Closed

[Ichthyo]

We should not be discussing about languages here, nor should we discuss about frameworks.

There are several "camps" out there. Each of those believes, their approach is the true way, and as such is inherently secure, scalable, easy to write easy to maintain and so on. While, of course, ASP.NET, Java/JBoss, RoR, Grails, .... is an outright plain idiotic thing to do.

At the start of an successful undertaking, in most of all cases there is either one or both of the following:

• a group of people knowing each other. They share a common mindset, and when they are developers, they all belong to one "camp" and know hot to get things done. If you start this way, then learn to deal with the weaknesses of the given technology stack, but stick to it.
• otherwise, someone proceeding in a knowingly and mature fashion, keeping out quarrels and power play, setting a clear direction for the work, systematically addressing each of the relevant concerns, but doing so in a level-headed fashion, not overdoing anything.

1. Open source
2. Proven
3. Scalable
4. Availability of developers
Collocated on dedicated hardened secure servers and maintained by competent devs and sysadmins and you've got a robust and secure system.

Any one would shocked to know the true extent that the legacy financial system is hacked on all their proprietary commercial grade hardware and software.  

So it's not necessarily the system / language that matters but the quality of the work of the individuals who implement your system

(And still your gonna get hacked if your system has any real value)

Can't agree more!


Especially for security, when we're entering a realm of "serious business", the key point is not to build counter measures against every conceivable thread, but rather to be able to prove that you've done your due diligence regarding security. For a business, its important to be able to offload the liability for some aspects of security to other persons and institutions.

To create a somewhat stylized and hypothetical example:
An entrepreneur hires two developers to build (or rebuild) a site. But he tells them right away, that security is a concern, and thus

• that he will conduct regular code reviews with them, where they have to explain security-relevant topics and decisions to him.
• that there will be an external security audit prior to launch, and that they will be doing excess hours to fix any serious uncovered issues

So now its in the developers own interest to come up with clever and creative solutions to get a grip onto security. This, and the fact that they will regularly be forced to explain what they've done to an outsider will create a push in the direction of a more structured, architecture centric approach. Building this way will slow them down considerably for sure, so that is the price to pay. But in the end, both sides will benefit. The developers are relieved from those mind bogging discussions about the right level of carefulness and trickery, since there is a clear externally set goal to work against. Also, they've gotten a good argument to defeat pressure to move faster. And the entrepreneur, by conducting and moderating the code reviews, got a more thorough understanding of the technology and system to be built plus an external audit and testate, which is a building block for legal defence in case a real security breach happens later on.

While such an approach has proven his virtue in practice, unfortunately it's not a guaranteed recipe for success. It still pretty much depends on the personality of the people involved. Team up the "right" people in such a scheme, and it becomes a recipe for disaster 

[1713499840]

1713499840

[1713499840]

1713499840

[1713499840]

1713499840

[1713499840]

1713499840

[Vod]

I'm going to have to side with gweedo as well... ASP.NET is horrible for scaling. Not technically, although the things POF.com have had to do to make it run well are pretty damning, but financially. A startup could really put to better use the $800 spent on each Windows Server license, not to mention the $2500+ for a MSSQL server (1 core!!!) license. Even their bizspark stuff has costs looming in the future. Also, for a Bitcoin web site you don't want to touch Azure for security reasons (at least not for the backend.)

ASP.NET is precompiled, so it will always be faster than php.

You don't need to spend any money up front when developing in .NET technologies.  You can use encryption on Azure, and scale as you need to.

http://www.windowsazure.com/en-us/

[BCB]

I'm going to have to side with gweedo as well... ASP.NET is horrible for scaling. Not technically, although the things POF.com have had to do to make it run well are pretty damning, but financially. A startup could really put to better use the $800 spent on each Windows Server license, not to mention the $2500+ for a MSSQL server (1 core!!!) license. Even their bizspark stuff has costs looming in the future. Also, for a Bitcoin web site you don't want to touch Azure for security reasons (at least not for the backend.)

ASP.NET is precompiled, so it will always be faster than php.

You don't need to spend any money up front when developing in .NET technologies.  You can use encryption on Azure, and scale as you need to.

http://www.windowsazure.com/en-us/

Who is going to take the advice of a man who's icons is a fat nibble licker.

