Cointoolkit FLOT guide and changelog

dysconnect 2015-12-06 16:21:47 UTC #19

Removing the entire folder is an option. The script will automatically git clone. Perhaps I should deal with that, though I dared not put something that does “rm -r” in the scripts as it could lead to some pretty bad accidents…

huafei 2015-12-07 09:11:46 UTC #20

can we seen which FLOT member signed or not？

ttutdxh 2015-12-08 00:20:11 UTC #21

@huafei yes, just click the signature count when verifying a transaction.

@dysconnect great news, that will avoid blockexplorer.nu availability problems.

ttutdxh 2015-12-13 20:51:24 UTC #22

Added @dysconnect, @masterOfDisaster and @jooize flot-operations repositories to Cointoolkit.

You can configure Cointoolkit to use these providers under “Unspent outputs” configuration in the Settings tab

Please note dysconect’s git-multisig currently only support FLOT NBT addresses, so right now these three providers only store data for FLOT NBT address BqyRzFtWXDmjxrYpyJD42MLE5xc8FrB4js. It is still a great backup for urgent FLOT transaction crafting.

Also added script debugging:
http://imgur.com/H3LihCt

and signature position data:
http://imgur.com/1KaDNXU

while verifying transactions. Hope that helps with future troubles.

mhps 2015-12-19 15:42:35 UTC #23

Feature request: a “current signings” page that lists multisig signings that are not completed (and maybe a history of recent completed ones.) With this FLOT member don’t have to go to nubits.com to click on links to sign incomplete signings. With each signing a remark can be made by the signer to put reason and e.g. URLs to posts.

ttutdxh 2015-12-19 15:58:31 UTC #24

I think that may be counter-productive. There is risk someone signs that listed signings only because they are there. Any signing requires from FLOT to manually check and verify what and why they are signing it.

Maybe a better approach for that is using a wiki like in the voting hotlist so we can add and remove links to the signing requests on demand, state the reasons why it should be signed with link to the sources, the motions requiring us to do so…

mhps 2015-12-20 00:54:31 UTC #25

If all required number of FLOT members do this there is little hope they will do their due deligence from a forum post or an email/bitmessage

How about allowing other allowed signers to add remarks even if they don’t sign

ttutdxh 2015-12-20 11:40:45 UTC #26

That adds a storage layer, identification layer, moderation, etc. That kind of changes would add the risk of attacks such as code injection, and that is a huge trade off.

Cointoolkit is designed so you don’t have to trust me or anyone else. Known identities are the exception because they are hardcoded and easy to audit and crosscheck.

Honestly I don’t see the advantages over a forum wiki with links.

mhps 2015-12-20 12:14:40 UTC #27

I agree it would not be easy to make a secure off-line page. I was thinking of a convenience tool for online signing.

nubits.com could be taken down by ddos or maybe other ways.

ttutdxh 2015-12-20 12:29:45 UTC #28

I agree, and that affects way more than signing requests. I think the forum is protected by CloudFare, but that is definitely not a complete solution to attacks.

The ideal solution would be to have something like a bitmessage mailing list, but that opens whole new problems to overcome, like who is authorized to send, what happens if that people is unavailable… And in case it is open, how stop that from becoming a spammy list.

Anyway I think that creating a “contingency plan” for Nu in case something goes wrong is yet a pending task.

mhps 2015-12-20 14:23:47 UTC #29

A private chatroom/discuss board known only to the FLOTand devs might be good at least for a while.

jooize 2015-12-31 00:32:12 UTC #30

@ttutdxh: It would be neat if you made Cointoolkit order addresses lexicographically automatically (but allow manual ordering of course).

mhps 2015-12-31 04:08:13 UTC #31

I wish the new address page can output new addresses in a contunuous text block so I can copy-paste the 4 lines of “xx addres yyyy…” block in one go (to make my oen record)

ttutdxh 2016-01-02 23:09:48 UTC #32

@jooize check it out now with drag and drop!

