Congratulations on this epochal event. I always believed in the Bitcoin magazine and hope you succeed!

I honestly don't know. Those more involved can hopefully clarify these points. Anything I say would be guesswork.

I'll stop posting now. I've stated everything I know already.

If that's the case then they have not told us. We had a similar problem before where they thought our issue was that we weren't using Internet Explorer/hadn't cleared our cookies. It later turned out to be a problem on their end and I had to visit a branch to reset the details.

We were assured today that it should be fixed before the weekend (when the technical team is unavailable). We had to send them screenshots of the error. I attached a screenshot below. It seems like another run of the mill error (page fails to load).

Compared to other banks, they are far better. HSBC and Lloyds had constant problems all the time. We would be constantly calling in to move them to fix their technical problems. We are not the normal customer as we have hundreds of transactions a day.

yeah, that was a mistake on my part.

No database backups. Sorry for avoiding the question.

I hoped someone else could clarify this. I don't have all the full details, and would hate to make incorrect statements. I also didn't want to jeopardise efforts to refund people.

From what I gather, there are no backups of the database. Only partial records for accounting which is being used to extrapolate balances. I'm not sure of the exact details, but I think they need a full view of the claims before payouts begin (like a big jigsaw puzzle) to properly cross match records. Hopefully someone better informed will post more details.

zhou: ah, ok. I don't know the exact details and I'll avoid commenting further.
I think Patrick assumed they were not critical hence me saying: "The assumption here was that info@bitcoinica.com did not have access to critical infrastructure.". I do appreciate that several times, you told people I wasn't involved with Bitcoinica in this thread. I always assume good faith which is why I think it was a fatal miscommunication between team members.

bitcoinBullbear: that's fine. It does annoy me a little that people assume that a decentralised system like Bitcoin consists of a single piece of kosher software. bitcoin.org lists several clients. When security flaws were found, me, Mike Hearn and justmoon helped fix problems on the internal security mailing list. justmoon in fact was very instrumental in many cases for clarifying and proposing fixes for BIP 16. There was a long technical history that led to libbitcoin's creation and it has taken 8 months so far.

That picture is funny. I like it.

rjk, nope. Everyone had root. One person was installing a database, another installed Jenkins.

The anger here is justified. If this happened to me, then I would be extremely mad. I was very pissed at MtGox when they had their problems. It sucks to be no better than MtGox.


Bitcoinica took us on to help secure them.

We decided it was bad practice to make sudden disruptive changes overnight to a production system. Instead the theory was a very gradual replacing of the system while observing changes. Bitcoinica was already very fragile. I still think that was a good decision.

Step 1 - fix the code.

Flaws were already being found in the code. That was the logical first step. That the environment ended up being exploited is simply hindsight. I would prefer not changing a working environment until after knowing how the code operates. An example is that another website accidentally made out a 500 BTC payment when the file permissions were too strict. Similarly changing an aspect of Bitcoinica without proper insight could have had grave consequences.

First you understand the code. Then you run the code. You experiment with a test system. Make improvements. Deploy changes. Change production environment.

The Bitcoinica plan was to do the above while creating a new platform to replace it in the long term.

To the person above, here's what happened:
- Bitcoinica has an internet mailing list called info@bitcoinica.com
- It was the email for the website and all sensitive accounts.
- You could request a password for that email. In a production system, that should never be possible.
- Several people had access to this mailing list (non-admins and business people included).
- Patrick got added.
- His personal email was compromised. Normally this shouldn't be a big deal; I use my personal email at internet cafes and public computers.
- Attacker was able to request a new password and login to rackspace.

The assumption here was that info@bitcoinica.com did not have access to critical infrastructure.

Lastly, it was my fault Patrick's email server got compromised. I had a VPS for programming and development which many people had access to - randoms from #c++ IRC, people from this forum, beginners I was teaching .etc It's a public VPS for development. The SSH key on there was added to Patrick's server because we were developing the bitcoinconsultancy.com website on there (that's why it's now down). My SSH key was stolen and he ssh'ed into the box. Then had access to his emails.

