What have we all learnt from the Mt Gox incident?

[jaybny]

only people angry about rolling back trades are the ones that got in at great prices. rolling back trades is the correct move and it happens on all exchanges.

[1715043067]

1715043067

[1715043067]

1715043067

[1715043067]

1715043067

[1715043067]

1715043067

[istar]

That a lot of bitcoin users are acting like 13-17 years old kids. Maybe they are   
MtGox is handling this very good.

But dont keep all your coins at MtGox.

[PGPpfKkx]

ive been writing this wherever i can.

all bitcoin exchanges need to have a circuit breaker = stop the market when its down 10% or more for 12 hours or something like in all major stock markets.this will discourage short-selling and market manipulation and prevent things like that happen ever again.

making a coin which gives heart attacks to customers,users and merchants is not very smart.

[Batouzo]

i just received a mail from MtGox with a self extracting archive ( .exe ) purporting to be a certificate to help combat this.... no way am i opening it, it got captured by my spam services anyhow but really.. who the hell is gonna trust an executable from them now ?

Not for them.
From: can be trivially spoofed.
Don't run any .exe
Don't use windows.
Don't touch windows with 20 meter stick while doing anything related to security of more then few bucks.

Jesus, guys.

[jackjack]

I learnt that during bitcoin shitstorms, whatever you say, some will find it's the more intelligent message of the week, others will bash you to the death

[EpicFail]

Hey, you. Over there. Yeah, the one who talks big and doesn't know jack.

Guess what the exchanges do every day they have a mini-flash-crash? That's right, there are plenty of smaller stocks that trade say at $12 that get smacked down to 30 cents. The HFT guys are the usual culprit, but all the trades get busted within a certain percentage. Mt. Gox is just following best practices here.

Sorry you don't get it - but you would if you really did 'work on a real exchange'.

Take my trading cards clerk, and get me a hoagie while you run that crap to the back office. Clerk Failpile.

I am not a trader, I develop trading systems software. I've worked on systems that cleaned up the mess when trades get busted, so my attitude is less cavalier than yours. Admittedly, I've dealt only with institutional and larger hedge fund trades that don't typically involve lightly traded securities, so these massive rollbacks could be a more common occurence than I thought.

[EpicFail]

Oanda is taken seriously. They have also been known to roll back trades.

Speaking of Oanda, it's be insanely awesome if they added BTC as a currency to their systems.

Some still say Oanda is a bucketshop, albeit a respectable one.

Rolling back trades is not the issue I have with Mt Gox. Just the sheer size of the rollback and the fact that they got themselves into a state where this is the only best solution.

[relative]

1. Flocking to a central exchange to trade a decentralised currency is a bad idea.

Continue on ...

+1

We definitely need LOTS more exchanges and different ways to convert between BTC and other currencies. That's part of the maturing process of the Bitcoin ecosystem.

the war FOREX is set up is that each bank is an exchange itself but they also trade with each other.
the existing exchanges should develop an interface that allows them to exchange quotes and trade with each other - which increases liquidity and makes it easier to start many exchanges - anyone, like your local bank could start one then, just by feeding you the quotes of MtGox but your money is actually with them.

[Horkabork]

I've learned that, after incidents like this, lots of people come out of the woodwork claiming to be experts on pretty much everything, usually followed by statements that utterly disprove their assertion.

Also, Mt. Gox needs a public relations person stat. These conspiracy theories are getting out of hand and they need to be smacked down in one, official, one-stop stickied FAQ thread. The worst thing that you can do in these situations is make it practically impossible for your users to decipher truth from fiction, especially after a few days of claims of hacked accounts that very senior members here dismissed. And especially after it took far too long for Mt. Gox to acknowledge that the user database in the wild was real.

Responding to people is almost as important as repairing the security issues, because trust has been broken nearly as badly.

Not to mention that, without a clear voice of Mt. Gox here in the aftermath, we're going to see a plethora of horribly erroneous media articles this week because journalists will be writing articles based on second-hand knowledge and heresay that they can't easily verify or dismiss.

