Rassah
Moderator
Legendary
 Offline
Activity: 1680
Merit: 1035
|
 |
March 13, 2014, 04:41:37 AM |
|
Is Mycelium ready for the changes coming with 0.90? I expect we should have support for lower fees very soon after official release and support for payment requests later on?
Fees are a quick fix, so should be out soon after 0.9. Merchant protocol will take a while longer. BIP32 HD wallets are more important |
|
|
|
|
|
soullyG
|
|
March 13, 2014, 12:02:51 PM |
|
Thanks.
We have started adding rates from sources that are not actual exchanges such as Coinbase and BitPay.
Many users have requested this as it allows them to see what their coins are worth when buying at for instance Coinbase or spending at a BitPay enabled merchant. Since these sources do not have a volume associated we cannot really calculate a weighted average.
In the testnet version (released 2 days ago) we have added BitcoinAverage. They make a business out of monitoring and selecting relevant exchange sources, and we believe that they track the markets closer than the Mycelium developers.
The default choice is right now Bitstamp, and it is up to the user to select a source that he/she finds valuable and trustworthy.
Thanks Jan, that makes sense - I think BitcoinAverage would be more than enough for my needs (I just like extra options to play with  ) One more thing: I had the chance to use message signing for the first time the other day, and it got me thinking - it's currently only possible to do this for keys that are stored on the device - would it be possible to integrate this feature with the cold storage spending functionality, so that we can sign messages on an ad-hoc basis, without needing to fully import the private key? |
|
|
|
|
|
apetersson
|
|
March 13, 2014, 01:13:49 PM |
|
One more thing: I had the chance to use message signing for the first time the other day, and it got me thinking - it's currently only possible to do this for keys that are stored on the device - would it be possible to integrate this feature with the cold storage spending functionality, so that we can sign messages on an ad-hoc basis, without needing to fully import the private key?
yes. this makes a lot of sense. it is just a question of how to integrate it in the UI. |
|
|
|
|
|
RGBKey
|
|
March 13, 2014, 03:21:43 PM |
|
One more thing: I had the chance to use message signing for the first time the other day, and it got me thinking - it's currently only possible to do this for keys that are stored on the device - would it be possible to integrate this feature with the cold storage spending functionality, so that we can sign messages on an ad-hoc basis, without needing to fully import the private key?
yes. this makes a lot of sense. it is just a question of how to integrate it in the UI. Maybe instead of putting the sign option as an address option, add it as a menu option (like cold storage) and then you can choose an address or to scan, etc. Also, not sure if you noticed the new samsung discovery of a backdoor/feature. I personalky use a galaxy, and was concerned enough to move it onto my computer for a bit. Can you advise on that? |
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 13, 2014, 03:34:33 PM |
|
...Also, not sure if you noticed the new samsung discovery of a backdoor/feature. I personalky use a galaxy, and was concerned enough to move it onto my computer for a bit. Can you advise on that?
Was actually in the process of writing about that... gimme a minute |
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 13, 2014, 03:59:13 PM |
|
A vulnerability has been discovered which seems to affect certain Samsung devices: http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoorWhat can it do?It appears that this could be used to gain read access to Mycelium private keys on the android file system for the following device types: - Nexus S (I902x)
- Galaxy S (I9000)
- Galaxy S 2 (I9100)
- Galaxy Note (N7000)
- Galaxy Nexus (I9250)
- Galaxy Tab 2 7.0 (P31xx)
- Galaxy Tab 2 10.1 (P51xx)
- Galaxy S 3 (I9300)
- Galaxy Note 2 (N7100)
How should I react?For a start, please don't store more in a hot wallet than what you are prepared to loose. This is a general recommendation regardless of whether you use Mycelium or any other wallet. Mycelium offers cold storage spending where the private key never touches the file system. With cold storage spending your private key is safe from this exploit. Use it. What will Mycelium do?We will make an update that makes Mycelium warn the user if he is running on one of those devices. We will get in contact with other Bitcoin android developers and figure out what the best course of action is. |
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 13, 2014, 04:24:36 PM |
|
Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit)
|
Mycelium let's you hold your private keys private.
|
|
|
|
hgmichna
|
|
March 13, 2014, 04:42:18 PM |
|
Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit) Are you sure? It reads more like remote file access. But anyway, things are moving fast at least at CyanogenMod's. There is already a software problem report in their bug tracker with priority "critical". I, for one, may have to switch over to CyanogenMod a bit sooner than I had planned. My phone is a Samsung Galaxy Nexus, which is affected. Replicant is another choice. After all they found the backdoor. |
|
|
|
|
|
soullyG
|
|
March 13, 2014, 05:20:35 PM |
|
One more thing: I had the chance to use message signing for the first time the other day, and it got me thinking - it's currently only possible to do this for keys that are stored on the device - would it be possible to integrate this feature with the cold storage spending functionality, so that we can sign messages on an ad-hoc basis, without needing to fully import the private key?
yes. this makes a lot of sense. it is just a question of how to integrate it in the UI. Thanks, I think the best place to put it would be on the screen after selecting the "cold storage" menu option (and likely only once the private key has been scanned) to keep it separate from the standard message signing, but RGBKey's proposal is also good: Maybe instead of putting the sign option as an address option, add it as a menu option (like cold storage) and then you can choose an address or to scan, etc.
|
|
|
|
|
|
RGBKey
|
|
March 13, 2014, 05:22:01 PM |
|
Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit)
This is not true. The exploit gives access to anybody broadcasting a pirate signal from capable equipment also. Correct? |
|
|
|
|
|
apetersson
|
|
March 13, 2014, 11:00:57 PM |
|
Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit)
This is not true. The exploit gives access to anybody broadcasting a pirate signal from capable equipment also. Correct? As far as i understand, you need to have actual malware installed, which in turn can bypass the process isolation. Of course, this malware can request access rights to Internet, Bluetooth or whatever, which could be used to abuse this remotely. But this is still quite fresh now, maybe i'm wrong. |
|
|
|
|
|
|
|
RGBKey
|
|
March 14, 2014, 12:58:34 AM |
|
I wasn't too concerned since I had only 1.8% of my coins on my phone, and of course a verified backup, but always have to be wary about these things. EDIT: My phone is a Galaxy S III mini. |
|
|
|
|
|
hgmichna
|
|
March 14, 2014, 09:39:28 AM |
|
I wasn't too concerned since I had only 1.8% of my coins on my phone, and of course a verified backup, but always have to be wary about these things.
EDIT: My phone is a Galaxy S III mini.
We are so relieved! |
|
|
|
|
|
RGBKey
|
|
March 15, 2014, 02:27:43 PM |
|
Think I disovered a small backup related bug. (Does not affect integrity of backups)
My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.
|
|
|
|
|
|
RGBKey
|
|
March 16, 2014, 08:38:04 PM |
|
Think I disovered a small backup related bug. (Does not affect integrity of backups)
My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.
Any comment? |
|
|
|
|
|
apetersson
|
|
March 17, 2014, 01:31:28 PM |
|
Think I disovered a small backup related bug. (Does not affect integrity of backups)
My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.
Any comment? I know we had a bug in the labels of the PDF. i assume just the numbering is wrong and the actual backup is fine. if so, i'll put it in the low-prio bug category. we will eventually fix it someday or sooner if we get a pull request for it. (what is more annoying is the lack on UTF-8 support in the pdf... ) this needs a major rewrite with a different PDF generation engine. |
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 17, 2014, 03:02:07 PM |
|
Think I disovered a small backup related bug. (Does not affect integrity of backups)
My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.
Any comment? I know we had a bug in the labels of the PDF. i assume just the numbering is wrong and the actual backup is fine. if so, i'll put it in the low-prio bug category. we will eventually fix it someday or sooner if we get a pull request for it. (what is more annoying is the lack on UTF-8 support in the pdf... ) this needs a major rewrite with a different PDF generation engine. The numbering has been fixed and if you use non-ASCII characters in address labels we will not not display it (as it would look like gibberish). This will be part of the next release. |
Mycelium let's you hold your private keys private.
|
|
|
SherdonIke
Newbie
Offline
Activity: 66
Merit: 0
|
|
March 19, 2014, 10:45:14 AM |
|
Are you going to make a new version? if so when about
Excuse me, am I right it does work with Samsung ? I wonder cause my friend has samsung
|
|
|
|
|
|
RGBKey
|
|
March 19, 2014, 12:49:56 PM |
|
ETA on Mycelium with the new standard fee?
|
|
|
|
|
|
