thebanker28
|
|
January 14, 2014, 08:06:38 PM |
|
Just want to say I love your apps making cold wallet spending super easy. =)
|
|
|
|
sidhujag
Legendary
Offline
Activity: 2044
Merit: 1005
|
|
January 14, 2014, 08:26:54 PM Last edit: January 14, 2014, 09:13:04 PM by sidhujag |
|
Just want to say I love your apps making cold wallet spending super easy. =)
This wallet has a centralized API that goes against what bitcoin stands for. If a million people were doing some serious business with the wallet and someone wanted tos crew them over they coudl attack the server(s) and poof your wallet doesn't work. Hence your wallet's fate is always in the hands of a centralized person(s)... and you will always get this what happened in this post: https://bitcointalk.org/index.php?topic=293472.msg4473315#msg4473315I tried to contact these people so I can make another "super node" using Devcoin but to no avail. I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all), alas I moved onto using bitcoinj which is totally decentralized and doesn't have a big problem with downloading block data since it is using checkpoints and only downloading last 5 weeks of data. You would simply backup your wallet and if you re-install a new version of the wallet you can import your keys again later. The whole "not having to download the blockchain" is actually a bad thing not a good one. So your claim of open source does not stand, unless you open up the source to your API which I can then use to port my application. The claim here: https://bitcointalk.org/index.php?topic=293472.msg3160266#msg3160266 as to why SPV store's are not good because you can't import arbritraty private keys without redownloading the entire blockchain from the genesis block node is a mute point and doesn't defeat the notion of SPV store being better than this proprietary private API. When someone wants to use the android wallet they simply transfer coins over to it without importing your QT wallet private key. Infact it is dangerous to even dump your private key so to encourage this behaviour is bad anyways. The bitcoinj wallet will allow you to create a new key where you would send coins from your other wallet(s) to it and then you go from there. The SPV store will remember all transactions related to its own wallet from the time you installed the application. If you reinstall the application it will redownload from the last checkpoint which is the earliest time that you could have sent any coins for the wallet to care anyways. Even if we update the checkpoints so the user would only ever have to download 5 weeks of data, by importing an older key from an older bitcoinj install, I believe since the hash of the blocks are saved relating to the transactions which the wallet would care about it would reimport these blocks when you import your old wallet. About cold storage, someone could double spend you with a higher mining fee so its not really safe, NFC/Bluetooth available in bitcoinj is essentially the same thing.
|
|
|
|
ffe
|
|
January 14, 2014, 08:42:36 PM |
|
Just want to say I love your apps making cold wallet spending super easy. =)
This wallet has a centralized API that goes against what bitcoin stands for. If a million people were doing some serious business with the wallet and someone wanted tos crew them over they coudl attack the server and poof your wallet doesn't work. Hence your wallet's fate is always in the hands of a centralized person(s)... and you will always get this what happened in this post: https://bitcointalk.org/index.php?topic=293472.msg4473315#msg4473315I tried to contact these people so I can make another "super node" using Devcoin but to no avail. I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all), alas I moved onto using bitcoinj which is totally decentralized and doesn't have a big problem with downloading block data since it is using checkpoints and only downloading last 5 weeks of data. You would simply backup your wallet and if you re-install a new version of the wallet you can import your keys again later. The whole "not having to download the blockchain" is actually a bad thing not a good one. So your claim of open source does not stand, unless you open up the source to your API which I can then use to port my application. The claim here: https://bitcointalk.org/index.php?topic=293472.msg3160266#msg3160266 as to why SPV store's are not good because you can't import arbritraty private keys without redownloading the entire blockchain from the genesis block node is a mute point and doesn't defeat the notion of SPV store being better than this proprietary private API. When someone wants to use the android wallet they simply transfer coins over to it without importing your QT wallet private key. Infact it is dangerous to even dump your private key so to encourage this behaviour is bad anyways. The bitcoinj wallet will allow you to create a new key where you would send coins from your other wallet(s) to it and then you go from there. The SPV store will remember all transactions related to its own wallet from the time you installed the application. If you reinstall the application it will redownload from the last checkpoint which is the earliest time that you could have sent any coins for the wallet to care anyways. Even if we update the checkpoints so the user would only ever have to download 5 weeks of data, by importing an older key from an older bitcoinj install, I believe since the hash of the blocks are saved relating to the transactions which the wallet would care about it would reimport these blocks when you import your old wallet. Still, it does make cold wallet spending super easy.
