PHP. This code also checks our SSL certificate. You can download this yourself (in Firefox, click the padlock on the rmbtb.com URL bar, More Information… → View Certificate… → Details → Save) and save it in a secure location. <?php
/**
* PHP RMBTB SECURE API WRAPPER
*
* COPYRIGHT & LIMITATIONS
* (c) 2013 rmbtb.com, released under the BSD license. You are free to copy, redistribute, and include this
* code in your own application, for personal or commercial purposes.
*
* However, you may NOT brand yourself or any code or services as "RMBTB", "人盟比特币", or explicitly
* or implicitly represent any services or software as being provided by or endorsed by RMBTB.
*
* INSTRUCTIONS
* This wrapper should be mostly compatible with other PHP API implementations, and so you can pretty much just
* drop this in as a replacement for other API access layers in PHP applications, with some small changes.
*
* You can use either the default (float) or the integer wrapper.
* Please read the configuration section and security suggestions below.
*
* EXAMPLE USAGE
* $rmbtbApi = new Rmbtb_Secure_API('BTCCNY', RMBTB_API_PUBKEY, RMBTB_API_PASSPHRASE);
* print_r($rmbtbApi->get_info());
* print_r($rmbtbApi->add_order('bid', 5, 650));
*
* // or...
* $rmbtbApiInt = new Rmbtb_Secure_API_Integer('BTCCNY', RMBTB_API_PUBKEY, RMBTB_API_PASSPHRASE);
* print_r($rmbtbApiInt->add_order('ask', 500000000, 65000000));
*/
/**
* Configuration
*
* Set your configuration options here.
* It is recommended that you store these in a separate file, in a more secure location on your server, and include() the
* file.
* e.g. require('/path/to/rmbtb/config.php');
*/
// Your API username and passphrase
define('RMBTB_API_PUBKEY', 'r-api-e888a-1111d-181818-6fafa7-fa18fa-8888a-9fsx');
define('RMBTB_API_PASSPHRASE', 'n4ajpX/df*2A%%xxT>Pq<_24pxcpH|^Q5nhQab==!=IIh%/x-');
/*
* Location to a copy of the rmbtb.com SSL certificate. This is used to
* verify the connection and ensure you are not communicating with an impostor.
* You can download and export it using your browser.
*/
define('RMBTB_CERT_LOC', 'rmbtb-cert.pem');
/*
* A secure, writable location where this script will store your temporary API secrets.
* The file does not need to exist, but the folder must, and it must be writable.
* Do not put this anywhere accessible from the web!
*/
define('RMBTB_LOCAL_STORAGE_LOC', 'rmbtb-store.dat');
/**
* End of configuration section
*/
/**
*
* The base API class. This is extended below if you need to deal with integers rather than floats.
*/
class Rmbtb_Secure_API {
private
$urlBase = 'https://www.rmbtb.com/api/secure/',
$currencyPair,
$key,
$passphrase,
$secret,
$secretExpiryTime,
$debug;
/**
* Constructor
* @param string $key your RMBTB Secure API public key
* @param string $passphrase the passphrase given to you with your key
*/
public function __construct($currencyPair, $key, $passphrase, $debug = false) {
$this->debug = $debug;
$this->currencyPair = $currencyPair;
$this->key = $key;
$this->passphrase = $passphrase;
$this->load_secret(RMBTB_LOCAL_STORAGE_LOC);
}
/**
* get_info()
* Get useful information about your account
* Authentication required.
* @return Array representation of JSON object
*/
public function get_info() {
return $this->request('getinfo', array(), 'GET');
}
/**
* get_funds()
* Get balance information
* Authentication required.
* @return Array representation of JSON object
*/
public function get_funds() {
return $this->request('wallets', array(), 'GET');
}
/**
* ticker()
* Get balance information
* @return Array representation of JSON object
*/
public function ticker() {
return $this->request('ticker', array(), 'GET', false);
}
/**
* get_orders()
* Get your 50 most recent orders
* Authentication required.
* @return Array representation of JSON object
*/
public function get_orders() {
return $this->request('orders', array(), 'GET');
}
/**
* add_order()
* Place a new order
* Authentication required.
