[Beta] myB.TC short names for Bitcoin

[jerfelix]

I've built myB.TC, and am looking for some gentle testers and some feedback.



              myB.TC  -  A bit.ly type service for your wallet ID

Concept:

Each user can set up their own web page, accessible from a tiny URL of your choice (a short name), that lets you store your wallet ID on the net.  That way, when your drinking buddy says "I'll pay you for that last round in Bitcoin", you don't have to rattle off a 34-character Bitcoin address.  Instead, you can direct him to your personal webpage that holds your wallet ID.  "OK, my Bitcoin shortname is jerfelix."

The User pages look like this:   myB.TC/jerfelix

You, the user, can maintain your public page.  You can put a unique phrase on that page, like "I'm John Smith, the car enthusiast from St. Louis".  That way, when people look you up, they can have some reassurance that they got the CORRECT John Smith.

Later, if you want to update your public wallet ID, you simply log in, and make a change. 

In fact, you can use multiple short names.  If you want myB.TC/GiftForTheBoss, you can reserve that one, and direct your co-workers to pay you through that, as you collect money for the Boss's birthday gift.

New Convention Proposal:

In addition, I'm proposing a new convention.  Instead of including your wallet ID in your signature, I propose we begin using the convention ฿shortname or B/shortname.   What do you think of, when you see "@name"?   Twitter, right?  Well, with ฿shortname or B/shortname, let's get people to think Bitcoin.  And more specifically, that you can be found in the Bitcoin directory myB.TC, under that shortname.

I'm proposing that you use this convention across the net, in forums and on web pages.  What do you think?


So, I'm ฿jerfelix (alternately B/jerfelix, for the unicode-impaired) and you can see my page at  myB.TC/jerfelix


Reserved Names:

I took the liberty of reserving people's forum names, so that you can claim your name.  This was a little tricky.  I thought it would be nice for people to be able to grab the name that they use in the Bitcoin Forum, and the only way I could think of to confirm that you are who you say you are, was to have you post some specific text in any forum message, and then tell the software the URL where it can be found.  So try to claim your forum name as a shortname.  You can post your claim text in ANY message - preferably a witty message that you were going to type anyway.  I am a little hesitant about "spamming the forum", so hopefully people will keep their claiming messages all in one thread.  If this gets to be obnoxious, I'll turn it off.

I doubt that I got the claiming part of the software working exactly right, so gentle testing is encouraged!  (This was very hard for me to test without spamming the forums!)

Note, I made some names unavailable.  If your forum name doesn't meet my shortname criteria (because it contains illegal characters based on what's permitted in URLs, or because it's under 4 characters, or if it's a collision with some famous name (like walmart)), then this feature may not work for you.  I did extend some shorter names with underscore.  So if your forum name is ab, it would be ab__ (that is, 4 character minimum for now).  If your forum name is walmart, tough luck - pick a different one.


Bounty Hunter:

myB.TC was developed in response to the 200 BTC bounty posed at http://forum.bitcoin.org/index.php?topic=1429.msg145713#msg145713  .  Unfortunately, just prior to me publishing the site, the bounty was lowered by 95% to 5 BTC.  Needless to say I was bummed.  But I reworked the site to allow people to buy shortnames for a nominal fee, and to claim their own forum name. 

So, if you like the site, I won't complain if you help to make up that 195 BTC discrepancy!!   remember, I'm at ฿jerfelix and you can see my page at  myB.TC/jerfelix - (the old fashioned way is for me to post 1BZbpx7wHAUcBgzAtH4KeogTmtgUrq5Nkk ). 
~Ain't to proud to beg, sweet darling ~

Please check it out, and let me know what you think.  Be gentle.  Ideas, comments, enhancement requests, and bug reports are ALL very welcome!  Is there anything else out there like this?

myB.TC

[1715390665]

1715390665

[1715390665]

1715390665

[1715390665]

1715390665

[NielDLR]

Looks great! Now let me try this:
I claim http://myB.TC/nieldlr (code=96900)

Word.

Edit: Claim didn't work?

[jerfelix]

Looks great! Now let me try this:
I claim http://myB.TC/nieldlr (code=96900)

Word.

Edit: Claim didn't work?

Rats.
OK I manually claimed it for you.    
I'll take a look at what happened.

Edit:  Looks like it might have been a case issue.  I've made a correction to the claim software, so we'll see if auto-claims work now.  So far, we're 0 for 1.

[dayfall]

I claim http://myB.TC/dayfall (code=40384)

Edit: This didn't work either.

[jerfelix]

I claim http://myB.TC/dayfall (code=40384)

Edit: This didn't work either.

Thanks for trying.  I manually set you up.
Checking for the bug.

Testing:  I claim http://myB.TC/jerfelix (code=18654)

[NielDLR]

Thanks for claiming it for me. I was just wondering. Is it possible to change the background colour? That yellow is very very bright.

[Alex Beckenham]

Note: This is in no way intended to be accusing or rude to the inventor of this awesome site.

Just a word of caution though in case no-one else thought of it: Site owner could easily randomly swap out addresses for one of his own, say every 100 views, and collect that beer money for himself.

Having said that, I'm gonna get myself a URL... thanks!

[NielDLR]

Note: This is in no way intended to be accusing or rude to the inventor of this awesome site.

Just a word of caution though in case no-one else thought of it: Site owner could easily randomly swap out addresses for one of his own, say every 100 views, and collect that beer money for himself.

Having said that, I'm gonna get myself a URL... thanks!

Hmm, good point. Didn't think of that. I'm willing to give the man the benefit of the doubt here though.

[Alex Beckenham]

Hmm, good point. Didn't think of that. I'm willing to give the man the benefit of the doubt here though.

Oh, me too.

[jerfelix]

Note: This is in no way intended to be accusing or rude to the inventor of this awesome site.

Just a word of caution though in case no-one else thought of it: Site owner could easily randomly swap out addresses for one of his own, say every 100 views, and collect that beer money for himself.

Having said that, I'm gonna get myself a URL... thanks!

rats, yer onto me!

Seriously, I know I can trust myself - I feel pretty good about that.  I just have to build the trust of others.
I fully intend for this site to be a long-term strategic asset, and I have done a lot of things to try to build trust.  For instance, you know my name, I haven't made the domain registration private, so you effectively know how to reach me. 

I know we're dealing with money here, and so it's a serious matter.

My concern is not trust of me, but that someone else will hack in and change the wallet ID's of users.  So I have some security features planned (like an email notification and 2-factor authentication for locked accounts).  It wouldn't stop someone who hacks the database, but it would stop someone from hacking at your end.


I'm glad you pointed that out, though, because you can never be too careful.  Think like a criminal!  It'll help you spot vulnerabilities.

[jerfelix]

Thanks for claiming it for me. I was just wondering. Is it possible to change the background colour? That yellow is very very bright.

Color changes, home page customizations, images... all are in future releases!

right now, I just use color= "yellow", pink (for available), and gray (for reserved).  But these will be customizable.   I believe that color will be another distinctive identifier of your page.  ("Mom, if you see a yellow page, that's not me.  spell my nickname right!")



Thanks for the suggestion!


PS, I'm having a heck of a time getting this "claim" thing to work!  Sorry I have been mucking with it in real time!

[fadisaaida]

I claim http://myB.TC/fadisaaida (code=70571)

Did not work got this error:

Claim is NOT verified. Looked for "I claim <a href="http://myB.TC/fadisaaida" target="_blank">http://myB.TC/fadisaaida</a> (code=70571)" matches=0

[fadisaaida]

Idea for future protection: adding the ability to upload a picture (avatar) so that i can make picture of my face for example and embed the bitcoin address on the picture itself for easy matching of correct code and also recognizing ! something to think about anyway.

[bgeron]

@fadisaaida: The attributes in the HTML seem to be swapped:

Code:

<a target="_blank" href="http://myB.TC/fadisaaida">http://myB.TC/fadisaaida</a>

I claim http://myB.TC/bgeron (code=78142).

Edit: my registration passed! Strange.

[jerfelix]

I claim http://myB.TC/fadisaaida (code=70571)

Did not work got this error:

Claim is NOT verified. Looked for "I claim <a href="http://myB.TC/fadisaaida" target="_blank">http://myB.TC/fadisaaida</a> (code=70571)" matches=0

Thanks.   I claimed it manually for you.

I might have this figured out!

[jerfelix]

@fadisaaida: The attributes in the HTML seem to be swapped:

Code:

<a target="_blank" href="http://myB.TC/fadisaaida">http://myB.TC/fadisaaida</a>

I claim http://myB.TC/bgeron (code=78142).

It looks like, in the database, yours was able to claim!
Let me know if this didn't work for you.

[jerfelix]

Thanks for claiming it for me. I was just wondering. Is it possible to change the background colour? That yellow is very very bright.

OK, I toned down the Yellow.

See myB.TC/jerfelix

Any other suggestions or bug reports?
Thanks for the testing, folks!


Get your own personal Bitcoin Directory page at myB.TC
Never be without your wallet address again!

[fadisaaida]

Thanks for claiming it for me. I was just wondering. Is it possible to change the background colour? That yellow is very very bright.

