Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
November 25, 2012, 06:34:58 AM |
|
The spinner seems unable to communicate with the server at this moment. It hangs at startup, then "send bitcoins" and "transaction history" buttons are greyed out.
How often has the system been down in recent months? What is the uptime percentage?
I don't have a down-time percentage, but it has been low. There have however been two giltches the last two days. This should be fixed now.
|
Mycelium let's you hold your private keys private.
|
|
|
niko
|
|
November 25, 2012, 08:49:36 AM |
|
Great, it's back to normal!
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
December 12, 2012, 01:59:22 PM |
|
BitcoinSpinner v0.8.0b is out. You can download/upgrade it from the Google Android market (god know why, but they call it Google Play these days), or fetch it directly from the project site. The differences may seem subtle, but it is backed by 1 1/2 months of hard full time work where most of the time has been spent on the backend system. User visible changes: - Even faster: The next generation BCCAPI is simpler, has fewer lines og code, requires fewer server roundtrips during startup, while being as secure as before. - In addition to displaying "coins on the way to you" on the main screen it also displays how many coins you are currently sending. - Transaction history color coded to make it easier to distinguish receives and sends - Transaction history now displays the address you received coins from instead of displaying which address you received the coins with. - Better error messages when trying to spend your last coins while you cannot afford the miner fee. BitcoinSpinner is now backed by another version of the BCCAPI, which makes it much easier to manage multiple redundant servers as they no longer need to share anything but the block chain. I will maintain backwards compatibility with version 0.7.3b for about a month, leaving people time to upgrade, whereafter I'll scrap the old server. This allows me to manage multiple redundant copies of the new backend, which has been requested by several. Enjoy
|
Mycelium let's you hold your private keys private.
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
December 12, 2012, 02:09:49 PM |
|
Thanks Jan for your great work on my absolute favorite Android Bitcoin Wallet.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
December 31, 2012, 01:38:52 PM |
|
BitcoinSpinner v0.8.1b is out: - Fixed typo in German translation - Fixed a fee validation bug that occurs when sending a transaction with many small inputs. The effect has been observed to prevent you from sending your last funds when you have many small inputs. Thanks to Object 2212 for helping me test and debug it.
It might take an hour before you can update it from the Android Market.
Enjoy, and Happy New Year!
|
Mycelium let's you hold your private keys private.
|
|
|
phelix
Legendary
Offline
Activity: 1708
Merit: 1020
|
|
February 02, 2013, 05:31:15 PM |
|
Quick and easy question to save me some time trying..
Bitaddress.org can make an addy and a private key..
How would I go about making a wallet from bitaddress.org and importing it into spinner ?
obviously I have some ideas on this.. but would like to know the surefire way..
Thanks
Short answer:You can't. BitcoinSpinner's "wallet" isn't designed that way. The one key it gives is all you can have. Would like to see that, too. Maybe it is possible to swipe the coins from the scanned key.
|
|
|
|
phatsphere
|
|
February 11, 2013, 05:38:10 PM |
|
i've just sent some coins from one spinner to another one. tells me since hours that "couins on their way to you: ..." but that's it. does this also happen to others or is it just my setup/account here?
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
February 11, 2013, 06:59:59 PM |
|
i've just sent some coins from one spinner to another one. tells me since hours that "couins on their way to you: ..." but that's it. does this also happen to others or is it just my setup/account here?
Server running low on storage, working on a fix.
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
February 11, 2013, 07:13:13 PM |
|
i've just sent some coins from one spinner to another one. tells me since hours that "couins on their way to you: ..." but that's it. does this also happen to others or is it just my setup/account here?
Server running low on storage, working on a fix. Fixed.
|
Mycelium let's you hold your private keys private.
|
|
|
niko
|
|
February 11, 2013, 09:59:42 PM |
|
Jan, do you make available some compounded statistics? It would be nice to see the total number of wallets over time, or number of transactions per day.
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
February 12, 2013, 07:40:06 AM |
|
Jan, do you make available some compounded statistics? It would be nice to see the total number of wallets over time, or number of transactions per day.
With the earlier backend implementation I could get precise statistics as it only tracked the transaction inputs/outputs of known BitcoinSpinner wallets. The new implementation, which has been in production for some months now, does not track BitcoinSpinner wallets in particular. It tracks all bitcoin addresses in existence, and does not 'remember' which ones have been queried for unspent outputs, transaction history etc. This allows it to be stateless in the sense that the only information it has is what is readily available in the Bitcoin network, which will allow me to have multiple totally redundant copies. What I do know is how many active device installs there are according to Google Play. The current number is 2009 which is the number of devices where it was installed and not uninstalled. This number does not cover people who installed it from other sources.
|
Mycelium let's you hold your private keys private.
|
|
|
phatsphere
|
|
February 12, 2013, 10:22:17 AM |
|
Fixed.
great, thx. I can confirm that my 10+ btc show up as they should :-)
|
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
March 20, 2013, 03:44:21 AM |
|
TLDR: I want a dedicated secure Bitcoin Wallet with open source that I compiled myself.
The rest is kind of brain storming. I warned you: As Bitcoins become more valuable, I spend more time on how to get them secured. BS looks like an amount of code I can review. bccapi maybe not but I assume, others do that. Generally it would be cool to have some project that collects signatures from people that did actually review code as I'm pretty sure it would be rather easy to abuse the users trust.
Anyway, I just bought the cheapest tablet I could get to run it as a dedicated bitcoin wallet with is either Schildbach or Spinner. Plan was to not install anything remotely related to bitcoin except for a wallet I compiled myself.
Schildbach and BS have the private key plain text on the device which is kind of unsafe.
I know that protecting against some unspecific attacks of "free chargers" copying all files from my device are maybe not really the main threat but still I guess this should be taken care of.
I just got started digging into the code and wonder if there would be an "easy" way to lock it down some more. My idea was to stick with the n digit password but to actually use it (For non-devs: Now it is only an interface-gimmick preventing friends from silently toying around with your money but don't protect you from malicious USB chargers or a phone-thief moving your money within minutes). You could for example determine the speed of the device and hash x times the 6-digit password to generate a decryption key with x roughly taking 10s on the device. For this to be still fun, you should only use the priv key when sending bitcoins (like bitcoin-qt but delayed 10s for hashing). An attacker that somehow just got the encrypted priv key and the plain text "SHA256 applied 12,184,276 times" would take significantly longer to actually get hold of the bitcoins than now. Also allowing longer passwords would then make sense. (some "the average Joe's bot net is 15,000,000 times faster than your phone and would brute force your password in 17.3h. Never put more money into your wallet than bot nets cost to run for that amount of time" might be miss-leading as other attacks might be cheaper.)
Sure, such hashing would also allow to safely use shorter passwords in bitcoin-qt but there a longer password is not such a pain to enter … maybe?
Pro-Tip for Android rooters: On a rooted Android with "USB debugging on", Spinner's and Schildbach's wallets are open books to any PC you charge your phone at.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
March 20, 2013, 03:49:59 AM |
|
Ahhh! is this the right thread? Maybe lock and use only this?
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 20, 2013, 05:56:25 AM |
|
Thank you for your suggestions. You are absolutely right regarding the current PIN security. It is there to avoid someone from grabbing your phone and move your coins while you look the other way.
I have been thinking along the same lines regarding encrypting keys, and didn't do it for the following reasons: - Entering (secure) PIN/passwords on a smartphone is a real pain as it has to be long/complex - Doing "key-stretching" on a shorter/less complex PIN (for instance hash the PIN many many times) takes long time if you want it to be secure. Using a fixed time (say 10 seconds) is not equally secure on every device as they have different CPU power and all have to compete with for instance a fast desktop computer, or maybe even an Avalon
Instead I do something else. I have two paper backups: one for my savings, and one for my daily use.
Normally I only have the wallet for daily use on my phone. Whenever I need to recharge it I: 1) Restore the savings wallet on my phone (Click the options button->Settings-> Restore wallet and scan the QR-code for your savings wallet backup) 2) Send funds to my spending wallet (I have the address in the address book, so it is really easy) 3) Restore the spending wallet (Click the options button->Settings-> Restore wallet and scan the QR-code for your spending wallet backup) The entire process takes less than a minute
The important thing is that after step 3 the private key for the savings wallet gas been deleted from my device.
You can make this even more secure if you (as you suggest) use a dedicated device with nothing else installed.
|
Mycelium let's you hold your private keys private.
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
March 23, 2013, 02:59:10 AM |
|
Thank you for your suggestions. You are absolutely right regarding the current PIN security. It is there to avoid someone from grabbing your phone and move your coins while you look the other way.
I have been thinking along the same lines regarding encrypting keys, and didn't do it for the following reasons: - Entering (secure) PIN/passwords on a smartphone is a real pain as it has to be long/complex - Doing "key-stretching" on a shorter/less complex PIN (for instance hash the PIN many many times) takes long time if you want it to be secure. Using a fixed time (say 10 seconds) is not equally secure on every device as they have different CPU power and all have to compete with for instance a fast desktop computer, or maybe even an Avalon
Instead I do something else. I have two paper backups: one for my savings, and one for my daily use.
Normally I only have the wallet for daily use on my phone. Whenever I need to recharge it I: 1) Restore the savings wallet on my phone (Click the options button->Settings-> Restore wallet and scan the QR-code for your savings wallet backup) 2) Send funds to my spending wallet (I have the address in the address book, so it is really easy) 3) Restore the spending wallet (Click the options button->Settings-> Restore wallet and scan the QR-code for your spending wallet backup) The entire process takes less than a minute
The important thing is that after step 3 the private key for the savings wallet gas been deleted from my device.
You can make this even more secure if you (as you suggest) use a dedicated device with nothing else installed.
Thanx for the explanation. Now I only need some non public printer without hard drive to print some qr codes.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
Richy_T
Legendary
Offline
Activity: 2604
Merit: 2296
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
|
|
March 23, 2013, 03:15:12 AM |
|
Thanx for the explanation. Now I only need some non public printer without hard drive to print some qr codes.
I have one. Email them to me and I'll print them for you.
|
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
|
|
|
(A)social
|
|
March 25, 2013, 10:14:02 PM |
|
Why the testnet version isn't working? "server not responding"
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 26, 2013, 05:26:18 AM |
|
Why the testnet version isn't working? "server not responding"
The testnet server was used during initial development. It hasn't been running for a long time to reduce cost.
|
Mycelium let's you hold your private keys private.
|
|
|
(A)social
|
|
March 26, 2013, 09:16:23 AM |
|
Why the testnet version isn't working? "server not responding"
The testnet server was used during initial development. It hasn't been running for a long time to reduce cost. Ah, thanks. So I can uninstall the app, now.
|
|
|
|
|