Bitcoin Forum
March 28, 2024, 08:36:17 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 [30] 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
Author Topic: bitfloor needs your help!  (Read 177366 times)
whitslack
Full Member
***
Offline Offline

Activity: 120
Merit: 144



View Profile
October 02, 2012, 02:53:26 AM
 #581

Crazy number of executions today...
Yeah, I know. I was responsible for several dozen of those. Wink
1711614977
Hero Member
*
Offline Offline

Posts: 1711614977

View Profile Personal Message (Offline)

Ignore
1711614977
Reply with quote  #2

1711614977
Report to moderator
1711614977
Hero Member
*
Offline Offline

Posts: 1711614977

View Profile Personal Message (Offline)

Ignore
1711614977
Reply with quote  #2

1711614977
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
toffoo
Sr. Member
****
Offline Offline

Activity: 408
Merit: 261



View Profile
October 02, 2012, 03:39:33 AM
 #582

bitfloor, we need your help!

http://www.downforeveryone.com/downforeveryone-https/result.php?url=bitfloor.com


Quote
Checking "down or not" status for https://bitfloor.com ...

Hey, it's not just you! https://bitfloor.com looks down from here.
Of course, we can't be sure about every other location, but at least it's not accessible from here (Brea, California - United States) right now.

shtylman (OP)
Sr. Member
****
Offline Offline

Activity: 243
Merit: 250



View Profile
October 02, 2012, 07:54:44 AM
 #583

Apologies for the site downtime today. It was cased by a crash on the web and API server. I have brought all services back up and posted about the outage on the bitfloor blog. In the future, serious downtime issues will always be mentioned on the blog.
mufa23
Legendary
*
Offline Offline

Activity: 1022
Merit: 1001


I'd fight Gandhi.


View Profile
October 02, 2012, 08:04:57 AM
 #584

Sounds good. The recent down times have been getting me worried.

Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
shtylman (OP)
Sr. Member
****
Offline Offline

Activity: 243
Merit: 250



View Profile
October 02, 2012, 08:42:59 AM
 #585

Sounds good. The recent down times have been getting me worried.

Understandable given what has happened in the past. However, I do want to stress that the issues have all been separate incidents and in no way related to any sort of compromise or attack on the servers. As mentioned in the previous post (and per the sentiment expressed by my users), serious server downtime will always be mentioned on our blog as well as our twitter account (@bitfloor) as soon as possible.
Otoh
Donator
Legendary
*
Offline Offline

Activity: 3024
Merit: 1104



View Profile
October 02, 2012, 11:04:45 AM
Last edit: October 02, 2012, 01:33:57 PM by Otoh
 #586

Hi,

It's been 9 days now since I emailed support to apply for ACH withdrawal status to be set up on my account with you, I sent you my full bank account details plus photo of my ID, but so far with no acknowledgment, no reply, no response to my post in your thread asking after this & the ACH has not been enabled on my account as yet.

Copied to your thread & would appreciate an update, thanks.

Otoh

Edit PS - I've just bought 800 coins on Gox that could/might have been done on your exchange otherwise, which would at least have made a few coins for the compensation fund of those who had theirs stolen from you. Just checked - not much Ask volume on BitFloor atm so maybe it would have been just a few unless there was hidden interest waiting for Bids.

BTC = $c²     My BTC addie = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc 
Bitstamp Exchange: Referal Code
CHARITY | MY REP | PREDICTION 1 | PREDICTION 2 | PREDICTION 3
whitslack
Full Member
***
Offline Offline

Activity: 120
Merit: 144



View Profile
October 02, 2012, 01:13:39 PM
 #587

Quote
The outage was due to  misbehavior on the server running the website and affected the website and api access.

Thanks for the attempt at transparency, but this is too vague. What was the problem? How did you correct it? You're on the Bitcoin Forum; you can get technical with us. Humor us. We need to want to trust that you know what you're doing.
SkRRJyTC
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile
October 02, 2012, 01:16:48 PM
 #588

Bitfloor has indeed resumed trading. My official statement on the matter is here:
https://plus.google.com/109620439233076225324/posts/bLJRDHApjSP

More generally https://blog.bitfloor.com will contain official updates.

If you have specific questions please contact support@bitfloor.com and I will gladly respond.

Any reasonable way for you to prove these claims?  Or someway for users to verify these claims themselves (this would be even better)

..."In reopening, a number of improvements to both the wallet storage and website have been made. Bitfloor aims to be safe and reliable platform and as a result have changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk."...

..."Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US. Bitfloor services are further isolated based on exposure. Testnet and development are not located in the same data center or hosting provider to ensure further isolation. Backups are encrypted and write only on all of the servers. Hot wallet files are encrypted even further and unavailable even with physical access to the disk."...

Please?

