Bitcoin Forum
August 21, 2019, 08:39:24 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  

Warning: Moderators do not remove likely scams. You must use your own brain: caveat emptor. Watch out for Ponzi schemes. Do not invest more than you can afford to lose.

Pages: « 1 ... 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 [63] 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 ... 140 »
  Print  
Author Topic: [BTC-TC] Virtual Community Exchange [CLOSED]  (Read 315984 times)
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
July 13, 2013, 08:14:28 PM
 #1241

Any chance for an 'oob' page with a verified code displayed for standalone clients that can't handle callbacks?

You can use a callback to something non existant and manually copy the verifier from your browser. The callback redirects for exampe to http://XXXX/ and this looks like:

Code:
http://XXXX/?oauth_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&oauth_verifier=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Yeah, that's what I was doing. Using "oob" before, it would try to redirect to a non-existent BTCT page and I would copy/paste the verifier from the address bar.

The new landing page works fine, much better than copy/pasting from an address bar from a user-experience PoV.

I believe that the standard guideline for "oob" landing pages is to have a page in the layout of the site that says something like "Copy/paste this code into the box provided by the application you're trying to access <website> with" and then prominently showing the verifier code. That would be a nice upgrade from the current, minimalistic page Smiley

I'll see what I can do.  Wink
1566376764
Hero Member
*
Offline Offline

Posts: 1566376764

View Profile Personal Message (Offline)

Ignore
1566376764
Reply with quote  #2

1566376764
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566376764
Hero Member
*
Offline Offline

Posts: 1566376764

View Profile Personal Message (Offline)

Ignore
1566376764
Reply with quote  #2

1566376764
Report to moderator
1566376764
Hero Member
*
Offline Offline

Posts: 1566376764

View Profile Personal Message (Offline)

Ignore
1566376764
Reply with quote  #2

1566376764
Report to moderator
1566376764
Hero Member
*
Offline Offline

Posts: 1566376764

View Profile Personal Message (Offline)

Ignore
1566376764
Reply with quote  #2

1566376764
Report to moderator
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
July 13, 2013, 08:16:09 PM
 #1242

Quick note, we had a 30 minute outage just a little while ago.  There was a bug in our drip software that caused an infinite loop.  Took down the app server for a while.  It should be fixed now.

Cheers.
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
July 14, 2013, 06:59:02 AM
 #1243

Big change tonight to the reset process for PINS, WITHDRAWAL ACCOUNT LOCKS, GOOGLE AUTH, and YUBIKEYS.

Please visit https://btct.co/resetRequest if you need to reset any of the above.

It will send you an email.
You confirm the request by clicking the link in the email.
The request then sits in our queue for 30 days.
During the 30 days the request detail and status appears at the top of the portfolio page, including a cancel button to cancel the request.
After 30 days we process the request.

We apologize for the long wait period on doing these resets, but it is important to give an owner of a compromised email account plenty of time to realize they are compromised and recover their account before we hand over their entire account contents.

Automating this process has the side benefit that we'll be able to make resets free of charge going forward.  (each reset used to be 0.5 BTC)

Cheers.
burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
July 14, 2013, 02:05:06 PM
 #1244

Hi all, my schedule is going to be very tight this week.  This is bound to slow down withdrawals, support requests, and ASICMINER transfers.  I apologize for any inconvenience in advance.

Cheers.

runeks
Legendary
*
Offline Offline

Activity: 952
Merit: 1000



View Profile WWW
July 14, 2013, 05:34:36 PM
 #1245

I was thinking about creating a python library to wrap the BTC-TC API.  Who would find such a thing useful?
Me!

Please do it. Smiley
Greydon Isis
Newbie
*
Offline Offline

Activity: 14
Merit: 0



View Profile WWW
July 14, 2013, 06:58:14 PM
 #1246

++PM see mmm+++-[BRAND NEW]-*DON'T UNDERESTIMATE OUR/\SUPERCOMPUTERS' FRIENDS FRIEDCAT AND OTHER "PASSTHROUGH" MARKETS=MASSIVE FOREIGN FVNNY MONEY IMO!!!!!
 
 Roll Eyes
pascal257
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
July 14, 2013, 07:49:04 PM
 #1247

Big change tonight to the reset process for PINS, WITHDRAWAL ACCOUNT LOCKS, GOOGLE AUTH, and YUBIKEYS.

Please visit https://btct.co/resetRequest if you need to reset any of the above.

It will send you an email.
You confirm the request by clicking the link in the email.
The request then sits in our queue for 30 days.
During the 30 days the request detail and status appears at the top of the portfolio page, including a cancel button to cancel the request.
After 30 days we process the request.

We apologize for the long wait period on doing these resets, but it is important to give an owner of a compromised email account plenty of time to realize they are compromised and recover their account before we hand over their entire account contents.

Automating this process has the side benefit that we'll be able to make resets free of charge going forward.  (each reset used to be 0.5 BTC)

Cheers.

