Bitcoin Forum
December 11, 2016, 02:02:10 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 »  All
  Print  
Author Topic: [ANN] BitcoinSpinner  (Read 42383 times)
pazor
Legendary
*
Offline Offline

Activity: 966



View Profile
February 15, 2012, 12:31:13 PM
 #141

hello Jan,

can you please add to the app that the amount of bitcoins are shown in EUR also ?
thank you

may be as an option ?

greetings
pazor

treuhand-Dienst gewünscht? - frag per PM an
BTC 174X17nR7vEQBQo4GXKRGMGaTmB49Gf1yT
1481464930
Hero Member
*
Offline Offline

Posts: 1481464930

View Profile Personal Message (Offline)

Ignore
1481464930
Reply with quote  #2

1481464930
Report to moderator
1481464930
Hero Member
*
Offline Offline

Posts: 1481464930

View Profile Personal Message (Offline)

Ignore
1481464930
Reply with quote  #2

1481464930
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481464930
Hero Member
*
Offline Offline

Posts: 1481464930

View Profile Personal Message (Offline)

Ignore
1481464930
Reply with quote  #2

1481464930
Report to moderator
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
February 15, 2012, 01:52:39 PM
 #142

After updating to the latest version, when I start spinner it just sits there with a black screen and a bar that says BitcoinSpinner at the top. It will stay like this as long as I let it. When I hit the back arrow (HTC Evo) it will finally show the app.
There is a known initialization issue which kicks in when leaving the app running in the background on low end devices. I am traveling this week, but have a fix which i will submit once properly tested. Sorry for the inconvenience.

This just happened on my Galaxy S2, so it's not limited to low end devices Wink  That said, I am running a modded ROM for ICS, so that's probably not helping Cheesy

I am not able to reproduce this myself. Help me fix it by answering the questions in this thread: https://bitcointalk.org/index.php?topic=53353.msg747989#msg747989

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
February 15, 2012, 01:58:20 PM
 #143

hello Jan,

can you please add to the app that the amount of bitcoins are shown in EUR also ?
thank you

may be as an option ?

greetings
pazor
Hi pazor,

It is on my list, but it may take some time before I get there.

1. Bug fixing
2. Address book
3. Transaction history improvements
4. EUR and other currencies
5. Relax and drink beer Grin

Cheers,
Jan

Mycelium let's you hold your private keys private.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
March 06, 2012, 05:10:05 AM
 #144

BitcoinSpinner uses private app storage, which is wiped at uninstall. However, this also has the nice feature that other apps cannot get to it, which is paramount. Another nice thing is that BitcoinSpinner only needs network access privileges. This lets you know that it does not try to snag your address book or keys from other apps using SD card storage.

In the Linode security breach trust given to their proprietary infrastructure was violated and bitcoins were stolen.

I'm wondering if there is a similar vulnerability with a mobile platform.  I read in the Android how-to for publishing an app that only an app signed with your private release key will get pushed out as an update.   What if, however, your system used for building was compromised and an attacker were to get your private release keys to build a rogue update (that stole bitcoin private keys).  If that roge release were published to the marketplace nobody would likely notice a problem until after the attacker already would have a lot of private keys!

If I were storing an amount of bitcoins worth worrying about, I might then want a way to disable the automatic update of this app.  Is that possible?

Also, might there be an announcement here for when you publish, maybe signed with your PGP key, which includes a signature for the release to be published to the Android Market?

I know this sounds paranoid, but crazier things have happened before, right?

Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
March 06, 2012, 10:10:28 AM
 #145

BitcoinSpinner uses private app storage, which is wiped at uninstall. However, this also has the nice feature that other apps cannot get to it, which is paramount. Another nice thing is that BitcoinSpinner only needs network access privileges. This lets you know that it does not try to snag your address book or keys from other apps using SD card storage.

In the Linode security breach trust given to their proprietary infrastructure was violated and bitcoins were stolen.

I'm wondering if there is a similar vulnerability with a mobile platform.  I read in the Android how-to for publishing an app that only an app signed with your private release key will get pushed out as an update.   What if, however, your system used for building was compromised and an attacker were to get your private release keys to build a rogue update (that stole bitcoin private keys).  If that roge release were published to the marketplace nobody would likely notice a problem until after the attacker already would have a lot of private keys!

If I were storing an amount of bitcoins worth worrying about, I might then want a way to disable the automatic update of this app.  Is that possible?

Also, might there be an announcement here for when you publish, maybe signed with your PGP key, which includes a signature for the release to be published to the Android Market?

I know this sounds paranoid, but crazier things have happened before, right?

These are all valid concerns. Hacking bitcoin related services has turned out to be quite profitable.

Android apps are not automatically updated by default. This is an option that you can enable on your device, but I recommend that you don't.

Whenever I update BitcoinSpinner I announce it in this thread: https://bitcointalk.org/index.php?topic=53353.0
However publishing a signature on the APK with a different key doesn't give you much, as you (as far as I know) cannot retrieve a hash of the application from the Android Market. If you are really paranoid you should download the sources and roll your own. This also allows you to review any changes that have been added since last release.

(By the way, there is an update in the pipe which adds an address book and launching the send page from a Bitcoin URL)


Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
March 07, 2012, 08:30:57 AM
 #146

This is an excellent development! I tried it yesterday, sent some coins from my Schildbach wallet to spinner, sent coins from spinner to my friend's spinner, everything worked perfectly.

It's clearly a work in progress though. There is no way to create a new Bitcoin address, no address book, no way to see sent and received transactions etc. But the core functionality is solid and the idea is excellent. It's very fast to use. Please keep developing it. I'd be happy to donate something to the developer if there is a donation address. Wink
...

The latest BitcoinSpinner update is announced here, and includes the address book feature that you requested. Transaction history has been there for a while. Did I mention the in-app donation option?  Wink

Mycelium let's you hold your private keys private.
phatsphere
Hero Member
*****
Offline Offline

Activity: 739


View Profile
March 07, 2012, 10:52:44 AM
 #147

Did I mention the in-app donation option?  Wink
I tested it a while ago, so you should have gotten some spare coins at least once  Kiss
Nim
Member
**
Offline Offline

Activity: 67


View Profile
March 08, 2012, 05:29:44 AM
 #148

Looks great. I like it. Two connected suggestions though. First, make it easy for the user to empty their wallet. I always appreciate when I go to make a payment on something and it gives me a box to type in the number and instead of making me remember the amount, it allows me to click something that autofills it. I would suggest something similar here. Allow the user to press the balance to autofill in the amount to send. Second, I think it would be interesting if at any time the balance becomes zero, you give the user the ability to create a new wallet and forget the old one. I don't see a way of doing that right now.

Excellent job.

edit: sorry, I see now that you have a dev thread as well. On which thread would you prefer people offer feedback?
molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
March 24, 2012, 09:31:15 PM
 #149

I'm on android 2.1 here I guess (pretty old phone with low ram, don't think I can update)

What's keeping BitcoinSpinner from running? Android Market says "incompatible with your device"

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
fimp
Sr. Member
****
Offline Offline

Activity: 303



View Profile WWW
March 24, 2012, 09:50:38 PM
 #150

Two small inconsistencies:

  • When showing the BTC amount in the wallet, dot is used as the decimal sign. But when showing the amount in regular currencies, comma is used as decimal sign.
  • When showing the BTC amount in the wallet, the currency is displayed after the amount. But when showing the amount in regular currencies, the currency is shown before the amount.

Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
March 26, 2012, 09:34:41 AM
 #151

Two small inconsistencies:

  • When showing the BTC amount in the wallet, dot is used as the decimal sign. But when showing the amount in regular currencies, comma is used as decimal sign.
  • When showing the BTC amount in the wallet, the currency is displayed after the amount. But when showing the amount in regular currencies, the currency is shown before the amount.

Nice finds. For regular currencies BitcoinSpinner uses the decimal separator defined by the selected locale (US uses '.' DK uses ','). However for BTC '.' is always used. To clear confusion I have decided to use '.' everywhere in all locales.

Both items will be fixed in the next update.

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
March 26, 2012, 09:58:05 AM
 #152

I'm on android 2.1 here I guess (pretty old phone with low ram, don't think I can update)

What's keeping BitcoinSpinner from running? Android Market says "incompatible with your device"

I have only built/tested BitcoinSpinner on 2.2 devices. After a few modifications I can successfully build it against 2.1.
2.1 will be supported in the next update  Smiley

Mycelium let's you hold your private keys private.
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
March 26, 2012, 10:48:35 AM
 #153

edit: sorry, I see now that you have a dev thread as well. On which thread would you prefer people offer feedback?
Please post technical stuff and bugs on the dev thread and the rest here.
Thanks, Jan

Mycelium let's you hold your private keys private.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
March 26, 2012, 01:58:34 PM
 #154

I'm on android 2.1 here I guess (pretty old phone with low ram, don't think I can update)

What's keeping BitcoinSpinner from running? Android Market says "incompatible with your device"

I have only built/tested BitcoinSpinner on 2.2 devices. After a few modifications I can successfully build it against 2.1.
2.1 will be supported in the next update  Smiley

wooooo! you're the best!

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
cande
Member
**
Offline Offline

Activity: 108


https://bt.cx


View Profile WWW
May 22, 2012, 09:40:21 AM
 #155

Hi there,

I'm on android 4.0.x with NFC, would this be useful as an payment security device for Bitcoin Spinner?

https://store.yubico.com/store/catalog/product_info.php?products_id=72

BTCX "more Private than Swiss banking"
https://bt.cx
molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
May 26, 2012, 08:48:14 AM
 #156

Hi there,

I'm on android 4.0.x with NFC, would this be useful as an payment security device for Bitcoin Spinner?

https://store.yubico.com/store/catalog/product_info.php?products_id=72

intersting! thanks for pointer.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
May 26, 2012, 02:09:46 PM
 #157

Hi there,

I'm on android 4.0.x with NFC, would this be useful as an payment security device for Bitcoin Spinner?

https://store.yubico.com/store/catalog/product_info.php?products_id=72

This is an interesting piece of hardware for authentication purposes, however this is all it does. (You cannot offload your Bitcoin private key onto it). You can use it for generating one time passwords if you for instance want to authenticate yourself with some service instead of (or in combination with) using a password. This would be a great thing for Bitcoin banks such as Paytunia or MtGox.  (MtGox already uses a yubi device).

BitcoinSpinner is different. The server side does not have your private keys, and does not control any Bitcoins. It just serves as a custodian of the block chain. Your private keys ONLY leave your Android device if you choose to make a QR-code backup/export.

If the server side of BitcoinSpinner was hacked, full breach, and left as a burning wreckage (you know, Bitcoinica style), then what would happen:
  • The hacker would find the block chain, a bunch of Bitcoin public keys + bookkeeping information in a database, and a server log (which does not contain your IP address). This is all useless stuff.
  • I would be pissed, as I would have to spend time on getting the service up and running again. This would probably take a few days, as I would have to make sure how he got in etc.
  • You as the user would safely walk away from the wreckage with all you BTC even if you did not export your private key before the hack. BitcoinSpinner allows you to launch the app with no server connection and do the export offline. Once you have exported you could import your private key into one of the other excellent Bitcoin services around.


Mycelium let's you hold your private keys private.
Technomage
Legendary
*
Offline Offline

Activity: 1624


Affordable Physical Bitcoins - Denarium.com


View Profile WWW
May 26, 2012, 03:16:15 PM
 #158

The security of the server side isn't the problem here. Many (including me) would like more ways to secure the user side. Yubikey could be used to help with that. Server side security doesn't help if your phone is stolen, it's basically a race against time. If the thief knows about Bitcoin the game is already over. With a second authentication one could be fairly confident that the thief can't send those coins away.

I do agree that this takes away the convenience more than it's actually worth if you just carry small change in your mobile Bitcoin wallet. At least the option of extra security on the user side would help if I want to carry more than what I need for small transfers.

For me the most convenient way would be that it allows a total sent BTC amount during a 24 hour period without authentication. Then if I want to send more than that it would ask for authentication. This is probably a lot of work on the software side but it would be convenient when needed and secure when needed.

I don't actually know how this could be accomplished technically. It would require encrypting the private key for sure so the thief can't access the key once the phone is stolen.

Denarium - Leading Physical Bitcoin Manufacturer - Special Xmas deals now live!
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 26, 2012, 03:47:45 PM
 #159

Hi there,

I'm on android 4.0.x with NFC, would this be useful as an payment security device for Bitcoin Spinner?

https://store.yubico.com/store/catalog/product_info.php?products_id=72

This is an interesting piece of hardware for authentication purposes, however this is all it does. (You cannot offload your Bitcoin private key onto it). You can use it for generating one time passwords if you for instance want to authenticate yourself with some service instead of (or in combination with) using a password. This would be a great thing for Bitcoin banks such as Paytunia or MtGox.  (MtGox already uses a yubi device).

BitcoinSpinner is different. The server side does not have your private keys, and does not control any Bitcoins. It just serves as a custodian of the block chain. Your private keys ONLY leave your Android device if you choose to make a QR-code backup/export.

If the server side of BitcoinSpinner was hacked, full breach, and left as a burning wreckage (you know, Bitcoinica style), then what would happen:
  • The hacker would find the block chain, a bunch of Bitcoin public keys + bookkeeping information in a database, and a server log (which does not contain your IP address). This is all useless stuff.
  • I would be pissed, as I would have to spend time on getting the service up and running again. This would probably take a few days, as I would have to make sure how he got in etc.
  • You as the user would safely walk away from the wreckage with all you BTC even if you did not export your private key before the hack. BitcoinSpinner allows you to launch the app with no server connection and do the export offline. Once you have exported you could import your private key into one of the other excellent Bitcoin services around.



Jan,

but couldn't a hacker, once he has control of your server, upload your private key when you make a connection?
Jan
Legendary
*
Offline Offline

Activity: 1042



View Profile
May 26, 2012, 05:22:43 PM
 #160


Jan,

but couldn't a hacker, once he has cntrol of your server, upload your private key when you make a connection?

No, and that is the beauty of it.
The server is totally independent of the Android app. To make a release of the app two independent individuals need to take action. Miracle (a company in Denmark) needs to sign the binary with a key that I have no access to. Then i have to upload the signed app to the android market, which only I can do (right now we are actially on two different continents). Furthermore, the app is not updated automatically on your device, you as a user decide whether you want to update, and your device will refuse to update if the signature is not done with the Miracle key.

When sending coins the app asks the server to stitch together an unsigned transaction. Once the app gets the transaction it validates the amount sent and the address of the receiver. Then it signs and returns the transaction, and the server propages it to the network.

Mycelium let's you hold your private keys private.
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!