Bitcoin Forum
November 13, 2024, 06:26:51 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: [ANN] Instawallet will we down for a few hours  (Read 2553 times)
davout (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
April 25, 2012, 11:31:45 AM
 #1

Hello all !

Instawallet will be down for a few hours for maintenance operations.
It will come back much more responsive and fast than in its current version.

Thank you all for your patience !

giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
April 25, 2012, 09:00:36 PM
 #2

buying time while running with our money, huh?

Wink just kidding

Serious question: What will you do with all the dead accounts? How many BTC are lingering around without the url having had a hit in more than 6 months? I couldn't find anything like TOS on that when I last checked but would put some expiration date even if it was 5 years. Or do you rely on any implicit regulations that would make my accounts unavailable after a certain time?

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
davout (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
April 25, 2012, 09:31:28 PM
 #3

buying time while running with our money, huh?
can't hear you i'm running!

Serious question: What will you do with all the dead accounts? How many BTC are lingering around without the url having had a hit in more than 6 months? I couldn't find anything like TOS on that when I last checked but would put some expiration date even if it was 5 years. Or do you rely on any implicit regulations that would make my accounts unavailable after a certain time?
There are no implicit regulations, but that's a really good point, I should write some ToS and mention that because there are a couple of accounts that haven't been accessed for a while. Some accounts haven't been visited since Jan implemented such tracking, but I'm unsure of *when* the tracking was actually implemented.

The migration is now complete, and as soon as the new DNS records propagate Instawallet should be back up. It should also be much faster, and handle concurrent connections much more reliably. I'll elaborate on  all that, and provide some statistics after I get some sleep Cheesy

As always, users are more than welcome to report any issues they might encounter at david {at} bitcoin-central.net.

To all bitcoiners : thank you having been so patient !


giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
April 26, 2012, 01:09:45 AM
 #4

Hmm ... interesting to know that January is old for you already. Not sure if I touched all my ~20 instawallet urls in that time.

I love how instant instawallet is but also wonder how many of your urls actually hold coins. My guess would be less than 2%.

I would be very interested in figures on how many transactions you process per day from how many users, how is the distribution of coins per url (0, <.1, <.5, <2, <10, <50, <200, <1000, >=1000) or the median of all urls with coins or some other metric that gives us an idea of how people use instawallet.

Are many users actually using instawallet for more than to give a coin to a non-bitcoiner (my main use case)?

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
davout (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
April 26, 2012, 07:23:21 AM
 #5

Hmm ... interesting to know that January is old for you already. Not sure if I touched all my ~20 instawallet urls in that time.
Jan is the name of the person who used to own Instawallet Smiley

We will definitely have some stats posted later on.

SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 26, 2012, 07:25:13 AM
 #6

I'd prefer your ToS say that as long as the site is running, the users' bitcoins are safe and will never be used.  I'd also like to see that a warning will be posted at least 90 days prior to any known permanent shutdown of the site.

JMO, take it or leave it.  Wink
davout (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
April 26, 2012, 01:49:15 PM
 #7

Apart from a couple things left to do the migration is now completed !

Left to do :
  • A very small number of accounts (less than 10) need some manual attention to reconcile operations that happened during the time span where bitcoind was listening but the database wasn't properly registering transactions. The accounts in question are identified, if you think your balance is not correct, and if it remains so after 48h have passed please contact me. The reason it might take up to 48h is that the old bitcoind must catch up with the chain after being shut down during the migration, it does so very slowly since it's packed with addresses and accounts. It must be up-to-date with the chain for transaction reconciliation to be accurate.
  • The current SSL certificate is valid for https://instawallet.org, a new one will be installed that also validates https://www.instawallet.org