Well first of all its great that the process is now free and automated. But there has to be a better solution than having to wait 30 days. I guess just a few requests will be malicious and in this case there's still the possibility that I don't login within 30 days. Also the attacker needs to know the PIN or have 2FA in order to do anything serious.
In my opinion you buy little security with the waiting period with A LOT of inconvenience. What about asking for the PIN in case of lost 2FA and vice versa? Maybe together with a waiting period, but 30 days? Thats insane.
TsuyokuNaritai
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
July 14, 2013, 09:52:35 PM
 #1248

+1. Mandatory 30 days is crazy.

Maybe have the time limit be settable by the user (pin/2FA required to change)? So if someone is normally on every day they can set it to say 5 days, but someone who hardly ever uses it could set it to 60 if they like. Then no complaints due to burnside whatever the outcome, because it was the user's decision what the wait should be.

burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
July 15, 2013, 06:22:21 AM
 #1249

+1. Mandatory 30 days is crazy.

Maybe have the time limit be settable by the user (pin/2FA required to change)? So if someone is normally on every day they can set it to say 5 days, but someone who hardly ever uses it could set it to 60 if they like. Then no complaints due to burnside whatever the outcome, because it was the user's decision what the wait should be.

 This seems sensible. Of course, an unauthorized access could then change it, so make (reduction) changes wait 30 days, in the same fashion. We can't have everything, but options are good, so long as the user is made blatantly aware that changing from the default carries an increased security risk.

You can easily avoid ever having to use this reset system:

If you use a PIN, write it down somewhere safe.

If you use Google Auth print the QR code or write down the secret somewhere safe.

If you use Yubikeys, setup Google Auth as a backup or have a second backup key.

Don't permanently lock your withdrawal address unless you really mean it to be permanent.  (2FA makes this feature overkill, just turn on 2FA.)


A little forethought/prevention goes a long way.  The reset requests are an absolute last resort and really shouldn't have been necessary at all.  The other thing to keep in mind is that eventually we'll be offering instant resets in exchange for escrow of 150% of the account value to be held 30 days.  Also, you can create alt accounts in the interim period if you really need to make a trade.

In summary, you can prevent ever needing this and when your email is compromised, you'll be glad it's like this.  (Just ask the couple of people that have lost everything...)

Cheers
Lohoris
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Bitgoblin


View Profile
July 15, 2013, 08:49:05 AM
 #1250

What about asking for the PIN in case of lost 2FA and vice versa? Maybe together with a waiting period, but 30 days? Thats insane.
This is insane.

I think PIN is terrible and I use 2FA, and if people could reset my 2FA using my PIN would completely defeat the purpose of using 2FA in the first place!

1LohorisJie8bGGG7X4dCS9MAVsTEbzrhu
DefaultTrust is very BAD.
runeks
Legendary
*
Offline Offline

Activity: 952
Merit: 1000



View Profile WWW
July 15, 2013, 09:24:54 AM
 #1251

Three questions:

1. Are the options on the exchange European style or American style? Meaning can I exercise them at any point in time up to the expiration date, or only on the expiration date?

2. Also, if I buy put options from someone, is it guaranteed that the user can fulfill his obligations in case the asset goes to 0 (worst case scenario for him)? Ie., for someone who writes put options, is the full amount of BTC required to fulfill the obligation locked in his account?

3. Is there a secondary market for options, or can I only buy options from issuers, and exercise them, but not sell them to someone else?

1) American

2) The exchange reserves all coins/shares required in the accounts of the options writers.
Great!

Quote
3) They can be resold at whatever premium you want to relist them for.
So can options that I own function as collateral for writing options myself?

If I, for example, buy a put option with a strike price of 1.0 BTC, the issuer will need 1.0 BTC in his account to be able to fulfill this promise under all circumstances. If I then write a put option for the same asset with a strike price of 1.0 BTC or less, will the put option that I already own then function as collateral for the put option that I write?

+1. Mandatory 30 days is crazy.

Maybe have the time limit be settable by the user (pin/2FA required to change)? So if someone is normally on every day they can set it to say 5 days, but someone who hardly ever uses it could set it to 60 if they like. Then no complaints due to burnside whatever the outcome, because it was the user's decision what the wait should be.

 This seems sensible. Of course, an unauthorized access could then change it, so make (reduction) changes wait 30 days, in the same fashion. We can't have everything, but options are good, so long as the user is made blatantly aware that changing from the default carries an increased security risk.

[...]

If you use Google Auth print the QR code or write down the secret somewhere safe.

[...]
As far as I remember I was only shown a QR code, and not the secret key. I would like to have written down the secret key, but as far as I remember I didn't have that option. Do I recall correctly?

I don't have a printer, so printing the QR code is not an option.
pascal257
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
July 15, 2013, 11:14:13 AM
 #1252

What about asking for the PIN in case of lost 2FA and vice versa? Maybe together with a waiting period, but 30 days? Thats insane.
This is insane.

I think PIN is terrible and I use 2FA, and if people could reset my 2FA using my PIN would completely defeat the purpose of using 2FA in the first place!

