Let's deploy free open-source crypto-exchange in 15 minutes

[openware]

Merry Christmas and Happy New Year guys! 

Just wanted to share a quickie tour how to deploy your own OpenDAX - an open-source crypto-exchange platform we're developing at https://github.com/openware/opendax

The backend deployment guide (we used DigitalOcean droplet coz they give free stuff):
https://medium.com/openware/deploy-your-own-crypto-trading-platform-opendax-on-digital-ocean-in-15-minutes-24ca0308fbb3?

And there's a guide how to modify the frontend for it (logo and stuff):
https://medium.com/openware/change-baseapp-logo-and-deploy-in-opendax-8506c865ee99

Would love to hear what you think! It has come a loooooooong way from Peatio 

[1714860957]

1714860957

[Dabs]

So, now anyone can open an exchange? Or there's more to it than just the software? (Like, maybe all the wallets need to be up and running too ...)

[openware]

So, now anyone can open an exchange? Or there's more to it than just the software? (Like, maybe all the wallets need to be up and running too ...)

Hehe ofc you got to manage the serious business side, like wallets, KYC/AML, user support, marketing and so on and on. It is a financial platform after all...
But the software is open-source, yes 

[Lambowei]

Interesting, but why use ruby instead of a typed language? 

[openware]

Interesting, but why use ruby instead of a typed language? 

A question of preference, really 

Ruby is elastic and dynamic, which is a good property to have for building gazillion plugins to support any blockchain and such.
That being said, for very important components we use Go, which is typed.

[DaCryptoRaccoon]

Is this based on Rubykube software?  
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?

Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data.  It's not something to just go out and start an exchange there are a lot of things a user should factor in.


*EDIT*

On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.

Link to original source : https://github.com/rubykube/microkube

[openware]

Is this based on Rubykube software?  
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?

Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data.  It's not something to just go out and start an exchange there are a lot of things a user should factor in.


*EDIT*

On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.

Link to original source : https://github.com/rubykube/microkube

We are the guys who did RubyKube  

So we call it OpenDAX now Kinda cooler, don't you think?

But yeah, technical stuff aside - you need a good business logic if you want to run a financial exchange platform.

[DaCryptoRaccoon]

Is this based on Rubykube software?  
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?

Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data.  It's not something to just go out and start an exchange there are a lot of things a user should factor in.


*EDIT*

On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.

Link to original source : https://github.com/rubykube/microkube

We are the guys who did RubyKube 
We call it OpenDAX now  Kinda cooler, don't you think?

But yeah, technical stuff aside - you need a good business logic if you want to run a financial exchange platform.

Why did you change from RubyKube? 
It might be a good idea to state this in the main post or like I did people may think the projects are non-related.

I actually liked the name RubyKube was quite catchy. 

Anyway I wish you guys the best of luck with the project I did have a poke around your github and play about with RK in the past.

[openware]

Is this based on Rubykube software?  
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?

Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data.  It's not something to just go out and start an exchange there are a lot of things a user should factor in.


*EDIT*

On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.

Link to original source : https://github.com/rubykube/microkube

We are the guys who did RubyKube 
We call it OpenDAX now  Kinda cooler, don't you think?

But yeah, technical stuff aside - you need a good business logic if you want to run a financial exchange platform.

Why did you change from RubyKube? 
It might be a good idea to state this in the main post or like I did people may think the projects are non-related.

I actually liked the name RubyKube was quite catchy. 

Anyway I wish you guys the best of luck with the project I did have a poke around your github and play about with RK in the past.

Yeah it was a nice name, but kinda wanted to grow. Maybe we'll do something funky with it.
It hasn't been updated in a while now, coz we moved forward to OpenDAX and stuff. Still nice to see people remember RubyKube!
Ah thank you so much! 

[Dabs]

You should make some sort of how to article, maybe with an almost or actual example (minus the personal details), maybe a short video showing how the whole thing works.

[openware]

Yes thank you - there are links to the tutorials in the very first post.
We also have a tutorial video on a channel, but it needs more final edits and tuning, will do after the holidays

Doing a video to explain how the whole platform works makes sense - I will see if we can do one.
You know how it goes - everyone loves coding, but when you ask guys to make a full documentation or a video, everybody running away

[AltcoinBuilder]

is this rubekube fork? what are main differences?

[bob123]

Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.

Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?

People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.


Just look at the Issues on github.
One person doesn't know how to add a new currency.. but obviously believes he is capable of running an exchange 
Another person can't even get the software to run.. and even worse.. then another one suggests him to give the user running the service root permissions 


People using such open source software to get an exchange running are asking to lose money. Either by the developer through built in vulnerabilities or through other script kiddies.

[DaCryptoRaccoon]

Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.

Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?

People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.


