Author

Topic: Lendmecoin.com Released!! Now in Beta testing! (Read 1807 times)

legendary
Activity: 1498
Merit: 1000
THIS IS WHY I WILL NOT BE REGISTERING ON YOUR SITE, I HOPE YOU CAN EXPLAIN WHY IT IS NOT IN A PASSWORD FIELD, AND ARE STORING THESE PASSWORDS IN PLAIN TEXT!!!!!! ALSO WATCHING YOUR VIDEO YOUR VERIFICATION SYSTEM IS JUST A FACEBOOK FORM COME ONNNNNNNNNN back to the drawing board.
are you high? how does setting a textbox to a "password box" indicate whether the passwords are hashed or not?

It doesn't  but if your careless with little things like that then how careless are you with the backend? And as that predicted he uses sha1 no salt it is careless.
legendary
Activity: 2058
Merit: 1452
THIS IS WHY I WILL NOT BE REGISTERING ON YOUR SITE, I HOPE YOU CAN EXPLAIN WHY IT IS NOT IN A PASSWORD FIELD, AND ARE STORING THESE PASSWORDS IN PLAIN TEXT!!!!!! ALSO WATCHING YOUR VIDEO YOUR VERIFICATION SYSTEM IS JUST A FACEBOOK FORM COME ONNNNNNNNNN back to the drawing board.
are you high? how does setting a textbox to a "password box" indicate whether the passwords are hashed or not?
legendary
Activity: 2058
Merit: 1452
broke it!
full member
Activity: 148
Merit: 100
Great idea, I like the plain-ness of the site but this is TOO plain, fonts seems a little too big also. Try to get the URL working and I hope it'll get popular. Seems like a great way to loan coins and build rep.

I am hiring a programmer to rebuild the website from scratch.  The next release should be more impressive.
full member
Activity: 736
Merit: 100
Adoption Blockchain e-Commerce to World
Great idea, I like the plain-ness of the site but this is TOO plain, fonts seems a little too big also. Try to get the URL working and I hope it'll get popular. Seems like a great way to loan coins and build rep.
full member
Activity: 148
Merit: 100
Hi thanks for making a site.

1. I suggest displaying interest as weekly, I think this is already the standard. Daily will require dealing with fractions more often.

2. I suggest getting out of the middle altogether and have borrowers pay the lenders directly.  It will make life a lot less stressful for you since you won't need to worry about being responsible for others' bitcoins. You can send borrowers the BTC address of their lenders directly, and then monitor the blockchain to see when a payment has been made.  Sorry if you were planning to make money by taking a cut, but consider a different way to receive bitcoins without handling other people's money.  For example, I believe you can create a "bitcoin:" URI that does multipay.  Or you could ask to be paid up front, or bill people later, or any number of other ways.

3. You have a script set to monitor payments to a hot wallet and send them somewhere?  See #2 for why you don't need a hot wallet.  If you need one, though (and you may already do this), at least make sure it's on a computer completely unconnected to your website: Use the blockchain and monitor the payment from somewhere else. If your website has no bitcoins controlled from it, you can't lose any even if someone breaks into it.

4. Please consider including an option to link the account on your site to a bitcoin-otc rating and GPG identity. I suspect all you'd need initially is allow users to provide a GPG public key (which you can match to the one they use on OTC).  Then at minimum, publish the key ID with a link to the OTC ratings when displaying information about other users  on your site.


Yes this is actually the next thing on my to do list.  I want to give users the option for both using hot wallet and their own as well.  I was thinking about using bitcoinabe to download the blockchain into a database where I can process transactions without a wallet.  It will be more difficult for users because they would need to enter in their payment information everytime a loan is repaid or paid out.  I do appreciate the idea.
full member
Activity: 213
Merit: 100
Hi thanks for making a site.

1. I suggest displaying interest as weekly, I think this is already the standard. Daily will require dealing with fractions more often.

2. I suggest getting out of the middle altogether and have borrowers pay the lenders directly.  It will make life a lot less stressful for you since you won't need to worry about being responsible for others' bitcoins. You can send borrowers the BTC address of their lenders directly, and then monitor the blockchain to see when a payment has been made.  Sorry if you were planning to make money by taking a cut, but consider a different way to receive bitcoins without handling other people's money.  For example, I believe you can create a "bitcoin:" URI that does multipay.  Or you could ask to be paid up front, or bill people later, or any number of other ways.

