Author

Topic: [ANN] Hey, BitMe! (#bitme) (Read 9464 times)

420
hero member
Activity: 756
Merit: 500
April 01, 2013, 11:15:08 AM
#86
now there's no aurum withdrawl at all.

give me a $95 USD gox or stamp code for my $98 and i'll be happy

just give it to me
newbie
Activity: 18
Merit: 0
March 29, 2013, 10:35:59 PM
#85
Yea, their goddamned withdrawl limit locked up my bitoins
420
hero member
Activity: 756
Merit: 500
March 29, 2013, 12:55:53 PM
#84
they're holding my $98 hostage
420
hero member
Activity: 756
Merit: 500
March 28, 2013, 07:41:00 PM
#82
can't withdraw vouchX

There was a problem communicating with VouchX system
legendary
Activity: 3038
Merit: 1032
RIP Mommy
420
hero member
Activity: 756
Merit: 500
March 01, 2013, 03:32:10 PM
#80
It's relevant.

"You are unable to deposit the minimum required amount at this time" as well, also 1 day limit period for deposits and withdrawals now, used to be 7. Although 1 is better, I'm not sure it's not just a bug.

uh is that for bitme to deposit into VouchX/aurumxchange?
legendary
Activity: 3038
Merit: 1032
RIP Mommy
March 01, 2013, 03:17:54 PM
#79
It's relevant.

"You are unable to deposit the minimum required amount at this time" as well, also 1 day limit period for deposits and withdrawals now, used to be 7. Although 1 is better, I'm not sure it's not just a bug.
420
hero member
Activity: 756
Merit: 500
March 01, 2013, 02:39:49 PM
#78
VouchX reserves are low, please check back in a day or two

how often does bitme reload?
hero member
Activity: 560
Merit: 500
I am the one who knocks
June 12, 2012, 05:01:13 PM
#77
Is this still open?

I assume not as I had trouble signing up, but if it is:

  • When signing up it is not made clear that you must verify your email before you can login (you just get an invalid user/pass msg)
  • After verifying your email and logging in you get the header navbar, but a 403 body.

legendary
Activity: 2506
Merit: 1010
June 12, 2012, 02:07:47 PM
#76
There's no method to recover password.  At a minimum, there should be a link that explains what a user should do ... e.g., send an e-mail to support or whatever.
legendary
Activity: 1106
Merit: 1016
090930
June 07, 2012, 04:54:11 AM
#75
Hi Sean,

any news on when you expect to be able to send the pending rewards?

Thanks!
legendary
Activity: 1106
Merit: 1016
090930
May 25, 2012, 06:13:42 AM
#74
some more trivial details:

1/ inconsistent spelling:

"order book" at https://test.bitme.com/fees
"orderbook"  at https://test.bitme.com/dashboard


2/ capitalization

at https://test.bitme.com/dashboard

The info in the order creation column, such as "18 Hours Ago", should be all lowercase - currently it's capitalized
the way a title would.

3/ word(s) missing / incomplete sentence:

at https://test.bitme.com/security

Quote
BitMe takes the security of its [missing word(s)] and its customers' data very seriously.
legendary
Activity: 1106
Merit: 1016
090930
May 25, 2012, 03:49:27 AM
#73
Not a serious thing, but if one happens to double-click on "Logout", a "403/Forbidden" error message is shown.
(Doesn't happen for Login, Join, and Demo buttons)
member
Activity: 92
Merit: 10
May 24, 2012, 12:29:37 PM
#72
6) Enter Ask order for less than lowest Bid and it will fail.
   If I wanted to sell 1000 btc and the best Bid was 900@10, next 90@5 and next 20@2 and I enter my order at 1000@2, I was expecting it to be filled as 900@10, 90@5 and 10@2)


Thank you: 1HnBaKFLrbgQ1GreZ6SQ3vYQa4QBzg4KUt  

This was actually a bug with the display of the orderbook, rather than order execution. It was showing quantities for partially-executed orders that had already been executed. This has been fixed, I consider this major and owe you 20 BTC, which I will send out soon.
member
Activity: 92
Merit: 10
May 22, 2012, 09:32:40 AM
#71
I think the Transactions page needs more work Smiley

I personally like to see something like this:

Code:
Date (GMT)          | Trade  | Currency | Exc Rate | Amount | Sub Total | Fee        | Total          |
2012.12.31 21:15:18 | Buy    | BTC/EUR  | 4.00     | 1 000  | 4 000.00  |    0.5000  | 4 000.0500 EUR |
2012.12.31 21:12:18 | Sell   | BTC/USD  | 5.00     |   100  |   500.00  |    0.5000  |   500.0500 USD |
2012.12.31 21:12:18 | Sell   | LTC/BTC  | 1.00     |   100  |   100.00  |    0.0600  |   100.0060 USD |

As you can see, now you can have one endless list of pairs and use only one transaction list. You can split it up to currency pairs, if needed and add total balances

Code:
Date (GMT)          | Trade  | Currency |  Exc Rate |  Amount   | Sub Total   | Fee    | Total EUR   |
2012.12.31 21:15:18 | Buy    | BTC/EUR  |  4.00     |  1 000.00 | -4 000.000  | 0.000  | -4 000.000  |
2012.12.31 21:14:18 | Sell   | BTC/EUR  |  4.00     |  1 000.00 |  4 000.000  | 0.000  |  4 000.000  |
2012.12.31 21:12:18 | Buy    | BTC/EUR  |  3.00     |  1 000.00 | -3 000.000  | 0.500  | -3 000.050  |
2012.12.31 21:12:18 | Dep    |     EUR  |     1     |  3 000.05 |  3 000.050  | 0.000  |  3 000.050  |
=======================================================================================================
Balance (BTC):                                      |  1 000.00 |             | 1.500  |      0.000

Current position market value: 1 000 BTC @ 5.11 = 5 011.00 EUR


10) If client transfers BTC or LTC to his account, ask for average price in (USD or EUR etc) so you can do Gain/Loss calculations from trades.


