Topic: [BTC-TC] Virtual Community Exchange [CLOSED] - page 117. (Read 316669 times)

Something happened when I increased the keypoolsize on our bitcoind.  A listtransactions no longer displays in chronological order.  I used to "listtransactions [account] 50" and now that brings up transactions weeks old on my account and another account I was looking at.  This has broken the deposit display, and the creation of the deposit entries in the db.  I'm trying to figure out if there's any way to fix it.  Will keep you posted.

Cheers.

The status for incoming deposits is still not working.
I think it is because I have multiple addresses. Used to work fine a few weeks ago when I had only one address.

I have a way to flag users to allow a 2x higher withdrawal limit.  Please PM me your username (and which exchange) if you would like this turned on for your account.

Cheers.

Could you push through my withdrawal on ltcglobal?

Also, is it possible to get the manual limit raised and/or removed?  I do a lot of day trading, and I need better liquidity.

Details regarding the dead mans switch and what to do if anything happens to me are now in the FAQ when logged in.

Bottom line, life will go on without me. 

It does show when changing the settings as well, but changing the settings requires the same PIN.  Both those PIN requirements need to be swapped out for gAuth requirements.  Will try to get that patched today.

Cheers.

So if the Google Authenticator should only show 1 time why does it show again if I change the settings?  Or is that a different key then the original time is showed in case I wanted to reset it to a new one?

Mircea Popescu redirected it to the whitehouse.gov for lols.

Gee, if only there was some kind of bitcoin-like, proof-of-work based DNS that was impervious to these kind of redirect shenanigans.

Oh wait, .bit and namecoin are well known technologies, but too many sheeple ignored them and not it's almost too late.

 

/THEY DIDN'T LISTEN!!!!1

"print the barcode so you can re-scan it again" 

The account page won't re-display it unless you have the PIN, and as I am just now realizing, that PIN dialog should be asking for the gAuth code if gAuth is turned on...  Will put that on the todo.

Cheers.


 

If anyone can just scan the barcode how does this help if your site is hacked?  They could see the QR code and install google auth on their own phone.

Actually, yes, it is protection against any form of man in the middle attack.  Both use a time-based nonce with protection against replay.  (no key can be used twice within it's valid time window... try it, I spent a lot of time on it.)

No, it is not protection if BTC-TC is rooted.  That comes in the form of backups, firewalls, layers of servers (backend/frontend), and hot/cold wallets.

Cheers.

Best bet is to write down the key it displays with your barcode, or print the barcode so you can re-scan it again.

If your phone is stolen, you would re-scan the barcode or enter the key on your new phone, log into the site, and setup a new code.  (just to be on the safe side.)

Actually no, 2-factor authentication is not a protection against someone getting your DNS or getting root or anything like that. It's protection against most forms of keyloggers, and that's about it. Just sayin'

OK I have gone ahead and setup Google Authenticator on my google account, and on your site.  I know that I could print off some one time use codes for my google account in case I ever lose my phone, don't have it on me etc...

Will these same codes work on your site?  What do I do if my phone gets stolen?

This is a good opportunity for a little education I suspect.

If our DNS is compromised, which is entirely possible, we do not operate it:  (The registrar does.)

    - A potential hacker could put up a clone of our login page and collect your logins and passwords.
    - Then the hacker could set his own /etc/hosts file and log into the real site with those logins and passwords.
    - Then the hacker trades all your stuff off for pennies on the dollar and withdraws all the coins and walks away.

The only protection from this is to use 2-Factor authentication.  If you don't already have a Yubikey or a mobile phone with Google Authenticator, NOW is the time to set it up.  Do not put it off.  Do it now.

+1 I love his charts.

Seemed like a topic better fit to this thread.

I am absolutely not the person to be looking at this objectively.  I have a definite skew to my perspective.  Please keep that in mind as you read this, I'm sure it shows somewhat. 

My take though is that we are targeting different "markets".

Our market is virtual crypto organizations that don't mind working with a Belize company and don't mind our terms of service that everything is virtual and we're all playing a great big edu-tainment game.  (notably, this is also the MPEx perspective AFAIK.)  As far as I'm concerned, bitcoin is the same thing as linden dollars, WoW gold, Everquest platinum, etc, all of which freely trade on eBay and craigslist.

Bitfunder I feel is marketing itself like it's a real exchange.  But they're in the USA, and what they're doing is very clearly illegal in that jurisdiction.  (it's black and white.)  Read up the definition of a security in the US.  Profit sharing agreements are securities.  It's illegal to run the exchange in the USA without registering it.  It's illegal to invest in the securities in the USA without registering them.  It's illegal to market the securities to an investor in the USA from outside the USA without following strict rules.  Consult a lawyer.  It's scary what happens if you get this wrong.  Hopefully the recent big announcements that were hinted at involve moving it offshore or something.

In terms of the actual companies on the exchanges.  I'm not going to critique on a ticker by ticker basis.  We both have our jewels and our turds I suspect.  Hopefully on btct.co with the community involvement it's a little easier to determine which is which. 

Cheers.

Just a heads up looks like Mpex was hacked as it's redirecting too.

http://www.whitehouse.gov/

Hope you are secure.