MtGox source code leaked ...

[DeathAndTaxes]

I prefer one monster super class...

Well I think we are done. 

[Taras]

 Oh fuck. Now there is going to be a bunch of mini mtgoxes.

[virtualprofit]

Are you sur this code was not theft back in 2011 ?

[windpath]

Hey folks, new here and happen to also be a LAMP developer (not considering creating an exchange yet ...

I just wanted to jump in here and defend LAMP stacks.

Linux/Apache/MySQL/PHP (LAMP) CAN be highly secure depending on how the code is written.

This forum runs on PHP, most major banking site's fronted is PHP...

The problem comes in when people write insecure code, you can just as easily write insecure C+ or Python as insecure PHP...

I guess my point is dont bash the platform, bash the developer

[bananas]

I don't see any problem with the code,  the issues reported in the articles are just modern recommended programming practices. They do not mean the code by itself is wrong or unsafe.

Regarding that, the banking system is much worse, still lots of source using 'go to' labels in COBOL. Hopefully writen in the best programming practices from 1967.

[virtualprofit]

don't see any problem with the code,  the issues reported in the articles are just modern recommended programming practices. They do not mean the code by itself is wrong or unsafe.

I don't know PHP but for me in this code , you have not check for SQL inject in the SQL requests ?

[BitCoinDream]

As a website dealing with millions of user funds, their security should have been on par with that of big banks.

Does Deutsche Bank use php? Does HSBC use fucking MYSQL??? Do any of those banks comment out lines in production code for debugging?!?!?!?

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

That's exactly the problem, it shouldn't be written by only one clueless guy!!!

Let me tell u that I have worked with ING code and they use GOTO !!! This code is fine if it were written by Jed.

[bananas]

don't see any problem with the code,  the issues reported in the articles are just modern recommended programming practices. They do not mean the code by itself is wrong or unsafe.

I don't know PHP but for me in this code , you have not check for SQL inject in the SQL requests ?

By what i see the SQL queries in the source do not use any user provided data, so it does not require an injection check 'cause there is no such risk.

Edit: there is user provided data, but as of now i can't find any that could be used for injection, i.e. $btc would generate an error if it is anything other than an interger number.

[MatthewLM]

If they were hacked that means something wasn't working properly (Is this really confirmed?). And obviously they didn't know how to handle bitcoin transactions properly. By no means has there been no problems, even if we ignore poor coding practises.

[Maged]

Are you sur this code was not theft back in 2011 ?

That was my thought. Does anyone know what the Eligius-MtGox partnership was formed? I know that it was it 2011, I just don't know the exact day.

It was estimated that MtGox was hacked by no less than 10 separate groups back in 2011 (one of which leaked the user DB, as we all know), so this could absolutely still be fallout from that.

[rayfloyd]

If they were hacked that means something wasn't working properly (Is this really confirmed?). And obviously they didn't know how to handle bitcoin transactions properly. By no means has there been no problems, even if we ignore poor coding practises.

The reason and the how to of the hack might not be poor [or not] web backend. It could also be bad sys admin and bad system security or even just internal.

[acoindr]

Hey folks, new here and happen to also be a LAMP developer (not considering creating an exchange yet ...

I just wanted to jump in here and defend LAMP stacks.

Linux/Apache/MySQL/PHP (LAMP) CAN be highly secure depending on how the code is written.

This forum runs on PHP, most major banking site's fronted is PHP...

The problem comes in when people write insecure code, you can just as easily write insecure C+ or Python as insecure PHP...

I guess my point is dont bash the platform, bash the developer

I agree. I'm getting a bit tired of people who language bash. For example, DeathAndTaxes, whom I respect is killing MtGox in this thread, but he hasn't once faulted the language of choice. Often people who bash don't have much achievement of their own which they can point to, which is telling.

Mysql? php??? For a multi-million dollar website?!?!?!? WTF!!!

Umm, Facebook was built on PHP and they just bought a company for $19 billion. Magento, also built on PHP, was bought by eBay for $180 million. Which apps have you done lately that are worth millions of dollars?

A good programmer can usually do well with most any language, although some may be better fits for a given application. It depends more on style and preference, which is why Google, which probably knows a thing or two about software, allows people to write in the language of their choice for their annual Code Jam with $15K prize. They are not so ignorant as to think various programming languages, which are just tools, can't be used effectively.

[romerun]

no wonder why they could not turn LTC switch on, their code is too mess to add another currency

[zunath]

I think what concerns me more than anything is that they're rounding some of their values.

[MashRinx]

I think what concerns me more than anything is that they're rounding some of their values.

[lemfuture]

i thought the ceo is a tensai?

[kuroman]

Glad I didn't complet my registration ont heir website, I was about to sent them my passport, and what's not info, and when I saw how complex the process compared back I back peddaled and didn't confirm the uploaded documents I uploaded at the time

[QuestionAuthority]

Isn't it convenient that the Gox source code is leaked right after his appeal to the bankruptcy court. That seems to substantiate Karpeles claim that he was hacked and just a poor innocent victim. Very tidy.

[cozk]

Isn't it convenient that the Gox source code is leaked right after his appeal to the bankruptcy court. That seems to substantiate Karpeles claim that he was hacked and just a poor innocent victim. Very tidy.

+1

Hes a rich man now.

[Bit_Happy]

Hey folks, new here and happen to also be a LAMP developer (not considering creating an exchange yet ...

I just wanted to jump in here and defend LAMP stacks.

Linux/Apache/MySQL/PHP (LAMP) CAN be highly secure depending on how the code is written.

This forum runs on PHP, most major banking site's fronted is PHP...

The problem comes in when people write insecure code, you can just as easily write insecure C+ or Python as insecure PHP...

I guess my point is dont bash the platform, bash the developer

Good point, you win 40 GoxCoins