minimalB
Donator
Hero Member
Offline
Activity: 674
Merit: 523
|
|
November 26, 2013, 11:38:26 AM |
|
What do you think about a limit set in btc/mBtc/uBtc ? That would make the process more secure, faster (because it does not need to wait for up-to-date exchagne rate), and ready for offline payments.
Yes, please, put it back. Also having BTC values is much better IMHO, because you don't have to rely on any external parameter/api.
|
|
|
|
btcdrak
Legendary
Offline
Activity: 1064
Merit: 1000
|
|
November 26, 2013, 12:12:00 PM |
|
Thanks everyone for their constructive feedback!
1) We did not think anyone would notice autopay gone, so you have proved us wrong. With some security enhancements it can make a comeback. One particular problem was the fix in fiat. What do you think about a limit set in btc/mBtc/uBtc ? That would make the process more secure, faster (because it does not need to wait for up-to-date exchagne rate), and ready for offline payments.
Even NFC credit cards are becoming a big thing in the EU. You can just tap them and it will deduct a maximum of 30 Euro.
|
|
|
|
btcdrak
Legendary
Offline
Activity: 1064
Merit: 1000
|
|
November 26, 2013, 12:14:22 PM |
|
3) Having this backup verification is very important. What good is a backup if you don't know if you will be able to use it? And yes, if the user wants, he can still shoot himself in the foot. Maybe we should add a textbox where you enter "IGNORE BACKUP WARNING" to disable the nagging?
Please do not let uses bypass this. The point is, you need to protect users from themselves. This is something which will be used by mainstream users. How many times have you seen in these forums or Reddit where people have forgotten their wallet.dat passwords and lost hundreds of bitcoins? You are right. But what I would prefer is if you allow (by configuration) to use a set of random words like Electrum (diceware style) as opposed to the random letters etc.
|
|
|
|
btcdrak
Legendary
Offline
Activity: 1064
Merit: 1000
|
|
November 26, 2013, 12:17:28 PM |
|
So I hate to bring this up... but it's sort of imperitive... will you release a Litecoin version of MyCelium wallet? Litecoin is kind of becoming a BIG deal now.
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
November 26, 2013, 01:00:40 PM |
|
"Auto Pay" feature: Contrary to what some of you may think we do have users who use the wallet for very large sums. In many ways it is a lot easier to handle large amounts on a small dedicated device rather than a dedicated computer. It is both cheaper, easier, and requires less space. Therefore the security considerations of the autopay feature made us pull it. We will add it back in, but we want to do it right, with daily limits or something. Please have a little patience, we have a huge pile of requests, and we want to do it right. "Forced" backup: You won't believe how many (sometimes angry) emails I have received because of Bitcoin loss. In the end it always falls back to the developers <-- me & Andreas. I don't like people being angry at me, and I don't like that people loose money. If I can choose I'd prefer to have Technomage be angry with me because he gets reminded to be responsible with his own money Bitcoin is all about being in control of your own money, and with that comes responsibility <--- this is really hard for many people to grasp, especially newcomers. We wish to help our users as best we can to remember to make backups and make it both secure and easy. I believe we have achieved that with this release. I do recognize that some of you (my guess is very few of you) don't care whether you loose your private keys. My suggestion is to add an option which is available in Expert Mode, that allows you to ignore backups. If we make it, it will require several "OK" acknowledgements and/or require the user to enter "I UNDERSTAND"... or something.
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
November 26, 2013, 01:05:29 PM |
|
So I hate to bring this up... but it's sort of imperitive... will you release a Litecoin version of MyCelium wallet? Litecoin is kind of becoming a BIG deal now.
We don't have any plans for adding Litecoin right now. There is plenty to do to just get Bitcoin right. We may reconsider later on once the dust settles.
|
Mycelium let's you hold your private keys private.
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
November 26, 2013, 01:10:04 PM |
|
Good points Jan. I can see your point of view. Bitcoin is a new paradigm and requires new kind of security thinking, and many newbies don't understand that. It has to be "instructed" in a way. Understandable.
It's however good to design the wallet for both basic and advanced users in mind. It's not a big issue if I have to go through a few menus to be able to ignore the backup reminder, that's what advanced users do. I go through all possible settings in a program in detail every time I use anything. When something can't be customized (in any way), that is always a disappointment.
When something could be customized before, but can't anymore, that is an even bigger disappointment. I don't like software updates where the advanced settings are suddenly gone. I can understand hiding them by default but not having any way to enable them is quite limiting.
I can understand the need for simplicity, but having a separate expert mode with some of these settings for advanced users is a good idea. If you want to design a wallet that both newbies and experienced users want to use, I mean.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
btcdrak
Legendary
Offline
Activity: 1064
Merit: 1000
|
|
November 26, 2013, 01:19:39 PM |
|
It's however good to design the wallet for both basic and advanced users in mind. It's not a big issue if I have to go through a few menus to be able to ignore the backup reminder, that's what advanced users do. I go through all possible settings in a program in detail every time I use anything. When something can't be customized (in any way), that is always a disappointment.
The problem is "advanced users" are often the victims of their own intelligence. And then there is just plain bad luck - like losing the phone, or dropping it in your beer. A true "expert user" would recognise backups are MUCH more important than a nag screen. @Jan - dont remove it.
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
November 26, 2013, 02:14:54 PM |
|
@Jan - dont remove it.
trying to keep everyone happy is really hard
|
Mycelium let's you hold your private keys private.
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
November 26, 2013, 02:47:53 PM |
|
It's however good to design the wallet for both basic and advanced users in mind. It's not a big issue if I have to go through a few menus to be able to ignore the backup reminder, that's what advanced users do. I go through all possible settings in a program in detail every time I use anything. When something can't be customized (in any way), that is always a disappointment.
The problem is "advanced users" are often the victims of their own intelligence. And then there is just plain bad luck - like losing the phone, or dropping it in your beer. A true "expert user" would recognise backups are MUCH more important than a nag screen. @Jan - dont remove it. And those of us importing our already-backed-up keys just have to go through the verification procedure again each time? A procedure which pretty much (appropriately) requires a printout of the keys? *sigh* Maybe two versions of the app might be warranted. The normal version, and the "DANGEROUS", "RISKY", "ADVANCED EXPERT MODE" version that scares all the newbies away with descriptions like "this version is far riskier, and YOU STAND A GOOD CHANCE OF LOSING YOUR COINS if you don't take extra precautions on your own." Of course, knowing that that would require much more work than it might sound like, I'm only joking. But a guy can dream. (Or try to bribe you with bitcoins....)
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
November 26, 2013, 02:56:53 PM |
|
It's however good to design the wallet for both basic and advanced users in mind. It's not a big issue if I have to go through a few menus to be able to ignore the backup reminder, that's what advanced users do. I go through all possible settings in a program in detail every time I use anything. When something can't be customized (in any way), that is always a disappointment.
The problem is "advanced users" are often the victims of their own intelligence. And then there is just plain bad luck - like losing the phone, or dropping it in your beer. A true "expert user" would recognise backups are MUCH more important than a nag screen. @Jan - dont remove it. And those of us importing our already-backed-up keys just have to go through the verification procedure again each time? A procedure which pretty much (appropriately) requires a printout of the keys? *sigh* Maybe two versions of the app might be warranted. The normal version, and the "DANGEROUS", "RISKY", "ADVANCED EXPERT MODE" version that scares all the newbies away with descriptions like "this version is far riskier, and YOU STAND A GOOD CHANCE OF LOSING YOUR COINS if you don't take extra precautions on your own." Of course, knowing that that would require much more work than it might sound like, I'm only joking. But a guy can dream. (Or try to bribe you with bitcoins....) (Or try to bribe you with bitcoins....) If you import a key you never have to verify it. You already proved that you have elsewhere. Verification is only required for keys that were generated by the app.
|
Mycelium let's you hold your private keys private.
|
|
|
btcdrak
Legendary
Offline
Activity: 1064
Merit: 1000
|
|
November 26, 2013, 02:58:00 PM |
|
I can verify that. I imported keys and have not been asked to back them up. Jan is one step ahead of us all...
|
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
November 26, 2013, 03:02:34 PM |
|
If you import a key you never have to verify it. You already proved that you have elsewhere. Verification is only required for keys that were generated by the app.
Ah, so then the experience I had was just a one-time event, due to updating the app's wallet? Nice! (Or try to bribe you with bitcoins....) Hey, I'm willing to make a reasonable offer.
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
November 26, 2013, 06:22:12 PM |
|
Bitcoin is *not* the state that is out there to patronize adults and forcefully attempt to stop adults from making mistakes with their lives. Going too far with forced security annoyances is exactly that, going too far. I don't agree with btcdrak not only from the annoyance standpoint but also from an ideological standpoint. The comments of btcdrak remind me of politicians that are trying to make decisions on people's lives on behalf of people themselves. Disgusting. This is slightly off topic of course, and the developers of Mycelium are free to do with their wallet as they wish (thankfully they indeed are). My opinion on this is that they should simply add a strong disclaimer if someone wants to remove the backup notice without verifying, so that the user will understand that by doing so any loss of bitcoins will be 100% their responsibility, thus reducing the strain loss cases can cause to the developers.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
|
Tacticat
|
|
December 01, 2013, 01:09:53 PM |
|
Could someone please tell me what possible risks there are when using the "Cold Storage" option?
Could malware read the key from memory before it's deleted?
|
Tips and donations:
15nqQGfkgoxrBnsshD6vCuMWuz71MK51Ug
|
|
|
apetersson
|
|
December 02, 2013, 01:27:36 AM |
|
Could someone please tell me what possible risks there are when using the "Cold Storage" option?
Could malware read the key from memory before it's deleted?
this is a good question. i don't believe there is malware that specialized yet, and we had no report indicating that a mycelium user lost bitcoins, even a hot wallet, due to malware. cold storage will not persist the key into flash memory. so any attack that looks there (even if it can peek into private storage of apps, with a root-exploit) will not work. but if malware has full control over the system with a root exploit it can try to read the private keys by accessing the camera sensor data directly, or by instrumenting the whole app, and intercepting the data passed between intents. (it would basically re-package the entire mycelium wallet apk if it finds an exploit to bypass signature checks) this is technically extremely sophisticated, requires significant effort to implement and has a very low, almost zero chance of infecting people if they just use the play store. if you install any random .apk from your email or you run a really bad custom ROM, like MIUI you are more in danger than normal. IMO, the best protection is to keep a lower amount of bitcoins in your normal mycelium wallet. if they do not get stolen you can be pretty sure that there is no malware targeting your bitcoins. so right now security of cold wallet spending is pretty good, but there is still room to improve it. that is what keeps us busy. there is plenty to do, to improve security even further.
|
|
|
|
apetersson
|
|
December 04, 2013, 09:00:54 PM |
|
sources for version 1.1.0 rc7 have been pushed to github. testers in the beta group can already get an update from play store, too. https://plus.google.com/107839384289577985803/posts/2pDGGfhX9T1*) Bip38 support *) translations to de, es, it, pt, ru, zh *) ability to change language in options *) camera fixes (landscape mode) *) number grouping for large numbers *) bugfix when sharing PDF with Samsung Email App *) default unit mBtc *) allow encrypted backup verification through clipboard in addition to qr code. please report any bugs you might encounter.
|
|
|
|
Rassah
Moderator
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
December 05, 2013, 01:46:32 PM |
|
*) number grouping for large numbers
Is this for wealthy bitcoiners???
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
December 05, 2013, 02:52:45 PM |
|
*) number grouping for large numbers
Is this for wealthy bitcoiners??? No if you pair that with "default unit mBtc" .
|
|
|
|
|