* @param string bid|ask $type
* @param float $amount amount of BTC to buy/sell
* @param float $price bid or ask price
* @return Array representation of JSON object
*/
public function add_order($type, $amount, $price) {
return $this->request('order/add', array('type' => $type, 'amount' => $amount, 'price' => $price), 'POST');
}
/**
* add_order()
* Cancel an order
* Authentication required.
* @param integer $orderid the Order ID to cancel
* @return Array representation of JSON object
*/
public function cancel_order($orderid) {
return $this->request('order/cancel', array('oid' => $orderid), 'POST');
}
/**
* fetch_order()
* Fetch order details
* Authentication required.
* @param integer $orderid the Order ID to fetch
* @return Array representation of JSON object
*/
public function fetch_order($orderid) {
return $this->request('order/fetch', array('oid' => $orderid), 'GET');
}
/**
* get_trades()
* Get your 50 most recent trades
* Authentication required.
* @return Array representation of JSON object
*/
public function get_trades() {
return $this->request('trades/mine', array(), 'GET');
}
/**
* last_trades()
* View the last 80 public trades
* @return Array representation of JSON object
*/
public function last_trades() {
return $this->request('trades/all', array(), 'GET', false);
}
/**
* get_depth()
* View the market depth
* @return Array representation of JSON object
*/
public function get_depth() {
return $this->request('depth', array(), 'GET', false);
}
/**
* Performs the request.
* @param string $method the API address
* @param array $params the API method parameters
* @param string GET|POST $http_method the HTTP method
* @param bool $auth whether to sign the request
* @return array with the returned data
* @access protected
*/
protected function request($method, $params = array(), $http_method = 'GET', $auth = true) {
$http_method = ($http_method == 'GET') ? 'GET' : 'POST';
if($auth) {
// refresh secret if necessary
$secretExpires = $this->secretExpiryTime - time();
if($secretExpires < 60) {
$this->refresh_secret(RMBTB_LOCAL_STORAGE_LOC);
}
// generate an always-increasing nonce using microtime
$mt = explode(' ', microtime());
$params['nonce'] = $mt[1].substr($mt[0], 2, 6);
// generate the POST data string
$data = http_build_query($params, '', '&');
// generate the extra headers for message verification
$headers = array(
'Rest-Key: ' . $this->key,
'Rest-Sign: '. base64_encode(hash_hmac('sha512', $data, $this->secret, true))
);
} else {
$data = http_build_query($params, '', '&');
$headers = array();
}
$data = $this->do_curl($method, $data, $headers, $http_method);
return $data;
}
/**
* Loads the last API secret from your local storage file.
* Secrets expire every two hours, so we only use the secret if it was stored less than two hours ago.
* If it has expired, we load a new one.
* @param string $loc the location where the last secret was stored.
* @return bool false on failure
* @access private
*/
private function load_secret($loc) {
$this->secret = false;
$this->secretExpiryTime = false;
if(file_exists($loc)) {
$storTime = @filemtime($loc);
// Account for a bug in Windows where daylight saving is not reflected correctly
$isDST = (date('I', $storTime) == 1);
$systemDST = (date('I') == 1);
$adjustment = 0;
if($isDST == false && $systemDST == true) {
$adjustment = 3600;
} else if($isDST == true && $systemDST == false) {
$adjustment = -3600;
}
$storTime += $adjustment;
$elapsed = time() - $storTime;
if($elapsed < 7200) {
// secret has not yet expired
$this->secret = trim(file_get_contents($loc));
$this->secretExpiryTime = $storTime + 7200;
return true;
}
}
// secret has expired or we've never created one before
return $this->refresh_secret($loc);
}
/**
* Fetch a new secret from the API
* @param string $loc the location to store the secret
* @return bool true on success
* @access private
*/
private function refresh_secret($loc) {
if($this->secret = $this->obtain_new_secret()) {
file_put_contents($loc, $this->secret);
$this->secretExpiryTime = time() + 7200;
return true;
}
return false;
}
/**
* Requests a new API secret, which will be tied to our IP and will
* last for 2 hours.
* @return string our new secret, or false on error.
* @access private
*/
private function obtain_new_secret() {
$postData = 'api_passphrase=' . urlencode($this->passphrase);
$headers = array(
'Rest-Key: ' . $this->key
);
$data = $this->do_curl('getsecret', $postData, $headers, 'POST');
return $data['data']['secret'];
}
/**
* Performs the request
* @param string $path the API method path
* @param string $data the GET url string, or the POST body
* @param array $headers headers to send -- e.g. our Rest-Key and Rest-Sign
* @param string GET|POST $http_method the HTTP method to use
* @return array representation of JSON response, or an error.
* @access private
*/
private function do_curl($path, $data, $headers, $http_method) {
static $ch = null;
$url = $this->urlBase . $this->currencyPair . '/' . $path;
if($this->debug) {
echo "Sending request to $url\n";
}
if (is_null($ch)) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; RMBTB PHP client; '.php_uname('s').'; PHP/'.phpversion().')');
}
if($http_method == 'GET') {
$url .= '?' . $data;
} else {
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
}
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_CAINFO, RMBTB_CERT_LOC);
// run the query
$response = curl_exec($ch);
if($this->debug) {
echo "Response: $response\n";
}
if (empty($response)) {
throw new Exception('Could not get reply: ' . curl_error($ch));
}
$data = json_decode($response, true);
if (!is_array($data)) {
throw new Exception('Invalid data received, please make sure connection is working and requested API exists');
}
$this->quit_on_error($data);
return $data;
}
/**
* Parses the returned data, and bails if it contains an error.
* @param array $data an array representation of returned JSON data
* @return void
* @access private
*/
private function quit_on_error($data) {
if($data['error'] !== false) {
throw new Exception("\n\nError received from API: {$data['code']}\n-----------------------------------\n{$data['error']}\n\n");
exit();
}
}
}
/**
*
* Use this if you prefer to use integers to order.
*/
class Rmbtb_Secure_API_Integer extends Rmbtb_Secure_API {
/**
* add_order()
* Place a new order
* Authentication required.
* @param string bid|ask $type
* @param integer $amount_int amount of BTC to buy/sell
* @param integer $price_int bid or ask price
* @return Array representation of JSON object
*/
public function add_order($type, $amount_int, $price_int) {
return $this->request('order/add', array('type' => $type, 'amount_int' => $amount_int, 'price_int' => $price_int));
}
}
|
|
|
|
Here's the Python code: # -*- coding: utf-8 -*-
#
# PYTHON RMBTB SECURE API WRAPPER
#
# COPYRIGHT & LIMITATIONS
# (c) 2013 rmbtb.com, released under the BSD license. You are free to copy, redistribute, and include this
# code in your own application, for personal or commercial purposes.
#
# However, you may NOT brand yourself or any code or services as "RMBTB", "人盟比特币", or explicitly
# or implicitly represent any services or software as being provided by or endorsed by RMBTB.
#
#
# EXAMPLE USAGE
# >>> rmbtb = RmbtbSecureAPI("API_KEY_HERE", "API_PASSPHRASE_HERE", "BTCCNY")
# >>> rmbtb.ticker()
# >>> rmbtb.add_order(type="ask", amount=3.1, price=650.00)
#
# // or...
# >>> rmbtb = RmbtbSecureAPIInt("API_KEY_HERE", "API_PASSPHRASE_HERE", "BTCCNY")
# >>> rmbtb.add_order(type="bid", amount=310000000, price=65000000)
#
import time, datetime, json, urllib, urllib2, base64, hmac, gzip
from hashlib import sha512
from os import path
class RmbtbSecureAPI(object):
"""The base RMBTB class"""
#Set the following to a local, secure, writeable location to store temporary secrets.
