I agree. 10 days doesn't seem correct. My last SEPA withdrawal was send 2 weeks ago. All other are still waiting as "confirmed". All are smaller than 1000eur.

To define those levels you gave in the example you would need to know the probabilities to start out with. But as you say no one knows those probabilities. And the different contracts would become (un)interesting as new information becomes available and so the community estimate goes up or down. The icbit Dec contract started out at 300M and it last trade was at 484M. This free trading of these future contracts allows the community to bet on the future difficulty without anyone having to guess the probability upfront. It allows the price to reflect news as they become available from the ASIC vendors. And if enough people participate, the efficient market hypothesis predicts that the market value should be a good estimate for the December price. In that case it would not only help miners to hedge but also give them this good estimate as free information. Right now the estimate is probably not very accurate because the volume is low. On the upside, this gives a good opportunity to anyone interested to bet on the difficulty and who think the difficulty will be lower or higher than currently traded.

Another option is icbit.se. They have have a September difficulty future (Diff-9.13 trading at ~81M) and a December one (Diff-12.13 trading at ~350M). Funding is guaranteed by limited leverage and in worse case margin call. (I'm not affiliated with icbit. I'm only using the site as customer and would like more volume on the site).

https://www.penango.com/ is an option to have end-to-end encryption with gmail webmail. Not FOSS.

Right now the highest bid for the Dec future is 95: https://icbit.se/WebTrade/Account/Futures.aspx. Good opportunity for everyone who voted it will reach 100 this year. (I'm a user of icbit and not affiliated with them).

The distribution of order sizes is very different between both exchanges:




Shows the last 20k transactions (~4days) as amount histogram. Wonder why

HMAC is also only secure against replay attack if the nonce is checked correctly. And for that you need to trust that MtGox did it correctly. I prefer trusting myself that I know how to implement a cert check then having to trust others.


You don't need to trust anything but bitstamp. You can check directly their cert against a saved key. Or their CA cert if you trust them and don't want to update the check if bitstamp updates their cert.

How do you want to do a MitM attack with a plaintext password send over HTTPS?!? As a computer scientist you should know that it is impossible. The advantage of using HMAC over https is very minimal and depends on the details of the client and server implementation (mainly the password storage).

On the other hand, that they don't support API keys restricted to specific functions (trade/withdrawal/..) is indeed a severe limitation.

Is it possible to change the OpenID provider? I'm using myopenid and it is down. Thus I cannot access the page with my subscription currently. Given that it is unclear how soon myopenid is back up I would like to change to a different OpenID.

certum provides free code signing certificates for OpenSource developers. http://www.certum.eu/certum/cert,offer_en_open_source_cs.xml
I haven't used them myself but it looks like it should work in case you want to sign.

I agree. There must be a better way to get rid of spam and scams. Maybe a more traditional captcha or some bitcoin quizz. Or even a small registration fee would be less annoying.

Hi everyone.

My experience is good so far. Dwolla withdraw and trading worked just fine. But I would also be interested whether they are already or planning to register as MSB.

I want to comment on https://bitcointalk.org/index.php?topic=164255 about the details of the variation margin calculation.