I'm not sure if I was completely ignored or not.. so retrying it. The bot at https://github.com/knowitnothing/misc/ already works without a browser (specifically the one at https://github.com/knowitnothing/misc/tree/master/justdice/no_browser_bot).

And again mechs, you need to properly define the conditions for investment/divestment.

I could do this I guess. My current bot is at https://github.com/knowitnothing/misc

There is a trackplayer.py which already reconnects when disconnected, works with google auth, runs on Linux and Windows, and is open source.

You need to install Python before using it: http://python.org/download/releases/2.7.5/

PS: To get a proper bot first you need to define the actual parameters you need/want to set, very precisely. Can you do that ?

Do the math for what exactly ? To tell you what happens when house edge moves to 1.1%, .., 1.9%, etc ? Also, define what is "fine" here.

Wouldn't be better to increase the house edge then ? 1% might be nice for the players, but maybe not so nice for the investors. This is likely to increase the amount of BTC invested, allowing for a greater max profit, maybe attracting more distinct players, and in the end more profit for you.

Wow, what a reason for deciding to increase the rate to 5%...

Hopefully you don't know people that scam other people, so you won't decide to do the same because they told you it is a very common approach and should be replicated.. or

Hopefully you don't know people that dislike your site and told you to close it and disappear.. or

.. you got the idea.

I'm actually interested in knowing what kind of update is this. I mean, is there some kind of limitation regarding the way the system is coded, or the servers, or anything at all... ? This service is very new and I see people doing mistakes everywhere (security, bad code, bad decisions, etc), specially on web services so it worries me even though I've put only a tiny amount of bitcoins there.

Uhm.. site offline ? Are you ready to take a large (or, better, a not so small) volume of players or bets ?

But this is not a "normal" security, this is basically guaranteed free money supposing long-term investments and honest operation together with people "nice enough" to gamble. I guess at some point the system could change in order to make it harder to be an investor, which automatically benefits the early investors.

Is there some form of API for the operations regarding investment ?

Just pay attention when using bigquery.cloud.com. It is very easy to get charged.

I suggest giving their IRC channel a try. Last time I went there, MagicalTux answered the questions I had. But this is a tad different, I'm not sure they are willing to change their API to the earlier behavior -- but hopefully it was just a mistake somewhere, and then the situation will be reverted.

I simply don't know what is your experience with this, and on what you are basing your answers. Are you aware of, for example, http://seckb.yehg.net/2012/06/xss-gaining-access-to-httponly-cookie.html ? This is the return of five seconds googling, I hope you are aware of people that simply don't share their findings in this area. Storing passwords in plain text anywhere is simply a bad idea, supposedly safe cookies in 2013 do not make them a better idea. You can just ignore the situation, of course.

You are skipping another approach that should be obvious: there are bugs everywhere. I don't actually need to compromise a computer in order to access their cookies (including the httpOnly ones), I just need a browser with a bug that has been published (or not) which allows access to cookies.

Of course there are other approaches, maybe they are just not feasible for you ? GMail uses cookies too, but plain passwords is something you won't find there.

What, exactly, is the guarantee that Coinbase won't suffer the same problem as Dwolla ?

The issue is about MtGox not properly filling papers, so any service based on US dealing with MtGox is a potential target for shutdown. If that is not the case due to MtGox "re-filling" papers correctly, I would be more than glad to know.

BTC-e is completely retard on the ban issue.

Using bots and respecting their artificial limit of one query per second still can get you banned. I'm not fully against the ban, but the huge issue is that you get banned for every kind of access. This means you can no longer access the site, and the support email is a black hole. No email is sent telling the reason for the ban, neither how long will the IP continue banned. There is also the issue regarding dynamic IPs.

All in all, BTC-e please get smarter and change the way your ban behaves. Revoke the API key if you must, but don't act like a robber.

This also applies for every other kind of ban that is possible in BTC-e: the ban should block /only/ the action that caused the ban, not the fucking whole account for any kind of access.

Nice layout, and I'm mostly ok with the API.

But! This is a big "but" for me, by the way. Stop storing the user/password in a cookie, and specially do not store anywhere in plain text (much more specially don't do that in the cookies!). I just did a SELECT * FROM moz_cookies WHERE baseDomain = 'coinroll.it'; on cookies.sqlite from Firefox and I see everything as clear as it can get.

My second issue is the limit of bets. Are you scared of someone suddenly getting lucky on < 1 and stealing all your pot ?

Nevertheless, congrats on making a decent API for it.

Is that a poem ?

You are supposed to collect data in real time, which is very different from doing analysis in real time. There is very little value in doing the analysis in real time, actually.

So suppose right now you have all data ever produced by some exchange, and some new data come in. You aggregate it to your existing data, and, for example, each 5 minutes you update your analysis on this data. Note that there is also little value in using the entire history for doing something like EMAs, per definition of EMA. You still need to resample data, but only each 5 minutes. And resampling is done very efficiently by pandas.

I didn't really read the thread, but it seems people is using pandas here. Are you aware of the resample method that is available ? If you have real time (ticker) data, you can resample it based on any granularity very easily using pandas.

There is a huge difference in using generated key/secret pairs from using the actual username/password pairs. For a starter, the former can be restricted to perform only certain operations, the latter can perform everything always. Even if some key/secret from MtGox or BTC-e were leaked, it could be the case that the attacker wouldn't be able to do anything interesting with them.

It looks like MtGox changed its behaviour regarding fetch of old trades. We all know there is a jump at transaction id 218868, but I'm pretty sure it was possible to continue fetching data by specifying ?since=218868 and so on. But now MtGox is returning no trades at that point, and it is necessary to manually to do the jump.

This was reported to me at https://github.com/knowitnothing/btcx/issues/1 and can be seen by visiting https://data.mtgox.com/api/2/BTCUSD/money/trades/fetch?since=218868