Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VsW3A-0006pO-NF for bitcoin-development@lists.sourceforge.net; Mon, 16 Dec 2013 11:09:24 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of zikula.org designates 74.125.82.182 as permitted sender) client-ip=74.125.82.182; envelope-from=drak@zikula.org; helo=mail-we0-f182.google.com; Received: from mail-we0-f182.google.com ([74.125.82.182]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VsW38-0003Wz-NS for bitcoin-development@lists.sourceforge.net; Mon, 16 Dec 2013 11:09:24 +0000 Received: by mail-we0-f182.google.com with SMTP id q59so4488928wes.13 for ; Mon, 16 Dec 2013 03:09:16 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=q0SG9q/TU+eMiZljfEQ6cGL/2uNW1Dg+/KsbUboZbQ0=; b=jWO0z0G8ILcyA7RtxPdEO6o9CYky/xtkDYw5VSNZLJRWLNX9nvA+6VbfTzQDYq9cM4 ejD8/WzapPo7EgSpWqgZmWPF4Gjkr9spN8vZF3YbvkoycsSAAvYrPRHRAKDC3BV45r31 86NpbhMJdhOlqnFCovFG5jiStDYa0D3jXJg/3dbZIHLm+CSsd0C0LTV4dX7NJa8t+62H blQxiad+Fh2OLLlnZjdJqmGaqdAdm5zLS+Ukc6Nh+WtnvzTSpDDO8Pu/mZWzX72OeQyh YIJ9fgMfh0YHi6AcewDc//XQ9oKsw2/oBto5DKTuV0NE43QKlySHNU30+r4dZtnNVNlc RMdA== X-Gm-Message-State: ALoCoQlYKLnQD200a1dGkEpKoqEB/r8a+tbu8tcNUkW5xXiMsdMO+SUS98MvgHHwfZq68REoSsnJ X-Received: by 10.180.103.193 with SMTP id fy1mr13469589wib.10.1387192156328; Mon, 16 Dec 2013 03:09:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.93.105 with HTTP; Mon, 16 Dec 2013 03:08:56 -0800 (PST) In-Reply-To: <1387190808.12225.60115997.547B23B6@webmail.messagingengine.com> References: <1387190808.12225.60115997.547B23B6@webmail.messagingengine.com> From: Drak Date: Mon, 16 Dec 2013 11:08:56 +0000 Message-ID: To: Jim Content-Type: multipart/alternative; boundary=f46d04428e3ab6a99004eda4d7e4 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: doubleclick.net] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1VsW38-0003Wz-NS Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Fees UI warning X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2013 11:09:24 -0000 --f46d04428e3ab6a99004eda4d7e4 Content-Type: text/plain; charset=UTF-8 Jim, It's great to see the many ways wallet authors try to protect users from easy to make mistakes, especially against losing funds. But this issues isn't confined to custom transaction - some wallet implementations have a fee field and almost all wallets allow the fee rate to be configured in preferences. Sanity checking is sensible where a user can override the calculated fee. Some wallets don't allow the fee to be adjusted at all, but quite a few do. Drak On 16 December 2013 10:46, Jim wrote: > Yes I saw that on reddit too. > > I think it applies mainly to custom transactions rather > than where fees are calculated automatically. > > Another variant of not understanding change that loses > people's bitcoins I have encountered is: > 1) Import a private key of a brainwallet/ paper wallet. > 2) Send a small amount of bitcoin from that key. > 3) The user then secure deletes all copies of the wallet > 'for security'. If they are not careful they can delete > a change address with funds on it. > > In MultiBit I have tried to reduce this possibility by: > 1) Hiding the ability to delete wallet (in the next version > I am removing it entirely) > 2) There is always a single key in a new wallet. When > a user imports a key then that makes two. I always send > the change to the second address, if it is available. > (This is bad for privacy but at least lessens the chances > that the funds become lost). > > If users are determined to use a brain wallet and > secure delete every copy of the wallet after they use > them you cannot stop them (it is their machine after all) > But these two options help lessen the chance of bitcoin > loss if they do. > > For the HD version of MultiBit we are removing the import > of individual private keys entirely and only supporting HD > addresses, primarily for safety reasons. > > Jim > > On Mon, Dec 16, 2013, at 10:13 AM, Drak wrote: > > Not sure if this is the right place, but since a few wallet authors > > congregate here I though it might be the best place. > > > > It seems every once in a while you see stories of people accidentally > > paying huge fees. Today I read about a man who paid a 20.14BTC fee for a > > 0.05 BTC transaction[1], oops. There was another recently where someone > > paid a fee of about 200BTC which fortunately the pool operator refunded. > > > > It just occurs to me this kind of sad story could be averted if wallets > > implemented a confirmation box if the fee amount seems crazy - for > example, > > if it's >10x what the default fee should be, or if it's greater than x% > of > > the sending amount. "the fee seems unusually high, are you really sure > you > > want to pay X in fees?" > > > > I realise the exact details of this might need to be fleshed out given we > > want flexible fees, but it should be pretty simple to agree with what > looks > > like an unusually large fee according to the going rate. > > > > Drak > > > > [1] > > > http://www.reddit.com/r/Bitcoin/comments/1syu3h/i_lost_all_my_bitcoins_in_an_erroneous/ > > > ------------------------------------------------------------------------------ > > Rapidly troubleshoot problems before they affect your business. Most IT > > organizations don't have a clear picture of how application performance > > affects their revenue. With AppDynamics, you get 100% visibility into > your > > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of > AppDynamics Pro! > > > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > -- > http://bitcoin-solutions.co.uk > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --f46d04428e3ab6a99004eda4d7e4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Jim,=C2=A0

