casascius (OP)
Mike Caldwell
VIP
Legendary
 Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
 |
February 23, 2011, 07:34:49 AM
Last edit: February 23, 2011, 08:05:35 AM by casascius |
|
Today, I was corresponding with the operator of a fairly well known web site of a US nonprofit org, I wrote suggesting the idea that accepting Bitcoin may be a good avenue for donation income. This web site in particular deals with a political controversy and is one where people would have a reason to donate anonymously and where accepting Bitcoin would likely be fruitful for them.
One thing he said to me, which I think has a lot of merit, is this:
"I am surprised that there's no answer or question for "how to sell bitcoins" on their FAQ."
I think how to withdraw BTC into fiat currency certainly counts as a legitimate frequently asked question, especially for real world organization that, perhaps unlike many of us, aren't planning on holding on to BTC long term. Perhaps it should be updated. This is a very legitimate first question to ask.
Second, I was asked about why the charts at bitcoincharts.com look all over the place. One sore thumb that should really be cleaned up is there is one chart whose last update says January 22 and whose graph says "No Data". This should really be removed. Given that it has a very stale quote (but the staleness isn't in the same obvious font size as the stale data itself), it leads one to question and be confused as to why there should be two so drastically different USD values for Bitcoin. This, too, is a legitimate "first question" for a newcomer: what is a bitcoin worth to me in $$$?
Third, I notice myself that the front page of Bitcoin.org reports the total block count as 97000. This too, is pretty stale. This wouldn't be so bad, other than the software doesn't give any useful indication that it is non-functional until the entire block chain is downloaded, and a new user isn't going to know how many blocks to expect, especially if it is taking half an hour or more to download. Non-geeks are likely to find this very frustrating and counter-intuitive.
Fourth, can I yell this out loud? THE SELF SIGNED SSL CERT ON BITCOIN.ORG is embarrassing (my own observation). Can someone please do a damn thing about it? I would, if I could. I am sure many of us would pitch in BTC if it cost money if a free solution like startssl was considered unacceptable. It is a huge irony that a crypto-based project that asks people to monetarily exercise faith in cryptography can't even get SSL configured right on its home page. Surely this might make some feel as uncomfortable as going under the knife for surgery from a surgeon who misspells "surgeon" on his own business card - and rightfully so. Can we really finally just fix this?
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
|
|
|
|
|
|
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
February 23, 2011, 09:02:51 AM |
|
It is a huge irony that a crypto-based project that asks people to monetarily exercise faith in cryptography can't even get SSL configured right on its home page. A self-signed certificate is not wrongly configured. But mainstream browsers do react in a way that tends to cause panic amongst mainstream users. If the browser just said "This certificate is self-signed. Your session is encrypted, but the certificate doesn't vouch for the identity of the website" that would be fine. Unfortunately, browsers don't work like that, so it probably is worth buying a commercial cert. I'm happy to contribute to the cost. |
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
February 23, 2011, 01:58:11 PM |
|
Unfortunately, browsers don't work like that, so it probably is worth buying a commercial cert. I'm happy to contribute to the cost.
A StartSSL free certificate appears to be good enough for the wiki at https://www.bitcoin.it, so how about for bitcoin.org? |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
dust
|
|
February 23, 2011, 07:46:52 PM |
|
An easy fix would be to redirect bitcoin.org to the wiki.
|
|
|
|
|
Binford 6100
|
|
February 26, 2011, 03:44:03 AM |
|
THE SELF SIGNED SSL CERT ON BITCOIN.ORG is embarrassing (my own observation).
...
It is a huge irony that a crypto-based project that asks people to monetarily exercise faith in cryptography can't even get SSL configured right on its home page. problem ^^ A StartSSL free certificate
solution ^^ |
You can't build a reputation on what you are going to do.
|
|
|
Vasiliev
Newbie
Offline
Activity: 55
Merit: 0
|
|
February 26, 2011, 06:21:20 AM |
|
A self-signed certificate is not wrongly configured.
But mainstream browsers do react in a way that tends to cause panic amongst mainstream users. If the browser just said "This certificate is self-signed. Your session is encrypted, but the certificate doesn't vouch for the identity of the website" that would be fine. The most commonly encountered HTTPS sites encountered by an average user will be login pages/financial websites. A self-signed certificate is what appears if somebody is running a MITM attack. MITM attacks will commonly be encountered on public networks. Treating it as a security issue is correct. If it just gave a small note that the identity is not confirmed, 95+% of users would ignore that, click through, and get their credential stolen. |
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
February 26, 2011, 06:38:41 AM |
|
So, who do we need to annoy in order for this to be considered important?
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5166
Merit: 12864
|
|
February 26, 2011, 06:53:09 AM |
|
How is anyone accidentally ending up on the HTTPS version, anyway? It's not the default.
Satoshi is the only one capable of getting a CA-signed cert, and he's unavailable.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
February 26, 2011, 10:19:42 AM |
|
One thing he said to me, which I think has a lot of merit, is this:
"I am surprised that there's no answer or question for "how to sell bitcoins" on their FAQ."
Fantastic suggestion. The Wiki now features: http://en.bitcoin.it/wiki/Selling_bitcoins |
|
|
|
|
Anonymous
Guest
|
|
February 26, 2011, 02:19:05 PM |
|
So, who do we need to annoy in order for this to be considered important?
Satoshi. |
|
|
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5166
Merit: 12864
|
|
February 26, 2011, 05:05:59 PM |
|
True. I guess Sirius can do it, then, if he can run SMTP on his server. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
MacRohard
|
|
February 26, 2011, 05:55:59 PM |
|
True. I guess Sirius can do it, then, if he can run SMTP on his server. A simple option might be to port forward port 25 to another mailserver. ssh -L0.0.0.0:25:smtp.somewhere.com:25 user@localhost saves setting up smtp on the vm just to receive one email. |
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
February 27, 2011, 03:50:09 AM |
|
How is anyone accidentally ending up on the HTTPS version, anyway? It's not the default.
Satoshi is the only one capable of getting a CA-signed cert, and he's unavailable.
A lot of people use HTTPS for everything they can. The EFF promotes it as a best practice, even up to the point of offering a Firefox extension that forces the browser to persistently use HTTPS everywhere it is possible. http://www.eff.org/https-everywhereOne thing pushing this trend is the recent publicity of rogue utilities such as Firesheep, which sniff networks for session cookies to websites and allow the sessions to be hijacked. Open wi-fi networks are especially vulnerable. Using HTTPS foils the attack, but must be done for the entire session for it to help. An SSL cert from StartSSL can be had simply by proving an ability to receive e-mail at an administrative address at the domain, obtaining the cert is a 100% automated process. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
February 27, 2011, 03:52:07 AM |
|
I hereby pledge 25 BTC toward the site's SSL certificate, if a paid certificate is deemed necessary.
once the certificate is installed, if someone can, um, hint to me who should receive it, I will gladly oblige.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
