MtGox source code leaked ...

[Bit_Happy]

This does look ugly:

 Some random red flags:

- There's a class with the name of the application. (Issues: Scope, SRP)

- There's a class with 1708 lines of code. (Scope)

- There's a switch-case statement that runs over 150 LOC (readability, maintainability)

- There's a string parsing function in the same class as transaction processing (Separation of concerns)

- There are segments of code commented out (are they not using source control?)

- There's inlined SQL (maintainability, security)

- There's JSON being generated manually & inline (SoC, DRY)
- There's XML being generated manually & inline (SoC, DRY)
- To sum up function _Route_getStats($path): XML production, JSON production, file writing, business logic, SQL commands, HTTP header fiddling, hard coded paging limits, multiple exit points...
The amount of refactoring needed here to bring this code up to acceptable quality is simply staggering.

[1714185437]

1714185437

[1714185437]

1714185437

[1714185437]

1714185437

[oOoOo]

Umm, Facebook was built on PHP

Yeah, maybe once upon a time back then. But much less so today. And nobody in their right mind would trust friggin nsabook with their wealth...

[user311]

i wouldn't be surprised if the alleged 20GB of data comes up for sale

I guarantee you it is. There is no doubt the encrypted passwords (if gox even encrypted the database) are being sent through the grinder as we speak. Everyone should change their passwords if they used the same one on Gox!

Glad I didn't complet my registration ont heir website, I was about to sent them my passport, and what's not info, and when I saw how complex the process compared back I back peddaled and didn't confirm the uploaded documents I uploaded at the time

haha. SO... you uploaded your personal information to their servers (Now take time to think about that) but didnt click accept to complete the process. My advice: Get lifelock.

[crazy_rabbit]

oh man, please don't let this be legit.....

[meanig]

Is there anything in the code to suggest that the cold wallet was actually online?

[CompNsci]

My impression was that supposedly they implemented a new trading engine to speed up transactions after the meltdown.

Does the PHP code look like a new sped up trading engine? Or is it more likely the code used prior to that time?

[crazy_rabbit]

My impression was that supposedly they implemented a new trading engine to speed up transactions after the meltdown.

Does the PHP code look like a new sped up trading engine? Or is it more likely the code used prior to that time?

I think the trading engine was in the backend. Correct me if I'm wrong, but this looks like the front end to me?

[bananas]

My impression was that supposedly they implemented a new trading engine to speed up transactions after the meltdown.

Does the PHP code look like a new sped up trading engine? Or is it more likely the code used prior to that time?

I think the trading engine was in the backend. Correct me if I'm wrong, but this looks like the front end to me?

it is the more like the  "back" but not exaclty it, that's a class with their full colection of functions...there is no code with the front(or back) end logic using those functions. But everything is there to do so.

[cAPSLOCK]

Um this goes far beyond "not perfect".  It essentially breaks every rule in software design, resulting in a fragile, unmaintainable mess.

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

[YipYip]

I prefer one monster super class...

Well I think we are done. 

Php ....lolz

MySQL...lolz

SpagettiCode...lolz

What does this all of the above bullshit add upto ....loss of 450million ++

All code should be loosely coupled & highly cohesive ... i.e dependency injection, discreete components that have no depenceys on each other.... break down of the layers UI,Business logic, middleware ...repos...etc etc etc

Gox was a darwin experiment that shows a decrepid , disabled piece of shit is destined to die

GOX IS DEAD.... LONG LIVE THE DEATH OF GOX

[vit1988]

I've seen so much bad code in my life... even in enterprise systems... this one looks quite average 

But not using curly brackets alone is something a developer should goto hell for.

[elebit]

Does Deutsche Bank use php? Does HSBC use fucking MYSQL???

I can assure you that there are many MySQL instances inside any bank you could point your finger at. Several of them business critical for their respective environments.

It is guaranteed to be a lot of PHP too, just not customer facing. Banks are big things with lots of IT.

[Cluster2k]

If people are shocked by the quality of code seen from MtGox, you should stop using your bank, abandon your car and ditch your mobile phone.  There are mountains of legacy spaghetti code out there that are completely written against proper academic rules.  You use the code every day for critical applications.