OK, I toned down the Yellow.

See myB.TC/jerfelix

Any other suggestions or bug reports?
Thanks for the testing, folks!


Get your own personal Bitcoin Directory page at myB.TC
Never be without your wallet address again!

Got a very valuable suggestion for you : CHANGE YOUR SIGNATURE

[jerfelix]

Got a very valuable suggestion for you : CHANGE YOUR SIGNATURE

Fantastic suggestion!    Now, if there was only some directory that I could look you up in, to shoot you some Bitcoin for such a valuable suggestion... ahhh THERE IS!      

For that suggestion, I'm gonna refund every Bitcoin you paid me to date!   

[fadisaaida]

what you think about the Photo suggestion from previous post ? i mean u stated that you most fear is that if u get attacked or hacked, this might give you time to react since even if he gets the database and change the addresses, changing the pictures will take him time and you might have a window to detect the intrusion !

[jerfelix]

what you think about the Photo suggestion from previous post ? i mean u stated that you most fear is that if u get attacked or hacked, this might give you time to react since even if he gets the database and change the addresses, changing the pictures will take him time and you might have a window to detect the intrusion !

I like the photo idea, and am working on it.  I'm torn between several different concepts.  Let me know your opinion:

1.  Let users link to a single external photo or image.  This is easy.  Issues:  how do I size it (or do I?), and do I need to worry about some clown linking to an obscene image?

2.  Let users upload profile images.  This is slightly harder, but pretty easy. 

3.  Let users design a background image and a profile pic, like Twitter's page.  This might be an overkill.



Opinions?

[Xenland]

This site is a great idea, I claim Xenland

[alonelyorange]

I claim http://myB.TC/alonelyorange (code=32535)

This should be handy. Thanks

[jerfelix]

This site is a great idea, I claim Xenland

Thank you.

You need to request it on the site, and the site will walk you through the claim process (giving you a code=xxxxx to post.)
Let me know if it's not self explanatory.

[fadisaaida]

what you think about the Photo suggestion from previous post ? i mean u stated that you most fear is that if u get attacked or hacked, this might give you time to react since even if he gets the database and change the addresses, changing the pictures will take him time and you might have a window to detect the intrusion !

I like the photo idea, and am working on it.  I'm torn between several different concepts.  Let me know your opinion:

1.  Let users link to a single external photo or image.  This is easy.  Issues:  how do I size it (or do I?), and do I need to worry about some clown linking to an obscene image?

2.  Let users upload profile images.  This is slightly harder, but pretty easy. 

3.  Let users design a background image and a profile pic, like Twitter's page.  This might be an overkill.



Opinions?

I like option 2 better, so i can upload my face and on the forehead can right the bitcoin address , i add in the comment "Check if the forehead address and the text address match"

[technowizard12]

I claim http://myB.TC/technowizard12 (code=71080)

[Xenland]

I claim http://myB.TC/Xenland (code=24660)


*UPDATE: Keeps telling me the following

Claim is NOT verified. Looked for "code=24660" matches=1

[bitboy]

I claim http://myB.TC/bitboy (code=99086)

[bitboy]

I claim http://myB.TC/Xenland (code=24660)


*UPDATE: Keeps telling me the following

Claim is NOT verified. Looked for "code=24660" matches=1

It worked for me. Since this discussion has expanded into two pages long now, it is probably worth trying to key in the "all" link at the bottom left pagination link on this page. So instead of:
http://forum.bitcoin.org/index.php?topic=11303.0
try:
http://forum.bitcoin.org/index.php?topic=11303.0;all

[jerfelix]

I claim http://myB.TC/Xenland (code=24660)


*UPDATE: Keeps telling me the following

Claim is NOT verified. Looked for "code=24660" matches=1

I manually assigned it to you, Xenland.

The issue was that your claim needs to be YOUR first message on the webpage.  Technically, I'm doing a regular expression, looking for your name at the beginning of a post, and the verification code, and making sure that there are no other "beginning of posts" in that match.    I'm struggling to figure out a Regular Expression that works exactly right.  Unfortunately it was finding your first post, and then later on the page (but not in the same post), your verification code.  I'm still working to improve that.  Sorry!


The work around is to make sure that you pick a forum topic that you haven't posted on, and claim it there.

[jerfelix]

It worked for me. Since this discussion has expanded into two pages long now, it is probably worth trying to key in the "all" link at the bottom left pagination link on this page. So instead of:
http://forum.bitcoin.org/index.php?topic=11303.0
try:
http://forum.bitcoin.org/index.php?topic=11303.0;all

Yeah, you just have to make sure that your "claim" appears on the page that you are submitting to the website.  My website only checks the one webpage that is submitted.

