GLBSE 2.0 open for testing

[Nefario]

Thanks! Hopefully no one sold because of it..  Actually that brings up a feature request..  Need a "shareholder of record date" function in GLBSE.  This is common practice in the "real" exchanges.

teek

Could you explain this a little more please.

[mila]

Thanks! Hopefully no one sold because of it..  Actually that brings up a feature request..  Need a "shareholder of record date" function in GLBSE.  This is common practice in the "real" exchanges.

teek

Could you explain this a little more please.

I'm not his spokesperson and reserve the right to be wrong but what I understood is a feature request that would enable to pay dividends to the list of shareholders "as of the date = date entered in the dividend payment form"

so if I pay dividends each Sunday 6 a.m. GMT but I slept a bit longer and missed my committed time, somebody may have sold the shares at 9 a.m. and me a few hours later (lunch time) wants to set things right and would like to pay to shareholders from 6 a.m. moment.

@teek is that right ^^ ?

[Nefario]

Thanks! Hopefully no one sold because of it..  Actually that brings up a feature request..  Need a "shareholder of record date" function in GLBSE.  This is common practice in the "real" exchanges.

teek

Could you explain this a little more please.

I'm not his spokesperson and reserve the right to be wrong but what I understood is a feature request that would enable to pay dividends to the list of shareholders "as of the date = date entered in the dividend payment form"

so if I pay dividends each Sunday 6 a.m. GMT but I slept a bit longer and missed my committed time, somebody may have sold the shares at 9 a.m. and me a few hours later (lunch time) wants to set things right and would like to pay to shareholders from 6 a.m. moment.

@teek is that right ^^ ?

Whoa, if this is correct then it's doable, but fairly difficult. Will take some time but I can add it to the list.

Nefario.

[teek]

Thanks! Hopefully no one sold because of it..  Actually that brings up a feature request..  Need a "shareholder of record date" function in GLBSE.  This is common practice in the "real" exchanges.

teek

Could you explain this a little more please.

I'm not his spokesperson and reserve the right to be wrong but what I understood is a feature request that would enable to pay dividends to the list of shareholders "as of the date = date entered in the dividend payment form"

so if I pay dividends each Sunday 6 a.m. GMT but I slept a bit longer and missed my committed time, somebody may have sold the shares at 9 a.m. and me a few hours later (lunch time) wants to set things right and would like to pay to shareholders from 6 a.m. moment.

@teek is that right ^^ ?

Yep something like that.  Can be used for all kinds of things.. right now the record date ends up being exactly when the transaction happens as mila pointed out..  That works ok for now too, but say a company is paying out Q2 earnings in August or something like that, they want to pay the holders of record 06/30 etc..  many other reasons..  Record dates will be handy and probably necessary for certain issues, especially when the exchange grows..

[shad]

so i changed my account to 2.0
and now i forgot my password 

i miss the send me my passwort button 

[mila]

so i changed my account to 2.0
and now i forgot my password 

i miss the send me my passwort button 

tl;dr; send Nefario your claim code to verify yourself ; )

OP: well, this is one of the things that are important but not yet there (not urgent)
nefario fixed critical things first, then urgent & important
and things around resetting forgotten passwords via email are simply not yet in the top X todo things.

you won't miss any dividends and your account will wait for you ...
just send him a PM or email (email might be actually better, you know, kind of proof it's you)
disclaimer: i know sender can be spoofed but it's still better than a PM to nefario "hi, I forgot my password, please reply to my pm here with a new password for account registered with email doctor.nefario@gmail.xxx or email it to my backup email rookie.hax0r@tormail.net"

let it be a reminder for you to take better care of your passwords and just bear with nefario to get back to you.

@all how could be password reset protected from potential abuse (brute force guessing registered emails and demanding password resend?). I mean, ok, password reset would be automated, email sent to the claimed address would be addressed to the email address registered with an account but I'm shivering with worries how easy it could be fetched and abused.

In my perfect dream world I would have a public key associated with my account and all emails from glbse would arrive encrypted so that the next poor guy w/o password would have to be in possession of the private key as well ... and that's another thing that can be forgotten or lost.

as it is now, you'll be probably asked details about your account (which shares did you own, can you remember approx what your btc balance was and stuff like that, to support your claim).

[Nefario]

so i changed my account to 2.0
and now i forgot my password 

i miss the send me my passwort button 

We now have an account recovery option, beside the login form.

Keep in mind now that this means that if your email account is compromised, then so will your GLBSE account, and we will bear no responsibility for this.

Nefario.

[Stephen Gornick]

Keep in mind now that this means that if your email account is compromised, then so will your GLBSE account, and we will bear no responsibility for this.

Is a two-factor authentication method on the roadmap?

[rjk]

Keep in mind now that this means that if your email account is compromised, then so will your GLBSE account, and we will bear no responsibility for this.

Is a two-factor authentication method on the roadmap?

+1, I hope so. Yubikeys have a nice and fairly easy to use system going on. Or you can do other options like matrix cards.

[Nefario]

I've added captcha's to the login process.

Regarding two factor auth, this is tricky.

Actually it IS something I'd like to implement, however in it's current state it's quite pricey.

I think the only method I can think of would be to have an android app that sends a hash of the users phone number and pin to the server for a verification code or something like that. I need to look into it.

[antirack]

Not sure if this is still current, but look at this:

http://net.tutsplus.com/tutorials/php/integrating-two-factor-authentication-with-codeigniter/

Lucky for you, Duo Security offers a free two-factor service ideal for anybody looking to protect their website.

Not only is Duo free, but it’s full of features. They let you authenticate in a variety of ways, including:

    Phonecall authentication
    SMS-based tokens
    Mobile app token generator
    Push-based authentication
    Hardware tokens available for purchase

[rjk]

Yubikeys are not cheap for the end user, but they are free for you to implement. You can either use their free cloud based system, or issue your own keys tied to your own auth server. http://www.yubico.com/developers-intro

Google Authenticator is free on both ends. http://code.google.com/p/google-authenticator/

Other methods of OTP authentication are available, at varying difficulties of implementation.

[Nefario]

I'll look into adding one of these systems quite soon, keep in mind that GLBSE has never had any breakins so far (fingers crossed).

antirack, already had a look at DuoSecurity, the free system is limited to 10 users, then $3 a month per user

I might end up making my own as I've been looking to get started building for android for some time, and finally here would be a good reason.

Nefario.

[REF]

the vote buttons should go away after you vote on a motion. Right now I have a motion from tygrr-bank and every time I click on it I see buttons to vote yes and no when I click on them Im sent back to my portfolio page. Only the option you picked show stay and it should let you know you voted and not let you click anything.

[Nefario]

the vote buttons should go away after you vote on a motion. Right now I have a motion from tygrr-bank and every time I click on it I see buttons to vote yes and no when I click on them Im sent back to my portfolio page. Only the option you picked show stay and it should let you know you voted and not let you click anything.

You are allowed change your vote as much as you like right up until the vote closes. This is why it shows.

[Stephen Gornick]

Yubikeys are not cheap for the end user, but they are free for you to implement.

And if GLBSE were to implement it, someone with an existing Mt. Gox yubikey could use it as well, right?

That approach makes sense if two-factor is an option for the accountholder.   If I'm holding $20 USD worth of stocks I shouldn't be forced to buy a $30 dongle, but if I'm holding a significant amount I have the option to protect my account by requiring two factor auth.

I might end up making my own

Making your own mobile-based OTP token system?   Please tell me that wasn't what you meant to write.  Also please read on NIH:
 - http://en.wikipedia.org/wiki/Not_invented_here

[paraipan]

......

I might end up making my own

Making your own mobile-based OTP token system?   Please tell me that wasn't what you meant to write.  Also please read on NIH:
 - http://en.wikipedia.org/wiki/Not_invented_here

anyone using google authencator to do that 2 step auth ?

[Nefario]

Yubikeys are not cheap for the end user, but they are free for you to implement.

And if GLBSE were to implement it, someone with an existing Mt. Gox yubikey could use it as well, right?

That approach makes sense if two-factor is an option for the accountholder.   If I'm holding $20 USD worth of stocks I shouldn't be forced to buy a $30 dongle, but if I'm holding a significant amount I have the option to protect my account by requiring two factor auth.

I might end up making my own

Making your own mobile-based OTP token system?   Please tell me that wasn't what you meant to write.  Also please read on NIH:
 - http://en.wikipedia.org/wiki/Not_invented_here

Lol, said that because I didn't know what was available out there.

No I'm integrating Google Auth right now, it's exactly what I was looking for.

[rjk]

Yubikeys are not cheap for the end user, but they are free for you to implement.

And if GLBSE were to implement it, someone with an existing Mt. Gox yubikey could use it as well, right?

No, because Mtgox uses their own authentication server and custom programmed Yubikeys. It theoretically would be possible to liaise with Mtgox and use their auth server, but I doubt that they would allow it. Making it optional would of course be the best way to go.

[Nefario]

Yubikeys are not cheap for the end user, but they are free for you to implement.

And if GLBSE were to implement it, someone with an existing Mt. Gox yubikey could use it as well, right?

No, because Mtgox uses their own authentication server and custom programmed Yubikeys. It theoretically would be possible to liaise with Mtgox and use their auth server, but I doubt that they would allow it. Making it optional would of course be the best way to go.

No Yubikey, I refuse to buy one just to even get started developing, and then make people buy one, there is absolutely no point when a free option is available.

I've already got google auth 1/2 working, a few more hours and it will be done.