@mhps if you really need to do that there is hacky way to do it. Open the javascript console in your browser (F12 on Chrome) then paste coinjs.newKeys(), press enter. There you go.

jooize 2016-01-02 23:21:01 UTC #33

Dayme, fancy!

masterOfDisaster 2016-01-04 20:32:53 UTC #34

Is there a way to save a link to Cointoolkit, that includes a redeem script and automatically loads that.
I have something like

http://ttutdxh-nubits.github.io/cointoolkit/?mode=nubits#newTransaction&redeemingFrom=5321034b0bd0f653d4ac0a2e9e81eb1863bb8e5743f6cb1ea40d845b939c225a1a80ff2102a144af74d018501f03d76ead130433335f969772792ec39ce389c8a2341552592103661a4370dfcfbcea25d1800057220f4572b6eecab95bb0670e8676a9e34451dc210234139729dd413c84a71a0bfd6f236790be861b37311cef3240277c940e4b0c072102547427fc2ea3a0ab9ef70f5e1640ff5112b113f65696948f992bd0770b94257155ae#verify

for NBT and

http://ttutdxh-nubits.github.io/cointoolkit/?mode=bitcoin&verify=55210234139729dd413c84a71a0bfd6f236790be861b37311cef3240277c940e4b0c072102435b894b94b4b27dd24436b3f9ad0b9409d855ab4be6e91141d445804e84750b2102e2fcdfe246e9cd4864d9119b8af465487385eccd0ea30a8cb21d44d36818189f210312cd6eb361c9ebb0d90e44946492a237eab4c7a7d88a0db800f2f460937cc22f21034b0bd0f653d4ac0a2e9e81eb1863bb8e5743f6cb1ea40d845b939c225a1a80ff2103661a4370dfcfbcea25d1800057220f4572b6eecab95bb0670e8676a9e34451dc2103a5fc09a5de595e4758bfbc3a932e2c448cc49a557dd6e64788cee530a76225212103da8082062298c40f0b473b74f3c95b57eaaebe3e67ed30ce56347b2e727915fb58ae#verify

for BTC in mind.
That could make using it from mobile phone more convenient (and reliable?).

Cybnate 2016-01-05 00:18:41 UTC #35

We had similar thoughts apparently today. I’ve asked Matthew whether it is feasible to integrate the multisig functionality as offered in cointoolkit within NuDroid. I think that would be great functionality if feasible and not too complicated. Will let you know when I’ve had a response. The user interface may proof the hard part though.

ttutdxh 2016-01-05 04:39:55 UTC #36

Yes you can:

http://ttutdxh-nubits.github.io/cointoolkit/?mode=bitcoin&address=55210234139729dd413c84a71a0bfd6f236790be861b37311cef3240277c940e4b0c072102435b894b94b4b27dd24436b3f9ad0b9409d855ab4be6e91141d445804e84750b2102e2fcdfe246e9cd4864d9119b8af465487385eccd0ea30a8cb21d44d36818189f210312cd6eb361c9ebb0d90e44946492a237eab4c7a7d88a0db800f2f460937cc22f21034b0bd0f653d4ac0a2e9e81eb1863bb8e5743f6cb1ea40d845b939c225a1a80ff2103661a4370dfcfbcea25d1800057220f4572b6eecab95bb0670e8676a9e34451dc2103a5fc09a5de595e4758bfbc3a932e2c448cc49a557dd6e64788cee530a76225212103da8082062298c40f0b473b74f3c95b57eaaebe3e67ed30ce56347b2e727915fb58ae#newTransaction

You have to use the address query, I didn’t document it.

masterOfDisaster 2016-01-05 04:51:51 UTC #37

Great! Thank you!
I will create some bookmarks

jooize 2016-01-15 15:12:29 UTC #38

Even better, also redirect to HTTPS automatically. A friend told me that’s possible with JavaScript.