Yes, gain/loss calculation is something I have on my feature todo list. Thanks for the suggestions, I will revisit this post when it's time to rework the transactions page.

member
Activity: 92
Merit: 10
May 22, 2012, 09:30:11 AM
#70
Parts of the email can be used as password (password: example123 can be used for the account [email protected]), this makes passwords easy to guess if you have the email.

Weak passwords from common password lists are not blocked.

You should add a CAPTCHA after too many failed password attempts, not locking users out for 30 minutes. This is annoying if you have many passwords and are trying to get the right one.

The entire top banner is ugly. At least find a nice font and make a logo with the text tool in MSpaint. And use the regular Bitcoin graphics, your coins have blurry edges.

Thanks for your suggestions, and yes I could use some help with those blurry edges!
member
Activity: 92
Merit: 10
May 22, 2012, 09:29:00 AM
#69
1) Placing a order will not refresh order book ( I had to hit F5) -  (Firefox 12)
2) After login, you display a temp username that can be used  to log in later. There is no way to see this information after I leaves the page.
3)  I can see a pair BTC / USD but it is unclear, what currency I am actually using.
3a) Rate for what? Per "btc" or for the whole trade?
4) Please add "Total" for a trade
5) Please add option to enter "market orders"
6) Enter Ask order for less than lowest Bid and it will fail.
   If I wanted to sell 1000 btc and the best Bid was 900@10, next 90@5 and next 20@2 and I enter my order at 1000@2, I was expecting it to be filled as 900@10, 90@5 and 10@2)

7) please add additional order entry form to the top of the page, above the Orderbook (less scrolling)
Cool make it user configurable, how many bid/ask rows user can see in Orderbook. (imagine, if you had 100+ rows there)  

Thank you: 1HnBaKFLrbgQ1GreZ6SQ3vYQa4QBzg4KUt  

Thanks for all the feedback, most of these issues will be addressed over time. I'm focused mostly just on bugs for the time being.

As far as 6) I will look into this sometime this week when I have time.
member
Activity: 92
Merit: 10
May 22, 2012, 09:25:12 AM
#68
Hey,
Just a idea/suggestion,
in bootstrap (which I think your using), you can make navigation with the tabs, possible without changing the page,


Like now when I click, Deposit, another page opens and then I get the deposit address, but, you could use this js function and make the tabs really good and allow navigation without changing the page or moving the user to another page.

The main benefit of this would be that the whole profile would load up at once, after which navigating around will be smooth and this would lower the server's load / network usage also as everythings done at once.

You could see the demo / code here :
http://twitter.github.com/bootstrap/javascript.html#tabs


Thanks !

and lol, if accepted / considered : 1HR26mWBjiraHEz1qVPQP5g3LiSjcRpZNy

Hey great suggestion, thanks!
member
Activity: 92
Merit: 10
May 22, 2012, 09:23:46 AM
#67
Just a small thing: in the terms of use, it seems there's a word missing in the below sentence:

Quote
We will collect and use of personal information solely with the objective of fulfilling those purposes
specified by us and for other compatible purposes, unless we obtain the consent of the individual
concerned or as required by law.

->

Quote
We will collect and make use of personal information solely with the objective of fulfilling those purposes
specified by us and for other compatible purposes, unless we obtain the consent of the individual
concerned or as required by law.

Yup, this looks like another typo, 5 BTC.
legendary
Activity: 910
Merit: 1000
Quality Printing Services by Federal Reserve Bank
May 20, 2012, 06:30:43 AM
#66
in transactions table last column is called Balance. This is true for deposits (and probably Withdraws) however for category Order I think a better label would be State/Status. And a filter like in excel would be useful.

on deposit display the QR code near the adress

I think the Transactions page needs more work Smiley

I personally like to see something like this:

Code:
Date (GMT)          | Trade  | Currency | Exc Rate | Amount | Sub Total | Fee        | Total          |
2012.12.31 21:15:18 | Buy    | BTC/EUR  | 4.00     | 1 000  | 4 000.00  |    0.5000  | 4 000.0500 EUR |
2012.12.31 21:12:18 | Sell   | BTC/USD  | 5.00     |   100  |   500.00  |    0.5000  |   500.0500 USD |
2012.12.31 21:12:18 | Sell   | LTC/BTC  | 1.00     |   100  |   100.00  |    0.0600  |   100.0060 USD |

As you can see, now you can have one endless list of pairs and use only one transaction list. You can split it up to currency pairs, if needed and add total balances

Code:
Date (GMT)          | Trade  | Currency |  Exc Rate |  Amount   | Sub Total   | Fee    | Total EUR   |
2012.12.31 21:15:18 | Buy    | BTC/EUR  |  4.00     |  1 000.00 | -4 000.000  | 0.000  | -4 000.000  |
2012.12.31 21:14:18 | Sell   | BTC/EUR  |  4.00     |  1 000.00 |  4 000.000  | 0.000  |  4 000.000  |
2012.12.31 21:12:18 | Buy    | BTC/EUR  |  3.00     |  1 000.00 | -3 000.000  | 0.500  | -3 000.050  |
2012.12.31 21:12:18 | Dep    |     EUR  |     1     |  3 000.05 |  3 000.050  | 0.000  |  3 000.050  |
=======================================================================================================
Balance (BTC):                                      |  1 000.00 |             | 1.500  |      0.000

Current position market value: 1 000 BTC @ 5.11 = 5 011.00 EUR


10) If client transfers BTC or LTC to his account, ask for average price in (USD or EUR etc) so you can do Gain/Loss calculations from trades.
full member
Activity: 140
Merit: 100
May 20, 2012, 02:59:34 AM
#65
Parts of the email can be used as password (password: example123 can be used for the account [email protected]), this makes passwords easy to guess if you have the email.

Weak passwords from common password lists are not blocked.

You should add a CAPTCHA after too many failed password attempts, not locking users out for 30 minutes. This is annoying if you have many passwords and are trying to get the right one.