That's why I suggested also using a waiting period. An attacker shouldn't know your PIN, so you could reduce the waiting period from lets say 30days to 7 days by authenticating yourself using your PIN/2FA.
runeks
Legendary
*
Offline Offline

Activity: 952
Merit: 1000



View Profile WWW
July 15, 2013, 12:56:11 PM
 #1253

What about asking for the PIN in case of lost 2FA and vice versa? Maybe together with a waiting period, but 30 days? Thats insane.
This is insane.

I think PIN is terrible and I use 2FA, and if people could reset my 2FA using my PIN would completely defeat the purpose of using 2FA in the first place!

That's why I suggested also using a waiting period. An attacker shouldn't know your PIN, so you could reduce the waiting period from lets say 30days to 7 days by authenticating yourself using your PIN/2FA.
I think 30 days is reasonable if you lose your 2FA. 7 days is not enough. 7 days means someone can compromise my account if I'm on vacation and don't read emails for a week.
EskimoBob
Legendary
*
Offline Offline

Activity: 910
Merit: 1000


Quality Printing Services by Federal Reserve Bank


View Profile
July 15, 2013, 05:37:23 PM
 #1254

Why is the exchange running on London time and not UTC?

While reading what I wrote, use the most friendliest and relaxing voice in your head.
BTW, Things in BTC bubble universes are getting ugly....
dexX7
Legendary
*
Offline Offline

Activity: 1106
Merit: 1005



View Profile WWW
July 15, 2013, 10:12:00 PM
 #1255

Why is the exchange running on London time and not UTC?

You can edit the time zone under Account - Settings.

burnside
Legendary
*
Offline Offline

Activity: 1092
Merit: 1004


Lead Blockchain Developer


View Profile WWW
July 16, 2013, 04:36:48 AM
 #1256

Three questions:

1. Are the options on the exchange European style or American style? Meaning can I exercise them at any point in time up to the expiration date, or only on the expiration date?

2. Also, if I buy put options from someone, is it guaranteed that the user can fulfill his obligations in case the asset goes to 0 (worst case scenario for him)? Ie., for someone who writes put options, is the full amount of BTC required to fulfill the obligation locked in his account?

3. Is there a secondary market for options, or can I only buy options from issuers, and exercise them, but not sell them to someone else?

1) American

2) The exchange reserves all coins/shares required in the accounts of the options writers.
Great!

Quote
3) They can be resold at whatever premium you want to relist them for.
So can options that I own function as collateral for writing options myself?

If I, for example, buy a put option with a strike price of 1.0 BTC, the issuer will need 1.0 BTC in his account to be able to fulfill this promise under all circumstances. If I then write a put option for the same asset with a strike price of 1.0 BTC or less, will the put option that I already own then function as collateral for the put option that I write?

+1. Mandatory 30 days is crazy.

Maybe have the time limit be settable by the user (pin/2FA required to change)? So if someone is normally on every day they can set it to say 5 days, but someone who hardly ever uses it could set it to 60 if they like. Then no complaints due to burnside whatever the outcome, because it was the user's decision what the wait should be.

 This seems sensible. Of course, an unauthorized access could then change it, so make (reduction) changes wait 30 days, in the same fashion. We can't have everything, but options are good, so long as the user is made blatantly aware that changing from the default carries an increased security risk.

[...]

If you use Google Auth print the QR code or write down the secret somewhere safe.

[...]
As far as I remember I was only shown a QR code, and not the secret key. I would like to have written down the secret key, but as far as I remember I didn't have that option. Do I recall correctly?

I don't have a printer, so printing the QR code is not an option.

Replying from my cell so can't really quote inline. 

The options can't currently be backed by other options because they do not yet auto-exercise.  Working on it...

The code should have been displayed below the QR code.  You can turn 2FA off and it should show it to you again.

Cheers.
dadach
Sr. Member
****
Offline Offline

Activity: 327
Merit: 250



View Profile
July 16, 2013, 09:05:30 AM
 #1257

whats going on? why am i getting acces denied message?
thanks for the info...

To the Moon!!! donations accepted >.< 38nvHaNqF5nv4ifhUyq9CChnBmRs2DSv4r
Streets 2.0
Full Member
***
Offline Offline

Activity: 392
Merit: 100



View Profile
July 16, 2013, 11:03:36 AM
Last edit: July 16, 2013, 11:18:57 AM by Streets 2.0
 #1258

whats going on? why am i getting acces denied message?
thanks for the info...

I get the same, was worried for a second until I saw your post.  I am sure burnside will get it figured out

EDIT:  Few minutes later and it is fixed

God9394
Newbie
*
Offline Offline

Activity: 49
Merit: 0


View Profile
July 16, 2013, 11:57:13 AM
 #1259

Has anyone found their balance empty? Shall it be that btc-tc is a scam?
Streets 2.0
Full Member
***
Offline Offline

Activity: 392
Merit: 100



View Profile
July 16, 2013, 12:12:52 PM
 #1260

Has anyone found their balance empty? Shall it be that btc-tc is a scam?

No, I am intact... did you get cleaned out?

Pages: « 1 ... 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 [63] 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 ... 140 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!