Bitcoin Forum
April 17, 2014, 06:23:18 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
  Home Help Search Donate Login Register  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
1  Bitcoin / Bitcoin Discussion / Re: Picasso Soft ATM User Review(s) on: Today at 06:43:54 AM
Thanks for sharing rockhound, sounds like it's very optimized for real time POS rather then setting up trades for the future...
On the note of 'setting up trades for the future':
If you are looking for a mobile wallet which has functionality comparable to localbotcoins you should check this out:
http://www.reddit.com/r/Bitcoin/comments/236k5d/mycelium_local_trader_is_now_available/

  • The wallet is widely used and has been around for a year + open source
  • The trading functionality launched yesterday.
  • No BTC trusted with a third party. Coins sent directly from seller to buyer
  • Integrated chat with end-to-end encryption, not even the trade server can read messages sent between buyer and seller.

(disclosure: I am one of the developers)
2  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: Today at 06:24:34 AM
I want to use mycelium on two devices.  
How can I sync them?

create a backup on one phone, enable expert mode on the other phone and restore the backup.

(the key that was already generated there before is most likely not needed any more so you can delete it or move to archive)
Not having much luck syncing mycelium on the extra tablet.
Can't scan the qr code from the pdf (this tablet has no back camera), and I can't copy and paste the text key.  I had the pdf up on the tablet's screen and tried to copy the key by long press, but it wouldn't highlight, so I went and opened up the pdf on my laptop, copied the key and sent the key to myself in an email.  That worked.  In email, I was able to highlight and copy the plain text key.  So it's on the clipboard, but when I go to mycelium keys > add key, the clipboard button is still greyed out.  The mycelium app doesn't see the clipboard.  I was using gmail on a Nexus 7, if that helps any.  And the text definitely made it onto the clipboard, because I was able to paste it in other places, just not the mycelium app.
Do you have any suggestions?
When adding a key the clipboard function only allows for importing Bitcoin addresses and plain text private keys, not encrypted private keys as the one you have on the PDF. I see that this is a bit stupid as handling plaintext private keys is not really safe. This is party due to historical reasons (encrypted private keys came along later).
I gotta fix this.

Can you use the front camera to scan QR codes?

Alternatively you can export your private key in plain text from one app and import it on the other from the clipboard. To do that go to the Keys tab, select the key and choose Export and then 'copt to clipboard'. Note: You have to be very careful when doing this, as it exposes your private key to the clipboard (read 'all other apps on both your devices') and anything that can listen on the transport from one device to the other.

If your tablet cannot scan QR codes at all you might not want to use it for spending coins, but merely monitoring your funds. In that case you can import just the bitcoin addresses (over clipboard, and it is safe to do so). This way you get a read-only version for monitoring and receiving funds.
3  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: Today at 06:08:21 AM
Is there a way to change the wallet address so you dont have a bunch of transactions from the same address?
If you swipe to the Keys tab you can create additional keys/addresses. Once we get to HD wallets this will be automated for you.
4  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 16, 2014, 09:11:40 PM
Just used the new feature. Within 30minutea of posting my listing I was contacted by a bitcoin meet up group. I had no idea about thus in Amsterdam on the NEXT street from my apartment!!! Within an hour of making my listing I had met and traded and drank some beer and even bought the beer with bitcoin!

What an amazing experience
Great to hear man!
This is really an amazing story, thanks for sharing.
5  Bitcoin / Bitcoin Discussion / Re: What is the most efficient way to earn bitcoins without spending money? on: April 16, 2014, 08:57:54 PM
Turn yourself into a mobile Bitcoin ATM and make a living providing liquidity in your area:
http://www.reddit.com/r/Bitcoin/comments/236k5d/mycelium_local_trader_is_now_available/
6  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 16, 2014, 06:46:07 PM
Video was funny. The feature however is the most exciting thing in actual practical Bitcoin use that I have seen in a long time. Very excited.

Looking forward to Bitcoin 2014 conference even more. This feature will be a killer there.
I'll make sure to bump into you. It has been a year since I met you the last time at the San Jose conference.
7  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 16, 2014, 06:44:46 PM
The latest major Mycelium feature, called Local Trader, is finally out of beta and available to everyone.

