Bitcoin Forum
July 01, 2022, 03:54:14 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 »
1  Economy / Services / Node.js tutoring, code review, and development - €50/hr, first two hours €20/hr on: November 11, 2015, 11:40:51 AM
... well, that's what I've decided to call it, anyway. I haven't seen anybody else yet who has taken the same approach.

Most (but not all) of this post is copy-pasted and reformatted from my usual page here.

I'm offering any of the following, for €50 per hour (in BTC), with the first two 'introductory' hours for €20 per hour. Keep in mind that I deliver high quality work, not a hack job - there's a number of references and reviews further down my post to prove it. Mind that this offer is only for Node.js (including frontend), not for other languages/platforms!

Code review

I will review your codebase, and make suggestions on how to improve the readability, maintainability, reliability and security. I will refactor small parts of your code to explain and demonstrate techniques. The code review is in stages - I start out with formatting issues, move on to modularization, specific security issues, and so on.

Note that I'm a perfectionist - I'll keep suggesting and explaining improvements until there's nothing left to improve. By the time the code review has completed, you will have a noticeably cleaner and more reliable codebase.

I do not strictly enforce any style guides - I value actual real-world readability over "following a list of rules". I will also always provide rationale for any suggestions, no "just because". That being said, I am very direct - no sugarcoating, just getting things done as efficiently as possible. My main goal is to teach you how to write better code, not to just change things around.

Tutoring

Perhaps you just want to learn Node.js, or a specific technology or specialization - promises, scraping, and so on. That's possible too! I will help you learn Node.js in whatever way works best for you. Whether that is pointing you in the right direction for self-directed learning, or explaining things step-by-step. I will adjust my teaching style (and language use) to whatever works for you.

It doesn't matter whether you have prior experience. Whether you're coming from another language or just have no experience with programming at all, I'll be able to teach you. That being said, you must be motivated to learn.

Advice

Maybe you just need the odd bit of advice every now and then - troubleshooting, explaining small things, or even just rewording documentation of a third-party library so you can understand it better. That's possible - you can keep me on a retainer/deposit for when you get stuck, and I'll help you out with any topic I know about Smiley

I have experience with a wide array of usecases - especially unusual edge cases with little or no documentation - and can generally adapt to whatever's needed. Some examples of this are writing an adaptive bruteforce/spidering script for a search engine, extensive experience with Tahoe-LAFS, and so on. See also my specializations below.

Open-source development

I'm also available for Node.js software development and refactoring, on a case-by-case basis. Keep in mind that I will only actively develop on open-source projects - that is, projects where the results will be available under an open-source license.

Feel free to contact me with more details about the project you have in mind.



Method

I generally do code review and tutoring over XMPP or IRC - providing snippets of code where needed using a Gist. I can do screensharing (via TeamViewer or an open-source screensharing tool of choice), but I've found that text-based explanations generally work better.

I suggest trying text-based explanations first - we can always switch to screensharing later if text doesn't work out for you.

Specializations

  • Application security
  • Code maintainability and modularization
  • Web-based applications
  • Promises, map/reduce/filter, data processing
  • Scraping - if it's accessible, I can scrape it
  • Unusual architectures and experimental technologies, with little to no third-party documentation
  • Distributed and real-time architectures
  • I speak both JavaScript and CoffeeScript!

Experience

  • 10 years of (backend) software development; primarily PHP, Python, Node.js
  • 13 years of frontend development; HTML, CSS, JS (and third-party libraries like jQuery)
  • A wide array of open-source projects
  • A number of published Node.js modules on npm
  • Many other frameworks, libraries, and technologies; too many to list here.

Reviews

Some honest, unedited reviews from customers:

Quote
Josh Reeter: I reached out to joepie91 through IRC for help on reviewing my code, his confidence, open source contributions and experience within the language I was targetting was a great match for me. His mentorship has really helped improve the quality of my code through consistency and just a better understanding of concepts.

Quote
Tejas Manohar: Sven is an incredibly talented developer that works with utmost diligence. He has thorough knowledge of Node.js platform along with the tools built on it and is really passionate about crafting the right implementation to solve most any problem at hand.

Quote
Daniel Sauerbrun: I hired Sven (joepie91) to help me beat the learning curve for Node.js; I needed quick tutoring as I was building out a codebase from scratch for a startup. Not only was he an excellent tutor in helping me understand concepts instead of just giving me the answer, but he was also available for me pretty much whenever I needed him. I expected to need ~25 hours of his services; however, I have made so much progress with him that I can't seem to get past 10.

Quote
Kaveh Khorram: In about only 8 hours, Sven (joepie91) taught me about modularization, callbacks, working with third-party modules, correct variable use, express routes and promises just to name a few. Sven often went into overtime just to make sure I understood a topic, and always made sure I had a thorough understanding of the material before ending a session. Sven is one of the most, if not the most experienced NodeJS developers I've ever worked with.

