GLBSE owners lied to us. How to move forward and fix this? Move to Exchange X?

[markm]

I don't know exactly Open Transactions, but if it requires something like signing documents with PGP, then it is both
1) quite scary the first time you see it
2) easy, after you spend 5 minutes figuring it out with a good howto.

Maybe, having money to recover is just what it takes to push people to make that little mental effort, and move in the realm of serious security at once; so, a great opportunity 

It requires running Open Transactions, optionally with a GUI client to provide a GUI interface for you.

It signs similar in concept to PGP / GPG but actually it uses OpenSSL libraries to do it, and it does it itself instead of making you go to an external application outside of OT itself to do your signing.

Basically it communicates via a similar to PGP type of encrypted-to-a-specific-recipient system so it also provides its own secure communication line to and from the server.

-MarkM-

[matthewh3]

Yeah I want to use Open-Transactions for my asset (RSM) if I can figure out how to and its not too difficult for shareholders.

Things can be made as easy for shareholders as their friendly neighborhood broker cares to make it.

Really the only way to make it easy for them is to make it even easier for hackers/thieves, since you know any security is going to be considered inconvenient and "too hard" and so on. Heck a lot of people complain at simple use of PGP signed messages "too hard" yet it is pretty much the bare minimum needed to prove their identity in a portable manner.

-MarkM-

I don't mind getting the elbow grease out to learn something new.  My only concern is the difficulty would minimize new investment.

What does a user need to start using open transaction?

A user just needs either a client or to be accustomed to using command-lines and scripts.

An issuer would in addition need the ability to actually issue an asset on a server, which might require them to run their own server depending on what kinds of liability a "software as a service" vendor could be open to by allowing someone else to issue an asset on a server that they host.

I have been thinking of setting up a "test server" or "demo server" on which anyone can issue assets just so people can try out the system and get used to it and so on, but as no one has put up money to pay for a lawyer to check with about "safe harbour" laws relating to "being just a common carrier who does not examine the details of what data people use the software to process" I do not know yet if that would be free of liability.

(I am hoping it might be like the copyright acts: if we get informed one of the demo/pretend/game/test items on the server is some kind of illegal unregistered security we de-list it on receipt of a court order to do so kind of thing.)

But for a mere user, all you need is the client (if you insist on a GUI) or just the basic Open Transactions system (so you can interact through scripts / command-line).

-MarkM-

Please do I'm very interested in OT and if a I2p and/or Tor clone of the GLBSE doesn't pop up then it's my only option for RSM long term.

I don't know exactly Open Transactions, but if it requires something like signing documents with PGP, then it is both
1) quite scary the first time you see it
2) easy, after you spend 5 minutes figuring it out with a good howto.

Maybe, having money to recover is just what it takes to push people to make that little mental effort, and move in the realm of serious security at once; so, a great opportunity 

It requires running Open Transactions, optionally with a GUI client to provide a GUI interface for you.

It signs similar in concept to PGP / GPG but actually it uses OpenSSL libraries to do it, and it does it itself instead of making you go to an external application outside of OT itself to do your signing.

Basically it communicates via a similar to PGP type of encrypted-to-a-specific-recipient system so it also provides its own secure communication line to and from the server.

-MarkM-

If you could right an idiots guide for your demo server that'd be great.

[matthewh3]

I'd be willing if other (asset issuers) users were interested in using OT with chipping into a fund to pay for a VPS to host the server.

[markm]

I'd be willing if other (asset issuers) users were interested in using OT with chipping into a fund to pay for a VPS to host the server.

How would you choose what assets to allow and which would simply attract too much destructive attention and so on?

You might be best off running a server purely for your own assets and no one else's, otherwise you are likely to be taking on all their legal problems in addition to any your own offering might turn out to be subject to.

You should first get yourself set up with an Open Transactions client and get familiar with how it all works from a normal user's point of view. That will give you a better idea of how it all works.

-MarkM-

[tpantlik]

Hey, the smart ones of us (not me, I am only small dumb investor) are actually getting rid of the "middle man" in sending the money business and developing the true revolutionary system called Bitcoin. Why the hell we are stucked on the old flawed mechanisms when we want make stock exchange? Centralisation is flawed in our current world, everyone of you know it, it is one of the reason why Bitcoin has value (at least for me).

