Topic: BitcoinSpinner - page 12. (Read 55489 times)

I would if it was easy. Just wanted to raise voice to what we loose by changing the behavior.

On bitcoinqt I generate a new address for each incoming transaction and label them accordingly, so I have "[from eric for his $x pizza] received yɃ from [eric]". This way I kind of label the transaction. Handling with only few addresses, I would want to label the transactions, too, so the current design is far from perfect for me.

Maybe some "Insufficient funds in the currently selected address. [add random addresses[check to make default]] [add specific addresses [check to make default]]
"Problem" is the sender would think to be sending from his Giszmo address but as Giszmo is at 0Ƀ, Giszmo would not show up at all in the resulting transaction.

It's really tricky You don't have "Balance 2Ƀ (total: 5Ƀ)" but "Balance 2Ƀ (total: 5Ƀ, spendable: 1Ƀ)" with "Balance [current address]Ƀ (total: [all addresses]Ƀ, spendable: [addresses with private key ready]Ƀ)"

Oh, and this will be funny, if users keep their private keys off the device all of the time and for some transactions have to show to the device 5 addresses for the signing process.

Also I want a swipe all functionality to consolidate all keys into one, leaving exactly zero in all the addresses paying minimum fees.


An admin in the play store is the worst case I could think of, and on the long run I guess it's very likely to have all such wallets get wiped out in some incident. The reward is just too huge to not do it. (Ok, so far all huge hacks went without spending their coins but with ZeroCoin they become spendable again and I'm sure some day we will have that.)

please bring forth your suggestions on how to solve this.

regarding the new akp attack: obviously it is neccessary to patch it. BUT
the way i see it currently the following can happen:

user downloads an apk. any MITM could now alter the apk. with "regular" apps this is also not a problem, except if they use other exploits.

it is a problem if the user downloads a "system" apk and installs it. for example an update to HTC sense. if an attacker now manages to modify the apk before it is installed - for example via malware on the server, a router or an intermediary PC - he can execute whatever code he likes with the access privileges of the original app.

i still don't know why play store is unaffected - it is kind of hard to MITM play store downloads and additionally the play store installer might do some more checksum checking.

The icon is the correct Mycelium one (but perhaps you knew that already, seeing there is already a fix out).


Yeah, that would be useful, but it is also extremely hard to get the user interface right. Deleting keys would perhaps change the total in unexpected ways and change addresses could quickly get confusing unless it is really apparent what is happening. (Which in turn may be way too much information for some users.)

That's probably why Bitcoin-Qt is designed the way it is and also why the Schildbach Wallet avoided the same problem in another way. It's tricky to get right.


I believe they are on developer.android.org. It might be a tad much to read, but there is information about which color palette is standard in Holo UI's, which could be a simple way to make it look more consistent with the rest of the phone.


Yeah, sorry, I'm far from a professional here. I am also more proficient with code than user experience so I can't give advice worth anything. I can just say that it feels slightly out of place (especially with the address book available elsewhere). Sorry that I can't be more specific. Perhaps someone else with more experience can pitch in here?
 

This would also need to change for an aggregated view to be understandable, yes. Not an easy problem, it is (to quote the great Yoda).


Yes, yes, it took a minute or two of nervous double checking, and yes it is indeed a pain. But when someone presents you with a hand written address, what else is there to do? (I have also brought a hand written note. Thanks for having the patience, you know who you are.) I think it is best to at least offer the opportunity to type manually, otherwise you are put in an even more complicated situation where you need to utilize the clipboard and another application.

Woops... Guilty. I am not coding, posting is different 

Nooo!!! Please don't! The privacy implications of having control not to mix keys when sending is quite valuable. Sure, getting the change back to the same key is a privacy drawback but please think up something that solves both issues.

http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/
Mycelium user affected? What would the attack scenario be? Some guy at google tampering with mycelium.apk? Some guy at Verizon tampering with the "Standard-Verizon-clock-widget"? shady.com offering mycelium.apk with a "good" signature? Some guy at Rovio updating angrybirds.apk with a hidden permission?

Jan, for a vacation week, you're posting quite a lot

Noticed that I didn't post the complete list of 0.5.4 features:
- Added add-to-address-book button on send summary
- Displaying name of receiver in send summary if the receiving address is in the address book
- Made back-button in Keys & Addresses take you to balance view instead of quitting
- Fixed an issue that made the app appear sluggish in most views (you will notice that one)
- Properly centering of "Show to Sender" text when receiving coins
- Displaying a warning if you request to receive coins to an address which is not associated with a private key
- Keys & Addresses: Smaller address font size, and showing showing partial one-liner address for records with labels

Andreas just published version 0.5.5:
- Fixed issue where app name appears as Barcode Scanner on some devices
- No longer asking user whether to export keys as PNG/JPG when exporting to SD card. Always using JPG

We are warning when exporting a key (not when importing), which I think is the right place...
We are going to add a special "cold storage spending" wizard, which will not store the key on the phone (no more add-key + spend + delete-key). The key will only be in memory while making the transaction.

I see. Will add a scrollbar or find another solution when entering pin in horizontal mode.

Thanks for the feedback

Thanks for the through feedback. Much appreciated. This is vacation week for me. I'll get to work on your suggestions next week.


This is the case on some phones, I haven't seen it myself though. Initially the barcode scanner was external, but for security reasons (and ease of installation) we have embedded the Zxing barcode scanner. For some reason the app claims the name of the barcode scanner instead of Mycelium. Will investigate and fix. Is the app icon on your phone that of the barcode scanner or is it the Mycelium logo?


