Bitcoin Forum
December 10, 2016, 08:43:49 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Announcing BCCAPI  (Read 6829 times)
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
August 15, 2011, 11:39:07 AM
 #21

Congrats on the release! Great stuff!
1481402629
Hero Member
*
Offline Offline

Posts: 1481402629

View Profile Personal Message (Offline)

Ignore
1481402629
Reply with quote  #2

1481402629
Report to moderator
1481402629
Hero Member
*
Offline Offline

Posts: 1481402629

View Profile Personal Message (Offline)

Ignore
1481402629
Reply with quote  #2

1481402629
Report to moderator
1481402629
Hero Member
*
Offline Offline

Posts: 1481402629

View Profile Personal Message (Offline)

Ignore
1481402629
Reply with quote  #2

1481402629
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
lostdroid
Newbie
*
Offline Offline

Activity: 15


View Profile WWW
August 16, 2011, 08:49:54 PM
 #22

This thread seems to have gone a little quiet.  Are people interested in this service?  I've spent some time over the last few days working on an Android client.  Currently my app shows a page for generating a wallet from passphrase, salt and pin.  Once that's set up the app simply prompts the user for a pin.  When successfully connected the current balance and addresses are displayed.

I've wasted a bit of time last night and today with issues with the testnet but now I've managed to get some test bitcoins I want to work on sending bitcoins.  I really like the idea of BCC API but am a little concerned there isn't much interest. 

Cheers,

J

Keep me working hard at: 1NuvRn89P5tYmUTfcL5WSu5BwduqpmpkoH
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
August 16, 2011, 09:28:37 PM
 #23

now that i look at it, it seems to be trying to do too much.

its asking for salts and seeds and stuff, a normal person will not have a single idea of what that is and just forget it.

really in an ideal world, it would simply just respond to queries for amounts of coins associated with an address, and accept signed transactions to send into the network.

molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
August 16, 2011, 10:21:52 PM
 #24

This thread seems to have gone a little quiet.  Are people interested in this service?  I've spent some time over the last few days working on an Android client.  Currently my app shows a page for generating a wallet from passphrase, salt and pin.  Once that's set up the app simply prompts the user for a pin.  When successfully connected the current balance and addresses are displayed.

I've wasted a bit of time last night and today with issues with the testnet but now I've managed to get some test bitcoins I want to work on sending bitcoins.  I really like the idea of BCC API but am a little concerned there isn't much interest. 


I think there is a lot of interest for an app like that. Can you try to make it work on Android 2.1?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
ffe
Sr. Member
****
Offline Offline

Activity: 297



View Profile
August 17, 2011, 01:19:21 AM
 #25

This thread seems to have gone a little quiet.  Are people interested in this service?  I've spent some time over the last few days working on an Android client.  Currently my app shows a page for generating a wallet from passphrase, salt and pin.  Once that's set up the app simply prompts the user for a pin.  When successfully connected the current balance and addresses are displayed.

I've wasted a bit of time last night and today with issues with the testnet but now I've managed to get some test bitcoins I want to work on sending bitcoins.  I really like the idea of BCC API but am a little concerned there isn't much interest. 

Cheers,

J

There's a lot of interest. I'm busy testing the text client and thinking about recommendations to pass back to the author.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 17, 2011, 03:42:00 AM
 #26

This thread seems to have gone a little quiet.  Are people interested in this service?  I've spent some time over the last few days working on an Android client.  Currently my app shows a page for generating a wallet from passphrase, salt and pin.  Once that's set up the app simply prompts the user for a pin.  When successfully connected the current balance and addresses are displayed.

This is great! Can't wait to see in action!

I've wasted a bit of time last night and today with issues with the testnet but now I've managed to get some test bitcoins I want to work on sending bitcoins. 

Unfortunately the bitcoin testnet is not very reliable. We have had 44 hours without any new blocks until finally this one appeared: http://blockexplorer.com/testnet/block/00000000006473df1d4700f6c5d78d4bba1590ce92bf348c5b6c4e6c830356ad
Maybe it is time to reset the testnet?

I really like the idea of BCC API but am a little concerned there isn't much interest. 

Look at the feedback on this thread so far, I am pretty amazed. You shouldn't worry, it takes time to absorb stuff like this.

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 17, 2011, 04:10:06 AM
 #27

now that i look at it, it seems to be trying to do too much.

its asking for salts and seeds and stuff, a normal person will not have a single idea of what that is and just forget it.

really in an ideal world, it would simply just respond to queries for amounts of coins associated with an address, and accept signed transactions to send into the network.

Ideally there should be no passphrase, salt, and PIN or whatnot. Ideally there should be no hackers or bad guys in general.