This is so stupid and retarded.

There are 2 full implementations of the Bitcoin protocol, and I wrote one from scratch in C++: https://gitorious.org/libbitcoin

bitcoin-js is unmaintained, and BitCoinJava is a lightclient. I also wrote the first alternative frontend GUI: https://gitorious.org/freecoin and worked with jaromil on many freecoin improvements. I wrote most of the Wiki pages like the Getting started and PHP developer intro: https://en.bitcoin.it/wiki/Main_Page as well as largely writing the original Bitcoin Wikipedia page. That's before I started libbitcoin as a way for developers to easily make alternative Bitcoin clients. I'm also a contributor to Electrum: https://gitorious.org/electrum/server and was one of the people (along with slush and ThomasV) to define the Stratum spec used in it. I am also responsible for the BIP (Bitcoin Improvement Proposal) process: https://en.bitcoin.it/wiki/Bitcoin_Improvement_Proposals (see the title), and have authored 4 BIPs.

What have you done?

I organised the conference, and have written a plethora of articles and tutorials for the community on Bitcoin Media like this. I also helped write the initial stock exchange client for GLBSE and started many other Bitcoin projects that are defunct now but all released as OpenSource including the early version of Intersango - Britcoin. Ironically releasing the source for Britcoin hurt us as people assumed we were connected to third parties that used our software like WBX. We also hired and paid people from the community, and put our own money into growing Bitcoin (and still are). For instance, the conference lost us money and other Bitcoin projects or people we paid went nowhere.

What did Patrick lie about? You can email me genjix@riseup.net if you prefer to not say here...

I have a huge level of respect for Tihan because he has several times shown his honest and forth-right character. While it was unfortunate that we were muted for so long, it was needed I guess so that everyone could come to terms with what happened and make a solid action plan to move forwards rather than acting on impulse and emotion.

After the Linode problem, Tihan refunded everything from his own pocket. Again after this problem, he is again putting up the money to fund Bitcoinica. To me that commands great respect. I'm really happy we are collaborating with someone that trustworthy. Now he offers to take the blame too. If that's the case, then I should equally share in the blame what with being director for Intersango.

I could care less right now if everything we've worked on is in vain. The most important thing I feel is that everyone gets refunded. As a believer in transparency, honesty and openness, it feels good to have everything public now. Part of the problem was that the handover process was meant to be very gradual (it is very disruptive if you made sudden huge changes to a production system) but that there was some communication problems that allowed Bitcoinica to get compromised (things were assumed from both sides about its setup).

I trust the people involved with this. I would only surround myself with trustworthy dependable people. They are going to resolve this in the best manner they can with the crappy situation that exists. It's unfortunate but must be fixed.

no one cares. organised religion is stupid. personal worship of your sun god is ok, but the tribal labels are not.

This is the first we have heard of this attack (on the forums just now). zhoutong did not even tell us yet. We were gradually assuming control of Bitcoinica over the last weeks by setting up a new platform.

There shouldn't even be that much money in the live wallet. I'm waiting to get more information before saying more though. This is kind of ridiculous considering that already money was lost on Linode. The big question going through my head is why was that much money being stored on a Rackspace server.

I am angry that our name is being dragged through the mud for something we had no part in.

Market says otherwise. Intersango was free for more than a year. The day we started charging fees, our volume grew a ton. People don't trust free services. And not charging a fee hurt us in the long run due to lack of re-investment back into the platform.

Oh, ok...

1. Mars mission
2. Free software activist mission
3. Publically funded town lacking government using irredeemable-until-target-met payments
4. Web infrastructure for implicit donations to websites
5. A vertically integrated company based on Bitcoin

1. Bitcoin exchanges (you have to be clueless to think it's easy)
2. eBay for Drugs
3. Assassination market
4. Online strip club
5. Pyramid scheme

0i!

