Pages:
Author

Topic: [Beta] myB.TC short names for Bitcoin (Read 5916 times)

full member
Activity: 154
Merit: 100
June 14, 2011, 07:53:02 PM
#47
This one has less features, but it's quick and free: http://payb.tc
sr. member
Activity: 266
Merit: 250
June 14, 2011, 04:22:47 PM
#46
5 BTC?
You've lost the plot and gone money mad bro.
Nothing under 4 letters is cheap while in Beta. 
Once again, it's a deterrent, during Beta.

As I mentioned earlier, I pre-registered over 10,000 for freebies.
full member
Activity: 126
Merit: 100
June 14, 2011, 03:22:55 PM
#45
5 BTC?

You've lost the plot and gone money mad bro.
sr. member
Activity: 266
Merit: 250
June 14, 2011, 02:45:42 PM
#44
You've got the right domain name, the right idea, the right style. Just keep updating the site and make it worth the 0.1btc Smiley
Thanks for the feedback. 
I see that you are relatively new to the forums (user number 17000 or so). 

What you may have missed is that I gave away short name registrations to all registered forum users whose names conformed to my naming constraints.  I used the list of forum users which was about 11000 users at the time.

I put the .1 BTC obstacle in place purely as a deterrent to keep people from registering a few hundred shortnames each, and it has worked.  Trust me, there's a plan here, including many more features.  Making .1 BTC off of shortnames wouldn't be a very good living - it's just a deterrent.

I'll probably grab the next 10,000 forum users' names one of these days - I've been reluctant to do that, since the forums are so slow lately - they don't need me to slow them down any!



newbie
Activity: 17
Merit: 0
June 14, 2011, 02:23:51 PM
#43
Looks like a pretty cool idea, I immediately signed up

After looking at other peoples myb.tc links I though the pages looked pretty horrible and your service seems to offer no customisation options.

Then when I realised you were looking for 0.10btc to register a shortname I closed the tab

Without more features this service is worthless to me. Features such as customisable myb.tc pages. This could be changing the colour scheme from the horrid default.

And also maybe a pay now button and features to invoice or request money from other myb.tc users.

at the minute it looks like the site took < 1 hour to implement and could be easily recreated by someone else.


You've got the right domain name, the right idea, the right style. Just keep updating the site and make it worth the 0.1btc Smiley

ps. I liked the pun on the front page

Quote
It's simple if you can remember where the "dot" goes.    It's myB.TC
Two digits to the right of the "decimal". It almost makes cents! :-)
sr. member
Activity: 266
Merit: 250
June 14, 2011, 02:01:52 PM
#42
I'm sure you're a trustworthy guy and I can see a bunch of posts from you, but I'm concerned about security (as you are). In a way, what you're doing needs the same security as banking sites. So...

1. Will you be storing passwords in clear or as salted hashes?

2. 2 factor id: Think you can get Last Pass or Yubikey working on your site?

I hope I don't come off as paranoid, but what you're doing *will* catch on, and if someone hacks you (silently) all those fractions of bitcoins from donations will become a pretty bitpenny :p for someone.

I fully intend to sign up as soon as you can convince my fluttering nerves that my (prolly non-existent) donations will safe, and prevent me from swooning.


1. I use django's auth module, which uses salted hash passwords.  See https://docs.djangoproject.com/en/dev/topics/auth/

2. I have a plan for 2-factor id, but wasn't planning on integrating Last Pass or Yubikey (not in the current plan).  I was thinking more along the lines of allowing users to "lock" their page, and the only way to change it is to unlock it, and the only way to unlock it is through additional authentication.  The easiest implementation would be to email the user an "unlock key"  to the email address that I have on file, that's good for an hour.  Not exactly 2-factor authentication - more like double security with 1-factor - requiring the hacker to have to have guessed the password on my system, as well as hacking the user's email system.

There are several weaknesses in the security right now, but #1 above,  isn't one of them.  Basically, you need to trust:

-  me  (I can be lying, above.  I may actually store the passwords in plaintext and post them on a bulletin board in Times Square.  You just don't know.  Also, I can change your wallet ID at any time, regardless of how I store passwords; it's just a SQL database!)
-  the security of my system (if someone hacks my database, or physically hacks the system in person, no matter what measures I have in place for user security, all bets are off)
-  the security measures I put in place (such as my plan on #2)
-  A bunch of stuff between you and me - network / middle men.
-  Basic user security (do you have a good password, for instance.  I have few requirements here).


Right now, there are many potential attack vectors, and no system is perfect.  But if the system gets popular, you can bet I'll be adding additional layers.

Without providing a roadmap for hackers, I can tell you that it's not a perfect system now.  I'll be taking steps that I feel are appropriate based on the popularity of the service.  The ones that come to mind immediately are: 

-  SSL
-  Account Lock-out on too many bad passwords
-  "locking" mechanism mentioned above
-  notification of users when their page changes
-  random verification of pages from an external source (to monitor for unexpected changes)

---

There are a lot of people (including you) who put their Wallet ID in their signature of their posts.  These people are essentially trusting the forum managers, the forum software itself, the server that the software is running on, etc.  It seems a hacker can come in a change all those ID's to their own, and no one would notice.

I'm thinking that I need to manage security so that I stay at least a step ahead of forum signatures.  I am not aiming for "Bank level security" at this point.  I do know something about security, as I have consulted with fortune 500 companies on their system security, and have given numerous presentations and papers on system security, and even acted as an expert witness in a reasonably highly publicized court case regarding matters of security.  One paper that I co-authored is (last time I checked) a foot note in Wikipedia on a Security-related article (on phishing for passwords, of all things!)

So I hope you find this somewhat comforting.
donator
Activity: 2058
Merit: 1007
Poor impulse control.
June 14, 2011, 03:02:58 AM
#41
I'm sure you're a trustworthy guy and I can see a bunch of posts from you, but I'm concerned about security (as you are). In a way, what you're doing needs the same security as banking sites. So...

1. Will you be storing passwords in clear or as salted hashes?

2. 2 factor id: Think you can get Last Pass or Yubikey working on your site?

I hope I don't come off as paranoid, but what you're doing *will* catch on, and if someone hacks you (silently) all those fractions of bitcoins from donations will become a pretty bitpenny :p for someone.

I fully intend to sign up as soon as you can convince my fluttering nerves that my (prolly non-existent) donations will safe, and prevent me from swooning.

newbie
Activity: 34
Merit: 0
June 04, 2011, 11:10:08 PM
#40
I don't mean to hijack the thread, but I built a similar service, but much simpler. No signup needed, just pick a URL and enter your address.

http://forum.bitcoin.org/index.php?topic=11838.0
newbie
Activity: 29
Merit: 0
June 04, 2011, 10:22:40 PM
#39
I claim http://myB.TC/wahbasah (code=66326)
hero member
Activity: 504
Merit: 502
June 04, 2011, 10:06:59 AM
#38
I claim http://myB.TC/clipse (code=47990)
sr. member
Activity: 266
Merit: 250
June 04, 2011, 10:02:01 AM
#37
I saw a post for shortco.in (a great idea), and I just wanted to remind folks that myB.TC has short URLs for you to put your wallet ID in a public place.
sr. member
Activity: 266
Merit: 250
June 03, 2011, 07:52:22 AM
#36

OpenID login worked fine now. I created the username foo, please assign the short name. Smiley

All yours.  Good till at least 2013....  http://myb.tc/foo/

Thanks again!
foo
sr. member
Activity: 409
Merit: 250
June 03, 2011, 07:36:06 AM
#35

Don't reinvent the wheel, just use http://gravatar.com/.

BTW, OpenID login doesn't work, I got "Page not found (404)"...

Gravatar - great idea.
OpenID login 404:  I think I fixed just now.


I really appreciate the bug report.  Let me know if you want the short name "foo", and I'll hook you up with it.  (For now, I've disabled registering 3-letter short names, but it's the least I can do for your bug report and idea.)  Set up an account, and I'll assign you "฿foo" (if you want it)

OpenID login worked fine now. I created the username foo, please assign the short name. Smiley
sr. member
Activity: 266
Merit: 250
June 03, 2011, 06:13:12 AM
#34

Don't reinvent the wheel, just use http://gravatar.com/.

BTW, OpenID login doesn't work, I got "Page not found (404)"...

Gravatar - great idea.
OpenID login 404:  I think I fixed just now.


I really appreciate the bug report.  Let me know if you want the short name "foo", and I'll hook you up with it.  (For now, I've disabled registering 3-letter short names, but it's the least I can do for your bug report and idea.)  Set up an account, and I'll assign you "฿foo" (if you want it)
foo
sr. member
Activity: 409
Merit: 250
June 03, 2011, 05:43:13 AM
#33
what you think about the Photo suggestion from previous post ? i mean u stated that you most fear is that if u get attacked or hacked, this might give you time to react since even if he gets the database and change the addresses, changing the pictures will take him time and you might have a window to detect the intrusion !

I like the photo idea, and am working on it.  I'm torn between several different concepts.  Let me know your opinion:

1.  Let users link to a single external photo or image.  This is easy.  Issues:  how do I size it (or do I?), and do I need to worry about some clown linking to an obscene image?

2.  Let users upload profile images.  This is slightly harder, but pretty easy. 

3.  Let users design a background image and a profile pic, like Twitter's page.  This might be an overkill.



Opinions?
Don't reinvent the wheel, just use http://gravatar.com/.

BTW, OpenID login doesn't work, I got "Page not found (404)"...
jr. member
Activity: 55
Merit: 55
June 03, 2011, 05:34:25 AM
#32

It worked for me. Since this discussion has expanded into two pages long now, it is probably worth trying to key in the "all" link at the bottom left pagination link on this page. So instead of:
http://forum.bitcoin.org/index.php?topic=11303.0
try:
http://forum.bitcoin.org/index.php?topic=11303.0;all

Yeah, you just have to make sure that your "claim" appears on the page that you are submitting to the website.  My website only checks the one webpage that is submitted.

Hey bitboy, thanks for the donation.  Really appreciate it.
By the way you have a minor typo on your personal Bitcoin webpage:      ฿bitboy


"Here's my Bitcoin Address. Thank for visiting."     (You might want "Thank" to be "Thanks" or "Thank you")

Thanks indeed.
sr. member
Activity: 266
Merit: 250
June 03, 2011, 05:22:28 AM
#31

It worked for me. Since this discussion has expanded into two pages long now, it is probably worth trying to key in the "all" link at the bottom left pagination link on this page. So instead of:
http://forum.bitcoin.org/index.php?topic=11303.0
try:
http://forum.bitcoin.org/index.php?topic=11303.0;all

Yeah, you just have to make sure that your "claim" appears on the page that you are submitting to the website.  My website only checks the one webpage that is submitted.

Hey bitboy, thanks for the donation.  Really appreciate it.
By the way you have a minor typo on your personal Bitcoin webpage:      ฿bitboy


"Here's my Bitcoin Address. Thank for visiting."     (You might want "Thank" to be "Thanks" or "Thank you")
sr. member
Activity: 266
Merit: 250
June 03, 2011, 04:44:49 AM
#30
I claim http://myB.TC/Xenland (code=24660)


*UPDATE: Keeps telling me the following
Quote
Claim is NOT verified. Looked for "code=24660" matches=1

I manually assigned it to you, Xenland.

The issue was that your claim needs to be YOUR first message on the webpage.  Technically, I'm doing a regular expression, looking for your name at the beginning of a post, and the verification code, and making sure that there are no other "beginning of posts" in that match.    I'm struggling to figure out a Regular Expression that works exactly right.  Unfortunately it was finding your first post, and then later on the page (but not in the same post), your verification code.  I'm still working to improve that.  Sorry!


The work around is to make sure that you pick a forum topic that you haven't posted on, and claim it there.
jr. member
Activity: 55
Merit: 55
June 03, 2011, 04:18:37 AM
#29
I claim http://myB.TC/Xenland (code=24660)


*UPDATE: Keeps telling me the following
Quote
Claim is NOT verified. Looked for "code=24660" matches=1

It worked for me. Since this discussion has expanded into two pages long now, it is probably worth trying to key in the "all" link at the bottom left pagination link on this page. So instead of:
http://forum.bitcoin.org/index.php?topic=11303.0
try:
http://forum.bitcoin.org/index.php?topic=11303.0;all
jr. member
Activity: 55
Merit: 55
June 03, 2011, 04:03:37 AM
#28
I claim http://myB.TC/bitboy (code=99086)
Pages:
Jump to: