Bitcoin Forum
December 05, 2016, 12:53:43 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: TradeHill API was coded by amateurs  (Read 2681 times)
gigi
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 02:32:09 AM
 #1

Look at the way the JSON response from their API is formatted.

https://api.tradehill.com/API/USD/Trades
https://api.tradehill.com/API/USD/Orderbook

How it is (notice the " around values):
Code:
{"date": "1308278023", "tid": "4667", "price": "17.20010000", "amount": "10.00000000"}

How it should be (notice the lack of " around values):
Code:
{"date": 1308278023, "tid": 4667, "price": 17.20010000, "amount": 10.00000000}

A senior level programmer would not make this trivial mistake. You do not send numbers out as strings. My firm wouldn't even hire for junior level the people who designed such a thing. The other exchanges at least format these responses correctly. And they still got hacked due to other vulnerabilities. How can I trust the security of a site dealing with money, when they can't get basic stuff like JSON right?

I noticed this since I started logging their prices (for historical purposes), but I feel compelled to point it out now since there is lot of talk about how "professional" they are and due to the attack people started searching for Mt Gox alternatives.

What I would like to see is for TradeHill to post pictures of their faces, their offices, their infrastructure, each one of them including the secure timestamp from a Financial Times copy.

Cryptographic secure timestamp:
http://upload.wikimedia.org/wikipedia/en/6/6c/Guardtime_timestamping_newspaper_publication.png
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480942423
Hero Member
*
Offline Offline

Posts: 1480942423

View Profile Personal Message (Offline)

Ignore
1480942423
Reply with quote  #2

1480942423
Report to moderator
1480942423
Hero Member
*
Offline Offline

Posts: 1480942423

View Profile Personal Message (Offline)

Ignore
1480942423
Reply with quote  #2

1480942423
Report to moderator
1480942423
Hero Member
*
Offline Offline

Posts: 1480942423

View Profile Personal Message (Offline)

Ignore
1480942423
Reply with quote  #2

1480942423
Report to moderator
stillfire
Full Member
***
Offline Offline

Activity: 125


View Profile
June 20, 2011, 02:34:55 AM
 #2

Sending decimal numbers as numbers invites clients to interpret them as floats and thereby introduce rounding errors. It's not a bad idea to transfer fixed point decimal numbers as strings.

Lost your wallet password? Try Stillfire's Password Recovery Service.
gigi
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 02:39:09 AM
 #3

Sending decimal numbers as numbers invites clients to interpret them as floats and thereby introduce rounding errors. It's not a bad idea to transfer a fixed point decimal numbers as strings.
What about the other numbers which are integers?

I deal with a lot of Forex sites, they list the quotes as numbers - http://rates.fxcm.com/RatesXML

The problem you are describing is real, and that is why the Decimal data type was invented (fixed point decimal, like you said).
bullox
Member
**
Offline Offline

Activity: 112


View Profile
June 20, 2011, 02:39:28 AM
 #4

OP is a moron.

You'd generally export those values as strings for enhanced readibility when combined and thrown together in, say, a table.  Key word here is EXPORT.

You act as if there is no way to convert that json element back to a float.... silly.
genjix
Legendary
*
Offline Offline

Activity: 1232


View Profile
June 20, 2011, 02:39:39 AM
 #5

TradeHill is doing the correct thing here. This is totally standard.

http://blog.programmableweb.com/2010/10/19/the-twitter-id-shuffle-text-vs-numbers/
EpicFail
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 20, 2011, 02:45:38 AM
 #6

I don't think it matters either way. Any properly written parser would use explicit conversion and not rely on conversion to the default types provided by JSON specs.
imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 20, 2011, 02:49:32 AM
 #7

I vote in the "It doesn't matter" category. I program for a living so yeah that's my qualifications for this statement.
gigi
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 02:52:06 AM
 #8

Ok, now that everybody agrees that I'm a moron regarding the JSON, any comments of my pictures requests?

BTW, I'm gigi, a programmer with 30 years experience in coding financial systems, great business development skills, and was CEO of a major investment bank for 10 years. Trust me, because I say so on the Internets. (check the "TradeHill - Who we are" thread if you don't get it)
kokojie
Legendary
*
Offline Offline

Activity: 1498



View Profile WWW
June 20, 2011, 02:54:19 AM
 #9

Actually I'm glad they send numbers as strings, as that's the way it should be done. It's up to the requesting script to determine how to handle the data.

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
My reputation
Astro
Sr. Member
****
Offline Offline

Activity: 242



View Profile
June 20, 2011, 02:55:40 AM
 #10

pedant
iCEBREAKER
Legendary
*
Offline Offline

Activity: 1498


Crypto is the separation of Power and State.


View Profile WWW
June 20, 2011, 02:57:47 AM
 #11

OP is a moron.

You'd generally export those values as strings for enhanced readibility when combined and thrown together in, say, a table.  Key word here is EXPORT.

You act as if there is no way to convert that json element back to a float.... silly.

Such an ironic mistake is pretty amateurish, no? 

Although you gotta admit that the guy is pretty darn good at getting worked up, pointing fingers, and name-calling.