3. You have a script set to monitor payments to a hot wallet and send them somewhere?  See #2 for why you don't need a hot wallet.  If you need one, though (and you may already do this), at least make sure it's on a computer completely unconnected to your website: Use the blockchain and monitor the payment from somewhere else. If your website has no bitcoins controlled from it, you can't lose any even if someone breaks into it.

4. Please consider including an option to link the account on your site to a bitcoin-otc rating and GPG identity. I suspect all you'd need initially is allow users to provide a GPG public key (which you can match to the one they use on OTC).  Then at minimum, publish the key ID with a link to the OTC ratings when displaying information about other users  on your site.
full member
Activity: 148
Merit: 100
First thing before releasing a website is proofreading for errors.
For example, change all instances of 'garentee' into guarantee.
Your site has the potential, but you'll still need to work on it to iron out stuff and improve the general usability.

Thank you for pointing that out.  I really wasn't planning on having people use it right away.  Just give me shit for what I have wrong.  Best way to improve it in my opinion.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
First thing before releasing a website is proofreading for errors.
For example, change all instances of 'garentee' into guarantee.
Your site has the potential, but you'll still need to work on it to iron out stuff and improve the general usability.
full member
Activity: 148
Merit: 100
THIS IS WHY I WILL NOT BE REGISTERING ON YOUR SITE, I HOPE YOU CAN EXPLAIN WHY IT IS NOT IN A PASSWORD FIELD, AND ARE STORING THESE PASSWORDS IN PLAIN TEXT!!!!!! ALSO WATCHING YOUR VIDEO YOUR VERIFICATION SYSTEM IS JUST A FACEBOOK FORM COME ONNNNNNNNNN back to the drawing board.


Changed the password deal, so this is fixed.
donator
Activity: 1218
Merit: 1079
Gerald Davis
I will fix it now, but I am using sha1 encryption for password storage.

SHA1 is horrible easy to brute force.

One example:
http://nsa.unaligned.org/

This guy built at home a SHA1 brute force engine which can brute for every possible 8 digit password in less than a day.  Yes all 6,095,689,385,410,820 in less than a day.

Security is a mindset not something you bolt on at the end.  Passwords should be hashed with a strong hashing algorithm use per account random salt (min 64 bit) to prevent parallel and pre-computational attacks.  The optimal method would be some proven algorithm which slows down brute force attacks through the use of key strengthening like bcrypt, scrypt, or PBKDF2.
full member
Activity: 148
Merit: 100
You don't have to use it if you do not want to.  I am not a super experienced programmer, but I had a lot of feedback suggesting that I just release the website and that users would help me out.

Normally I would take more time and consideration before releasing, but people wanted me to release it.  As far as Facebook verification system is concerned... I had the option not to use this method, but it would require last 4 digits of your social.  So that being said I felt users would be more comfortable with this method.
hero member
Activity: 504
Merit: 502
I also couldnt help chuckle a bit after going to that page. Cry
full member
Activity: 148
Merit: 100
just get a shared hosting package they are cheap and good for testing, don't try and host it on your own servers in your house it more headaches.

*Sigh* I know, but I have this computer here and why not use it?  It is already set up, just need to get this port forwarding business cleared up...

Good luck with that, ISP will probably ask you to upgrade, IE pay more money so might as well get a shared hosting package it would be around the same amount of money

Nah I made a workaround.  Just had to forward port 81 and make some changes on my WAMP.

If you want to check out the site you can visit it here.

72.181.135.42:81
The domain should work after 24 hours.
full member
Activity: 148
Merit: 100
just get a shared hosting package they are cheap and good for testing, don't try and host it on your own servers in your house it more headaches.

*Sigh* I know, but I have this computer here and why not use it?  It is already set up, just need to get this port forwarding business cleared up...
full member
Activity: 148
Merit: 100
Well I guess I am off to a bad start.

Looks like my ISP is blocking 80.  I will deal with this in the morning.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
full member
Activity: 148
Merit: 100
Hey guys,

Made a post a while back regarding a peer to peer bitcoin lending website.  Well I finally got most of the code done.  There is still a lot of work to do, but if you want to help me work out the bugs I would really appreciate it.  There is a short video on the first page that should answer most of your questions.

Check it out....
lendmecoin.com  *** this is not working at the moment.

use this...
72.181.135.42:81
Jump to: