Bitcoin Forum
November 19, 2024, 08:33:15 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: New Bitcoin Exchange (mtgox.com)  (Read 38517 times)
mtgox (OP)
Full Member
***
Offline Offline

Activity: 185
Merit: 102


View Profile WWW
July 18, 2010, 04:12:27 AM
 #21

I see:
Current Lowest Buy Price   0.1224
Current Highest Sell Price   0.05882

Meaning someone out there is wanting to sell BTC for 0.1224
And someone else is wanting to buy them for 0.05882

so if your buy price is below 0.05882 it wont show up until all the ones are sold at the better price. (better from the perspective of the seller)

Babylon
Hero Member
*****
Offline Offline

Activity: 938
Merit: 500

CryptoTalk.Org - Get Paid for every Post!


View Profile
July 18, 2010, 04:16:35 AM
 #22

I see:
Current Lowest Buy Price   0.1224
Current Highest Sell Price   0.05882

Meaning someone out there is wanting to sell BTC for 0.1224
And someone else is wanting to buy them for 0.05882

so if your buy price is below 0.05882 it wont show up until all the ones are sold at the better price. (better from the perspective of the seller)


Ahhhh, I was reading these backwards.  Thanks for straightening that out for me.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
sirius
Bitcoiner
Sr. Member
****
Offline Offline

Activity: 429
Merit: 1002



View Profile
July 18, 2010, 04:24:34 PM
 #23

I didn't find any info about what payment methods are accepted. You should add something about that.

Iris — for better social networks
I'm not a forum admin - please contact theymos instead.
mtgox (OP)
Full Member
***
Offline Offline

Activity: 185
Merit: 102


View Profile WWW
July 18, 2010, 04:32:28 PM
 #24

It says it on add funds page. but I'll add the info for unregistered users.
It just takes paypal right now.
Adding more soon.

NewLibertyStandard
Sr. Member
****
Offline Offline

Activity: 252
Merit: 268



View Profile WWW
July 18, 2010, 04:41:46 PM
 #25

Where is the list of offers? Specifically how many bitcoins are being offered to buy and sell at different prices.

Treazant: A Fullever Rewarding Bitcoin - Backup Your Wallet TODAY to Double Your Money! - Dual Currency Donation Address: 1Dnvwj3hAGSwFPMnkJZvi3KnaqksRPa74p
mtgox (OP)
Full Member
***
Offline Offline

Activity: 185
Merit: 102


View Profile WWW
July 18, 2010, 05:07:33 PM
 #26

Quote
Where is the list of offers? Specifically how many bitcoins are being offered to buy and sell at different prices.
I don't have depth of market data displayed yet. I should have that in later today.
Right now you can just see what the lowest ask and highest bid is.

NewLibertyStandard
Sr. Member
****
Offline Offline

Activity: 252
Merit: 268



View Profile WWW
July 18, 2010, 05:23:28 PM
 #27

It looks like you hold PayPal USD in escrow, is that correct? This makes trading much smoother and quicker, but puts you at risk of having your PayPal account frozen. I think running an e-currency exchange is against their terms of use, but I don't know how much volume you'd have to have to draw their attention. I'm not saying it's going to happen, but if you use your PayPal account for other purposes, you should be aware of the risk. The nice thing about the other market website is that PayPal can't target the operator, they can only target the many users, which is much more difficult. But this method which is safer for the administrator, does of course come at the cost of fast trades.

Treazant: A Fullever Rewarding Bitcoin - Backup Your Wallet TODAY to Double Your Money! - Dual Currency Donation Address: 1Dnvwj3hAGSwFPMnkJZvi3KnaqksRPa74p
mtgox (OP)
Full Member
***
Offline Offline

Activity: 185
Merit: 102


View Profile WWW
July 18, 2010, 05:29:51 PM
 #28

Yeah I don't think paypal is a long term solution. I just wanted to get the site up. I'm thinking of other funding methods now.

SmokeTooMuch
Legendary
*
Offline Offline

Activity: 860
Merit: 1026


View Profile
July 18, 2010, 08:04:08 PM
Last edit: February 26, 2014, 11:42:57 PM by SmokeTooMuch
 #29


Quote
It should work:
Browser -> send to server (pref SSL encrypted) -> server receives and directs to script -> script hashes (adding salt, pref static + dynamic) and saves to db or verifies from db

This is exactly what I'm doing. Smiley
Maybe I'm, just too paranoid, but I think everyone who has physical access to the server on which your site is hosted can read my password out of the RAM if you only hash it once you receive it. and if he/she has my login data he could act as me and legally withdraw the funds in my mtgox account.  why not just hash it before encrypting and sending it ?

EDIT 2014-02-27:
See this post https://bitcointalk.org/index.php?topic=444.msg3876#msg3876

Date Registered: 2009-12-10 | I'm using GPG, pm me for my public key. | Bitcoin on Reddit: https://www.reddit.com/r/btc
eugene2k
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
July 18, 2010, 09:20:16 PM
 #30

SmokeTooMuch: Almost all sites do it this way. Are you worried that I personally will learn your password? You can just set your "password" to be the hash of your password if you are really worried.
(or use a different one for mtgox)
I think he's worried that if someone sees the screen of his computer when he's on the site, it's just too easy to memorize the login information.
SmokeTooMuch
Legendary
*
Offline Offline

Activity: 860
Merit: 1026


View Profile
July 18, 2010, 10:19:41 PM
 #31

that's not really what I'm afraid of, but thats an issue too.

hmm, but still, in theory, it would be possible for someone with physical access to your RAM to read my password, wouldn't it ?

Date Registered: 2009-12-10 | I'm using GPG, pm me for my public key. | Bitcoin on Reddit: https://www.reddit.com/r/btc
lachesis
Full Member
***
Offline Offline

Activity: 210
Merit: 105


View Profile
July 19, 2010, 12:22:48 AM
 #32

this won't prevent you from stealing your users cash and btc. pls correct me if i'm wrong.
Passing the password in the GET string is wrong, but passing the password without hashing it is perfectly acceptable.

As the DB operator, he could easily steal any bitcoins or cash you gave him. There's really nothing to do about that.

Bitcoin Calculator | Scallion | GPG Key | WoT Rating | 1QGacAtYA7E8V3BAiM7sgvLg7PZHk5WnYc
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5390
Merit: 13427


View Profile
July 19, 2010, 01:14:03 AM
 #33

that's not really what I'm afraid of, but thats an issue too.

hmm, but still, in theory, it would be possible for someone with physical access to your RAM to read my password, wouldn't it ?

If an attacker had that much access, he could modify the login page to remove the password-hashing JavaScript.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
InterArmaEnimSil
Member
**
Offline Offline

Activity: 77
Merit: 10


View Profile
July 19, 2010, 01:25:00 AM
 #34

I see nothing about associated brokerage fees, etc, on the site.  Care to fill us in?  What's your take?

12aro27eH2SbM1N1XT4kgfsx89VkDf2rYK
InterArmaEnimSil
Member
**
Offline Offline

Activity: 77
Merit: 10


View Profile
July 19, 2010, 01:31:48 AM
 #35

Maybe I'm, just too paranoid, but I think everyone who has physical access to the server on which your site is hosted can read my password out of the RAM if you only hash it once you receive it. and if he/she has my login data he could act as me and legally withdraw the funds in my mtgox account.  why not just hash it before encrypting and sending it ?

Solution:
1)Use a unique password.
2)Only put funds in the account which are immediately to be used for trade
3)Don't trade at one time amounts larger than you don't mind losing.

Then, even if they get your password, what do they do - steal five dollars?

12aro27eH2SbM1N1XT4kgfsx89VkDf2rYK
InterArmaEnimSil
Member
**
Offline Offline

Activity: 77
Merit: 10


View Profile
July 19, 2010, 01:35:35 AM
 #36

Final post here for now:
I assume that on the "Withdraw Funds" page we don't need to fill in more form elements than necessary?

Ie, if we want bitcoins back, we just give our BTC address.  If we want a check, we give our mailing address, if we want paypal, we give our email address, but there's no need to give a mailing address or email address to get bitcoins back, right?

It would be great if the form changed per our selections - ie, if you wanted bitcoins, you wouldn't see anything for the USD withdraw options.  If you wanted a check, you wouldn't see the request for paypal email or bitcoin address, etc.  JQuery is nice, or any AJAX tool.

The same goes for the deposit forms.

Also, the site mentions that USD withdrawals are manual.  Are bitcoin withdrawals automated?  What about deposits (of both kinds)?

12aro27eH2SbM1N1XT4kgfsx89VkDf2rYK
mtgox (OP)
Full Member
***
Offline Offline

Activity: 185
Merit: 102


View Profile WWW
July 19, 2010, 02:07:27 AM
 #37

InterArmaEnimSil:
We make money by keeping a 2% spread between the buyer and seller. But the price you buy or sell at is the price you get. The way it works is if you enter a sell price of X the buyer sees the price as X*1.02. So your trades will complete at the price you see on your order the other guy will just be agreeing to a slightly different price.
Adding this info to the site now...

Withdrawing: Yes you only need to enter in the fields pertinent to your withdraw. I'm going to make this form dynamic and better tomorrow. All withdrawals are manual for a few days until I'm more certain there are no major issues. But paypal and BTC should both become automatic soon.

Adding both types of Funds is automatic right now.

BitCoinPurse
Newbie
*
Offline Offline

Activity: 34
Merit: 0



View Profile
July 19, 2010, 02:18:20 AM
 #38

Added $10, was credited with $9.41.  I assume this is a 5.9% PayPal fee?
mtgox (OP)
Full Member
***
Offline Offline

Activity: 185
Merit: 102


View Profile WWW
July 19, 2010, 02:46:38 AM
 #39

Yeah paypal's fee is 2.9% + $0.30 USD

InterArmaEnimSil
Member
**
Offline Offline

Activity: 77
Merit: 10


View Profile
July 19, 2010, 04:29:48 AM
 #40

InterArmaEnimSil:
We make money by keeping a 2% spread between the buyer and seller. But the price you buy or sell at is the price you get. The way it works is if you enter a sell price of X the buyer sees the price as X*1.02. So your trades will complete at the price you see on your order the other guy will just be agreeing to a slightly different price.
Adding this info to the site now...

You should really add a "buyer's price" indicator to your selling form.  For instance, what if I see that the current low price is $.05/BTC.  I go, "If I beat that, then my offer will be the lowest and someone will take it!"  So, I enter a price of $.0495/BTC.  .0495*1.02=.05049.  So, my price isn't the lowest, and my offer will not be taken up.  If the form informed me of how much I get as well as how much a buyer paid, then I could tailor my offer to beat the current ones and still know how much I'd be making.

12aro27eH2SbM1N1XT4kgfsx89VkDf2rYK
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!