We Keep Coding

Setting BTC Pay Server invoice expiration time to never?

This is a follow up question to this post but my question is more programming related so I'm hoping this is the right place to post it.
I too am trying to use BTC Pay Server as a wallet. Thera are two problems:
As described in the article, you have to specify an amount when creating an invoice.
It has a security feature that basically results in you not being able to re-use deposit addresses.
The workaround for problem 1 is to set the invoice amount to 0.000001 BTC. So low that the client will always overpay. That works for me to.
But my problem is that address must not expire ever. I checked the code:
Here you can see the Invoice object.
Here you can see the code in use.
It looks like I might be able to use this:
public function setExpirationTime($expirationTime)
{
if (is_a($expirationTime, 'DateTime')) {
$this->expirationTime = $expirationTime;
} else if (is_numeric($expirationTime)) {
$expirationDateTime = new \DateTime('', new \DateTimeZone("UTC"));
$expirationDateTime->setTimestamp($expirationTime);
$this->expirationTime = $expirationDateTime;
}
return $this;
}
And set the expiration time to the year 3000. So my questions are:
Will BTC Pay server ditch my address if I attempt to use this to make it never expire?
Will I still receive the funds if a user sends to an expired address/
Or is there perhaps a better way to get BTC Pay server to act as a wallet as I want it to?
Thanks!

Will BTC Pay server ditch my address if I attempt to use this to
make it never expire?
Actually, you may encounter the year 2038 problem if the type for expirationTime is DateTime. If that really is the case, it will be set a negative value when you try to pass a value larger than 2038. It is unclear what will happen next.
If the system the code is running on is 64bit, then the Y2038 problem does not apply.
Will I still receive the funds if a user sends
to an expired address
https://docs.btcpayserver.org/FAQ/FAQ-Stores/#payment-invalid-if-transactions-fails-to-confirm-minutes-after-invoice-expiration
If the customer pays the invoice, but it fails to get the defined
number of confirmations within the set period, it is marked as
"invalid." The merchant can then decide whether to accept the invoice
afterward manually or decline it and require additional payment from
the customer. This is an additional protection mechanism against the
volatility
So not exactly - some work is required on your part to accept it, if it expires.
Or is there perhaps a better way to get BTC
Pay server to act as a wallet as I want it to?
Instead of setting it to the year 3000, why don't you just set the invoice a year ahead at a time ?

Issues during implementation of custom ETH settler

I have investigated and played with corda-settler project. Following the recommendations within the documentation, I have created a custom ethereum module (with an outline similar to the ripple module), providing the option to settle obligations using off-ledger payments in ETH. The implementation (https://github.com/vladichhh/corda-settler)
consists of the following significant pieces:
flows
MakeEthPayment
services
ETHClient
ETHService
types
EthPayment
EthSettlement
token
registered DigitalCurrency for ETH
oracle
added logic for ETH payment verification
MakeEthPayment.kt
#Suspendable
override fun makePayment(obligation: Obligation<*>, amount: Amount<T>): EthPayment<T> {
// get ETHService client
val ethClient = serviceHub.cordaService(ETHService::class.java).client
val recipient = obligation.settlementMethod?.accountToPay.toString()
val amountToSend = amount.quantity.toString()
// trigger ETH transfer
val txHash = ethClient.sendEth(recipient, amountToSend)
// return the payment
return EthPayment(txHash, amount, PaymentStatus.SENT)
}
ETHClient.kt
fun sendEth(recipient: String, amount: String): String {
val weiAmount: BigInteger = Convert.toWei(amount, Convert.Unit.GWEI).toBigInteger()
val credentials: Credentials = WalletUtils.loadCredentials(walletPassword, walletFile)
val transactionReceipt: TransactionReceipt = Transfer
.sendFunds(web3j, credentials, recipient, BigDecimal(weiAmount), Convert.Unit.WEI)
.send()
return transactionReceipt.transactionHash
}
In order to send the required ETH amount to the specified recipient account, we have to do some Ethereum specific stuff:
we are connecting to Ethereum public blockchain environment, using “web3j” library
in order to trigger am Etherem transaction and transfer specified ETH amount, "web3j" requires an access to the file, containing encrypted sender's wallet
thus we have to provide password (to decrypt wallet) and location of the file, containing encrypted sender's wallet
And here are the issues:
I got the exception that the file could not be found, no matter where I am putting it. I have checked even the “swift” implementation and tried to use the class loader to load my file, but without success.
I suppose, the file with encrypted sender’s wallet should be located on one of the following places:
corda-settler/ethereum/src/main/resources/file.tmp
corda-settler/cordapp/src/main/resources/file.tmp
Finally I have hardcoded the location in that way:
/Users/vladimirhristov/WebstormProjects/Corda/corda-settler/cordapp/src/main/resources/file.tmp
and seems that the file was found but got another exception:
java.lang.OutOfMemoryError - screenshot
Seems that the operation of wallet decryption is highly consuming, which breaks maybe the flow. There is an option to reduce the algorithm complexity of the wallet generation, which will reflect in lower resources required to decrypt the same wallet at the next step, but this will reduce the security as well.
And here are my three basic questions ...
How could I specify (location/mechanism) and make flow to find successfully my file, containing the sender’s encrypted wallet ?
How could I access a files in the flow, or if there is another mechanism to attach only the file with encrypted wallet and pass the decryption to core Corda ?
Do I need just to increase node resources (tuning JVM params increasing -Xms/-Xmx) in order to avoid OutOfMemoryError ?
Content of the file (containing encrypted sender’s wallet):
file.tmp
{"version":3,"id":"ecb51768-8564-498a-bb11-3a5a5c8dc0bb","address":"2bafc482bd227dfd5ba250521a00be3a4cc88bbd","crypto":{"ciphertext":"e0511415792dfa7221ba1b8f32b8ec98e1410f45e612e2100df1aceddfdb22bd","cipherparams":{"iv":"7ffa2af08f502c63d57e62440ad77539"},"cipher":"aes-128-ctr","kdf":"scrypt","kdfparams":{"dklen":32,"salt":"8051a5df1c02eb3eba81d2920fbb84b76b948a1248bbba62ffff684e733948cf","n":131072,"r":8,"p":1},"mac":"be23fe0e261ba38892581d80afd0c86563748377b5cc702b6ed3285a13cceff6"}}
I will appreciate any help! Thanks in advance :)