[relative]

Also, Mt. Gox needs a public relations person stat. These conspiracy theories are getting out of hand and they need to be smacked down in one, official, one-stop stickied FAQ thread. The worst thing that you can do in these situations is make it practically impossible for your users to decipher truth from fiction, especially after a few days of claims of hacked accounts that very senior members here dismissed. And especially after it took far too long for Mt. Gox to acknowledge that the user database in the wild was real.

sounds to me like they already have a public relations person.

[NetTecture]

I am not a trader, I develop trading systems software. I've worked on systems that cleaned up the mess when trades get busted, so my attitude is less cavalier than yours. Admittedly, I've dealt only with institutional and larger hedge fund trades that don't typically involve lightly traded securities, so these massive rollbacks could be a more common occurence than I thought.

That pretty much says it. I do both, trade and develop trading systems.

There have been repeated incidents in the last months on some US securities where trading systems went totally out of control, smacking the price from 28 USD to 2800 USD within a minute, or down to cents.

In all cases the complete set of trades was cancelled.

Last year you had the famous flash crash - also a lot of executions got cancelled.

I suggest looking at http://www.zerohedge.com/search/node/nanex for an idea about what happens there. Nanex is a quite good (my favourite) data provider (though they dont care the wannabe trader - no symbols, only complete exchange feeds) and they always make their analysis available QUITE a good read.

I suggest  for a start:
http://www.zerohedge.com/article/todays-flash-crash-690-009-two-seconds
http://www.zerohedge.com/article/2880-2600-two-second-thank-you-skynet
http://www.zerohedge.com/article/102-001-under-one-second (that is 120 USDS per share to 1 cent)
http://www.zerohedge.com/article/6-1-milliseconds-ambo-first-flash-crash-du-jour

In any case exchanges do waht they are there for: reestablish an orderly market and basically cancel the trades done outside the orderly market.

[TraderTimm]

I am not a trader, I develop trading systems software. I've worked on systems that cleaned up the mess when trades get busted, so my attitude is less cavalier than yours. Admittedly, I've dealt only with institutional and larger hedge fund trades that don't typically involve lightly traded securities, so these massive rollbacks could be a more common occurence than I thought.

If you're interested, check out the NANEX folks. They do some interesting plots of issues that have had the same distressing behavior as the indexes when the flash-crash occurred in May. What is alarming is it seems to point the blame at some "alpha testing in the wild" by High Frequency Algorithms, as the patterns produced by sub-pennying bids and offers become apparent.

I've worked on automated trading software, but not like these guys - I actually just want to emulate good trading decisions, not spam an exchange with 1,000 orders a second.

Good luck on your efforts.

[kokojie]

i just received a mail from MtGox with a self extracting archive ( .exe ) purporting to be a certificate to help combat this.... no way am i opening it, it got captured by my spam services anyhow but really.. who the hell is gonna trust an executable from them now ?

Not for them.
From: can be trivially spoofed.
Don't run any .exe
Don't use windows.
Don't touch windows with 20 meter stick while doing anything related to security of more then few bucks.

Jesus, guys.

Windows is fine, and is more secure than linux. If linux would receive the same amount of malicious attacks that windows receive, linux would become unusable and would require patches for years. The security on some of the linux distros is atrocious. Linux security is achieved through obscurity. An attacker isn't going to bother writing attacks against an OS that less than 1% of people use, and those that do use linux are likely to be highly technical.

[aral]

Windows is fine, and is more secure than linux. If linux would receive the same amount of malicious attacks that windows receive, linux would become unusable and would require patches for years. The security on some of the linux distros is atrocious. Linux security is achieved through obscurity. An attacker isn't going to bother writing attacks against an OS that less than 1% of people use, and those that do use linux are likely to be highly technical.

Total utter nonsense! The real reason Windows is more secure is because of the billion-dollar anti-virus and malware protection industry that protects its users.  There is just no decent anti-virus software for linux!  You have to be crazy to install an OS like that. 

[GeniuSxBoY]

Windows is fine, and is more secure than linux. If linux would receive the same amount of malicious attacks that windows receive, linux would become unusable and would require patches for years. The security on some of the linux distros is atrocious. Linux security is achieved through obscurity. An attacker isn't going to bother writing attacks against an OS that less than 1% of people use, and those that do use linux are likely to be highly technical.

Total utter nonsense! The real reason Windows is more secure is because of the billion-dollar anti-virus and malware protection industry that protects its users.  There is just no decent anti-virus software for linux!  You have to be crazy to install an OS like that. 

Linux and Windows are built from the same circuit hardware and same logistic languages and can be coded and hacked the same ways.

Windows is just more popular.
Windows has more ignorant users.
Windows is mainstream.

Prime target for hackers who think it's funny to fuck with people. The larger the population, the higher the probability of at least 1 fool falling for their trick.

Only reason Linux is more secure is because nobody is interested in coding viruses for them yet.

[Freakin]

Pretty impressed overall with Gox's handling of this.  It wasn't even their site itself that was hacked, and they are taking all necessary steps to ensuring it's brought back up securely and with enough notice before the exchange opens.  

I anticipated this sort of thing happening a few weeks ago after BTC shot up to $30, so luckily I changed my Gox pass then to a unique one that is 14 char with all 4 categories covered.

No site/business/network is 100% secure.  Anyone that does security audits will tell you that it's not a matter of IF, but a matter of WHEN they will gain access to some components of the system.

Gox should enforce password complexity requirements, IMO.

[aral]

Linux and Windows are built from the same circuit hardware and same logistic languages and can be coded and hacked the same ways.

Windows is just more popular.
Windows has more ignorant users.
Windows is mainstream.

Prime target for hackers who think it's funny to fuck with people. The larger the population, the higher the probability of at least 1 fool falling for their trick.

Only reason Linux is more secure is because nobody is interested in coding viruses for them yet.

Yeah naturally I was joking... Windows is way less secure.  Mac has 10% market share and its users are foolish enough to pay way over the odds for a machine just because it has an Apple badge on it.  There would be plenty more Mac viruses already if your argument held any water, but it doesn't of course.

[KedP]

Aside from the fact that I'm glad I used a unique password for my Mt. Gox account, I look at this incident in much the same way I look at the Amazon Web Services outage of a couple months ago (which I was also affected by.) Some AWS users left claiming they had lost faith in Amazon's ability to keep their systems up, even though up to that time Amazon's record had been exemplary. My feeling was and still is that this sort of thing would only strengthen Amazon, and that while failures do inevitably happen, this failure would be extremely unlikely to happen ever again, and a whole class of related potential failures would never happen at all. So, unless Amazon, and by the same argument Mt. Gox, shows a repeated pattern of failures in the same category, I think it wise to stick with them.

There's a lot of truth in Nietzsche's statement, "That which does not kill me makes me stronger."

You're comparing Amazon.com with Magic The Gathering Online eXchange.

One of them is the biggest success of the internet age that employs the most talented computer scientists in the world to tackle the most difficult business and technical challenges on the internet.

The other is a glorified calculator, providing a service that was already perfected long ago, in a very amateur and incompetent way. They've made errors that freshman computer science students know not to make. They've proven their deep incompetence.

AWS went down because AWS is like the space shuttle of internet technology. It is cutting edge: AWS EBS is trying to solve a problem that most other experts literally consider impossible. Despite their downtime, they haven't even violated their SLA.

Magic The Gather Online eXchange is too incompetent to use bcrypt and not expose their fucking accounts database to insecure parties. Magic The Gathering doesn't even have an SLA. Because they are fucking incompetent and untrustworthy.

[AbeSkray]

Windows is fine, and is more secure than linux. If linux would receive the same amount of malicious attacks that windows receive, linux would become unusable and would require patches for years. The security on some of the linux distros is atrocious. Linux security is achieved through obscurity. An attacker isn't going to bother writing attacks against an OS that less than 1% of people use, and those that do use linux are likely to be highly technical.

I think you're misusing the phrase "security by obscurity". Security by obscurity means that the technical details of your system are guarded closely from potential attackers. As long as you can keep the outside world from understanding how your system works, they will be unable to exploit flaws in your system. This was a large part of Sony's strategy to keep homebrewers from getting root on the PS3 (which ultimately failed).

The phrase "Given enough eyeballs, all bugs are shallow" applies to linux because bugs (and security flaws) are not hidden, they are openly shared so that they can be recognized and fixed. Linux is the complete opposite of "security by obscurity"!

[imperi]

Windows 7 is very secure.