Great! (although I had to dump almost all other apps from my lowly GT-5500 because the new feature and the google thingies it requires ate too much memory)
Found one minor bug while plyaing with it: When entering a location using the input field, there's no OK button. The cr key on the virtual keyboard just adds a line break. So I can type a place name, but not finish entering it...

Onkel Paul

P.S.: loving the video!
As you type a list of available choices should appear between the text box and the keyboard. You finish the dialog by selecting one or clicking the back button.
Like this: http://imgur.com/oIB4a9T
8  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 16, 2014, 05:34:26 PM
The new Local Trader feature is very impressive, at least on paper. Haven't tested it yet but that sounds reeeaally good.

Please try it out. If you install the testnet version you can do trades with a bot called Virtual Trader and get free testnet coins:
https://play.google.com/store/apps/details?id=com.mycelium.testnetwallet

We really hope that his makes it easier for new users to get some coins in their local community. However, we cannot do this on our own. We need experienced bitcoiners selling coins all over the world, also in Finland  Wink

We also hope that this (optional) payable feature helps us pay our bills while letting you make a small profit selling coins.
9  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 09, 2014, 07:15:55 AM
Is there more information on this? I am confused with how mycelium was affected by the heartbeat exploit, and what the possible repercussions may be.

Sincerely, 
Mycelium user

The Heartbleed attack allows an attacker to read the memory of the targeted server if it uses HTTPS.
The Mycelium backend servers use apache as a front end and Heartbleed allowed an attacker to read the memory of the apache server. This could potentially enable the attacker to get to the https certificate private key of the server. Our servers were patched within hours of the announcement, and the probability of anyone targeting our servers in that time frame is low. In any case we are in the process of rotating the certificates with new ones.

Are my bitcoins safe?
Yes. Our servers hold no passwords or private keys (other than the HTTPS certificate). Our servers function as a super fast index over the blockchain, which is public data held on every bitcoin node out there. Your Bitcoin private keys are only on your device (and hopefully in your encrypted backups)

What is the worst thing that can happen if your https certificate private key is leaked?
In the worst case scenario someone has a copy of our https certificate private key, which means that the communication between your wallet and our servers is not encrypted (to them). We consider this very unlikely but will rotate certificates anyway. Have in mind that the communication on the bitcoin network is also not encrypted.

10  Bitcoin / Development & Technical Discussion / Re: [BIP][Draft] BitID - Bitcoin address authentication protocol on: April 04, 2014, 12:34:40 PM
First of all, this is a great idea. In many ways it looks like something I have been toying with myself  Grin

Username/passwords are old-school, error prone, and insecure. There has been many attempts to introduce public key authentication for normal users over the years, but handling secret stuff is hard to do in a way that makes it easy & secure. With Bitcoin we already have to solve these things, so to bitcoiners this is like a free lunch because we can piggyback on our existing technology. So Eric, thanks for taking on the challenge of turning this into a BIP.

Suggestions:
  • The double slash in "bitid://" is a http thing, and not necessary, so you can make it "bitid:" just like we have "bitcoin:". Most wallets support "bitcoin://" in addition to "bitcoin://" because of a misunderstanding during the early days
  • I wouldn't use the nonce as the (secret) session ID after successful authentication. Instead it should return a longer, random, and secret session ID in the POST response
  • In fact I would probably remove the nonce from the URI and get it from the server over https. This is to prevent some sucker from giving you a chosen nonce. First do a GET to https://www.site.com/blah/nonce?a=18JFzYgLH3kbweCqJzLZPteqysvup5qwTu to get a nonce linked to your bitcoin address, followed by a POST to https://www.site.com/blah/authenticate?a=18JFzYgLH3kbweCqJzLZPteqysvup5qwTu and let the signature be part of the POST data. On success the (unique, secret, random) session ID is part of the POST response
  • Hmm...  the site name might not even be URL encoded as a HTTP parameter. Why not do it like this: "bitid:www.site.com/blah" ? Much cleaner and very readable
  • The signature should contain the bitid URI, the nonce,  and be prefixed with"Bitcoin Signed Message:\n" like any other Bitcoin signed message


Off the top of my head I would do it like this in Mycelium:
1. User scans a bitid QR code from a desktop browser or clicks a bitid URI in the browser of his phone. This launches the wallet.
2a. If the site (htttps://www.site.com/blah) is already associated with an address in the wallet, then the user will be asked "Would you like to login to www.site.com/blah as 18JFzYgLH3kbweCqJzLZPteqysvup5qwTu ?" If the address has a label ("Fred")in the wallet the label will get displayed instead of or in addition to the Bitcoin address)
2b. If the site (htttps://www.site.com/blah)  is not associated with an address in the wallet, then the user will see "You are about to login to www.site.com/blah. Which Bitcoin address would you like to use?". User picks/creates an address in the wallet
3. The user clicks "Login". If the wallet has the private key it does the login dance (GET nonce, calculate signature, POST signature) If the wallet does not have the private key (read-only wallet) it asks the user to scan the private key from paper (cold authentication), does the login dance and wipes the private key from memory.
4. On success the wallet closes and returns to the browser, which automatically updates with "Welcome Fred"

... or something like that.

11  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 04, 2014, 05:39:31 AM
Bounty offered to Mycelium developers

We are developping the BitID authentication protocol. Basicaly it's an open standard to facilitate user's registration in login on a service using its Bitcoin key (it could be compared to "Facebook connect" on the UX and flow). User scans a QRcode which contains a bitid:// URI, it's parsed for validity by the wallet and a confirmation is prompted. After choosing a Bitcoin address, the URI is signed and a POST is made in the callback addres contained in the URI.

For the full explication of the protocol, examples and demo please refer to our GitHub :
https://github.com/bitid/bitid

To be successfull, BitID must be implemented in most of the popular wallets. We would like to start the development with Mycelium (because it has already the signing message functionality). To motivate developers we are offering a bounty of 1 BTC.

What is needed to do :
  • register the bitid:// scheme (so it is activated in case of click)
  • throw a bitid:// intent when scanning a BitID QR code
  • decode the URI and verify its format
  • display a request for authentication showing the domain name callback and ask for validation
  • ask the user to pick up or create a Bitcoin address for the authentication (show the last Bitcoin address used if this is a known callback address)
  • sign the BitID URI with the private key
  • POST the signature, the URI and the public key to the callback URL
  • completion dialog : success/retry/cancel

Please PM me for more details and specifications.

Eric

Hi Eric, I have been toying around with a VERY similar login mechanism, just never got around to spec it. Great minds think alike :-)
Classical password authentication is an insecure mess that could be solved nicely with public key cryptography. The problem however is that it offloads a lot of complexity and responsibility on the user. Managing private keys securely is really hard. The good news is that this is already being solved in bitcoinland, simply because we have to (if you don't have exclusive control over your private keys you don't have any bitcoin), so doing public key authentication is practically a free lunch to bitcoiners.

PM sent.

Comments:
  • This should be formalized as a BIP
  • The bitid request should optionally contain (a prefix of) the bitcoin address to sign with to allow automatic private key selection for the user
  • I suggest that the callback URL is reduced to https only and possibly only to the host name and path (no parameters), and then URL encoded. This makes the bitid shorter and human readable. Instead of ...&c=aHR0cHM6Ly93d3cuc2l0ZS5jb20vY2FsbGJhY2s%3D it would just have ...&c=www.site.com%2Fcallback
  • The server side does not need to have the public key of the user, the bitcoin address + signature is enough for verification
  • The signature on the bitid should be prefixed with "Bitcoin Signed Message:\n" as any other Bitcoin signed message

This is just what I had in my head, I am certain that others want to chip in too.
Please make a separate thread for discussing the BIPification of bitid.
12  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 03, 2014, 05:40:47 PM
Is it intentional that when you scan in a new private key it doesn't ask you to make a new backup?
Yes. The wallet only requires you to verify backups of keys generated internally. Imported keys already have an external source, and are assumed to be backed up already.
13  Bitcoin / Development & Technical Discussion / Re: Finally a question about Bitcoin that I could not answer. on: April 03, 2014, 03:13:33 PM
Hi,

We've been working on a developer guide for Bitcoin.org which might be what you're looking for.  We have a forum thread, GitHub repository, and a demo site.

We're actively looking for writers and reviewers, so if you'd like to help, please see the forum thread above.