The entire top banner is ugly. At least find a nice font and make a logo with the text tool in MSpaint. And use the regular Bitcoin graphics, your coins have blurry edges.
full member
Activity: 134
Merit: 100
May 19, 2012, 02:13:51 PM
#64
in transactions table last column is called Balance. This is true for deposits (and probably Withdraws) however for category Order I think a better label would be State/Status. And a filter like in excel would be useful.

on deposit display the QR code near the adress
legendary
Activity: 910
Merit: 1000
Quality Printing Services by Federal Reserve Bank
May 19, 2012, 01:40:04 PM
#63
9) after order entry fails, do not close/clean the order entry form, let user fix the numbers and resubmit it (not really a bug but more like usability issue)
legendary
Activity: 910
Merit: 1000
Quality Printing Services by Federal Reserve Bank
May 19, 2012, 01:25:01 PM
#62
1) Placing a order will not refresh order book ( I had to hit F5) -  (Firefox 12)
2) After login, you display a temp username that can be used  to log in later. There is no way to see this information after I leaves the page.
3)  I can see a pair BTC / USD but it is unclear, what currency I am actually using.
3a) Rate for what? Per "btc" or for the whole trade?
4) Please add "Total" for a trade
5) Please add option to enter "market orders"
6) Enter Ask order for less than lowest Bid and it will fail.
   If I wanted to sell 1000 btc and the best Bid was 900@10, next 90@5 and next 20@2 and I enter my order at 1000@2, I was expecting it to be filled as 900@10, 90@5 and 10@2)

7) please add additional order entry form to the top of the page, above the Orderbook (less scrolling)
8) make it user configurable, how many bid/ask rows user can see in Orderbook. (imagine, if you had 100+ rows there)  

Thank you: 1HnBaKFLrbgQ1GreZ6SQ3vYQa4QBzg4KUt  

sr. member
Activity: 467
Merit: 250
May 19, 2012, 12:22:25 PM
#61
Hey,
Just a idea/suggestion,
in bootstrap (which I think your using), you can make navigation with the tabs, possible without changing the page,


Like now when I click, Deposit, another page opens and then I get the deposit address, but, you could use this js function and make the tabs really good and allow navigation without changing the page or moving the user to another page.

The main benefit of this would be that the whole profile would load up at once, after which navigating around will be smooth and this would lower the server's load / network usage also as everythings done at once.

You could see the demo / code here :
http://twitter.github.com/bootstrap/javascript.html#tabs


Thanks !

and lol, if accepted / considered : 1HR26mWBjiraHEz1qVPQP5g3LiSjcRpZNy
legendary
Activity: 1106
Merit: 1016
090930
May 19, 2012, 03:03:46 AM
#60
Just a small thing: in the terms of use, it seems there's a word missing in the below sentence:

Quote
We will collect and use of personal information solely with the objective of fulfilling those purposes
specified by us and for other compatible purposes, unless we obtain the consent of the individual
concerned or as required by law.

->

Quote
We will collect and make use of personal information solely with the objective of fulfilling those purposes
specified by us and for other compatible purposes, unless we obtain the consent of the individual
concerned or as required by law.
legendary
Activity: 1106
Merit: 1016
090930
May 17, 2012, 09:28:34 PM
#59
Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.

Thanks a lot for this one flatly. I noticed a problem with how I was caching the js building, so it was actually being done on every request before! I've gone ahead and fixed this and the site should be noticeably more responsive. I've run out of BTC, but I owe you 20 for this one.

Great! I'm glad I could help, and I like how you really are a man of your word.
member
Activity: 92
Merit: 10
May 17, 2012, 06:30:59 PM
#58
Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.

Thanks a lot for this one flatly. I noticed a problem with how I was caching the js building, so it was actually being done on every request before! I've gone ahead and fixed this and the site should be noticeably more responsive. I've run out of BTC, but I owe you 20 for this one.
legendary
Activity: 1106
Merit: 1016
090930
May 17, 2012, 06:42:20 AM
#57
Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.


Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.

Hey, sorry, I started to reply before but must have gotten distracted. I'll keep this in mind but I'm not going to worry about this too much. What this does is not really that expensive of an operation. It makes me wonder if I happened to have restarted the web server at the same time you were trying to do this. Currently, all my javascript is bundled and built the first time a user visits the site upon restart, so this could appear as a long 10second delay to that lucky user.

Actually, I did think it could be related to some JIT process or you restarting the server, but I was able to rule this out - I tried at different times of the day, and I can still reproduce the effect right now.

Anyway, I can understand that it's not a priority for you at this time, but please don't underestimate this issue,
as any script kiddie could potentially DoS (or DDOS) the site through that way - heck, a script isn't even necessarily needed to do it.
member
Activity: 92
Merit: 10
May 17, 2012, 05:04:44 AM
#56
Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.


Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.

Hey, sorry, I started to reply before but must have gotten distracted. I'll keep this in mind but I'm not going to worry about this too much. What this does is not really that expensive of an operation. It makes me wonder if I happened to have restarted the web server at the same time you were trying to do this. Currently, all my javascript is bundled and built the first time a user visits the site upon restart, so this could appear as a long 10second delay to that lucky user.
legendary
Activity: 1106
Merit: 1016
090930
May 17, 2012, 01:00:25 AM
#55
Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.


Hi Sean, have you had a chance to take a look at this one? I just want to make sure you didn't miss that post due to the high activity in the thread yesterday.
member
Activity: 92
Merit: 10
May 16, 2012, 11:13:13 PM
#54
I'm not going to support older than IE8. I think the amount of IE users in the Bitcoin community is probably significantly lower than the general population.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
May 16, 2012, 08:41:30 PM
#53
I don't think support for

Wasn't it 10% of web browsers are _STILL_ IE6! And think how much IE7 or IE8 there are..

Edit: Fordy, you're right that
Even Microsoft itself hates IE6 and has launched a campaign to get rid of it: http://www.ie6countdown.com/
legendary
Activity: 1511
Merit: 1072
quack
May 16, 2012, 10:04:35 AM
#52
I don't think support for

Wasn't it 10% of web browsers are _STILL_ IE6! And think how much IE7 or IE8 there are..

Edit: Fordy, you're right that
member
Activity: 92
Merit: 10
May 16, 2012, 09:51:44 AM
#51
Trying IE7 now, many cosmetic problems. "Logout"-bar, header, Green/red info boxes bugging weirdly, deposit-page table (and tables overall (except orderbook page) are scaling to window width), footer info at wrong place (like in IE8), transaction-page bugging overall. Also can't, for example, place orders with IE7 (maybe applies to IE8 too) even with javascript turned on. Also can't see USA-flag at all with IE7.

Also, thanks! Smiley

EDIT: Can place orders but no notify or site changes if order placed. But if error occurs, the message will show.

Yeah, looks like IE needs some work, I hadn't tested it at all in IE before.
member
Activity: 92
Merit: 10
May 16, 2012, 09:51:01 AM
#50
When I visit https://test.bitme.com/dashboard/transactions/USD I get a message in Chrome stating that the page is in Vietnamese.. Any idea what might be causing this?

When I click translate, commas get added to certain values. 10840 becomes 10,840

Chrome's autotranslate feature seems to be have some issues, I even just tried to explicitly set the language as english via a "Content-Language" header. Google Chrome still seems to want to offer to translate the page for some reason.

https://groups.google.com/forum/#!msg/google-translate-general/IGYJ6ODH5s4/T2Jx7Dh6JbMJ
legendary
Activity: 1511
Merit: 1072
quack
May 16, 2012, 09:36:27 AM
#49
Trying IE7 now, many cosmetic problems. "Logout"-bar, header, Green/red info boxes bugging weirdly, deposit-page table (and tables overall (except orderbook page) are scaling to window width), footer info at wrong place (like in IE8), transaction-page bugging overall. Also can't, for example, place orders with IE7 (maybe applies to IE8 too) even with javascript turned on. Also can't see USA-flag at all with IE7.

Also, thanks! Smiley

EDIT: Can place orders but no notify or site changes if order placed. But if error occurs, the message will show.
member
Activity: 92
Merit: 10
May 16, 2012, 09:25:00 AM
#48
In IE8,
"© 2012 BitMe, LLC
Terms of Use
#bitme on FreeNode" isn't where it's supposed to be when logged in. Also header looks different.

Confirmed, 5 BTC

"Last Execution BTC / USD 0.5x @ 15" is there supposed to be 0.5x something?

This is the intended display, the 0.5x is the quantity and 15 is the rate. This means there was an execution of 0.5 BTC at a rate of 15 USD, (0.5 BTC was traded for 7.5 USD)

Also, cosmetically site doesn't work in mobile platforms. Tested with Nokia N9, functionality was good except i couldn't deposit USD another try and it worked!

Yup, mobile platforms is on my known issues list
legendary
Activity: 1511
Merit: 1072
quack
May 16, 2012, 09:04:25 AM
#47
In IE8,
"© 2012 BitMe, LLC
Terms of Use
#bitme on FreeNode" isn't where it's supposed to be when logged in. Also header looks different.

"Last Execution BTC / USD 0.5x @ 15" is there supposed to be 0.5x something?

Also, cosmetically site doesn't work in mobile platforms. Tested with Nokia N9, functionality was good except i couldn't deposit USD another try and it worked!
legendary
Activity: 1106
Merit: 1016
090930
May 16, 2012, 09:03:18 AM
#46
Looks like the current site is vulnerable to a DoS attack through the 'withdraw' method:

In the withdraw form, enter a 34-digit address and any amount of BTC (doesn't matter if you
have them or not), and quickly hit 'Enter' 30 times or more, in rapid succession. The whole site
appears to become unresponsive for at least 10 seconds.
.
member
Activity: 92
Merit: 10
May 16, 2012, 08:28:21 AM
#45
I've managed to spam the orderbook by doing tiny increments in rate and have drowned out everything on the USD side of the order book using less than 1 USD in funds. Now nobody can see what's available. I'm sure i could do the same on the BTC side if i had any left and there was anything to drown, making the orderbook useless.

I think to solve it the order book should be put into bins, so it's more a rough idea of the quantity at each rate, by combining all the quantities at the rates say between 15 and 15.01, or you shouldn't allow quite such small increments in rate. Or maybe it should be left as it is. I suppose when there's active trade across the spread it won't be an issue because those micro orders will be picked up as soon as there's a trade. But I think there should be some way to see more of the orderbook if someone does do this and while you still have low activity on there.

I put this on my todo list as an enhancement. I think combining them into different "bins" is a good idea, but I don't want to do that without giving the user the ability to change at what precision it does this.



Not really a bug but the way the order book doesn't update even when you place an order kind of bugs me Smiley

Me too Smiley

5 BTC
member
Activity: 92
Merit: 10
May 16, 2012, 08:25:15 AM
#44
Hi,

a little cosmetic issue:

The password strength meter in the Join page works, but doesn't look quite right on
IE8. (There's no background color)



confirmed, 5 BTC
member
Activity: 90
Merit: 10
May 16, 2012, 07:04:51 AM
#43
I've managed to spam the orderbook by doing tiny increments in rate and have drowned out everything on the USD side of the order book using less than 1 USD in funds. Now nobody can see what's available. I'm sure i could do the same on the BTC side if i had any left and there was anything to drown, making the orderbook useless.

I think to solve it the order book should be put into bins, so it's more a rough idea of the quantity at each rate, by combining all the quantities at the rates say between 15 and 15.01, or you shouldn't allow quite such small increments in rate. Or maybe it should be left as it is. I suppose when there's active trade across the spread it won't be an issue because those micro orders will be picked up as soon as there's a trade. But I think there should be some way to see more of the orderbook if someone does do this and while you still have low activity on there.