Payment and terms

Bitcoins, of course! I also accept PayPal and SEPA transfers (plus potentially other payment methods), but I doubt those are of much interest to people here Smiley

Deposit: By default, I require an upfront deposit in 10-hour increments - that is, you pay for 10 hours of work upfront, and once the 10 hours are up, you pay for another 10 hours, and so on. Any remaining hours after completion of work are refunded (except for advice-on-retainer, for which no refunds are available). If you're on a tight budget, then a smaller deposit might be an option - feel free to ask. Paid-for hours don't 'expire', and are valid indefinitely.

Session scheduling: The minimum session duration is an hour - if it's shorter than that, it will be rounded up to one hour (although in my experience, 2-3 hour sessions work best). Shit happens - if you miss a scheduled session and you have a good reason for it, I won't charge you for it. Please be considerate about this, however.

I can accommodate most timezones, as long as sessions are scheduled 2-3 days in advance. Weekdays are preferred, but weekends are also possible if necessary. You don't have to schedule a session in advance, but there are no guarantees about my availability if you don't.

Exchange rates: The rate is set in euros, and the exchange rate to BTC is the one at the moment of deposit, according to the Sell tab at Bitonic. Refunds are based on the amount in euros, using the exchange rate to BTC at the moment of refund.

Anonymity: I don't really care what your identity is, but keep in mind that tutoring and code review consist of a lot of personal interaction, and it is very likely that you will accidentally reveal (part of) your identity in the process. This is inherent to tutoring, and something you should be aware of when purchasing any such service.

Project types: The type of project doesn't matter to me, but I may turn down work if I feel it either violates my ethics, or applicable laws in the Netherlands. I will discuss your project(s) and goals with you before you make a payment, to prevent unpleasant surprises for either party.

Contact

E-mail: admin@cryto.net
XMPP: joepie91@neko.im (OTR fingerprints)
IRC: joepie91 on Freenode (other methods preferred though - it's easy to lose track of PM windows)
... or just send me a PM here on BitcoinTalk!

EDIT: You're free to ask questions in this thread as well, of course.
2  Bitcoin / Project Development / ReDonate, a system for voluntary recurring donations (also works with Bitcoin!) on: March 03, 2013, 12:01:59 PM
Hi all,

I'll just copy-paste a part of the announcement post I wrote, as I thought it might be relevant to users here:

Quote
I’m happy to announce the launch of ReDonate, the only 100% voluntary recurring donations service.

ReDonate allows you to receive monthly donations from fans or users, without locking them in to a subscription, and without any automatic charges whatsoever! There are no restrictions on what payment processors or payment methods you can support, either.

So, how does it work?

When you subscribe to a ReDonate campaign, you indicate how much you wish to donate to the campaign per month. Every month, you will receive an e-mail reminding you of your pledge, including donation links for various payment methods that let you donate straight away. None of your accounts are ever automatically charged, you are completely in charge of whether you wish to keep donating or not!

You can unsubscribe from a ReDonate campaign at any time, for any reason, without any kind of penalty. Just click the unsubscribe link in any of the e-mails we send you, confirm your unsubscription, and you’re done! No more “whoops, forgot to cancel” moments.

Continued here: http://joepie91.wordpress.com/2013/03/03/announcing-redonate-recurring-contributions-done-right/

The actual site can be found here: http://redonate.net/

ReDonate also lets you add a Bitcoin address as payment method, and if there's demand for it I'll also look into integrating various Bitcoin payment processors Smiley

- Sven
3  Bitcoin / Project Development / Interactive mockup for an alternative Bitcoin client UI for non-techies on: October 28, 2011, 06:48:11 PM
It's a common heard complaint that the Bitcoin client looks unattractive, is not user-friendly, etc. - basically, it doesn't invite people to use it. I've spent the past day or so on making an interactive mockup that will hopefully solve that issue. This design is targeted at novice non-techie users, not at tech-savvy users.

Before you read any further, read this again: If you are tech-savvy and think "I would never use that, too shiny" - you are not understanding the purpose of this proposal. Read the above again.

On to the proposal.

I have an interactive mockup at http://www.cryto.net/projects/bitcoin_ui/ - it will only work properly in Chrome, Firefox, and similar modern browsers, as CSS3 is rather heavily used. For those that do not have a modern browser, a few screenshots follow:



(the wallet screen)


http://owely.com/51dNOFE (the Address book)
http://owely.com/5z09ah (the New address screen)

Some additional information:
Due to the absence of a date/time column in the transaction lists (to keep it simple and non-intimidating for novice users), this should be shown in a tooltip or similar, to make sure the exact date and time of a transaction are still within the users' reach.
The idea of the address book is to instruct users to label their new addresses after the person they give it to - this way the transaction list can just show 'from John' rather than a vague address.
Some things (like the Own address / Address of someone else tabs) are not implemented in the mockup, as the workings are more or less obvious.
This is not a proposal to replace the current UI of the Bitcoin client, but rather a proposal to add a new default UI so that novice users can get started easily. There should always be an option to revert to the 'old UI', for those that wish to do so.

Whether you are working on the main Bitcoin client, an alternative client, or a web wallet, feel free to implement this (although in the case of a web wallet, I would suggest rewriting some of the code as the HTML/CSS is very very messy right now).

Feedback is welcome.

