|
1101
|
Bitcoin / Bitcoin Discussion / Re: we need a comprehensive guide for making SAFE bitcoin apps!!
|
on: July 13, 2012, 07:17:48 PM
|
high tech is not the solution to the problems in your previous emails, but my comment was a bit of a sidetrack (that i wish to drop from this thread after this point is made):
i was strictly talking about an idea of how to hide a hot wallet server, disconnected from your previous points. the above, provided some basic precaution on part of the developer, would not reveal a means into the wallet server.
Oh, gotcha  Yes, securing hot wallets has been discussed, but I don't know the thread off hand. |
|
|
|
|
1102
|
Bitcoin / Bitcoin Discussion / Re: we need a comprehensive guide for making SAFE bitcoin apps!!
|
on: July 13, 2012, 07:08:09 PM
|
I'm not against a guide. I just think the focus should be less about the technical, and more about common sense.
During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there.
Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way. That would be worth it for a theft worth say 60K plus.
Low tech security precautions shouldn't be ignored in favor of high tech ones.
i wonder if it would be possible to 'hide' the hot wallet server by putting it on its own box, and only allowing tor hidden service connections in. that way, the IP at least would never be known... Again, you're thinking a lack of high tech solutions is the problem. It's not. In the example about the cleaning lady there are other ways to go about finding the location to commit the crime. For example, if it was me I would start collecting information on the target. I'd do several things first: 1. Do a WHOIS lookup on the member's domain name; unless intentionally obscured this will provide the member's real name or company name... 2. Click the forum member's profile, see what else I can learn about him, like an email address (which I might try to phish email) 3. Do a forum search of all the member's posts; did he ever mention where he was located? Only after starting with the above would I even get into tracking down IP addresses. See? Low tech is often FAR more effective. |
|
|
|
|
1103
|
Bitcoin / Bitcoin Discussion / Re: we need a comprehensive guide for making SAFE bitcoin apps!!
|
on: July 13, 2012, 06:55:37 PM
|
i think it's perfectly sensible to start such a guide with this kind of stuff, although i would drop the conspiratorial tone (even if it proves to be true).
How to make a secure bitcoin application.
CHAP 1: Why is security crucial when making bitcoin applications?
CHAP 1A: Security anecdotes from bitcoin's history (aka Stupid Mistakes)
CHAP 2: Basic server security
CHAP 3: Hot wallets vs Cold Wallets
etc
I'm not against a guide. I just think the focus should be less about the technical, and more about common sense. During one of the last hack discussions a forum member posted that he properly secured his server, citing various technical precautions. He mentioned he did this to protect the X amount of funds stored on the server, and he was glad for the high bandwidth line to his office allowing him to have the server there. Another poster said er it's probably not a good idea to tell people where your server holding these funds is at. For example, one could look up where you are located and pay the cleaning lady 10K to look the other way. That would be worth it for a theft worth say 60K plus. Low tech security precautions shouldn't be ignored in favor of high tech ones. |
|
|
|
|
1104
|
Bitcoin / Bitcoin Discussion / Re: we need a comprehensive guide for making SAFE bitcoin apps!!
|
on: July 13, 2012, 06:40:34 PM
|
let's just say for the moment that whether it's basic security or 'bitcoin security' doesn't matter. we NEED to provide our community with great guides so that enthusiastic young people, even inexperienced, can read it and build according to standard.
and that means the rest of the community can say to them, hey, did you run through part X of our procedure? please publish your results.
i don't imagine something so advanced as a 'test suite' for all sites (impossible, i'm sure), but i do think we could at least start to imagine standards.
Okay, but RULE 1 of the guide is that you are only as secure as your weakest link. Bitcoinica Hack #1 Linode = probably an inside job at Linode Bitcoinca Hack #2 = Moved to Rackspace; Patrick's email server was compromised, oops! Bitcoinca Mt.Gox Hack = We didn't change a password Tihan re-used, sorry! Edit: I should change the word "hack" above because no hacking was even required. Thieves without computer knowledge could have executed all of the above thefts. |
|
|
|
|
1106
|
Economy / Trading Discussion / Re: A public plea for help regarding Bitcoinica and my 24,841 BTC
|
on: July 13, 2012, 06:17:38 PM
|
So with BTC there is no insurance or anything like that with your money? Basically anyone that has the knowledge to hack their way into your wallet/account and take your BTC they end up with it?
Correct. It's just like dollars or valuable jewelry in your house. If someone can hack their way into it they end up with it. |
|
|
|
|
1107
|
Bitcoin / Bitcoin Discussion / Re: we need a comprehensive guide for making SAFE bitcoin apps!!
|
on: July 13, 2012, 05:52:03 PM
|
The truth is "bitcoin apps" are not the problem. The problem is improper security handling. Take the Linode hack for example. Bitcoinica and several other bitcoin related sites had bitcoins stolen. There wasn't a specific "bug" that left these apps vulnerable. The Linode hack was probably an inside job by someone at Linode. There was ONE poster with Linode however that said wasn't affected because he didn't store funds on a server controlled by someone else. The problem here is not app security, it's lacking proper forethought. Another example from this latest breach: While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged.
ALL passwords should have been changed. Even basic security 101 says change your password ever so often, even without any breach, ESPECIALLY if funds are related to it. The problem is high value funds being left vulnerable by people who don't take adequate security care and forethought. BitcoinArmory.com is an example of GREAT security forethought, and is probably the safest way to cold store bitcoins in existence. |
|
|
|
|
1108
|
Bitcoin / Bitcoin Discussion / Re: Poll - What is your ultimate expectation for bitcoin?
|
on: July 13, 2012, 03:48:13 PM
|
I wonder why some people think it's gonna be a big failure...
....because even the most trusted vendors trading in Bitcoins eventually steal. A currency is only as valuable at the trust that individuals have in it. I shut off my miners today (6 Ghash/s) even as the price increases because I don’t trust it anymore. Too many problems for too long. I will still watch but I won't engage again unless many things change. A currency is only as valuable as the trust individuals have in the currency, not other individuals. Bad apples in Bitcoin don't change the usefulness of bitcoin; it doesn't change the fact you can send 10,000,000 worth of some value around the world to anybody you want for very little or no cost, and without asking any permission. |
|
|
|
|
1109
|
Bitcoin / Bitcoin Discussion / Re: Poll - What is your ultimate expectation for bitcoin?
|
on: July 12, 2012, 08:39:05 PM
|
I would be happy with a global payment platform which rivals PayPal but the govts of the world aren't going to shut down the internets. It isn't going to happen. Ever.
They couldn't kill the Internet because it has become permanent part of the economy. It would be like trying to go back to the moon in the Apollo 11 module. The solid state pieces to build it are no longer made. (ok maybe a bit of an exaggeration, but not much) |
|
|
|
|
1111
|
Bitcoin / Bitcoin Discussion / Re: Poll - What is your ultimate expectation for bitcoin?
|
on: July 11, 2012, 04:43:36 PM
|
Poll should allow multiple selection. Here are my answers:
* That will become a widely accepted currency working in parallel with other banks currencies
* That will become the #1 currency that will replace/destroy bank industries
* Stay as underground as possible
* I just want to make a ton of money out of it
How can it be as underground as possible while become the #1 currency?? Easy. The U.S. dollar does this for example. It's the #1 currency and is certainly used for loads of underground activity. |
|
|
|
|
1112
|
Bitcoin / Bitcoin Discussion / Re: Poll - What is your ultimate expectation for bitcoin?
|
on: July 11, 2012, 04:34:51 PM
|
|
Poll should allow multiple selection. Here are my answers:
* That will become a widely accepted currency working in parallel with other banks currencies
* That will become the #1 currency that will replace/destroy bank industries
* Stay as underground as possible
* I just want to make a ton of money out of it
|
|
|
|
|
1113
|
Bitcoin / Bitcoin Discussion / Re: We Must Get Bitcoin to FreedomFest!
|
on: July 11, 2012, 03:29:32 PM
|
|
Okay, FreedomFest starts today!
We don't have any Bitcoin plans? Not even simple flyers with bullet points comparing Bitcoins virtue to silver/gold Eagle coins? And directing them to WeUseCoins.org?
Don't we have any bitcoiners in Vegas that could hand out flyers?
Regarding PaulFest in Tampa, I think we should try for that too, but it probably won't be near as big. Ron Paul said he won't be speaking there.
|
|
|
|
|
1114
|
Bitcoin / Bitcoin Discussion / We Must Get Bitcoin to FreedomFest!
|
on: July 10, 2012, 01:56:06 AM
|
I was just reading this Yahoo! article titled "With 'freedom' in fashion, is libertarianism back?". It starts out by saying it's not about Ron Paul, but then goes on to talk about how it looked like a Ron Paul rally at a conservative gathering on primary night in Nevada. It says all different people are starting to come together under the common thread of freedom. Then it mentions FreedomFest where "thousands will converge on the Las Vegas Strip" for the event July 11 to 14th. FreedomFest began in 2002 and 850 people attended. Last year there were 2,400. I'm thinking this year there will be at least double, possibly even near 10,000 people. The idea to give Bitcoin exposure at FreedomFest came up here in 2011: https://bitcointalk.org/index.php?topic=2588.0Some ideas were tossed out, but it doesn't look like much came of it. Of course things have changed up to now, and I think this year should be different! Thoughts? http://www.freedomfest.comFreedomFest 2012: What to Expect
Once a year thousands of freedom lovers from around the world gather together to learn, network, discuss, debate and celebrate liberty – or what’s left of it!
Join us July 12 – 14, 2012 for over 200 sessions on politics, the economy, philosophy, history, geo-political events, finance & investments, science & technology, art & literature, healthy living, music, religion, you name it. There’s definitely something for everyone!
|
|
|
|
|
1115
|
Bitcoin / Bitcoin Discussion / Re: A Business Primer on the Bitcoin Ecosystem - Erik Voorhees
|
on: July 05, 2012, 08:19:52 PM
|
tl;dr: The cost of a 51% attack for a single transaction is prohibitive.
So we should completely disregard this when introducing new merchants and users to Bitcoin, rather than state that it is currently extremely difficult and improbable? Sure, put an asterisk on "not reversible" with an explanation for the sake of technical accuracy and completeness. Edit: but at the same time Bitcoin is also technically experimental software, which is not the kind of software businesses use as a general rule... Do we prominently advertise that? We do want people to use Bitcoin. I guess it depends on your point of view. The technically inclined can accurately evaluate risks associated with using Bitcoin, but that's the minority. |
|
|
|
|
1116
|
Bitcoin / Bitcoin Discussion / Re: A Business Primer on the Bitcoin Ecosystem - Erik Voorhees
|
on: July 05, 2012, 06:03:54 PM
|
Okay, while we're all picking Erik's post apart (sorry, Erik, if our writing was as publicly in demand as yours we'd have to endure the same  ) I would definitely capitalize "internet" as a proper noun. Other than that, yet another fantastically coherent, educational post from Mr. Voorhees! I particularly think this line should be blurbed out to news outlets: All money is essentially digital in today's modern world, yet still it requires tremendous delay and burden for many functions. There is no reason that a digital payment of US dollars from one country to another should take a matter of days, when a digital email is sent and received in a second. Bitcoin makes money as efficient as email. |
|
|
|
|
1117
|
Bitcoin / Bitcoin Discussion / Re: A Business Primer on the Bitcoin Ecosystem - Erik Voorhees
|
on: July 05, 2012, 05:35:22 PM
|
quick clarification: HTML is not a protocol, HTTP is (may not matter for non-techies)
Non-techies probably wouldn't catch it, but non-techies often do find actual techies to help them understand things and form opinions. I think it's better to be accurate. I would replace 'HTML' with 'HTTP' and maybe just add in parenthesis "what largely powers the Internet". |
|
|
|
|
1118
|
Other / Politics & Society / Re: USURY
|
on: July 05, 2012, 04:45:51 PM
|
I think the moral issues don't stem from the practice of lending money itself. I don't see any issue with that (and there are good arguments already in this thread of why it's in fact essential to an economy). The moral issues are related to what you allow as collateral for a debt and what happens in the event someone is unable to repay a debt. For example, I'd argue that it's immoral to allow a person to be enslaved when they cannot repay a debt. Few people would probably disagree…however, the question of what constitutes enslavement is not so straightforward. Lenders will just have to factor into their risk model that they cannot turn someone into a slave in the event they don't repay their debt.
The negative views toward usury stem from two things: 1) a misunderstanding what economic impact it can have, and 2) the question of its morality. My comment above shows how it mistakenly becomes a sort of scapegoat for economic problems. As for morality I personally don't like usury, but don't have any problem with its use. The only time it becomes a moral issue for me is when the percentage charged ventures too high. I'd wager most would agree with that on a sliding scale. For me "too high" is anything over about 20%. But 1%, for example, wouldn't register as immoral to me at all. |
|
|
|
|
1119
|
Other / Politics & Society / Re: USURY
|
on: July 05, 2012, 03:56:44 PM
|
I would argue that the fundamentals of our current economic malaise rest in it being legalised and bought into general use.
And you would be wrong. That would be like saying guns are responsible for world violence, which is incorrect. Guns may certainly have an influence on the amount of world violence, but they are not the source. And of course violence is possible without guns. So too would be our economic troubles without usury. The real source of our economic problem is debt as a basis for economic growth coupled with unsound (inflationary) money. |
|
|
|
|
1120
|
Bitcoin / Project Development / Re: Help build a better Bitcoin logo!
|
on: July 03, 2012, 10:02:55 PM
|
I've been impressed with the orange logo as a sort of spontaneous-order success. It is attractive and simple with only two colors and yet still very unique. It is easy to print on stickers and shirts. You can recognize it at great distance on a sign and also as a small icon on a computer or smartphone. I can't think of any other common logos that it can be confused with. The ubuntu font used for "bitcoin" in the long form meshes nicely with the unpretentious style of the orange logo and bitcoin as a whole.
I think the satoshi design is nice as well, but I see it as more of a dress-up, formal logo since it is more complicated and not as recognizable at a distance. It is riding on the coattails of gold coinage, whereas the orange logo is its own person.
I think a complete redesign would be a bad idea at this point. I'm also not sure any slight modification of the orange logo would be worth the investment, but hey, it's a free currency, so do what you want!
I agree with most everything said here, particularly the strong points of the current logo: * attractive, simple, unique, and only two colors makes it easily adapted to other things (black and white, t-shirts, cheaper printing, etc.) * easy to recognize at a distance * has its own personality not easily confused with anything else I think it will be hard to get a new and better logo which retains all that, but I do think improvement may be possible. Edit: I just noticed the username of who I quoted. LMAO |
|
|
|
|
Show Posts
