BitcoinSpinner

[giszmo]

Nooo!!! Please don't! The privacy implications of having control not to mix keys when sending is quite valuable. Sure, getting the change back to the same key is a privacy drawback but please think up something that solves both issues.

please bring forth your suggestions on how to solve this.

I would if it was easy. Just wanted to raise voice to what we loose by changing the behavior.

On bitcoinqt I generate a new address for each incoming transaction and label them accordingly, so I have "[from eric for his $x pizza] received yɃ from [eric]". This way I kind of label the transaction. Handling with only few addresses, I would want to label the transactions, too, so the current design is far from perfect for me.

Maybe some "Insufficient funds in the currently selected address. [add random addresses[check to make default]] [add specific addresses [check to make default]]
"Problem" is the sender would think to be sending from his Giszmo address but as Giszmo is at 0Ƀ, Giszmo would not show up at all in the resulting transaction.

It's really tricky You don't have "Balance 2Ƀ (total: 5Ƀ)" but "Balance 2Ƀ (total: 5Ƀ, spendable: 1Ƀ)" with "Balance [current address]Ƀ (total: [all addresses]Ƀ, spendable: [addresses with private key ready]Ƀ)"

Oh, and this will be funny, if users keep their private keys off the device all of the time and for some transactions have to show to the device 5 addresses for the signing process.

Also I want a swipe all functionality to consolidate all keys into one, leaving exactly zero in all the addresses paying minimum fees.

regarding the new akp attack: obviously it is neccessary to patch it. BUT
the way i see it currently the following can happen:

user downloads an apk. any MITM could now alter the apk. with "regular" apps this is also not a problem, except if they use other exploits.

it is a problem if the user downloads a "system" apk and installs it. for example an update to HTC sense. if an attacker now manages to modify the apk before it is installed - for example via malware on the server, a router or an intermediary PC - he can execute whatever code he likes with the access privileges of the original app.

i still don't know why play store is unaffected - it is kind of hard to MITM play store downloads and additionally the play store installer might do some more checksum checking.

An admin in the play store is the worst case I could think of, and on the long run I guess it's very likely to have all such wallets get wiped out in some incident. The reward is just too huge to not do it. (Ok, so far all huge hacks went without spending their coins but with ZeroCoin they become spendable again and I'm sure some day we will have that.)

[1714065950]

1714065950

[1714065950]

1714065950

[1714065950]

1714065950

[apetersson]

An admin in the play store is the worst case I could think of, and on the long run I guess it's very likely to have all such wallets get wiped out in some incident. The reward is just too huge to not do it.

For now, the best you can do is have your keys on a paper wallet. We will further improve usability when spending from paper wallets.

I think you will see more product offerings from Mycelium in the future that eliminate even these threats.

[giszmo]

An admin in the play store is the worst case I could think of, and on the long run I guess it's very likely to have all such wallets get wiped out in some incident. The reward is just too huge to not do it.

For now, the best you can do is have your keys on a paper wallet. We will further improve usability when spending from paper wallets.

Well, the second best is to compile mycelium on my own box, so it doesn't get updated itself. An admin taking a different app to attack would need to infect many more phones.

I think you will see more product offerings from Mycelium in the future that eliminate even these threats.

I'm eagerly waiting for the bitcoincard to come real and count me in to buy one if the conditions are ok (security without third party risk but with backup?, price below $40, usability, etc). To big surprise a friend told me it already is!?!? He told me he saw a map of many of these cards being active in some area!?!? I couldn't find such a map.

[hgmichna]

I'm eagerly waiting for the bitcoincard to come real and count me in to buy one if the conditions are ok (security without third party risk but with backup?, price below $40, usability, etc). To big surprise a friend told me it already is!?!? …

Be very careful. Fraudsters could offer such a card on a shiny web page, knowing full well how much many people are longing for one.

[Jan]

I'm eagerly waiting for the bitcoincard to come real and count me in to buy one if the conditions are ok (security without third party risk but with backup?, price below $40, usability, etc). To big surprise a friend told me it already is!?!? …

Be very careful. Fraudsters could offer such a card on a shiny web page, knowing full well how much many people are longing for one.

Andreas and I are part of the team developing bitcoincard. Prototype hw was shown at the San Jose conference, but there are no devices in circulation. Here is the official page: http://bitcoincard.org/
Content is partially outdated, but will be updated once we are ready.

[hgmichna]

Be very careful. Fraudsters could offer such a card on a shiny web page, knowing full well how much many people are longing for one.

Andreas and I are part of the team developing bitcoincard. Prototype hw was shown at the San Jose conference, but there are no devices in circulation. Here is the official page: http://bitcoincard.org/
Content is partially outdated, but will be updated once we are ready.

Ah, I thought you were talking about a bitcoin-based credit or debit card. Now I know what you mean.

Yes, a hardware wallet is a very interesting development. I hope that would finally be a safer way to handle bitcoins, not to mention possible additional functions.

[phelix]

I guess mycelium wallet is a commercial project?

[molecular]

Jan, for a vacation week, you're posting quite a lot

Woops... Guilty. I am not coding, posting is different 

yes, it's easier and less rewarding.

[giszmo]

I guess mycelium wallet is a commercial project?

I guess so, too but the client is open source with an easy-ish API, so you could make some server fit to it. The client does not connect to standard nodes yet and the mycelium people don't intend to implement such a part.

[Jan]

I guess mycelium wallet is a commercial project?

Yes. However, the wallet is free and the sources available. We are also working on the Mycelium Payment System, which allows physical shops to:
 - Sell products/services for BTC
 - Sell BTC back to customers
 - Buy BTC from customers
All in all things that let your local Bitcoin economy flourish.
The Mycelium Payment System was demoed at the San Jose conference but is not fully developed yet.
We develop the wallet because we believe that better mobile wallets are needed, and we are going to integrate the wallet with our payment system (locate shops, view invoices in transaction history, etc), while letting it be the greatest mobile Bitcoin wallet on the planet.

The Mycelium Bitcoin Wallet and Mycelium Payment System are not ready for primetime yet, but we are constantly getting closer.
If you are looking for candidates for Commercial Product of the Month I think it would be better if we get nominated in one or two months.

[giszmo]

How do you want to approach shops? Would you need a representative in Chile?

[phelix]

I guess mycelium wallet is a commercial project?

Yes. However, the wallet is free and the sources available. We are also working on the Mycelium Payment System, which allows physical shops to:
 - Sell products/services for BTC
 - Sell BTC back to customers
 - Buy BTC from customers
All in all things that let your local Bitcoin economy flourish.
The Mycelium Payment System was demoed at the San Jose conference but is not fully developed yet.
We develop the wallet because we believe that better mobile wallets are needed, and we are going to integrate the wallet with our payment system (locate shops, view invoices in transaction history, etc), while letting it be the greatest mobile Bitcoin wallet on the planet.

The Mycelium Bitcoin Wallet and Mycelium Payment System are not ready for primetime yet, but we are constantly getting closer.
If you are looking for candidates for Commercial Product of the Month I think it would be better if we get nominated in one or two months.

Thanks for the info. Good idea to make every shop an exchange.

[giszmo]

I guess mycelium wallet is a commercial project?

Yes. However, the wallet is free and the sources available. We are also working on the Mycelium Payment System, which allows physical shops to:
 - Sell products/services for BTC
 - Sell BTC back to customers
 - Buy BTC from customers
All in all things that let your local Bitcoin economy flourish.
The Mycelium Payment System was demoed at the San Jose conference but is not fully developed yet.
We develop the wallet because we believe that better mobile wallets are needed, and we are going to integrate the wallet with our payment system (locate shops, view invoices in transaction history, etc), while letting it be the greatest mobile Bitcoin wallet on the planet.

The Mycelium Bitcoin Wallet and Mycelium Payment System are not ready for primetime yet, but we are constantly getting closer.
If you are looking for candidates for Commercial Product of the Month I think it would be better if we get nominated in one or two months.

Thanks for the info. Good idea to make every shop an exchange.

Isn't it funny to see every day how a security company comes to the supermarkets to pick up the collected cash from the supermarket, guarded with guns and armored vehicles that don't stop the engine outside, while an hour later another security company comes by doing the same security circus to fill the ATMs? Replace fiat with bitcoin and they all loose their jobs.

[hgmichna]

Isn't it funny to see every day how a security company comes to the supermarkets to pick up the collected cash from the supermarket, guarded with guns and armored vehicles that don't stop the engine outside, while an hour later another security company comes by doing the same security circus to fill the ATMs? Replace fiat with bitcoin and they all loose their jobs.

Very true, but I would formulate it more positively, like:

Replace fiat with bitcoin, and they can all do something more useful, like creating value, rather than merely protecting it.

[apetersson]

we released a new version with some improvements:

apart from bugfixes i changed the build system to gradle. this should make it trivial to build it from source if you have java +android SDKs installed. (i think you need android v17 and v8 support installed)
see github project https://github.com/mycelium-com/wallet

git clone git@github.com:mycelium-com/wallet.git
./gradlew build

gradle then downloads the whole internet - if everything is configured correctly you should have your  build from source and the (unsigned, non-proguard) apk
please not you cannot keep both the play store + your own version installed on the same device because of the signing keys.

if you are simply interested in the latest versions you can become a beta tester to recieve updates earlier:

to be eligible for testing you need to join the g+ group at
https://plus.google.com/communities/102264813364583686576

you can then activate beta builds at
https://play.google.com/apps/testing/com.mycelium.wallet




v0.5.6
Fixed bug that occurs when trying to create an Address from a null string
Adding scrollbar to Enter PIN Dialog
Now correctly updating Clear PIN setting menu item when PIN has just been set or cleared
Address book now has a '+' button that allows you to add an address from clipboard or by scanning an address.
Allowing to import BitcoinSpinner backup from clipboard
Added Keys & Addresses + Transaction History
more consistent font styles

v0.5.5
App name is now Mycelium Wallet instead of Barcode Scanner
removed png  and kept only jpg export ability since most printers do not support it

v0.5.4
Fixed an issue that made the app appear sluggish in most views (you will notice that one)
Added add-to-address-book button on send summary
Displaying name of receiver in send summary if the receiving address is in the address book
Made back-button in Keys & Addresses take you to balance view instead of quitting
Properly centering of "Show to Sender" text when receiving coins
Displaying a warning if you request to receive coins to an address which is not associated with a private key

[molecular]

Displaying a warning if you request to receive coins to an address which is not associated with a private key

thank you!!!

[vitalemontea]

Any way I can recover my Spinner wallet if I deleted app data earlier?

[apetersson]

i think it would make sense to not allow deletion of private keys when it is sure that it has never been exported (freshly generated, never exported in any way)

[vitalemontea]

i think it would make sense to not allow deletion of private keys when it is sure that it has never been exported (freshly generated, never exported in any way)

So is there such thing in Bitcoin Spinner?

[giszmo]

i think it would make sense to not allow deletion of private keys when it is sure that it has never been exported (freshly generated, never exported in any way)

If the key has coins in it, I guess the corner cases of people having access to the key without the app knowing about it, are rare enough to insist in exporting the key. On the other hand I would make a screen with red font letting the user confirm twice that he has a backup, even if the app thinks he can't.

Are you sure you want to delete key 1xcvz... with 1034.2234Ƀ?
[Export key first]
[Cancel]

[Delete! I want to loose these 1034.2234Ƀ] -> [Really really delete it now!]


(I hate installing Linux to hard drives I just bought. In the one screen they ask you, which disk to install to: Samsung 250GB, Hitatchi 80GB. You know you just bought this neat little SSD of 250GB and click A. 3 Screens later it asks you "Are you sure you want to completely erase hd0,0. This can not be undone." Every single time in this screen I want to click "back" to check if I picked the right disc cause there is no "Samsung" and no "250GB" which was what I based my choice on before. Many products have these silly security screens where a modal window that covers your selection asks you, if you want to delete the selected item. Please be explicit when you have security questions. Thanx. )