Pages:
Author

Topic: ... (Read 1911 times)

sr. member
Activity: 574
Merit: 253
...
February 25, 2015, 11:52:51 AM
#33
Yes walletnotify should NEVER be the only way to accept payments, I use it so I can run a cronjob every 5mins and still make it snappy. It basically tells my java application that a payment could be on it's way and to track this one.

So what do you use?

listreceivedbyaddress dumps the entire list of transactions ever received, so you can't really use that except maybe once at startup.
-walletnotify is unreliable, in that it can tell you about the same transaction twice, and tells you about unconfirmed transactions

So what's left?

I like 'listaccounts' and am sad it is going away.

Hey,

So what are you using now? (sorry for bumping old thread)
newbie
Activity: 27
Merit: 0
July 02, 2014, 02:00:53 AM
#32
you can buy ready to use code for your dice gambling site
you can find many people selling here on forum
legendary
Activity: 1498
Merit: 1000
July 01, 2014, 09:24:44 PM
#31
Yes walletnotify should NEVER be the only way to accept payments, I use it so I can run a cronjob every 5mins and still make it snappy. It basically tells my java application that a payment could be on it's way and to track this one.

So what do you use?

listreceivedbyaddress dumps the entire list of transactions ever received, so you can't really use that except maybe once at startup.
-walletnotify is unreliable, in that it can tell you about the same transaction twice, and tells you about unconfirmed transactions

So what's left?

I like 'listaccounts' and am sad it is going away.

Well it is going away for good reason, hopefully or maybe a couple people (I know I would throw in a couple bucks) for a true enterprise account system to be built not into bitcoind, but on top of it, kinda like bitcoin-cli. This would great for things and would support ACID. Right now the bitcoind accounts technically are not reliable by those standards.

For the non-technical people ACID is the standard by which all database management systems are consider reliable.
legendary
Activity: 2940
Merit: 1333
July 01, 2014, 04:34:58 PM
#30
Yes walletnotify should NEVER be the only way to accept payments, I use it so I can run a cronjob every 5mins and still make it snappy. It basically tells my java application that a payment could be on it's way and to track this one.

So what do you use?

listreceivedbyaddress dumps the entire list of transactions ever received, so you can't really use that except maybe once at startup.
-walletnotify is unreliable, in that it can tell you about the same transaction twice, and tells you about unconfirmed transactions

So what's left?

I like 'listaccounts' and am sad it is going away.
legendary
Activity: 1498
Merit: 1000
July 01, 2014, 02:38:15 PM
#29
What does it mean when a transaction changes? When a transaction changes from 1 confirmation to 2 confirmation? Or does any new transaction count as a transaction change?

According to the comment in the source code:

// notify an external script when a wallet transaction comes in or is updated

It is done in CWallet::AddToWallet() which appears to be called when a transaction is seen on the network as a standalone transaction or in a block. It won't be called for the 2nd or later confirmation of a transaction.

I don't see an obvious way of defending against malleability attacks using this. It's quite possible you'll see a deposit to a customer address from an unconfirmed transaction, and then later see a deposit of the same amount to the same address from a transaction with a different txid that made it into a block, where the two transactions are mutually incompatible since they have the same inputs.

In other words, there's -walletnotify to tell you when a new transaction arrived, but there's nothing to tell you when that transaction was overwritten by a new version of the same transaction.

Yes walletnotify should NEVER be the only way to accept payments, I use it so I can run a cronjob every 5mins and still make it snappy. It basically tells my java application that a payment could be on it's way and to track this one.
legendary
Activity: 2940
Merit: 1333
July 01, 2014, 02:17:44 PM
#28
What does it mean when a transaction changes? When a transaction changes from 1 confirmation to 2 confirmation? Or does any new transaction count as a transaction change?

According to the comment in the source code:

// notify an external script when a wallet transaction comes in or is updated

It is done in CWallet::AddToWallet() which appears to be called when a transaction is seen on the network as a standalone transaction or in a block. It won't be called for the 2nd or later confirmation of a transaction.

I don't see an obvious way of defending against malleability attacks using this. It's quite possible you'll see a deposit to a customer address from an unconfirmed transaction, and then later see a deposit of the same amount to the same address from a transaction with a different txid that made it into a block, where the two transactions are mutually incompatible since they have the same inputs.

In other words, there's -walletnotify to tell you when a new transaction arrived, but there's nothing to tell you when that transaction was overwritten by a new version of the same transaction.
legendary
Activity: 1498
Merit: 1000
June 30, 2014, 06:56:45 PM
#27
Code:
-walletnotify=    Execute command when a wallet transaction changes (%s in cmd is replaced by TxID)

What does it mean when a transaction changes? When a transaction changes from 1 confirmation to 2 confirmation? Or does any new transaction count as a transaction change?

