Pages:
Author

Topic: [ANNOUNCE] Webcoin Alpha Sneak Preview (Read 17958 times)

full member
Activity: 234
Merit: 100
AKA: Justmoon
December 10, 2012, 01:27:51 PM
#60
Necroposting = not cool.

I'll allow it - I do owe people an update. Wink

Just after the London conference I finally found a job with a Bitcoin-related employer who actually pays my invoices. Ripple. I'm very excited about what we're building here and for the moment I'm focusing all my work and free time on it. Webcoin is and always was open source on Github, so if anyone wants to make it a reality, go for it.

I've also heard rumors that at Ripple we're thinking about adding a Bitcoin client to our Ripple client as a plugin. Cheesy That opens some awesome possibilities and might be something I'd work on once some of the more basic features are up and running.
legendary
Activity: 1372
Merit: 1008
1davout
December 10, 2012, 10:26:41 AM
#59
Bumpage. What is your status? Last twitter update was August.
Necroposting = not cool.
DTD
newbie
Activity: 12
Merit: 0
December 10, 2012, 10:23:13 AM
#58
Bumpage. What is your status? Last twitter update was August.
sr. member
Activity: 300
Merit: 250
March 15, 2012, 07:49:09 AM
#57
Euh stefan, on a little offtopic note,

Regarding the bitcoin animation: I mentioned a while ago that it would be nice to have an updated version, one that does not focus that much on the mining part and also mentions mobile apps etc etc.

You then said that it wouldn't be happening soon, and that you had a lot of other stuff to attend to Smiley
Are there any plans for the short or longer future to have an updates version of the animation?

Greetz,
Roland.

sr. member
Activity: 300
Merit: 250
March 15, 2012, 07:33:42 AM
#56
ok, thanks!
full member
Activity: 234
Merit: 100
AKA: Justmoon
March 15, 2012, 05:00:19 AM
#55
Hi Stefan, didnt you do a presentation once on the challenges and obstacles of webcoin/web based bitcoin clients?
Could you post it here?

I did three presentations on it actually:

ISSS (long, outdated, mediocre audio quality)
New York (outdated, abysmal audio quality)
Prague Bitcoin conference (decent)

Note that the New York talk is mostly a shortened/tightened version of the ISSS talk. I can really only recommend the third one. I'm learning as I'm going. Cheesy
sr. member
Activity: 300
Merit: 250
March 15, 2012, 03:00:47 AM
#54
Hi Stefan, didnt you do a presentation once on the challenges and obstacles of webcoin/web based bitcoin clients?
Could you post it here?
hero member
Activity: 714
Merit: 500
March 14, 2012, 01:46:15 AM
#53
Are you waiting for BIP16 ?

Yes and no. My idea does need some form of multisig, ideally BIP16, but there are plenty of other issues that I can work on in the meantime and BIP16 will likely be ready before I am.

An easy-to-use, web-based, safe Bitcoin Client is exactly what bitcoin needs.
full member
Activity: 234
Merit: 100
AKA: Justmoon
March 14, 2012, 12:15:18 AM
#52
Are you waiting for BIP16 ?

Yes and no. My idea does need some form of multisig, ideally BIP16, but there are plenty of other issues that I can work on in the meantime and BIP16 will likely be ready before I am.
hero member
Activity: 714
Merit: 500
March 13, 2012, 01:26:42 AM
#51
Are you waiting for BIP16 ?
full member
Activity: 234
Merit: 100
AKA: Justmoon
March 11, 2012, 06:48:03 AM
#50
Since these threats are invisible to the user, they will be very dangerous for those using your Webcoin platform.
What security do you implement that will limit damage by javascript, ajax or browser based malware when using Webcoin?

To counter MitB you need out-of-band transaction verification (as opposed to mere transaction authentication.) This can be through SMS verification or through a hardware device like IBM ZTIC.

SMS verification is what banks use and it's a pretty low hanging fruit. With smartphones you can have a free verification app that doesn't incur the costs of sending an SMS.

The problem is that today there are already smartphone viruses emerging (MitMo). When these infect your computer, they will ask you to connect your phone and infect it as well.

My current suggestion for best practice would be to offer 1. SMS verification, 2. smartphone/2nd computer verification and for large accounts dedicated hardware. (Important: This hardware must show transaction details on its own screen, so a Yubikey for instance is no good.) The most promising attempt I've seen is Clemens Cap's device - also presented in Prague, I really hope they get it right.

All of the above applies first of all to hosted wallets. With Webcoin we're trying to create something where the provider doesn't have access to your money, so you need to use some additional tricks to be able to offer the features outlined above. I talked about how to do this at my talk in Prague.

As for the status of my own efforts... I've tried several times to help make it happen, by working with Trucoin, then with Safebit. The three biggest roadblocks that keep coming up are (1) server-side security, (2) the sheer complexity of a system like this and (3) regulatory issues.
full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
March 09, 2012, 06:55:28 PM
#49

The idea is great!

Cu,
 Ecki
Not really.