What has been done :
  • The backend has been rewritten from scratch to make it much more scalable and responsive. It relies much less on bitcoind, which was a performance bottleneck and delegates the accounting to an SQL database. bitcoind is now only used to notify the backend of incoming transactions, generate an address for each account, and send funds
  • Generation transactions are now understood, that means that if you're mining at Eligius, your payouts will be available after 20 confirmations if you direct them to your Instawallet (generations usually take 120 confirmations to mature)
  • Balance updates are instant (as previously) but rely on websockets instead of long-polling (if your browser doesn't support WS it will degrade gracefully to long-polling or regular polling)
  • A comforting cash-register sound has been added, it plays when you receive funds (except on Safari for iOS)
  • Instawallet will now tell you about the confirmed status of your funds, previously you'd get an error message when trying to send, but you had no way to know whether funds were confirmed or not
  • The new API is fully backwards compatible with the original API, it will be deprecated at some point but for now it's good enough to me
  • The new server is a Intel Xeon 8-cores with 24GB RAM, and a lightning-fast SSD hard-drive. (The previous server had a single-core CPU, 1GB RAM and a regular HDD)
  • A paranoid firewall has been set-up, along with serious monitoring, and monitoring of the monitoring Cheesy
  • An iPhone app is available worldwide, for free, in the AppStore, it's called FriendlyPay, it's awesome and it lets you carry Instawallet in your pocket, an Android version is almost ready

If there's anything that should be fixed you may comment here, drop me a line by PM, send me an e-mail at david {at} bitcoin-central.net, or drop by at the office in Boulogne, right near Paris !

I really want to thank Jan Vornberger, Instawallet's previous owner for being very available and responsive during the whole migration process, having thought of such a cool concept, providing me with loads of hand-crafted documentation, and more generally being awesome. He is a gentleman.

Thank you for your attention !

giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
April 26, 2012, 03:56:45 PM
 #8

I'd prefer your ToS say that as long as the site is running, the users' bitcoins are safe and will never be used.  I'd also like to see that a warning will be posted at least 90 days prior to any known permanent shutdown of the site.

JMO, take it or leave it.  Wink

SgtSpike, you would qualify for a good scammer I guess. I mean if I don't check that site in 90 days (they can't mail me neither), they should legally own my coins without me shouting "SCAMMER"? No way!
If bitcoin goes through the roof now, they put some notice that the service will be discontinued by blabla and start walletinsta.com instead?
I would expect to have all the funds available for 10$ processing fee for years after closing the service. You can't just take your user's money. (I mean legally you might be allowed to do so after a certain time but for me bitcoin is still very much about honesty, trust and reputation ... or anarchy if you prefer that word.)

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 26, 2012, 04:07:55 PM
 #9

I'd prefer your ToS say that as long as the site is running, the users' bitcoins are safe and will never be used.  I'd also like to see that a warning will be posted at least 90 days prior to any known permanent shutdown of the site.

JMO, take it or leave it.  Wink

SgtSpike, you would qualify for a good scammer I guess. I mean if I don't check that site in 90 days (they can't mail me neither), they should legally own my coins without me shouting "SCAMMER"? No way!
If bitcoin goes through the roof now, they put some notice that the service will be discontinued by blabla and start walletinsta.com instead?
I would expect to have all the funds available for 10$ processing fee for years after closing the service. You can't just take your user's money. (I mean legally you might be allowed to do so after a certain time but for me bitcoin is still very much about honesty, trust and reputation ... or anarchy if you prefer that word.)
Well, I just picked an arbitrary deadline that would be acceptable to me.  But I see your point.  OTOH, they can't just be forced to host the site forever in the event that they want to shut it down, so what is your counter-proposal for a reasonable ToS in the event of a site shutdown?
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
April 26, 2012, 04:10:54 PM
 #10

I'd prefer your ToS say that as long as the site is running, the users' bitcoins are safe and will never be used.  I'd also like to see that a warning will be posted at least 90 days prior to any known permanent shutdown of the site.

JMO, take it or leave it.  Wink

SgtSpike, you would qualify for a good scammer I guess. I mean if I don't check that site in 90 days (they can't mail me neither), they should legally own my coins without me shouting "SCAMMER"? No way!
If bitcoin goes through the roof now, they put some notice that the service will be discontinued by blabla and start walletinsta.com instead?
I would expect to have all the funds available for 10$ processing fee for years after closing the service. You can't just take your user's money. (I mean legally you might be allowed to do so after a certain time but for me bitcoin is still very much about honesty, trust and reputation ... or anarchy if you prefer that word.)

If they post before hand that 90 days warning is their policy can you use the service and still complain?

Also, $10 fee? So it is ok with you to take all of the small deposits?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
April 26, 2012, 07:47:44 PM
 #11

Well, I just picked an arbitrary deadline that would be acceptable to me.  But I see your point.  OTOH, they can't just be forced to host the site forever in the event that they want to shut it down, so what is your counter-proposal for a reasonable ToS in the event of a site shutdown?
As I said: If they really discontinue the cool service and can't (legally?) keep up the site for cash out only, I would expect to see some manual processing to kick in that would also be ok to cost a certain fee.

If they post before hand that 90 days warning is their policy can you use the service and still complain?
I'm not sure I understand you right but if by time of my deposit their policy is 90ms warning, I can't complain to see my money gone, no (assuming this is not hidden in some gray on gray small print).
For now they confirmed to not have a policy at all and I assume "some" law would kick in.

Also, $10 fee? So it is ok with you to take all of the small deposits?
No. Everybody should be able to reclaim his belonging at a reasonable processing fee for manually sending the coins somewhere. I assume that what you take for "small deposit" might be worth a fortune when hundreds of old nerds pay hundreds of dollars to recover data from that old backup drive no recent computer has adapters for, so the instawallet group's call center fee should be the least of their worries. By then 10$ might not even be enough for a phone call Wink ... hmm ... dreaming again Smiley

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 26, 2012, 08:16:57 PM
 #12

Well, I just picked an arbitrary deadline that would be acceptable to me.  But I see your point.  OTOH, they can't just be forced to host the site forever in the event that they want to shut it down, so what is your counter-proposal for a reasonable ToS in the event of a site shutdown?
As I said: If they really discontinue the cool service and can't (legally?) keep up the site for cash out only, I would expect to see some manual processing to kick in that would also be ok to cost a certain fee.

If they post before hand that 90 days warning is their policy can you use the service and still complain?
I'm not sure I understand you right but if by time of my deposit their policy is 90ms warning, I can't complain to see my money gone, no (assuming this is not hidden in some gray on gray small print).
For now they confirmed to not have a policy at all and I assume "some" law would kick in.

Also, $10 fee? So it is ok with you to take all of the small deposits?
No. Everybody should be able to reclaim his belonging at a reasonable processing fee for manually sending the coins somewhere. I assume that what you take for "small deposit" might be worth a fortune when hundreds of old nerds pay hundreds of dollars to recover data from that old backup drive no recent computer has adapters for, so the instawallet group's call center fee should be the least of their worries. By then 10$ might not even be enough for a phone call Wink ... hmm ... dreaming again Smiley
Ok, makes sense.  Ideally, some way to reclaim the funds, even if it is a manual process, would be preferred.

I don't know what you mean by "some law" would kick in.  There's no laws about requiring a company to provide access to digital files in the event of a shutdown, as far as I know.  Correct me if I am wrong.

As another example, if you fail to pay the rent on a storage unit, your stuff cannot be reclaimed after it is auctioned off.  There has to be a reasonable cutoff of time where the entity storing your stuff is no longer responsible for it.  You shouldn't expect instawallet to continue to provide you access to your coins, even manual access, for the rest of your lifetime.
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
April 27, 2012, 12:04:50 AM
 #13

I don't know what you mean by "some law" would kick in.  There's no laws about requiring a company to provide access to digital files in the event of a shutdown, as far as I know.  Correct me if I am wrong.

As another example, if you fail to pay the rent on a storage unit, your stuff cannot be reclaimed after it is auctioned off.  There has to be a reasonable cutoff of time where the entity storing your stuff is no longer responsible for it.  You shouldn't expect instawallet to continue to provide you access to your coins, even manual access, for the rest of your lifetime.

Ok, I always take it for granted that bitcoin is money, which it is not legally. Imagine a bank that fails to ask your name and address that wants to close down. Should they be allowed to leave with your money?

I am not a lawyer but if I borrow some $$ from you and you never ask it back I am sure there is some law regulating at which point in time the money is legally my money. This is different in different countries and as long as Bitcoin is not money, other regulations might apply but I'm pretty sure not returning the coins now would be a crime by some law even as it is only some bits.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 27, 2012, 12:17:50 AM
 #14

I don't know what you mean by "some law" would kick in.  There's no laws about requiring a company to provide access to digital files in the event of a shutdown, as far as I know.  Correct me if I am wrong.

As another example, if you fail to pay the rent on a storage unit, your stuff cannot be reclaimed after it is auctioned off.  There has to be a reasonable cutoff of time where the entity storing your stuff is no longer responsible for it.  You shouldn't expect instawallet to continue to provide you access to your coins, even manual access, for the rest of your lifetime.

Ok, I always take it for granted that bitcoin is money, which it is not legally. Imagine a bank that fails to ask your name and address that wants to close down. Should they be allowed to leave with your money?