Yes that is why I run bitcoind in tx=1 so I can track the transaction.
hero member
Activity: 854
Merit: 500
June 30, 2014, 06:01:29 PM
#26
Code:
-walletnotify=    Execute command when a wallet transaction changes (%s in cmd is replaced by TxID)

What does it mean when a transaction changes? When a transaction changes from 1 confirmation to 2 confirmation? Or does any new transaction count as a transaction change?
legendary
Activity: 1498
Merit: 1000
June 30, 2014, 05:49:35 PM
#25
So the flow I did for javaEE, is a couple of checks. One was a cronjob, in tomcat they are not called that, this runs every 5 mins (remember I wait for 1 confirmations anyway, so I don't have to run every 5-10 secs which is probably what you would do for non-confirmed transactions). For my next check, I always run bitcoind in -tx=1 mode so I have access to the entire bitcoin blockchain, and don't have to use a blockchain api. Then using netcat and java socket server, I would have bitcoind send any wallet transactions to the socket server, and put in a queue (any first in first out data structure would work). Remember take this with a grain of salt this transaction, it is usually a non-confirmed transaction, and it can be subject to many attacks. This just alerts my application that a transaction is possible waiting and to track it a bit.

Thanks gweed Smiley

Would you ever consider using the websockets API ( https://blockchain.info/api/api_websocket ) with grep to filter out only transactions to the addresses you are interested in?

Code:
dumpsockets.py ws://ws.blockchain.info/inv | grep -f myaddresses.txt

I'm learning about websockets because I really like the "live" information concept instead of running a script over and over again.

Depends on the situation. For me bitcoind over everything, because I have trust issues Wink but looking at the callbacks of bitcoind...

Code:
-walletnotify=    Execute command when a wallet transaction changes (%s in cmd is replaced by TxID)
https://en.bitcoin.it/wiki/Running_Bitcoin#Command-line_arguments

You can't beat them, just don't trust them too much, since they are all done with no confirmations.
hero member
Activity: 854
Merit: 500
June 30, 2014, 05:41:10 PM
#24
So the flow I did for javaEE, is a couple of checks. One was a cronjob, in tomcat they are not called that, this runs every 5 mins (remember I wait for 1 confirmations anyway, so I don't have to run every 5-10 secs which is probably what you would do for non-confirmed transactions). For my next check, I always run bitcoind in -tx=1 mode so I have access to the entire bitcoin blockchain, and don't have to use a blockchain api. Then using netcat and java socket server, I would have bitcoind send any wallet transactions to the socket server, and put in a queue (any first in first out data structure would work). Remember take this with a grain of salt this transaction, it is usually a non-confirmed transaction, and it can be subject to many attacks. This just alerts my application that a transaction is possible waiting and to track it a bit.

Thanks gweed Smiley

Would you ever consider using the websockets API ( https://blockchain.info/api/api_websocket ) with grep to filter out only transactions to the addresses you are interested in?

Code:
dumpsockets.py ws://ws.blockchain.info/inv | grep -f myaddresses.txt

I'm learning about websockets because I really like the "live" information concept instead of running a script over and over again.
legendary
Activity: 1498
Merit: 1000
June 30, 2014, 05:18:29 PM
#23
So basically I make a new address for each user, but it's just 1 of many addresses in the hot wallet?

Yes. At Just-Dice I used bitcoind, and simply did getAddressesByAccount() to see if there was already an address associated with a userid, and getAccountAddress() to get one if there wasn't. Then you can listAccounts() to see the balance for each account with the required number of confirmations and move() to move the funds from a player's 'account' to the main hot wallet account so you don't count it twice.

Recently I heard Gavin saying that the 'accounts' feature in bitcoind is likely to be removed soon, so I guess this isn't a good idea to use any more.

I would advise against the account feature, it isn't meant to be a database, like you are using it. I usually just keep a database table that links addresses to users, I think this system is more robust than using the account feature.


And to be honest I have written dice games in javaEE, which is actually really strong.

How do you get live updates from new deposits. Do I have to check for new deposits for every possible deposit address once per minute? What do you recommend to run so that when a deposit happens there is a event that says "Hey, you got a new deposit" and how do you link this to the site?

So the flow I did for javaEE, is a couple of checks. One was a cronjob, in tomcat they are not called that, this runs every 5 mins (remember I wait for 1 confirmations anyway, so I don't have to run every 5-10 secs which is probably what you would do for non-confirmed transactions). For my next check, I always run bitcoind in -tx=1 mode so I have access to the entire bitcoin blockchain, and don't have to use a blockchain api. Then using netcat and java socket server, I would have bitcoind send any wallet transactions to the socket server, and put in a queue (any first in first out data structure would work). Remember take this with a grain of salt this transaction, it is usually a non-confirmed transaction, and it can be subject to many attacks. This just alerts my application that a transaction is possible waiting and to track it a bit.

Now that we verified that indeed we have a new balance, I use web sockets to push it to the user. JavaEE is amazing at writing this in a simple class. If you don't want to use websockets, or the the users can't get a good connection, then just simple javascript polling works as well. Then that updates the frontend accordingly. Remember to always check the balance before executing anything server side. This is just a view, and should never be trusted.

Pretty sure listreceivedbyaddress also protects against that.

I looked into it - I don't see any way to prevent it returning the entire list of addresses and transactions each time you call it.

That's a huge ever-growing amount of data to parse over and over again.

I'd much rather have bitcoind do all that grunt work for me and just tell me which account has a new confirmed deposit.

Yes it is a big list, but what I usually do with java, is just hold on to it in an array of objects and remove the the ones we have already processed already. I can always build that array at startup from the double entry database, incase of shutdown or restart.
legendary
Activity: 2940
Merit: 1333
June 30, 2014, 04:52:36 PM
#22
Pretty sure listreceivedbyaddress also protects against that.

I looked into it - I don't see any way to prevent it returning the entire list of addresses and transactions each time you call it.

That's a huge ever-growing amount of data to parse over and over again.

I'd much rather have bitcoind do all that grunt work for me and just tell me which account has a new confirmed deposit.
hero member
Activity: 854
Merit: 500
June 30, 2014, 04:36:02 PM
#21
So basically I make a new address for each user, but it's just 1 of many addresses in the hot wallet?

Yes. At Just-Dice I used bitcoind, and simply did getAddressesByAccount() to see if there was already an address associated with a userid, and getAccountAddress() to get one if there wasn't. Then you can listAccounts() to see the balance for each account with the required number of confirmations and move() to move the funds from a player's 'account' to the main hot wallet account so you don't count it twice.

Recently I heard Gavin saying that the 'accounts' feature in bitcoind is likely to be removed soon, so I guess this isn't a good idea to use any more.

I would advise against the account feature, it isn't meant to be a database, like you are using it. I usually just keep a database table that links addresses to users, I think this system is more robust than using the account feature.


And to be honest I have written dice games in javaEE, which is actually really strong.

How do you get live updates from new deposits. Do I have to check for new deposits for every possible deposit address once per minute? What do you recommend to run so that when a deposit happens there is a event that says "Hey, you got a new deposit" and how do you link this to the site?
legendary
Activity: 1498
Merit: 1000
June 30, 2014, 11:56:27 AM
#20
I always wait at least 1 confirmation. I always do a double entry balance and withdrawl, then I use listreceivedbyaddress to get the transactions.

What do you do if there's a 2 block reorganisation, and the deposit changes its transaction ID?

Would you credit it twice?

Pretty sure listreceivedbyaddress also protects against that.
legendary
Activity: 2940
Merit: 1333
June 30, 2014, 10:48:43 AM
#19
I always wait at least 1 confirmation. I always do a double entry balance and withdrawl, then I use listreceivedbyaddress to get the transactions.

What do you do if there's a 2 block reorganisation, and the deposit changes its transaction ID?

Would you credit it twice?
legendary
Activity: 1498
Merit: 1000
June 30, 2014, 12:35:44 AM
#18
Buy the script from other and i think they have the details  Wink
Buying the script is kinda lame. I'll feel a lot better about it if I build it completely.
Curious, how much does the script cost?

Make sure their is no backdoors, in the RNG or in the software in general.

The problem with this is that if the programmer isn't experienced enough, which is usually the reason for buying the scripts, they won't know what to look for in terms of insecurities and backdoors.

That is why you pay someone to look it over, that you trust as a programmer.
sr. member
Activity: 323
Merit: 254
June 30, 2014, 12:04:19 AM
#17
Buy the script from other and i think they have the details  Wink
Buying the script is kinda lame. I'll feel a lot better about it if I build it completely.
Curious, how much does the script cost?

Make sure their is no backdoors, in the RNG or in the software in general.

The problem with this is that if the programmer isn't experienced enough, which is usually the reason for buying the scripts, they won't know what to look for in terms of insecurities and backdoors.
legendary
Activity: 1498
Merit: 1000
June 29, 2014, 11:00:28 PM
#16
Buy the script from other and i think they have the details  Wink
Buying the script is kinda lame. I'll feel a lot better about it if I build it completely.
Curious, how much does the script cost?

Make sure their is no backdoors, in the RNG or in the software in general.
sr. member
Activity: 462
Merit: 250
June 29, 2014, 10:28:03 PM
#15
Buy the script from other and i think they have the details  Wink
Buying the script is kinda lame. I'll feel a lot better about it if I build it completely.
Curious, how much does the script cost?
legendary
Activity: 1498
Merit: 1000
June 29, 2014, 09:38:49 PM
#14
I would advise against the account feature, it isn't meant to be a database, like you are using it. I usually just keep a database table that links addresses to users, I think this system is more robust than using the account feature.

Then how do you keep track of which incoming payments are for which user, and make sure not to credit them twice in the event of a blockchain re-org or transaction malleability?

The account system takes care of all that for you. I wouldn't want to have to reinvent the wheel.

I always wait at least 1 confirmation. I always do a double entry balance and withdrawl, then I use listreceivedbyaddress to get the transactions.
Pages:
Jump to: