BitPay Integrates Bitcoin with Fulfillment by Amazon
marketwatch.comFor those who haven't noticed, a single bitcoin is worth almost 47 dollars now, over 30% more than two days ago: http://bitcoincharts.com/charts/mtgoxUSD#rg5ztgSzm1g10zm2g25...
I really wish it would crash already. I don't feel comfortable buying any right now for day-to-day purchases because the crash has to be coming.
... and, back to $34.
and back to $43
this is not a market for weak hands.
This scares me in ways I don't understand. I feel like I just looked at the price not too long ago and it was $26.
A sucker game. Get them, but do not buy them.
Note to anyone who's designing cryptographic currency 2.0: stabilize the price next time. It doesn't have to be tied to USD but it should be tied to something. Control over the supply automatically gives you control over the price, you can peg to whatever you want.
Global GDP futures perhaps? It would be interesting to have a currency worth a particular percent of global output.
That part of the point of BTC though, AFAICT - no price control, no supply control.
It appeals to libertarians for this reason. Doesn't appeal to me because I like stability in my currency and am happy to have central authorities that try to ensure that, but it appeals to libertarians.
On BitPay site: https://bitpay.com/amazon
Hummm. Does Amazon know about this? Are they likely to revoke access to anyone availing of this service?
It shouldn't really matter to Amazon. Their fulfillment service is just an API for saying "take this item from your warehouse and ship it to this address". Amazon doesn't know that you're shipping things in response to a BitCoin payment, versus goodies for KickStarter backers, versus holiday gifts for customers. All BitPay is doing is integrating their API with Amazon's API for you so that receiving a payment can kick off a shipment. It doesn't create any new potential liability for Amazon; they're not touching bitcoins and their payment for the fulfillment service is separate from what they're fulfilling.
Cool, thanks for the clarification. So I guess its only a matter of time there are electronics stores accepting BTC online
There are already many electronics for sale for bitcoins:
What's the best API for doing Bitcoin transactions from a web app?
To be honest, bitcoind, the original Bitcoin client has a very accessible json-rpc API [0]. This is the same daemon that runs behind the QT front-end of the "official" Bitcoin client. RPC is not my favorite (gotten spoiled by RESTful), but bitcoind's implementation is easy-to-use, and most languages have nice, easy-to-use json-rpc libraries [1]. You run bitcoind as a headless client on your server. It's pretty robust, and multithreaded. The benefit to that setup is that you are in control of everything, no need to depend on (or pay) a third-party. And there's no need to store Bitcoins on the server beyond what you need for your transactions, since you can set up a cron job to periodically forward x percentage of the balance to an off-site wallet with ease.
However, if you want something with a RESTful interface that you don't have to maintain yourself, ycombinator-funded Coinbase appears to have a nice API. But unlike bitcoind (which I've used for several small and one largish project), I've never used coinbase or any of the other third-party APIs.
[0] https://en.bitcoin.it/wiki/Bitcoind [1] http://json-rpc.org/wiki/implementations [2] https://coinbase.com/
EDIT: Clarity, grammar.
That's the kind of set-up that has been hacked to high hell several times.
It's not that hard to understand why. Having a computer connected to the net to run bitcoind means that if you get it rooted by any chance, you just lost the entirety of your hot wallet.
Please, please stop doing that.
Oh my gosh you don't expose it to the public Internet. RPC is just an API -- just because it runs over an IP address doesn't mean you run it exposed to the whole world. I thought that would go without saying, but clearly I was wrong. It's just like anything you connect to via IP...including simple databases like many of the NoSQL databases. You run it on a secure internal network, and connect it to your web server, and expose the web server to the public, via a reverse proxy. This is no different.
And if you send the balance to an off-site wallet every hour, or less, then you aren't exposing much of your balance anyway. If you're an exchange, it gets a lot harder since you have to figure out how much to keep on a hot wallet. But if you're just accepting Bitcoins, there's little to no risk, as long as you regularly send your balance off-site to a cold wallet.
And if your web server is rooted, then they've got any balance you've exposed to your web app, regardless of whether you are running it on bitcoind or some third-party web service.
That's better but still this is what bitfloor ran and it got hacked.
I recommend cold wallets instead. You can have your server rooted and not lose a satoshi.