Thanks. but no thanks.

[Vod]

I'm going to have to side with gweedo as well... ASP.NET is horrible for scaling. Not technically, although the things POF.com have had to do to make it run well are pretty damning, but financially. A startup could really put to better use the $800 spent on each Windows Server license, not to mention the $2500+ for a MSSQL server (1 core!!!) license. Even their bizspark stuff has costs looming in the future. Also, for a Bitcoin web site you don't want to touch Azure for security reasons (at least not for the backend.)

ASP.NET is precompiled, so it will always be faster than php.

You don't need to spend any money up front when developing in .NET technologies.  You can use encryption on Azure, and scale as you need to.

http://www.windowsazure.com/en-us/

Who is going to take the advice of a man who's icons is a fat nibble licker.

Thanks. but no thanks.

Not offering advice - just facts.   

[nyusternie]

Especially for security, when we're entering a realm of "serious business", the key point is not to build counter measures against every conceivable thread, but rather to be able to prove that you've done your due diligence regarding security. For a business, its important to be able to offload the liability for some aspects of security to other persons and institutions.

To create a somewhat stylized and hypothetical example:
An entrepreneur hires two developers to build (or rebuild) a site. But he tells them right away, that security is a concern, and thus

• that he will conduct regular code reviews with them, where they have to explain security-relevant topics and decisions to him.
• that there will be an external security audit prior to launch, and that they will be doing excess hours to fix any serious uncovered issues

So now its in the developers own interest to come up with clever and creative solutions to get a grip onto security. This, and the fact that they will regularly be forced to explain what they've done to an outsider will create a push in the direction of a more structured, architecture centric approach. Building this way will slow them down considerably for sure, so that is the price to pay. But in the end, both sides will benefit. The developers are relieved from those mind bogging discussions about the right level of carefulness and trickery, since there is a clear externally set goal to work against. Also, they've gotten a good argument to defeat pressure to move faster. And the entrepreneur, by conducting and moderating the code reviews, got a more thorough understanding of the technology and system to be built plus an external audit and testate, which is a building block for legal defence in case a real security breach happens later on.

While such an approach has proven his virtue in practice, unfortunately it's not a guaranteed recipe for success. It still pretty much depends on the personality of the people involved. Team up the "right" people in such a scheme, and it becomes a recipe for disaster 

THAT is the truth right there .. take note.

I disagree, security should not be your #1 concern when choosing a language.

Um, this is going to be a Bitcoin business. Personally, I think security should #1 AND #2. In the end, who gives a damn how many times your server crashes in a day, if ALL your Bitcoins magically disappear. I would strongly advise that you separate your web server from your bitcoin server as was suggested earlier. And at the very least put some IDS software on so you know what the hell is happening at all times:

• OSSEC is FREE and well supported http://www.ossec.net/
• Snorby is pretty f---in' awesome, but its RoR and I (don't know why, but) just don't like RoR https://snorby.org/

I have extensive experience working with both ASP.NET and PHP and if startup/operational costs matter at all to you, I'd say choose anything BUT ASP.NET. Relatively speaking (and I acknowledge there is obviously some value from Redmond) they are just WAY, WAY too expensive (licensing every which way you turn -- till you get dizzy and collapse). Unfortunately, many young startups find this out too late.

Just my 2 bitcents
S.

[schalk]

For the most part, a framework doesn't dictate the security. A language/platform doesn't usually make a website "insecure", the code or configuration usually does.

[DeathAndTaxes]

I'm going to have to side with gweedo as well... ASP.NET is horrible for scaling. Not technically, although the things POF.com have had to do to make it run well are pretty damning, but financially. A startup could really put to better use the $800 spent on each Windows Server license, not to mention the $2500+ for a MSSQL server (1 core!!!) license. Even their bizspark stuff has costs looming in the future. Also, for a Bitcoin web site you don't want to touch Azure for security reasons (at least not for the backend.)

Personally, I see lots of .NET shops considering moving off of the framework in general since Microsoft is very sketchy on the roadmap with WinRT/Windows 8 and especially with the disconnect between ASP.NET and the web. MVC is a step in the right direction but I don't think it has enough traction to be viable long term. Also, if Microsoft ever pulls the plug, you get stuck...

Python all the way!!!

Edit: oh yeah, you should ping all the people that posted in this topic: Anyone looking for work? (Lol, none of them are .NET devs)

Yeah nothing in there was right.  Not scalable? Stackexchange is an example of a web project built using ASP.NET (2.8 million users, 13 million+ questions & answers)
As for licensing startups can get licenses for up to three years using Microsoft bizspark program at no cost.
Microsoft pulling the plug on asp.net or MVC?  Absolute nonsense.  

Just the normal mindless "Microsoft sucks" from people who have never done any professional software development in their lives.
 

[schalk]

For the most part, a framework doesn't dictate the security. A language/platform doesn't usually make a website "insecure", the code or configuration usually does.

No frameworks can have bugs that can hinder security so yes frameworks do dicate security. A language can be insecure making a website insecure, so your false, all three play a role in security.

That's why I added, "for the most part". Please point out any security issues you are aware of with PHP, ASP.NET, Python or Ruby on Rails.

[schalk]

I'm going to have to side with gweedo as well... ASP.NET is horrible for scaling. Not technically, although the things POF.com have had to do to make it run well are pretty damning, but financially. A startup could really put to better use the $800 spent on each Windows Server license, not to mention the $2500+ for a MSSQL server (1 core!!!) license. Even their bizspark stuff has costs looming in the future. Also, for a Bitcoin web site you don't want to touch Azure for security reasons (at least not for the backend.)

Personally, I see lots of .NET shops considering moving off of the framework in general since Microsoft is very sketchy on the roadmap with WinRT/Windows 8 and especially with the disconnect between ASP.NET and the web. MVC is a step in the right direction but I don't think it has enough traction to be viable long term. Also, if Microsoft ever pulls the plug, you get stuck...

Python all the way!!!

Edit: oh yeah, you should ping all the people that posted in this topic: Anyone looking for work? (Lol, none of them are .NET devs)

Yeah nothing in there was right.  Not scalable? Stackexchange is an example of a web project built using ASP.NET (2.8 million users, 13 million+ questions & answers)
As for licensing startups can get essentially licenses for up to three years using Microsoft bizspark program.
Microsoft pulling the plug on asp.net or MVC is just nonsense?  Absolute nonsense.  

Just the normal mindless "Microsoft sucks" from people who have never done any professional software development in their lives.

Yes stackexchange is built on ASP.NET BUTTTTTTTTTTTTTTTTTT they have System engineers that have put a lot machines and hardware at the problem, maybe you should take a look at this

http://highscalability.com/blog/2009/8/5/stack-overflow-architecture.html

What point are you trying to get a across? That to optimise a website you need System Engineers? Well that's kind of a given when you are looking at a scale that big.

You will have these exact same problems with MySQL when looking at that scale. You can only scale up to some extent, then you will require techniques to allow you to scale out, like using replication.

[hardcore-fs]

Sorry....
I would worry about anyone with a masters degree in business... getting their business advice from people on an internet forum.
fine ask specific BITCOIN questions, but high security systems design is a completely different kettle of fish.

[DeathAndTaxes]

What point are you trying to get a across? That to optimise a website you need System Engineers? Well that's kind of a given when you are looking at a scale that big.

You will have these exact same problems with MySQL when looking at that scale. You can only scale up to some extent, then you will require techniques to allow you to scale out, like using replication.

If you read the article and look at how there setup is, they obviously are locked into a scenario where they can't even change databases, so the only way they can scale is with hardware. Now you can get more performance out of MySQL but either changing the database engine, or even using a mysql build that has beter performance and is tested. Kinda like twitter. SO the point I am trying to get across is that with ASP.NET and C# the only way to scale is thru hardware, and with other options you can just switch out some software and then you can do hardware scaling. So yea what would you want to do spend cash as a startup on hardware? Or go with this proven software that is free?

No either you didn't read the link or you lack the knowledge to understand what you are reading.   Asp.net has data connectivity to a variety of RDBMS including MySql and Oracle.  However switching to MySQL wouldn't provide significnatly higher throughput on the same hardware and Oracle for the cost doesn't really make sense for the type of database they need.    The only thing which would give significantly better performance is a NO SQL setup like what Google uses but Stack Exchange didn't need that level of performance so the jump in complexity, and design using NO SQL wasn't warranted.   Maybe it would be someday if they scaled larger but given their "niche" scope it is unlikely they would ever need that level of performance so the huge code rewrite for NO SQL (not MySql) isn't warranted.   The one advantage that MySQL would have is that it easier to scaled out vs scaled up*.   Since it is more efficient when deploying SQL Server to scale up vs out that means making good hardware decisions. 

Of course we are talking about a scale of 20x to 100x larger than the largest Bitcoin enterprise.  The idea that this would be a problem for a startup is kinda laughable (it is a problem most startups wished the had). I would also point out that contrary to common knowledge MySQL is not license free unless the project is open source.   As many Bitcoin ventures are closed source they so require a MySQL license.

* Scale up would mean increasing the performance of a single (or small cluster) or database servers.  Where scale out would be replicating the database across a much larger cluster to achieve similar performance.  Since SQL Server is licensed the licensing costs are lower when scaling up vs scaling out.  The drop in server costs at the high end as well as moving storage to the SAN has made scale up less of a critical issue than in the past.   RAM has gotten a lot cheaper.  Building out a database server with quad xeons (32 cores) and 256GB or RAM as well as high end SAS controller (24x 2.5" backplane) is under $8K.   Going to 1TB of RAM, SSL offloading, and off server storage array is still under $10K.

[schalk]

What point are you trying to get a across? That to optimise a website you need System Engineers? Well that's kind of a given when you are looking at a scale that big.

You will have these exact same problems with MySQL when looking at that scale. You can only scale up to some extent, then you will require techniques to allow you to scale out, like using replication.

If you read the article and look at how there setup is, they obviously are locked into a scenario where they can't even change databases, so the only way they can scale is with hardware. Now you can get more performance out of MySQL but either changing the database engine, or even using a mysql build that has beter performance and is tested. Kinda like twitter. SO the point I am trying to get across is that with ASP.NET and C# the only way to scale is thru hardware, and with other options you can just switch out some software and then you can do hardware scaling. So yea what would you want to do spend cash as a startup on hardware? Or go with this proven software that is free?

No either you didn't read the link or you lack the knowledge to understand what you are reading.   Asp.net has data connectivity to a variety of RDBMS including MySql and Oracle.  However switching to MySQL wouldn't provide significnatly higher throughput on the same hardware and Oracle for the cost doesn't really make sense for the type of database they need.    The only thing which would give significantly better performance is a NO SQL setup like what Google uses but Stack Exchange didn't need that level of performance so the jump in complexity, and design using NO SQL wasn't warranted.   Maybe it would be someday if they scaled larger but given their "niche" scope it is unlikely they would ever need that level of performance so the huge code rewrite for NO SQL (not MySql) isn't warranted.   The one advantage that MySQL would have is that it easier to scaled out vs scaled up*.   Since it is more efficient when deploying SQL Server to scale up vs out that means making good hardware decisions. 

Of course we are talking about a scale of 20x to 100x larger than the largest Bitcoin enterprise.  The idea that this would be a problem for a startup is kinda laughable (it is a problem most startups wished the had). I would also point out that contrary to common knowledge MySQL is not license free unless the project is open source.   As many Bitcoin ventures are closed source they so require a MySQL license.

* Scale up would mean increasing the performance of a single (or small cluster) or database servers.  Where scale out would be replicating the database across a much larger cluster to achieve similar performance.  Since SQL Server is licensed the licensing costs are lower when scaling up vs scaling out.  The drop in server costs at the high end as well as moving storage to the SAN has made scale up less of a critical issue than in the past.   RAM has gotten a lot cheaper.  Building out a database server with quad xeons (32 cores) and 256GB or RAM as well as high end SAS controller (24x 2.5" backplane) is under $8K.   Going to 1TB of RAM, SSL offloading, and off server storage array is still under $10K.

http://gigaom.com/2011/07/07/facebook-trapped-in-mysql-fate-worse-than-death/ - just saying.

