Topic: [ANNOUNCE] Webcoin Alpha Sneak Preview (Read 17949 times)

I'll allow it - I do owe people an update.

Just after the London conference I finally found a job with a Bitcoin-related employer who actually pays my invoices. Ripple. I'm very excited about what we're building here and for the moment I'm focusing all my work and free time on it. Webcoin is and always was open source on Github, so if anyone wants to make it a reality, go for it.

I've also heard rumors that at Ripple we're thinking about adding a Bitcoin client to our Ripple client as a plugin. That opens some awesome possibilities and might be something I'd work on once some of the more basic features are up and running.

Necroposting = not cool.

Bumpage. What is your status? Last twitter update was August.

Euh stefan, on a little offtopic note,

Regarding the bitcoin animation: I mentioned a while ago that it would be nice to have an updated version, one that does not focus that much on the mining part and also mentions mobile apps etc etc.

You then said that it wouldn't be happening soon, and that you had a lot of other stuff to attend to
Are there any plans for the short or longer future to have an updates version of the animation?

Greetz,
Roland.

ok, thanks!

I did three presentations on it actually:

ISSS (long, outdated, mediocre audio quality)
New York (outdated, abysmal audio quality)
Prague Bitcoin conference (decent)

Note that the New York talk is mostly a shortened/tightened version of the ISSS talk. I can really only recommend the third one. I'm learning as I'm going.

Hi Stefan, didnt you do a presentation once on the challenges and obstacles of webcoin/web based bitcoin clients?
Could you post it here?

An easy-to-use, web-based, safe Bitcoin Client is exactly what bitcoin needs.

Yes and no. My idea does need some form of multisig, ideally BIP16, but there are plenty of other issues that I can work on in the meantime and BIP16 will likely be ready before I am.

Are you waiting for BIP16 ?

To counter MitB you need out-of-band transaction verification (as opposed to mere transaction authentication.) This can be through SMS verification or through a hardware device like IBM ZTIC.

SMS verification is what banks use and it's a pretty low hanging fruit. With smartphones you can have a free verification app that doesn't incur the costs of sending an SMS.

The problem is that today there are already smartphone viruses emerging (MitMo). When these infect your computer, they will ask you to connect your phone and infect it as well.

My current suggestion for best practice would be to offer 1. SMS verification, 2. smartphone/2nd computer verification and for large accounts dedicated hardware. (Important: This hardware must show transaction details on its own screen, so a Yubikey for instance is no good.) The most promising attempt I've seen is Clemens Cap's device - also presented in Prague, I really hope they get it right.

All of the above applies first of all to hosted wallets. With Webcoin we're trying to create something where the provider doesn't have access to your money, so you need to use some additional tricks to be able to offer the features outlined above. I talked about how to do this at my talk in Prague.

As for the status of my own efforts... I've tried several times to help make it happen, by working with Trucoin, then with Safebit. The three biggest roadblocks that keep coming up are (1) server-side security, (2) the sheer complexity of a system like this and (3) regulatory issues.

Not really.

http://en.wikipedia.org/wiki/Man_in_the_Browser

http://www.networkworld.com/news/tech/2011/033111-mitb-attacks-enterprise.html

Since these threats are invisible to the user, they will be very dangerous for those using your Webcoin platform.
What security do you implement that will limit damage by javascript, ajax or browser based malware when using Webcoin?

Is this project dead?
No posts for more than 120 days?

The idea is great!

Cu,
 Ecki

Hi Stefan,

Do you have any updates so far regarding the status of the project ?

Thanks!

+2

Excellent work guys. I expect to be playing around with the code all weekend. Very exciting project!


I'm eager to hack away on the node.js code, but hope the C++ client also makes a similar server/client split.

Wow, this is super awesome. I was just drawing up plans to do the same thing with node.js. Very cool. As I understand it this is a type of "host-proof" client/server bitcoin client. Using something like Apphash would be great to verify the client-side code.

@Stefan Thomas

The Bitcoin Deterministic Wallet that described in the video is far better than the one that I described on the forum: https://forum.bitcoin.org/index.php?topic=11665.0

Would you please make a basic spec so we can plan to implement it in other bitcoin clients.

Just watched your interview on the Bitcoin Show at http://www.youtube.com/watch?v=3yoduTFjZW4&#t=1143s

Very impressive. I love how the client is more secure but also very simple to use. This really is the gateway to bringing bitcoin to the average person.

Until the user doesn't need to know about the files behind a client it just isn't going to be accessible to the masses.

Congrats on a great program and I can't wait to see the final version!

It's not accounted for. But it shouldn't affect the block chain download. (Addresses aren't used in the p2p protocol.)

Yes, I had actually implemented them myself before I saw booo's patch (I really should be paying closer attention to the issues on github).  However, I did notice this statement about testnet from the wiki:

    "A different value of ADDRESSVERSION field ensures no testnet BitCoin addresses will work on the production network. (0x6F rather than 0x00)"

I didn't find anywhere in booo's changes where this was accounted for (maybe I missed it).