[DeathAndTaxes]

If people are shocked by the quality of code seen from MtGox, you should stop using your bank, abandon your car and ditch your mobile phone.  There are mountains of legacy spaghetti code out there that are completely written against proper academic rules.  You use the code every day for critical applications.

MtGox was created in 2010, it was a greenfield project.  Most developers relish the idea of working on a greenfield projects because it doesn't require them to drag forward decades of legacy cludge and instead allows them to do it right (at least initially).  Kinda hard to compare that to a banking system which may have its roots going back forty years and be the net results of multiple acquired and merged systems.  For long runnning enterprise applications, developers are rarely given the option to make a clean break.  MtGox didn't have that problem.  It started with an empty text file and ended up resembling systems which get that way after decades of hacks, workarounds, and patches. 

Sometimes a spade is a spade and you can just call it that.  MtGox's transaction engine was so bad it would choke at 5 tps despite running on server hardware capable of 1000x that (two very high end dedicated servers).  Yes facebook's early roots were in php (it has long since been converted to C++) but facebook would never have scaled to even a million users if its codebase was this bad.  Today we would be saying "facebook who?" instead of it being a household name if the code wasn't scalable.   

There is no excuse or justification for code this bad.  None.  Period.  Anyone offering it just looks silly.

[oOoOo]

Does Deutsche Bank use php? Does HSBC use fucking MYSQL???

I can assure you that there are many MySQL instances inside any bank you could point your finger at. Several of them business critical for their respective environments.

It is guaranteed to be a lot of PHP too, just not customer facing. Banks are big things with lots of IT.

No wonder they are all collapsing, needing a bail out every 5 minutes...

Let me tell u that I have worked with ING code and they use GOTO !!!

*closes account*

[YipYip]

Does Deutsche Bank use php? Does HSBC use fucking MYSQL???

I can assure you that there are many MySQL instances inside any bank you could point your finger at. Several of them business critical for their respective environments.

It is guaranteed to be a lot of PHP too, just not customer facing. Banks are big things with lots of IT.

Hmmmm.... not really ...not in the golden circle of large blue chip banks

A bank will have a core apps platform maybe 30-100 apps and I gurantee there wont be mysql & php kicking around

[YipYip]

If people are shocked by the quality of code seen from MtGox, you should stop using your bank, abandon your car and ditch your mobile phone.  There are mountains of legacy spaghetti code out there that are completely written against proper academic rules.  You use the code every day for critical applications.

MtGox was created in 2010, it was a greenfield project.  Most developers relish the idea of working on a greenfield projects because it doesn't require them to drag forward decades of legacy cludge and instead allows them to do it right (at least initially).  Kinda hard to compare that to a banking system which may have its roots going back forty years and be the net results of multiple acquired and merged systems.  For long runnning enterprise applications, developers are rarely given the option to make a clean break.  MtGox didn't have that problem.  It started with an empty text file and ended up resembling systems which get that way after decades of hacks, workarounds, and patches. 

Sometimes a spade is a spade and you can just call it that.  MtGox's transaction engine was so bad it would choke at 5 tps despite running on server hardware capable of 1000x that (two very high end dedicated servers).  Yes facebook's early roots were in php (it has long since been converted to C++) but facebook would never have scaled to even a million users if its codebase was this bad.  Today we would be saying "facebook who?" instead of it being a household name if the code wasn't scalable.   

There is no excuse or justification for code this bad.  None.  Period.  Anyone offering it just looks silly.

+ Agreed

[itsunderstood]

Hmmmm.... not really ...not in the golden circle of large blue chip banks

A bank will have a core apps platform maybe 30-100 apps and I gurantee there wont be mysql & php kicking around

And assloads more capital due to fractionalized fiat debtmonies, yes.

No way can an average human compete with the corporate model, especially in finance.

[thelema93]

http://www.techworm.net/2014/03/mtgox-source-code-leaked-by-hacker-on.html

As a developer all I can say is ...
I have nothing to say just stunned silence that this was the codebase used to process millions of dollars and BTC everyday.

I have one word to say:

French

[bananas]

There is nothing wrong with PHP or any other language, they all do absolutely the same thing. Banking systems are mostly ancient writen in obsolete languages, and they do work fine. It is up to the programmer, not the language.