MtGox source code leaked ...

[DeathAndTaxes]

http://www.techworm.net/2014/03/mtgox-source-code-leaked-by-hacker-on.html

As a developer all I can say is ...
I have nothing to say just stunned silence that this was the codebase used to process millions of dollars and BTC everyday.

[1714876425]

1714876425

[1714876425]

1714876425

[DeathAndTaxes]

Oh and it gets worse

From the IRC chat of Nanashi and other hackers, it seems that the hacker also have access to a 20GB data dump of customer data along with passport scans.

[bitjoint]

Oh and it gets worse

From the IRC chat of Nanashi and other hackers, it seems that the hacker also have access to a 20GB data dump of customer data along with passport scans.

Thanks god I never signed up for that crappy site...

[oOoOo]

It's a pile of garbage.
If I had know this before, I would have NEVER trusted them with a single BTC, yubikey or not!

Mysql? php??? For a multi-million dollar website?!?!?!? WTF!!!

Releasing source code should be mandatory for bitcoin exchanges!

[Come-from-Beyond]

I have nothing to say just stunned silence that this was the codebase used to process millions of dollars and BTC everyday.

Bitcoin code written by Satoshi is not perfect too but u still use it.

[Come-from-Beyond]

Mysql? php??? For a multi-million dollar website?!?!?!? WTF!!!

This explains why u r still not a b/millionaire...

PS: http://www.warriorforum.com/programming-talk/497316-what-programming-language-facebook-written.html

[DeathAndTaxes]

I have nothing to say just stunned silence that this was the codebase used to process millions of dollars and BTC everyday.

Bitcoin code written by Satoshi is not perfect too but u still use it.

Um this goes far beyond "not perfect".  It essentially breaks every rule in software design, resulting in a fragile, unmaintainable mess.

[gollum]

http://www.techworm.net/2014/03/mtgox-source-code-leaked-by-hacker-on.html

As a developer all I can say is ...
I have nothing to say just stunned silence that this was the codebase used to process millions of dollars and BTC everyday.

I hope this is a joke

[Come-from-Beyond]

Um this goes far beyond "not perfect".  It essentially breaks every rule in software design, resulting in a fragile, unmaintainable mess.

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

[st4nl3y]

i wouldn't be surprised if the alleged 20GB of data comes up for sale

[gollum]

Um this goes far beyond "not perfect".  It essentially breaks every rule in software design, resulting in a fragile, unmaintainable mess.

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

That's why you split up a system in separate parts so you easily can track bugs, or security flaws.
Even if you don't trust other coders.

[oOoOo]

As a website dealing with millions of user funds, their security should have been on par with that of big banks.

Does Deutsche Bank use php? Does HSBC use fucking MYSQL??? Do any of those banks comment out lines in production code for debugging?!?!?!?

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

That's exactly the problem, it shouldn't be written by only one clueless guy!!!

[gollum]

As a website dealing with millions of user funds, their security should have been on par with that of big banks.

Does Deutsche Bank use php? Does HSBC use fucking MYSQL??? Do any of those banks comment out lines in production code for debugging?!?!?!?

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

That's exactly the problem, it shouldn't be written by only one clueless guy!!!

Bitcoinica failed for the same reason - bad coding and no security.

[oOoOo]

More: php uses weak/'implicit' typing which means you never really know what type you are dealing with, unless you explicitly state so in the code. This might be fine for simple web-servers or some forum software, but it makes php inherently useless for high security applications.

^This is amateur grade code at best, and now we see the result...

edit: @gollum: Exactly!!

[DeathAndTaxes]

Um this goes far beyond "not perfect".  It essentially breaks every rule in software design, resulting in a fragile, unmaintainable mess.

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

I do own (well partially) an exchange, and I did initially did code it all myself.  I still used concepts like scope delineation, separation of concerns, encapsulation of internal details, test driven development (unit tests), mocking, inversion of control, etc to be used.  These aren't just academic ideals, they are used every day in millions of software projects.  One programmer or one hundred there are reasons code is broken into logical groupings not one monster horribly do everything superclass.  The later produces fragile, unmaintainable, untestable code with the very obvious and expected end result.

I am not gods gift to software engineering but I have written hobbyist projects which had better design.

I think the articles sums it up

To sum up function _Route_getStats($path): XML production, JSON production, file writing, business logic, SQL commands, HTTP header fiddling, hard coded paging limits, multiple exit points...

All these things don't belong in the same class.  The http header generator doesn't need to know about the business logic, the SQL connectivity doesn't need to know about the routing.  Good software is hard, the capabilities of the computers, and languages already push the limits of what humans can process effectively.  Software developers use design tools to help the human manage the code/project.  You could write a web application in machine code if you wanted to, ultimately it all ends up there anyways but try spotting a bug in something low level like that.  High level languages were developed to allow a better code view.

Personally I am no fan of php for a variety of reasons but php doesn't mean you have to write code like the leaked gox source.  It is possible to write good (or at least better) php.  The major issue isn't the choice of language but how that language was (mis)used.

[CurbsideProphet]

Oh and it gets worse

From the IRC chat of Nanashi and other hackers, it seems that the hacker also have access to a 20GB data dump of customer data along with passport scans.

This is much worse.  A whole new slew of lawsuits heading their way.

[Lauda]

Um this goes far beyond "not perfect".  It essentially breaks every rule in software design, resulting in a fragile, unmaintainable mess.

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

Stop protecting Gox.

[Come-from-Beyond]

I do on an exchange, and I did initially did code it all myself.  I still used concepts like separation of concerns to be used.  One programmer or one hundred there are reasons code is broken into logical groupings not one monster horribly do everything super class.  It allows unit testing, bug fixing, and discrete upgrades.

Hm, guys upthread do the same. Perhaps it's me who is wrong. I prefer one monster super class...

[Come-from-Beyond]

Stop protecting Gox.

I don't protect Gox. Their coding paradigm was heavily used before invention of OOP and I don't see why it can't be used nowadays.

[bananas]

Mark Karpeles   Mobile: 03-4550-1529
            magicaltux@gmail.com