Bitcoin Forum
April 21, 2014, 12:12:53 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
  Home Help Search Donate Login Register  
  Show Posts
Pages: [1] 2 3 4 5
1  Economy / Service Discussion / Re: Annihilation Market: Trustless, P2P, distributed, Zero Sum, No deposit, No fees. on: February 18, 2014, 12:13:35 AM
Quote
"Credit" itself may operate like a redemption token that is inversely proportional in price to bitcoin.  It entitles a user to more bitcoin as the price drops, and less bitcoin as the price rises.   Where it is "stored" is trickier to answer, because it doesn't necessarily have to exist at all.   When a "seller" posts an offer to lend bitcoin in exchange for credit, any person who already has credit (from previous sales) is entitled to take that bitcoin in exchange.  Credit is single-use however, and cannot be double spent.

So far, this is a vision statement (a good one) but is not clear if it could even be implemented.

I need clarifications for example, how can one distinguish between credit of various types? USD/EUR/Gold. How is credit spending tracked on the blockchain? How is double spending prevented?

Quote
"Anti-credit" binds the bitcoins within a specific order to an address, and does not give the owner permission to withdraw them unconditionally.  The process of taking possession of those BTC may ultimately look like some sort of multi-sig transaction which mandates that the BTC cannot be moved until the anti-credit is neutralized.  The higher the price goes, the less bitcoin a user has to 'sacrifice' in order to withdraw the rest.

This locks the user out and may retard adoption. What is the point in getting bitcoin if you cant use it for whatever you need it for? Note that in the fiat world, you can exchange USD for EUR and you are free to do whatever you want with the currency you currently possess.

It may be better to re-brand the "credit and anti-credit" as "long and short" contract positions, since when you are in a long futures contract, the only thing you can do is to hold it or close it out for profit or loss.
2  Economy / Service Discussion / Re: Annihilation Market: Trustless, P2P, distributed, Zero Sum, No deposit, No fees. on: February 17, 2014, 08:28:16 PM
I've been working on a decentralized futures+derivative exchange for a while and this is certainly interesting to me.

EDIT: The real issue is how to create a fair and coherent distributed orderbook. Will it be on a separate website or set of websites? That would still act like a bunch of exchanges. A truly decentralized model would work at the level of individual users.

A second issue is the credit/anti-credit. Where will it be stored? On the blockchain? As dust? On separate websites?

What prevents someone from simply accepting coins for credit and then no longer participating in the system?

Lots of issues here.
3  Economy / Service Discussion / Re: HOLY SHIT BTC-E.COM hit $40 per BTC! on: July 31, 2012, 03:20:45 AM
Well, Zhou needed to get the money to pay back everyone from somewhere I guess Cheesy

LOL
4  Bitcoin / Bitcoin Discussion / Re: Bitcoin Operations and Security Standard (BOSS) on: July 28, 2012, 04:23:24 PM
If people prefer paying half a percent fee on every trade for the convenience of using simple easy to guess passwords on website-type user-interfaces that is the free market in action. For puny trivial sized trades the convenience is probably worth it. Maybe though for at least some people avoiding that fee and having to put up with a secure method of communication with a server might seem worth it when they deal with significant sums.

-MarkM-


Understandable, and there is no reason the private key itself cannot be stored encrypted with symmetric encryption on the server. The symmetric key can be generated/computed from the password on the client side and used to decrypt the private key after its fetched. This is then used to sign the server challenge. This is convenient, with the risk that encrypted private keys are now on the server.

Another option is to use openid/oauth type schemes where the authentication is not done by the server/business in anyway but relies on well known providers such as myopenid, google, facebook.

A yet third option is to have a browser plugin that fetches your private key off a thumbdrive and makes the entire login process seamless. i.e. when you go to the website, as long as the thumbdrive is in your computer, it will fetch the private key, do the authentication and sign you in automatically. You only see a notification of successful login or failure. It can also sign any transaction request, authenticating your request to the server. I'm sure some of the smart folks here could easily write something like this.

I would add yubikey, but that's tying to a vendor.
5  Bitcoin / Bitcoin Discussion / Re: Bitcoin Operations and Security Standard (BOSS) on: July 28, 2012, 06:06:03 AM
Users' passphrases should exist only on the user's end, not at the server end.

For more discussion of security standards for bitcoin check out https://bitcointalk.org/index.php?topic=95745.0

-MarkM-


That's very well thought out.
6  Bitcoin / Bitcoin Discussion / Re: Bitcoin Operations and Security Standard (BOSS) on: July 28, 2012, 06:02:45 AM
Ok, I don't want to tie anything to a particular technology, but authentication does not require a password to be transmitted. Only proof of being the owner of the identity. Such systems are called zero knowledge authentication systems. Its not "combine different ideas together/buzz words". But I appreciate your indignation. It means you do really care about bitcoin's success and I welcome your input.

http://en.wikipedia.org/wiki/Zero-knowledge_password_proof


Many authentication systems exist that never see a user's password due to public/private encryption.

Essentially works like this:
User has a private key.
Server sends a challenge.
user signs the challenge with his private key
server reads the signed challenge and verifies using the clients public key.

Once identity is established, the client can perform all operations until the session expires.

Blockchain.info uses zero knowledge authentication, as do wuala, spideroak, clipperz, etc.
7  Bitcoin / Bitcoin Discussion / Re: Bitcoin Operations and Security Standard (BOSS) on: July 27, 2012, 10:56:06 PM
This is great folks. All your contributions help. No one person can think of everything.

I'll attach a list of credits with the names of all contributors to acknowledge your efforts in every version.
8  Bitcoin / Bitcoin Discussion / Re: Bitcoin Operations and Security Standard (BOSS) on: July 27, 2012, 10:53:44 PM
It seems most of the Bitcoin public is unable to grok that Information Security is not a state but a process. This includes authors of standards, apparently.


Thanks. Fix added.
9  Bitcoin / Bitcoin Discussion / Re: Bitcoin Operations and Security Standard (BOSS) on: July 27, 2012, 09:29:35 PM
This, although commendable, is unworkable. Exchanges will not sign up to a policy over which they have no control and there is no clear control/revision mechanism. Indeed an exchange may implement its own policies which are more technically and practically secure.

If you try to put a series of rules in place, they will serve as an excuse for more thefts/losses. "We did X according to the standard, but still got robbed".

The only standard there needs to be is "Don't steal or lose people's money". And as we all know, even this is optional.


BB.

My guess is that when presented with a BOSS business and a competing business, the BOSS business will attract more customers. Competition ensures most companies will do the right thing and WANT to attract confidence in their business.

If I'm wrong and everyone wants to keep the current state of affairs, then Bitcoin may not be able to compete with the fiat world and will remain a hobby among the few thousand users here.

Quote
"We did X and got robbed"

That's most certainly going to happen, but less frequently than without BOSS. And everytime it happens, we can amend BOSS to mitigate the newly identified risk.
10  Economy / Service Discussion / Re: Public STATEMENT Regarding Bitcoinica account hack at MtGox on: July 27, 2012, 06:22:59 PM
Quote
Are you going to set up the agile and scrum?

I was thinking more like a GPL type process. A publicly known standard that can be referred to, complied with and audited against.
11  Bitcoin / Bitcoin Discussion / Bitcoin Operations and Security Standard (BOSS) on: July 27, 2012, 06:19:41 PM
If any of us want bitcoin to succeed, we need to achieve the following:

Establish security and auditing standards that bitcoin companies and comply with. This can be publicly posted and edited and companies can post a statement of compliance such as: Complies with bitcoin security standard V2.1

The goal of this is to ensure bitcoin can self-regulate instead of running to the government and begging to be saved from the bad guys. I'm not anti-government regulations per se, but calling in the government to regulate a brand new industry will most certainly stifle innovation.

While there seems to be circumstantial evidence to suggest ZT may have either been a naughty boy or just plain stupid, we need to proceed judiciously. Note that accusations are easy, and tomorrow anyone here with any business could be accused of wrong doing should something go wrong.

We need to put in place transparency and self-regulation so that rampant speculation will have no place.

The fiat financial world is heavily regulated because they had to learn all their lessons the hard way. We don't need to. We should simply apply the lessons here and make BTC a far better product.

For example:
V0.1 of Bitcoin Operations & Security Standard (BOSS 0.1)

Goals of BOSS:

1. Set a standard expectation regarding security and operating procedures.
2. Eliminate, reduce and mitigate losses due to theft or corporate wrongdoing
3. Eliminate, reduce and mitigate losses due to customer action or fraud.
4. Ensure the most up to date security mechanisms are in place.

Users:
1. Every account has 2-factor authentication. [This prevents fraudulent claims of password theft etc]
2. All passwords are salted and hashed. Use state of the art password protection as available using zero knowledge encryption. The unencrypted password should not travel beyond the user's device. Example: blockchain.info [Mitigates loss due to/claim of lost password db]
3. All users who store more than 1000BTC or $10000 USD need to provide scanned copy of govt id. [Large amounts attract theft. Disclosing your identity may be the only way to protect yourself. Prevents Govt coming after corporations for money laundering.]
4. Maximum daily withdrawals are set based on corporate policy. 1000BTC and $10000 recommended. Larger amounts may be allowed after a phone call and verification. [This prevents large losses in case of password theft]
4.a. Optional: withdrawals should go to the same wallet deposits were made from. Customer can always withdraw full amount to the originating wallet, change the designated outgoing wallet and replace the funds as necessary for financial privacy and security. [For some businesses such as mixing services, this makes no sense]

Companies:
5. All Corporate funds are strictly separated from Customer funds. [This makes embezzlement easy to detect and prevents accidental losses]
6. Most BTC are stored in cold wallets. [Prevents large losses due to root privilege compromise]
7. The cold wallets containing more than 1000BTC keys are split among at least 2 officers of the company, so that no one person can withdraw from a cold wallet. Steps should be taken to ensure that these keys portions are not shared and not lost if one of the officers dies or exits the company.
8. Other cold wallets have a maximum amount of 1000BTC beyond which it should split into two cold wallets. [This puts an upper limit on loss from actions of an unscrupulous officer of a company.]
9. Companies will take user privacy very seriously and will not air issues in a public forum. As appropriate, resolve issues with the customer or contact law enforcement. [This will build confidence in bitcoin businesses and prevent slander/accusations of slander]
10. Where appropriate, companies should insure against losses of user funds from theft, loss of keys, disruption of operations, etc. This does not apply to trading losses caused by user's own actions. [Builds confidence and permits outside entity, i.e. the insurance company to audit security procedures]

Added per suggestions:
11. All operational data including user data, financial transactions, software state and configs should be encrypted and backed up to at least one geographically separate location. 2 copies in two geographically isolated locations recommended. [Everything is gone! is no longer a valid argument]

12  Economy / Service Discussion / Re: Public STATEMENT Regarding Bitcoinica account hack at MtGox on: July 27, 2012, 05:51:26 PM
The goals of BOSS are:


1. Set a standard expectation regarding security and operating procedures.
2. Eliminate, reduce and mitigate losses due to theft or corporate wrongdoing
3. Eliminate, reduce and mitigate losses due to customer action or fraud.
4. Ensure the most up to date security mechanisms are in place.

The fiat financial world is heavily regulated because they had to learn all their lessons the hard way. We don't need to. We should simply apply the lessons here and make BTC a far better product.
13  Economy / Service Discussion / Re: Public STATEMENT Regarding Bitcoinica account hack at MtGox on: July 27, 2012, 05:39:00 PM
EDIT: Moved to separate thread here https://bitcointalk.org/index.php?topic=96086.0

If any of us want bitcoin to succeed, we need to achieve the following:

Establish security and auditing standards that bitcoin companies and comply with. This can be publicly posted and edited and companies can post a statement of compliance such as: Complies with bitcoin security standard V2.1

The goal of this is to ensure bitcoin can self-regulate instead of running to the government and begging to be saved from the bad guys. I'm not anti-government regulations per se, but calling in the government to regulate a brand new industry will most certainly stifle innovation.

While there seems to be circumstantial evidence to suggest ZT may have either been a naughty boy or just plain stupid, we need to proceed judiciously. Note that accusations are easy, and tomorrow anyone here with any business could be accused of wrong doing should something go wrong.

We need to put in place transparency and self-regulation so that rampant speculation will have no place.

For example:
V0.1 of Bitcoin Operations & Security Standard (BOSS 0.1)

Users:
1. Every account has 2-factor authentication. [This prevents fraudulent claims of password theft etc]
2. All passwords are salted and hashed. [Mitigates loss due to/claim of lost password db]
3. All users who store more than 1000BTC or $10000 USD need to provide scanned copy of govt id. [Large amounts attract theft. Disclosing your identity may be the only way to protect yourself. Prevents Govt coming after corporations for money laundering.]
4. Maximum daily withdrawals are set based on corporate policy. 1000BTC and $10000 recommended. Larger amounts may be allowed after a phone call and verification. [This prevents large losses in case of password theft]
4.a. Optional: withdrawals should go to the same wallet deposits were made from. Customer can always withdraw full amount to the originating wallet, change the designated outgoing wallet and replace the funds as necessary for financial privacy and security. [For some businesses such as mixing services, this makes no sense]

Companies:
5. All Corporate funds are strictly separated from Customer funds. [This makes embezzlement easy to detect and prevents accidental losses]
6. Most BTC are stored in cold wallets. [Prevents large losses due to root privilege compromise]
7. The cold wallets containing more than 1000BTC keys are split among at least 2 officers of the company, so that no one person can withdraw from a cold wallet. Steps should be taken to ensure that these keys portions are not shared and not lost if one of the officers dies or exits the company.
8. Other cold wallets have a maximum amount of 1000BTC beyond which it should split into two cold wallets. [This puts an upper limit on loss from actions of an unscrupulous officer of a company.]
9. Companies will take user privacy very seriously and will not air issues in a public forum. As appropriate, resolve issues with the customer or contact law enforcement. [This will build confidence in bitcoin businesses and prevent slander/accusations of slander]
10. Where appropriate, companies should insure against losses of user funds from theft, loss of keys, disruption of operations, etc. This does not apply to trading losses caused by user's own actions. [Builds confidence and permits outside entity, i.e. the insurance company to audit security procedures]
14  Bitcoin / Project Development / Re: [ANNOUNCE] OpenPay - Entering Burn In, Shake Down & Alpha Test phase. on: July 09, 2012, 12:18:12 AM
Openpay is just what Bitcoin needs
15  Bitcoin / Project Development / Re: If I wanted to start a Bitcoin casino... [will pay for help] on: March 03, 2012, 01:58:01 PM
Sites like bittleships and luckycoin casino make it look so easy to deposit/spend/earn/withdrawl bitcoin, and I was wondering if someone would help me set that up.

It's pretty easy to do if you run your own bitcoind. You use the bitcoind JSON RPC to detect player deposits, and all other transactions are just INSERTs into your database. Then, a SQL query like this can give you the player's balance:

Code:
   SELECT SUM(AMOUNT) FROM TXNS WHERE UID=[user's id];

Combine this with client-side polling, and voila!


SUM(AMOUNT) will quickly slow down your site if you plan to have millions of users. A simpler strategy is to do a small incremental computation with each transaction and record the new total balance with each transaction. That way you just need a simple SELECT to get the balance.
16  Economy / Marketplace / Re: Anonymous Ads. Wanted: generous advertisers, diligent affiliates (publishers) :) on: February 28, 2012, 10:37:52 PM

1) allow to specify billing cycle upon ad creation
2) enable some basic ip-based geo-targeting
3) enable filtration based on categories or tags (if based on tags, then enable advertisers to modify tags; show existing tags on affiliate's page and allow affiliates to exclude them)
4) improve graphic versions of ads (make them look like html versions; allow to upload different sizes; allow affiliates to ask for a specific size)
5) add more stats (basically I'd like to see some historical graphs for the whole system and for each affiliate and advertiser)
6) enable search of affiliate, ad or connection between them by bitcoin address, enable navigation through connections
7) show withdrawal history and transaction ids
Cool support for smartfones (do they require any specific support?)
Probably I need to set up priorities and maybe find a team or an investor.. anyone interested? Smiley
1) Set withdraw trigger instead.
2) great!
3) see prior post
4-7) great!
Cool Nothing. Just keep ads compact in terms of pixels

I would be glad to help with product development with ideas fwiw (such as this). Investors will come looking for you once you get a few more advertisers.
17  Economy / Marketplace / Re: Anonymous Ads. Wanted: generous advertisers, diligent affiliates (publishers) :) on: February 28, 2012, 10:31:32 PM
Excluding tags sounds important and maybe it is. But it gets in the way of efficient selection and working of the system. Selecting on a match (select where a = b) is far more efficient than selecting on mismatch (select where a not in ('x','y','z'))

Stop thinking in terms of the ad-sense model. It gets on an average 0.25% click rate and is a very inefficient system.

Your business model should not be to show ads. Your business model should be to show ads that the reader is interested in. Otherwise, when most ads are uninteresting, readers will scan the web page and automatically skip over ads. You don't want to display ads that more than 99% of the folks are uninterested in.

In theory, this is what adsense does by reading your page in realtime and categorizing it. Unfortunately, it sucks because if I use the word "sucks" to describe the market, ad-sense will show me ads for gay porn or breastfeeding pads. It is far more efficient to let content owners categorize their content.

Think about this: I have a financial blog. Yes I could say allow all ads except porn. But the truth is that ads for virus cleaners and wrinkle removers are likely to get very few hits and most users will not even glance at that space.

What is far more effective is for me to specify that my content is financial. Advertizers should jump on this because their ads would now be placed on a targeted site where readers are likely to be looking for financial solutions. The ads wont be intrusive and even an occasional interesting ad makes the reader more likely to read the ads on my site rather than scan past it. The click through rates should be far higher (10%+) provided ads are not repeats.

Btw, this is another thing you need to do. Round robin rotate ads shown to the same IP if you arent already doing this. If you have no more ads for the category/IP combination, consider not showing any ads for that IP. The usually clean site that occasionally shows an ad is far likely to get a click than one that always has an ad in the same space.

18  Economy / Long-term offers / Re: International Bitcoin Moneylender on: February 27, 2012, 11:59:21 PM
Wow 10% interest for 10 days? Even the NJ mob only charges 2% per week.
19  Economy / Marketplace / Re: Anonymous Ads. Wanted: generous advertisers, diligent affiliates (publishers) :) on: February 27, 2012, 11:40:55 PM
Yeah that's what I'm saying.
Somehow both the publisher and the advertiser should be able to chose the niche they think will be more profitable to them. Then how your algorithm takes this information into account is up to you, you can still throw some randomness in the mix since it is your original idea.

The following categories pay the best, since these are most likely to get clicks:

Medical: This includes diet pills and weird tip to cut belly fat
Dating: 6 hot women in your zip code want to **** you
Financial: 6 Hot stocks every day!
Gambling: enough said
Jobs: Looking for Java programmers!

Others who may pay moderately:
Local businesses (assuming you can do some Geo-IP)
Local real estate listings
Tourism

But the best idea is to let your advertisers pick or create a category and let affiliates subscribe. Keep the category very broad. "Medical" is better than "doctors, Arthritis, Rogaine", etc. This will keep your service very responsive.

You can of course, allow advertisers to request creation of new category. The reason is sometimes, they want "Pharma" differently from Medical and if you get say 4 votes on a request, you should consider creating it. Do not let affiliates create categories, or you will sink into a huge pile of highly specific categories resulting in very few matches. You dont have either the affiliates or the advertisers to handle it at this stage.
20  Other / Off-topic / Re: I just got 100k bitcoins (donation), what should I do? on: February 27, 2012, 07:59:59 AM
Dear bitcoinbitcoin113,

An anonymous donor has donated 100K to you. You are completely free to do what you want with it. But the money is held in a trust account and to release it, you need to send 100BTC to 1NigerianPrince673yehdnnsk2Fgen
Pages: [1] 2 3 4 5
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!