RMBTB_LOCAL_STORAGE_LOC = "rmbtb-store.dat"
RMBTB_BASE_URL = "https://www.rmbtb.com/api/secure/"
def __init__(self, key, passphrase, currencyPair="BTCCNY"):
self.key = key
self.passphrase = passphrase
self.currencyPair = currencyPair
self._load_secret(self.RMBTB_LOCAL_STORAGE_LOC)
def get_info(self):
"""Get account information"""
return self._request(api="getinfo", httpMethod="GET")
def get_funds(self):
"""Get wallet balances"""
return self._request(api="wallets", httpMethod="GET")
def ticker(self):
"""Get ticker data"""
return self._request(api="ticker", httpMethod="GET", auth=False)
def get_orders(self):
"""Get my orders"""
return self._request(api="orders", httpMethod="GET")
def add_order(self, type, amount, price):
"""Place an order"""
params = {
'type': type,
'amount': amount,
'price': price
}
return self._request(api="order/add", params=params, httpMethod="POST")
def cancel_order(self, orderid):
"""Cancel an order"""
params = {
'oid': orderid
}
return self._request(api="order/cancel", params=params, httpMethod="POST")
def fetch_order(self, orderid):
"""Get order details"""
params = {
'oid': orderid
}
return self._request(api="order/fetch", params=params, httpMethod="GET")
def get_trades(self):
"""Get your recent trades"""
return self._request(api="trades/mine", httpMethod="GET")
def last_trades(self):
"""Get recent market trades data"""
return self._request(api="trades/all", httpMethod="GET", auth=False)
def get_depth(self):
"""Get market depth"""
return self._request(api="depth", httpMethod="GET", auth=False)
def _load_secret(self, loc):
"""Private method; loads secret from storage"""
self.secret = False
self.secretExpiryTime = False
if path.exists(loc):
storTime = datetime.datetime.fromtimestamp(path.getmtime(loc))
timeNow = datetime.datetime.now()
self.secretExpiryTime = storTime + datetime.timedelta(hours=2)
if (datetime.datetime.now() < self.secretExpiryTime):
# secret has not expired
self.secret = open(loc).read().strip()
return True
#secret has expired or we've never created one before
return self._refresh_secret(loc)
def _refresh_secret(self, loc):
"""Private method; refreshes the secret"""
self.secret = str(self._obtain_new_secret(loc))
if self.secret != False:
f = open(loc, 'w')
f.write(self.secret)
f.close()
self.secretExpiryTime = datetime.datetime.now() + datetime.timedelta(hours=2)
return self.secret
def _obtain_new_secret(self, loc):
"""Private method; Gets the new secret"""
postData = "api_passphrase=" + urllib2.quote(self.passphrase)
headers = {
"Rest-Key": self.key
}
data = self._curl_call(api="getsecret", paramStr=postData, headers=headers, httpMethod="POST")
return data["data"]["secret"]
def _request(self, api, params={}, httpMethod="GET", auth=True):
"""Private method; creates the API request parameters / auth headers"""
'GET' if (httpMethod == 'GET') else 'POST'
if auth:
#refresh secret if necessary
if (self.secret == False) or (datetime.datetime.now() > (self.secretExpiryTime - datetime.timedelta(seconds=60))):
self._refresh_secret(self.RMBTB_LOCAL_STORAGE_LOC)
params[u"nonce"] = str(int(time.time()*1e6))
sendParams = urllib.urlencode(params)
mac = hmac.new(self.secret, str(sendParams), sha512)
sig = base64.b64encode(str(mac.digest()))
headers = {
"Rest-Key": self.key,
"Rest-Sign": sig,
"Content-Type": "application/x-www-form-urlencoded",
}
else:
sendParams = urllib.urlencode(params)
headers = {}
data = self._curl_call(api=api, paramStr=sendParams, headers=headers, httpMethod=httpMethod)
return data
def _curl_call(self, api, paramStr=None, httpMethod="GET", headers={}, timeout=8):
"""Private method; performs the request"""