Right now you are working on one key at a time, and we are changing that. Many users have requested an aggregated view of all keys, and this is also what you see in other wallets. We are still in beta and collecting feedback

Link?

There has been much tweaking and fiddling with swiping to make it visually apparent. Still nobody (except me) like the way it works now. I'll give it another stab.
 

Will fix.


"Set Label" sets the label of the currently selected key or address. Will get refactored once we go to "aggregated key view".


Will add the others


I have been working on adding an "Add" button, which allows you to add an address by scanning or from clipboard. Will make it for next release.
 
By payments I guess you mean the address.
Have you really ever entered an address manually? How long time did it take to do it right? I haven't, and it is bound to be a huge pain, especially on an android device.
Andreas and I have discussed this quite a few times. His thinking is that we should allow for firstbits and address shorteners such as http://payb.tc/
It will probably not be in the next few releases.
Great feedback, keep it coming 

The new client is just awesome! Fast, easy to use, easy to backup! Exactly what is needed to pay for something in the real world (like my drink at the bar yesterday).

To backup I simply scanned a private key from one of these http://bitaddress.org / https://bitcointalksearch.org/topic/ann-bitaddressorg-safe-javascript-bitcoin-addressprivate-key-43496   Everything was done in seconds.

Please start the new thread, I would like to link to it.



Notes:

When scanning a private key it should warn the user that anyone with access to that key can steal the coins on it (e.g. do not give that piece of paper out of hand!), maybe give an option to swipe and throw away the privkey.

The zero was missing from the PIN enter dialog on horizontal screen.

I just tested Mycelium. Here are my immediate thoughts about it:

Most surprising is the application name, "Barcode scanner", which is unexpected to say the least? Did you perhaps fork that project to get started and forgot to change the manifest?

Functionality-wise I think everything is there. It is however a bit unclear what happends when you add more keys. Do transactions affect only one key at a time? If I had half a bitcoin on each of two addresses, could I send one bitcoin in a transaction? This is not explained nor clearly reflected in the UI. Would deleting a key make the corresponding funds inaccessible? How is this reflected in the main screen? Is it even allowed (didn't dare to test this).

On to the user interface: The gradients look a bit out of place in an Android GUI. There are some Holo guidelines which may help here. Swiping is discoverable because of the animated arrows in the main screen but is otherwise quite unexpected.

There are some visual incosistencies. "Keys & Addresses" is monospace for no reason, "Transaction history" centered and larger(!) for no reason, "No Transaction Records" is big and slanted which looks strange. It is probably to make an interface consistent from the start than plan a redesign (for which there is often never a good time).

What does "Set Label" in the main screen menu do, as opposed to setting a label in the Keys & Addresses screen? Why is "Address Book" the only screen which you access via the menu, while the other screens are accesses by swiping?

I couldn't understand how to use the address book at all. It opened empty and there is no obvious way to add an entry.

Payments could not be entered manually, only entered in another program and transferred via the clipboard. I understand it is not the most user friendly way to do payments but sometimes it is necessary. It's not nice to be stuck if you promise to sell someone a bitcoin and they show their address on a small piece of paper.

Thanks for writing the software. I don't think it's completely ready for general use just yet but it's promising. I'd be happy to write more about it after I had a chance to really use it for payments (sadly, those opportunities are far in between where I live).

thanks for bringing this to my attention. this should definitely not happen, and the reason is a name collision between the bundled barcode scanner.

I've been using the Mycelium Wallet now, and I'm loving it. There are a few things that I noticed. First of all, the program seems to label itself as "Barcode Scanner". Secondly, I'd really like the possibility to sign messages with this wallet.

Workaround: export the private key, use another client (like bitcoin-qt) to sign the message. Sucks, but that's the only thing I can think of.

I have a quick question.

Can BitcoinSpinner sign messages using the user's private keys?

If so, how?  And if not, what is the easiest way for a BitcoinSpinner user to prove to me that he sent a particular transaction?

Edit: to answer my own question, it appears that BitcoinSpinner uses the same address for all transactions, so I can simply ask the user to send a particular specific amount to himself to prove he controls the wallet.  I guess that's not great, because I could still be talking to a man-in-the-middle who then makes up a reason to ask the real owner of the wallet to send that same amount to himself.  But it's close.

How to export your private key to paper without using a virus infected computer: http://www.youtube.com/watch?v=W7V2myIwAuE

I see.
For some reason I was certain that you sent it to the address in your clipboard.
I'll add a warning for the other use-case as well. I am going on vacation Friday morning, but will see if I can get it in before that. If Andreas spins a release while I am gone it will appear there.

how to get to the context-menu (delete key, delete address,...) then? long-press? would make sense.
[/quote]

Long press is common but 50% of your users will not find the config button if you make it red and occupy 50% of the space, so long press will reach about 5% of the users without watching the how-to videos on youtube. Seriously, I know what I'm talking about. 20% of customers contacting me request features that exist in fluxcards. They just didn't find the context menu even after I added a menu button right in front of their noses. The screen of my app that you use 90% of the time, has a dedicated menu button and people don't press it. (granted it is not the best design for a button but still I thought people assuming it not to be a button, would hit it accidentally anyways)

your concerns about wallet management are heard. we will find a simple solution for that.

I fully agree.


how to get to the context-menu (delete key, delete address,...) then? long-press? would make sense.