[DeathAndTaxes]

What point are you trying to get a across? That to optimise a website you need System Engineers? Well that's kind of a given when you are looking at a scale that big.

You will have these exact same problems with MySQL when looking at that scale. You can only scale up to some extent, then you will require techniques to allow you to scale out, like using replication.

If you read the article and look at how there setup is, they obviously are locked into a scenario where they can't even change databases, so the only way they can scale is with hardware. Now you can get more performance out of MySQL but either changing the database engine, or even using a mysql build that has beter performance and is tested. Kinda like twitter. SO the point I am trying to get across is that with ASP.NET and C# the only way to scale is thru hardware, and with other options you can just switch out some software and then you can do hardware scaling. So yea what would you want to do spend cash as a startup on hardware? Or go with this proven software that is free?

No either you didn't read the link or you lack the knowledge to understand what you are reading.   The only thing which would give better performance is a NO SQL setup like what Google uses but Stack Exchange didn't need that level of performance so the jump in complexity, and design using NO SQL wasn't warranted.   MySQL wouldn't magically perform better.   The one advantage that MySQL would have is that it easier to scaled out vs scaled up*.   That can be mitigated by smart hardware design.  Server should be designed to scale up in order to maximize ROI%.  

Of course we are talking about a scale roughly 50x to 100x larger than the largest Bitcoin enterprise.



*Scale up would mean increasing the performance of a single (or small cluster) or database servers.  Where scale out would be replicating the database across a much larger cluster to acheive similar performance.  Since SQL Server is licensed the licensing costs are lower when scaling up vs scaling out.

WOW dude I know your just trolling me but really you need to up your skills. The guess I have explain every little detail. Ok that article was just to show that ASP.NET only scales with hardware, cause of the tools that are presented by microsoft.

Now your also talking about NoSql which is probably not even worth it for any bitcoin business, even thou you brought up the stackoverflow reference for ASP.net. So we weren't even talking about bitcoin businesses.

Mysql can scale up and scaling out would be for data, and not traffic, so make that distinction when your posting. Also if you don't know already twitter uses a mysql build that they programmed themselves that give better performances, I actually used it so I do know what I am talking about. Also there is the replacement for MySql they works exactly like mysql you wouldn't have to change any if very little code to connect to it which is MariaDB they have a foundation as well MariaDB is very easy to scale out or up and even has more performance then twitter mysql build. MariaDB actually just got some funding so it will only become better.

Once again an entire post where you grabbed a bunch of random words and spewed it across the page without saying anything coherent.

1) You do realize that asp.net =/= SQL Server right?  You also know that Asp.net has database connectivity for every major (and lots of minor) RDMBS to include MySql?  Building asp.net application doesn't require the use of SQL Server.

2) On SQL Server vs MySQL scaling up isnt an issue.  All modern RDBMS can scale up.  Scaling out refers to using multiple servers to distribute the workload.  Get it OUT <-----> vs UP ^.     While this can be done with SQL Server the licensing costs generally making scaling UP more cost effective.   No I doubt you did realize that.  Nothing in the article talked about how "mysql would have worked but they were stuck with SQL Server".  MySql wouldn't have worked any better and unless it is an open source project MySql needs to be licensed.

3)

twitter uses a mysql build that they programmed themselves

Yeah of course writing a custom RDBMS is something most startups are looking to do right?  Of course that custom RDBMS would also work with asp.net (and probably any other programming language).  DB =/= programming language.  Also how much cost (labor isn't free) do you think this custom RDBMS Twitter built ended up costing.  


4)
Lastly as we pointed out these are hardware scale issues way way way beyond what a startup would face.  ASP.NET and SQL Server do scale up into the "top of the web category" with sites like stackexchange which refutes your dubious claim that asp.net doesn't scale.   

Then again someone who finds a $300 conference "outrageous" likely hasn't had a very successful career in database development so don't beat yourself up for continually spewing nonsense.  I mean these are things picked up on the job and I doubt you will learn that stocking the shelves at Best Buy is very rewarding.

