pazor
Legendary
Offline
Activity: 966
Merit: 1000
|
|
February 15, 2012, 12:31:13 PM |
|
hello Jan,
can you please add to the app that the amount of bitcoins are shown in EUR also ? thank you
may be as an option ?
greetings pazor
|
treuhand-Dienst gewünscht? - frag per PM an BTC 174X17nR7vEQBQo4GXKRGMGaTmB49Gf1yT
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
February 15, 2012, 01:52:39 PM |
|
After updating to the latest version, when I start spinner it just sits there with a black screen and a bar that says BitcoinSpinner at the top. It will stay like this as long as I let it. When I hit the back arrow (HTC Evo) it will finally show the app.
There is a known initialization issue which kicks in when leaving the app running in the background on low end devices. I am traveling this week, but have a fix which i will submit once properly tested. Sorry for the inconvenience. This just happened on my Galaxy S2, so it's not limited to low end devices That said, I am running a modded ROM for ICS, so that's probably not helping I am not able to reproduce this myself. Help me fix it by answering the questions in this thread: https://bitcointalk.org/index.php?topic=53353.msg747989#msg747989
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
February 15, 2012, 01:58:20 PM |
|
hello Jan,
can you please add to the app that the amount of bitcoins are shown in EUR also ? thank you
may be as an option ?
greetings pazor
Hi pazor, It is on my list, but it may take some time before I get there. 1. Bug fixing 2. Address book 3. Transaction history improvements 4. EUR and other currencies 5. Relax and drink beer Cheers, Jan
|
Mycelium let's you hold your private keys private.
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
March 06, 2012, 05:10:05 AM |
|
BitcoinSpinner uses private app storage, which is wiped at uninstall. However, this also has the nice feature that other apps cannot get to it, which is paramount. Another nice thing is that BitcoinSpinner only needs network access privileges. This lets you know that it does not try to snag your address book or keys from other apps using SD card storage.
In the Linode security breach trust given to their proprietary infrastructure was violated and bitcoins were stolen. I'm wondering if there is a similar vulnerability with a mobile platform. I read in the Android how-to for publishing an app that only an app signed with your private release key will get pushed out as an update. What if, however, your system used for building was compromised and an attacker were to get your private release keys to build a rogue update (that stole bitcoin private keys). If that roge release were published to the marketplace nobody would likely notice a problem until after the attacker already would have a lot of private keys! If I were storing an amount of bitcoins worth worrying about, I might then want a way to disable the automatic update of this app. Is that possible? Also, might there be an announcement here for when you publish, maybe signed with your PGP key, which includes a signature for the release to be published to the Android Market? I know this sounds paranoid, but crazier things have happened before, right?
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 06, 2012, 10:10:28 AM |
|
BitcoinSpinner uses private app storage, which is wiped at uninstall. However, this also has the nice feature that other apps cannot get to it, which is paramount. Another nice thing is that BitcoinSpinner only needs network access privileges. This lets you know that it does not try to snag your address book or keys from other apps using SD card storage.
In the Linode security breach trust given to their proprietary infrastructure was violated and bitcoins were stolen. I'm wondering if there is a similar vulnerability with a mobile platform. I read in the Android how-to for publishing an app that only an app signed with your private release key will get pushed out as an update. What if, however, your system used for building was compromised and an attacker were to get your private release keys to build a rogue update (that stole bitcoin private keys). If that roge release were published to the marketplace nobody would likely notice a problem until after the attacker already would have a lot of private keys! If I were storing an amount of bitcoins worth worrying about, I might then want a way to disable the automatic update of this app. Is that possible? Also, might there be an announcement here for when you publish, maybe signed with your PGP key, which includes a signature for the release to be published to the Android Market? I know this sounds paranoid, but crazier things have happened before, right? These are all valid concerns. Hacking bitcoin related services has turned out to be quite profitable. Android apps are not automatically updated by default. This is an option that you can enable on your device, but I recommend that you don't. Whenever I update BitcoinSpinner I announce it in this thread: https://bitcointalk.org/index.php?topic=53353.0However publishing a signature on the APK with a different key doesn't give you much, as you (as far as I know) cannot retrieve a hash of the application from the Android Market. If you are really paranoid you should download the sources and roll your own. This also allows you to review any changes that have been added since last release. (By the way, there is an update in the pipe which adds an address book and launching the send page from a Bitcoin URL)
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 07, 2012, 08:30:57 AM |
|
This is an excellent development! I tried it yesterday, sent some coins from my Schildbach wallet to spinner, sent coins from spinner to my friend's spinner, everything worked perfectly. It's clearly a work in progress though. There is no way to create a new Bitcoin address, no address book, no way to see sent and received transactions etc. But the core functionality is solid and the idea is excellent. It's very fast to use. Please keep developing it. I'd be happy to donate something to the developer if there is a donation address. ... The latest BitcoinSpinner update is announced here, and includes the address book feature that you requested. Transaction history has been there for a while. Did I mention the in-app donation option?