VERY strange that Corda is giving you an out of memory error when running that flow.
I'd actually say that we'd need to be able to see the code for the flow in order to know how it could have run out of memory.
Are you running it in a container? Just make sure that you're meeting the requirements to run a JVM with an application on top.
tl;dr use a 8GB RAM machine to run your Corda node on the latest version of corda that should hopefully solve this issue.
Here's the docs page on the memory requirements;
https://docs.corda.net/docs/corda-enterprise/4.5/node/performance-results.html#sizing

Is there a way to send funds from a specific bitcoin address in a wallet?

The first result from Google gave me an answer from 2012 so I wondered if there was a better one than 'use armoury' now?
It's fine if I have to decode the raw transactions, I would be grateful if someone could take me through the steps.
Thanks in advance :)

I'll answer my own question,
It was unbelievably easy.
(from the debug console or command line)
listunspent
produces a/the list of unspent outputs at your disposal.
Make a note of the 'txid', 'vout' and 'scriptPubKey' of each output you wish to use.
Use the 'createrawtransaction' command followed by a list of dictionaries containing the txid's and vout's of the inputs you chose earlier followed by the addresses you wish to send them to (the send to addresses are in a single dictionary, not a list of dictionaries).
createrawtransaction [{"txid":txid,"vout":n},...] {address:amount,...}
If you don't want to send the outputs in total (you want some change for yourself) you will need to include an address that you control in your sending dictionary (from your wallet or somewhere else) since outputs cannot be partially spent, sorry.
To pay the mining fee simply leave some of the total output amount unaccounted for and bitcoin will use it as the mining fee by default (fee is 0.0001 at time of writing).
If all went well you should be given a hex string.
Use the 'signrawtransaction' command to check there are no errors by passing in your new hex string followed by a list of dictionaries with the txid's, vout's and scriptPubKeys we got at the very beginning of all this.
signrawtransaction <hex string> [{"txid":txid,"vout":n,"scriptPubKey":hex},...]
note: in newer versions of bitcoin the list of dictionaries is not required
If you got a new hex with "complete" : true after it then all went well and you can now use the 'sendrawtransaction' command followed by the even newer hex you were just given to broadcast your newly created transaction into the bitcoin network.
sendrawtransaction <new hex string>
If you managed to sign it successfully but get a "code":-22,"message":"TX rejected" error please see the footnote below.
Notice it only took four commands in total:
*get (listunspent)
*create (createrawtransaction)
*sign (signrawtransaction)
*send (sendrawtransaction)
Easy :)
FOOTNOTE:
Be aware if you designate an unusually large fee like 0.5btc (I tried this on the testnet) the network will reject your transaction when you try to broadcast it because it thinks you've made a mistake which I discovered whilst I was experimenting.
(This is also the case if you are trying to spend more BTC than you have available.)
In the end I set the fee to 0.001 and it worked fine, here is a link to my question regarding this situation.

Another possibility is with Electrum. Under the Addresses tab right-click on one with non-zero balance and select 'Spend from'.
You have to click View > Show Addresses if you do not have the Addresses tab.

from where you wanna send your BTC. All you need to fill the withdrawal address of bitcoins. You may send your BTC to Bitfinex with the same process:
Fill withdraw address
Fill amount to be sent.
Verify your payment.
Done.

How should an application authenticate with a datastore?

I'm writing an iPad game that sends hi-score type data (ie data beyond what Game Center supports) to a Google appengine datastore. It sends these updates via http GET or POST requests, such as http://myapp.appspot.com/game/hiscore/925818
Here is how I thought to ensure the appengine datastore isn't spammed with false data.
zip/encrypt the payload data using hardcoded p#ssw0rd saved in the iOS binary. Encode that binary data as base64. Pass base64 payload in the url query string or in the POST data. At handler, unbase64, then unzip data with p#ssw0rd. Follow instructions in payload to update highscore-type data.
CON: If p#ssw0rd is somehow derived from the iOS binary, this scheme can be defeated.
Is this adequate/sufficient? Is there another way to do this?

There is absolutely no way to make sure it's your client that sends the data. All you can try is to obfuscate some thing to make it harder for spammers to submit data.
However I think there are two thing you can do:
Have some kind of secrect key saved in the binary
Have a custom algorithm calculating some checksum
Maybe you can go with a combination of both. Let me give you an example:
Create some custom (complex!) alorithm like (simplyfied):
var result = ((score XOR score / 5) XOR score * 8) BITSHIFT_BY 3
Then use your static stored key with that result and a well known hash function like:
var hash = SHA256(StaticKey + result)
Then send that hash with the score to the server. The server has to "validate" the hash by performing the exact same steps (evaluate algorithm + do the SHA256 stuff) and compare the hashes. If they match the score hopefully comes from your app otherwise throw it away, it comes from a spammer.
However this is only one thing you can do. Have a look at the link from mfanto, there are many other ideas that you can look at.
Be sure to not tell anybody about how you're doing it since this is security through obscurity.

Ok me, there are 2 methods to do this.
1) Purchase an SSL certificate for $FREE.99 and open HTTPS connections only to your server to submit hiscore type data. Connection speed should be around 500 ms due to handshake roundtrip time.
2) Embed an RSA public key certificate in your iOS app, and have the RSA private key on your server.
You can then do 1 of 2 things with this second scheme:
IF your data messages are really small (≤256 B) you can just encrypt and send 256B packages (RSA payload is limited by the number of bits in the key)
ELSE IF the data is too large (>256B), generate a random symmetric key (AES), and pack:
SYMMETRIC AES KEY ENCRYPTED WITH RSA PUBLIC KEY
BINARY DATA ENCODED WITH SYMMETRIC AES KEY
The server then takes the first 256 bytes and decodes it, then the server uses that AES key to decrypt the rest of the message.
The above 2 only prevent eavesdropping, but it means the data format of your messages is hidden. At some level, it is still a type of security by obscurity, since if the hacker has your public key AND your message format, they can manufacture messages.

Check if mail was successfully sent in VB.NET with SMTPClient

I'm trying to create an application that sends an email to an smtp-server.
The server is not set fixed, but will be looked up according to the domainpart of the email-address where the email should be sent to.
Example:
Email To: test#stackoverflow.com
Domain-Part: stackoverflow.com
Result of a MX-Record Lookup (commandline "nslookup -type=mx stackoverflow.com":
stackoverflow.com MX preference = 30, mail exchanger = stackoverflow.com.s9b1.psmtp.com
stackoverflow.com MX preference = 40, mail exchanger = stackoverflow.com.s9b2.psmtp.com
stackoverflow.com MX preference = 10, mail exchanger = stackoverflow.com.s9a1.psmtp.com
stackoverflow.com MX preference = 20, mail exchanger = stackoverflow.com.s9a2.psmtp.com
It would be quite useful, to know if the message was accepted by the mailserver and the message was successfully sent.
What I am able so far is, that I can get the SMTP-Server error code (if there was an error (StatusCode 5xx) by using the System.Net.Mail.SMTPClient Object and its SendAsync Function. There, if there was an error, I get an Exception-Object in the Callback-Event of the SMTPClient
I'm well aware that not every mailserver will tell me if the mailaccount truly exists and then reject my mail with an errorcode but instead just accept the message and then delete it. Therefore I would be grateful for another Method to check if the mail was sent (note: not read, that would be the read confirmation)
The final purpose would be:
Try to send an email to a recipient using it's domains mailserver and if it fails, proceed according to the errorcode (user does not exist -> abort / mailserver did not respond -> use another mailserver if available).
Thanks in advance (and sorry for typos :))

Unfortunately what you are looking for does not exist. Email jumps through so many hops that there is no definition of what "sent" actually means. For instance, your example of stackoverflow actually points to Postini's email servers. Postini probably passes the email around from gateways to AV's and routers. From there they either pool email or pass them on to another email server.
With email, the closest definition of "sent" is "at least I didn't get an error".
Also, a minor thing, but when using nslookup remember to add a trailing period to the domain, otherwise the domain search list is used. Generally not a big deal but every once in a while it might trip you up.
nslookup -type=mx stackoverflow.com.