Thanks!, -Dave
Looks pretty comprehensive. Thanks for the heads up.
Guess it is time to chip in.
14  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 03, 2014, 02:49:28 PM
A minor bug in the pdf backup to do with the numbering 'Active X of Y' being incorrect.

  • Have ten addresses in your wallet (none archived, not sure if this matters or not)
  • Make a pdf backup
  • Note in the pdf the order of X in the title 'Active X of Y' says [1, 1, 2, 3, 4, 5, 6, 7, 8, 9] when it should say [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]

There are ten QR codes so the backup is still fully functional, but it is disconcerting to get to the end of the list and see '9 of 10' instead of '10 of 10'
This was fixed a while ago, and will be part of the next release. Note that all the QR codes are present, it is just the numbering that is off by one.
15  Bitcoin / Technical Support / Re: Help me find my lost bitcoins :o (300 BTC award) on: April 02, 2014, 02:22:45 PM
obvious troll is obvious
16  Bitcoin / Development & Technical Discussion / Re: Finally a question about Bitcoin that I could not answer. on: April 02, 2014, 11:38:11 AM
aha... look at what I found:
http://shop.oreilly.com/product/0636920032281.do

Sounds promising. Estimated to be available August 2014.
17  Bitcoin / Legal / Re: TAX free bitcoin in DENMARK on: March 27, 2014, 03:17:40 PM
I have been trying to read the document with an online translator and it is difficult to understand it properly.

Is it without doubt that all profit generated by an individual who has sold bitcoins is absolutely tax-free? No income tax or capital gains tax? No VAT? No hidden taxes?
I am Danish, and have a hard time understanding it!


My layman gist of the entire story: Some guy read and misunderstood the document and posted about it somewhere. Some journalist read it and made a story about it. Some journalist read that and made a story about it. Rinse and repeat. 

This is how half of what you read in the media come into existence.

In particular it states:
Quote
Såfremt virksomheden anses for en hobbyvirksomhed eller anden ikke-erhvervsmæssig virksomhed omfattes indkomstårets realiserede nettogevinster ved anvendelse af Bitcoin efter SKATs opfattelse af statsskattelovens § 4 som skattepligtig indkomst for spørger personligt.


meaning: If the company is a 'hobby company' or otherwise a non-business company (read ordinary guy) the income realized by increased Bitcoin prices are according the the Danish tax authorities subject to taxation as normal income tax. (we are talking abut 50% here)



The ruling is under the assumption that Bitcoin is a payment network only <-- wrong

They also mention several times that using Bitcoin for payment is futile as you have to use a bank on both ends anyway <-- wrong

They also mention several times that if your business does anything that could resemble speculation then the ruling does not apply. (most of us do that)



Before you move to Denmark, please realize that Denmark is a country where there is practically a tax on farting. We have the highest taxes in the world, and Bitcoin is not likely to be an exception.

TL;DR
Some guy read and misunderstood the document and posted about it somewhere. Some journalist read it and made a story about it. Rinse and repeat.


This is how half of what you read in the media come into existence.
18  Bitcoin / Legal / Re: TAX free bitcoin in DENMARK on: March 25, 2014, 05:11:27 PM
Source?
19  Bitcoin / Bitcoin Discussion / Re: Which Bitcoin Client do you use and why ? on: March 21, 2014, 11:04:11 AM
It seems people are preferring blockchain.info over coinbase in terms of online wallet. Any specific reason ?
blockchain.info is not a bitcoin bank.

Where did I say blockchain.info is a bitcoin bank ? That is what CoinBase is and they are providing wallet service too. So is the comparison.
You didn't say that blockchain.info is a bank. You asked a question:
Quote
It seems people are preferring blockchain.info over coinbase in terms of online wallet. Any specific reason ?
and I answered:
Quote
blockchain.info is not a bitcoin bank.
Which is hopefully why people prefer it over coinbase.
20  Bitcoin / Bitcoin Discussion / Re: Android App that lets you buy bitcoins? on: March 20, 2014, 07:11:17 PM
Mycelium is integrating p2p trades (btc for cash, localbitcoins-style).
The testnet version has been out for a few weeks: https://play.google.com/store/apps/details?id=com.mycelium.testnetwallet

The real thing will be available soonish.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!