New security continues to be unverified...
fbastage
Full Member
***
Offline Offline

Activity: 367
Merit: 100



View Profile
October 02, 2012, 02:22:08 PM
 #589

serious downtime issues will always be mentioned on the blog.

blog? I can't find any. looked on site, google search, your bitcointalk profile.  could you link to it?
whitslack
Full Member
***
Offline Offline

Activity: 120
Merit: 144



View Profile
October 02, 2012, 02:56:06 PM
 #590

blog? I can't find any. looked on site, google search, your bitcointalk profile.  could you link to it?
Intuitively, it's:
http://blog.bitfloor.com/
toffoo
Sr. Member
****
Offline Offline

Activity: 408
Merit: 261



View Profile
October 02, 2012, 05:39:20 PM
 #591

blog? I can't find any. looked on site, google search, your bitcointalk profile.  could you link to it?
Intuitively, it's:
http://blog.bitfloor.com/

That link actually loads nothing for me (just reloads https://bitfloor.com) but https://blog.bitfloor.com looks like it redirects to: https://plus.google.com/109620439233076225324/posts

... serious server downtime will always be mentioned on our blog as well as our twitter account (@bitfloor) as soon as possible.

You've made two tweets lifetime (one of which being yesterday's ex post facto downtime acknowledgement) and have have 11 total followers.  Maybe you should actually start using twitter a bit more before we rely on it for downtime announcements.

Hi,

It's been 9 days now since I emailed support to apply for ACH withdrawal status to be set up on my account with you, I sent you my full bank account details plus photo of my ID, but so far with no acknowledgment, no reply, no response to my post in your thread asking after this & the ACH has not been enabled on my account as yet.


Likewise, same deal for me.  Waiting...no reply.

I would love to continue to support BitFloor's resurrection, but I cannot justify sending any more coins there until I have a verified way to cash out.

Come on Roman, your remaining loyal clients and potential new ones are going to need some extra communication and responsiveness to rebuild your credibility after what happened.  So what's up?

Rassah
Legendary
*
Offline Offline

Activity: 1680
Merit: 1035



View Profile WWW
October 03, 2012, 03:37:20 AM
 #592

Bought $5,000 worth of BTC today, and withdrew the BTC without issues. Everything seems to be working ok (I guess aside from some customer support/ACH issues)
shtylman (OP)
Sr. Member
****
Offline Offline

Activity: 243
Merit: 250



View Profile
October 03, 2012, 04:08:20 AM
 #593

Bitfloor has indeed resumed trading. My official statement on the matter is here:
https://plus.google.com/109620439233076225324/posts/bLJRDHApjSP

More generally https://blog.bitfloor.com will contain official updates.

If you have specific questions please contact support@bitfloor.com and I will gladly respond.

Any reasonable way for you to prove these claims?  Or someway for users to verify these claims themselves (this would be even better)

..."In reopening, a number of improvements to both the wallet storage and website have been made. Bitfloor aims to be safe and reliable platform and as a result have changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk."...

..."Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US. Bitfloor services are further isolated based on exposure. Testnet and development are not located in the same data center or hosting provider to ensure further isolation. Backups are encrypted and write only on all of the servers. Hot wallet files are encrypted even further and unavailable even with physical access to the disk."...

Please?

New security continues to be unverified...

There are no reasonable ways for many of your questions to be verified. The production and testnet separation can be confirmed through a traceroute on the respective domains.

I welcome suggestions for reasonable ways in which you believe your requests can be confirmed without compromising user identities, trading activity, or balances.
SkRRJyTC
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile
October 03, 2012, 05:05:03 PM
 #594

Bitfloor has indeed resumed trading. My official statement on the matter is here:
https://plus.google.com/109620439233076225324/posts/bLJRDHApjSP

More generally https://blog.bitfloor.com will contain official updates.

If you have specific questions please contact support@bitfloor.com and I will gladly respond.

Any reasonable way for you to prove these claims?  Or someway for users to verify these claims themselves (this would be even better)

..."In reopening, a number of improvements to both the wallet storage and website have been made. Bitfloor aims to be safe and reliable platform and as a result have changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk."...

..."Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US. Bitfloor services are further isolated based on exposure. Testnet and development are not located in the same data center or hosting provider to ensure further isolation. Backups are encrypted and write only on all of the servers. Hot wallet files are encrypted even further and unavailable even with physical access to the disk."...

Please?

New security continues to be unverified...

There are no reasonable ways for many of your questions to be verified. The production and testnet separation can be confirmed through a traceroute on the respective domains.

I welcome suggestions for reasonable ways in which you believe your requests can be confirmed without compromising user identities, trading activity, or balances.

Smarter people could help me out here if I dont know what I'm talking about, but how about these ideas:

In order to prove "...changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk." You could sign messages from both the Bitfloor wallet and the customer funds wallet or at least show a picture of what you used to make the offline wallet or the offline wallet itself.

In order to prove "Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US." you could show some sort of recipt from said data center.

In order to prove "Backups are encrypted and write only on all of the servers." why not just host them publicly?  If they are properly encrypted it shouldn't be an issue and I believe with some cyrtpo hash magic a person should be able to verify their own details are in the backup without others being able to break it.


BitcoinForLiberty
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
October 04, 2012, 03:12:36 PM
 #595

Roman,

Please tell us why Chase deposits into Bitfloor are not available this morning. Makes me wonder if your account was frozen by Chase.
shtylman (OP)
Sr. Member
****
Offline Offline

Activity: 243
Merit: 250



View Profile
October 04, 2012, 03:19:50 PM
 #596

Roman,

Please tell us why Chase deposits into Bitfloor are not available this morning. Makes me wonder if your account was frozen by Chase.


It was not frozen but they are closing it (details of which are private). I will be moving to a new cash deposit system which will also include more banks; however the transition will take a few weeks. The new system will continue to allow for free deposits. Apologies for any inconvenience this may cause to anyone using the Chase deposits.
jwzguy
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1002



View Profile
October 04, 2012, 04:57:36 PM
 #597

Roman,

Please tell us why Chase deposits into Bitfloor are not available this morning. Makes me wonder if your account was frozen by Chase.


It was not frozen but they are closing it (details of which are private). I will be moving to a new cash deposit system which will also include more banks; however the transition will take a few weeks. The new system will continue to allow for free deposits. Apologies for any inconvenience this may cause to anyone using the Chase deposits.
So Chase deposits are not coming back? The webpage says "Chase deposits are temporarily unavailable." Just curious as it is my main method of deposit.
SkRRJyTC
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile
October 06, 2012, 07:34:17 PM
 #598

Bitfloor has indeed resumed trading. My official statement on the matter is here:
https://plus.google.com/109620439233076225324/posts/bLJRDHApjSP

More generally https://blog.bitfloor.com will contain official updates.

If you have specific questions please contact support@bitfloor.com and I will gladly respond.

Any reasonable way for you to prove these claims?  Or someway for users to verify these claims themselves (this would be even better)

..."In reopening, a number of improvements to both the wallet storage and website have been made. Bitfloor aims to be safe and reliable platform and as a result have changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk."...

..."Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US. Bitfloor services are further isolated based on exposure. Testnet and development are not located in the same data center or hosting provider to ensure further isolation. Backups are encrypted and write only on all of the servers. Hot wallet files are encrypted even further and unavailable even with physical access to the disk."...

Please?

New security continues to be unverified...

There are no reasonable ways for many of your questions to be verified. The production and testnet separation can be confirmed through a traceroute on the respective domains.

I welcome suggestions for reasonable ways in which you believe your requests can be confirmed without compromising user identities, trading activity, or balances.

Smarter people could help me out here if I dont know what I'm talking about, but how about these ideas:

In order to prove "...changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk." You could sign messages from both the Bitfloor wallet and the customer funds wallet or at least show a picture of what you used to make the offline wallet or the offline wallet itself.

In order to prove "Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US." you could show some sort of recipt from said data center.

In order to prove "Backups are encrypted and write only on all of the servers." why not just host them publicly?  If they are properly encrypted it shouldn't be an issue and I believe with some cyrtpo hash magic a person should be able to verify their own details are in the backup without others being able to break it.




Were these bad ideas?
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
October 06, 2012, 08:37:06 PM
 #599

Smarter people could help me out here if I dont know what I'm talking about, but how about these ideas:

In order to prove "...changed our fund storage policy to 100% offline storage for your funds. Daily transactions through out hot wallet will be backed by Bitfloor funds, never putting client funds at risk." You could sign messages from both the Bitfloor wallet and the customer funds wallet or at least show a picture of what you used to make the offline wallet or the offline wallet itself.

In order to prove "Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US." you could show some sort of recipt from said data center.

In order to prove "Backups are encrypted and write only on all of the servers." why not just host them publicly?  If they are properly encrypted it shouldn't be an issue and I believe with some cyrtpo hash magic a person should be able to verify their own details are in the backup without others being able to break it.




Were these bad ideas?

Yes, mostly.

1) Making public information about how he created his cold wallet, or how it is stored, or where it is stored reduces his security.
2) Shouldn't be too harmful since anyone can verify that themselves with the existing public record Wink.
3) Making them public reduces the effort of a compromise from "breaking into his server, obtaining root access to change permissions on backups, copying backups, finding the password" to "finding the password".  Regardless, no amount of crypto "magic" will allow parts of the encrypted data to be read or even verified, so it would be pointless anyway.  Hashing and encryption are two very different beasts.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
October 08, 2012, 07:44:44 AM
 #600

1) Making public information about how he created his cold wallet, or how it is stored, or where it is stored reduces his security.
Security through obscurity is not security.

3) Making them public reduces the effort of a compromise from "breaking into his server, obtaining root access to change permissions on backups, copying backups, finding the password" to "finding the password".  Regardless, no amount of crypto "magic" will allow parts of the encrypted data to be read or even verified, so it would be pointless anyway.  Hashing and encryption are two very different beasts.
Why not ? Say you hash the account identifiers (maybe with a per-account secret), pair them with their balance, sum the balances in a nice report.
Anyone can verify they are in the balance list, no one can look my balance up, I can check that the sum is consistent with the amount in cold storage.
That can also be seen as some sort of backup if properly signed, I'm sure the Bitcoinica folks would have loved to have something like that lying around.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 [30] 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!