url = self.RMBTB_BASE_URL + self.currencyPair + "/" + api
headers.update({
'User-Agent': "Mozilla/4.0 (compatible; RMBTB Python client)",
'Accept-Encoding': 'GZIP',
})
if httpMethod == "POST":
headers["Content-Type"] = "application/x-www-form-urlencoded"
sendParams = paramStr
else:
url = url + "?" + paramStr
sendParams = False
if sendParams:
request = urllib2.Request(url, sendParams, headers=headers)
else:
request = urllib2.Request(url, headers=headers)
response = urllib2.urlopen(request, timeout=timeout)
data = json.loads(response.read())
if not(u"data" in data):
if(u"error" in data):
raise Exception(u"Error received: " + data[u"error"])
else:
raise Exception("An error occurred")
return data
class RmbtbSecureAPIInt(RmbtbSecureAPI):
"""Use this class if you prefer to deal with integers"""
def add_order(self, type_int, amount_int, price):
"""Place an order"""
params = {
'type': type,
'amount_int': amount_int,
'price_int': price_int
}
return self._request(api="order/add", params=params, httpMethod="POST")
|
|
|
|
我们秉承在建立之初的宗旨,“安全、简单、快速”,所以我们不断脚踏实地的对我们的网站进行改进。 人盟比特币最新的API"Secure API"正式上线了.像其他交易网站一样,我们的API可以让你用自行设计的程序或第三方软件更方便地观察市场,进行交易。 我们的API基本和其他市场的API相当,但研究了各个API后,我们对API的安全有一些改进的解决方案。 - sign API的密钥与IP地址相锁定,同时每两个小时更新一次. 签API的密钥通常共享储存.大多数的网站在数据库内储存密钥。这种方式会有安全隐患--所以我们用一个长口令来申请与IP地址锁定的密钥,来替代在数据库储存API。由于密钥和IP地址锁定,同时我们数据库不储存你的密钥,这会提高你的账户安全性。
- 你可以为每个API设置单独的接入权限级别.可以设置为仅仅查看市场数据,或者仅仅查看你的账户余额,或是可以进行完整操作。这意味着你可以根据不同应用的需求来进行不同级别的接入,将风险尽可能隔离。
- IP 地址安全名单. 你可以设置允许使用你密钥和口令的IP 地址。你可以使用几个IPv4或IPv6 ranges。这意味即使有人偷了你的口令,他也无法使用。
- API 交易额度. 你可以设置通过API进行交易的额度,如果你的程度出现问题,也可以将交易控制在一个范围内。
- 优惠的交易费. 目前,用API进行交易可以享受50%的交易费优惠,意味着仅仅只有0.15%的交易费用!
. . API目前无法进行提现,所有的提现还是需要我们人工进行复核和操作。 使用手册Python的例子PHP的例子JavaScript(Node.js)的例子Ruby的例子Java的例子你可以任意使用我们的示范代码,但是请阅读以下我们的声明. 其他语言也在进行中,我们会陆续发布! 如果您想知道特定语言,也可以告知我们。  |
|
|
|
|
My suggestion would be not to include a Bitcoin logo due to the risk of theft/mugging
|
|
|
|
Today RMBTB.com is releasing a new trading API, the "Secure API". Like other exchanges, this API allows you to monitor the market and/or trade remotely or using third-party apps. The implementation is broadly compatible with other competing APIs, but we went a little further, with advice from security experts, to ensure it is more secure. - Shared secrets used to sign API requests are IP-locked and rotated every two hours. API signing uses a shared secret. Most sites store this secret in the database. We don't like this -- so instead of issuing you a secret which is stored in the database, we issue you a long passphrase, which you can use to request a new IP-locked secret. This improves account security in the event of our site being compromised, as secrets are locked to your IP address, and passphrases are never stored.
- For each API key you create, you can enforce access rights. You can set what each key can do -- they can be limited (for viewing basic information), read-only (for viewing account balances and trades), or full (for trading). This means that you can grant access only to the applications that need it.
- IP/subnet whitelisting. You can choose which IP addresses or ranges can use your key/passphrase combo. You can specify multiple IPv4 or IPv6 ranges. This means that if someone stole your passphrase, they couldn't use it.
- API trade limits. You can limit the orders placed to the API. This limits the possible damage should your API credentials be compromised, or should your client run haywire.
- Split fee. Until further notice, orders placed via the API will receive a 50% trade fee discount! (that means a flat 0.15% fee!)