|
|
|
|
prof7bit
|
|
January 14, 2014, 08:44:04 PM |
|
I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all)
Couldn't it be modified so that it works with electrum servers?
|
|
|
|
sidhujag
Legendary
Offline
Activity: 2044
Merit: 1005
|
|
January 14, 2014, 08:48:12 PM |
|
I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all)
Couldn't it be modified so that it works with electrum servers? No the API connects only to bitcoin nodes.
|
|
|
|
prof7bit
|
|
January 14, 2014, 08:59:09 PM |
|
I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all)
Couldn't it be modified so that it works with electrum servers? No the API connects only to bitcoin nodes. Huh? you just said it connects to proprietary servers (which is also my understanding) and now you say it connects to bitcoind nodes.
|
|
|
|
sidhujag
Legendary
Offline
Activity: 2044
Merit: 1005
|
|
January 14, 2014, 09:03:19 PM |
|
I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all)
Couldn't it be modified so that it works with electrum servers? No the API connects only to bitcoin nodes. Huh? you just said it connects to proprietary servers (which is also my understanding) and now you say it connects to bitcoind nodes. Checkout this post: https://bitcointalk.org/index.php?topic=293472.msg3158655#msg3158655
|
|
|
|
prof7bit
|
|
January 14, 2014, 09:43:09 PM |
|
I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all)
Couldn't it be modified so that it works with electrum servers? No the API connects only to bitcoin nodes. Huh? you just said it connects to proprietary servers (which is also my understanding) and now you say it connects to bitcoind nodes. Checkout this post: https://bitcointalk.org/index.php?topic=293472.msg3158655#msg3158655Yes, thats what I said. And also what you said in your first post (before you suddenly claimed the exact opposite: "No the API connects only to bitcoin nodes."). If it connects to Mycelium proprietary servers then I see two possible ways to fix it: * write an open source version of these mycelium servers from scratch by inspecting / reverse engineering the API * modify Mycelium code so that it can use Electrum servers API instead to query the information it needs And actually even a third one: * Mycelium.com releases the source code of the server as open source, so other people can set up servers too.
|
|
|
|
sidhujag
Legendary
Offline
Activity: 2044
Merit: 1005
|
|
January 14, 2014, 09:49:21 PM Last edit: January 14, 2014, 10:18:49 PM by sidhujag |
|
I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all)
Couldn't it be modified so that it works with electrum servers? No the API connects only to bitcoin nodes. Huh? you just said it connects to proprietary servers (which is also my understanding) and now you say it connects to bitcoind nodes. Checkout this post: https://bitcointalk.org/index.php?topic=293472.msg3158655#msg3158655Yes, thats what I said. And also what you said in your first post (before you suddenly claimed the exact opposite: "No the API connects only to bitcoin nodes."). If it connects to Mycelium proprietary servers then I see two possible ways to fix it: * write an open source version of these mycelium servers from scratch by inspecting / reverse engineering the API * modify Mycelium code so that it can use Electrum servers API instead to query the information it needs And actually even a third one: * Mycelium.com releases the source code of the server as open source, so other people can set up servers too. No I didn't I said the API connects to bitcoin nodes, your IT referred to the wallet and my IT referred to the API. I didn't claim anything the exact opposite, re-read again until you get it. I wrote them an email asking this exact thing, open up the source or add another node for me. I gave up and actually I prefer decentralized for the long run anyways. The bitcoinj interface does everything this does. I believe the source is closed to avoid others from tweaking and taking market advantage. But I believe they are trying to funnel the transactions and extract info via datamining or whatever that someone may pay big money for in the future. In the end it is a centralized solution and one that I thought we went away from with Bitcoin. This is possible since each wallet is signed to talk to the API so the API knows who you are when you download the wallet. I was going the reverse engineer approach but really didn't want to figure out the SSL signing and the data structure, as well I just ended up choosing bitcoinj because to me its a better model. The GUI is just as nice aswell.
|
|
|
|
prof7bit
|
|
January 14, 2014, 10:10:48 PM |
|
I was going the reverse engineer approach but since there are signed keys involved this is probably not possible
As I understand it the complete source of the Mycelium wallet app is on github, what keeps you from reading the portion of the code that is talking with their servers to understand what the server must do and replace the SSL certificate in the code with the one of your own server once you have managed to write one?
