frisco2 (OP)
|
|
June 13, 2012, 06:14:14 AM Last edit: August 04, 2012, 04:58:39 PM by frisco2 |
|
The site is https://booster.ioCreate a bounty to get something done. Whoever does it will get the bounty. The bounty is a tip jar where everyone interested puts a little bit. If bounty is not claimed, money is refunded back. Just launched this today, try it! EDIT: I have reduced the rates: - Bounties have 1% commission, capped at $100. - Bounties that collect less than $10 are FREE. - First 100 bounties to appear on Booster are FREE - These rates may change for new bounties on Jan 1, 2013.
|
Crosspass -- a simple way to send passwords, encryption keys, bitcoin addresses, etc.
|
|
|
CrownCloud
|
|
June 13, 2012, 11:12:35 AM |
|
Looks awesome !! Amazing work !!!
|
CrownCloud - Internet Services Dedicated servers, OpenVZ and KVM based VPSes and in 4 locations. (We accept Bitcoin !) http://crowncloud.net/
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
June 13, 2012, 11:18:12 AM |
|
What is your security policy?
|
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
|
|
June 13, 2012, 12:55:18 PM |
|
Like any online wallet, it is unwise to trust it with large sums. It's not that we don't trust you (not that we should), but too many online wallets have been "hacked" and too much Bitcoin lost. Even worse than losing Bitcoin would be dashing the hopes and dreams of eager entrepreneurs.
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
frisco2 (OP)
|
|
June 13, 2012, 05:48:51 PM |
|
Security policy is as follows:
- Balances under 100 BTC are kept on the server. Balances above 100 BTC are moved out of the server into an offline wallet, with wallet.dat backed up on two usb sticks, stored in a bank safe. When it is time to transfer the funds, I take the right wallet.dat and move the funds where they are supposed to go. Also, this whole thing is done inside a fresh windows install Virtual Machine snapshot, refreshed everytime, so there is no danger of viruses.
|
Crosspass -- a simple way to send passwords, encryption keys, bitcoin addresses, etc.
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
June 13, 2012, 06:42:34 PM |
|
Security policy is as follows:
- Balances under 100 BTC are kept on the server. Balances above 100 BTC are moved out of the server into an offline wallet, with wallet.dat backed up on two usb sticks, stored in a bank safe. When it is time to transfer the funds, I take the right wallet.dat and move the funds where they are supposed to go. Also, this whole thing is done inside a fresh windows install Virtual Machine snapshot, refreshed everytime, so there is no danger of viruses.
Are you counting total balance of everything or just one account?
|
|
|
|
CoinLab
|
|
June 13, 2012, 07:24:44 PM |
|
Cool service. Noticed a couple problems: 1. On the FAQ, it says to submit feature requests to feedback, but feedback is not linked and there are no other references to it on the FAQ. How should people submit feedback? 2. On this bounty: https://booster.io/tipjar/0c8h49wClick the URL, notice it takes you to: https//github.com/twitter/bootstrap/issues/3832 You (or submitter?) are missing a colon. 3. How are you different from similar services? Bounties that collect less than $10 are FREE. Bounties that collect more have 5% fee. We're looking forward to seeing how your service develops. Good luck!
|
|
|
|
frisco2 (OP)
|
|
June 13, 2012, 07:48:37 PM |
|
Cool service. Noticed a couple problems:
1. On the FAQ, it says to submit feature requests to feedback, but feedback is not linked and there are no other references to it on the FAQ. How should people submit feedback?
Thanks for the bug report. The feedback button (powered by UserVoice) is handing on the right hand side. Does it show up for you ?
|
Crosspass -- a simple way to send passwords, encryption keys, bitcoin addresses, etc.
|
|
|
frisco2 (OP)
|
|
June 13, 2012, 09:12:13 PM |
|
Security policy is as follows:
- Balances under 100 BTC are kept on the server. Balances above 100 BTC are moved out of the server into an offline wallet, with wallet.dat backed up on two usb sticks, stored in a bank safe. When it is time to transfer the funds, I take the right wallet.dat and move the funds where they are supposed to go. Also, this whole thing is done inside a fresh windows install Virtual Machine snapshot, refreshed everytime, so there is no danger of viruses.
Are you counting total balance of everything or just one account? Per account. So if there are two accounts, one has 10BTC, and another one has 105 BTC, then the first one I don't touch, and for the second one, I move the 100BTC balance out of the server into an offline wallet. (The website will report still 105 BTC on the bounty page, but the actual 100BTC of that will be off server). This is just to stop large amount of money from accumulating in one account on the server. Boris
|
Crosspass -- a simple way to send passwords, encryption keys, bitcoin addresses, etc.
|
|
|
aq
|
|
June 13, 2012, 09:33:28 PM |
|
Better way:
Pre-generate a bunch of addresses/private key pairs (vanitygen or offsite bitcoind). Store the addresses (not the private keys) in the db on the website. Now for every new bounty allocate one of those addresses (when spare amount is low refill from offsite). Everyone can now send coins to this address, can use blockchain.info to check the balance and what not. However no single coin is on the website itself. To send the coins to the developer either send him the private key or just use your offsite bitcoind. That way there are never ever any coins on the actual website, so no hacker can steal anything.
|
|
|
|
frisco2 (OP)
|
|
June 13, 2012, 10:24:21 PM |
|
Better way:
Pre-generate a bunch of addresses/private key pairs (vanitygen or offsite bitcoind). Store the addresses (not the private keys) in the db on the website. Now for every new bounty allocate one of those addresses (when spare amount is low refill from offsite). Everyone can now send coins to this address, can use blockchain.info to check the balance and what not. However no single coin is on the website itself. To send the coins to the developer either send him the private key or just use your offsite bitcoind. That way there are never ever any coins on the actual website, so no hacker can steal anything.
Great idea! I will implement it but it will take some time to get this right (1 month estimate). Meanwhile, use Booster as it is now.
|
Crosspass -- a simple way to send passwords, encryption keys, bitcoin addresses, etc.
|
|
|
CoinLab
|
|
June 14, 2012, 12:23:44 AM |
|
Cool service. Noticed a couple problems:
1. On the FAQ, it says to submit feature requests to feedback, but feedback is not linked and there are no other references to it on the FAQ. How should people submit feedback?
Thanks for the bug report. The feedback button (powered by UserVoice) is handing on the right hand side. Does it show up for you ? Yep. Shows up fine. Didn't even notice it, blends in so well.
|
|
|
|
frisco2 (OP)
|
|
June 14, 2012, 12:47:05 AM |
|
The Bounty tip jar idea is by user Ripper234 on this forum. Kudos to him. Send tips to Ripper234 to this tip jar I just started for him: https://propster.me/tipjar/0c8hm3fHe will be able to claim the funds.
|
Crosspass -- a simple way to send passwords, encryption keys, bitcoin addresses, etc.
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
June 14, 2012, 09:34:48 AM |
|
This per account is a bad policy. Why? Let do some math.
Imagine that there 100 accounts. 90 of them contains 99 BTC. 10 accounts contain 101 bitcoin each. Since the 100 BTC are moved to cold storage, that mean 1 BTC remains for withdrawal for the last 10.
Add them up, and you have 8920 BTC that are hot while 1000 BTC are cold.
This is a disaster! If a thief access and compromise the hot wallet server, he will be able to steal 8920 bitcon, which is 89.9193548% of your total holding.
What if every account have 99 BTC? You're even more doomed! Now, the thief will be able to steal all 9900 of 9900 BTC. He will be able to steal 100% of your holding.
Indeed, what I am saying is improbable, but I think in the end will expose you to more risk. However, if you keep your hot wallet to a strict limit to say 5% or 10% to total holding, you reduce the probability and economic incentive of a theft attempt.
Even better: keep all your coins in cold storage and process them at least once a day. Security is important, and I think your customers can handle a little inconvenience.
(If I am somehow wrong about the math, let me know)
|
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
June 14, 2012, 01:22:23 PM |
|
Glad to see this project, nice!
Ente
|
|
|
|
frisco2 (OP)
|
|
June 14, 2012, 02:15:11 PM |
|
This per account is a bad policy. Why? Let do some math. ...
You have a point. I think what "aq" said is good, I'm gonna do it that way.
|
Crosspass -- a simple way to send passwords, encryption keys, bitcoin addresses, etc.
|
|
|
|
SomeoneWeird
|
|
June 19, 2012, 03:51:00 AM Last edit: June 19, 2012, 09:36:56 AM by SomeoneWeird |
|
Nice one stealing nodesters logo.
|
|
|
|
|
frisco2 (OP)
|
|
August 07, 2012, 08:03:40 AM |
|
Booster now supports single tips, not Flattr style. I think this makes more sense.
|
Crosspass -- a simple way to send passwords, encryption keys, bitcoin addresses, etc.
|
|
|
|