Intersango HOWTO - Build your own Bitcoin Exchange Web Site!

[ThiagoCMC]

Intersango HowTo

 This procedure will guide you through the steps toward the installation and configuration of a Ubuntu server to host your Intersango Bitcoin Exchange.

 We'll utilize the domain "bitcoinexample.com" as a example.

 All of my Linuxes are Virtual Machines (ParaVirtual) on top of XenServer, and are minimal installations (F4 option at the server CD boot menu).

Yes, host your wallet.dat within a Xen virtual machine is pretty safe, because the manager of the physical machine can't access your portion of RAM memory. That's because the Xen provides a security through isolation. Do not believe if somebody says that virtual machine are unsafe, this affirmation can be true for vmware and for virtualbox, but not for Xen.

NOTE: Before putting your Xen virtual machine in a production environment, you must convert your virtual machine from HVM to PVM domain.

NOTE 2: It is highly recommended to encrypt your entire Linux partition, using a LVM2 encrypted volume powered by LUKS, for a production environment.

Procedure

1- Install a Ubuntu 11.04 server (can be the minimum virtual machine).

• Chose the hostname "intersango"
• Chose the domain "bitcoinexample.com"
• After the installation, the output of the command "hostname -f" should be "intersango.bitcoinexample.com"

2- Still during the installation, setup a user called "Administrative Intersango" with login "administrative".

• The "administrative" user can become "root" via "sudo -i" command, it must be used only for the server daily management.
• Finish the installation and reboot.

3- Login with "administrative" and install the following packages:

Code:

sudo -i
aptitude install screen vim ssh postfix dovecot-imapd git-core build-essential apache2 apache2-mpm-prefork php5 mysql-server mysql-client zip unzip php5-mcrypt php5-gmp php5-cli php5-mysql libgtk2.0-dev libssl-dev libdb4.7-dev libdb4.7++-dev libboost-all-dev

• Setup a password for the MySQL root user
• Setup the Postfix with: "Internet Site" and "bitcoinexample.com"

Note: You can enable the Proposed Ubuntu repository to install more newly packages versions by adding the following lines to your /etc/apt/sources.list file:

Code:

deb http://us.archive.ubuntu.com/ubuntu/ natty-proposed main restricted universe multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ natty-proposed main restricted universe multiverse

And run:

Code:

aptitude update; aptitude safe-upgrade
reboot

4- Login as "administrative" and make the following users: "intersango", "bitcoin" and "support".

Code:

sudo -i
adduser --gecos "Intersango Web App User" intersango
adduser --gecos "Bitcoin Wallet Manager" bitcoin
adduser --gecos "Intersango Support" support

5- Login as "administrative" to create the Intersango MySQL database:

Code:

sudo -i

mysqladmin create intersango_devel -p
Enter password: MySQL_ROOT_PASSWORD

mysql -u root -p
Enter password: MySQL_ROOT_PASSWORD

mysql> GRANT ALL PRIVILEGES ON `intersango_devel`.* TO 'intersango_user'@'localhost' IDENTIFIED BY 'PassW0rd';
mysql> FLUSH PRIVILEGES;
mysql> exit

logout

6- Become the "intersango" user from "administrative" user:

Code:

su - intersango

 6.1- Get the Intersango Web Application

Code:

mkdir ~/src ; cd ~/src
git clone git://gitorious.org/intersango/intersango.git

 6.2- Edit the file "intersango/htdocs/config.php" and setup the $abspath variable:

Code:

vim intersango/htdocs/config.php

Code:

$abspath = '/home/intersango/src/intersango';

 6.3- Import the DATABASE to MySQL:

Code:

mysql -u intersango_user -p intersango_devel < intersango/DATABASE
Enter password: PassW0rd

 6.4- Prepare the CRON jobs by creating 3 litle scripts:

  6.4.1- Script 1 - process_orders.sh - does the order matching

Code:

vim intersango/cron/process_orders.sh

Code:

