Sorry to bump an old topic, but this site is gone now, and was wondering if there were any still in operation. Just got electrum working and though that would be a great way to do super-anon TXs. You could send a pre-signed TX from any internet cafe or library. |
|
|
|
|
OSX Instructions?
I see some people are running in on mac, but can't get it running on mine.
|
|
|
|
So, just to reiterate, Bitcoiners were meeting right beside DefCon and not going in.
Yeah, it's everyone's own choice and a matter of taste so What is this I don't even
 |
|
|
|
It seems more like a Man-in-the-Middle attack, there would have been sniffing involved in uncovering the secret keys. It is also possible that a simple XSS "Cross-Site-Scripting" vulnerability been involved in revealing the secrets "it could be the account number field  ". Except this API key shouldn't be doing anything that would be overly vulnerable to XSS. MiM is possible, but if LR isn't using HTTPS, or they were not verifying the certificate chain (entirely possible) then someone is an idiot. I often hear man-in-the-middle attacks mentioned, but how do they work exactly? I mean, I know the attacker is able to position himself between the target and whatever server the target is trying to reach, but how on earth does he do this? By poisoning the DNS cache of the target? Or through some other means? I mean, I find it pretty hard to understand how I can connect to a site, and someone can somehow inject himself into the path between me and the site. Generally MiM attacks are only useful on wifi type links for consumer attacks. HOWEVER lets assume that: 1. LR allowed API access over HTTP; and 2. BTCE was stupid enough to use it; and 3. There was a curious party anywhere in the path between them.... If they grabbed a packet capture... happened to know what it was.... and were 'smart' enough to use it then it is possible. However the above scenario is HIGHLY unlikely, to the point I have a better chance of answering my door to find mila kunis there ready to be my sex slave AND my wife being ok with it. |
|
|
|
dogisland
Thanks for responding. Nice site by the way. Very nicely done. You've definitely identified a need. Maybe with some of these tweaks you'd have broader appeal. I think I've had one successful trade there. I'd definitely go back and check it out after some updates.
One thing I did notice was that my Nic on bitcoinary id different than my nic here. And that was confusing to some I talked to. Guys were trying to do deal on both sites and didn't know I was the same guy. Maybe there is a way to include "VERIFIED" Bitcoin Talk and BTC-OTC nics into the platform.
Just a thought.
I agree with this 100% and was thinking the same thing. My thoughts: Signing a random SHA output of something with your -OTC GPG key should suffice for that part. For the forum you could either do a PM, which would be manual, or have them paste in that sha256 output again into their signature then paste in their profile URL, that could be scraped for the value and volia! |
|
|
|
Just got this in an email from BF (it was bulk so it should be going out to everyone): Cash deposits are a very popular, fast, and free way to credit your Bitfloor account and buy bitcoins. To that end, I am pleased to announce the availability of WellsFargo branches as another cash deposit location. You can now use any Chase or WellsFargo branches to make your cash deposits quicker than ever and completely free of charge! More details are available on the deposit page under your account.
Wooo Hoo!!! I know how I am getting my BTC from now on.... I had been using WF for TrustCash/Bitinstant anyway.... no I can actually play with the big boys  |
|
|
|
Yes, bitcoinary is a great idea and implemented fairly well, however there is not a lot of activity on the site and there are a lot of bogus bids from people testing it out. I'm not a big fan of all the social media integration, but when you take VC money that is required because YOU, and and all of your info and connections become the product.
Generally the social media doesn't bother me... but to want to post tweets as me? eh, no thanks. It was supposed to be for identity verification. I think that "post as you" permission is so the bitcoinary API can post "EreBusBat just traded on Biconary!" to the Bitcoinary twitter stream. I use to follow Dwolla on twitter but the only thing in there stream (besides complaints of Support not getting back to people) were their incessant "Paid with Dwolla! tweets every time the dwolla staff bought a cup of coffee or ate a burrito. Exactly... I understand the option, but I should have the option to verify my social media without it barfing all over them. I *dont want to* advertise to the world everytime I buy something. For that reason alone I will not use them. If I didn't have a family i would pull a ZT and compete with them. The concept is not that hard. Did someone say that they actually post these things? I thought adding your accounts was just to verify you're an actual person and get security for people to trade with you as they have one of your social media accounts Hi, founder of bitcoinary here. I didn't realise we were requesting so many permissions from twitter, I'll see if I can request less permissions via the API. To confirm, we do not broadcast to your social network. However I did consider having a checkbox when you created a trade something like "Post this trade to your twitter". Some people might like to use that. I don't have VC money. I am glad to hear you will fix this, I think that this site has real potential moving forward. While I have your attention: given any thought to opening it up to more than bitcoind and being more like the OTC book? i.e.: I want to sell DVDs for x BTC? |
|
|
|
to anyone that isn't yet aware, the delay seems to have stemmed from mtgox's "hot wallet" being temporarily depleted.
mtgox delay -> bst delay -> bitcoinmax delay
Interesting, I hadn't heard. Where was it reported? |
|
|
|
What is the going price for these? I might be interested in setting up a box, depending.
I do not know. I was just going to take offers and if its as good as or better than e-bay I was going to take it. Thanks. Well.... What are they going for on eBay? |
|
|
|
seems like a little bit of panic this week on the part of Pirate... no doubt this is very close to the tipping point.
The question facing Pirate (Bitcoinmax can't really do anything but beg some anonymous guy named pirate to plz pay him each week) each week is:
Will this week's interest payment be < this week's new investments
it's getting extremely close to when it's -EV to keep running.
next week should be fun. What time is it promised by again? I want to get my popcorn ready.
I find it funny that you guys are "trying to warn people" but think it will be funny when they lose everything. |
|
|
|
|
What is the going price for these? I might be interested in setting up a box, depending.
|
|
|
|
Thanks to all of you that came and sorry I couldn't spend more time with everyone. I know a few of you were there and didn't get a chance to meet you.
Here is everyone that showed up.
We will do it again!!!
Are you the 3rd one from the right? That was my guess as well based on the OTC picture. If you can't ID pirate, goat, or giga then you shouldn't be playin' this game. The question is... who is 'not pirate' there is some intrigue there... even from pirate himself. |
|
|
|
Yes, bitcoinary is a great idea and implemented fairly well, however there is not a lot of activity on the site and there are a lot of bogus bids from people testing it out. I'm not a big fan of all the social media integration, but when you take VC money that is required because YOU, and and all of your info and connections become the product.
Generally the social media doesn't bother me... but to want to post tweets as me? eh, no thanks. It was supposed to be for identity verification. I think that "post as you" permission is so the bitcoinary API can post "EreBusBat just traded on Biconary!" to the Bitcoinary twitter stream. I use to follow Dwolla on twitter but the only thing in there stream (besides complaints of Support not getting back to people) were their incessant "Paid with Dwolla! tweets every time the dwolla staff bought a cup of coffee or ate a burrito. Exactly... I understand the option, but I should have the option to verify my social media without it barfing all over them. I *dont want to* advertise to the world everytime I buy something. For that reason alone I will not use them. If I didn't have a family i would pull a ZT and compete with them. The concept is not that hard. |
|
|
|
I -think- I recognize Pirate, Goat, OneFixt, and Gigavps in there, but the rest are just guesses.
I got pirate, giga, goat, copumpkin, burtw, and I think reeses. |
|
|
|
I think it should be pretty obvious that nobody bruteforced sha-256 or the key, you are overcomplicating - there are so many ways the password can be leaked and so few ways it could be cracked, that I'd bet my car against a beer on chances of crack vs leak In most of these API implementations, they key is checked by an endpoint, and in some badly written systems it stores the key for verification directly in code or config files, which in some badly managed systems can be seen by developers or god knows who while in transit. Even if they key only exists on production servers where only trusted admin has access to, who can be sure that their cheap hosting company (interserver) which does backups for them does proper encryption? All in all, if site operators really believe in what they posted, then it's a good enough reason to never put any BTC on that exchange, as they obviously don't understand what happened. Or lied. Or both PS but at least they handled the situation well. Better than most other victims of the bitcoin economy It seems more like a Man-in-the-Middle attack, there would have been sniffing involved in uncovering the secret keys. It is also possible that a simple XSS "Cross-Site-Scripting" vulnerability been involved in revealing the secrets "it could be the account number field ". Except this API key shouldn't be doing anything that would be overly vulnerable to XSS. MiM is possible, but if LR isn't using HTTPS, or they were not verifying the certificate chain (entirely possible) then someone is an idiot. |
|
|
|
Yes, bitcoinary is a great idea and implemented fairly well, however there is not a lot of activity on the site and there are a lot of bogus bids from people testing it out. I'm not a big fan of all the social media integration, but when you take VC money that is required because YOU, and and all of your info and connections become the product.
Generally the social media doesn't bother me... but to want to post tweets as me? eh, no thanks. It was supposed to be for identity verification. |
|
|
|
I would love to do arbitrage between BF and MTGox. I find the BF consistently has cheaper coins than Gox. The trouble is getting $$ out of Gox and back into BF. I have no intention of 'verifying' my MtGox account so I believe its not just trouble, but impossible for me to get $$ out of Gox. At the same time its hard to justify selling BTC on BF when I could sell them on Gox for 1-5% more...
Deposit USD into BF, sell BTC on GOX. But if you are not going to get verified on GOX than your arbitrage future is dim anyway and what would I do with a bunch of Gox dollars? If you want to arbitrage then you by low and sell high... That means purchasing bitcoin @ BF (using dollars) Then selling @ GOX Then taking GOXUSD and transferring to the exchange with the lowest rates (currently BF) to rise,repeat. |
|
|
|
I've been using Bitcoinary for small transactions with success so far I want to propose to people that use it, when they leave feedback to include the Date and amount in BTC of transaction This can give much greater information toward the trustworthiness of the user For example, it would make a big difference if they have traded 50BTC vs only 0.5BTC in the past successfully, and how recent they have traded Currently the Bitcoinary system doesn't have this feature and feedback I've received is just basic puffer, smooth transaction or whatever, no details on how significant the transaction or the date http://bitcoinary.com It pisses me off that they want crazy permissions:  |
|
|
|
the single most important thing are the payouts! partied to hard this weekend or what?
Life happened.... his hot water heater blew up and practically destroyed his house. |
|
|
|
|
Show Posts
