DutchBrat
|
|
July 13, 2012, 06:21:09 PM |
|
I'm not going to withdraw anytime soon Either I end up with all coins or pirate defaults: game over! The way it has to be
|
|
|
|
ErebusBat
|
|
July 13, 2012, 06:38:25 PM |
|
I actually am perfectly happy with having to PM for a withdrawal. This means that a hacker would have to compromise BOTH my bitcoinmax account AND my forum account to steal funds.
I don't know how withdrawals work, but wouldn't the attacker be able to get your funds without access to your bitcoinmax account? First PM saying "please change my withdrawal address", then PM again a few days later saying "please send 100 BTC". They'd have to guess how much you had in your account I guess, and going over might tip payb.tc off that something fishy was going on. Is there something in place to prevent this attack? This is a very good point. Personally I would prefer that *any* withdrawal requests would be GPG signed; however it isn't reasonable to assume that payb.tc accomodate the 14,001 different ways people want this handled. Putting myself in his shoes I am not sure how I would want to handle that where it would provide good security vs easy management. Remember guys he is only getting %0.1 which is not alot.
|
|
|
|
Scott J
Legendary
Offline
Activity: 1792
Merit: 1000
|
|
July 13, 2012, 06:43:14 PM |
|
I actually am perfectly happy with having to PM for a withdrawal. This means that a hacker would have to compromise BOTH my bitcoinmax account AND my forum account to steal funds.
I don't know how withdrawals work, but wouldn't the attacker be able to get your funds without access to your bitcoinmax account? First PM saying "please change my withdrawal address", then PM again a few days later saying "please send 100 BTC". They'd have to guess how much you had in your account I guess, and going over might tip payb.tc off that something fishy was going on. Is there something in place to prevent this attack? This is a very good point. Personally I would prefer that *any* withdrawal requests would be GPG signed; however it isn't reasonable to assume that payb.tc accomodate the 14,001 different ways people want this handled. Putting myself in his shoes I am not sure how I would want to handle that where it would provide good security vs easy management. Remember guys he is only getting %0.1 which is not alot. Very true, in some ways I wish he would take a little extra - this would provide more incentive to give time to the project and less incentive to run away! (This is not to say I doubt his commitment or integrity)
|
|
|
|
ErebusBat
|
|
July 13, 2012, 06:47:10 PM |
|
I actually am perfectly happy with having to PM for a withdrawal. This means that a hacker would have to compromise BOTH my bitcoinmax account AND my forum account to steal funds.
I don't know how withdrawals work, but wouldn't the attacker be able to get your funds without access to your bitcoinmax account? First PM saying "please change my withdrawal address", then PM again a few days later saying "please send 100 BTC". They'd have to guess how much you had in your account I guess, and going over might tip payb.tc off that something fishy was going on. Is there something in place to prevent this attack? This is a very good point. Personally I would prefer that *any* withdrawal requests would be GPG signed; however it isn't reasonable to assume that payb.tc accomodate the 14,001 different ways people want this handled. Putting myself in his shoes I am not sure how I would want to handle that where it would provide good security vs easy management. Remember guys he is only getting %0.1 which is not alot. Very true, in some ways I wish he would take a little extra - this would provide more incentive to give time to the project and less incentive to run away! (This is not to say I doubt his commitment or integrity) I don't think that giving him a bigger cut is any incentive to not run away. But this does pose an interesting question: If payb.tc were to offer it; how much per week would you be willing to pay for 'extra services' and what would those services be? My extra services would be: - Google Authenticator login (although not a big deal until withdrawal requests come to the web) - GPG Signed Confirmations for account changes/withdrawals. However I am not sure how to answer my own question of 'how much' I would be willing to pay (vs gambling that I won't get compromised). This is all assuming that payb.tc isn't just Intersango and going to 'get hacked' anyway
|
|
|
|
Scott J
Legendary
Offline
Activity: 1792
Merit: 1000
|
|
July 13, 2012, 06:51:26 PM |
|
I really hope withdrawal requests never come online/become automated.
I'm happy to wait a day or two.
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
July 13, 2012, 07:14:00 PM |
|
I really hope withdrawal requests never come online/become automated.
I'm happy to wait a day or two.
This isn't about automatic withdrawals. It's about me getting into your bitcointalk account and sending a PM to payb.tc that says "please change my withdrawal address to 1dooglus123456 and send me all Scott's monies please herp derp".
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
ErebusBat
|
|
July 13, 2012, 07:17:28 PM |
|
I really hope withdrawal requests never come online/become automated.
I'm happy to wait a day or two.
Agree with this and to clarify my statement: withdrawal requests on the web. Obviously I prefer my funds be handled by hand. However I think this will be a requirement anyway given the BST backing.
|
|
|
|
Scott J
Legendary
Offline
Activity: 1792
Merit: 1000
|
|
July 13, 2012, 07:25:07 PM |
|
I really hope withdrawal requests never come online/become automated.
I'm happy to wait a day or two.
This isn't about automatic withdrawals. It's about me getting into your bitcointalk account and sending a PM to payb.tc that says "please change my withdrawal address to 1dooglus123456 and send me all Scott's monies please herp derp". I understand better now - I have messaged payb.tc asking for withdrawals to be made both by a PM on here and via an e-mail. However: Personally I would prefer that *any* withdrawal requests would be GPG signed; however it isn't reasonable to assume that payb.tc accomodate the 14,001 different ways people want this handled. This is very true; I guess payb.tc will come up with a standardised way to mitigate against possible bitcointalk hacks.
|
|
|
|
Otoh
Donator
Legendary
Offline
Activity: 3080
Merit: 1165
|
|
July 13, 2012, 08:25:17 PM |
|
As he handles withdrawals manually, thank goodness & also any changes of withdrawal addresses manually as that can't be done on his site I was pleased to see from when the original passwords were just the deposit addresses, then a simple 2FA that would work for everyone who requested it would be a 4 number PIN that can be set one time on the site (or PM maybe) & is irrevocable except by email confirmation (per-arranged email address) & Skype interrogation re: account history, balance, RL name if previously given, secret question, whatever, etc & there should be a scaled fee for one loosing/forgetting one's PIN to mitigate the hassle - say 2% of balance on the account.
|
|
|
|
payb.tc (OP)
|
|
July 13, 2012, 09:16:18 PM |
|
As he handles withdrawals manually, thank goodness & also any changes of withdrawal addresses manually as that can't be done on his site I was pleased to see from when the original passwords were just the deposit addresses, then a simple 2FA that would work for everyone who requested it would be a 4 number PIN that can be set one time on the site (or PM maybe) & is irrevocable except by email confirmation (per-arranged email address) & Skype interrogation re: account history, balance, RL name if previously given, secret question, whatever, etc & there should be a scaled fee for one loosing/forgetting one's PIN to mitigate the hassle - say 2% of balance on the account.
as a few people would already know, changing your withdrawal address does require proof of ownership; i've been getting people to make a specific tx from their current withdrawal address. so far no-one's lost access to their current one. i like the PIN idea though, something i could put in the login area for that individual account.
|
|
|
|
Grim Death
Member
Offline
Activity: 86
Merit: 10
|
|
July 13, 2012, 09:29:44 PM |
|
BTC7 deposited.
|
|
|
|
payb.tc (OP)
|
|
July 13, 2012, 10:18:26 PM |
|
by the way, withdrawal requests over 100 might get sent to you in multiple transactions. for example if you request 1234 btc and i happen to have 1000 btc in my wallet from recent deposits or whatever, i'll send it to you and send the remaining 234 later as it becomes available. having 1000 sitting idle in my wallet is not cool; at 6.9% per week, it only takes 2 hours and 26 minutes to burn through 1 btc
|
|
|
|
Michail1
Legendary
Offline
Activity: 1499
Merit: 1164
|
|
July 14, 2012, 02:18:45 AM |
|
having 1000 sitting idle in my wallet is not cool; at 6.9% per week, it only takes 2 hours and 26 minutes to burn through 1 btc You should pay yourself less.
|
|
|
|
bg002h
Donator
Legendary
Offline
Activity: 1464
Merit: 1047
I outlived my lifetime membership:)
|
|
July 15, 2012, 01:43:10 AM |
|
Just would like to post my experience...I put BTC10 in and took BTC11 out a few weeks later. All transacting was very fast (considering its one hard working guy doing it and not a computer).
|
|
|
|
Koooooj
Member
Offline
Activity: 75
Merit: 10
|
|
July 15, 2012, 05:15:47 PM |
|
+1 Had an account for a couple weeks now. Great service. Reliable and clean website... which Google apparently thinks is in Malay... Hopefully this'll be good for a couple laughs.
|
|
|
|
payb.tc (OP)
|
|
July 15, 2012, 09:27:06 PM |
|
which Google apparently thinks is in Malay
what language Google thinks it is all depends on your personal deposit address.
|
|
|
|
lenny_
Legendary
Offline
Activity: 1036
Merit: 1000
DARKNETMARKETS.COM
|
|
July 15, 2012, 11:32:04 PM |
|
+1 Had an account for a couple weeks now. Great service. Reliable and clean website... which Google apparently thinks is in Malay... Hopefully this'll be good for a couple laughs. Use normal browser then. Google Chrome is idiot-resistant.
|
|
|
|
ErebusBat
|
|
July 16, 2012, 12:13:44 AM |
|
+1 Had an account for a couple weeks now. Great service. Reliable and clean website... which Google apparently thinks is in Malay... Hopefully this'll be good for a couple laughs. Use normal browser then. Google Chrome is idiot-resistant. Chrome rocks!
|
|
|
|
payb.tc (OP)
|
|
July 16, 2012, 12:21:17 AM |
|
i must admit i developed it 100% in chrome and have never actually tested or even looked at it in any other browser.
it could be complete garbage in the others for all i know... although i'm sure someone would have mentioned it by now if it was.
|
|
|
|
bg002h
Donator
Legendary
Offline
Activity: 1464
Merit: 1047
I outlived my lifetime membership:)
|
|
July 16, 2012, 12:32:47 AM |
|
Looked fine in safari on iOS and Mac.
|
|
|
|
|