|
Mycelium let's you hold your private keys private.
|
|
|
phatsphere
|
|
March 07, 2012, 10:52:44 AM |
|
Did I mention the in-app donation option? I tested it a while ago, so you should have gotten some spare coins at least once
|
|
|
|
Nim
Member
Offline
Activity: 67
Merit: 10
|
|
March 08, 2012, 05:29:44 AM Last edit: March 08, 2012, 06:14:11 AM by Nim |
|
Looks great. I like it. Two connected suggestions though. First, make it easy for the user to empty their wallet. I always appreciate when I go to make a payment on something and it gives me a box to type in the number and instead of making me remember the amount, it allows me to click something that autofills it. I would suggest something similar here. Allow the user to press the balance to autofill in the amount to send. Second, I think it would be interesting if at any time the balance becomes zero, you give the user the ability to create a new wallet and forget the old one. I don't see a way of doing that right now.
Excellent job.
edit: sorry, I see now that you have a dev thread as well. On which thread would you prefer people offer feedback?
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
March 24, 2012, 09:31:15 PM |
|
I'm on android 2.1 here I guess (pretty old phone with low ram, don't think I can update)
What's keeping BitcoinSpinner from running? Android Market says "incompatible with your device"
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
fimp
|
|
March 24, 2012, 09:50:38 PM |
|
Two small inconsistencies: - When showing the BTC amount in the wallet, dot is used as the decimal sign. But when showing the amount in regular currencies, comma is used as decimal sign.
- When showing the BTC amount in the wallet, the currency is displayed after the amount. But when showing the amount in regular currencies, the currency is shown before the amount.
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 26, 2012, 09:34:41 AM |
|
Two small inconsistencies: - When showing the BTC amount in the wallet, dot is used as the decimal sign. But when showing the amount in regular currencies, comma is used as decimal sign.
- When showing the BTC amount in the wallet, the currency is displayed after the amount. But when showing the amount in regular currencies, the currency is shown before the amount.
Nice finds. For regular currencies BitcoinSpinner uses the decimal separator defined by the selected locale (US uses '.' DK uses ','). However for BTC '.' is always used. To clear confusion I have decided to use '.' everywhere in all locales. Both items will be fixed in the next update.
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 26, 2012, 09:58:05 AM |
|
I'm on android 2.1 here I guess (pretty old phone with low ram, don't think I can update)
What's keeping BitcoinSpinner from running? Android Market says "incompatible with your device"
I have only built/tested BitcoinSpinner on 2.2 devices. After a few modifications I can successfully build it against 2.1. 2.1 will be supported in the next update
|
Mycelium let's you hold your private keys private.
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
March 26, 2012, 10:48:35 AM |
|
edit: sorry, I see now that you have a dev thread as well. On which thread would you prefer people offer feedback?
Please post technical stuff and bugs on the dev thread and the rest here. Thanks, Jan
|
Mycelium let's you hold your private keys private.
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
March 26, 2012, 01:58:34 PM |
|
I'm on android 2.1 here I guess (pretty old phone with low ram, don't think I can update)
What's keeping BitcoinSpinner from running? Android Market says "incompatible with your device"
I have only built/tested BitcoinSpinner on 2.2 devices. After a few modifications I can successfully build it against 2.1. 2.1 will be supported in the next update wooooo! you're the best!