EDIT: If you want to take the design, and change it around, feel free to do so as well. Smiley
4  Bitcoin / Bitcoin Discussion / An interesting read about Bitcoin & legislation... on: October 26, 2011, 12:36:26 AM
I happened to run across the following blurb of text regarding regulation of Bitcoin, it's a rather interesting read.

Quote
I understand from your correspondence that you are enquiring about potential regulation issues in respect of a digital currency called Bitcoin.

I appreciate that you have taken the time to contact us about this matter,  I can understand why you have referred the matter to the FSA.  The legislation that we deal with here at the FSA is the Financial Services and Markets Act 2000 (FSMA). 

In any event, it may help if I give a brief outline of what is covered by FSMA before considering how this may affect your proposed activities.  FSMA is concerned with the regulation of financial services and markets in the UK.  Under Section 19 of FSMA, any person who carries on a regulated activity in the UK must be authorised or exempt.  Section 22 of FSMA provides that an activity is a "regulated activity" if it is an activity of a specified kind carried on by way of business in relation to investments of a specified kind. 
 
The activities and investments are specified in The Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 ("the RAO"), which is secondary legislation under FSMA.  Specified activities are defined in Part II of the RAO and include arranging deals in investments.  Specified investments are defined in Part III of the RAO and include various investments.  Therefore, if a company is conducting a specified activity, they will need to be authorised, or exempt.
 
A full list of activities regulated by the FSA is available in the Perimeter Guidance Manual of the FSA handbook.  I have attached a link to the relevant information for your attention:

Detailed guidance on whether you need to be regulated can be found in the Perimeter Guidance Manual (PERG). www.fsahandbook.info/FSA/html/handbook/PERG.
Please note that a full list of the investments regulated by the FSA can be found in chapter 2.6 of PERG

www.fsahandbook.info/FSA/html/handbook/PERG/2/6   

A full list of activities regulated by the FSA can be found in chapter 2.7 of PERG

www.fsahandbook.info/FSA/html/handbook/PERG/2/7

Perhaps it would be helpful to say what Bitcoin is.

As I understand, the system has the following features:
   (a)   It is a form of digital currency.
   (b)   It is not issued by anyone.  It is not backed by ordinary currency or anything of value.
   (c)   There is no central record on which transactions are recorded.
   (d)   There is no central authority that verifies the validity of the coins.
   (e)   There must be some sort of system for upgrading the IT application but we don't anything about it.  It is likely to be quite informal.
   (d)   The coins are generated out of thin air as a reward for system users who voluntarily perform computer operations on blocks.
   (e)   Blocks are records of prior transactions.
   (f)   Transactions are broadcast to the network.  Anyone can create a new block using whichever transactions it wants to include.
   (g)   A digital coin is valuable if and to the extent that sellers of goods and services are willing to accept it.
   (h)   If I want to buy something with Bitcoin I can either generate the coins as described above or, more likely, buy them, for real money, from someone who buys and sells Bitcoins. 
   (i)   You wish to run a business of buying and selling Bitcoins in this way.
   (l)   If I am a seller as well I may accumulate Bitcoins.

Will emoney be involved?

Emoney means electronically (including magnetically) stored monetary value as represented by a claim on the electronic money issuer which:
   (a)   is issued on receipt of funds for the purpose of making payment transactions; and
   (b)   is accepted by a person other than the electronic money issuer;
 
You will see from the description above that it is not issued on the receipt of funds.  It is therefore not e-money.

Is deposit taking involved?

There is no deposit for the same reason as with emoney.

What about the Payment Services Directive (PSD)?

Specific guidance on Payment Service Regulations (PSRs) can be found in chapter 15 of PERG

www.fsahandbook.info/FSA/html/handbook/PERG/15 

In particular you may wish to review question 12 of that section
I strongly suggest that you also look at the approach document for Payment Service Regulations as well.

www.fsa.gov.uk/pubs/other/PSD_approach.pdf 

That said, buying and selling Bitcoin is rather like acting as a bureau de change.  These are not caught by the PSD.  This is because the firm does not help the user to pay third parties such as merchants but just sells him the Bitcoins. 

Moving on, the creation of Bitcoins and sale to users potentially amounts to issuing payment instruments. Therefore the question is whether Bitcoins are payment instruments.  This means something used in order to initiate an instruction requesting the execution of a payment transaction.  A payment transaction means placing, transferring or withdrawing funds.  The key definition is funds.  This means banknotes and coins, scriptural money, and electronic money.  This means that the question is whether Bitcoins are money.

It is not yet clear what money means in the context of this particular piece of legislation.   Our favoured approach at the moment is that one asks whether the value functions like money, whether or not it is money in the more traditional sense.  It could mean any medium which, by practise, freely passes through the community in final discharge of debts and full payment for goods and services, being accepted equally without reference to the character or credit of the person who offers it and who in turn can tender it to others in discharge of debts or payment for goods or services, even though it may not be legal tender.  So Bitcoins could become money for the purpose of the PSD Regulations if and when they become widely used.  If this is the case then you need to be aware that the EU takes the lead on interpreting the PSD and it may come up with a different approach.  For example it could say that in effect each person using Bitcoins to buy something issues the coin because any transfer of a coin creates a new need to get it incorporated into blocks and accepted by the system.  That would mean that those who make a business of buying and selling Bitcoins would be issuing a payment instrument.  There might also be an argument that anyone creating a new block issues value for the same reason even if no coins are generated.


For the need for authorisation you would also need to be undertaking the activity by way of business.  For guidance on this please refer to questions 1 and 4  in PERG 15.

As for the  Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) requirements, your firm will be caught by our Handbook requirements on financial crime and AML if it is FSMA-authorised. If it is not FSMA-authorised, it might still be within scope of the Money Laundering Regulations 2007 and again, the firm should seek legal advice on this. If the firm is within the scope of the Money Laundering Regulations, we might or might not be the competent supervisor for the firm's compliance with these Regulations - the flowchart on p2 of this document

www.fsa.gov.uk/pubs/other/approach.pdf

can help the firm determine who its AML/CTF supervisor would be.

Independently of whether your firm falls within the scope of FSMA or the Money Laundering Regulations, the fact that it appears to be handling funds (in the broadest sense) makes it likely that the firm will be caught by the UK's sanctions regimes. The following link provides more information
www.hm-treasury.gov.uk/fin_sanctions_faqs.htm

I suggest that you read this information, and, taking into consideration any exclusions that may apply, you should be able to determine whether or not your proposals would require authorisation. Please be aware that while the FSA can provide general guidance, we cannot tell you whether the proposals would or would not need to be authorised. Where you are involved in speculative contracts in relation to Bitcoins, we need to consider whether the rights in the Bitcoins will amount to one or more of the investments specified in PERG 2.6. In particular, the investments in PERG 2.6.20-24 are the most relevant to your activities.

Any person wishing to carry on one or more regulated activities must apply to the FSA for authorisation (unless they can abide by the terms of an exclusion).  The application pack is available on our website (www.fsa.gov.uk/Pages/Doing/how/index.shtml).   
5  Bitcoin / Bitcoin Discussion / EU to declare bitcoin as 'overlay currency' on: September 03, 2011, 05:49:36 PM
Quote from: genjix @ IRC
<genjix> joepie91: there is going to be an EU directive for bitcoin
<joepie91> elaborate?
<genjix> they're going to classify it as an overlay currency
<genjix> but EU directives are slow. they can take months or years (especially with finance)
<genjix> doesn't look like the FSA are going to make any ruling right now, but if they do it's highly speculative what they'll rule bitcoin as (it could be a store of value)
<genjix> joepie91: feel free to attribute that to us.

Posted here on request of genjix Smiley

EDIT: For those who can't immediately recall who genjix (Amir Taaki) is, he's part of Bitcoin Consultancy / #bitcoinconsultancy / Britcoin / Intersango. Don't think there's really any other source yet.
6  Other / Off-topic / Free not-quite-a-CDN for non-profit projects on: August 19, 2011, 04:25:13 AM
I decided not to drop this in Project Development as it's not just specific to Bitcoin.

I've been working on a 'development collective' for a while now (http://www.cryto.net/) and by now there is a fairly solid not-quite-a-CDN running. Right now it's essentially a redundant Tahoe-LAFS storage grid with 5 geographically distributed "gateways" - it's essentially a bit like a CDN without the geotargeting. GeoDNS *is* planned for the future, but right now we don't run our own DNS servers yet.

What it does: it delivers files. Any and every kind of files. You can essentially upload a file to the storage grid, and get back a 'read URI' that can be translated to a 'gateway URL' - which is essentially just a URL that anyone can access to download your file. It provides provider-independent security (meaning that you don't have to trust a third party to use it) as the only way to read a file, is using the read URI - which is also a decryption key. While using the standard gateways you have to trust the gateway provider (which right now is pretty much me) to not intercept your data, you can easily set up your own gateway.

There's about 500GB of free space across the grid right now, which should translate into about 200GB of usable space with default settings. Usually any 4 servers can disappear from the grid (which right now consists of 10 servers) and your files should still be retrievable - if you change your settings you can even make the reliability higher.

Now what am I offering? Basically free (unlimited, within reason) usage of that not-quite-a-CDN for non-profit projects. Tahoe-LAFS relies on Python and Twisted, and provides a web API, so it should be easy to implement it into your application. An I2P tunnel for the main gateway is available on http://cryto-gateway.i2p/, while the clearnet gateway runs at http://tahoe-gateway.cryto.net:3719/ (links are interchangeable across gateways, so you can just change the gateway address to make gateway links work on I2P).

An example snippet of PHP code that I am using in the new version of AnonNews to store uploaded images on that grid:
Code: (PHP)
$tahoe_server = "http://localhost:3456";
$tahoe_gateway = "http://tahoe-gateway.cryto.net:3719";
$upload_result = curl_put("{$tahoe_server}/uri", $_FILES['file']['tmp_name']);
if($upload_result !== false)
{
$upload_b64 = urlsafe_b64encode($upload_result);
$upload_url = "{$tahoe_gateway}/download/{$upload_b64}/{$_FILES['file']['name']}";
}
... where $upload_url is the public HTTP gateway location of the file - anyone can go to that URL (or for example set it as img src) and see the uploaded file.

If you're working on a non-profit project that could use redundant file storage, hop on to the Cryto IRC and let me know Smiley

Of course donating server space or even running a gateway (small 1-file Python script) is also welcomed very much. Cheesy

EDIT: A quick diagram I made of the current grid setup (minus the 'tahoe-lafs clients' that actually upload data, this is just the delivery part): http://tahoe-gateway.cryto.net:3719/download/VVJJOkNISzp1eHJyc3huemo3ZzYzdmR0N3E3cGY2bzd1aTp2ZG5oa2d3eTV3cmxjcHlvb3B3ZmFzb3duNjRoMmFkNm4zZ3dnZHppenV3ZXJpdnc3bDNhOjM6NjoyODk0NjA=/cryto-tahoe.png
7  Bitcoin / Project Development / Setting up a payment gateway using BitcoinNotify - in a secure way on: August 17, 2011, 05:56:44 AM
A small tl;dr for those that haven't used or looked at BitcoinNotify: they offer a service where they can monitor an address in the blockchain for you and send you a notification (for example in the form of a callback to a script on your site) so that you can be notified of successful payments *without* having to trust a third party with your Bitcoins.

Now the obvious issue is that BitcoinNotify would be able to make fake callbacks to make transactions 'go through' that never happened - because, let's face it, people are paranoid about things to do with money. I'm not saying that the people behind BitcoinNotify are untrustworthy, but let's just assume for the sake of this proposal that they would send out fake callbacks.

My proposal is a very simple one - more of these notification services. Independent services that all do roughly the same, making a (double) callback when a payment is seen to be received. Now the trick would be to require a callback from all of the notification providers before a payment actually 'goes through' (or almost all of the providers, to cope with providers that suffer from downtime). Someone would have to have access to all of these providers to make a fake notification go through.

Possible issues I see:
1. Taking out all of these notification providers with a DDoS attack would effectively disable someones ability to process payments - but then again, this is the same for a payment gateway (which would have a single point of failure, unlike this proposal).
2. Notification providers may disappear over time, and new ones may appear, meaning a business owner has to maintain some sort of list of notification providers.
3. To successfully pull this off, some sort of standard would have to be created for Bitcoin payment callbacks.

Thoughts?
8  Other / Off-topic / "Open-source is bad!" on: August 05, 2011, 02:27:53 PM
I keep coming across people that claim open-source is bad, that it's insecure, that it's always worse than closed-source software because developers are not getting paid for it, that they would never trust open-source software, etc etc. Besides this being factually incorrect, I always wonder if these people realize that they are constantly using services provided by open-source software without even knowing it.

Downloaded Firefox or Chrome? Open-source.

Visited a website served by Apache, Lighttpd, or nginx? Open-source.

Reading email in Thunderbird? Open-source.

Got nephew to install OpenOffice/LibreOffice? Open-source.

Using any kind of online service that is provided by a server running Linux? Open-source.

Building a website using Joomla? Open-source.

Making a blog using Wordpress? Open-source.

And so on, and so on, and so on...
9  Other / Off-topic / Bitcoin memes on: August 04, 2011, 07:47:53 AM
I recall seeing a Bitcoin meme thread before, but I can't find it anymore, so let's start a new one! Cheesy

I'll start out with this one I saw in another thread:
10  Bitcoin / Bitcoin Discussion / Bitcoin being anonymous is a bad thing. on: August 04, 2011, 06:42:55 AM
No, it's not.

Bitcoin being anonymous (no, not untraceable, I stick to the same definitions I have always sticked to) is actually just a property of it.

It appears there are more and more people that say "it's a shame that Bitcoin is X and Y". These people do not appear to realize that strength is in variety. That Bitcoin is not like other currencies (in that it, for example, has methods to track back fraud), does that mean it's bad? No. It means it's different. It's up to you whether you want to use Bitcoin or not. It has its own properties, its own pros and cons. It means you have a choice.

It is completely pointless to aim at everything being the same, and Bitcoin being anonymous is not a 'fault' that has to be solved - it's a main property of the concept. Stop trying to say "Bitcoin is bad because it doesn't provide any anti-fraud measures". It's not. It's different.

It's a bit hard to put my idea into words, but I hope you get what I mean. Bitcoin is what it is. There is no need for it to have the exact same pros as everything else, if it offers different pros that other currencies or methods do not offer. It's freedom. It's a choice. Stop complaining about it.
11  Bitcoin / Bitcoin Discussion / Freedom and Responsibility - or: why you FAILED if you lost money in MBC crash on: August 02, 2011, 05:28:54 AM
Before I start, this topic is not intended as trolling. I am entirely serious, and I hope I can wake up some people and make them realize what they are doing.

Bitcoin is about freedom. Freedom to do with your funds what you want. To store them in a way you want, in a way you deem them secure, without having to rely on a third party.

With freedom comes responsibility. Responsibility to take care of the security of your own funds, or to pick a provider you trust and have them take care of it.

If the MyBitcoin crash was a responsibility test, and you lost any considerable amount of money in there, YOU FAILED THE TEST.