. . There is no API withdrawal function; As usual, all withdrawals are subject to prompt human review and processing. DocumentationSample Python wrapperSample PHP client wrapperSample JavaScript (Node.js) wrapperSample Ruby wrapperSample Java wrapperPlease feel free to use this code as you wish, subject to the warnings and disclaimer on the documentation page ( THERE MAY BE BUGS). More examples in the works; watch this space! |
|
|
|
OK, Adam...  So, you created an abstract coin, which is pretty much like other Alt coins (abstract), just lacking cryptographic proof of work to secure the ledger. Now, recognizing what it was missing, you have decided to use the blockchain as the ledger. Are all these projects embedding stuff in the blockchain just an elaborate scheme to twist dev's arms into addressing the blocksize limitation sooner? Or am I missing something? What's the benefit here? |
|
|
|
Very interesting stuff. I love seeing the brilliance among this community. However, I sit in the camp that says the escrow agents aren't going to work. Whenever someone says the word "peg" in relation to monies or commodities or assets of any kind, huge red flags should go up. We have seen often in discussion regarding Bitcoin, people have suggested, "well why not just peg it to gold, or to dollars, or some other other stable asset to eliminate the volatility?" (Max Keiser suggested such a thing a couple months ago...  ) The reason is that you cannot peg one asset to another in an open market. The peg will be broken. The reason is what some of the others here have described - it will become the target of a speculative attack. And the attacker has a nearly guaranteed chance of winning if he has enough money to throw at it. In the real world, we have seen such speculative attacks on government currencies including the Thai Baht and UK pound (that's how Soros got famous). If private actors can break the pegs of government currencies, it can be reasonably inferred that breaking a crypto-asset peg with a market cap of only several million dollars would be trivial. An escrow fund cannot be expected to keep an exchange rate stable when set against the forces of hostile speculators. Dacoinminster says You are quite right that some currencies will fail. For instance, if I define a currency that appreciates at 10% a day, it will definitely not be able to track that. He's suggesting that currencies/assets which don't move in a volatile manner, like 10% a day, would be able to be successfully tracked long term by the escrow fund. What he's missing is that when you add speculative attacks, the attacker can turn any otherwise stable asset into an asset that is trying to appreciate/depreciate 10% per day! That's the problem. Anyone with a bunch of money can come in and start acquiring or dumping the asset in question. The escrow fund will bankrupt itself trying to re-balance in perpetuity. I do not believe there is a way around this problem. If there was, why don't we just create an escrow agent for Bitcoin, right now, that keeps the price forever between $95 and $105? Why doesn't MtGox create a capital pool of $100m in escrow to enforce this peg? Because someone with $200m will break the peg, and make a killing (and the attacker probably doesn't even need that much when you throw in various leveraged instruments). I don't want to throw the baby out with the bathwater here, however. Dacoinminster - do you believe your system is worthy of development if we assumed the escrow/stability idea was proven to be unworkable? Is that escrow/stability system for user-defined currencies the core value proposition of your idea? For the record, I don't think "stability" of an asset price can be achieve through the machinations of market actors. Stability is something which must be arrived at, over time, as a market finds equilibrium. It's an organic process, which cannot be counterfeited, though so many central planners have tried. In any case, this is really fascinating technology being discussed and kudos to you OP for the creativity and work that's gone into this. +1. This is exactly what I meant by "Norman-Lamont-y". Except this would be easier than breaking a national peg, not only because of the reduced volume required, but the fact that the escrow will behave entirely predictably. You know when it will buy and sell, and how much. More to the point however, I just don't understand stability as a goal in and of itself. In my mind, a stable valuation represents that other, more important goals underpinning the valuation have been met. If stability is not there, there is a reason for it. If that reason is "we are so small it is easy to get kicked around", then pissing away money every time someone kicks you around seems a bit daft. It hasn't made you bigger or stronger -- just "more stable" (and even that last part is debatable -- in reality it has likely just ensured that your future kickings increase in brutality and frequency). |
|
|
|
|
I'm not sure if this really is a scam -- seems too obvious to be one... but...
The best way to do this is for him to STFU until he has at least a semi-working client. Everyone has ideas. Having and executing ideas is what makes the difference. That doesn't preclude collaboration on the protocol, which is very important... but that's very different from an "OFFICIAL LAUNCH" thread.
