|
Careful...could be stolen credit cards.
|
|
|
|
|
What genjix is doing is very impressive so far...this could be "the" library.
|
|
|
|
|
I put it on -nolisten and the bitcoin client works. However, I think this will be problem for many users and if I have this issue then many more others may not be able to get their bitcoin client running. I checked my router logs but I don't know enough to debug it. I hope this issue is fixed.
|
|
|
|
|
I was working with another fellow developing an ATM machine. However, things are not going as planned business wise so I am trying to explore my options. I am the sole programmer for the ATM and may open source the software depending on how much interest there is here. The Bitcoin ATM software is almost done. I have been able to put in bills and out comes bitcoins to your bitcoin address!
The reason why I want to opensource the software is because I want it to spread as far as possible. Anyone should be able to set up a bitcoin ATM anywhere. In addition, the team I was working with did not involve me during contract negotiations of the formation of the company so I feel a bit left out and may venture on my own. What do you guys think? I need to make a decision in the next few days.
|
|
|
|
|
Dwolla's arrogance and refusing to acknowledge bitcoin is killing me. The title speaks for itself, "We’ve got some cool communications tools in the works and it’s all because of our customers".
|
|
|
|
He's right. The reason btc.to needs to use HTTPS is to prevent Man In The Middle attacks. Currently. someone could change the return value of http://btc.to/1 from the real address to their own address. That being said we've always planned on adding it, we were just waiting to see if btc.to would get some real traction with users. At this point we feel it has and will be adding HTTPS as well as HSTS soon so no matter how you access it you'll always be protected using HTTPS. We'll also start publishing our entire DB shortly so that people can verify for themselves we aren't manipulating the shortened addresses. Thank you very much for your response. |
|
|
|
|
Seems like they are not cool. They think they are too good for us. They don't mention bitcoin. They talk to us via a press release. Shame on Dwolla.
|
|
|
|
|
If you guys are out there you guys really need to use https instead of just http for your calls. It is not safe without it.
|
|
|
|
So hundreds or thousands of machines will be using the same MtGox account? That doesn't sound pleasant.
You want 1000 accounts for 1000 machines? That sounds even less pleasant. Sorry, but you haven't provided enough detail about what you're doing to offer anything that resembles a solution or even a workaround. Sorry if I sounded off the mark. I guess I just want a solution to not having to supply an incremental nonce. A nonce, in the security world, can even be a unique id, which I can generate no problem using C# guid. Their trading API limits my application which will be distributed, and I am hoping they will make it better. Or, if they can let me know that I can supply a user and pass instead of the key, secret, nonce, and hash of the post then I'll be happy too. Yes, I am kind of vague but I don't think I can talk about the application I am working on yet until it is ready. |
|
|
|
So hundreds or thousands of machines will be using the same MtGox account? That doesn't sound pleasant.
You want 1000 accounts for 1000 machines? That sounds even less pleasant. Sorry, but you haven't provided enough detail about what you're doing to offer anything that resembles a solution or even a workaround. Sorry if I sounded off the mark. I guess I just want a solution to not having to supply an incremental nonce. A nonce, in the security world, can even be a unique id, which I can generate no problem using C# guid. Their trading API limits my application which will be distributed, and I am hoping they will make it better. Or, if they can let me know that I can supply a user and pass instead of the key, secret, and hash of the post then I'll be happy too. Yes, I am kind of vague but I don't think I can talk about the application I am working on yet until it is ready. |
|
|
|
If your worried at all about Mt. Gox.'s security issues, then purchase the yubikey key. It is a device allowing secure identification with a "One Time Password". It is recognized as a USB keyboard by your computer, and touching it with your finger causes it to input a 44 characters long password which is unique and can be used only once. Each time you use it a new password is generated, protecting your account even if someone has access to your computer. Awesome Technology. Oh and it's only 29.99 and you can even pay with Bitcoin!
This has nothing to do with my question but thanks for the tip. I do have a Yubikey. |
|
|
|
So hundreds or thousands of machines will be using the same MtGox account? That doesn't sound pleasant.
You want 1000 accounts for 1000 machines? That sounds even less pleasant. |
|
|
|
|
In the trading API you have to specify a "nonce" parameter of an increasing integer value. This is fine for non-distributed apps. However, we are developing a distributed app that could be deployed to hundreds or thousands of machines. This nonce value will be harder to increment in synchronization since normally it is based on a computer's clock. If two transactions were happening at near the same time, it is possible a late request might arrive before the earlier request due to the unpredictable nature of the Internet. Is it possible to supply a unique identifier for the nonce instead of an increasing value?
The other solution would be to supply a username and password but I don't know how long this will be supported.
Thanks.
|
|
|
|
|
Thank you. I got it working without the username and password. Awesome. PM me about your service.
|
|
|
|
Thanks for that!  I'll have to take a look at it tonight after work. I noticed there was a method in there "EncodeParamsToSecret( parameters );" that was not in the code you posted. You don't mind posting that method do you (without the key and secret of course.) |
|
|
|
Anyways, here is my C# code which I don't think is working. I get "{"error":"Must be logged in"}" A little help anyone? Console.Out.WriteLine("Making withdraw request to Mt. Gox...");
HttpWebRequest request =
(HttpWebRequest)WebRequest.Create("https://mtgox.com/api/0/withdraw.php");
request.Method = WebRequestMethods.Http.Post;
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705;)";
String btcAddr = mainForm.getSendToBitcoinAddress();
String btcAmount = .01;
String nonce = DateTime.UtcNow.Millisecond.ToString();
Console.Out.WriteLine("nonce: " + nonce);
string postData = "group1=BTC&btca=" + btcAddr + "&amount="
+ btcAmount + "&nonce=" + nonce;
String key = "xxxxxxxxxxxxxxxxxxx";
String keySecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
byte[] keyByte = Convert.FromBase64String(keySecret);
HMACSHA512 hmacsha512 = new HMACSHA512(keyByte);
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] messageBytes = encoding.GetBytes(postData);
byte[] hashmessage = hmacsha512.ComputeHash(messageBytes);
String base64SignedPostData = Convert.ToBase64String(hashmessage);
request.Headers.Add("Rest-Key", key);
request.Headers.Add("Rest-Sign", base64SignedPostData);
byte[] byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
Stream dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
WebResponse response = request.GetResponse();
Console.WriteLine(((HttpWebResponse)response).StatusDescription);
dataStream = response.GetResponseStream();
StreamReader reader = new StreamReader(dataStream);
string responseFromServer = reader.ReadToEnd();
Console.WriteLine(responseFromServer);
//Clean up the streams.
reader.Close();
dataStream.Close();
response.Close();
|
|
|
|
Interesting bot. I don't know why but I had to add 'user' and 'pass' to get mine to work in addition to supplying the api key and the secret key. What I am doing still works though but I am afraid that I am doing it the wrong way. |
|
|
|
|
Ok, I got a little further. I am not using CURL. I am using C#.
This answer is not even in the documentation or wiki. I found it in another post. I added user=xxx&pass=xxx to the POST data and it worked.
|
|
|
|
|
I am trying to convert the Mt. Gox code to C# and I am getting
OK
{"error":"Must be logged in"}
Not sure what to do next...any ideas?
|
|
|
|
|
Show Posts
