1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <drak@zikula.org>) id 1VsW3A-0006pO-NF
for bitcoin-development@lists.sourceforge.net;
Mon, 16 Dec 2013 11:09:24 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of zikula.org
designates 74.125.82.182 as permitted sender)
client-ip=74.125.82.182; envelope-from=drak@zikula.org;
helo=mail-we0-f182.google.com;
Received: from mail-we0-f182.google.com ([74.125.82.182])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1VsW38-0003Wz-NS
for bitcoin-development@lists.sourceforge.net;
Mon, 16 Dec 2013 11:09:24 +0000
Received: by mail-we0-f182.google.com with SMTP id q59so4488928wes.13
for <bitcoin-development@lists.sourceforge.net>;
Mon, 16 Dec 2013 03:09:16 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc:content-type;
bh=q0SG9q/TU+eMiZljfEQ6cGL/2uNW1Dg+/KsbUboZbQ0=;
b=jWO0z0G8ILcyA7RtxPdEO6o9CYky/xtkDYw5VSNZLJRWLNX9nvA+6VbfTzQDYq9cM4
ejD8/WzapPo7EgSpWqgZmWPF4Gjkr9spN8vZF3YbvkoycsSAAvYrPRHRAKDC3BV45r31
86NpbhMJdhOlqnFCovFG5jiStDYa0D3jXJg/3dbZIHLm+CSsd0C0LTV4dX7NJa8t+62H
blQxiad+Fh2OLLlnZjdJqmGaqdAdm5zLS+Ukc6Nh+WtnvzTSpDDO8Pu/mZWzX72OeQyh
YIJ9fgMfh0YHi6AcewDc//XQ9oKsw2/oBto5DKTuV0NE43QKlySHNU30+r4dZtnNVNlc
RMdA==
X-Gm-Message-State: ALoCoQlYKLnQD200a1dGkEpKoqEB/r8a+tbu8tcNUkW5xXiMsdMO+SUS98MvgHHwfZq68REoSsnJ
X-Received: by 10.180.103.193 with SMTP id fy1mr13469589wib.10.1387192156328;
Mon, 16 Dec 2013 03:09:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.93.105 with HTTP; Mon, 16 Dec 2013 03:08:56 -0800 (PST)
In-Reply-To: <1387190808.12225.60115997.547B23B6@webmail.messagingengine.com>
References: <CANAnSg0QnZQ2BNJRYm1SD4HePZJQZy3GuAejLXYH+rLFn34CtA@mail.gmail.com>
<1387190808.12225.60115997.547B23B6@webmail.messagingengine.com>
From: Drak <drak@zikula.org>
Date: Mon, 16 Dec 2013 11:08:56 +0000
Message-ID: <CANAnSg1oWrjod8N-iQg5fTzyhXWxMfSSdcnvhtjWEWcWW7_LOg@mail.gmail.com>
To: Jim <jim618@fastmail.co.uk>
Content-Type: multipart/alternative; boundary=f46d04428e3ab6a99004eda4d7e4
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: doubleclick.net]
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1VsW38-0003Wz-NS
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Fees UI warning
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2013 11:09:24 -0000
--f46d04428e3ab6a99004eda4d7e4
Content-Type: text/plain; charset=UTF-8
Jim,
It's great to see the many ways wallet authors try to protect users from
easy to make mistakes, especially against losing funds.
But this issues isn't confined to custom transaction - some wallet
implementations have a fee field and almost all wallets allow the fee rate
to be configured in preferences. Sanity checking is sensible where a user
can override the calculated fee. Some wallets don't allow the fee to be
adjusted at all, but quite a few do.
Drak
On 16 December 2013 10:46, Jim <jim618@fastmail.co.uk> wrote:
> Yes I saw that on reddit too.
>
> I think it applies mainly to custom transactions rather
> than where fees are calculated automatically.
>
> Another variant of not understanding change that loses
> people's bitcoins I have encountered is:
> 1) Import a private key of a brainwallet/ paper wallet.
> 2) Send a small amount of bitcoin from that key.
> 3) The user then secure deletes all copies of the wallet
> 'for security'. If they are not careful they can delete
> a change address with funds on it.
>
> In MultiBit I have tried to reduce this possibility by:
> 1) Hiding the ability to delete wallet (in the next version
> I am removing it entirely)
> 2) There is always a single key in a new wallet. When
> a user imports a key then that makes two. I always send
> the change to the second address, if it is available.
> (This is bad for privacy but at least lessens the chances
> that the funds become lost).
>
> If users are determined to use a brain wallet and
> secure delete every copy of the wallet after they use
> them you cannot stop them (it is their machine after all)
> But these two options help lessen the chance of bitcoin
> loss if they do.
>
> For the HD version of MultiBit we are removing the import
> of individual private keys entirely and only supporting HD
> addresses, primarily for safety reasons.
>
> Jim
>
> On Mon, Dec 16, 2013, at 10:13 AM, Drak wrote:
> > Not sure if this is the right place, but since a few wallet authors
> > congregate here I though it might be the best place.
> >
> > It seems every once in a while you see stories of people accidentally
> > paying huge fees. Today I read about a man who paid a 20.14BTC fee for a
> > 0.05 BTC transaction[1], oops. There was another recently where someone
> > paid a fee of about 200BTC which fortunately the pool operator refunded.
> >
> > It just occurs to me this kind of sad story could be averted if wallets
> > implemented a confirmation box if the fee amount seems crazy - for
> example,
> > if it's >10x what the default fee should be, or if it's greater than x%
> of
> > the sending amount. "the fee seems unusually high, are you really sure
> you
> > want to pay X in fees?"
> >
> > I realise the exact details of this might need to be fleshed out given we
> > want flexible fees, but it should be pretty simple to agree with what
> looks
> > like an unusually large fee according to the going rate.
> >
> > Drak
> >
> > [1]
> >
> http://www.reddit.com/r/Bitcoin/comments/1syu3h/i_lost_all_my_bitcoins_in_an_erroneous/
> >
> ------------------------------------------------------------------------------
> > Rapidly troubleshoot problems before they affect your business. Most IT
> > organizations don't have a clear picture of how application performance
> > affects their revenue. With AppDynamics, you get 100% visibility into
> your
> > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
> AppDynamics Pro!
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
> --
> http://bitcoin-solutions.co.uk
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--f46d04428e3ab6a99004eda4d7e4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Jim,=C2=A0</div><div><br></div><div>It's great to=
see the many ways wallet authors try to protect users from easy to make mi=
stakes, especially against losing funds.=C2=A0</div><div><br></div><div>But=
this issues isn't confined to custom transaction - some wallet impleme=
ntations have a fee field and almost all wallets allow the fee rate to be c=
onfigured in preferences. Sanity checking is sensible where a user can over=
ride the calculated fee. Some wallets don't allow the fee to be adjuste=
d at all, but quite a few do.<br>
</div><div><br></div><div>Drak<br></div></div><div class=3D"gmail_extra"><b=
r><br><div class=3D"gmail_quote">On 16 December 2013 10:46, Jim <span dir=
=3D"ltr"><<a href=3D"mailto:jim618@fastmail.co.uk" target=3D"_blank">jim=
618@fastmail.co.uk</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Yes I saw that on reddit too.<br>
<br>
I think it applies mainly to custom transactions rather<br>
than where fees are calculated automatically.<br>
<br>
Another variant of not understanding change that loses<br>
people's bitcoins I have encountered is:<br>
1) Import a private key of a brainwallet/ paper wallet.<br>
2) Send a small amount of bitcoin from that key.<br>
3) The user then secure deletes all copies of the wallet<br>
'for security'. If they are not careful they can delete<br>
a change address with funds on it.<br>
<br>
In MultiBit I have tried to reduce this possibility by:<br>
1) Hiding the ability to delete wallet (in the next version<br>
I am removing it entirely)<br>
2) There is always a single key in a new wallet. When<br>
a user imports a key then that makes two. I always send<br>
the change to the second address, if it is available.<br>
(This is bad for privacy but at least lessens the chances<br>
that the funds become lost).<br>
<br>
If users are determined to use a brain wallet and<br>
secure delete every copy of the wallet after they use<br>
them you cannot stop them (it is their machine after all)<br>
But these two options help lessen the chance of bitcoin<br>
loss if they do.<br>
<br>
For the HD version of MultiBit we are removing the import<br>
of individual private keys entirely and only supporting HD<br>
addresses, primarily for safety reasons.<br>
<br>
Jim<br>
<div><div class=3D"h5"><br>
On Mon, Dec 16, 2013, at 10:13 AM, Drak wrote:<br>
> Not sure if this is the right place, but since a few wallet authors<br=
>
> congregate here I though it might be the best place.<br>
><br>
> It seems every once in a while you see stories of people accidentally<=
br>
> paying huge fees. Today I read about a man who paid a 20.14BTC fee for=
a<br>
> 0.05 BTC transaction[1], oops. There was another recently where someon=
e<br>
> paid a fee of about 200BTC which fortunately the pool operator refunde=
d.<br>
><br>
> It just occurs to me this kind of sad story could be averted if wallet=
s<br>
> implemented a confirmation box if the fee amount seems crazy - for exa=
mple,<br>
> if it's >10x what the default fee should be, or if it's gre=
ater than x% of<br>
> the sending amount. "the fee seems unusually high, are you really=
sure you<br>
> want to pay X in fees?"<br>
><br>
> I realise the exact details of this might need to be fleshed out given=
we<br>
> want flexible fees, but it should be pretty simple to agree with what =
looks<br>
> like an unusually large fee according to the going rate.<br>
><br>
> Drak<br>
><br>
> [1]<br>
> <a href=3D"http://www.reddit.com/r/Bitcoin/comments/1syu3h/i_lost_all_=
my_bitcoins_in_an_erroneous/" target=3D"_blank">http://www.reddit.com/r/Bit=
coin/comments/1syu3h/i_lost_all_my_bitcoins_in_an_erroneous/</a><br>
</div></div><div class=3D"im">> ----------------------------------------=
--------------------------------------<br>
> Rapidly troubleshoot problems before they affect your business. Most I=
T<br>
> organizations don't have a clear picture of how application perfor=
mance<br>
> affects their revenue. With AppDynamics, you get 100% visibility into =
your<br>
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppD=
ynamics Pro!<br>
> <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D84349831&am=
p;iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net=
/gampad/clk?id=3D84349831&iu=3D/4140/ostg.clktrk</a><br>
> _______________________________________________<br>
> Bitcoin-development mailing list<br>
> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-d=
evelopment@lists.sourceforge.net</a><br>
> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo=
pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco=
in-development</a><br>
<br>
<br>
--<br>
</div><a href=3D"http://bitcoin-solutions.co.uk" target=3D"_blank">http://b=
itcoin-solutions.co.uk</a><br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
---------------------------------------------------------------------------=
---<br>
Rapidly troubleshoot problems before they affect your business. Most IT<br>
organizations don't have a clear picture of how application performance=
<br>
affects their revenue. With AppDynamics, you get 100% visibility into your<=
br>
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynami=
cs Pro!<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D84349831&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D84349831&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>
--f46d04428e3ab6a99004eda4d7e4--
|