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
May 26, 2012, 08:48:14 AM |
|
intersting! thanks for pointer.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
May 26, 2012, 02:09:46 PM |
|
This is an interesting piece of hardware for authentication purposes, however this is all it does. (You cannot offload your Bitcoin private key onto it). You can use it for generating one time passwords if you for instance want to authenticate yourself with some service instead of (or in combination with) using a password. This would be a great thing for Bitcoin banks such as Paytunia or MtGox. (MtGox already uses a yubi device). BitcoinSpinner is different. The server side does not have your private keys, and does not control any Bitcoins. It just serves as a custodian of the block chain. Your private keys ONLY leave your Android device if you choose to make a QR-code backup/export. If the server side of BitcoinSpinner was hacked, full breach, and left as a burning wreckage (you know, Bitcoinica style), then what would happen: - The hacker would find the block chain, a bunch of Bitcoin public keys + bookkeeping information in a database, and a server log (which does not contain your IP address). This is all useless stuff.
- I would be pissed, as I would have to spend time on getting the service up and running again. This would probably take a few days, as I would have to make sure how he got in etc.
- You as the user would safely walk away from the wreckage with all you BTC even if you did not export your private key before the hack. BitcoinSpinner allows you to launch the app with no server connection and do the export offline. Once you have exported you could import your private key into one of the other excellent Bitcoin services around.
|
Mycelium let's you hold your private keys private.
|
|
|
Technomage
Legendary
Offline
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
|
|
May 26, 2012, 03:16:15 PM |
|
The security of the server side isn't the problem here. Many (including me) would like more ways to secure the user side. Yubikey could be used to help with that. Server side security doesn't help if your phone is stolen, it's basically a race against time. If the thief knows about Bitcoin the game is already over. With a second authentication one could be fairly confident that the thief can't send those coins away.
I do agree that this takes away the convenience more than it's actually worth if you just carry small change in your mobile Bitcoin wallet. At least the option of extra security on the user side would help if I want to carry more than what I need for small transfers.
For me the most convenient way would be that it allows a total sent BTC amount during a 24 hour period without authentication. Then if I want to send more than that it would ask for authentication. This is probably a lot of work on the software side but it would be convenient when needed and secure when needed.
I don't actually know how this could be accomplished technically. It would require encrypting the private key for sure so the thief can't access the key once the phone is stolen.
|
Denarium closing sale discounts now up to 43%! Check out our products from here!
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
May 26, 2012, 03:47:45 PM |
|
This is an interesting piece of hardware for authentication purposes, however this is all it does. (You cannot offload your Bitcoin private key onto it). You can use it for generating one time passwords if you for instance want to authenticate yourself with some service instead of (or in combination with) using a password. This would be a great thing for Bitcoin banks such as Paytunia or MtGox. (MtGox already uses a yubi device). BitcoinSpinner is different. The server side does not have your private keys, and does not control any Bitcoins. It just serves as a custodian of the block chain. Your private keys ONLY leave your Android device if you choose to make a QR-code backup/export. If the server side of BitcoinSpinner was hacked, full breach, and left as a burning wreckage (you know, Bitcoinica style), then what would happen: - The hacker would find the block chain, a bunch of Bitcoin public keys + bookkeeping information in a database, and a server log (which does not contain your IP address). This is all useless stuff.
- I would be pissed, as I would have to spend time on getting the service up and running again. This would probably take a few days, as I would have to make sure how he got in etc.
- You as the user would safely walk away from the wreckage with all you BTC even if you did not export your private key before the hack. BitcoinSpinner allows you to launch the app with no server connection and do the export offline. Once you have exported you could import your private key into one of the other excellent Bitcoin services around.
Jan, but couldn't a hacker, once he has control of your server, upload your private key when you make a connection?
|
|
|
|
Jan (OP)
Legendary
Offline
Activity: 1043
Merit: 1002
|
|
May 26, 2012, 05:22:43 PM |
|
Jan,
but couldn't a hacker, once he has cntrol of your server, upload your private key when you make a connection?
No, and that is the beauty of it. The server is totally independent of the Android app. To make a release of the app two independent individuals need to take action. Miracle (a company in Denmark) needs to sign the binary with a key that I have no access to. Then i have to upload the signed app to the android market, which only I can do (right now we are actially on two different continents). Furthermore, the app is not updated automatically on your device, you as a user decide whether you want to update, and your device will refuse to update if the signature is not done with the Miracle key. When sending coins the app asks the server to stitch together an unsigned transaction. Once the app gets the transaction it validates the amount sent and the address of the receiver. Then it signs and returns the transaction, and the server propages it to the network.
|
Mycelium let's you hold your private keys private.
|
|
|
|