For funding -- fair enough to ask for funding if this will be a group effort, but this isn't the way to do it. There are plenty of crowdfunding sites where dacoinmeister could be more open and accountable. If he wants to be sent money directly, then he could create contracts which we could sign and release using multisig transactions.
Still a hell of a risk though. The only difference between this being valuable and worthless is a single flaw in the code. And there isn't any code yet.
|
|
|
|
• Capability to hold a stable user-defined value, such as an ounce of gold or U.S. Dollar, with no need to trust a person promising to back up that value
This is a bit of a concern. I skimmed through the white paper and saw the plans for moderating supply and using an escrow reservoir. It all seems a bit... Norman Lamont-y though.... I understand the escrow aggression level, but the escrow will still behave entirely predictably, right? As such, what's stopping rich people trading against it? Maybe I just don't see the attraction of artificially stable commodities. |
|
|
|
Why does this matter, seems completely arbitrary
what does bitcoin market cap have to do with anythign? or is this just more perma bull garbage?
Why did you invite me to this birthday party? Celebrating the earth going around the sun 21 times seems completely arbitrary Is this just more happy people garbage? |
|
|
|
|
I don't know.... I think if you're selling something that is returnable, you have to give the buyer the right to change their mind. As above, in most jurisdictions (e.g. across Europe), this isn't actually up to the seller -- they are statutory rights that every consumer has.
|
|
|
|
A moderator acting like a total clown is what's bothering me. It should bother you as well.
I don't have any issue with Blitz. He's a good moderator. Surely, his predictions were mostly wrong, but everyone has only 50% chance of guessing right. My predictions were also mostly wrong even though I never told about them on forum. Your attitude seems childish and too emotional to me. Your posts most of the time don't bring anything new into discussion, and usually are just filled with hate. Not only towards speculation, but your recent posts about astrology also were mostly rage-based. So my action: Ignore. My problem with Blitz was less the predictions and more the rhetoric. I didn't consider "there will be blood" etc to be suitable for a moderator, assuming one of the agenda items of a mod might be to prevent newbies being burned by FUD. I don't think shroomsy and I were the only ones to comment on that. Anyway, I was wrong in that assumption -- and it doesn't matter anyway. Everything looks better when you're right. :-) |
|
|
|
Everything on your site is looking good too, can't wait to start making some money.
Thanks :-) Doing the last unit tests and translating the documentation -- should be ready soon! |
|
|
|
I think you need to edit the title and thread if the giveaway is over now. Just strikethrough it, but mention the 2BTC treasure hunt instead. Looking good by the way. An affiliate program going to be integrated at all?
Thanks! Will do. We've got treasure hunt posts in the Chinese forum.. didn't post them here as some of the clues required Chinese. A referral progam is on the todo list -- a few other things to clean up first. The main issue we've had with giveaways is how to differentiate real accounts from dead ones -- so in the previous giveaway, we set deposit requirements. People didn't seem so keen on that though. Perhaps something based on volume commission would work better. |
|
|
|
So, does this suggest that since accumulation is going up, the overall bitcoin market has net USD inflow, just that most of the new USD is going in through Bitstamp? i really don't know
Are there actually any credible reports of people successfully withdrawing large amounts of USD from MtGox yet? Or is this still an issue? I haven't seen a confirmed one yet. localbitcoins seems to follow gox for pricing, that's a way to pull off the bitstamp arb.
at localbitcoins you can set your own prices. I just today set mine to MtGox+0% and I buy at MtGox-10%. Could as well pick another exchange with different fees pegged to it. Yes, but unless your licensed, you're comitting a financial crime (yeah really) by selling on LocalBitCoins, and if you're receiving wires for doing it, you're leaving tons of traces in the federal govt's systems of your crimes. I don't think that's strictly true -- the letter and spirit of the FinCEN regulations appears to be aimed at regulating the exchange sector, not OTC trades. It specifically states that buying and selling virtual currencies is OK, but generating and running exchange business for fiat is not. If it is a grey area, it should be tested. |
|
|
|
Bloody hell, finding this on someone's server would be a goldmine!
So sending coins away is as simple as one GET request? The wrong people will be drooling over this.