Hey bitboy, thanks for the donation.  Really appreciate it.
By the way you have a minor typo on your personal Bitcoin webpage:      ฿bitboy


"Here's my Bitcoin Address. Thank for visiting."     (You might want "Thank" to be "Thanks" or "Thank you")

[bitboy]

It worked for me. Since this discussion has expanded into two pages long now, it is probably worth trying to key in the "all" link at the bottom left pagination link on this page. So instead of:
http://forum.bitcoin.org/index.php?topic=11303.0
try:
http://forum.bitcoin.org/index.php?topic=11303.0;all

Yeah, you just have to make sure that your "claim" appears on the page that you are submitting to the website.  My website only checks the one webpage that is submitted.

Hey bitboy, thanks for the donation.  Really appreciate it.
By the way you have a minor typo on your personal Bitcoin webpage:      ฿bitboy


"Here's my Bitcoin Address. Thank for visiting."     (You might want "Thank" to be "Thanks" or "Thank you")

Thanks indeed.

[foo]

what you think about the Photo suggestion from previous post ? i mean u stated that you most fear is that if u get attacked or hacked, this might give you time to react since even if he gets the database and change the addresses, changing the pictures will take him time and you might have a window to detect the intrusion !

I like the photo idea, and am working on it.  I'm torn between several different concepts.  Let me know your opinion:

1.  Let users link to a single external photo or image.  This is easy.  Issues:  how do I size it (or do I?), and do I need to worry about some clown linking to an obscene image?

2.  Let users upload profile images.  This is slightly harder, but pretty easy. 

3.  Let users design a background image and a profile pic, like Twitter's page.  This might be an overkill.



Opinions?

Don't reinvent the wheel, just use http://gravatar.com/.

BTW, OpenID login doesn't work, I got "Page not found (404)"...

[jerfelix]

Don't reinvent the wheel, just use http://gravatar.com/.

BTW, OpenID login doesn't work, I got "Page not found (404)"...

Gravatar - great idea.
OpenID login 404:  I think I fixed just now.


I really appreciate the bug report.  Let me know if you want the short name "foo", and I'll hook you up with it.  (For now, I've disabled registering 3-letter short names, but it's the least I can do for your bug report and idea.)  Set up an account, and I'll assign you "฿foo" (if you want it)

[foo]

Don't reinvent the wheel, just use http://gravatar.com/.

BTW, OpenID login doesn't work, I got "Page not found (404)"...

Gravatar - great idea.
OpenID login 404:  I think I fixed just now.


I really appreciate the bug report.  Let me know if you want the short name "foo", and I'll hook you up with it.  (For now, I've disabled registering 3-letter short names, but it's the least I can do for your bug report and idea.)  Set up an account, and I'll assign you "฿foo" (if you want it)

OpenID login worked fine now. I created the username foo, please assign the short name.

[jerfelix]

OpenID login worked fine now. I created the username foo, please assign the short name.

All yours.  Good till at least 2013....  http://myb.tc/foo/

Thanks again!

[jerfelix]

I saw a post for shortco.in (a great idea), and I just wanted to remind folks that myB.TC has short URLs for you to put your wallet ID in a public place.

[Clipse]

I claim http://myB.TC/clipse (code=47990)

[wahbasah]

I claim http://myB.TC/wahbasah (code=66326)

[seventoes]

I don't mean to hijack the thread, but I built a similar service, but much simpler. No signup needed, just pick a URL and enter your address.

http://forum.bitcoin.org/index.php?topic=11838.0

[organofcorti]

I'm sure you're a trustworthy guy and I can see a bunch of posts from you, but I'm concerned about security (as you are). In a way, what you're doing needs the same security as banking sites. So...

1. Will you be storing passwords in clear or as salted hashes?

2. 2 factor id: Think you can get Last Pass or Yubikey working on your site?

I hope I don't come off as paranoid, but what you're doing *will* catch on, and if someone hacks you (silently) all those fractions of bitcoins from donations will become a pretty bitpenny :p for someone.

I fully intend to sign up as soon as you can convince my fluttering nerves that my (prolly non-existent) donations will safe, and prevent me from swooning.

[jerfelix]

I'm sure you're a trustworthy guy and I can see a bunch of posts from you, but I'm concerned about security (as you are). In a way, what you're doing needs the same security as banking sites. So...

1. Will you be storing passwords in clear or as salted hashes?

2. 2 factor id: Think you can get Last Pass or Yubikey working on your site?

I hope I don't come off as paranoid, but what you're doing *will* catch on, and if someone hacks you (silently) all those fractions of bitcoins from donations will become a pretty bitpenny :p for someone.

I fully intend to sign up as soon as you can convince my fluttering nerves that my (prolly non-existent) donations will safe, and prevent me from swooning.

1. I use django's auth module, which uses salted hash passwords.  See https://docs.djangoproject.com/en/dev/topics/auth/

2. I have a plan for 2-factor id, but wasn't planning on integrating Last Pass or Yubikey (not in the current plan).  I was thinking more along the lines of allowing users to "lock" their page, and the only way to change it is to unlock it, and the only way to unlock it is through additional authentication.  The easiest implementation would be to email the user an "unlock key"  to the email address that I have on file, that's good for an hour.  Not exactly 2-factor authentication - more like double security with 1-factor - requiring the hacker to have to have guessed the password on my system, as well as hacking the user's email system.

There are several weaknesses in the security right now, but #1 above,  isn't one of them.  Basically, you need to trust:

-  me  (I can be lying, above.  I may actually store the passwords in plaintext and post them on a bulletin board in Times Square.  You just don't know.  Also, I can change your wallet ID at any time, regardless of how I store passwords; it's just a SQL database!)
-  the security of my system (if someone hacks my database, or physically hacks the system in person, no matter what measures I have in place for user security, all bets are off)
-  the security measures I put in place (such as my plan on #2)
-  A bunch of stuff between you and me - network / middle men.
-  Basic user security (do you have a good password, for instance.  I have few requirements here).


Right now, there are many potential attack vectors, and no system is perfect.  But if the system gets popular, you can bet I'll be adding additional layers.

Without providing a roadmap for hackers, I can tell you that it's not a perfect system now.  I'll be taking steps that I feel are appropriate based on the popularity of the service.  The ones that come to mind immediately are: 

-  SSL
-  Account Lock-out on too many bad passwords
-  "locking" mechanism mentioned above
-  notification of users when their page changes
-  random verification of pages from an external source (to monitor for unexpected changes)

---

There are a lot of people (including you) who put their Wallet ID in their signature of their posts.  These people are essentially trusting the forum managers, the forum software itself, the server that the software is running on, etc.  It seems a hacker can come in a change all those ID's to their own, and no one would notice.

I'm thinking that I need to manage security so that I stay at least a step ahead of forum signatures.  I am not aiming for "Bank level security" at this point.  I do know something about security, as I have consulted with fortune 500 companies on their system security, and have given numerous presentations and papers on system security, and even acted as an expert witness in a reasonably highly publicized court case regarding matters of security.  One paper that I co-authored is (last time I checked) a foot note in Wikipedia on a Security-related article (on phishing for passwords, of all things!)

So I hope you find this somewhat comforting.

[tomfluff]

Looks like a pretty cool idea, I immediately signed up

After looking at other peoples myb.tc links I though the pages looked pretty horrible and your service seems to offer no customisation options.

Then when I realised you were looking for 0.10btc to register a shortname I closed the tab

Without more features this service is worthless to me. Features such as customisable myb.tc pages. This could be changing the colour scheme from the horrid default.

And also maybe a pay now button and features to invoice or request money from other myb.tc users.

at the minute it looks like the site took < 1 hour to implement and could be easily recreated by someone else.


You've got the right domain name, the right idea, the right style. Just keep updating the site and make it worth the 0.1btc

ps. I liked the pun on the front page

It's simple if you can remember where the "dot" goes.    It's myB.TC
Two digits to the right of the "decimal". It almost makes cents! :-)

[jerfelix]

You've got the right domain name, the right idea, the right style. Just keep updating the site and make it worth the 0.1btc

Thanks for the feedback. 
I see that you are relatively new to the forums (user number 17000 or so). 

What you may have missed is that I gave away short name registrations to all registered forum users whose names conformed to my naming constraints.  I used the list of forum users which was about 11000 users at the time.

I put the .1 BTC obstacle in place purely as a deterrent to keep people from registering a few hundred shortnames each, and it has worked.  Trust me, there's a plan here, including many more features.  Making .1 BTC off of shortnames wouldn't be a very good living - it's just a deterrent.

I'll probably grab the next 10,000 forum users' names one of these days - I've been reluctant to do that, since the forums are so slow lately - they don't need me to slow them down any!

[Lightspeed]

5 BTC?

You've lost the plot and gone money mad bro.

[jerfelix]

5 BTC?
You've lost the plot and gone money mad bro.

Nothing under 4 letters is cheap while in Beta. 
Once again, it's a deterrent, during Beta.

As I mentioned earlier, I pre-registered over 10,000 for freebies.

[Alex Beckenham]

This one has less features, but it's quick and free: http://payb.tc