There is a fine line between having a portable bitcoin wallet that is secure and one that a normal person would use. We need to find that sweet spot. I have written a wiki with an idea on how to get rid of the passphrase + salt without compromising security: http://code.google.com/p/bccapi/wiki/ManagingLongPassphrases

Mycelium let's you hold your private keys private.
Luke-Jr
Legendary
*
Offline Offline

Activity: 2100



View Profile
August 17, 2011, 06:23:08 PM
 #28

IMO, you should be contributing toward a standard for wallet communication rather than inventing yet another proprietary specific-usecase protocol.

molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
August 17, 2011, 06:40:59 PM
 #29

now that i look at it, it seems to be trying to do too much.

its asking for salts and seeds and stuff, a normal person will not have a single idea of what that is and just forget it.

really in an ideal world, it would simply just respond to queries for amounts of coins associated with an address, and accept signed transactions to send into the network.

you could call these 3 important things:

  • your email-address (the salt)
  • your PUK (the seed, STORE THIS SAFELY (both safe from theft and safe from loss)
  • your PIN (your PIN, not so bad if you forget it, device asks for PUK and takes 2 minutes time, then you can enter new one)

If you can manage your SIM-card, you should be able to manage this.


PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
August 18, 2011, 01:26:51 AM
 #30

Most SIM cards users i've seen had it unlocked at the store and never even acknowledge the existence of PINs and PUKs...

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
Tril
Full Member
***
Offline Offline

Activity: 212


View Profile
August 18, 2011, 01:37:03 AM
 #31


Unfortunately the bitcoin testnet is not very reliable. We have had 44 hours without any new blocks until finally this one appeared: http://blockexplorer.com/testnet/block/00000000006473df1d4700f6c5d78d4bba1590ce92bf348c5b6c4e6c830356ad
Maybe it is time to reset the testnet?

This is the reason why there's no one on testnet, because it can be reset.  Why not use namecoins, ixcoins, or i0coins?  You can buy a lot for a small amount of BTC and they won't disappear from a reset.
namecoin: https://exchange.bitparking.com/main
ixcoin: https://ixchange.bitparking.com/main
i0coin: https://i0exchange.bitparking.com/main

I don't see an exchange for testcoins, so maybe ixcoin isn't completely useless.
d'aniel
Sr. Member
****
Offline Offline

Activity: 461


View Profile
August 18, 2011, 05:02:28 AM
 #32

This is great!

I'm wondering how you plan to deal with requests from law enforcement for transaction history/identification?

Will you charge per request/is this part of your business model?

Not saying these are necessarily bad things, as it's pretty much the norm.

If it's not part of your business model, then do you have any plans, or know if it's possible to make your server unaware of transaction histories, and unable to map identities to transactions?

I'm not a developer, and have no idea how this would work, but PIR comes to mind.  Any thoughts on that?

Thanks for the great work!
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 18, 2011, 05:50:08 AM
 #33

This is great!

I'm wondering how you plan to deal with requests from law enforcement for transaction history/identification?
On the server side an account is:
  • a public key, identifying the account.
  • a bunch of public (wallet) keys for each account.

There is no user data, just public EC keys.
The transaction log is the block chain. Everybody has it.

Will you charge per request/is this part of your business model?

Not saying these are necessarily bad things, as it's pretty much the norm.

I am trying to run the service for free, paying bills on donations. However, going forward I may introduce that you can pay a small amount to get your account moved to a priority server with better response times and no limits on the number of account keys etc.

If it's not part of your business model, then do you have any plans, or know if it's possible to make your server unaware of transaction histories, and unable to map identities to transactions?

I'm not a developer, and have no idea how this would work, but PIR comes to mind.  Any thoughts on that?
Thanks for the great work!

What is PIR?
The server knows very little about the end user which is not already in the block chain. I have no ideas as to how I can further reduce it.


Mycelium let's you hold your private keys private.
d'aniel
Sr. Member
****
Offline Offline

Activity: 461


View Profile
August 18, 2011, 06:05:09 AM
 #34

This is great!

I'm wondering how you plan to deal with requests from law enforcement for transaction history/identification?
On the server side an account is:
  • a public key, identifying the account.
  • a bunch of public (wallet) keys for each account.

There is no user data, just public EC keys.
The transaction log is the block chain. Everybody has it.

Will you charge per request/is this part of your business model?

Not saying these are necessarily bad things, as it's pretty much the norm.

I am trying to run the service for free, paying bills on donations. However, going forward I may introduce that you can pay a small amount to get your account moved to a priority server with better response times and no limits on the number of account keys etc.

If it's not part of your business model, then do you have any plans, or know if it's possible to make your server unaware of transaction histories, and unable to map identities to transactions?

I'm not a developer, and have no idea how this would work, but PIR comes to mind.  Any thoughts on that?
Thanks for the great work!

What is PIR?
The server knows very little about the end user which is not already in the block chain. I have no ideas as to how I can further reduce it.


Thanks for your response.

My worry is if the server will know which public addresses are derived from one another, and thus be able to link them all to a single pseudonym or identity.  Or if they are all linked to a single account on the server.

"A private information retrieval (PIR) protocol allows a user to retrieve an item from a server in possession of a database without revealing which item they are retrieving."

Edit: here's the link http://en.wikipedia.org/wiki/Private_information_retrieval

Edit: Also worried if addresses can be linked by the server because their balances might be queried in batches, or by the same IP address.
nimnul
Sr. Member
****
Offline Offline

Activity: 255


View Profile WWW
August 18, 2011, 09:03:40 AM
 #35

You should document your protocol

Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 18, 2011, 09:05:11 AM
 #36


Thanks for your response.

My worry is that the server will know which public addresses are derived from one another, and thus be able to link them all to a single pseudonym or identity.  Or that they are all linked to a single account on the server.

"A private information retrieval (PIR) protocol allows a user to retrieve an item from a server in possession of a database without revealing which item they are retrieving."

Edit: here's the link http://en.wikipedia.org/wiki/Private_information_retrieval

Edit: Also worried that addresses can be linked by the server because their balances might be queried in batches, or just by the same IP address.

The server side is well aware about which wallet public keys are linked to what account public key. This allows the server side to:
  • accumulate the wallet balance and return a total.
  • grab transactoin outputs sent to different addresses and combine them into new transactions.

If you are worried about this you could use several accounts and one key in each. However, this would greatly increase the bandwidth usage of your device and a heavier load on the server. Furthermore you should somehow make your requests come from different IP addresses (Tor) and not make them come in a bundle.

While using PIR might be a solution, it also introduces a big communication overhead.

Both methods defeat the purpose of the BCCAPI, as it should be light-weight in terms of communication and battery life. In the end you would be better off downloading the entire block chain to the device.

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 18, 2011, 09:11:51 AM
 #37

You should document your protocol

The BCCAPI is open source: http://code.google.com/p/bccapi/
This wiki puts some of it into words: http://code.google.com/p/bccapi/wiki/WhatIsTheBCCAPI
The API that the server implements is a simple interface: http://code.google.com/p/bccapi/source/browse/trunk/src/com/bccapi/api/BitcoinClientAPI.java
The client side implementation of that API is here: http://code.google.com/p/bccapi/source/browse/trunk/src/com/bccapi/core/BitcoinClientApiImpl.java

Mycelium let's you hold your private keys private.
d'aniel
Sr. Member
****
Offline Offline

Activity: 461


View Profile
August 18, 2011, 09:56:09 AM
 #38

The server side is well aware about which wallet public keys are linked to what account public key. This allows the server side to:
  • accumulate the wallet balance and return a total.
  • grab transactoin outputs sent to different addresses and combine them into new transactions.

If you are worried about this you could use several accounts and one key in each. However, this would greatly increase the bandwidth usage of your device and a heavier load on the server. Furthermore you should somehow make your requests come from different IP addresses (Tor) and not make them come in a bundle.

While using PIR might be a solution, it also introduces a big communication overhead.

Both methods defeat the purpose of the BCCAPI, as it should be light-weight in terms of communication and battery life. In the end you would be better off downloading the entire block chain to the device.


Too bad it won't work here, PIR seems really neat.

Since the server will indeed be carrying data that'll surely be valuable for law enforcement then, I'm wondering what country you operate in, and what your policy will be for requests from law enforcement for user data?
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
August 18, 2011, 11:10:33 AM
 #39

Too bad it won't work here, PIR seems really neat.

Since the server will indeed be carrying data that'll surely be valuable for law enforcement then, I'm wondering what country you operate in, and what your policy will be for requests from law enforcement for user data?

The servers are running at Rackspace US. If there is a lawful request/warrant or whatever I will have to comply unless I want to go to jail. Unlike many services out there I am not hiding behind Tor and nicknames. IMO, if we want bitcoin to succeed we need to go beyond the cloak and dagger business.

Mycelium let's you hold your private keys private.
d'aniel
Sr. Member
****
Offline Offline

Activity: 461


View Profile
August 18, 2011, 11:31:28 AM
 #40

The servers are running at Rackspace US. If there is a lawful request/warrant or whatever I will have to comply unless I want to go to jail. Unlike many services out there I am not hiding behind Tor and nicknames.
Sounds good.  Just wanted make sure you plan to assert your users' legal rights.
Quote
IMO, if we want bitcoin to succeed we need to go beyond the cloak and dagger business.
Totally agree.

Thanks again!
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!