Mycelium Bitcoin Wallet - page 99. | Bitcointalksearch.org

westkybitcoins

legendary

Activity: 980

Merit: 1004

Firstbits: Compromised. Thanks, Android!

Quote from: Jan on March 19, 2014, 08:27:58 AM

Quote from: RGBKey on March 19, 2014, 07:49:56 AM

ETA on Mycelium with the new standard fee?

The new fee rules in 0.9 affect the default relay fee rule, but not the default miner fee. This means that your transaction will propagate with a lower fee, but not necessarily confirm.
Until now the default relay fee rules and default mining fee have been the same. It remains to be seen how the miners react.
If we lower the fee right now we will probably get a lot of unhappy users (blaming our software) because nothing confirms. 0.9 is just out and it will take some time until it has proliferated, and we will have to see whether miners actively set the mining fee below the standard.

I have no problem with a base fee of 0.0001 BTC

Even at $1000/btc, that's only 10 cents (U.S.) per transaction. At current prices, closer to 6 cents. Still cheaper than a bank wire, and worth it for anyone not trying to make micropayments (which Bitcoin really wasn't designed for anyway.)

While saving coins is always a plus, don't feel rushed to lower the fee anytime soon.

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

Quote from: Jan on March 19, 2014, 08:27:58 AM

Quote from: RGBKey on March 19, 2014, 07:49:56 AM

ETA on Mycelium with the new standard fee?

The new fee rules in 0.9 affect the default relay fee rule, but not the default miner fee. This means that your transaction will propagate with a lower fee, but not necessarily confirm.
Until now the default relay fee rules and default mining fee have been the same. It remains to be seen how the miners react.
If we lower the fee right now we will probably get a lot of unhappy users (blaming our software) because nothing confirms. 0.9 is just out and it will take some time until it has proliferated, and we will have to see whether miners actively set the mining fee below the standard.

I see, ok then.

Jan

legendary

Activity: 1043

Merit: 1002

Quote from: RGBKey on March 19, 2014, 07:49:56 AM

ETA on Mycelium with the new standard fee?

The new fee rules in 0.9 affect the default relay fee rule, but not the default miner fee. This means that your transaction will propagate with a lower fee, but not necessarily confirm.
Until now the default relay fee rules and default mining fee have been the same. It remains to be seen how the miners react.
If we lower the fee right now we will probably get a lot of unhappy users (blaming our software) because nothing confirms. 0.9 is just out and it will take some time until it has proliferated, and we will have to see whether miners actively set the mining fee below the standard.

Jan

legendary

Activity: 1043

Merit: 1002

Quote from: SherdonIke on March 19, 2014, 05:45:14 AM

Are you going to make a new version? if so when about
Excuse me, am I right it does work with Samsung ? I wonder cause my friend has samsung

We are working on the next big release. I hope we have it out in a week or so. Mycelium works with most Android phones, about 4000 versions, samsung included.

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

ETA on Mycelium with the new standard fee?

SherdonIke

newbie

Activity: 66

Merit: 0

Are you going to make a new version? if so when about
Excuse me, am I right it does work with Samsung ? I wonder cause my friend has samsung

Jan

legendary

Activity: 1043

Merit: 1002

Quote from: apetersson on March 17, 2014, 08:31:28 AM

Quote from: RGBKey on March 16, 2014, 03:38:04 PM

Quote from: RGBKey on March 15, 2014, 09:27:43 AM

Think I disovered a small backup related bug. (Does not affect integrity of backups)

My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.

Any comment?

I know we had a bug in the labels of the PDF. i assume just the numbering is wrong and the actual backup is fine.

if so, i'll put it in the low-prio bug category. we will eventually fix it someday or sooner if we get a pull request for it.

(what is more annoying is the lack on UTF-8 support in the pdf... ) this needs a major rewrite with a different PDF generation engine.

The numbering has been fixed and if you use non-ASCII characters in address labels we will not not display it (as it would look like gibberish). This will be part of the next release.

apetersson

hero member

Activity: 668

Merit: 501

Quote from: RGBKey on March 16, 2014, 03:38:04 PM

Quote from: RGBKey on March 15, 2014, 09:27:43 AM

Think I disovered a small backup related bug. (Does not affect integrity of backups)

My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.

Any comment?

I know we had a bug in the labels of the PDF. i assume just the numbering is wrong and the actual backup is fine.

if so, i'll put it in the low-prio bug category. we will eventually fix it someday or sooner if we get a pull request for it.

(what is more annoying is the lack on UTF-8 support in the pdf... ) this needs a major rewrite with a different PDF generation engine.

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

Quote from: RGBKey on March 15, 2014, 09:27:43 AM

Think I disovered a small backup related bug. (Does not affect integrity of backups)

My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.

Any comment?

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

Think I disovered a small backup related bug. (Does not affect integrity of backups)

My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.

hgmichna

hero member

Activity: 695

Merit: 500

Quote from: RGBKey on March 13, 2014, 07:58:34 PM

I wasn't too concerned since I had only 1.8% of my coins on my phone, and of course a verified backup, but always have to be wary about these things.
EDIT: My phone is a Galaxy S III mini.

We are so relieved!

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

Quote from: apetersson on March 13, 2014, 06:18:07 PM

as this story develops, it looks like it might be exaggerated reporting. apparently, you would need a modified kernel that this needs to be exploited:

http://www.xda-developers.com/android/samsung-backdoor-may-not-be-as-wide-open-as-initially-thought/

http://arstechnica.com/security/2014/03/virtually-no-evidence-for-claim-of-remote-backdoor-in-samsung-galaxy-phones/

accoring to these articles, only the Galaxy S would be really affected.

Anyways, this serves as a reminder that one should store significant amounts on Paper only, and verify that the backup works.

I wasn't too concerned since I had only 1.8% of my coins on my phone, and of course a verified backup, but always have to be wary about these things.
EDIT: My phone is a Galaxy S III mini.

apetersson

hero member

Activity: 668

Merit: 501

as this story develops, it looks like it might be exaggerated reporting. apparently, you would need a modified kernel that this needs to be exploited:

http://www.xda-developers.com/android/samsung-backdoor-may-not-be-as-wide-open-as-initially-thought/

http://arstechnica.com/security/2014/03/virtually-no-evidence-for-claim-of-remote-backdoor-in-samsung-galaxy-phones/

accoring to these articles, only the Galaxy S would be really affected.

Anyways, this serves as a reminder that one should store significant amounts on Paper only, and verify that the backup works.

apetersson

hero member

Activity: 668

Merit: 501

Quote from: RGBKey on March 13, 2014, 12:22:01 PM

Quote from: Jan on March 13, 2014, 11:24:36 AM

Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit)

This is not true. The exploit gives access to anybody broadcasting a pirate signal from capable equipment also. Correct?

As far as i understand, you need to have actual malware installed, which in turn can bypass the process isolation. Of course, this malware can request access rights to Internet, Bluetooth or whatever, which could be used to abuse this remotely. But this is still quite fresh now, maybe i'm wrong.

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

Quote from: Jan on March 13, 2014, 11:24:36 AM

Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit)

This is not true. The exploit gives access to anybody broadcasting a pirate signal from capable equipment also. Correct?

soullyG

hero member

Activity: 1011

Merit: 721

Decentralize everything

Quote from: apetersson on March 13, 2014, 08:13:49 AM

Quote from: soullyG on March 13, 2014, 07:02:51 AM

One more thing: I had the chance to use message signing for the first time the other day, and it got me thinking - it's currently only possible to do this for keys that are stored on the device - would it be possible to integrate this feature with the cold storage spending functionality, so that we can sign messages on an ad-hoc basis, without needing to fully import the private key?

yes. this makes a lot of sense. it is just a question of how to integrate it in the UI.

Thanks, I think the best place to put it would be on the screen after selecting the "cold storage" menu option (and likely only once the private key has been scanned) to keep it separate from the standard message signing, but RGBKey's proposal is also good:

Quote from: RGBKey on March 13, 2014, 10:21:43 AM

Maybe instead of putting the sign option as an address option, add it as a menu option (like cold storage) and then you can choose an address or to scan, etc.

hgmichna

hero member

Activity: 695

Merit: 500

Quote from: Jan on March 13, 2014, 11:24:36 AM

Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit)

Are you sure? It reads more like remote file access.

But anyway, things are moving fast at least at CyanogenMod's. There is already a software problem report in their bug tracker with priority "critical".

I, for one, may have to switch over to CyanogenMod a bit sooner than I had planned. My phone is a Samsung Galaxy Nexus, which is affected.

Replicant is another choice. After all they found the backdoor.

Jan

legendary

Activity: 1043

Merit: 1002

Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit)

Jan

legendary

Activity: 1043

Merit: 1002

A vulnerability has been discovered which seems to affect certain Samsung devices:
http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor

What can it do?
It appears that this could be used to gain read access to Mycelium private keys on the android file system for the following device types:

Nexus S (I902x)
Galaxy S (I9000)
Galaxy S 2 (I9100)
Galaxy Note (N7000)
Galaxy Nexus (I9250)
Galaxy Tab 2 7.0 (P31xx)
Galaxy Tab 2 10.1 (P51xx)
Galaxy S 3 (I9300)
Galaxy Note 2 (N7100)

How should I react?
For a start, please don't store more in a hot wallet than what you are prepared to loose. This is a general recommendation regardless of whether you use Mycelium or any other wallet. Mycelium offers cold storage spending where the private key never touches the file system. With cold storage spending your private key is safe from this exploit. Use it.

What will Mycelium do?
We will make an update that makes Mycelium warn the user if he is running on one of those devices.
We will get in contact with other Bitcoin android developers and figure out what the best course of action is.

Jan

legendary

Activity: 1043

Merit: 1002

Quote from: RGBKey on March 13, 2014, 10:21:43 AM

...Also, not sure if you noticed the new samsung discovery of a backdoor/feature. I personalky use a galaxy, and was concerned enough to move it onto my computer for a bit. Can you advise on that?

Was actually in the process of writing about that... gimme a minute

Topic: Mycelium Bitcoin Wallet - page 99. (Read 586368 times)