That has nothing to do with why Bitfloor lost such a large sum -- they stored unencrypted keys to a wallet holding a large sum on a server that was hacked. They could have used whatever solution you or I propose and if they stored unencrypted copies of the keys to a wallet holding $250,000 worth of btc on an online computer that was hacked, the same thing would have happened.
At the time, Roman Shtylman, the founder of Bitfloor, described it: “last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand.”
So it was a storage issue and had nothing to do with what we're discussing, which is how to process Bitcoin transactions. Which brings me to the question: how would you process transactions on this cold wallet you speak of? Somewhere, you have to have either bitcoind or libbitcoin running (and most business will avoid the latter because it's AGPL, unlike bitcoind which is under MIT license).
To be clear, I strongly agree with the suggestion to keep as much money as possible on cold wallets. If you are just accepting Bitcoins for payment, this can be virtually 100% of your coins. As long as you are regularly moving your coins off of the bitcoind daemon connected to your web app, you are risking very little. Hell, you can transfer the balance off-server every minute if it makes you sleep better.
The extra measures needed are non-trivial and should be detailed (or an alternative, like Armory, given).
Otherwise, in real life, most people take the easy way out which means a standard client without no special measures. Note that encrypting the wallets still is not good enough if your webapp needs to be able to operate it (it will typically have the means to transfer funds just there, either keys or source code capable of replicating it).
Crypto is too hard to do right to leave all that as an exercise for the reader.
This is my last comment on this thread, since you keep repeating the same unfounded complaint. I did mention the extra measure of moving coins offsite in my original comment (which is trivial if you know how to use cron). As long as you do this, your risk of exposure is the amount of Bitcoins you accept during n interval, where n can be practically as small as you want it to be.
Also, I get the distinct feeling you're lecturing us about something you've never done. "to operate [a wallet]"?? "to transfer fund just there, either keys or source code capable of replicating it"?? How would you connect a web app, say a Ruby on Rails app, or a Django app if you're more comfortable with Python, to Armory to process Bitcoin payments? There's a new feature that's just been merged that I see would allow Armory to be used on the web, but as far as I can tell, no one is using it in production. But assuming this feature is production ready, how would you use Armory to process payments on the web? Have you actually done this? You're just mentioning a product and nothing about implementing payment processing. The extra measures needed to set up payment processing are most decidedly non-trivial and should be detailed.
Finally, I should mention that Bitcoin Armory is under AGPL (even stricter than the GPL), which means that no serious business is going to use it for payment processing since they would have to open source whatever app they are connecting it to (it's just fine to use it to store a business's Bitcoins, however, since in this case, it's not connected to your application). From the BitcoinArmory site: "Armory is licensed under the AGPL version 3, which guarantees that any derivative programs based on Armory source-code must also be open-source." bitcoind, on the other hand, is under the MIT license and can be freely used in commercial software without the obligation to share your source code.
The only problem I had about your initial comment, is that someone unaware of the risks would be encouraged to do the same things that caused a gazillion hacks in the past.
The option of just having a small hot wallet and a cron script (risking just the amount in the hot wallet at any given time) is probably good enough for most people, and it's a lot simpler than the kind of crypto needed to set up a wallet that can be safely operated in untrusted media. That much is fine.
Still, hotwallets combined with limited human resources (can't have someone constantly checking the balance, cannot automate the loading of the wallet and keep that in the server for obvious reasons) usually end up in cutting corners, getting robbed and essentially financing crooks.
Cannot go around saying safe, home-made BTC wallet support is trivial for a newbie. If you think so you live in la-la land.
It's just unrealistic and conveys a dangerous message, that's all. 99% of HN's readers would be much better off using any of the already put in place payment processing systems and pay them for their years of expertise.
One of bitcoin's strengths is decentralization, and you just told people not to manage their own wallets.
How do you accept bitcoin? Please enlighten us.
Non-hot wallets.
I didn't say you shouldn't use wallets, just don't use the naive approach of having a plain wallet in a computer that's exposed via bitcoind. That's asking for it.
Cryptography is hard, but you can use this for instance:
http://bitcoinarmory.com/using-offline-wallets-in-armory/
It's already prepackaged for you. Give it a good read if you don't know it. Free, Open Source, etc. And the author is a nice chap.
It's not the only way. But whatever you do, just don't keep a massive hot wallet in a server that's online. They will find it and if you move enough money they will put massive amounts of effort into hacking it.
Did you read my original comment? You basically just described a solution that mirrors my own, which was to send x percentage of your balance to an off-site wallet (maximizing x to the extent possible, obviously). I didn't get into how to securely store your coins off-site, since that wasn't the question.
EDIT: BTW, you do realize that Armory is a front-end to bitcoind, right? You still have to run bitcoind for Armory to work.
From their Github page:
"Armory has no independent networking components built in. Instead, it relies on on the Satoshi client to securely connect * to peers, validate blockchain data, and broadcast transactions * for us. Although it was initially planned to cut the umbilical * cord to the Satoshi client and implement independent networking, * it has turned out to be an inconvenience worth having. * Reimplementing all the networking code would be fraught with bugs, * security holes, and possible blockchain forking. The reliance * on Bitcoin-Qt right now is actually making Armory more secure!"
Yes, that's fine. But the rest of the elements are non-trivial and you left them "as an exercise for the reader". This usually means that the reader will just run the standard client with a full internet connection and get hacked to high hell.
You can have a computer with a firewall and a custom protocol connected to another system, and still get hacked, if you don't put in place the sort of measures Armory uses.
Read carefully what you quoted: "it relies on on the Satoshi client to securely connect * to peers, validate blockchain data, and broadcast transactions * for us" - that is not the actual problem when you have your server rooted. The problem is KEYS. Key generation, and key storage/management. Which no other common solutions that I know do in a way that won't get your arse robbed if the computer storing the wallet is compromised. Which I think is a big deal.
actually, come to think of it, you just need to provide a Bitcoin address for payments to be sent to and a form that takes the customer's own address so you can know who paid and for what.
Yes, absolutely. If you're thinking of a low-volume, semi-manual system, you can simply generate a list of addresses, store them on a DB, and display them to customers for payment. Then send out your product/service once you verify payment has cleared on the Blockchain Explorer. That's a good, simple, low-tech way of taking care of things, as long as you carefully match addresses to customers and take care to securely store the wallet you used to generate the addresses. But assuming you can program, it's not hard to implement an automated payment processor, or to integrate a third-party API. Please don't be scared off by alarmists. As long as you are taking care not to store large sums of Bitcoins on your server, there's no problem. You can easily set a cron job to move the full balance off your wallet every minute to a cold, air-gapped, inaccessible, off-site wallet (Armory looks good for storage). As long as you're not distributing bitcoins (like exchanges have to do), you don't need to worry about keeping a large sum on the wallet you use for your app. Please feel free to contact me at the address on my profile if you have any questions (my user name is my real name).
By the way, BitPay is recruiting node.js developers.
Anybody trading bitcoins options or futures?
Whoha, that's awesome!
Where to buy BitCoins easily? CoinBase is useless since they've "exceeded their maximum daily limit", and Mt. Gox wants me to verify my home address, but I just moved and don't have any bills yet.
I've had good luck with Bitfloor. They let you do a cash deposit at Bank of America, and it goes instantly to your account. No ID or addresses or anything.
Yes, they've been hacked before and lost bitcoins. I figure 1. being hacked once probably makes them a lot more cautious now, and 2. what was stolen was bitcoins that were sitting in user accounts there. You're at very low risk if you don't leave bitcoins sitting in your account - transfer them to a private wallet or convert them to USD immediately.
Coinbase's "daily limit" is, as far as I can tell, a rolling "daily limit". Keep retrying and you can buy bitcoins.
Source: I bought BTC on coinbase right before I replied to your comment.
localbitcoins.com will work in a lot of places. ziggap.com is another one similar to coinbase. ziggap uses western union/ money gram and so has higher fees, but less wait time. also have seen btc sold on ebay, but with a pretty big markup.
also, you can mine them yourself ;-)
I help run a guide site for bitcoin newbies trying to buy:
http://howdoyoubuybitcoins.com/
I recommend the following services right now: http://howdoyoubuybitcoins.com/from/bitme/ http://howdoyoubuybitcoins.com/from/localbitcoins/ http://howdoyoubuybitcoins.com/from/ziggap/
Maybe bitinstant.com