I'm surprised I haven't seen this discussed here but there was a lawsuit recently where a customer's stolen credentials were used to transfer large sums of money from a bank.

The bank refused to cover the customer's losses so the customer sued and lost.

Short version: http://www.wired.com/threatlevel/2011/06/bank-ach-theft/
Details: http://www.bankinfosecurity.com/articles.php?art_id=3705&opg=1

Its possible there will be more of a move toward this in the industry.

One of the complaints about bitcoin has been that unlike a bank when your money is stolen you have no recourse.

If this case starts to set a wider precedent that could no longer be a valid argument.

I'm not sure why it was allowed to happen but the Bitcoin forum has become a liability to the entire project.

As I type this the majority of posts in the the main forum... the only one that most people see... are mt gox rants.
How is someone discovering Bitcoin today supposed to wade through this mess to find information?

The threads are filled with gigantic signature pictures and ridiculous trolling. Several of the top level threads are just joke pictures.

Why is this being allowed to happen?
All serious discussion of bitcoin gets moved to subforums while the main is left to wallow in garbage.

Moderators, you know that this site is linked from the the main bitcoin page and this is the first place people turn to ask questions.
The state of the forum today makes the whole project look like a joke.
If this had been the state of the forums when I first got interested I would have dismissed the entire thing.

From what I understand when change is made it is sent to a new key.
Is there any reason for this other than anonymization?
I'm assuming sending change back to an address in one of the inputs would work fine but I'm curious why the decision was made to send to a new address.

Would it make sense to separate the wallet from the bitcoin client? Right now they seem so tightly linked and separating them would enable some pretty cool use cases. I see talk about encrypting the entire wallet.dat but that would seem to give you all or nothing in the case of a shared system or business/personal system.

My little custom format at the moment (after I dump the keys from the client) looks like this:
SQLite (transactional + bindings for most languages)

MasterKey
AccountID (allows multiple users to share a wallet with different keys for each)
AccountName
Version (of the wallet storage format)
Format (Flags for format and usage of private keys) Current options: Public encrypted, Private encrypted
KeyForPublic
KeyForPrivate

Keys
AccountID
PublicKey
PrivateKey

For now everything is just AES but there could be more options.
In the case of the home user you would most likely store the public keys open and the private encrypted.
To decrypt you provide the AES passphrase for the account's KeyForPrivate field which then gives you the key to decrypt the private keys. This would only be necessary when spending or of course key generation.
I could also choose to encrypt the public keys. The wallet could then travel with me in my pocket and when lost would be meaningless even for figuring out which past transactions were yours.
I could also plug the wallet into someone else's machine and just give the key for my public keys to check balances but leave my wife's public keys unknown to the machine.
Have there been any talks about externalizing the storage of the private keys from the bitcoin client? I'm assuming the only time it uses the private keys is for sending and key generation. Is anyone working on something similar at the moment?
It would allow a lot more tools to be written such as custom key generators and backup/restore.

I want to share with you guys what I'm working on to get comments and gauge its usefulness/technical feasibility since I don't know all the ins and outs of the protocol.

Its looks like you can send messages in the transactions but it seems like that would seriously clog the tubes if it took of... filling the network with microtransactions just to communicate.

I have a prototype of a system that uses the keys currently in your wallet to send messages perfectly anonymously to other bitcoin users without requiring prior key registration.

The main caveat is that it uses the public key of an address... so messages can only be sent to addresses that have their public key known.
This would work great for receipts, etc, and once you have communicated with someone you can continue to use the same address.

Here's how it works, with a few in the weeds details of how I have it implemented so far.
Sending:
Enter an address. If the public key is available your message is encrypted using ec ies to the public key.
The message is then posted to an IRC channel. (I'm going to leave out a bunch of details about how the load/spamming is handled)
From here the messages can propagate through all sorts channels.

Receiving:
A separate program running on parallel to the client loads your keys into a sqlite database. The private keys are encrypted with a master key stored in the database... which in turn is encrypted with the passphrase of your choosing. This allows for fast rekeying of the db.
The database is separate from the bitcoin server so it is portable. No need for the full thing if you just want messaging on the go.

Clients interested in messaging can attach to the message stream looking for messages addressed to them.
Ones with the correct address are plucked from the stream and stored to disk. To read the message the db passphrase is entered, the private key released, and the message is read.
This would be great for sending back a confirmation or results of a transaction.
Its also assumed only those interested in perfect privacy would query for messages through a service like blockexplorer instead of attaching to a message stream.

I have a plan for load, spam, and communicating with unseen addresses which I'll have to address when I'm not high on a coding binge.

One of the things I'm not totally sure of though that I hope someone can confirm for me since I'm so new to bitcoin:
If I receive a transaction, the public key attached is always that of the sender of the transaction?
I'm making that assumption so please correct me if I'm wrong (and before I spit shine this thing)

I'm developing a small bitcoin service and I've got everything working great except for one hangup: I can't for the life of me figure out how to programatically extract the private key from the wallet.
I looked at bitcoinj but it appears to use a different format than the standard client.
I'm pretty new to bitcoin so maybe I'm missing something obvious.
The only way I've been able to do this so far has been modifying bitcointools to show the whole address in a dump and parse it out by hand.
Is there code floating around to do this in java with the standard berkley db format?

Thanks to some friendly people on this site I got a few bitcents to play with and tried a few transactions this weekend.
While the first couple I made seemed to get confirmed in about a half hour I'm waiting on one right now for over an hour.
I've seen 5 or 6 blocks get generated since the transaction was submitted but still nothing.
Is this normal? Are there transactions that just never get confirmed?