Author Topic: LottoShares, You probably wouldn't be interested in this™ - It's Live!  (Read 14947 times)

0 Members and 1 Guest are viewing this topic.

Offline MrJeans

  • Hero Member
  • *****
  • Posts: 599
    • View Profile
  • BitShares: mrjeans
Yep this is a real risk.
If someone has your private keys for AGS they could take your shares in BitsharesX when it comes out.
Personally I am waiting around for trusted software or client that will allow for importing wallets without the need for using private keys.

Thanks why I would like to know from FreeTrader whether we need to claim our shares for them to start maturing or will they mature automatically and we can claim whenever we want.

Offline pharesim

  • Jr. Member
  • **
  • Posts: 29
    • View Profile
    • Horizon [HZ]
You can use your btc/mmc/pts-wallets with lottoshares. At least it worked for me ;)

The security risk is about the same though. We have to trust freetrade or check his code.
Meet you on STEEM

Offline FreeTrade

  • Moderator
  • Hero Member
  • *****
  • Posts: 700
    • View Profile
Yeah, this recommendation concerns me a little, especially since my biggest balances are AGS and we can't move those.  I already imported my private keys so I hope these are just precautionary measures.  Is this a real risk? Should I  :'(?

There's a chain of trust involved in getting the software to you - if you're reading and compiling yourself, that's the shortest chain - you're just trusting the code I've published and that your own system isn't compromised.
If you're using the binaries, or relying on someone else to vet the code, that chain is longer, you're trusting the compiler isn't compromised, that his system/software isn't compromised, that the network isn't compromised, that github and that your own system isn't compromised.
We're looking at other ways to handle this private key issue that require less risk and trust.
For now, there is no reason to import AGS/MMC/PTS keys - those balances don't start maturing for another 2 months anyway.
“People should be more sophisticated? How are you gonna get that done?” - Jerry Seinfeld reply to Bill Maher

Offline JakeThePanda

  • Sr. Member
  • ****
  • Posts: 232
    • View Profile
Yeah, this recommendation concerns me a little, especially since my biggest balances are AGS and we can't move those.  I already imported my private keys so I hope these are just precautionary measures.  Is this a real risk? Should I  :'(?

There's a chain of trust involved in getting the software to you - if you're reading and compiling yourself, that's the shortest chain - you're just trusting the code I've published and that your own system isn't compromised.
If you're using the binaries, or relying on someone else to vet the code, that chain is longer, you're trusting the compiler isn't compromised, that his system/software isn't compromised, that the network isn't compromised, that github and that your own system isn't compromised.
We're looking at other ways to handle this private key issue that require less risk and trust.
For now, there is no reason to import AGS/MMC/PTS keys - those balances don't start maturing for another 2 months anyway.

Wow! Now that I know this I'm very surprised the community would support any DAC without reviewing the code first.  Why are these risks only being brought up now?  No offense, but the code should have been completely reviewed before it was agreed to have it's own section in the forum and be fully supported.  Thank you for adding AGS/PTS to the distribution list, but at what cost do we blindly support a DAC?

At this early stage in the developement of DACs and this community, the leadership of Invictus has the most to say.  I'm pointing at I3 for not making this an important issue.  It could potentially compromise the entire project. No?
« Last Edit: July 15, 2014, 01:25:40 pm by JakeThePanda »

Offline MrJeans

  • Hero Member
  • *****
  • Posts: 599
    • View Profile
  • BitShares: mrjeans
You can use your btc/mmc/pts-wallets with lottoshares. At least it worked for me ;)

The security risk is about the same though. We have to trust freetrade or check his code.
Yep also claimed with PTS, no problem. With AGS its a bit more risky

Offline biophil

  • Hero Member
  • *****
  • Posts: 837
  • Incentives run the world
    • View Profile
    • Sign up for a Bitshares account!
  • BitShares: zebulon
Yeah, this recommendation concerns me a little, especially since my biggest balances are AGS and we can't move those.  I already imported my private keys so I hope these are just precautionary measures.  Is this a real risk? Should I  :'(?

There's a chain of trust involved in getting the software to you - if you're reading and compiling yourself, that's the shortest chain - you're just trusting the code I've published and that your own system isn't compromised.
If you're using the binaries, or relying on someone else to vet the code, that chain is longer, you're trusting the compiler isn't compromised, that his system/software isn't compromised, that the network isn't compromised, that github and that your own system isn't compromised.
We're looking at other ways to handle this private key issue that require less risk and trust.
For now, there is no reason to import AGS/MMC/PTS keys - those balances don't start maturing for another 2 months anyway.

Wow! Now that I know this I'm very surprised the community would support any DAC without reviewing the code first.  Why are these risks only being brought up now?  No offense, but the code should have been completely reviewed before it was agreed to have it's own section in the forum and be fully supported.  Thank you for adding AGS/PTS to the distribution list, but at what cost do we blindly support a DAC?

At this early stage in the developement of DACs and this community, the leadership of Invictus has the most to say.  I'm pointing at I3 for not making this an important issue.  It could potentially compromise the entire project. No?

Sure, it's very important and we should be concerned with security and all that - but FreeTrade has been around forever, and as far as I'm concerned he's a trusted dev. I believe he created PTS - someone correct me if I'm wrong.

So what you're saying is absolutely true, but in this particular instance the community (and, I believe, I3) decided there wasn't much to be afraid of.

Offline JakeThePanda

  • Sr. Member
  • ****
  • Posts: 232
    • View Profile
Yeah, this recommendation concerns me a little, especially since my biggest balances are AGS and we can't move those.  I already imported my private keys so I hope these are just precautionary measures.  Is this a real risk? Should I  :'(?

There's a chain of trust involved in getting the software to you - if you're reading and compiling yourself, that's the shortest chain - you're just trusting the code I've published and that your own system isn't compromised.
If you're using the binaries, or relying on someone else to vet the code, that chain is longer, you're trusting the compiler isn't compromised, that his system/software isn't compromised, that the network isn't compromised, that github and that your own system isn't compromised.
We're looking at other ways to handle this private key issue that require less risk and trust.
For now, there is no reason to import AGS/MMC/PTS keys - those balances don't start maturing for another 2 months anyway.

Wow! Now that I know this I'm very surprised the community would support any DAC without reviewing the code first.  Why are these risks only being brought up now?  No offense, but the code should have been completely reviewed before it was agreed to have it's own section in the forum and be fully supported.  Thank you for adding AGS/PTS to the distribution list, but at what cost do we blindly support a DAC?

At this early stage in the developement of DACs and this community, the leadership of Invictus has the most to say.  I'm pointing at I3 for not making this an important issue.  It could potentially compromise the entire project. No?

Sure, it's very important and we should be concerned with security and all that - but FreeTrade has been around forever, and as far as I'm concerned he's a trusted dev. I believe he created PTS - someone correct me if I'm wrong.

So what you're saying is absolutely true, but in this particular instance the community (and, I believe, I3) decided there wasn't much to be afraid of.

Considering there seem to be people in this community that don't feel comfortable importing AGS private keys to get LTS, I have to disagree with this statement. If this is such a real risk then a security measure/fix should have been a top priority since the inception of AGS.
« Last Edit: July 15, 2014, 01:54:49 pm by JakeThePanda »

sumantso

  • Guest
The best way would be to covert AGS to a coin like PTS. In that way everytime there is a snapshot we can just transfer the balance to another address. Maybe even combine AGS and PTS into a single unified DPoS coin (I had given a complicated suggestion earlier which involved merging PTS, AGS & BTS XT).

Offline biophil

  • Hero Member
  • *****
  • Posts: 837
  • Incentives run the world
    • View Profile
    • Sign up for a Bitshares account!
  • BitShares: zebulon
There are orders on the NHZ asset exchange, and it looks like at least one person went and bought NHZ on poloniex specifically so they could buy some LTS. FreeTrade, maybe you should update your bitcointalk announcement to put the NHZ AE under exchanges.

Offline MrJeans

  • Hero Member
  • *****
  • Posts: 599
    • View Profile
  • BitShares: mrjeans
The best way would be to covert AGS to a coin like PTS. In that way everytime there is a snapshot we can just transfer the balance to another address. Maybe even combine AGS and PTS into a single unified DPoS coin (I had given a complicated suggestion earlier which involved merging PTS, AGS & BTS XT).

I made a similar sugestion for different reasons but was met with some very good responses for why AGS is not made liquid
https://bitsharestalk.org/index.php?topic=5546.msg75181#msg75181

Thanks for the update FreeTrader.
I will wait around for my LTS to mature and collect at a later stage once the priv key issue has been resolved.

Its not that I dont trust the LTS client with my private keys, but its that I dont want to export and import my private keys at all as this exposes them (eg. pc viruses/spyware etc).

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1734
    • View Profile
for AGS - PTS shareholders, even if we import the keys we cannot play until 2.5 months have passed correct? So in any case we should wait until 2.5 months have passed before we import our keys, or have I misunderstood?

Offline biophil

  • Hero Member
  • *****
  • Posts: 837
  • Incentives run the world
    • View Profile
    • Sign up for a Bitshares account!
  • BitShares: zebulon
for AGS - PTS shareholders, even if we import the keys we cannot play until 2.5 months have passed correct? So in any case we should wait until 2.5 months have passed before we import our keys, or have I misunderstood?

That's correct - 2.5 months is the shortest you might have to wait. I imported my AGS and MMC keys, and the AGS matures in 2.5 months but the MMC doesn't mature until about a year from now.

Offline Simeon II

  • Sr. Member
  • ****
  • Posts: 356
    • View Profile
for AGS - PTS shareholders, even if we import the keys we cannot play until 2.5 months have passed correct? So in any case we should wait until 2.5 months have passed before we import our keys, or have I misunderstood?

I do not think you are forbidden to play for 2.5 mo.
So you can play, just with other/additional funds...

Offline solaaire

  • Full Member
  • ***
  • Posts: 177
  • praise the sun!
    • View Profile
how about in multibit client?

In order to extract your private key from multibit, you must export the .key file using the Export option in the multibit client

once you have extracted the key, you must open it in a text file. note: you cannot put a password on the exported file if you wish to view the private key

Offline jwiz168

  • Sr. Member
  • ****
  • Posts: 409
    • View Profile
how about in multibit client?

In order to extract your private key from multibit, you must export the .key file using the Export option in the multibit client

once you have extracted the key, you must open it in a text file. note: you cannot put a password on the exported file if you wish to view the private key

I got the idea thank you.