Just look at the Issues on github.
One person doesn't know how to add a new currency.. but obviously believes he is capable of running an exchange 
Another person can't even get the software to run.. and even worse.. then another one suggests him to give the user running the service root permissions 


People using such open source software to get an exchange running are asking to lose money. Either by the developer through built in vulnerabilities or through other script kiddies.

IOU 1+ merit for that post. 

I could not agree more

[AverageGlabella]

Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.

People think that open source is the answer to everything just like they think that the Blockchain can be implemented into everything and greatly benefit it but that is not true for the majority of the cases presented. Although I normally am an advocate for open source software exchanges are one of the exceptions to this. You do not publish the code on the internet when you are storing hundreds of thousands on your exchange. If you were to do this you would be exposing your code to many more black hat hackers than you would if you kept it closed source. You would also encourage white hats to commit to your code and make it better in that way but the risk of black hat hackers getting into your system is way too great.

The better option is to only have trustworthy members in the community open exchanges with a multisig address that acts as an insurance if everything fails and the exchange is breached. This multisig should be handled by people who are separate to the exchange but have handled more than what is in the fund while being extremely trusted members of the community. This is extremely complicated and has its downfalls for sure but would be a better alternative to openly distributing your code online when it is responsible for holding hundreds of members funds.

Any exchange that opens should be tested by multiple penetration testers before its released to the public.

[buwaytress]

Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.

People think that open source is the answer to everything just like they think that the Blockchain can be implemented into everything and greatly benefit it but that is not true for the majority of the cases presented. Although I normally am an advocate for open source software exchanges are one of the exceptions to this. You do not publish the code on the internet when you are storing hundreds of thousands on your exchange. If you were to do this you would be exposing your code to many more black hat hackers than you would if you kept it closed source. You would also encourage white hats to commit to your code and make it better in that way but the risk of black hat hackers getting into your system is way too great.

The better option is to only have trustworthy members in the community open exchanges with a multisig address that acts as an insurance if everything fails and the exchange is breached. This multisig should be handled by people who are separate to the exchange but have handled more than what is in the fund while being extremely trusted members of the community. This is extremely complicated and has its downfalls for sure but would be a better alternative to openly distributing your code online when it is responsible for holding hundreds of members funds.

Any exchange that opens should be tested by multiple penetration testers before its released to the public.

Open source is simply a philosophy, in my opinion, and anyone who makes software and wants to make it open source, simply subsribes to the idea that the crowd knows best and the crowd finds bugs faster, and fixes them faster, and that gathered intelligence makes for better innovation than solestanding development.

I think simply using open source because it is, that gets you in trouble. The piece of software still needs people looking at it and using it, and trying to debug it, for it to benefit from being open source.

But to get that benefit, you do have to open source.

Closing your software for security is the argument used by MS in the 1990s. But maybe this DAX doesn't even store anything?

I get your point, but I think you might be mistaken that open source compromises people's accounts. Hackers find loopholes and hack closed source systems all the time anyway. And with closed source, you wouldn't even know they exist until a huge hack is discovered. But at least with open source, the bugs are usually found and loopholes identified and informed to the devs BEFORE they are made public. That's kind of part of the whole point isn't it?

[HeRetiK]

Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.

Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?

People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.

Well, on the other hand anyone who goes for an open source exchange to run their platform as if it were just another WordPress site is probably better off that way than trying to cobble their own custom solution. Whether one should use such an exchange is a different question of course, but if one is not to be stopped from running an exchange of their own, using an open-source platform might be the lesser evil. Even without having looked at the code of this project I'm fairly certain crypto has seen worse exchanges in terms of security. Not that the bar has been set that high, unfortunately.

[hartanto]

thank your for the project!but if i may ask why did you choose to make it as an open source project?

[openware]

thank your for the project!but if i may ask why did you choose to make it as an open source project?

Thank you for the interest
We believe the open-source is the way to proceed, same as Blockchain's transparency.
But the major point is that you own your software, and are free to change it, unlike closed projects, where you have no idea if you are actually on a shared service or not and have no access to repositories, being hostage to the code provider.

[openware]

Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.

Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?

People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.

Well, on the other hand anyone who goes for an open source exchange to run their platform as if it were just another WordPress site is probably better off that way than trying to cobble their own custom solution. Whether one should use such an exchange is a different question of course, but if one is not to be stopped from running an exchange of their own, using an open-source platform might be the lesser evil. Even without having looked at the code of this project I'm fairly certain crypto has seen worse exchanges in terms of security. Not that the bar has been set that high, unfortunately.

In our experience over the past years, the dreaded code vulnerabilities - the major blame, have not even been remotely close to the source of issue as the human factor.
When another exchange claims it "got hacked" it's just management tampering with the wallets, and that's about it.