#! /bin/sh

cd /home/intersango/src/intersango/cron
php5 process_orders.php

Code:

chmod +x intersango/cron/process_orders.sh

  6.4.2- Script 2 - verify_deposits.sh - changes the verifying deposits to finalised

Code:

vim intersango/cron/verify_deposits.sh

Code:

#! /bin/sh

cd /home/intersango/src/intersango/cron
php5 verify_deposits.php

Code:

chmod +x intersango/cron/verify_deposits.sh

  6.4.3- Script 4 - verify_withdrawals_bitcoin.sh - withdraws all the bitcoins

Code:

vim intersango/cron/verify_withdrawals_bitcoin.sh

Code:

#! /bin/sh

cd /home/intersango/src/intersango/cron
php5 verify_withdrawals_bitcoin.php

Code:

chmod +x intersango/cron/verify_withdrawals_bitcoin.sh

  6.4.4- Prepare the crontab with the following (all commented for now):

run:

Code:

crontab -e

Code:

# Begin tasks for: Intersango
#*/2 * * * * /home/intersango/src/intersango/cron/process_orders.sh >/dev/null 2>&1
#*/1 * * * * /home/intersango/src/intersango/cron/verify_deposits.sh >/dev/null 2>&1
#*/3 * * * * /home/intersango/src/intersango/cron/verify_withdrawals_bitcoin.sh >/dev/null 2>&1
# End tasks for: Intersango

  6.4.5- Back to the "administrative" user:

Code:

logout

7- As administrative user, make the file /var/db.intersango.inc with the following content:

Code:

sudo vim /var/db.intersango.inc

Code:

<?php
 mysql_connect('localhost', 'intersango_user', 'PassW0rd') or die(mysql_error());
 mysql_select_db('intersango_devel') or die(mysql_error());

function connect_bitcoin()
{
    disable_errors_if_not_me();
    $bitcoin = new jsonRPCClient('http://intersango:BitPass2011@127.0.0.1:8332/');
    enable_errors();
    return $bitcoin;
}

?>

8- Become the "bitcoin" user from "administrative" user:

Code:

su - bitcoin

 8.1- Download and compile the Bitcoind:

Code:

git clone git://gitorious.org/intersango/bitcoind.git
cd bitcoind/src
make -f Makefile bitcoind

 8.2- Make the ~/.bitcoin/bitcoin.conf file with the following content:

Code:

mkdir ~/.bitcoin ; vim ~/.bitcoin/bitcoin.conf

Code:

rpcuser=intersango
rpcpassword=BitPass2011

 8.3- Run the bitcoind:

Code:

/home/bitcoin/bitcoind/src/bitcoind

 8.4- Check the bitcoin instance by running the following commands:

Code:

/home/bitcoin/bitcoind/src/bitcoind help
/home/bitcoin/bitcoind/src/bitcoind getinfo
/home/bitcoin/bitcoind/src/bitcoind getconnectioncount

NOTE: If your server was installed behind a firewall, it is higly recommended setup a DNAT rule, redirecting the incoming TCP connections to port 8333 to your Intersango/Bitcoind server. This will be increase the number of connections, you can check if by running the "getconnectioncount" bitcoind command option, it should be more than 7 or 8.

 8.5- Get the Bitcoin Address of your "default account" of your Intersango Exchange House:

  8.5.1- List your account(s):

Code:

/home/bitcoin/bitcoind/src/bitcoind listaccounts

You should see (this is your "default account"):

Code:

{
    "" : "0"
}

  8.5.2- Get the Bitcoin Address of your Intersango Exchange House:

Code:

/home/bitcoin/bitcoind/src/bitcoind getaccountaddress ""

You should see the Bitcoin Address (This is my one):

Code:

1B25DjRb6AQApEkLo7UtNLpKKqGUD1ar3L

WARNING! WARNING!!

 You must send at least 1 BTC to your "default account", if you do not, and your first user make a 1 BTC deposit and tries to just withdraw its 1 BTC, you, and your user, will be in trouble... So, before starts your Intersango operation, just send 1 BTC to your "default account to pay the Bitcoin withdraw fees of your users.

 This first 1 BTC should be enough for ~200 withdraws...

 8.6- Back to the "administrative" user:

Code:

logout

9- Prepare the Apache Web Server environment, become the "root" user from "administrative" user:

Code:

sudo -i
cd /var
rm -fr www
ln -s /home/intersango/src/intersango/htdocs www
service apache2 restart

10. Mark /var/tmp/error-reports.log as rw for users:

Code:

touch /var/tmp/error-reports.log
chmod 666 /var/tmp/error-reports.log

11. Access your own Intersanto Bitcoin Exchange web service:

Code:

http://bitcoinexample.com/

12. Test the CRON scripts (as intersango user) by running each script:

Code:

/home/intersango/src/intersango/cron/process_orders.sh
/home/intersango/src/intersango/cron/verify_deposits.sh
/home/intersango/src/intersango/cron/verify_withdrawals_bitcoin.sh

If you see no errors, enable these scripts at crontab:

Code:

crontab -e

Code:

# Begin tasks for: Intersango
*/2 * * * * /home/intersango/src/intersango/cron/process_orders.sh >/dev/null 2>&1
*/1 * * * * /home/intersango/src/intersango/cron/verify_deposits.sh >/dev/null 2>&1
*/3 * * * * /home/intersango/src/intersango/cron/verify_withdrawals_bitcoin.sh >/dev/null 2>&1
# End tasks for: Intersango

13. Disable the root login via ssh:

Code:

vim /etc/ssh/sshd_config

change:

Code:

PermitRootLogin yes

to:

Code:

PermitRootLogin no

Code:

service ssh restart

14. The DNS and mail settings:

 This server will also send and receive e-mail for the domain bitcoinexample.com, so you need to point the MX DNS entry to it. The Bind9 zone file can be something like this:

Code:

sudo aptitude install bind9

Code:

vim /etc/bind/named.conf.local

Code:

zone "bitcoinexample.com" {
	type master;
	file "bitcoinexample.com.db";
};

Code:

vim /var/cache/bind/bitcoinexample.com.db

Code:

;
; BIND data file for BitcoinExample
;
$TTL	604800
@	IN	SOA	bitcoinexample.com. administrative.bitcoinexample.com. (
			 2011080801	; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	intersango.bitcoinexample.com.
@	IN	MX	0	mail.bitcoinexample.com.

@	IN	A	200.1.2.3
mail	IN	A	200.1.2.3
intersango	IN	A	200.1.2.3

 Now, open your Thunderbird mail client and setup the address "mail.bitcoinexample.com" as your IMAP and SMTP server.

WELL DONE!

[1714130330]

1714130330

[1714130330]

1714130330

[ThiagoCMC]

Fellas!

 I forgot one thing, the bank statement parser...

 Until now, you must access your Internet Banking and export your bank statement to a CSV or TXT file, to import it into Internsango using some scripts under the intersango/cron directory.

 BTW, this is the only missing part for my own Intersango installation here in Brazil, I'm working on it!

 Maybe the Intersango guys can help us! We post here our bank statement as a example, and somebody adjust the parser for us, I can pay in Bitcoins for this job...

Cheers!
Thiago

[mizerydearia]

I converted your howto as INSTALL.ubuntu in the repository.   Feel free to update it in the repo as well if you would liek.

[ThiagoCMC]

AWESOME!!   

 Did you know how can I made a intersango branch at gitorious for my currency (BRL)?
 I already have my local branch called "brl" and it´s working... And I have a Gitorious account too...

Thanks!
Thiago

[dooglus]

Typically, you:

1) 'clone repository' on the gitorious site
2) 'git clone git://gitorious.org/~yourname/intersango/yourname-intersango.git' in a terminal
3) make the branch in your local repository, work on it, commit your changes
4) 'git push' to send your local changes back to your gitorious clone
5) 'request merge' on the gitorious site, to ask the bitcoinconsultancy guys to merge your changes back to their repository

That's the way things generally go with git - you work in your own repository and send merge requests.

Your clone doesn't have to be on gitorious.  I find github.com works a lot faster for me and has an issues tracker.  You don't have to use a website to host your repository at all, but it's nice to have an offsite backup.

[crispy]

Excellent instructions.  Can't wait to try it out.

Thank you!

[genjix]

It would be cool if we're not the only stewards but we have lots of groups collaborating, pushing and pulling from each other to build a repository of scripts up for dealing with all the different bank variants and so forth.

[genjix]

Fellas!

 I forgot one thing, the bank statement parser...

 Until now, you must access your Internet Banking and export your bank statement to a CSV or TXT file, to import it into Internsango using some scripts under the intersango/cron directory.

 BTW, this is the only missing part for my own Intersango installation here in Brazil, I'm working on it!

 Maybe the Intersango guys can help us! We post here our bank statement as a example, and somebody adjust the parser for us, I can pay in Bitcoins for this job...

Cheers!
Thiago

Generally the gbp branch is more up to date and newer... I keep trying to migrate things over but occasionally forget but phantom won't let me delete the master branch -_- since he says others should use it.

Anyway I copied over more bank stuff for you,

https://gitorious.org/intersango/intersango/commits/master

You should mainly be interested in import_csv_hsbc.py

It imports CSV files by accounting for overlap and duplicate entries.

phantom also wrote the parse_deposits.py which searches for anything that looks like the deposit reference on that line.

Hmmm, might be a good idea for v2 that the deposit reference starts with DPsk32jkjs to make finding it easier, and then a script that generically finds the amount somehow...

[ThiagoCMC]

WOW! MASSIVE INTERSANGO UPGRADE AT GITORIOUS!! AWESOME!!!

Guys!!

The step 10 is wrong!!

change:

Code:

chown 666 /var/tmp/error-reports.log

to:

Code:

chmod 666 /var/tmp/error-reports.log

Sorry.... \o/

[genjix]

Done! BTW, if you have a repo and tell me certain commits that may be useful then we can pull them into the master

[BubbleBoy]

Yes, host your wallet.dat within a Xen virtual machine is pretty safe, because the manager of the physical machine can't access your portion of RAM memory. That's because the Xen provides a security through isolation. Do not believe if somebody says that virtual machine are unsafe, this affirmation can be true for vmware and for virtualbox, but not for Xen.

Say... what ? That a bit like claiming that since the Linux provides isolation between processes, than you are safe from spying via the root account. Guess what, the root account can dump the memory of any process, and even if it lacked that ability it can write it's own memory descriptors and dump the full contents of the physical RAM. Even if it lacked that ability too, by simply doing a warm reset and booting off custom media without wiping the RAM has 99.5% chance to reveal you private key. Let's not even bring RAM freezing into discussion.

Bottom line, the way you run a financial site is on hardware you own, control and store in a physically secure data center (The Bunker etc.). As some unfortunate pole found out the hard way, a 10$ virtual server just doesn't cut the mustard.

When deploying a Xen system, one must be sure to secure the management domain (Domain-0) as much as possible. If the management domain is comprimised, all other domains are also vunerable. The following are a set of best practices for Domain-0:

Run the smallest number of necessary services the less things that are present in management partition the better. Remember, a service running as root in the management domain has full access to all other domains on the system.
Use a firewall to restrict the traffic to the management domain a firewall with default-reject rules will help prevent attacks on the management domain.
Do not allow users to access Domain-0 the Linux kernel has been known to have local-user root exploits. If you allow normal users to access Domain-0 (even as unprivileged users) you run the risk of a kernel exploiting making all of your domains vunerable.

[davout]

Done! BTW, if you have a repo and tell me certain commits that may be useful then we can pull them into the master

Yup, https://github.com/davout/bitcoin-central.git
You can pull pretty much everything XD

[genjix]

We discussed here, and our general idea would be to move our site's repo off that project on gitorious and open that repo on gitorious to be open to the community.

If everybody wants that.

[ThiagoCMC]

Yes, host your wallet.dat within a Xen virtual machine is pretty safe, because the manager of the physical machine can't access your portion of RAM memory. That's because the Xen provides a security through isolation. Do not believe if somebody says that virtual machine are unsafe, this affirmation can be true for vmware and for virtualbox, but not for Xen.

Say... what ? That a bit like claiming that since the Linux provides isolation between processes, than you are safe from spying via the root account. Guess what, the root account can dump the memory of any process, and even if it lacked that ability it can write it's own memory descriptors and dump the full contents of the physical RAM. Even if it lacked that ability too, by simply doing a warm reset and booting off custom media without wiping the RAM has 99.5% chance to reveal you private key. Let's not even bring RAM freezing into discussion.

Bottom line, the way you run a financial site is on hardware you own, control and store in a physically secure data center (The Bunker etc.). As some unfortunate pole found out the hard way, a 10$ virtual server just doesn't cut the mustard.

When deploying a Xen system, one must be sure to secure the management domain (Domain-0) as much as possible. If the management domain is comprimised, all other domains are also vunerable. The following are a set of best practices for Domain-0:

Run the smallest number of necessary services the less things that are present in management partition the better. Remember, a service running as root in the management domain has full access to all other domains on the system.
Use a firewall to restrict the traffic to the management domain a firewall with default-reject rules will help prevent attacks on the management domain.
Do not allow users to access Domain-0 the Linux kernel has been known to have local-user root exploits. If you allow normal users to access Domain-0 (even as unprivileged users) you run the risk of a kernel exploiting making all of your domains vunerable.

I must admit, you are right and, I did not express myself right too.

My point with Xen, in comparison with VMware and VirtualBox or even KVM, is:

1- The Xen, when it boots the dom0, shrinks the physical RAM of the Domain0, so, the Linux called Domain0, only can see its own portion of RAM memory. He thinks that there is only a small amount of RAM (392MB in my case), even if my physical server has 8192MB of RAM;

2- The Linux Domain0 is unable to read the RAM memory of ANY onther Virtual Machines from within itself. It is more or less like us trying to see a parallel Universe, from within our own Universe.

The only way for somebody who have domain 0 root access, to access the virtual machine's contents is turning it off and mounting its root file system within the dom0.

And here, we have the "second level of security", I mean, the wallet.dat within the virtual machine will be hosted within a encrypted file system, so, even if somebody tries to mounts this file system at dom0, well, it is encrypted, no way to mount it. Even running in a Live CD. You can not access it, even if you're from FBI.

Well, when a virtual machine is running, the dom0 can't read its RAM, because it is jailed within its own "RAM Universe". When a virtual machine is off, the disk is encrypted. BTW, the VM must be secured against network attacks, with no SSH open, etc...

So, how to access the data?!

The only way I see is, cracking the Xen itself, wich is less than a microkernel, reboot te entire server with your modified Xen, and try to access the RAM memory of running virtual machines from by the Xen, not from Linux dom0. But honestly, who will do that without any major "system alarms"?! Or, without shutting down the VM too, leaving its encrypted file system unmounted...  

I really sorry if I say something wrong, incomplete or confuse sometimes... I'm from Brazil and it is pretty hard for me to express myself in english...   \o/

Thanks!
Thiago

[ThiagoCMC]

Guys,

 Sometimes, talk isn't enough. So, I'll launch a challenge... To prove if I am right or not.

 I mean, to prove if Xen provides a safe environment, or not, for your Bitcoins being hosted within a encrypted virtual machine on top of it.

 The challenge prize will be 10 BTC (or 50 BTC). But you will must get it by your own.


 Brief of the My Challenge:

 Hack the Virtual Machine called "bitcoin" and get the BTCs for you!


 Scope:

 1- A Xen hypervisor on a physical server, called "xenserver";

 2- A Xen Virtual Machine on it, called "bitcoin", with a encrypted file system (only I will have the encrypted volume password) and no network access;

 3- The Bitcoin client will be always running within "bitcoin" virtual machine, with 50 BTC on its balance;

 4- I'll give to everybody, full root access to the "xenserver";

 5- If somebody have the knowledge, he or she will be able to win the prize, sending those 50 BTC to itself;

 6- The challenge will be valid for 10 days;

 7- If somebody shuts down the "bitcoin" virtual machine, challenge over (because you are "detected");

 8- If somebody shuts down the "xenserver", challenge over (because you are "detected");

 That's it!


 Of course, those 10 or 50 BTC, the wallet.dat it self, will be copied in my own safe place, if somebody just delete the "bitcoin" virtual machine to vandalize the challenge...

 But honestly, today I have only 2 BTC in my wallet...I pretty much just knowing about the existence of Bitcoins, precisely on June 15, 2011 at 9AM, I met the Bitcoin for the first time. So, this challenge will take longer to become active.

 Anybody wants to fund it?! I'm sure no one will be able to win the prize...   So, the 50 BTC will be back to the funder at the end of the challenge. But it I'm wrong, I must pay for it.  

 What do you guys think?!

 I know this is out of the scope of "Intersango HOWTO" but, I have mentioned that Xen is safe enough for leaving your Bitcoins within a Virtual Machine hosted on top of it... Sorry the "OFFTOPIC"...

 BTW, I do not want to do this alone in my house... I appreciate any help, tips, ideas, etc... To make this challenge visible to the public, for example...

Cheers!
Thiago

[Grouver (BtcBalance)]

Great stuff.

Learned one thing though.
If you want to start something up that has to do with money biz you need 4 more things then just the front-end and back-end.

1) A 24/7 lawyer
2) Alot of money
3) A couple of skilled programmers
4) A additional security expert.

[nybble41]

You might want to look into the "xm save" command, which freezes a VM and records its state to a file; that includes the contents of RAM. It would take some searching, but at least the encryption key for the disk and possibly the wallet.dat file itself would be visible in the resulting save file.

If you run "xm restore" quickly enough you may even be able to get the VM running again without being detected.

[ThiagoCMC]

You might want to look into the "xm save" command, which freezes a VM and records its state to a file; that includes the contents of RAM. It would take some searching, but at least the encryption key for the disk and possibly the wallet.dat file itself would be visible in the resulting save file.

If you run "xm restore" quickly enough you may even be able to get the VM running again without being detected.

How could I be so innocent!? That's why I like to talk to several people... Sometimes we (at least I) get stuck on certain thoughts, thinking that we are right, but only one command and you (me) fall... I had completely forgotten about the "xm save" or "xe vm-checkpoint"... RAM Universe... blah blah blah... LOL! 

 

[indicasteve]

Great stuff.

Learned one thing though.
If you want to start something up that has to do with money biz you need 4 more things then just the front-end and back-end.

1) A 24/7 lawyer
2) Alot of money
3) A couple of skilled programmers
4) A additional security expert.

THIS--^   

[genjix]

Great stuff.

Learned one thing though.
If you want to start something up that has to do with money biz you need 4 more things then just the front-end and back-end.

1) A 24/7 lawyer
2) Alot of money
3) A couple of skilled programmers
4) A additional security expert.

THIS--^   

You have to start somewhere. I had none of those in the beginning, slowly accumulated them and now we have that and more.

[Grouver (BtcBalance)]

Great stuff.

Learned one thing though.
If you want to start something up that has to do with money biz you need 4 more things then just the front-end and back-end.

1) A 24/7 lawyer
2) Alot of money
3) A couple of skilled programmers
4) A additional security expert.

THIS--^   

You have to start somewhere. I had none of those in the beginning, slowly accumulated them and now we have that and more.

Thanks for your reply.
I get that part.
But what I maybe should have added to my statement is the fact that if you want to play safe you should arrange those four things before you start sommering up like an Bitcoin exchange.
You can do this along the way when it grows, like you did. But thats a little bit more risky on the side of getting hacked and losing all of your money.
On the other side its not risky since you don't invest as much as you would do if you want to play it safe, wich creates the possibility to stop the whole thing easier if you don't feel like running the exchange anymore.

[ThiagoCMC]

Guys!

 Please, read the new 8.5 step!!!

  8.5- Get the Bitcoin Address of your "default account" of your Intersango Exchange House:

 Genjix, please, upgrade the INSTALL.ubuntu file...

Best,
Thiago

[genjix]

done!

[ripper234]

I missed this thread back then (got pointed to it via a question on Stack Exchange).

How do deposits work? If I setup an instance, is it my own instance, or is it linked to your main exchange?
How can I get dollars in/out of the exchange?

Something is obviously missing in my understanding here.

BTW, do you plan to support any alternative crypto-currencies?

[Raoul Duke]

Hey, can any of you take one doubt I have, please?

Why do we need to use that patched bitcoind?
Doesn't the bitcoind at the ubuntu repos work? It's 0.3.24 the same as this one.

What are the differences?

[crazy_rabbit]

I see this has been dormant for awhile, but I stumbled across it. Has Intersango kept up with this project? And has anyone gone on to build their own exchange website? I'd be curious to hear user experiences regarding this project.

[Evolvex]

I've just stumbled across it to. I'd also be interested to hear about this more.

Its something I've considered, maybe setting up something for just the local area, like a local bitcoin exchange. I'd have to hire dev's and security folk tho as that ends a little to past my skills.

[dooglus]

I see this has been dormant for awhile, but I stumbled across it. Has Intersango kept up with this project? And has anyone gone on to build their own exchange website? I'd be curious to hear user experiences regarding this project.

Intersango currently uses a different set of code for their own exchange.  It's not open sourced (yet?) as far as I understand.

I made a whole bunch of changes to the open source Intersango code.  You can see my changes here:

  https://github.com/dooglus/intersango/

I've not been keeping up with it recently, but am able to assist with getting the code installed and running, and can implement custom features should you require them.

[dooglus]

I've just stumbled across it to. I'd also be interested to hear about this more.

Its something I've considered, maybe setting up something for just the local area, like a local bitcoin exchange. I'd have to hire dev's and security folk tho as that ends a little to past my skills.

Most of my experience with the Intersango code came from setting up the software for the "World Bitcoin Exchange", which allowed users to trade Australian dollars for BTC.  The exchange worked pretty well, but in the end the exchange closed down and claimed that all the users dollars had gone missing.  Whenever you set up an exchange bank fraud seems to be a real problem.  The owner of WBX claims that deposits to his bank account were somehow reversed after users had exchanged them for BTC and withdrawn, resulting in him losing a lot of money.  The exchange software itself however appears to have stood up very well.

[Evolvex]

Thanks for your input dooglus, I wasnt aware that there could be such problems with direct deposits into an account, assumed they were 99% safe (at least safer than paypal) - that kind of puts me off doing something like this.

It would be nice to see a number of "local" exchanges openning - ie bricks and mortar where people can exchange there cash for bitcoins etc, long way off though until someone does something like that I expect - at least would cut out all the fraud.

[dooglus]

Thanks for your input dooglus, I wasnt aware that there could be such problems with direct deposits into an account, assumed they were 99% safe (at least safer than paypal) - that kind of puts me off doing something like this.

Don't take my word for it.  I don't have any experience of it directly.  It may be that the issue is worse for Australian banks, and it's even possible that the owner of the exchange didn't really have any problems with the banks at all, and simply claimed that he did, and kept the money for himself.  I have no way of knowing what really happened.

[markm]

Fiat banks are for sure scary.

Probably it would be best to go with a secure fiat storage of your own, not deposited in any bank accounts but, rather, as physical currency in a safe or safe-deposit-box, and only trade "tokens" representing that securely stored fiat on the exchange.

That way all the risk involving fiat banks can be delegated away from the actual exchange-per-se onto third party (or nominally third party; you could run one of thse yourself in addition to running an exchange if you wished) "market makers" who sell people the tokens in return for fiat and buy the tokens back from people in return for fiat.

At first glance this might seem silly, as the first question to pop into your head might be "what for do I need the exchange if these third parties exist, surely the third party could sell me actual fiat instead of tokens representing securely stored fiat???"

However, the big important difference between actual fiat you give to or get from these third parties and the tokens representing securely stored fiat (which you also get from these same third parties) is the "securely stored" part. Bank accounts are not secure in this sense, because what you think is in them can later turn out not to be in them due to transaction reversal by the bank. The "securely stored" fiat the tokens represent, by contrast, cannot be reversed thus are eminently suitable for exchanging with other irreversible currencies.

Another difference is all the fees these third parties would tend to need to charge due to the risks they take on in dealing with banks.

The actual exchange per se being separated from that risk and thus its associated costs can be nice and economical, letting you trade currencies without having to charge a percentage on each trade. (For example it could be implemented using-or-like Open Transactions, charging flat fee per action performed regardless of how much value that action exchanges or transfers.)

Thus once you have gotten away from the fiat banks into the secure tokens you can trade back and forth between umpteen currencies over and over and over again wheeler-dealing daytrading or whatever at far far lower cost (at least as long as your trades are not as tiny as the tiny nominal per action fees per action) than you could on exchanges that incorporate the bailing in and bailing out (to/from fiat banking sytem) risk costs into the actual trading system where the wheeling and dealing is done.

-MarkM-

[dscotese]

Hey, can any of you take one doubt I have, please?

Why do we need to use that patched bitcoind?
Doesn't the bitcoind at the ubuntu repos work? It's 0.3.24 the same as this one.

What are the differences?

Yeah!  What Psy asked...

Is this why bitcoinconsultancy is no longer online?

[dooglus]

Hey, can any of you take one doubt I have, please?

Why do we need to use that patched bitcoind?
Doesn't the bitcoind at the ubuntu repos work? It's 0.3.24 the same as this one.

What are the differences?

Yeah!  What Psy asked...

Is this why bitcoinconsultancy is no longer online?

I think the patch just makes bitcoind give integer (satoshi) outputs instead of decimal (bitcoin) amounts.

So instead of 0.12345678 BTC you'll get 12345678 satoshis.  And the PHP script won't treat it as a floating point value, and so it will be more accurate.

[crazy_rabbit]

I've just stumbled across it to. I'd also be interested to hear about this more.

Its something I've considered, maybe setting up something for just the local area, like a local bitcoin exchange. I'd have to hire dev's and security folk tho as that ends a little to past my skills.

I like that idea of running it as a local area exchange. Would be interesting if cities for example ran their own bitcoin exchange.

EDIT: And that would be an interesting way of eliminating Banks- you could potentially have a physical location where locals can come to pickup or deposit fiat in person.

[dooglus]

EDIT: And that would be an interesting way of eliminating Banks- you could potentially have a physical location where locals can come to pickup or deposit fiat in person.

If you think it's difficult securing a website, think about how hard it is to secure a physical location.  You're going to publish your address and have it known that you have large amounts of cash on the premises?

[bajanboost]

I see this has been dormant for awhile, but I stumbled across it. Has Intersango kept up with this project? And has anyone gone on to build their own exchange website? I'd be curious to hear user experiences regarding this project.

I am interested in those services with regards to getting help! Check your email!

Intersango currently uses a different set of code for their own exchange.  It's not open sourced (yet?) as far as I understand.

I made a whole bunch of changes to the open source Intersango code.  You can see my changes here:

  https://github.com/dooglus/intersango/

I've not been keeping up with it recently, but am able to assist with getting the code installed and running, and can implement custom features should you require them.

[Min€r]

Cool project - my devs have to look at the code as soon as possible. THANKS!

[hotice]

Hi

Is there any running exchange using intersango's open source technology ?

regards
hotice

[BTC Turkiye]

Is this still being used? Can we see a demo somewhere?

[randyshan]

it seems it was dead.

[Transisto]

it seems it was dead.

Intersango = Bitcoin Consultancy = Bitcoinica

They had other stuff to worry about.