Bitcoin Forum
December 07, 2016, 10:13:34 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How to avoid another MtGox Affair  (Read 991 times)
MarketAnarchist
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 03:24:43 AM
 #1

The primarily problem with this MtGox Affair is not that some poorly secured web site got hacked, the problem is that there are too few exchanges.

I propose we need to talk about the possibility of building some sort of open source, out of the box Bitcoin exchange solution. Maybe it needs to be some sort of toolkit, some sort of framework, or maybe some full blown system that you can get up and running quickly, and then make it easy for implementers to improve upon their exchange with contributions from the OS community.

In addition to immediately making it easier for far more exchanges to exist, this would allow for greater trade volume and increased liquidity, given the $1,000/day-$10,000 month rule.

This may sound ambitious, but not so much given that someone has already done a great deal of work to produce such an OS product -- MtGox.

I'm thinking that perhaps MtGox should be asked to release their framework to the public. Let us fix it and let's just get on with this thing. Because, let's face it, their reputation is absolutely trashed. But if we can bring transparency into the game, I have no reason not to trust a brand who has a product that I am capable of auditing.

Thoughts?

(Speaking as programmer of 10 years -- lots of experience with PHP, MySQL, JavaScript (Dojo. jQuery, Prototype), HTML, CSS)

185Nw1tExuRJ2AgZxksAf6z9PKSThirui8
1481148814
Hero Member
*
Offline Offline

Posts: 1481148814

View Profile Personal Message (Offline)

Ignore
1481148814
Reply with quote  #2

1481148814
Report to moderator
1481148814
Hero Member
*
Offline Offline

Posts: 1481148814

View Profile Personal Message (Offline)

Ignore
1481148814
Reply with quote  #2

1481148814
Report to moderator
Be very wary of relying on JavaScript for security on sites such as blockchain.info and brainwallet.org. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481148814
Hero Member
*
Offline Offline

Posts: 1481148814

View Profile Personal Message (Offline)

Ignore
1481148814
Reply with quote  #2

1481148814
Report to moderator
ableorange
Member
**
Offline Offline

Activity: 100

All things bitcoin


View Profile
June 20, 2011, 03:30:49 AM
 #2



https://britcoin.co.uk/


I think is just this. (offline at the moment like the others)

Amir Takki is the founder/ and or creator (i think) and offers the code free (open source) for more people to build exchanges.

I totally agree with what your saying we need a bunch of good exchanges, with an overall network value for bitcoin (in all the major fiat currencies).

Also maybe exchanges that offer other things with value such as houses, cars, clothes, food, energy, water ect.


Cheers
btyako
Newbie
*
Offline Offline

Activity: 14


View Profile
June 20, 2011, 03:31:33 AM
 #3

being that much higher profile website useraccounts have been exploited recently (paypal, facebook, twitter, sony online etc) this is just par for the course at the moment in my opinion, the amount of security at mtgox is kind of a joke with the amount of money being thrown around it to be honest.

if you find my posts helpful:
1B7Goaum7EpM9KEQCFsC8moUJixr6QMYJ8
MarketAnarchist
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 03:35:01 AM
 #4

being that much higher profile website useraccounts have been exploited recently (paypal, facebook, twitter, sony online etc) this is just par for the course at the moment in my opinion, the amount of security at mtgox is kind of a joke with the amount of money being thrown around it to be honest.


Right, I agree, this is not some sort of signal about the failure of bitcoin, this is about the failure to apparently provide adequate security at one particular exchange. The real negative in all this is that having just one web site compromised caused such havoc in BTC value and trade volume. If we're gonna run a decentralized network, then let's run a decentralized network.

185Nw1tExuRJ2AgZxksAf6z9PKSThirui8
MarketAnarchist
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 03:41:11 AM
 #5

I'm just throwin' some ideas out there to chew on, so here's something else...

We already have this concept of a node in the P2P network, which is essentially a machine running the Bitcoin client. And that Bitcoin client has a certain role in all this, which is well established. Maybe we need to introduce some sort of new concept. Perhaps a collection of nodes could act as exchanges.

Part of the problem, with regards to scalability, is staying within the limits of the $1,000/$10,000 trading rule.

One way to work within that limit is to make it easier to build exchanges, such as I suggested with some sort of OS framework that could be easily implemented, both quickly and cheaply.

Or, perhaps we need to add some new concept to the P2P network, where the work of the MtGox type exchanges could be off-loaded to some sort of anonymous, decentralized network. I'm sort of weak on implementation ideas on that option though.


185Nw1tExuRJ2AgZxksAf6z9PKSThirui8
btyako
Newbie
*
Offline Offline

Activity: 14


View Profile
June 20, 2011, 03:42:44 AM
 #6

being that much higher profile website useraccounts have been exploited recently (paypal, facebook, twitter, sony online etc) this is just par for the course at the moment in my opinion, the amount of security at mtgox is kind of a joke with the amount of money being thrown around it to be honest.


Right, I agree, this is not some sort of signal about the failure of bitcoin, this is about the failure to apparently provide adequate security at one particular exchange. The real negative in all this is that having just one web site compromised caused such havoc in BTC value and trade volume. If we're gonna run a decentralized network, then let's run a decentralized network.

Yea I see what you are saying, at the moment tho I agree with the other poster and you that they might want to get some people like was said to work together and get a framework established and start using that framework to create other exchanges, since by the looks of it mtgox's programmers well... noone should have trusted them with real money by what i've seen.


if you find my posts helpful:
1B7Goaum7EpM9KEQCFsC8moUJixr6QMYJ8
btyako
Newbie
*
Offline Offline

Activity: 14


View Profile
June 20, 2011, 03:44:33 AM
 #7

I'm just throwin' some ideas out there to chew on, so here's something else...

We already have this concept of a node in the P2P network, which is essentially a machine running the Bitcoin client. And that Bitcoin client has a certain role in all this, which is well established. Maybe we need to introduce some sort of new concept. Perhaps a collection of nodes could act as exchanges.

Part of the problem, with regards to scalability, is staying within the limits of the $1,000/$10,000 trading rule.

One way to work within that limit is to make it easier to build exchanges, such as I suggested with some sort of OS framework that could be easily implemented, both quickly and cheaply.

Or, perhaps we need to add some new concept to the P2P network, where the work of the MtGox type exchanges could be off-loaded to some sort of anonymous, decentralized network. I'm sort of weak on implementation ideas on that option though.



well... real markets do have safeguards in place (automated) that if something like this were to happen everything would be suspended pretty quickly and locked down, specifically because of something like this happening.


if you find my posts helpful:
1B7Goaum7EpM9KEQCFsC8moUJixr6QMYJ8
ableorange
Member
**
Offline Offline

Activity: 100

All things bitcoin


View Profile
June 20, 2011, 03:50:50 AM
 #8

Bitcoin is secure.. the miners, the client. The node based system that it is.

Maybe a sister Node based exchange?
MarketAnarchist
Newbie
*
Offline Offline

Activity: 12


View Profile
June 20, 2011, 04:15:13 AM
 #9

Bitcoin is secure.. the miners, the client. The node based system that it is.

Maybe a sister Node based exchange?

I'm not sure. I don't know if this is a scalability problem that will become chronic or if we just have a temporary problem to overcome.

There really shouldn't be any particular exchange that should have this kind of power to completely degrade the value of the currency. This seems like a really critical point of failure. It may be simply because there are only so many resources available, as far as volunteers and entrepreneurs who are available to deploy labor and capital, and thus temporary. I fear there is a small potential for this to become an ongoing problem, as I suspect the natural state of the market may eventually prefer only a handful of exchanges.

Maybe we need to adapt to this threat and build something into the system so there are no too big to fail nodes in this network?

185Nw1tExuRJ2AgZxksAf6z9PKSThirui8
bitcoin.monger
Newbie
*
Offline Offline

Activity: 14


View Profile
June 20, 2011, 04:53:56 AM
 #10

I am not sure that having more exchanges would prevent future MtGox-like incidents. Having too many exchanges creates different types of problems, for example:
1. if any script-kiddie can start an exchange tomorrow, security will be worse, not better.
2. building a secure open-source codebase is difificult, requires many COMPETENT contributors, and takes time. meanwhile, what prevents a hacker from exploiting weaknesses found in the code (which would be, of course, open and public). this is NOT the Linux community, with thousand of geeks eyeballing the soure code looking for love and honor, not money  Cheesy
3. the user base being relatively small, too many exchanges could fragment the market to the point where the price would fluctuate a lot simply because of fragmentation.
MarketAnarchist
Newbie
*
Offline Offline

Activity: 12


View Profile
June 22, 2011, 01:49:25 AM
 #11

Check out what this guy has to say on an inter-bank exchange mechanism. http://www.reddit.com/r/Bitcoin/comments/i5lnj/mtgoxs_demise_provides_an_opportunity_to/

185Nw1tExuRJ2AgZxksAf6z9PKSThirui8
zer0
Sr. Member
****
Offline Offline

Activity: 350



View Profile
June 22, 2011, 11:55:01 PM
 #12

MtGox clones should use CloudFlare, which filters DDOS and SQL/XSS attacks before returning clean traffic to your site. Combine that with Banshee secure PHP and Hiawatha serving up pages on separate partitions with nosuid/noroot/ect limited access, wrappers instead of direct database calls, and apparmor for protection instead of chroot (or could use both) and should be good2go.



Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!