|
|
|
|
sidhujag
Legendary
Offline
Activity: 2044
Merit: 1005
|
|
January 14, 2014, 10:22:17 PM |
|
I was going the reverse engineer approach but since there are signed keys involved this is probably not possible
As I understand it the complete source of the Mycelium wallet app is on github, what keeps you from reading the portion of the code that is talking with their servers to understand what the server must do and replace the SSL certificate in the code with the one of your own server once you have managed to write one? You're right I could do the same thing, just alot more work to figure out how each call to the API relates to talking to the bitcoin node. I preferred not to because its hard to really look inside of a closed loop to see what is going on from every angle. If people really wanted this Im guessing someone would do it anyway, or they can simply open up their API like they should. Having it closed to me means there are hidden agenda's we don't know about.
|
|
|
|
Rassah
Moderator
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
January 14, 2014, 10:25:10 PM Last edit: January 14, 2014, 10:37:47 PM by Rassah |
|
Yes. The same node experienced bitcoind database corruption. It has been taken offline for investigation. Wallets automatically switch over to another server.
Can you have wallets pick a random server to connect to, and then ping another random server for block #? This would help automatically switch it to a working one if one of them gets stuck. You know, in case you're on vacation
|
|
|
|
Rassah
Moderator
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
January 14, 2014, 10:27:30 PM |
|
DOH! The requirements of that position are a perfect fit for me, but I'm not near Vienna
|
|
|
|
Rassah
Moderator
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
January 14, 2014, 10:45:51 PM |
|
This wallet has a centralized API that goes against what bitcoin stands for. If a million people were doing some serious business with the wallet and someone wanted tos crew them over they coudl attack the server(s) and poof your wallet doesn't work. Hence your wallet's fate is always in the hands of a centralized person(s)... and you will always get this what happened in this post: https://bitcointalk.org/index.php?topic=293472.msg4473315#msg4473315Mycelium backs up private keys in BIP38 encrypted format. They can be importen into any other wallet, so if the server is screwed, you can switch to something else. I am sure if this ever becomes a legitimate concern, they could set up a few extra servers in different places with a few extra security features. The claim here: https://bitcointalk.org/index.php?topic=293472.msg3160266#msg3160266 as to why SPV store's are not good because you can't import arbritraty private keys without redownloading the entire blockchain from the genesis block node is a mute point and doesn't defeat the notion of SPV store being better than this proprietary private API. When someone wants to use the android wallet they simply transfer coins over to it without importing your QT wallet private key. Infact it is dangerous to even dump your private key so to encourage this behaviour is bad anyways. (moot point) For my Mycelium usage, I generate a couple of addresses using bitaddress.org, print out a few copies, store them in safes, and them import the private keys with Mycelium. I feel much more confident knowing my private keys are safe on paper, and can be restored into any wallet I use, than just having an encrypted file backed up somewhere where it could possible be stolen and bruteforced. Plus I don't think you can import backups from most other wallets into different wallets. Having access to your private key is, ahem, key.
|
|
|
|
sidhujag
Legendary
Offline
Activity: 2044
Merit: 1005
|
|
January 14, 2014, 11:17:19 PM |
|
This wallet has a centralized API that goes against what bitcoin stands for. If a million people were doing some serious business with the wallet and someone wanted tos crew them over they coudl attack the server(s) and poof your wallet doesn't work. Hence your wallet's fate is always in the hands of a centralized person(s)... and you will always get this what happened in this post: https://bitcointalk.org/index.php?topic=293472.msg4473315#msg4473315Mycelium backs up private keys in BIP38 encrypted format. They can be importen into any other wallet, so if the server is screwed, you can switch to something else. I am sure if this ever becomes a legitimate concern, they could set up a few extra servers in different places with a few extra security features. The claim here: https://bitcointalk.org/index.php?topic=293472.msg3160266#msg3160266 as to why SPV store's are not good because you can't import arbritraty private keys without redownloading the entire blockchain from the genesis block node is a mute point and doesn't defeat the notion of SPV store being better than this proprietary private API. When someone wants to use the android wallet they simply transfer coins over to it without importing your QT wallet private key. Infact it is dangerous to even dump your private key so to encourage this behaviour is bad anyways. (moot point) For my Mycelium usage, I generate a couple of addresses using bitaddress.org, print out a few copies, store them in safes, and them import the private keys with Mycelium. I feel much more confident knowing my private keys are safe on paper, and can be restored into any wallet I use, than just having an encrypted file backed up somewhere where it could possible be stolen and bruteforced. Plus I don't think you can import backups from most other wallets into different wallets. Having access to your private key is, ahem, key. Agreed that storing in BIP38 format is good because you can transfer your priv key out, however having to do this is a serious flaw in the first place because of the centralized model. I think this is on equal terms with bitcoinj because bitcoinj can be hacked your right just like anything else, there is no exporting keys because it is hidden from the user, and the wallets are non transferable. So im sure bitcoinj can do the same but thats besides the point which I said before that it is closed source and centralized through an API that we know nothing of. Still not enough to say that the SPV store is not the correct way to do it, because you don't have to download from genesis block. You would download from last checkpoint, or somethign smarter in the future by maybe the last block of the first transaction of the wallet which MUST be after the earliest original checkpoint. Infact if I chose open source I would implement SPV and allow private key import/export just liket his one, and then add the feature I just talked about so that the user only has to download as much as the block chain to satisfy the transactions in their wallet. If you do a use-case analysis you would see that most of the users would never have to worry about the larger downloads... most will only do it once and only have to deal with a small blockchain download of a few weeks. Instead SPV was ignored and a closed source API was implemented which totally went against decentralization.
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
January 14, 2014, 11:30:35 PM |
|
Just want to say I love your apps making cold wallet spending super easy. =)
This wallet has a centralized API that goes against what bitcoin stands for. If a million people were doing some serious business with the wallet and someone wanted tos crew them over they coudl attack the server(s) and poof your wallet doesn't work. Hence your wallet's fate is always in the hands of a centralized person(s)... and you will always get this what happened in this post: https://bitcointalk.org/index.php?topic=293472.msg4473315#msg4473315I tried to contact these people so I can make another "super node" using Devcoin but to no avail. I liked the interface and ported it over to Devcoin only to learn that all communications are happening via a central API that this company has control over (so its not really open source after all), alas I moved onto using bitcoinj which is totally decentralized and doesn't have a big problem with downloading block data since it is using checkpoints and only downloading last 5 weeks of data. You would simply backup your wallet and if you re-install a new version of the wallet you can import your keys again later. The whole "not having to download the blockchain" is actually a bad thing not a good one. So your claim of open source does not stand, unless you open up the source to your API which I can then use to port my application. The claim here: https://bitcointalk.org/index.php?topic=293472.msg3160266#msg3160266 as to why SPV store's are not good because you can't import arbritraty private keys without redownloading the entire blockchain from the genesis block node is a mute point and doesn't defeat the notion of SPV store being better than this proprietary private API. When someone wants to use the android wallet they simply transfer coins over to it without importing your QT wallet private key. Infact it is dangerous to even dump your private key so to encourage this behaviour is bad anyways. The bitcoinj wallet will allow you to create a new key where you would send coins from your other wallet(s) to it and then you go from there. The SPV store will remember all transactions related to its own wallet from the time you installed the application. If you reinstall the application it will redownload from the last checkpoint which is the earliest time that you could have sent any coins for the wallet to care anyways. Even if we update the checkpoints so the user would only ever have to download 5 weeks of data, by importing an older key from an older bitcoinj install, I believe since the hash of the blocks are saved relating to the transactions which the wallet would care about it would reimport these blocks when you import your old wallet. About cold storage, someone could double spend you with a higher mining fee so its not really safe, NFC/Bluetooth available in bitcoinj is essentially the same thing. Wow, quite a lot of activity today. I am sorry that our free app (with sources available) cannot easily be used for your own development project. Being a developer kit was never the intention of Mycelium project. You are probably much better off using BitcoinJ, as you do now. The sources are there for you to review, build and install. This is your guarantee that we have no control over the private keys and that we can't steal your funds. Most software these days depend on "centralized APIs" that are not open source. For instance, any wallet that displays exchange rates depends on this data from one or more of the closed source exchanges. If our servers say poof Mycelium users can always import their private keys into any wallet they like and continue from there. I have nothing against SVP wallets. My opinion has always been that in bitcoin land we need as much diversity as we can get.
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
January 14, 2014, 11:36:59 PM |
|
Yes. The same node experienced bitcoind database corruption. It has been taken offline for investigation. Wallets automatically switch over to another server.
Can you have wallets pick a random server to connect to, and then ping another random server for block #? This would help automatically switch it to a working one if one of them gets stuck. You know, in case you're on vacation Yes. Andreas and I have been discussing today on how to improve this. What we came up with is a process that monitors the servers and starts making noises if something is wrong. Your idea sounds actually quite good, and I think a combination will be perfect.
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
January 14, 2014, 11:41:05 PM |
|
DOH! The requirements of that position are a perfect fit for me, but I'm not near Vienna The Vienna thing is just a bonus qualification, especially for the community manager. Did I mention that I am living 1000 kilometers from Vienna ;-) (you see, today a community manager would be really great to have on a day like today, as I am tired and need to focus on developing stuff instead of handling angry people)
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
January 15, 2014, 12:02:32 AM |
|
This wallet has a centralized API that goes against what bitcoin stands for. If a million people were doing some serious business with the wallet and someone wanted tos crew them over they coudl attack the server(s) and poof your wallet doesn't work. Hence your wallet's fate is always in the hands of a centralized person(s)... and you will always get this what happened in this post: https://bitcointalk.org/index.php?topic=293472.msg4473315#msg4473315Mycelium backs up private keys in BIP38 encrypted format. They can be importen into any other wallet, so if the server is screwed, you can switch to something else. I am sure if this ever becomes a legitimate concern, they could set up a few extra servers in different places with a few extra security features. The claim here: https://bitcointalk.org/index.php?topic=293472.msg3160266#msg3160266 as to why SPV store's are not good because you can't import arbritraty private keys without redownloading the entire blockchain from the genesis block node is a mute point and doesn't defeat the notion of SPV store being better than this proprietary private API. When someone wants to use the android wallet they simply transfer coins over to it without importing your QT wallet private key. Infact it is dangerous to even dump your private key so to encourage this behaviour is bad anyways. (moot point) For my Mycelium usage, I generate a couple of addresses using bitaddress.org, print out a few copies, store them in safes, and them import the private keys with Mycelium. I feel much more confident knowing my private keys are safe on paper, and can be restored into any wallet I use, than just having an encrypted file backed up somewhere where it could possible be stolen and bruteforced. Plus I don't think you can import backups from most other wallets into different wallets. Having access to your private key is, ahem, key. Agreed that storing in BIP38 format is good because you can transfer your priv key out, however having to do this is a serious flaw in the first place because of the centralized model. I think this is on equal terms with bitcoinj because bitcoinj can be hacked your right just like anything else, there is no exporting keys because it is hidden from the user, and the wallets are non transferable. So im sure bitcoinj can do the same but thats besides the point which I said before that it is closed source and centralized through an API that we know nothing of. Still not enough to say that the SPV store is not the correct way to do it, because you don't have to download from genesis block. You would download from last checkpoint, or somethign smarter in the future by maybe the last block of the first transaction of the wallet which MUST be after the earliest original checkpoint. Infact if I chose open source I would implement SPV and allow private key import/export just liket his one, and then add the feature I just talked about so that the user only has to download as much as the block chain to satisfy the transactions in their wallet. If you do a use-case analysis you would see that most of the users would never have to worry about the larger downloads... most will only do it once and only have to deal with a small blockchain download of a few weeks. Instead SPV was ignored and a closed source API was implemented which totally went against decentralization. Today's last comment and then I am off to bed. If you import a private key and you wish to know its transaction history then you need to somehow scan the blockchain from the first point in time where it participated in a transaction that hit the block chain. If the private key has no timestamp associated with it (as with cold storage spending) you need to scan it all. If you have a timestamp (you could have that in a backup along with your private key) and you KNOW that it has not been used before that time you can safely only scan from that point in time. However, if that was a year ago then it is not insignificant.
|
Mycelium let's you hold your private keys private.
|
|
|
TheButterZone
Legendary
Offline
Activity: 3066
Merit: 1032
RIP Mommy
|
|
January 15, 2014, 12:06:06 AM |
|
This wallet has a centralized API that goes against what bitcoin stands for. If a million people were doing some serious business with the wallet and someone wanted tos crew them over they coudl attack the server(s) and poof your wallet doesn't work. Hence your wallet's fate is always in the hands of a centralized person(s)... and you will always get this what happened in this post: https://bitcointalk.org/index.php?topic=293472.msg4473315#msg4473315Mycelium backs up private keys in BIP38 encrypted format. Last I saw, it was another encrypted format? https://bitcointalk.org/index.php?topic=293472.0;all text search "bip"
|
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
|