It's great to= see the many ways wallet authors try to protect users from easy to make mi= stakes, especially against losing funds.=C2=A0

But= this issues isn't confined to custom transaction - some wallet impleme= ntations have a fee field and almost all wallets allow the fee rate to be c= onfigured in preferences. Sanity checking is sensible where a user can over= ride the calculated fee. Some wallets don't allow the fee to be adjuste= d at all, but quite a few do.

Drak

On 16 December 2013 10:46, Jim <jim= 618@fastmail.co.uk> wrote:
Yes I saw that on reddit too.

I think it applies mainly to custom transactions rather
than where fees are calculated automatically.

Another variant of not understanding change that loses
people's bitcoins I have encountered is:
1) Import a private key of a brainwallet/ paper wallet.
2) Send a small amount of bitcoin from that key.
3) The user then secure deletes all copies of the wallet
'for security'. If they are not careful they can delete
a change address with funds on it.

In MultiBit I have tried to reduce this possibility by:
1) Hiding the ability to delete wallet (in the next version
I am removing it entirely)
2) There is always a single key in a new wallet. When
a user imports a key then that makes two. I always send
the change to the second address, if it is available.
(This is bad for privacy but at least lessens the chances
that the funds become lost).

If users are determined to use a brain wallet and
secure delete every copy of the wallet after they use
them you cannot stop them (it is their machine after all)
But these two options help lessen the chance of bitcoin
loss if they do.

For the HD version of MultiBit we are removing the import
of individual private keys entirely and only supporting HD
addresses, primarily for safety reasons.

Jim

On Mon, Dec 16, 2013, at 10:13 AM, Drak wrote:
> Not sure if this is the right place, but since a few wallet authors > congregate here I though it might be the best place.
>
> It seems every once in a while you see stories of people accidentally<= br> > paying huge fees. Today I read about a man who paid a 20.14BTC fee for= a
> 0.05 BTC transaction[1], oops. There was another recently where someon= e
> paid a fee of about 200BTC which fortunately the pool operator refunde= d.
>
> It just occurs to me this kind of sad story could be averted if wallet= s
> implemented a confirmation box if the fee amount seems crazy - for exa= mple,
> if it's >10x what the default fee should be, or if it's gre= ater than x% of
> the sending amount. "the fee seems unusually high, are you really= sure you
> want to pay X in fees?"
>
> I realise the exact details of this might need to be fleshed out given= we
> want flexible fees, but it should be pretty simple to agree with what = looks
> like an unusually large fee according to the going rate.
>
> Drak
>
> [1]
> http://www.reddit.com/r/Bit= coin/comments/1syu3h/i_lost_all_my_bitcoins_in_an_erroneous/
> ----------------------------------------= --------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most I= T
> organizations don't have a clear picture of how application perfor= mance
> affects their revenue. With AppDynamics, you get 100% visibility into = your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppD= ynamics Pro!
> http://pubads.g.doubleclick.net= /gampad/clk?id=3D84349831&iu=3D/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-d= evelopment@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitco= in-development


--
http://b= itcoin-solutions.co.uk

---------------------------------------------------------------------------= ---
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance=
affects their revenue. With AppDynamics, you get 100% visibility into your<= br> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynami= cs Pro!
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D84349831&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--f46d04428e3ab6a99004eda4d7e4--