Quote
Man-in-the-browser (MITB, MitB), a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse[1] that infects a web browser and has the ability to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or Two or Three Factor Authentication solutions are in place.

A MitB Trojan works by utilising common facilities provided to enhance browser capabilities such as Browser Helper Objects (a feature limited to Internet Explorer), Browser extensions and User scripts (for example in JavaScript) etc.
http://en.wikipedia.org/wiki/Man_in_the_Browser

Quote
An MitB attack starts with malicious software (usually a Trojan like Zeus or SpyEye) lurking on a seemingly innocuous website. When visitors arrive the malware takes control of their Web browser and modifies pages, content or transaction data presented to the user.

All of this is done without the user's knowledge in a completely covert fashion. Depending on what the browser is being used for, MitB enables attackers to silently steal anything from login credentials to account numbers or financial information. With browser sessions often containing the logon details for email systems, VPNs and cloud services -- such as cloud CRM -- it's critical to lock down these sessions without impacting performance. Making the situation worse is the explosion of mobile devices and the multitude of people who can access enterprise resources remotely.
http://www.networkworld.com/news/tech/2011/033111-mitb-attacks-enterprise.html

Since these threats are invisible to the user, they will be very dangerous for those using your Webcoin platform.
What security do you implement that will limit damage by javascript, ajax or browser based malware when using Webcoin?
legendary
Activity: 1878
Merit: 1038
Telegram: https://t.me/eckmar
March 07, 2012, 07:40:43 PM
#48
Hi Stefan,

Do you have any updates so far regarding the status of the project ?

Thanks!

Is this project dead? Sad
No posts for more than 120 days?

The idea is great!

Cu,
 Ecki
sr. member
Activity: 300
Merit: 250
August 22, 2011, 02:22:49 AM
#47
Hi Stefan,

Do you have any updates so far regarding the status of the project ?

Thanks!
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
July 11, 2011, 08:52:16 PM
#46
+2

Excellent work guys. I expect to be playing around with the code all weekend. Very exciting project!

The C++ code is the backbone of Bitcoin and will remain so for years to come. I think clients in other languages will fill certain niches as well as providing a testbed for new features.

I'm eager to hack away on the node.js code, but hope the C++ client also makes a similar server/client split.
newbie
Activity: 56
Merit: 0
July 09, 2011, 01:15:40 PM
#45
Wow, this is super awesome. I was just drawing up plans to do the same thing with node.js. Very cool. As I understand it this is a type of "host-proof" client/server bitcoin client. Using something like Apphash would be great to verify the client-side code.
legendary
Activity: 1222
Merit: 1016
Live and Let Live
June 28, 2011, 10:47:46 AM
#44
@Stefan Thomas

The Bitcoin Deterministic Wallet that described in the video is far better than the one that I described on the forum: https://forum.bitcoin.org/index.php?topic=11665.0

Would you please make a basic spec so we can plan to implement it in other bitcoin clients. Smiley
member
Activity: 75
Merit: 10
June 28, 2011, 08:06:10 AM
#43
Just watched your interview on the Bitcoin Show at http://www.youtube.com/watch?v=3yoduTFjZW4&#t=1143s

Very impressive. I love how the client is more secure but also very simple to use. This really is the gateway to bringing bitcoin to the average person.

Until the user doesn't need to know about the files behind a client it just isn't going to be accessible to the masses.

Congrats on a great program and I can't wait to see the final version!
full member
Activity: 234
Merit: 100
AKA: Justmoon
When you're trying testnet, are you doing so with booo's patch or with vanilla node-bitcoin-p2p? The current master does not contain the necessary changes to the genesis block at all. Booo's patch does contain them but that's still where I'd be looking for problems. booo's error log looks like the blocks he's downloading don't connect with the chain.
 anyone else has any good tools the know of that I should be using.

Yes, I had actually implemented them myself before I saw booo's patch (I really should be paying closer attention to the issues on github).  However, I did notice this statement about testnet from the wiki:

    "A different value of ADDRESSVERSION field ensures no testnet BitCoin addresses will work on the production network. (0x6F rather than 0x00)"

I didn't find anywhere in booo's changes where this was accounted for (maybe I missed it).

It's not accounted for. But it shouldn't affect the block chain download. (Addresses aren't used in the p2p protocol.)
hero member
Activity: 868
Merit: 1008
When you're trying testnet, are you doing so with booo's patch or with vanilla node-bitcoin-p2p? The current master does not contain the necessary changes to the genesis block at all. Booo's patch does contain them but that's still where I'd be looking for problems. booo's error log looks like the blocks he's downloading don't connect with the chain.
 anyone else has any good tools the know of that I should be using.

Yes, I had actually implemented them myself before I saw booo's patch (I really should be paying closer attention to the issues on github).  However, I did notice this statement about testnet from the wiki:

    "A different value of ADDRESSVERSION field ensures no testnet BitCoin addresses will work on the production network. (0x6F rather than 0x00)"

I didn't find anywhere in booo's changes where this was accounted for (maybe I missed it).
Pages:
Jump to: