Hi, I'm still bright and shiny new here, but in the meantime I have made this program.
Before you read on, let me tell you that this is work in progress, and no it's not available yet
, but I want to see if there's enough demand for such an application.
If there is enough demand I will put the source code (no binaries or dll's) on github so it can be peer reviewed. Which is a must for any bitcoin related application, since any of them can be a wallet stealer or any other kind of malware.
- instant wallet and ticker view
- sell and buy (and cancel) orders with one simple click (using buy/sell and high & low values as predefined prices and a predefined amount)
- simple stock chart.
- event log
Features it lacks:
Hmm where to start...
- buy at a custom price and amount
- store the past ticker values and/or get them from the API (in progress)
- higher usability
- insert yours
Maximized example of chart tab:http://farm7.static.flickr.com/6005/5930125002_329d228d73.jpgHere is the code (with exception of the form code) I created as proof that it's not just a photoshop or a fancy winforms drawing: http://pastebin.com/u/deebug
If you feel I'm on the right track and you wish to encourage development, you are welcome to donate at 19W2XQWkDME6YVkovnAeuxEz3ozFBnfift
(Since it's keeping me away from my "real" work, it would be a good motivator to continue)
Some more thoughts about this application:
Since we are talking about a financial program, the security should be a number one priority within the program.
That worries me the most. I already did an attempt to increase security, here are some thoughts:
# password storage
As for now the application stores the password using a salt string that uses
- A key that is stored in code (which changes at every build, which can be found quite easily, unfortunately)
- Windows Login credential UID (which can be found if your account is compromised)
- CPU ID (which can be identical or easy to figure out)
- Mainboard ID (in some cases is empty and/or easy to figure out)
In all, the safest way of storing a password is not storing it at all.
# password control
The password input field is a custom control that obfuscates the keypress event immediately, it does this by:
- sending a fake character to the password control (you have visual feedback, but no real value behind the control, so no point trying to use a password control revealer)
- Every char is added to a SecureString and when you press "Save" it is instantly written as a decrypted string into the user application settings (using the salt value described above).
- After the char is added we destroy the all the used variables and force a garbage collection.
#sending out API requests
The password needs to be converted to an "unsecure" string value for a very short time to add it to the POST data.
After the request is made the password is destroyed by cleaning up the used variables and forcing a garbage collection.All requests are send over HTTPS (SSL) but I still need some more info about how to check the validity of the SSL certificate!
*** Random notes
Oh yes, it's written in VB.NET using Microsoft .NET 4.0 which means a lot of overhead, no or very difficult porting to mac and *nix and a potential for bad code. But this is the language I know the best so I'll stick to this.
In the process of choosing a cross platform IDE.
It's far from ready mind you, it's at most a working concept.
The stock chart is kind of unconventional, in stead of a constant time-line, the stock values are only updated when there is a change in stock value.
It changes whenever ticker values change, but displayed on a proportional autoscaling timeline.
The log is mainly used to keep track of events (up/down of certain values) that might be tight to automatic actions in the future (auto trading perhaps?)
#the (slow) MtGox API
All timer events and requests to the (sometimes very slow) Mt Gox API are done in a background worker so the UI is very responsive.
This is the first time I (try to) contribute so be gentle...