I have seen many threads talking about decentralised bonds. Why don't move skills to developing and implementing it? What about decentralised system in the fashion of Bitcoin which will be the underlying mechanism of issuing, trading and owning bonds? Then there could be some frontends for managing it (like in Bitcoin are wallets - local  apps or hosted/hybrid apps).

[markm]

Bonds sticks etc are worthless without the issuer so all the decentralisation they need is for each issuer to have their own server or site or email address or whatever by means of which their thing is traded.

There is no need to rope into it every frikkin bitcoin blockchain in the damn world since if the issuer vanishes the stuff is worthless anyway so cluttering up everyone's blockchain with each-and-every fly by night asset is just nasty. Let the issuer run something themself on their own VPS or server or PC or whatever to handle their own scam themselves, don't make every hoster of the blockchain an accessory to securities fraud.

Basically with a blockchain you are implicating hundreds or thousands or more "middle men", instead you should eliminate the "middle men" by dealing directly with the issuer not some intermediary such as an exchange site controlled by someone other than the issuer or a blockchain hosted by thousands of accessories/co-conspirators.

-MarkM-

[MPOE-PR]

like Butterfly Labs does.

Sweet.

Yeah I want to use Open-Transactions for my asset (RSM) if I can figure out how to and its not too difficult for shareholders.

I don't know exactly Open Transactions, but if it requires something like signing documents with PGP, then it is both
1) quite scary the first time you see it
2) easy, after you spend 5 minutes figuring it out with a good howto.

Maybe, having money to recover is just what it takes to push people to make that little mental effort, and move in the realm of serious security at once; so, a great opportunity 

This.

[Rassah]

<shameless plug>
https://bitcointalk.org/index.php?topic=115742.0;topicseen
</shameless plug>

I think that, with maybe Open Transactions over it, would be the best option.

[pwnrman]

https://cryptostocks.com/securities/21

Nuff Nuff

[thebaron]

Ya'll are just setting yourselves up for more future drama.

[osoverflow]

I like the idea of an Open Exchange. Does that software exists already? If yes, where I can look for more info and downloads?

[Bogart]

Yeah I want to use Open-Transactions for my asset (RSM) if I can figure out how to and its not too difficult for shareholders.

I don't know exactly Open Transactions, but if it requires something like signing documents with PGP, then it is both
1) quite scary the first time you see it
2) easy, after you spend 5 minutes figuring it out with a good howto.

Maybe, having money to recover is just what it takes to push people to make that little mental effort, and move in the realm of serious security at once; so, a great opportunity 

We figured out bitcoin, didn't we?  Why should this be any harder?

[burnside]

Hi! May I ask you if there is a way to obtain the list of my shareholders with an API call?

I want to have a hourly backup of that list, with an identifier like the email, the amount of shares and at what price (maybe weigthed average price)

Thanks.

See the "Account" page when logged into your asset issuer account.  You'll find a link in there to an API output formatted in JSON like so:

{"owners":{"burnside@kattare.com":"1","example@example.com":"260","test@test.com":"80", ... },"ticker":"LTC-MINING.LTC","_comment":"cached up to 10 minutes","generated":"2012-10-06T23:32:59+01:00"}

DO NOT, UNDER ANY CIRCUMSTANCES SHARE THAT URL.  It has a very long API key, but if you let that get compromised, people will be able to see who holds your security.

This was the last piece to the "What do I do if LTC-GLOBAL ceases operation?" puzzle.  From here on out, all asset issuers can download their list of asset holders in an automated fashion at regular intervals.

I have also added the time to the top of the pages.  The time displayed takes into account your Account Timezone setting.

Cheers.

Continuing beyond the death of the exchange should not be rocket science. 

Ok when it is possible to issue on several servers is there a way to synchronize this ?

Not sure what you mean.

If you want to issue 100 shares on one server and 200 on another and 300 on yet another that is purely up to you as issuer.

The current GUI client would let you see all three issuer accounts on your list of accounts, and on clicking on any of them you'd see which server that account is on and which nym you used to create that account. So in that sense your client provides some "synchronisation" for you.

It is merely a "test GUI" client for your programmers to look at to see how each function is coded, they can surely make much more specialised functionality for you once they see how the code works and you explain what exactly more you would like them to code into it.

A specially for issuers client might well have very different setup than one for grandmothers to use...

-MarkM-

If an asset issuer can issue assets on unlimited servers, is there a way to track and consolidate that information?  Eg, I want to find out what all this asset issuer has issued, is there an easy way to do that?
Is there anything preventing an asset issuer from making thousands of issues under different credentials?
Does the tracking of the assets issued in the system give me the tools necessary to do research on the financial history of those assets?  (Eg: dividends, additional issues, company records, buybacks, etc)
Can I track assets traded by IP address or is there some other way of determining a unique origin?
As an asset issuer is there some tool to contact all of the holders of my assets?  (legit assets will require this legally)
Once an asset is issued on one server, can it then travel unfettered from server to server?  If it can hop from server to server, is there any way to locate it?

I'm asking seriously, as those are all issues I'd need to address if I were to try to setup a legitimate exchange backed by OT.

Cheers.

[markm]

If an asset issuer can issue assets on unlimited servers, is there a way to track and consolidate that information?  Eg, I want to find out what all this asset issuer has issued, is there an easy way to do that?

Obviously not. If a text author can publish text on unlimited webservers, is there a way to track and consolidate that information?

Well I suppose there is Google, if they made sure their pages are legible (e.g. not hiding their text as an image and fuzzing it to make it hard for optical character recognition to read it etc).

So maybe if google could find you every Open Transactions server, including those on i2p and Tor (oops, tricky that), and then you bought usage tokens on all of them so you could go and interrogate their assets, even then if a person issued assets using different nyms (and thus, different asset-contracts) you could not tell they were issued by the same entity.

It is kind of a silly question really. Laundering / concealing has been going on a long time, you are not magically going to be better at tracking it than the FBI and Interpol and similar agencies.

YOU HAVE TO TRUST THE ISSUER. If you do not, do not buy what they issue.

Is there anything preventing an asset issuer from making thousands of issues under different credentials?

Same thing, different wording.

The server operator can disable creation of assets. That would prevent anyone issuing any assets at all, except for one nym the config file says can over-ride such restrictions. So unlimited issues/assets can be restricted to/by the server operator.

For example on my server, issuing of assets is turned off.

Does the tracking of the assets issued in the system give me the tools necessary to do research on the financial history of those assets?  (Eg: dividends, additional issues, company records, buybacks, etc)

Open Transactions is not based on history. The last receipt IS the balance, so no history is needed.

When the auditing stuff is added though, maybe anyone who wished to do so could archive all the audit data.

Also, come to think of it, the markets do have a "recernt trades" readout, I am not sure what they mean by recent, its possible they mean forever as in for all I know there might not be any code in place that removes old entries. Or maybe it has only so many entries. I don't know exactly how that is implemented.

Can I track assets traded by IP address or is there some other way of determining a unique origin?

Origin sounds like 'nym: the pseudonym that issued or transfered something. Like bitcoin addresses, they are unique but there is no need for any individual or entity to limit themself to only using one of them.

If you are running the hardware the software runs on you could log IP addresses that connect to the port the software listens to I suppose.

As an asset issuer is there some tool to contact all of the holders of my assets?  (legit assets will require this legally)

There is a message facility whereby one nym can send a message (in plaintext; it is not stored in encrypted form currently) to another.

So if you had access to the audit data the proposed audit system is expected to publish, you could send messages to those nyms that are shown to have traded your asset.

(Nyms are portable identities, so if the same nym was also present on another server you are also on you could message them there instead or also.)

Once an asset is issued on one server, can it then travel unfettered from server to server?  If it can hop from server to server, is there any way to locate it?

The asset contract can be imported to any server that lets you issue an asset there. Accounting for between-server transfers would currently be up to anyone who has accounts on both servers; they could agree "send me one AssetX on this server and I will send you one AssetX on that other server" for example. This is something the third parties who help people into and out of the markets will likely do in addition to selling people tokens for fiat and fiat for tokens.

As for "locating" assets, the GUI client has a list of your accounts, each account has an associated nym and server, so you can see what balances you have regardless of which servers your accounts are on.