Quote

A senior level programmer would not make this trivial mistake. My firm wouldn't even hire for junior level the people who designed such a thing should fire me for being such a presumptuous donkey.

ftfy

The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy.  David Chaum 1996
Fungibility provides privacy as a side effect.  Adam Back 2014
"Monero" : { Private - Auditable - 100% Fungible - Flexible Blocksize - Wild & Free® - Intro - Wallets - Podcats - Roadmap - Dice - Blackjack - Github - Android }


Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016
Blocks must necessarily be full for the Bitcoin network to be able to pay for its own security.  davout 2015
Blocksize is an intentionally limited resource, like the 21e6 BTC limit.  Changing it degrades the surrounding economics, creating negative incentives.  Jeff Garzik 2013


"I believed @Dashpay instamine was a bug & not a feature but then read: https://bitcointalk.org/index.php?topic=421615.msg13017231#msg13017231
I'm not against people making money, but can't support questionable origins."
https://twitter.com/Tone_LLT/status/717822927908024320


The raison d'être of bitcoin is trustlessness. - Eric Lombrozo 2015
It is an Engineering Requirement that Bitcoin be “Above the Law”  Paul Sztorc 2015
Resiliency, not efficiency, is the paramount goal of decentralized, non-state sanctioned currency -Jon Matonis 2015

Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016

Technology tends to move in the direction of making surveillance easier, and the ability of computers to track us doubles every eighteen months. - Phil Zimmerman 2013

The only way to make software secure, reliable, and fast is to make it small. Fight Features. - Andy Tanenbaum 2004

"Hard forks cannot be co
Icy-
Newbie
*
Offline Offline

Activity: 28


View Profile
June 20, 2011, 03:01:17 AM
 #12

Alright great, I disagree with OP.

At least we all can agree OP is a moron though.  Roll Eyes
jakemates
Member
**
Offline Offline

Activity: 69


firstbits.com/1c3qpa


View Profile WWW
June 20, 2011, 03:11:12 AM
 #13

Why must they post photos? We don't demand proof and photos of EVERY bitcoin-related exchange.
Sottilde
Newbie
*
Offline Offline

Activity: 10


View Profile
June 20, 2011, 03:12:12 AM
 #14

Alright great, I disagree with OP.

At least we all can agree OP is a moron though.  Roll Eyes

The troll threads tonight have been neverending.  This is one of the worst, along with that "proof" thread where the OP didn't understand that a large sell order would not be matched by a single large buy order.

The posturing wannabe programmer here is almost as bad.
semarjt
Newbie
*
Offline Offline

Activity: 27


View Profile
June 20, 2011, 03:27:22 AM
 #15

Indeed, this is not that out of the ordinary.

I heard tonight that they use python for their backend. (+1 over the php using mtgox)

So the are most likely using the Decimal data type from the standard lib. This is not strange.

What I think should happen is crap like this should be removed as soon as it is realized it is crap. You are tarnishing the name of a business.

Or the OP should have contacted TradeHill with their little 'discovery' before pulling this.

How many scrolled through the forums, saw "TradHill API was coded by amateurs" without taking the time to find out the truth?

That sentiment is now floating around in their subconscious.

hoo2jalu
Member
**
Offline Offline

Activity: 70



View Profile
June 20, 2011, 03:28:20 AM
 #16

Sending decimal numbers as numbers invites clients to interpret them as floats and thereby introduce rounding errors. It's not a bad idea to transfer fixed point decimal numbers as strings.

Correct. This is actually a feature borne out of wisdom dealing with lots of different languages and runtimes which may not support floating point math accurately or as expected when doing conversions to other types.

gigi is the idiot.

EDIT: and just to clarify, using a string type let's you, the API user, determine how to re-cast and interpret the value rather than dealing with side effects of some implementation which tries to "do the right thing" by default.
hoo2jalu
Member
**
Offline Offline

Activity: 70



View Profile
June 20, 2011, 03:30:17 AM
 #17

...
BTW, I'm gigi, a programmer with 30 years experience in coding financial systems, great business development skills, and was CEO of a major investment bank for 10 years...

You are clearly a poor programmer. Get over yourself.
semarjt
Newbie
*
Offline Offline

Activity: 27


View Profile
June 20, 2011, 03:35:44 AM
 #18

Sending decimal numbers as numbers invites clients to interpret them as floats and thereby introduce rounding errors. It's not a bad idea to transfer fixed point decimal numbers as strings.

Correct. This is actually a feature borne out of wisdom dealing with lots of different languages and runtimes which may not support floating point math accurately or as expected when doing conversions to other types.

gigi is the idiot.

EDIT: and just to clarify, using a string type let's you, the API user, determine how to re-cast and interpret the value rather than dealing with side effects of some implementation which tries to "do the right thing" by default.


This is all correct and makes sense. I would also like to add that in order to serialize a decimal.Decimal() (which i can almost guarantee they are using).
 You have to cast it to a native type beforehand. Your choices are: str(), int() or float().

The choice is obvious
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 20, 2011, 03:45:37 AM
 #19

Quote
pedant




is it wrong that I laughed my ass off at this post?
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!