[nyusternie]

I would like to just chime in again.  As I this thread has made quite obvious, the framework, language, protocols that you enventually choose are very much debatable. When discussing "specifically" a Bitcoin business, which is what the OP has stated is his intention, I restate that security should be regarded as critical to your success. One bad hack and the results are disasterous as several Bitcoin business have already found out (the hard way). As much as I am enjoying the "friendly" banter, the point is sorely being missed here. Just go with what works for YOU.

As for licensing startups can get essentially licenses for up to three years using Microsoft bizspark program.

I was unaware of Redmond's Bizspark program, as I got out of ASP well before 2008.  This is certainly a step in the right direction (a baby step at that), but nonetheless they are obviously trying to become more startup-friendly. I'd also like to mention that IE10 is again a great step in the right direction.  FINALLY, I mean FINALLY deciding to conform to the industry standards (so I don't have to build a website for EVERYONE and then IE).  If they make a version for Mac or Linux I think I'd actually be willing to install it and give it a test run.

Please correct me if I'm wrong, but I've found little to absolutely no ASP.net support when it comes to Bitcoin.  Now, I will say that I haven't really been looking so I could have easily overlooked that fact. Back to the point, IMO the OP will probably find a smoother road to success going with a Bitcoin-friendly platform/framework/language like PHP and/or Python (I don't think C/C++ is part of this debate) based on an open-source hardware infrastructure.  Things in the Bitcoin world ARE moving rapidly and I don't see it being easy relying on MSFT forums and support channels to get answers to your (Bitcoin security related) questions.

As ALL points are valid in their own right, considering the OP (and the Bitcoin-specific nature of this business), IMO the decision is quite clear:
(WARNING: troll-bait alert)

• NO to Windows v.Anything go with Linux v.AnyDistro
• NO to IIS - go with Apache or Nginx
• NO to ASP.net - go with PHP or Node.js
• NO to SQL Server - go with MySQL (not my first choice) or PostgreSQL or FirebirdSQL (my personal favorite), even MongoDB seems to be quite interesting

You won't have to worry about licensing fees EVER-EVER and support will be plentifully abundant in the FREE forums.

For this I offer 2 bitcents,
S.

[btchip]

Since this thread derived a bit to security & implementation concepts, I don't think I'm too off topic and it reminded me of a use case for a smartcard wallet which might not be obvious to everybody - server side security.

You can support X * chips transactions per second on a server with a very good security level for cheap - an attacker will need to keep connected to the server in order to do something useful.



Of course if you plan to compete with Visa and Mastercard, old fashioned Hardware Security Modules are still recommended, but don't come with the same price tag 

(crossposted to my own thread with more details)

[schalk]

Please correct me if I'm wrong, but I've found little to absolutely no ASP.net support when it comes to Bitcoin.  Now, I will say that I haven't really been looking so I could have easily overlooked that fact. Back to the point, IMO the OP will probably find a smoother road to success going with a Bitcoin-friendly platform/framework/language like PHP and/or Python (I don't think C/C++ is part of this debate) based on an open-source hardware infrastructure.  Things in the Bitcoin world ARE moving rapidly and I don't see it being easy relying on MSFT forums and support channels to get answers to your (Bitcoin security related) questions.

http://code.google.com/p/bitcoinsharp/ and http://bitcoincs.codeplex.com/

Also - I don't think it is necessary to have language specific support for bitcoin. There is a lot of information on how bitcoin works on the wiki as well as on http://bitcoin.stackexchange.com/

[nyusternie]

http://code.google.com/p/bitcoinsharp/ and http://bitcoincs.codeplex.com/

Also - I don't think it is necessary to have language specific support for bitcoin. There is a lot of information on how bitcoin works on the wiki as well as on http://bitcoin.stackexchange.com/

You are right in that it is NOT necessary, but it sure does help.  I would guess that you've never dug that deep into the Bitcoin protocol.  I have very much respect for anyone who can even understand it.  I've dedicated 100+ hours in trying to comprehend all of the crypto-jargon and its been a slow, uphill battle. My point being that if and when you need to customize / tweak your code (for some specific use case), unless you've got some sort of crypto-analyst (is that a real word?) on your team, you may find it hard pressed to achieve your goals.

