This is what a psychologist friend of mine predicted: if prices go stable, speculators will miss their dopamine releases and be even more upset than when price is plunging, which is at least exciting. Random, unpredictable, positive reinforcement is the best way to train behavior, and that has been the story of bitcoin for the past year or so.
Ask your psychologist friend what conditioning is occurring that produces dopaminergic activity for market instability as opposed to profit. |
|
|
|
It is difficult enough running your own business. Running a bitcoin exchange is even more difficult, because in addition to the normal crap a startup has deal with, you are taking a personal (not just financial) risk.
It's something I would never be capable of. Exchanges provide a vital service to the bitcoin community in the bootstrapping phase. Every exchange operator (not just mtgox) is a hero in my eyes.
I am thankful for mtgox, despite their mistakes and screw ups. I have no reason to believe that their intentions are dishonest. That's why I will keep supporting them (and other exchanges).
This. There is absolutely no evidence of malicious intent or dishonesty on the part of mtgox - you can criticise their security for the obvious fact it was compromised, but it's hardly right to criticise their honour. |
|
|
|
Consider using bcrypt for hashing passwords. bcrypt is designed to be difficult to compute, with tunable difficulty.
Edit: Come to think of it, you could always use the tunable difficulty method of bitcoin. Use a nonce rather than a salt, and require that the hash be below a certain number.
Every time the difficulty of bitcoin increases it means there's more hashing power out there that could be redirected. Truly paranoid types may want to use that as a sign that it's time to hash all existing passwords again (hash the hash and keep a count of how many hash operations). |
|
|
|
Please, service providers... Use the best possible solution available! If you can use multiple SHA512 hashes with each different unique salts form different sections of passwords... do it! If you can run that same thing 5 passes... do it! Don't just go with MD5 + usalt because "no-one will ever get the database". Always prepare for the worst case scenario. HAve graceful hash updates! If a better hashing method becomes available, make users reset their password! (Or have it be done automatically on log in using submitted password for 30 days, and after that time, require reset.) Thanks for listening, do shout at me if you think this is stupid advice!  You're doing it wrong - making people change their passwords every 30 days results in them running out of quality passwords OR them writing their password down. Multiple hashes? If you want to be paranoid that's also the wrong way to go about things, you should use a system like bcrypt and make sure it's slow enough that GPU bruteforce is a no-go. Partition the database too, don't have one big MySQL database with full perms which every part of the site has access to - one exploit on any part and it's game over. Limit it tightly, VERY tightly. Even the human factor can be mitigated - don't give access to EVERYTHING to EVERY employee, restrict things tightly. Use whitelists, not blacklists. |
|
|
|
|
I'll back up the dedicated suggestion.
Try cari.net, i've worked with them myself in the past and found them to be pretty damn responsive.
|
|
|
|
My "Password Manager" is in my brain, where nobody else can see them.
I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that... You can re-arrange the letters of a website to make passwords. For example, bitcoin.org could turn into n41iR32Rr22141R32Rr221. The n is from the last letter of the domain. The i is from the 2nd letter of the domain. 41R32Rr221 is what you memorize, and repeat it twice (with the i inserted into it). This is similarly done for every password. You could also have a number at the end for whether it's an even or odd number of characters in the domain. A password I no longer use was once made up of the following (and this was years ago, so it's of no use to any potential attackers now): 6 random digits generated by a 386 (see, years ago) another 6 letters+digits from the combination to the door lock for a hotel room somewhere in london I mixed the 2 together to get a 12-digit password But a website? That's silly Another thing people commonly do is to take a dictionary word and add 2-3 digits, such as Flower29 - that's downright dumb, it only multiplies the number of words to try by 100 and that's not a lot. You should try to avoid reducing the search space for a potential attacker - anything which has a yes/no answer you should consider as 1 bit of the key, if you answer yes or no, you've given away 1 bit of the key to the attacker on average. People also do silly things like make their password a swearword when they're known for not swearing on the theory people won't try it - the common 4 letter swears are amongst the first tried (fuck, shit, cunt etc). Generate random numbers, do whatever you must to memorise them, and if you really can't then store them on a completely disconnected device OR in paper form with something that stays on your person even while sleeping. The purpose of my suggestion was to have a unique and effective password for every site that you can remember. And that's good advice, but you should use true entropy and THEN add associations to help remember it, doing the reverse makes an attacker's job easier. Here's a random password i've just generated (not used on any accounts of course): 77adc009ea6d Totally random entropy, but I can find patterns to help me remember it. adc? the band AC/DC with a bit missing 77 - 2 digits, easy to remember as it's duplicated 009 - 900 backwards, or 9/11 backwards -11 and so on Basically, you use the same techniques schizophrenics use to find messages in the bible, but to find messages in your random password - it then sticks in your head better. |
|
|
|
My "Password Manager" is in my brain, where nobody else can see them.
I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that... You can re-arrange the letters of a website to make passwords. For example, bitcoin.org could turn into n41iR32Rr22141R32Rr221. The n is from the last letter of the domain. The i is from the 2nd letter of the domain. 41R32Rr221 is what you memorize, and repeat it twice (with the i inserted into it). This is similarly done for every password. You could also have a number at the end for whether it's an even or odd number of characters in the domain. A password I no longer use was once made up of the following (and this was years ago, so it's of no use to any potential attackers now): 6 random digits generated by a 386 (see, years ago) another 6 letters+digits from the combination to the door lock for a hotel room somewhere in london I mixed the 2 together to get a 12-digit password But a website? That's silly Another thing people commonly do is to take a dictionary word and add 2-3 digits, such as Flower29 - that's downright dumb, it only multiplies the number of words to try by 100 and that's not a lot. You should try to avoid reducing the search space for a potential attacker - anything which has a yes/no answer you should consider as 1 bit of the key, if you answer yes or no, you've given away 1 bit of the key to the attacker on average. People also do silly things like make their password a swearword when they're known for not swearing on the theory people won't try it - the common 4 letter swears are amongst the first tried (fuck, shit, cunt etc). Generate random numbers, do whatever you must to memorise them, and if you really can't then store them on a completely disconnected device OR in paper form with something that stays on your person even while sleeping. |
|
|
|
My "Password Manager" is in my brain, where nobody else can see them.
I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that... Go to relentlessimprovement.com, order ortho-mind, alpha-GPC and piracetam. Next, get some pregnolone from healthmonthly.co.uk. Take the above daily and avoid alcohol and bumps to the head while practicing neurofeedback and meditation. Long term memory is EASY to enhance. |
|
|
|
Hi All,
Considering all the recent cases where people's usage of passwords turned out to be less than optimal (and sometimes just negligent), allow me to recommend a free, user friendly, secure password manager: passpack.com.
It can create random passwords for you at many lengths, so you can have very secure passwords, and most important - a different one for each service you use, for each encrypted wallet file you create, for exchanges and whatever...
I am not related to passpack in any way, I just wanted to take this opportunity and help in case a few of you feel overwhelmed by the need to manage many secure passwords at once.
If anyone else has a different tool they prefer please share it as well.
Lets take security up a notch, for everyone's sake...
Or, you can generate them yourself on your own trusted hardware. Take a linux netbook with no internet connection and run uuidgen a few times, memorise some of the results and store them in your brain. If you MUST store passwords outside your brain, make sure that whatever you use to store the passwords remains on your person 24/7 even while sleeping. DO NOT use a third-party website to generate passwords - it'd be trivial for that site to log all passwords it generates, and considering how easy it is to generate passwords yourself that stinks of a scam. |
|
|
|
|
I'd like to vouch for the guys at tradehill, had a withdrawal issue there and they went out of their way to fix it, going so far as to take a loss in order to speed things up.
Aside from that, been talking to them regarding BitInstant and it's looking quite likely we'll be launching with support for tradehill - whether you think that makes my statement of support for them biased or not is up to you, but they strike me as very honest and open and I hope to see them succeed.
|
|
|
|
How about debit cards / virtual cards as an added bonus on the accounts  I can help you with that shoot up a PM ...I think this is great I am just offering a helping hand. Thanks! We're currently in early development @ BitInstant.com. Our new service will be able to provide instant funding of your exchange accounts i was thinking of something similar but how are you going to stop people from charging back on their CC? As Yankee says, trade secrets but basically i'm developing some fraud models that will help keep the scammers out as well as using other methods to prevent chargebacks - how those methods models work I can't reveal as it's one of our competitive advantages in this space, some are pretty obvious and common sense, some I feel are quite innovative. Apologies for being all hush-hush, but it is important to keep things under wraps at first and the wait will be worth it I promise. |
|
|
|
WHY? Why Chinese? Why Chinese students? Is this kinda strange taste of the administrator? I am just surprised. It just make no sense. Why not? Maybe the administrator is a Chinese student. Or maybe if you consider how many Chinese students there are in the world, maybe it wasn't such a bad idea after all in order to keep all of the other forum areas from being overrun. But why in the marketplace section? Unless of course the chinese students are trying to buy and sell stuff all over the rest of the forum - but then they can use the normal marketplace sections, and why is it a bad thing if the forum is "overrun" by chinese students? |
|
|
|
Hi everyone So far we've received about 5 logo submissions and are reviewing them - we're still open to new submissions right now though, so if you want to submit one do so With regards to correspondence, we've decided that Yankee will deal with correspondence via PM on this forum so please send new submissions or queries to him, one or two people have been PMing both of us at once leading to double replies. Thanks for the awesome submissions so far |
|
|
|
|
Once you've done that logo let myself or Yankee know by PM here.
|
|
|
|
For a bitcoin wallet backup, personally I ain't letting anyone else have physical possession even with incredibly strong crypto
Actually, there are provably secure systems which have nothing to do with encryption, and very little to do with the idea of a OTP. Do tell! |
|
|
|
I think that as an "open-source" company, maybe it doesn't have stockowners. Maybe just debt for investors that risked their money (even paying back up to 100x on investment)..
Investors don't want just their initial investment back - they want to profit from the deal, and most will want dividends. |
|
|
|
The real issue is that they claim it's a copyright issue when BTC is open source. So they're flagging the listings under false pretenses and therefore their removal's are invalid.
The coins themselves aren't "open source" as such, but legally ebay can refuse whatever trade they want even if it makes no sense. |
|
|
|
|
I normally buy during dips, not right now though - i'm actually saving USD for BitInstant (see my sig) as I believe it's a better longterm investment.
Bitcoin will either fail outright or it will massively increase in value - buying when it's cheap now seems like a good idea.
Selling when it's low? You'll kick yourself when the market recovers.
|
|
|
|
Anyone? This is what I don't like about this place, everyone clings onto their BTC and won't let anyone else have it.
People are happy to sell at reasonable prices, a few will even sell at below market price if they want to shift a large volume in a short period. But for this low volume and at the insanely low price you're asking ($1/1BTC) it's just not going to happen. You might stand a chance at $10USD during a dip in the market - but I doubt it. |
|
|
|
|
Show Posts