I am not a lawyer but if I borrow some $$ from you and you never ask it back I am sure there is some law regulating at which point in time the money is legally my money. This is different in different countries and as long as Bitcoin is not money, other regulations might apply but I'm pretty sure not returning the coins now would be a crime by some law even as it is only some bits.
Right, that's why I'm not sure that a law would apply.  It could, I just think that making an assumption about it would be wrong.

Regardless of what laws do or do not exist, I'd just like to see clarification in the ToS about how long coins will be made available in the event of a site shutdown, what happens if the coins are lost in a hack, etc etc.  Spell out all the details.
coinuser4000
Member
**
Offline Offline

Activity: 128
Merit: 10



View Profile
April 27, 2012, 03:27:27 AM
 #15

Website is popping up warnings that "This Connection is Untrusted" which I have never seen before, and also when I try to check the certificates, there are none, and the https site is showing as unencrypted....

cointorox ✦ 
✓   Your Digital Piggy Bank Cryptocurrency, Simplified. ✓  
✦ ────────  Website ⬝  Facebook ⬝   Twitter ⬝  Telegram ⬝  Medium   ──────── ✦
davout (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
April 27, 2012, 08:52:30 AM
 #16

Website is popping up warnings that "This Connection is Untrusted" which I have never seen before, and also when I try to check the certificates, there are none, and the https site is showing as unencrypted....
The connection to Instawallet is always SSL enabled.
However, I forgot to add the full certificate chain in addition to the actual certificate which caused some browsers to complain, it's now fixed, you shouldn't see any warnings anymore.

BTW, currently our certificate is only valid for https://instawallet.org, and not for https://www.instawallet.org, we're in the process of getting a proper wildcard certificate.

Thank you for pointing that out Smiley

davout (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
April 27, 2012, 09:01:58 AM
 #17

And regarding the discussions about what would happen in the case Instawallet's service was to be discontinued here's what we would do :
  • A notice would be posted a long time in advance,
  • We would generate a private key for each account, in a publicly documented way, using the wallet URL as seed,
  • We'd compute the public key from the private key,
  • We'd compute the address from the public key,
  • We'd send the balance to this generated address,
  • And that's it!

Now all you'd need to regain control of your coins is to follow the steps using your wallet key, you'll get a private key you can import into any client, or into any service.

Even a user without any technical knowledge could use a third-party service that could perform these steps given a wallet URL, for a fee obviously, but in perfect market conditions, therefore the fee would always be as competitive as possible.

Thoughts ?

FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
April 27, 2012, 01:37:16 PM
 #18

And regarding the discussions about what would happen in the case Instawallet's service was to be discontinued here's what we would do :
  • A notice would be posted a long time in advance,
  • We would generate a private key for each account, in a publicly documented way, using the wallet URL as seed,
  • We'd compute the public key from the private key,
  • We'd compute the address from the public key,
  • We'd send the balance to this generated address,
  • And that's it!

Now all you'd need to regain control of your coins is to follow the steps using your wallet key, you'll get a private key you can import into any client, or into any service.

Even a user without any technical knowledge could use a third-party service that could perform these steps given a wallet URL, for a fee obviously, but in perfect market conditions, therefore the fee would always be as competitive as possible.

Thoughts ?

That's smart.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 27, 2012, 03:34:06 PM
 #19

And regarding the discussions about what would happen in the case Instawallet's service was to be discontinued here's what we would do :
  • A notice would be posted a long time in advance,
  • We would generate a private key for each account, in a publicly documented way, using the wallet URL as seed,
  • We'd compute the public key from the private key,
  • We'd compute the address from the public key,
  • We'd send the balance to this generated address,
  • And that's it!

Now all you'd need to regain control of your coins is to follow the steps using your wallet key, you'll get a private key you can import into any client, or into any service.

Even a user without any technical knowledge could use a third-party service that could perform these steps given a wallet URL, for a fee obviously, but in perfect market conditions, therefore the fee would always be as competitive as possible.

Thoughts ?
Perfect, thanks for providing a good solution to that problem.  Wink
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
April 27, 2012, 04:09:27 PM
 #20

I'd imagine attackers can check bitcoin keys a lot faster than they can try to access instawallets. Short ones will become more vulnerable.

Ah, I was just trying things out and it seems you can't make a new wallet with your own private part anymore? Is that intended?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!