BTW, the first link you sent is to a library that hasn't been updated since Oct '11 and the second was June '11. I'm sure at some point, someone thought it was a good idea to port that Java code, but it hasn't been touched since. And a .NET (dot net, ASP) search on SE came up quite skimpy (I count 2). I'm very sure there are ample and perfectly good uses for .NET, but Bitcoin is NOT one of them.

[schalk]

http://code.google.com/p/bitcoinsharp/ and http://bitcoincs.codeplex.com/

Also - I don't think it is necessary to have language specific support for bitcoin. There is a lot of information on how bitcoin works on the wiki as well as on http://bitcoin.stackexchange.com/

You are right in that it is NOT necessary, but it sure does help.  I would guess that you've never dug that deep into the Bitcoin protocol.  I have very much respect for anyone who can even understand it.  I've dedicated 100+ hours in trying to comprehend all of the crypto-jargon and its been a slow, uphill battle. My point being that if and when you need to customize / tweak your code (for some specific use case), unless you've got some sort of crypto-analyst (is that a real word?) on your team, you may find it hard pressed to achieve your goals.

BTW, the first link you sent is to a library that hasn't been updated since Oct '11 and the second was June '11. I'm sure at some point, someone thought it was a good idea to port that Java code, but it hasn't been touched since. And a .NET (dot net, ASP) search on SE came up quite skimpy (I count 2). I'm very sure there are ample and perfectly good uses for .NET, but Bitcoin is NOT one of them.

actually I have been digging quite deep into the bitcoin protocol, I can tell you now that I have spent a lot more than 100 hours making sense of how the protocol works. Even though Bouncy Castle did make life easy.

What makes a language "good" for bitcoin? .NET does a perfectly good job. I can make the same website in .NET as I can in PHP, in a less amount of time without having to pay for additional software.

(I really don't see the need for requiring bitcoin specific help for .NET when I understand the protocol myself and can implement the code myself. Which I would much rather do anyway, that way I can ensure the code is loosely coupled and I can write unit tests for it)
 

Bitcoinsharp and bitcoincs are more of librarys to be used on a desktop and functions as a wallet, and not a connection to bitcoind for web applications.

You are wrong. I have found it quite handy being able to generate bitcoin addresses, as well as using https://blockchain.info/pushtx to push transactions to the network. No need to use a bitcoind.

[schalk]

Bitcoinsharp and bitcoincs are more of librarys to be used on a desktop and functions as a wallet, and not a connection to bitcoind for web applications.

You are wrong. I have found it quite handy being able to generate bitcoin addresses, as well as using https://blockchain.info/pushtx to push transactions to the network. No need to use a bitcoind.

I bet you be that one that saves private keys in a database unencrypted and then when a sql injection is performed you are like OMG someone stole from me...

Bitcoind does it job and does it well

Actually no. I'm the kind of guy that uses a ORM (specifically http://www.mindscapehq.com/products/lightspeed) so I don't have to concentrate on making sure queries are escaped. I'm also the kind of guy that uses encryption / hashing when storing sensitive data. But thanks for sharing your concern.

[schalk]

Bitcoinsharp and bitcoincs are more of librarys to be used on a desktop and functions as a wallet, and not a connection to bitcoind for web applications.

You are wrong. I have found it quite handy being able to generate bitcoin addresses, as well as using https://blockchain.info/pushtx to push transactions to the network. No need to use a bitcoind.

I bet you be that one that saves private keys in a database unencrypted and then when a sql injection is performed you are like OMG someone stole from me...

Bitcoind does it job and does it well

Actually no. I'm the kind of guy that uses a ORM (specifically http://www.mindscapehq.com/products/lightspeed) so I don't have to concentrate on making sure queries are escaped. I'm also the kind of guy that uses encryption / hashing when storing sensitive data. But thanks for sharing your concern.

ORM are used by you cause you don't take the time to learn about real security. I would even escape when using an ORM especially lightspeed, it aint that great of a server. I could make apache or nginx more secure anyway. Also you wouldn't use hashing to store a bitcoin private key, you would need to do a two way function probably aes so where you storing them keys?

Encryption / Hashing is decided on a case by case basis. Usually when dealing with passwords I would use hashing / salting of the password. However depending on what I want to do with a bitcoin private key would depend on how I would store it.

And yup, you nailed the head on that, I use an ORM since I don't take time to learn about security.