I'm in Berlin for a while. I'm doing a Bitcoin intro at c-base. If you want to do a talk, then email me (genjix@riseup.net) and I'll add you to the schedule.

11th May (Friday) at 20:00
http://maps.google.com/maps?q=c-base,+berlin&hl=en&sll=37.0625,-95.677068&sspn=44.069599,69.082031&hq=c-base,&hnear=Berlin,+Germany&t=m&z=15
U-bahn Jannowitzbrucke (1 away from Alexanderplatz)

One guy posts about his dissatisfaction in one of our side businesses, and that means "something has gone seriously wrong in the organisation." How do you get from your premise to this conclusion? We are running one of the largest exchanges, operating Bitcoinica, the Bitcoin conference, developing libbitcoin/Stratum/Electrum and operating Bitcoin Media. We're booming.

I don't know the facts with this guy, but I'd examine the situation first. Surely there must be more to gusti's story - namely that he bought a VPS, which took resources to setup and he wasn't able to figure out how to use it. VPS was delivered (at least that's what I've been told). phantom doesn't post often because we're all incredibly busy.

In the absence of information, don't invoke magical thinking and random speculation.

http://bitcoinmedia.com/patronage-bitcoin-and-scientific-music-my-story/

You all did such a great job donating to Rap News. Please support this guy! He is so amazing and I'm glad to have him as part of this community.

You read on the internet about older engineers who say that James Doohan playing Scotty in Star Trek inspired them to their profession, or others saying that the inspiring Carl Sagan and his poetic love of science, inspired them to become physicists.

It is because of Symphony of Science, that my sister became interested space and now studies astrophysics. She infected me with Carl Sagan, and rekindled a long held passion I held many years ago for science and introduced me to space - something I never really appreciated before in my life.

I never appreciate music either - until I heard Symphony of Science. I realised then that I'd been listening to the wrong music my whole life. This music speaks to me. Think of all the people these videos are inspiring into scientific professions or just plain more logical, rational and appreciative of our world thinking. This is a huge good for society.

I'd prefer not to have the reviews independent as there is a potential for abuse there. As an example: say that one day I have a falling out with MultiBit (they are great guys btw ), and so I try to show them in a bad light. Such a situation is not good for anybody.

Best to find a situation which is amicable to everybody. I thought your descriptions were better written than mine for the average user, but ThomasV takes issue with some of the modifications. Fine, I can understand. Lets find those small differences and create something the antagonistic reviewer (me and you in this specific example) and the submitter (ThomasV) both agree on.

Original text:

Newer text:

Well I think we can agree that the opening line is more concise and much better:


Second sentences can both be merged perhaps:


The criticism is good but maybe a bit long, so lets include that but shorten it:

Well presumably that will change in the future. I think it's best to have 2 sections - 'normal' clients and 'web wallets'. Mobile clients can be bunched informally together and we can use the screenshots, platform icons and description to distinguish them. Really mobile clients are already a grey area what with touchpads running android and/or ubuntu. I kinda see them merging in the future.

The only useful main distinction is whether you keep your own wallet or trust someone else. External services are always vulnerable to shut down. The Electrum-model is not a worry as several servers can be combined together, and they never have access to your wallet. The only worry is a lack of privacy which we enumerated in the description.

Not to put a damper on this, but I used to play poker as my main income for 2.5 years. I've never heard of Moon Kim, and it looks like he just got lucky on one tournament:

http://www.pokernews.com/news/2012/03/moon-kim-wins-2012-world-poker-tour-bay-101-shooting-star-12204.htm

If you look at the hand histories, he binked favourable cards to put him in the lead when he was behind. Like the hand where he had 44 was badly played (chasing a one card open ended) unless there was some meta game going on (which is unlikely for an amateur). So he's unlikely to get far in this event - these events usually have loads of people (especially the WPT which is a mega crowd drawer) and only the final few tables are televised.