are constructing to anywhere from 0.0 to 1.0 BTC, even (by using the magic of so called "change") in denominations that are not exact multiples of 0.1. BTC.
So it comes down to how much you wish to output and whether you provide the keys that enable obtaining that amount of output at that time.
-MarkM-
|
|
|
|
|
Plus the so called "internet" is just some Defense Advanced Research Project agency some old geezers built into some stupid chip inside smartphones anyway, so what's the big deal about the so called internet, think real world, real people buying real things by commanding those stupid genies or whatever that the old geezers claim to have trapped inside some magic etching inside the phone someplace.
-MarkM-
|
|
|
|
But tux could improve this retrieve password via email function to include
something only the user would know and that bit of info would never be sent via email for an attacker to find in the user's inbox.
Just copy what other websites do that seems reasonable.
Markm seems to be reasonable in his understanding of this situation.
Copy not what insured, cover losses up to a specified amount, reverse transactions any time in the next 90 or even 180 days sites do; such sites might invest more in making everything right than in preventing it from going wrong even, maybe. Rather, copy what MI5, MI6, the CIA, the Mossad et al do or something: sites that rely highly upon prevention because, unfortunately, "resurrection" / "raise dead" is not yet as reliable as on some editions of the Enterprise, let alone some editions of some religious texts. Or at very least, walk through what e-gold, pecunix, (haven't walked through Liberty Reserve, is theirs any good?) etc do and if improving them would lose some customers due to inconveniencing them let them opt out, at their own liability, of such parts as they consider inconvenient and you do not consider essential to not getting a reputation for callously disregarding the safety / security of your customers, lulling them into false senses of security, setting them up for a fall, etc etc etc. -MarkM- |
|
|
|
|
So if I were 007, I might want to make darn sure both 'M' and 'Q' were fully on board with the rollout timetable so I could take care of any minor glitches along the lines my license might suit me to apply myself with due diligence to, in due time to keep the timetable from resulting in any more undesired collateral damage than glitches falling into such a category might insist upon absolutely requiring.
Even if I were not 007, I might sometimes wish simplemachines (and phpBB too if it too doesn't do it) would tooltip internal URLs such as thread and post URLs so I don't have to force firefox through the seemingly excruciating labour of dredging up enough resources to fire up yet another tab or window and actually display its contents just so I can better divine what that missing tooltip would've told me had it existed.
-MarkM- (tl;dr Anonymity: not a toy?)
|
|
|
|
Say HI to address collisions. Only if two people use the same passphrase. '123456' is pretty common  Sure, but good luck grabbing a large number of coins out of that one's resulting address, what is its average time until next checked for coins by rainbow corp or whoever does the rainbow stuff? -MarkM- Edit so anyway, obviously we need to use "123456" (or whatever we manage to memorise as our hash type cypher passphrase) to generate a table of 256 distinct hash routines, so that our hash type selection phrase's hash can be used to look up hash routines to use to hash our actual phrase. Thus forcing users to use 123456 three times in a row, which would result in... |
|
|
|
...becasue if you want to fund your account through Euro Bank Transfer, it says: "Euro deposits are currently offline until Friday August 5th 2011 in worst case." It's now August 7th 2011 and the message is still there.  They should use a better grade of copywriter, or simply resort to legalese ("it was alleged by one or more banks we consulted that...") -MarkM- |
|
|
|
|
That is totally weird, I thought I had caught all of this thread as it grew but my recollection of change of MtGox password was that like all financial sites (I thought, anyway) trying to do such a thing through email alone didn't work.
I tried it, after the goxification affair. They rejected my attempt to claim the account via email alone despite my reminders of things like my being on the IRC channels and the -otc web of trust and facebook and gmail and yahoo and sourceforge and gosh knows where else. I had to remind them of all that again, suggesting we meet up in IRC where gribble could be mutually consulted, that my provider doesn't change my IP address far outside of a few class C nets, etc etc etc then my retry worked.
They (financial services in general, not just mtGox) know what kind of info about your account goes out in their emails, so they don't do stupid things like "email us the following data about your personal and family history that all your millions of diehard fans plus anyone who can use google and/or grasp the basics of what the wikipedia page about you is trying to broadcast and we'll restore your account, since obviously you and not even your mother know what your mother's maiden name was" kind of crap. I thought. Am I drifting into alternate universes again or has a new wave of security expertise determined that no gmail, hotmail, yahoo etc sysadmin could possibly know any of the info stashed in your email account?
-MarkM-
|
|
|
|
|
Well I got spoiled back in the day, when you could order up hundreds from the NIC on a "pay later if you find them worth keeping, if not no sweat just let the free trial expire" basis, and even when eBay finally happened along I didn't get so much as a bid on the matched set windows.{com,net,org} ... eBay still hasn't paid me the $3.50 they still keep reminding me they owe me for the $3.50 I deposited with them against the chance someone might buy thus that I might owe them for the service of auctioning them off for me...
-MarkM- (Truly, not even a bid of a penny, let alone enough to actually pay the NIC for them at end of trial period!)
|
|
|
|
I know one that uses JSONRPC would be best but there is alot of people that would like to start a bitcoin business but just cant afford to pay for a vps/dedi to host it. The ewallet services are unreliable but a necessity.
If so you might as well host your site on shared hosting run by a shared-bitcoind provider whose shopping-cart interface interfaces to the shared bitcoind. At least such a service might be run by someone who put some work into it, such as actually implementing a shareable bitcoind and a shopping cart interface that interfaces with it. That way you could hope for a little longer grace time before the sheer number even of tiny wallets of very cautious merchants adds up to enough coin they'd figure they have paid off their initial investment and made enough profit to fly by night with all the coins... But hey, what kind of business is the site going to run? Whatever it is could be added to the control panel as one of the applications you can have auto-installed for you, like shopping cart, forum, hosting reseller, drop-shipper-affiliate or whatever you have in mind... -MarkM- P.S. Amazon Affiliate could be a good one, we could hack whichever of the "instant Amazon superstore" scripts beat all the others from way back when in usefulness power functionality etc to accept bitcoins to the wallet and pay Amazon with Amazon points or something maybe, or even just let people pay with Aamzon points or credit card or anything they want, what do we care, we get commission regardless... |
|
|
|
|
So embedded python or curl or wget or ftp right inside our code I guess. If libcurl is tinier than libpython (or however one embeds python) it might be okay I guess, though python is more versatile than curl (and thus a larger attack surface quite possibly/likely...)
I am back to what are those admins thinking? In general putting anything on the https part of a site instead of the http part is counter-indicated in cases where no session nor private data etc is on the page, isn't it? Wholesale slapping of reams of pages that don't need https into the https section is supposedly deprecated nowadays?
(Sourceforge does it because there is login session potential on the pages in the https section, presumably/potentially so the https is called for in their case unless a fully user-provided page happens not to use such features?)
-MarkM-
|
|
|
|
Not a problem! The Republic of Bitcoin's First National Bank of Bitcoin can easily back each and every Bitcoin with up to four bitcoins plus interest of Bitcoin Treasury Notes, so Bitcoins are actually worth four bitcoins plus interest each provided the Bitcoin Citizenry is wise enough and far-sighted enough not to let the politicians talk them out of granting said bank its charter! See the Republic of Bitcoin thread for details! -MarkM- |
|
|
|
|
Fiat backed by bitcoins would be the traditional fractonal reserve banking solution. Ten of us borrow 21,000,000 bitcoins (notionally; we don't need them actually delivered to us as they cancel out in a few short steps, resulting in us paying back the interest-free loan of them so fast there is no time for any interest to accrue on them); print up 21,000,000 bitbills of face value one bitcoin each; deposit 2,100,000 bitbills each into our First National Bank of Bitcoin, use a staggeringly unheard-of-ly high reserve ratio, like huge, vast, entire points (hundredths of a percent) higher than the 10% some of the best banks in the world use, so lets say, at least 11%, heck lets blow the whole banking world's minds with an insanely outrageously high ratio of.... 20% !!!
So the First National Bank of Bitcoin can now offer loans totalling up to 84,000,000, fully fractionally-reserve-backed (hell, more than fully, this is way more than the normal full fractional reserve the world is used to).
So all ten of us borrow 8,400,000 each at the Bitcoin National Reserve Rate, which because we are going to benefactor the entire Bitcoin Nation we'll waive, being as we are the Board of Directors and Major Shareholders, we might as well waive, to encourage us to emmigrate to the Bitcoin nation and perform this massive undertaking for them.
We loan this 84,000,000 to the Bitcoin nation at some trivial rate, only enough to cover a few basic expenses such as buying up all liquidity on the planet including bitcoins, and that only over generations, not right away.
That governmental obligation (to pay the interest on the loan), which of course the government will tax the citizenry to cover, we'll call Bitcoin Treasury Notes, and keep in our digital vaults as reserves so we don't need any actual bitcoins in our reserves, these Bitcoin Treasury Notes are worth four times as much as a paltry 21,000,000 bitcoins (84,000,000 plus interest!) so forget about the bitcoins, we don't need them, as I said at the start they were purely notional...
-MarkM-
|
|
|
|
Might be interesting to see what it would take to get it going as well. (the wx version)
If it is like the -qt version, the changes should all (if I recall correctly; certain very close to all) cosmetic. Meaning places where Bitcoin or bitcoin or BTC occur visibly to the end-user. Even in the -qt I might have missed some due to being paranoid as to which were actually output for the user to see so the user could know which module of which executable was outputting the assert or error message and which were module or template-bundle names or even the possibility that the word might be in the network stream between nodes for all I knew about that stream. I suggest replacing the python call with a call to 'curl -O temporaryName address' , the curl exe is small
enough it could easily be bundled in to any binary distribution at least. Could code it to use libcurl as well
and that would solve the https issue. I am not sure what is in these files that are being fetched?
Only reason to use https would be to be able to ensure the origin source that I can see, and if that
is the reason to use it, it would have to be required that it is always used for it to be effective. Probaly
better to just require the files be signed if that is why ssl is used.
I suggest if the data stream between the tor exit node and the website needs to be encrypted to prevent sniffers from figuring out there is a devcoin node hiding somewhere on the Tor network we should be encrypting the actual network stream between nodes too otherwise the attacker doesn't need to watch the web traffic they can track the actual network connections to figure out who is talking about *coin to which Tor exit node... (So it seems a case of "too little, too late". If it is needed, bitcoin needs it more than devcoin does, we should bounty the getting of it into bitcoin, then worry about whether devcoin admins should force clients to spend CPU on https instead of simply ignoring admins who offer it in favour of admins who publish the receivers list on http.) (Maybe in meantime maybe allow compile option, like US-UPNP we could have USE_PYTHON or USE_CURL with both set to = empty string meaning use neither?) (Or how about admins who want to keep their copies of the receiver files secure put them on Tor sites instead of on the non-Tor non-i2p web at all?) -MarkM- (Plus the whole https thing could simply be fallout from {|parts of} sourceforge being https, oh whoopie so important...) |
|
|
|
|
Don't think the testnet is going to solve that for you either.
The first new blockchains I built I built by only modifying the -testnet sections of the client.
Guess what? Those blockchains don't work if you try to run them using the main sections of the code.
Oh and worse than that, not only did the blockchains not work but also all the "accounts" in the wallets now have zero balances, except the "" account which hopefully might have "inherited" the coins that vanished from the other accounts.
So don't test using -testnet, test using your own whole new non-test net, like GRouPcoin and DeVCoin are doing...
-MarkM-
|
|
|
|
I built it on windows now. The main issue was the use of sleep() in one of the files, which I found really odd since the code already went through the trouble of defining a more portable Sleep() function, so wonder why sleep was used in one of the files instead.
Now, running on windows the use of the python for what just seems to be fetching a url seems to be overkill. I am going
to change that to use curl for now. I am also curious just how sanitized the wx gui code is. Has that been made safe to coexist with bitcoin on the same system or has it not been fully switched over to devcoin? I did noticed it is still using bitcoin irc channels? Shouldn't they be switched?
I had no idea the wxWidgets code duplicated some of the functionality (such as choosing IRC channels) that already existed in the non-GUI core code that it was, as far as I knew, merely a GUI-wrapper / GUI-front-end for. (devcoin-dd-Mon-yyyy.tgz is really so far only devcoind. Instead of actually using wxWidget GUI client we use -qt client as our GUI client.) receiver.h, which contains the offending sleep() function call, is Unknowingbit's code encapsulating most of the receiver stuff that is most of how devcoin differs from bitcoin, and is what we are trying to test. So thanks for finding that. He tried to get rid of python, succeeded, then broke down at the last moment in the face of "some admins might insist on putting their copy of the receivers files on an https server instead of on an http server". (Maybe those admins who wish to do that would like to issue bounties on getting that to work without clunky band aid silliness like calling an external python script or curl application? It is public data, deliberately public, what for do they want to force everyone to spend CPU cycles doing https to get it? It even costs them more CPU too, so who the heck gains what from it?) -MarkM- |
|
|
|
|
Are there any existing businesses already heavily invested in doing background checks that would be willing to permit the results of their check, verifiably being the results of their check (they sign it digitally, for example) to be made public? Maybe even made a matter of "public record" ?
-MarkM- (Why start up a whole competing background check company if one can already buy background checks?)
|
|
|
|
|
Show Posts