Please explain to me how you had the idea that it was a good idea to store considerable funds in a service that has a proven poor track record - remember how hundreds of accounts were cleaned out, all to the same address, and not a single automated red flag regarding fraud was triggered, letting through all the payments? How such an obvious fraudulent transaction went through, and was claimed to have been 'stopped manually', with no real security measures in place? Remember how noone actually appears to really be running the site, and how it is rather 'faceless'? Why would you store any considerable amount of money there? Why did you not store (the majority of) it in a properly secured wallet.dat file on a local machine?

Even if this was not intended as a test, it was a very good one, and you definitely failed it if you indeed lost serious funds.

Just something to think about.
12  Economy / Marketplace / Giving away paybtc.com domain name for free, for a payment gateway on: July 26, 2011, 07:42:11 PM
A while ago, I registered the domain paybtc.com with the intention to create a free payment processing system that worked similar to PayPal and could easily be integrated. However, I have a lot of things to do, and can't really find the time to work on a reliable and secure payment gateway - so I'm giving away the domain.

However, there are a few conditions:
* You must be a reputable community member, and I will only give it away if I trust you will keep to the promises below.
* The domain must be used to set up a publicly accessible payment gateway that can be used by anyone (unless you are explicitly banned for abuse etc., of course).
* The payment gateway must be free and not charge any fees. Accepting donations (which I've found to be a perfectly viable 'business model' of sorts) is of course fine, as long as there is no mandatory payment or fees involved in using the gateway - not as a merchant and not as a 'consumer'.
* The payment gateway must, when using a callback system, use a 'double callback' to report back to the merchant site - meaning it will call an URL on the merchant site after payment, and requires the merchant site to call back to the gateway explicitly (verifying transaction ID, amount, etc) to verify that the initial callback was legitimate and not spoofed. Optionally it could have a 'transaction type' where the gateway sends a predefined email after the transaction succeeds instead of making a callback (useful for static merchant sites), but this is not required.
* The payment gateway must provide some sort of API, that allows merchants to make their cart software 'create payment requests' server-side, so that no actual price and callback info is actually sent on the clientside (to prevent the well-known now-defunct PayPal Tamper Data hack).


Ideally, this project would be run by someone who has some experience in running free (donation-funded) bitcoin services, but this is not a requirement.
Ideally, the payments could also be directly forwarded to the 'actual' address of the merchant, rather than functioning as an e-wallet - but this is also, while useful, not a requirement.

As you may have noticed most of the conditions I listed are related to the security, something I believe is very important. I originally bought the domain with the idea to set up a secure payment gateway that merchants could trust to be secure, so that it would be trivial to adopt it for current webshops. This is also why I focused on things like using an API to create payment requests (making POST data tampering impossible), double callbacks (to prevent spoofing), and directly forwarding payments to the merchant rather than an e-wallet system (to keep as little funds as possible on the server at all times).
My main goal was to set up a payment gateway that could seriously make a difference in the acceptance of Bitcoin by existing stores - by making implementation trivial and secure, not requiring the installation of any specific software (like a bitcoind) or having to write custom code to handle payments, making it attractive to implement, and not having to trust a shady third party that cannot be held accounted for anything because noone knows who he really is - and I expect any person that I will transfer this domain name to will have the same goals.

I am aware that the above conditions may be strict and come across arrogant, but I believe paybtc.com is a VERY good domain name for a service like this, and I would only want to transfer it to someone who genuinely believes in the idea, genuinely wants to put effort into making it reality, and can genuinely be trusted to stick to his promise. I am not looking for someone who wants to turn a maximum profit at all costs, I am looking for someone who believes in the idea and wants to go for it, and move the Bitcoin concept forward.

EDIT: All of the above conditions were conditions I had originally put for myself - this is basically the concept I had in mind. If I can't find anyone to do this, I will just work on it at a later point when I have more time - but if anyone can set up something like this earlier, I would be glad to give them the domain.
13  Other / Politics & Society / The copyright lobby loves Child Pornography as an excuse for censoring on: July 10, 2011, 10:16:49 AM
Quote
“Child pornography is great,” the man said enthusiastically. “Politicians do not understand file sharing, but they understand child pornography, and they want to filter that to score points with the public. Once we get them to filter child pornography, we can get them to extend the block to file sharing.”

The date was May 27, 2007, and the man was Johan Schlüter, head of the Danish Anti-Piracy Group (Antipiratgruppen). He was speaking in front of an audience from which the press had been banned; it was assumed to be copyright industry insiders only. It wasn’t. Christian Engström, who’s now a Member of the European Parliament, Oscar Swartz, and I were also there.

“My friends,” Schlüter said. “We must filter the Internet to win over online file sharing. But politicians don’t understand that file sharing is bad, and this is a problem for us. Therefore, we must associate file sharing with child pornography. Because that’s something the politicians understand, and something they want to filter off the Internet.”

“We are developing a child pornography filter in cooperation with the IFPI and the MPA so we can show politicians that filtering works,” he said. “Child pornography is an issue they understand.” Schlüter grinned broadly.

Read more: http://torrentfreak.com/the-copyright-lobby-absolutely-loves-child-pornography-110709/

So, what numerous people have been saying for years, is now finally being confirmed. How morally low can you go to 'turn a profit'?
14  Bitcoin / Bitcoin Discussion / Tinfoil hat mode on: what if AV vendors were paid to remove wallets? on: July 07, 2011, 01:40:53 PM
Now, this is going to be a completely unfounded conspiracy theory. I am NOT saying it happens, I am NOT saying it happened in the past, I am NOT claiming it will ever happen.

It's just a concept, that may potentially be a problem.

What would happen if banks, governments, or other organizations that do not like Bitcoin, were to pay vendors of antivirus/antispyware software to include a definition that detects and removes Bitcoin wallets? This would be fairly easy to do, and would possibly cause a lot of chaos as wallet files disappear of people who didn't back them up.

Now the obvious counterargument would be... "wouldn't that damage the reputation of that AV vendor and effectively take out the company?"

No, it probably wouldn't. First off it's fairly easy to blame it on a 'false positive', apologize, and just ignore what happened after that. I believe AVG has, twice, removed critical system files in the past as a false positive, thereby bricking entire Windows installations. "Shit happens", and that would be a very believable explanation to the general public.

Second off, does anyone remember the case where Gator/Claria paid/bribed several antispyware vendors to not automatically remove their adware? It's a bit hard to find sources on this, but I remember reading a few articles about it a few years ago. Some indications are here: http://www.dslreports.com/forum/r13552245-Adaware-delisting-Claria-and-WhenU-
An article about Microsoft suggesting Ignore instead of Remove for Claria can be found here: http://www.theregister.co.uk/2005/07/07/ms_downgrades_claria_detection/
There are undoubtedly more news articles on all of this, but I don't have a lot of time to search for them right now.

What if a similar thing happened where organizations would pay AV/AS vendors to remove Bitcoin wallets 'accidentally'?

[/tinfoil]
15  Economy / Marketplace / Store owners interested in a price comparison search engine for Bitcoin? on: July 07, 2011, 09:58:10 AM
I am currently working on a search engine/price comparison site for Chinese webshops (such as DealExtreme, BuyInCoins, etc.) and I figured that it may be useful to reuse that platform to build a price comparison and product search engine for the Bitcoin community. I have a question beforehand though:

How many people that are currently selling products online for Bitcoins, would be interested in providing periodic (daily?) database dumps in for example XML format, for their product database to be imported into such a site? For the Chinese webshop comparison site I had to write crawlers by myself because the customer service of these webshops did not understand the requests for databases... but it would be a lot easier if stores could just provide XML dumps (or JSON, or any other proper format) with their products.

So, basically, if you run a Bitcoin store, and you are willing to provide a product database dump (I may be able to write some simple tools to dump the databases for some commonly used cart software), please post in this thread so I know if it's worth it!
16  Bitcoin / Bitcoin Discussion / Potential attack vector in generating Bitcoin addresses? on: July 05, 2011, 06:30:44 PM
So, I was thinking about the address generation scheme that is used for Bitcoin. Please note I did not do any math here yet to see if it is likely to happen, it's just a concept.


To my understanding no network communication takes place when generating Bitcoin addresses. It's basically done locally. From my understanding Bitcoin address generation is also predictable in the sense that generating the same address twice, while unlikely, will result in the same private and public keypair.

Now from what I understood, the chance of a collision (that you would get an address that already belongs to someone else) is possible, but so unlikely that it's discountable. All fine up to this point.

Now what if someone made a botnet generate addresses all the time, 24/7, and would import those addresses into a wallet.dat to try and see if someone else already generated the address, and has funds 'assigned' to it - essentially trying to find collisions? Wouldn't this be an extremely efficient way to generate addresses until an address was found that held funds, to then steal the funds on that address by transfering them elsewhere?

Is this a possible attack vector and if yes, how likely is it to succeed?
17  Other / Off-topic / What music do you listen to while programming? on: June 26, 2011, 08:44:53 AM
As the topic title says - what music do you listen to while programming/developing things?
Seems like there are a lot of programmers/webdevelopers/etc. on here Smiley

I usually listen to music from Jamendo, specifically instrumental music. Especially Roger Subirana Mata, zero-project, and Filthy Kicks are some favorites I often have playing when working on things.
I also have the Trine (from the Humble Bundle) soundtrack playing now and then, but most of my music comes from Jamendo.
18  Bitcoin / Bitcoin Discussion / "Come to Tradehill, it's more secure!" on: June 25, 2011, 02:23:02 AM
Okay, so I've seen the following pop up quite a lot on both the forum and on IRC:
"Go to Tradehill, it's more secure than Mt. Gox!"

Now consider that Tradehill is closed-source. In itself this is not a problem, but they do, as far as I know, not have insurance for the funds you deposit to them either.
That means you are directly financially responsible for any security holes they leave open, and have no way to check if it is secure.

Now, besides the obvious profits that people get from referal links, can anyone who is claiming that Tradehill is more secure, tell me what that claim is based on?
19  Bitcoin / Project Development / [PHP] BlockExplorer Track following script on: June 21, 2011, 04:19:07 AM
Posting this for a friend... he does not have sufficient posts to post in here yet.

It basically searches back through the blockchain (using Block Explorer) to find the earliest trace of an address (by following the first address link on every page).

Code:
<?php
/*
            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 
                    Version 2, December 2004 

         Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>

 Everyone is permitted to copy and distribute verbatim or modified 
 copies of this license document, and changing it is allowed as long 
 as the name is changed. 

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 

  0. You just DO WHAT THE FUCK YOU WANT TO. 
*/

/* This program is free software. It comes without any warranty, to
 * the extent permitted by applicable law. You can redistribute it
 * and/or modify it under the terms of the Do What The Fuck You Want
 * To Public License, Version 2, as published by Sam Hocevar. See
 * http://sam.zoy.org/wtfpl/COPYING for more details. */

/* Questions? ask Skullby <skullby@hush.com> */

error_reporting(0);
ini_set('display_errors','Off');

//$startHash = "166inTrZD3G9SMKRcsaRnvFcCbeSrKoyxL"; 
$startHash "18ukPi1oAcLau91YfpTkXY1EuZrYxZyUBx"// a hash I found, and wanted to trace backward in time. :)

getNext($startHash);

function 
getNext($hash) {
if (
$hash == "") {
  echo 
"\ndone\n";
  die;
}
$handle fopen("http://blockexplorer.com/address/".$hash,"r");
$contents ''
while (!
feof($handle)) {
  
$contents .= fread($handle8192);
}
fclose($handle);

$lines split("\n",$contents);

foreach (
$lines as $key=>$line) {
 if (
$line == "<td>Received: Address</td>") {
      
$found 1;
 }

 if (
$found == && strstr($line,"<li><a href=")) {
    
preg_match('/<li><a href="\/address\/(.*)">/',$line,$matches);
    echo 
$matches[1]."\n";
    
sleep(2);
    
getNext($matches[1]);
 }


}
 
}
?>
20  Other / Beginners & Help / If your Mt. Gox account has been compromised, PLEASE READ. on: June 16, 2011, 09:19:25 PM
EDIT: If you cannot access your account and your e-mail address on your account has been changed, please post here as well with as much information as you have.

EDIT2: Added a question about password reuse, please update your posts

Ok, so I've seen a lot of topics appearing about Mt. Gox accounts getting compromised, and had it happen to myself as well - and I'm wondering what the scale of this is.

First, a few things:

My Mt. Gox account got broken into, what do I do?
First of all, do a virus scan, there are plenty of free antivirus applications that work fine - for example, Avast, Antivir/Avira, and AVG.
If you are tech-savvy or know someone who is, and you are on Windows, use applications like TCPView, Wireshark, and Security Task Manager to determine whether any suspicious network activity is taking place, or whether there are any suspicious processes running. Also check your Services for suspicious services.
Change your password. It should be:
* At least 12 characters long, more is better
* Contain letters (both lower and upper case), numbers, and if possible special characters
* Not have any dictionary words, names, or dates in it. The best password is a seemingly random password
* MOST IMPORTANTLY, not a password that you use somewhere else!
* Make sure your new password has a different length than your old one!
After you changed your password, check in your Mt. Gox account if your e-mail address is still correct.
Make sure that your password is NOT saved in your browsers "password manager"! If your browser asks you whether it should remember your password, choose No.
Be sure to read this post to the end!

How could this happen? Is Mt. Gox safe?
Right now it appears to be unclear on where this "attack" is coming from. At least some accounts had complex and/or long passwords, so bruteforcing seems unlikely, but it's possible.
If you had a short password and use an outdated browser (or Internet Explorer, or another browser that does not have this vulnerability patches), it is possible you got hit by the so called "CSS History Sniffer" vulnerability. Get an up-to-date browser that has this vulnerability patched - I believe at least Chrome and Firefox 3 are safe from this - and use a longer password.
While Mt. Gox being compromised is a possibility, there is no proof for it, and it's best NOT to assume that is the case - this may be an attempt at spreading fear and getting people to leave Mt. Gox.
It's best to wait for a response from MagicalTux on this. Personally I normally don't leave any funds in Mt. Gox (or any web wallet / exchange) any longer than necessary, exactly to avoid things like this. The only reason it happened now was because I was unable to access Mt. Gox at all for a long time, and thus didn't have the chance to withdraw my funds.

And now?
I personally think it's a good idea to collect as much data on what happened as possible. Please report in if you got hit as well, and answer the following questions:
* How much funds did you lose?
* To what address were your stolen funds sent?
* What OS are you using (Windows, Linux, Mac OSX ...)?
* How long was your old password?
* Was your old password random?
* Was your username the same on Mt. Gox as on the forum?
* Did you use your Mt. Gox password somewhere else?
* Did your old password contain lowercase letters, uppercase letters, special characters and numbers?
* Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.
* Please also include a screenshot if possible so we know it's a real report.


I'll start out with myself.

Lost funds: about $200
Sent to: 16MHJtHA1dVJQZYcFf3iRAeF3dCFQeqTCi
OS: Windows 7 Home Premium
Password length: 20 characters
Random: Yes
Username the same: Yes
Password reused: No
Characters: uppercase, lowercase, and numbers.
Software: used Diablo Miner and pocblm
Screenshot:
Pages: [1] 2 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!