Unless I'm misunderstanding something, I strongly recommend you forget about advising people to automatically return funds to non-existent users, and strip all that stuff out. Read-access to a server shouldn't result in this kind of compromise.
Just like how sending coins away is just as simple as a JSON-RPC request.. Read-access to a server does give you wallet.dat Not if the wallet.dat is encrypted. Using inputs.io is no where near as secure as an encrypted bitcoind instance over RPC. Where is the password stored in? On the same server? Back to where you started. On a different server? How do you get the password from the different server? Using automated functions on the same server? Back to where you started. So, you do understand the problem then! That password should never be stored on the client server, unless they are willing to take the risk to lose those BTC. Perhaps, at a stretch, they could store it in a TPM on a dedicated server. We expect tight security for CC payments, why accept anything less for Bitcoin? I don't think this can be understated: Merchants must not store something on their server that would allow their customer's bitcoins to be trivially stolen. This is a web server we're talking about, not a vault. The server probably has a bunch of other (insecure) sites hosted on it. haven't we learned anything from all the Bitcoin hacks? e-commerce providers should be aspiring to higher security than this. I looked at your other posts, you seem to know your stuff -- so you know that you should be promoting layers of security -- inbound customer coins should go to a cold wallet, and concerns should be separated -- give each process the minimum required permission it needs to perform it's job, and don't let it exceed those bounds. A coin receiver callback does not need to know how to send coins. EDIT: Oh... and you missed the "OK" in the above script. EDIT2: And you should really do $userExistsQ->free() |
|
|
|
Thanks BitPirate. It seems like a good idea. I will think about it and will try to compare with other options also.
I also though if eg. some integration with some exchange service and or third party API could bring the app some commision?
That's a great idea! There's more to such an agreement than commission charging (or sharing) though; you might need to assume some sort of risk as well, particularly if you're handling API keys. |
|
|
|
|
Hoping some others will chime in... if you want others' opinions, you can ignore me.
Obviously, I think we're better ;-) Our top priority is security and ease of use (I think some of the other exchanges in China are not secure). Our volume and depth is still low. We're working on that.
We've launched a few new features recently. For example, a notifications centre; you can receive emails or SMS when key actions take place on your account (e.g. get informed when someone logs in, or when a trade goes through).
We're also about to launch a full trading API, which should be mostly compatible with Mt. Gox, but with better security than other competitor trade APIs:
- API secrets are IP locked and automatically rotated every 2 hours (mitigates risk of storing symmetric secrets in the database)
- you can specify access and trade limits for each API key you create
- you can specify IP whitelists for each API key you create
We're offering a split fee -- trades via the API will be 50% off.
Documentation etc. coming soon.
|
|
|
|
|
Thailand hasn't banned Bitcoin -- it's just said that there are no laws governing it, and so therefore it is illegal. Many bureaucratic countries operate on this principle.
Big fail on the part of Bitcoin co, ltd for getting themselves into this situation, and then messing up the communications at the end of it.
|
|
|
|
Gox is just destroying their own business, it's so crazy. For some stupid reason i decided to deposit onto Gox, right before they changed their international wire times from 2-5 days to a totally stupid 7-10 business days. So it took a grand total of 15 days for my money to appear which is just insane in a market that trades 24/7. It's just totally unacceptable that BOTH their deposits and withdrawls are an absolute joke.
What i dont understand is, if they had problems, why didn't they get funding in, sell a small % stake or something? there would surely be lots of people willing to invest in the biggest exchange and to update and upgrade it, but they seem happy to let it slowly die a painful death.
I think it's a stretch to say they are happy about the status quo. However they're damned if they do and damned if they don't. Plenty of people on this forum were clamouring for them to be compliant and calling them idiots for not being so. Well, this is what compliance looks like -- they have to forge relationships with banks rather than trying to stay under the radar. Of course, they should have done this earlier, but that's water under the bridge at this point. IMO their biggest problem is that their communication sucks -- too old school and spinning everything. This may be a result of legal or regulatory pressure preventing them from describing the real picture, or possibly just incompetence. I could be wrong, maybe there are more serious problems... But I doubt it. |
|
|
|
|
Show Posts