Not really a bug but the way the order book doesn't update even when you place an order kind of bugs me Smiley

legendary
Activity: 1106
Merit: 1016
090930
May 16, 2012, 12:36:29 AM
#42
Hi,

a little cosmetic issue:

The password strength meter in the Join page works, but doesn't look quite right on
IE8. (There's no background color)

member
Activity: 92
Merit: 10
May 15, 2012, 06:01:53 PM
#41
Yes, javascript should never add features to the system. JS should be used to cosmetical things or to make some features easier to use. Therefore the javascript-method to disable multiple form sending is bad method. Should be done with confirmation page or something like that.

Also when you're adding an order, it should classify what went wrong if an error occurred in order placement (instead of "An error occurred!").

Turned javascript off after loading dashboard page, then clicked on Orders->New and it threw to Error 404 -page.

Yup, compatibility without javascript is a known issue.
legendary
Activity: 1511
Merit: 1072
quack
May 15, 2012, 05:58:39 PM
#40
Yes, javascript should never add features to the system. JS should be used to cosmetical things or to make some features easier to use. Therefore the javascript-method to disable multiple form sending is bad method. Should be done with confirmation page or something like that.

Also when you're adding an order, it should classify what went wrong if an error occurred in order placement (instead of "An error occurred!").

Turned javascript off after loading dashboard page, then clicked on Orders->New and it threw to Error 404 -page.
member
Activity: 92
Merit: 10
May 15, 2012, 05:57:14 PM
#39
when submitting empty fields, you dont just get the empty field error message, but all other possible error messages, too.

instead of using javascrpt to disable a button i suggest using a token to prevent multiple form submits, also for preventing csrf. google synchronizer token pattern and/or read this:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#General_Recommendation:_Synchronizer_Token_Pattern



Thanks for the suggestion. I'm already using CSRF tokens, but am only generating once per session. As the article points out well, you can generate once per request, but this introduces some usability issues if the user opens multiple tabs for instance. I'm still on the fence about this.
member
Activity: 92
Merit: 10
May 15, 2012, 05:53:27 PM
#38
I tried to withdraw money less than what was deposited and got an error that I did not have enough funds. I cancelled all pending transactions, so the money would not be tied up.
https://imgur.com/1OsY9

If you want to Withdraw BTC you'll have to buy or deposit some first  Grin

That's expected then, since you are on testnet. I Thought it might count the test funds in there. Notice where I was withdrawing to? Cheesy

Huh? You only had USD in your account, not BTC. That's why you aren't able to withdraw any. The purpose of the fake depositing in USD is to test the execution and execution interface.
hero member
Activity: 991
Merit: 1011
May 15, 2012, 05:26:21 PM
#37
when submitting empty fields, you dont just get the empty field error message, but all other possible error messages, too.

instead of using javascrpt to disable a button i suggest using a token to prevent multiple form submits, also for preventing csrf. google synchronizer token pattern and/or read this:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#General_Recommendation:_Synchronizer_Token_Pattern

full member
Activity: 195
Merit: 100
May 15, 2012, 04:57:30 PM
#36
I tried to withdraw money less than what was deposited and got an error that I did not have enough funds. I cancelled all pending transactions, so the money would not be tied up.
https://imgur.com/1OsY9

If you want to Withdraw BTC you'll have to buy or deposit some first  Grin

That's expected then, since you are on testnet. I Thought it might count the test funds in there. Notice where I was withdrawing to? Cheesy
legendary
Activity: 1106
Merit: 1016
090930
May 15, 2012, 04:44:38 PM
#35
Hi Sean, it seems I haven't received that last bounty, could you check please?
Thanks

My bad, sent!

Excellent, thanks!
member
Activity: 92
Merit: 10
May 15, 2012, 04:29:46 PM
#34
Hi Sean, it seems I haven't received that last bounty, could you check please?
Thanks

My bad, sent!
legendary
Activity: 1106
Merit: 1016
090930
May 15, 2012, 04:22:11 PM
#33
if, by mistake, or due to network congestion, one double-clicks (or more) on the deposit button, the deposit is performed twice (or more) - this is perhaps true of withdrawals too.

Perhaps a bit of js magic to prevent double submission? 2 BTC

Yeah, disabling the submit button on onclick or something Smiley

Thanks!

Hi Sean, it seems I haven't received that last bounty, could you check please?
Thanks
member
Activity: 92
Merit: 10
May 15, 2012, 04:01:30 PM
#32
I tried to withdraw money less than what was deposited and got an error that I did not have enough funds. I cancelled all pending transactions, so the money would not be tied up.
https://imgur.com/1OsY9

If you want to Withdraw BTC you'll have to buy or deposit some first  Grin
member
Activity: 92
Merit: 10
May 15, 2012, 03:59:53 PM
#31
I was able to deposit a fraction of a USD.

1.001

Expected behavior, again this is just a testnet feature to deposit arbitrary amounts of USD.
full member
Activity: 195
Merit: 100
May 15, 2012, 03:42:03 PM
#30
I tried to withdraw money less than what was deposited and got an error that I did not have enough funds. I cancelled all pending transactions, so the money would not be tied up.


full member
Activity: 195
Merit: 100
May 15, 2012, 03:10:59 PM
#29
I was able to deposit a fraction of a USD.

1.001
legendary
Activity: 1106
Merit: 1016
090930
May 15, 2012, 02:44:02 PM
#28
if, by mistake, or due to network congestion, one double-clicks (or more) on the deposit button, the deposit is performed twice (or more) - this is perhaps true of withdrawals too.

Perhaps a bit of js magic to prevent double submission? 2 BTC

Yeah, disabling the submit button on onclick or something Smiley

Thanks!
member
Activity: 92
Merit: 10
May 15, 2012, 02:09:49 PM
#27
Why can't we deposit cents?

Deposit 0.25 USD:
Quote
Amount must be at minimum 1.0

This is a testnet-only feature. It's just an arbitrary minimum amount.
member
Activity: 92
Merit: 10
May 15, 2012, 02:08:41 PM
#26
if, by mistake, or due to network congestion, one double-clicks (or more) on the deposit button, the deposit is performed twice (or more) - this is perhaps true of withdrawals too.

Perhaps a bit of js magic to prevent double submission? 2 BTC
hero member
Activity: 658
Merit: 502
Doesn't use these forums that often.
May 15, 2012, 12:18:20 PM
#25
Why can't we deposit cents?

Deposit 0.25 USD:
Quote
Amount must be at minimum 1.0
legendary
Activity: 1106
Merit: 1016
090930
May 15, 2012, 11:56:43 AM
#24
if, by mistake, or due to network congestion, one double-clicks (or more) on the deposit button, the deposit is performed twice (or more) - this is perhaps true of withdrawals too.
hero member
Activity: 658
Merit: 502
Doesn't use these forums that often.
May 15, 2012, 11:10:18 AM
#23
Ok what about the notice with USD saying:
The maximum amount is 500.0
Shouldnt that be:
The maximum amount is 500.00USD?
One decimal place seems wierd :\

boy, this is some real low-hanging fruit here - especially since this is a feature only specific to testnet. Ill send you 2 BTC for this.

Wow, thanks a lot!!
Smiley
legendary
Activity: 1106
Merit: 1016
090930
May 15, 2012, 10:12:50 AM
#22
1/ layout/cosmetic:
The 'Place Order' blue button is overlapping on the next column (in Google Chrome, Win XP)

This is really just poor design  Roll Eyes, someone already pointed this out to me, I'll put it under "known issues"

2/ authentication
Login (either as Demo user or regular user) just fails for me in IE8.   'There was a problem logging you in, please try again'

Confirmed, I'm classifying this as minor, 10BTC

Received already! Thanks.
member
Activity: 92
Merit: 10
May 15, 2012, 09:56:35 AM
#21
1/ layout/cosmetic:
The 'Place Order' blue button is overlapping on the next column (in Google Chrome, Win XP)

This is really just poor design  Roll Eyes, someone already pointed this out to me, I'll put it under "known issues"

2/ authentication
Login (either as Demo user or regular user) just fails for me in IE8.   'There was a problem logging you in, please try again'

Confirmed, I'm classifying this as minor, 10BTC
member
Activity: 92
Merit: 10
May 15, 2012, 09:43:35 AM
#20
I tested using javascript turned off (No'Script addon in Firefox)

Demo button worked so far (great!) BUT clicking on the "new" order button on the dashboard of the test user (leads to https://test.bitme.com/buy) I just get a 404.

Clicking on the "X" buttons in the Dashboard has no effect with Javascript turned off.

Don't worry, I greatly respect users of NoScript, plan to make the site fully functional without javascript soon!

Maybe more cosmetical/not implemented: The US flag in the lower right corner has no tooltip or any apparent function. Could indicate english language or the USD market...?!

Hmmm... I meant to put it in there just to mean that BitMe, LLC is a US-based and registered company. Good suggestion with the tooltip.

Open a session (Demo), middle click on a link (e.g. withdraw) to open it in a new tab, click logout there in the new tab, close the tab, click logout in the original tab (demo dashboard) --> you get a 403 forbidden page. Whats worse, you get no immediate chance to do anything there, if you don't guess/know that the header "[testnet]bitme" is a link to the main page.

This is expected behavior since once you kill your session you can't logout again, but point taken, this could be more user-friendly!

There is no check if the payout address is even a valid address, I could enter "1234567890123456789012345678901234" as address in the withdraw section. It only seems to expect a string of 34 characters. Also the limit seems to be at least 0.01 BTC which is mentioned only AFTER entering any amount there.

Yes, this page could use some directions as far as the minimum withdraw amount. Also, the address validation is oversimplified here. This will be improved at somepoint, but this is not really a problem because the address will eventually be validated for real and will not be sent if bitcoind finds it to be invalid. This can easily be resolved by an admin without any loss of the BTC withdraw amount.

Address for bounty (if accepted as bug): 1u774EAK5PSEhvMzKLURBFtjhJqQUpb6r

Thanks for all of the feedback! Most of this is expected behavior and I would call these "enhancements" rather than bugs. But I will send you 7 BTC!
legendary
Activity: 2618
Merit: 1007
May 15, 2012, 08:43:41 AM
#19
I tested using javascript turned off (No'Script addon in Firefox)

Demo button worked so far (great!) BUT clicking on the "new" order button on the dashboard of the test user (leads to https://test.bitme.com/buy) I just get a 404.

Clicking on the "X" buttons in the Dashboard has no effect with Javascript turned off.

Maybe more cosmetical/not implemented: The US flag in the lower right corner has no tooltip or any apparent function. Could indicate english language or the USD market...?!

Open a session (Demo), middle click on a link (e.g. withdraw) to open it in a new tab, click logout there in the new tab, close the tab, click logout in the original tab (demo dashboard) --> you get a 403 forbidden page. Whats worse, you get no immediate chance to do anything there, if you don't guess/know that the header "[testnet]bitme" is a link to the main page.

There is no check if the payout address is even a valid address, I could enter "1234567890123456789012345678901234" as address in the withdraw section. It only seems to expect a string of 34 characters. Also the limit seems to be at least 0.01 BTC which is mentioned only AFTER entering any amount there.

Address for bounty (if accepted as bug): 1u774EAK5PSEhvMzKLURBFtjhJqQUpb6r
legendary
Activity: 1106
Merit: 1016
090930
May 15, 2012, 08:10:39 AM
#18
in the Join page (https://test.bitme.com/join), the "confirm password" field allows clipboard pasting,
which kinda defeats its purpose... The vast majority of financial sites I have dealt with do not allow that.

I generally prefer to stay away from these type of annoying techniques which purposely break default functionality. This could quite easily interfere with something like a password manager.

Sure, I understand!

Here's a few other things by the way: 

1/ layout/cosmetic:
The 'Place Order' blue button is overlapping on the next column (in Google Chrome, Win XP)

2/ authentication
Login (either as Demo user or regular user) just fails for me in IE8.   'There was a problem logging you in, please try again'

member
Activity: 92
Merit: 10
May 15, 2012, 07:07:25 AM
#17
in the Join page (https://test.bitme.com/join), the "confirm password" field allows clipboard pasting,
which kinda defeats its purpose... The vast majority of financial sites I have dealt with do not allow that.

I generally prefer to stay away from these type of annoying techniques which purposely break default functionality. This could quite easily interfere with something like a password manager.
legendary
Activity: 1106
Merit: 1016
090930
May 15, 2012, 06:16:28 AM
#16
Privacy/security issue:

even after logging out, back button of browser still shows you previous HTTPS page.

Thanks for pointing this out. This was already on my todo list, but I'll give you the 20BTC anyway.

Thanks, this is really generous!

I have found another thing, but I don't know if you'll consider that a real issue or not:

in the Join page (https://test.bitme.com/join), the "confirm password" field allows clipboard pasting,
which kinda defeats its purpose... The vast majority of financial sites I have dealt with do not allow that.
member
Activity: 92
Merit: 10
May 15, 2012, 06:02:23 AM
#15
Privacy/security issue:

even after logging out, back button of browser still shows you previous HTTPS page.

Thanks for pointing this out. This was already on my todo list, but I'll give you the 20BTC anyway.
member
Activity: 92
Merit: 10
May 15, 2012, 05:52:41 AM
#14
Attack surface is pretty low. I can't find anything obvious through fudging with form parameters but I'll keep looking when I have time.

Couple of trivial/minor things:

You can click new multiple times and it makes many rows of the new order form. I thought this was so you could create multiple orders at the same time which I thought was a good feature - However, you can only select one of the radio buttons across the whole set so this looks like a bug. (pic: http://i50.tinypic.com/34so4du.png)
IMO, If you do make this feature there should be a button at the bottom so you can place all the orders at the same time rather than having to click the place order button on each individual row.

Very trivial thing, don't know if it's an actual issue or a conscious decision:
on Signup, the terms and condition link changes the page rather than opens in a popup so I lost the password I had entered when I hit back.
Normally I middle click those links to open them in a new tab but sometimes they are javascript links(to open the t&c in a pop-up) which means that doesn't work. If you do decide to make it a javascript pop-up, leave the link as it is, and use the onclick to open the popup and return false so it doesn't actually change the page. That makes middle click work to open the link as normal, and left click calls the onclick handler to open the popup and cancels the normal link action.

Bitcoin address, if accepted: 1GgQn4VGwv75x2bNweua4Ko34tGvZXjkNj

thanks, just sent 15 BTC
legendary
Activity: 1106
Merit: 1016
090930
May 15, 2012, 04:48:59 AM
#13
Privacy/security issue:

even after logging out, back button of browser still shows you previous HTTPS page.
member
Activity: 90
Merit: 10
May 15, 2012, 04:21:28 AM
#12
Attack surface is pretty low. I can't find anything obvious through fudging with form parameters but I'll keep looking when I have time.

Couple of trivial/minor things:

You can click new multiple times and it makes many rows of the new order form. I thought this was so you could create multiple orders at the same time which I thought was a good feature - However, you can only select one of the radio buttons across the whole set so this looks like a bug. (pic: http://i50.tinypic.com/34so4du.png)
IMO, If you do make this feature there should be a button at the bottom so you can place all the orders at the same time rather than having to click the place order button on each individual row.

Very trivial thing, don't know if it's an actual issue or a conscious decision:
on Signup, the terms and condition link changes the page rather than opens in a popup so I lost the password I had entered when I hit back.
Normally I middle click those links to open them in a new tab but sometimes they are javascript links(to open the t&c in a pop-up) which means that doesn't work. If you do decide to make it a javascript pop-up, leave the link as it is, and use the onclick to open the popup and return false so it doesn't actually change the page. That makes middle click work to open the link as normal, and left click calls the onclick handler to open the popup and cancels the normal link action.

Bitcoin address, if accepted: 1GgQn4VGwv75x2bNweua4Ko34tGvZXjkNj
member
Activity: 92
Merit: 10
May 15, 2012, 01:24:34 AM
#11
Ok what about the notice with USD saying:
The maximum amount is 500.0
Shouldnt that be:
The maximum amount is 500.00USD?
One decimal place seems wierd :\

boy, this is some real low-hanging fruit here - especially since this is a feature only specific to testnet. Ill send you 2 BTC for this.
hero member
Activity: 658
Merit: 502
Doesn't use these forums that often.
May 14, 2012, 03:54:21 PM
#10
Ok what about the notice with USD saying:
The maximum amount is 500.0
Shouldnt that be:
The maximum amount is 500.00USD?
One decimal place seems wierd :\
member
Activity: 92
Merit: 10
May 14, 2012, 03:49:45 PM
#9
Graphics get kinda screwy on an iPhone in portrait mode... with the BitMe logo getting cut off!
Also, the tables in Deposits and suchlike are not aligned right...

Here is a pic: http://db.tt/ixnDKx5T

If this earned me some BTC... Wink
BTC address in the sig Wink

Sorry, I've already mentioned in the original post that mobile rendering is a known issue and is not currently of concern.

I've updated the original post to make this more clear (added to the top)
hero member
Activity: 658
Merit: 502
Doesn't use these forums that often.
May 14, 2012, 02:57:42 PM
#8
Graphics get kinda screwy on an iPhone in portrait mode... with the BitMe logo getting cut off!
Also, the tables in Deposits and suchlike are not aligned right...

Here is a pic: http://db.tt/ixnDKx5T

If this earned me some BTC... Wink
BTC address in the sig Wink
member
Activity: 92
Merit: 10
May 14, 2012, 02:30:12 AM
#7
The testnet version of the site is now available for testing: https://test.bitme.com
legendary
Activity: 1386
Merit: 1004
May 12, 2012, 04:18:07 PM
#6
What about fees, payment methods, etc?

As far as withdraws, Dwolla will be the preferred method.


+1

Just don't allow DEPOSITS via Dwolla.  Or you will be doomed.
member
Activity: 92
Merit: 10
May 12, 2012, 05:50:18 AM
#5
What about fees, payment methods, etc?

Most of this is yet to be determined. For the initial testnet launch all trades will be subject to a 0.50% commission on the receiving currency upon execution. This will be changed for the realnet launch to reward liquidity providers.

As far as withdraws, Dwolla will be the preferred method.

For deposits, I am currently looking into various options including MoneyPak and bank wire.
hero member
Activity: 812
Merit: 1006
May 12, 2012, 05:43:13 AM
#4

Well let me address security first. While I make no guarantees about the security or safety of the software, I have completely decoupled bitcoind from the exchange itself.

  • The actual bitcoins and bitcoind will not be hosted in the cloud at all
  • I have made a custom daemon that acts as an intermediary between the exchange itself and bitcoind. It works as a queue processing deposits and withdraws. This allows me to add some safety triggers and it can be shutdown alltogether on certain measures like when an alert is sent out (seen by getinfo.errors). Or large transactions are seen.
Also, I think my exchange will be easier and simpler for people to use.

No offence, but I don't see people flocking to your exchange because of "superior security". Even if the setup sounds nifty, it is closed source and we have to trust you.

What about fees, payment methods, etc?
member
Activity: 92
Merit: 10
May 12, 2012, 04:43:24 AM
#3
That's a competitive market you're entering. Why would anyone use your exchange over the competition ?

Well let me address security first. While I make no guarantees about the security or safety of the software, I have completely decoupled bitcoind from the exchange itself.

  • The actual bitcoins and bitcoind will not be hosted in the cloud at all
  • I have made a custom daemon that acts as an intermediary between the exchange itself and bitcoind. It works as a queue processing deposits and withdraws. This allows me to add some safety triggers and it can be shutdown alltogether on certain measures like when an alert is sent out (seen by getinfo.errors). Or large transactions are seen.
Also, I think my exchange will be easier and simpler for people to use.
sr. member
Activity: 262
Merit: 250
May 12, 2012, 04:27:55 AM
#2
That's a competitive market you're entering. Why would anyone use your exchange over the competition ?
member
Activity: 92
Merit: 10
May 12, 2012, 02:58:12 AM
#1
Any recommendations/bug reports are still appreciated, but you will not receive any monetary reward for them

UPDATE - 2012/07/08 - liquidity providers now receive 0.55% rebate, liquidity takers pay 0.60% fee

UPDATE - 2012/05/25 - liquidity providers now receive 0.10% rebate, liquidity takers pay 0.60% fee

UPDATE
The testnet version of the site is now available for testing: https://test.bitme.com

BTC for Bugs
For the next couple weeks I will be rewarding people for trying out the testnet version of the site and to find bugs.
I will give 5 BTC for trivial, 10 BTC for minor, 20+ BTC for major bugs to the first to discover and/or describe it best for reproducibility.

Bugs Found - 127 BTC paid out
  • trivial - poor alignment in bid/ask radio selection in Chrome - thanks splatster
  • trivial - "commodity" typo in terms of use - thanks splatster
  • trivial - unnecessary margin on order cancel button (actually is on the form element) - thanks splatster
  • minor - buggy behavior when clicking "New" multiple times for an order - thanks bencoder
  • trivial - clicking "Terms of Use" link on join page causes user to lose entered data - thanks bencoder
  • major - even after logging out, back button of browser still shows you previous HTTPS page. - thanks flatfly
  • trivial - lots of feedback on important details, user experience - thanks Sukrim
  • minor - login may fail with general error message under some conditions - thanks flatfly
  • trivial - prevent form double submission - thanks flatfly
  • trivial - no background on password strength bar in IE - thanks flatfly
  • trivial - orderbook spamming, bid/ask precision grouping - thanks bencoder
  • trivial - layout issues in IE (specifically in IE8) - thanks raitoninglass
  • major - easily exploitable DoS atttack vector due to JS minification/building - thanks flatfly - 20 BTC owed
  • trivial - typo in terms of use, should be "...make use of personal information..." - thanks flatfly
  • major - partially-executed orders are not reflected properly in orderbook - thanks EskimoBob - 20 BTC owed

Known issues
  • Overlapping elements on mobile/small screens
  • some functionality broken without javascript enabled
  • The 'Place Order' blue button is overlapping on the next column
  • Not supporting older than IE8
  • Placing an order broken in IE
  • Favicon 404s on testnet
  • CSRF token doesn't update on order failure

==================================



tldr;
* I made an exchange called BitMe, it will launch on testnet only either this Sunday night or Monday
* I will be rewarding people to try it out and to find bugs

I will update this original post once the testnet is live.

In the works for approximately 8 months or so, through at least 2 different iterations, I am finally ready to launch the testnet version of my new exchange, BitMe. BitMe aims to be a secure and simple alternative platform that takes a forex-style approach to trading, using a base currency and counter currency, although a trading commission is taken from the receiving currency upon order execution.

For the purposes of the testnet launch a 0.50% fee will be charged for all order executions. Although this will change once launched to the realnet to reward liquidity providers.

For the next couple weeks I will be rewarding people for trying out the testnet version of the site and to find bugs.
I will give 5 BTC for trivial, 10 BTC for minor, 20+ BTC for major bugs to the first to discover and/or describe it best for reproducibility.
At my own discretion I will decide the category the bug falls into.

Known issues that I'm not interested in:
* Overlapping elements on mobile/small screens

Initially only BTC/USD will be available for buying and selling. Sorry, I don't have any plans to add any others anytime soon.

I welcome anyone who is interested to idle on #bitme on FreeNode.

~Sean Lavine (freewil)

Jump to: