All sold

For 0.014 BTC each (or reasonable offer) I have 3 Starbound pre-order Beta invites for sale. To be delivered as Humble Bundle gift link. Also includes, as a bonus, the soundtrack for immediate download.

If more than 3 are desired, I can work on getting more ASAP.

The steam keys are out, however Steam doesn't yet have the data for the game yet.

1 measly share here, PM?

FCKIN hell

Having the issue here. I bet it's due to the fact that Coinlenders uses an Inputs.IO API key to manage the running account... hopefully that one wasn't hacked (probably has tons of BTC associated with it).

CoinLenders should probably have it's withdraw disabled - I withdrew and found nothing shows up in my Inputs.IO wallet... then I come and look and the API is disabled. (which is probably why the deposit part didn't take effect)

CoinLenders should probably have caught some sort of error and not deducted my balance... hopefully this item is easy to fix and get balances right!

My luck is not too good these days - lose some BTC to an "auto-refund" by Coinbase and now to API key for CoinLenders...

Regarding #2 the ascii names... that's better suited to an external mechanism (ex: take the public key, derive some unique value, and use the Label sync service out there).

If integers were not used, then BIP32 fails since it relies on this fact for calculations.


#3 not sure, but that is a feature on my down-the-road task for my Java library + Android app... months due to time constraints and getting the initial release out

#4 - I'll have a Java library capable of mucking around with BIP32 values, so... writing up an additional tool would not be difficult at all (though I bet a python tool would be quicker at the moment)

#5 - if you were somehow able to buy time itself, I could do it ... however... extending the hours in a day in such a way that sanity is maintained - well... that's more like the work for a Time Lord...

And for completeness, for #1... I'm not sure how that's supposed to work out at all. Perhaps multisig addresses are addresses that would be associated with multisig - that way they would be separated from normal transactions - that way you could simplify user interface...

My intent for Litecoin is to get it in the Android client and do any patchwork to get a running Litecoin server working.

In my initial tests, it looks like getting Litecoin running underneath ABE worked fine when I did some tests (though no pruning/etc so huge DB). I'll need to get that up-and-running soon again... (had to select a specific version of ABE, a specific version of electrum-server, and do some ugly massaging).

A side-effect would be that the original old Litecoin electrum /should/ be compatible with the server and 'just work'... though of course there's the Litecoin issue of fee calculation being complex that would likely need to be done (or just set the fee really high to always get it through).

Once I get more of the Android client going (it's getting harder to get time ) I'll publish the algorithm that's needed to calculate the "proper" fee, ideally alongside the litecoind code so that it's easier to validate.

So... in short.

Litecoin client-side being brought to Android / Java.
Litecoin server-side being patched-together sufficiently to serve client.
Litecoin servers brought up by donors

Good pt - inputs.io should probably add some sort of cryptographic authentication for results (ex: simple signature)

I received an email confirmation and it states the account was logged in from some address in San Francisco!?

IP Address: 108.162.216.186
Country: United States
City: San Francisco

What is this? Is this due to some forwarding going on related to the hosts file change/etc?

Removing this address from the authorization list - since I caught the item after I clicked the link - good thing I don't have anything in inputs.io balance-wise at the moment...

Have fun ;wish I could attend! If there's any slides or presentation material, I'd love to see it.

Looking at the source code for the Electrum sequence generator - it is indeed vulnerable to raw data entry being broken: the seed is taken in as raw data and passed to a hash - perhaps it is validated that it is hex (didn't look that far) but it doesn't hex-decode it so you have the problem of multiple representations for what looks to be the same data.

Ran into this myself when trying to make a consistent Electrum key generator for Java.

Did a quick check and the 1.9 wallet series (which uses BIP 0032) does not have this silent problem, it hex decodes seed input.

The pull request for master and 1.9 are:
https://github.com/spesmilo/electrum/pull/282
https://github.com/spesmilo/electrum/pull/283

I enhanced it recently to mirror the Import raw transaction details by having a forked menu w/ file and text inputs.

Guess I should post the pull request for the CSV import ... after I make sure it merges with trunk and 1.9 cleanly.

The CSV code isn't in any release.  To use the CSV handling code, you have to create a CSV file and use my fork's new button to import the CSV.

Sorry for not replying earlier... for some reason your post didn't show up as a reply until recently.

Caveat: speaking for my wallet application - Electroid - only.

So - on a completely rooted ROM, you have a few attack vectors to consider:
 * File access
 * Memory access
 * Input access
 * Screen capture

File access is mitigated by the fact that your entire wallet will be an encrypted database, not the items, but the entire wallet. Inside the encrypted database will also be the encrypted keys (or seeds if a derivation-based algorithm is used). So - attacker would need to know your PIN which would be used to encrypt the entire database (or you could not encrypt if chosen)... then.. past that, the attacker would need to know your password for the wallet.

Memory access, you are not at risk unless you enter your PIN and passcode while something is watching the wallet's address space. Then the PIN / passcode and private key could be discovered...

Input access has similar risk to memory access, except it is significantly easier to watch and record all presses instead of watching for memory traces and record. This /could/ be mitigated by a custom keypad... however if someone has compromised your input method, it's not too far a stretch that other items are compromised.
Willing to add a custom keypad entry in the future, however. This would at least make the attacker use input detection AND image recording...

Screen capture would let the attacker see password entry due to typical keypad feedback. This paired with file access would give the attacker full access on device.

One possibility that I just thought of, relevant to newer devices, is that there is a possibility for hardware-stored crypto keys that are limited to a given application to access - this would be a good way to force the attackers hand into memory access watching or hack the hardware crypto mechanism.

Another item is the backups, since the mechanism will use public/private keys and encryption keys protected with those, the keypair attack window will be watching memory and/or input and/or screen at key generation time. The encryption key attack window will be at each backup... however if your memory is being watched - you're losing the battle.

If interested, I could post a security analysis as a blog entry - though I suppose a living document composed of attack vectors would be better...

You should be able to right-click an address in the address list and choose it to sign a message.

However, from the console, the syntax is:

signmessage(address, message)

EX:

>> signmessage('1KhvPPsXpCLsRtZsBMJdzu5tA8i8WTKHAL', 'Test')
"G2ELam2oLGWoSOfyENpfH+vjZCom4yz1FsO6Ed2KQJaCE+nQGIrVQG8xms7WqOr+e07k4kgu5moWE4fM/Q4qfP4="
>>

Abandoned

Abandoned

You would put one of your addresses, not the master public key. The master public key is what can be used by software to generate addresses, but most things wouldn't use it.

One quick way to get an address is pick one in your "Receive" tab (in classic view) - or in the mini view, click on "View" and "Show Receiving Addresses" - then you can optionally put a label and click the address to copy it.