I'm asking seriously, as those are all issues I'd need to address if I were to try to setup a legitimate exchange backed by OT.

Most of this is regulatory crud that is way beyond the actual lets keep track of balances and implement blinded anonymous cash tokens stuff that Open Transactions implements. It probably belongs in the audit processes stuff, which will be coming once we have the actual ability to reliably do something worth auditing down pat.

You could however set a loglevel on your server that details blow by blow everything the server does down to a level of detail you want, and use log-parsing and log-grepping etc type of tools to extract any information you want from the log.

Really the initial stages of development have been more about making reliable anonymous transacting without trust possible.

If you want KYC and AML etc why not just go with one of the existing banking systems (cyclos etc) and/or trading systems (cetera etc)?

-MarkM-

[burnside]

Thank you for the detailed responses.  Really appreciate it.

As an asset issuer is there some tool to contact all of the holders of my assets?  (legit assets will require this legally)

There is a message facility whereby one nym can send a message (in plaintext; it is not stored in encrypted form currently) to another.

So if you had access to the audit data the proposed audit system is expected to publish, you could send messages to those nyms that are shown to have traded your asset.

(Nyms are portable identities, so if the same nym was also present on another server you are also on you could message them there instead or also.)

Would that require having an account on all of the servers your assets have been traded to?  Or does the message automatically follow along the same path from server to server that your asset followed as it was traded?

Once an asset is issued on one server, can it then travel unfettered from server to server?  If it can hop from server to server, is there any way to locate it?

The asset contract can be imported to any server that lets you issue an asset there. Accounting for between-server transfers would currently be up to anyone who has accounts on both servers; they could agree "send me one AssetX on this server and I will send you one AssetX on that other server" for example. This is something the third parties who help people into and out of the markets will likely do in addition to selling people tokens for fiat and fiat for tokens.

As for "locating" assets, the GUI client has a list of your accounts, each account has an associated nym and server, so you can see what balances you have regardless of which servers your accounts are on.

I was referring to locating holders of assets you have issued.  There's lots of situations where that might be necessary, eg: if you issued assets requiring a forced buy back option.

Most of this is regulatory crud that is way beyond the actual lets keep track of balances and implement blinded anonymous cash tokens stuff that Open Transactions implements. It probably belongs in the audit processes stuff, which will be coming once we have the actual ability to reliably do something worth auditing down pat.

If you want KYC and AML etc why not just go with one of the existing banking systems (cyclos etc) and/or trading systems (cetera etc)?

Yes.  I want to (ultimately) legitimize asset trading using BTC.  Trying to figure out if that's possible with OT.  Without the ability to do the "regulatory crud" your audience becomes somewhat limited to just people that want to trade anonymously?  That makes it a little harder to establish trust in your Asset Issuer, which is imperative, as you mentioned before.

Cheers.

[markm]

Open Transactions is not about establishing trustworthiness of asset issuers, it is about not having to trust the server / server-operator.

Your assets only trade where you issue them. Of course people could create assets elsewhere claiming to be pass-through or proxy or whatever of your assets but only the nym that signed the asset contract can issue the asset so your asset, as identified by the hash of its contract that you signed, cannot be issued on any server by anyone other than you (or whoever you gave a copy of your nym's private key to, which is functionally you since by you I merely mean the nym).

So if you don't want to have your asset traded on server X, simply do not issue it on server X.

If you want to know who holds your asset I suppose you could simply retain records of who you sell them to and refuse to aknowledge any purported change of ownership that you did not specifically approve. For example you could insist people sell them directly back to you and have you sell them on to the new owner so that your records will correctly reflect the new owner.

The proposed audit system though proposes to make all receipts available as they happen to the asset issuer, as for example via a distributed hash table or somesuch publicly available but crypted so only certain people can actually decrypt certain items in it (like, eash issuer the things they issue but not what others issue) so if you would like to start a bounty for getting the audit system expedited maybe it could be expedited maybe depending on the magnitude of the bounty. The purpose originally was so you can see that no more of your asset are in circulation than the number you issued. However as its receipts that will be stashed in the hash table presumably you will also be able to harvest the nyms of the recipients.

It seems to be part of the point of the "markets" that you do not know who the counterparty was in any trades on the markets.

