All righty, I hereby state:

All money values in the bitcoin JSON-RPC interface Are and Shall Be treated as Decimal, with 8 digits of precision after the decimal point.

If you're writing a banking application in a language that doesn't support Decimal types from JSON, then you should pack up your bags and go home.

People keep claiming that, and yet I just did YET ANOTHER google search for "banking apis", clicked through to the Open Financial Exchange standard (from Microsoft and Quicken), and what do you know!  Money amounts look like floats:

http://www.ofx.net/OFXExamplesPage/OFXExamples.aspx

Apologies to Nefario, I was reacting to the wiki pages written by genjix on how to use PHP with bitcoind that started with:

+ First, compile my fork.
+ Next, install the GMP and BCMath libraries...

And why do I defend floats:  because simple things should be simple.  Using GMP/BCMATH is overkill for 98% of what bitcoin JSON-RPC users will be doing.

And because certain people keep beating this dead horse.  I have said that I am PERFECTLY WILLING to support strings in the JSON-RPC interface if somebody can demonstrate to me someplace where it is actually a real problem (that isn't trivially solved using something like round(value*1e8+0.5) or printf("%.08", value)).

Can you'all educate me about these mythical rounding errors that require using GMP?

I can see, maybe, if you're computing interest down to the penny on a 30-year mortgage you might conceivably be off by a penny if you use 64-bit floats instead of 64-bit integers, although even there you're going to have to think hard about rounding as you get integer remainders.

And I can see being really careful if you're writing a bitcoin exchange site or bitcoin bank that deals in thousands of internal transactions that must all balance exactly.

But for the typical PHP website that is just going to add up 10 items in a shopping cart using plain-old PHP Numbers will be just fine.   I don't see PayPal recommending that PHP users of it's APIs install GMP.  Recommending that any website dealing with bitcoins compile genjix' fork and use GMP is a really good way to ensure that nobody accepts bitcoins.

That's not part of the official API, that's just a fun hack I made one day on a whim.

The technical information in the wiki needs more attention and polish; if you have time and are a decent writer, please jump in and help out.

So before deciding to do ClearCoin, I was thinking I was going to clone one or more of the PayPal shopping cart / payment APIs.

The advantage would that all of the existing shopping cart interfaces that know how to talk to PayPal would "just work" with bitcoins (the PayPal APIs can already deal with multiple currencies) -- just replace the https://api.paypal.com/ URL (or whatever it is) and specify amounts in BTC instead of USD or EUR.

The short-term business model would be an E-Wallet for businesses (like PayPal).  The medium/long-term business plan would be to get acquired by PayPal when PayPal decided they need to support bitcoin.

If you don't like PayPal, then replace "PayPal" by "Google Checkout" or whatever other, popular payment processing gateway API is already being used by lots of websites.

I still think this is a good idea, but I'm busy, so I'm throwing it out here and hoping somebody decides to do it.

All this endless talking about the Perfect URI Scheme is very nice.

So is anybody, you know, actually working on IMPLEMENTING something?

You'll need to know how to write browser plugins for Firefox/Safari/Chrome/IE and figure out how to pass arguments to a running bitcoin/bitcoind and know how the bitcoin/bitcoind will prompt the user to confirm the transaction.  Oh, and figure out how to get the browser plugin(s) installed when bitcoin is installed.

Deciding on whether it is bitcoin:address or bitcoin://amount/address is the easy part, and I think whoever actually does the work of making this happen should define the standard.

ClearCoin requires 3 confirmations before coins are available to be released; the sender will see something like:
... while they're in the process of being confirmed.

I'll change the receiver's status page so it shows the amount awaiting confirmation, too.

yes

Feature request is here:  https://github.com/bitcoin/bitcoin/issues#issue/14

I think that's the right way to think about it.  And I think Jeff actually implementing a straw-man proposal is exactly the right thing to do.

So:  I say we don't try to defend against (3), at least not right now.  If you have root then you can install a keylogger, read memory, intercept any system call, etc etc etc.   (I would like to see somebody implement a bitcoin client that required payment verification using a cell phone app or telephone call or PIN-sent-to-email and did all the magic key management to make that work securely, but I think that's beyond the scope of what we can reasonably do right now).

Defending against (1) and (2) would help with:

a) you forget to logout so attacker sits down at your computer, starts bitcoin and empties your wallet.
b) attacker gets a hold of a filesystem backup that is not encrypted.
c) sysadmin sets file permissions incorrectly so attacker on multi-user system can read your wallet.dat
d) attacker guesses or finds out your ssh password, logs in remotely and steals your wallet.dat.

It won't help with:
- sysadmin with root privileges is evil
- system compromised by rootkit/trojan/keylogger


RE: encrypt everything:  I say maybe later.  Just encrypt everything isn't trivial: users would have to wait a minute or two or ten for Berkeley DB to rewrite all of blkindex.dat (bottleneck will be disk I/O, not the encryption), and we have to deal with "my disk filled up when I changed my password, things are half-encrypted and half-not, what do I do now?"   And I don't see a lot of value in encrypting all of wallet.dat; forget to shutdown bitcoin and an attacker that wants to know your public addresses can just open up the address book and take a screenshot.

So one of my pet peeves is the United States Legal System.

It has lots of rules.  The problem is nobody can possibly read them all.  And yet "ignorance of the law is no excuse!"

I'm a big fan of a few general, fuzzy rules and common sense.

... and we're looking for volunteers.  See http://bitcointalk.org/index.php?topic=5052.0

Quick "why no proper SSL cert" :   because it never made it near the top of anybody's TODO list.  The task is:
 + Figure out where the bitcoin.org domain is registered and make sure the MX records/etc are pointing somewhere so verification emails from the certificate authority don't get lost.
 + buy the cert and jump through the 'verify you are who you say you are' hoops.
 + replace the self-signed cert on the web server

eideteker:  Can you ask the skeptics what we, the Bitcoin Community, could do to be less "smelly" or "sketchy" ?

I find people are much more sympathetic if instead of saying "What's your problem?" you instead ask "What am I doing wrong, and how can I fix it?"

And then you can get all jujitsu on them and praise their great ideas and gently suggest that you'd only screw up whatever it is they are suggesting (and you're busy doing other stuff already) so maybe they should just go ahead and do it...

If only somebody would create a really nice animated video explaining what bitcoin is....

What theymos said.  Miners have a strong incentive to be well-connected (as do big merchants and exchangers and anybody else who generates or processes lots of transactions).

... and also remember that command-line switches override values set in the bitcoin.conf file, so if you'd modified your Windows shortcut to -paytxfee that would stick.

You're hired!

No, there is no 'mixed_debit' in my pull request.  Coins are 'immature' until they have 120+ confirmations, then they are 'generate'.

RE: botnets:  if the botnet operator is economically rational, then their best strategy to make money is to just follow the rules, mine coins, and then sell them on the exchanges.

RE: the original poster's question on "can somebody with lots of money and a willingness to spend it to mess with the bitcoin exchange rate and cause fear, uncertainty and doubt" :

Yes.  Yes, they can.  That will be true while the bitcoin economy is small, and that is why I tell people not to 'invest' money in bitcoins that they can't afford to lose.

I still predict that there will be natural price bubbles and artificial ponzi schemes and all sorts of other things causing wild swings in the value of bitcoins.   Next time I talk to an economist who knows something about currency markets I'll have to ask how big a currency has to be before it is mostly immune from speculative bubbles and price manipulation...