A lot of my players objected that that too, as they wanted to pick and choose which offers to accept, not buying from enemies even at lower prices than offered by friends and stuff like that. (Consider for example that your enemy's armies might have pillaged your friend's nation to obtain the stuff they are selling off cheap.)

But no, apparently that is not how markets are meant to work. You do not get to know who bought what you sold.

Like bitcoin, the fact that nyms are pseudoynmous is purposeful, however the server provides no built in way to buy "usage tokens" so you could simply turn on "usage tokens" on your server and only give "usage tokens" to nyms whose fingerprints and DNA patterns you have on file...

That way you would know who each nym "really is", or at least whose fingerprints and DNA they sent in as "proof"; and as server operator you could scan the disk files directly to find out who owns how much of what.

-MarkM-

[burnside]

But no, apparently that is not how markets are meant to work. You do not get to know who bought what you sold.

This is not correct.

Yes, people using the NYSE can exchange stocks with other users on the NYSE without restriction.

NO, A company CANNOT operate without knowing exactly who their stockholders are.  The NYSE knows at all times exactly who holds what stocks, and provides that information to the companies listed on the NYSE.

I think I have what I needed.  OT as it is currently designed is flawed in ways that make it impossible for legit (legal) asset issuers to utilize it in any meaningful way.  I have high hopes though for future iterations!

Cheers.

[markm]

Huh? I just told you that you can simply grab directly from your server's disk files who owns how much of what.

That also means it is very likely just a matter of a little bit of script writing to write an OT-script to go get that information for you.

Also that a server operator other than yourself could offer to provide that information to you from their own server.

Etc.

The information is there. If you want to print it or email it or add it or subtract it or whatever go ahead and do so, its not rocket science.

Its like, for nym in nyms do blah blah blah kind of simplicity.

-MarkM-

[burnside]

Huh? I just told you that you can simply grab directly from your server's disk files who owns how much of what.

That also means it is very likely just a matter of a little bit of script writing to write an OT-script to go get that information for you.

ALso that a server operator other thatn yourself could offer to provide that information to you from their own server.

Etc.

The information is there. If you want to print it or email ot or add it or subtract it or whatever go ahead and do so, its not rocket science.

Its like, for nym in nyms do blah blah blah kind of simplicity.

-MarkM-

I apologize.  I was under the impression that your assets could be traded off of your server, to another server, to another server, to another server, etc?  With little to no audit trail?

Example 1: Asset trades from server A to server B to server C.  Server B goes permanently offline.
Example 2: Asset trades from server A to server B to server C.  Server C goes permanently offline.

In those situations, where does an issuer (who issued from server A) get the report of where all their shares are being held?

If I'm mistaken I should probably read through the docs before I make too much of an ass of myself.  I couldn't find anything about the audit trail doing a cursory google search.

[markm]

First, your nym would have to be used to issue some number of your asset on each of the three servers A, B and C.

Those issued on A remain on A, those issued on B remain on B, those issued on C remain on C.

Someone wanting to buy one from someone on A needs to either trade something on A for it, or convince the seller to open an account also on B or C so they can give them something on B or C in exchange for the asset on A.

No assets move from server to server, you don't ship grams of gold for example from server to server, you only create that illusion by accepting back from someone a gram on A in return for giving them possession of a gram on C.

GIven fungible assets, the illusion holds that they "moved" their balance of one gram of gold from one server to another. It never moved, they simply traded their gram on one server for a different, but by fungibility "equivalent" gram elsewhere.

If you refuse to issue on B and C then tough, they are stuck on A.

If A goes down, you go issue somewhere else, and since everyone has notarised receipts from A asserting their balance is such and such, they have proof. Though I suppose they could try to cheat by not turning in their latest receipt that reflects the fact they sold some lowering their balance, and instead turn in some out of date receipt from back when they had a large balance.

That is where the audit stuff is intended to come in. You will have complete receipts, posted live to a distributed storage such as a hash table or a p2p file sharing network or whatever, of every receipt they were ever sent relating to your asset.

It does sound like this audit thing will be useful to you when a server crumbles/vanishes so you might well find it useful to issue a bounty to expedite it.

Then again maybe if you make sure you put your server on a machine you physically have custody of you won't need to worry for a while about it flying by night under you.

-MarkM-