GLBSE 2.0 open for testing

[Tomatocage]

I still keep failing the first-attempt login w/2-factor, every single time

[1713494158]

1713494158

[1713494158]

1713494158

[Serge]

I still keep failing the first-attempt login w/2-factor, every single time

i don't have 2-factor auth, but  here is what i experienced:

when glbse promts to login while showing login form in main white area - every attempt has failed for me.
when i click glbse logo and end up having login form in dark top header area, signing in from there works like a charm

[Namworld]

Doesn't it bother you Nefario that people access GLBSE though CloudFlare, which creates a technical risk of a man-in-the middle attack, since CloudFlare has access to an unencrypted connection?

I mean, I do understand the reasons and all the advantages of using CloudFlare, but I am wondering about your reasoning to trust this specific service.
As much as I do trust you, I wouldn't want to discover one day that my money has been withdrawn to a different address from the one I entered into the form and there is no way to prove it...
I hope you understand my concerns.

I believe cloudflare only serves static content: images/css/javascript/etc.

The core is still provided by GLBSE. Hence why when GLBSE is not available, cloudflare doesn't serve the website but puts a notice the website is not available. Cloudflare is a CDN, not webhosting. (They also offer other services like firewall, etc.)

[mcris444]

Noticed it was back online.

BUT.......

Internal Server Error when buying an asset.


Just letting you know.

[viboracecata]

I can't login with my account and pwd, and if I want to reset my pwd, internal error always raises

[Insu Dra]

I can't login with my account and pwd, and if I want to reset my pwd, internal error always raises

I have been locked out for almost 2 day's now, exact same deal, at some point I did manage to get password reset email but even after following that and changing the password. I'm still locked out ... lucky for me it was a test account.

Edit: First Problem now fixed, thx to random guy. After a failed login, password rested, ... you are forced to use captcha. Not sure how or when but the login at top bar won't work anymore, you have to go true the page with a captcha on it!

The other issue we found in glbse is that there is no way for the issuer to check/verify and/or backup who owns shares. This would basically mean if the site is taken or forced down there is no way to keep dividends going, people that invested in your company are just lost and there is absolutely nothing you can do about that!

Compared to the later the first one just a miner hick-up and yes we did contact them on both issues. They are working on some solution for the later, no reply as of yet to the first (it's been bumped up support chain)  

[Nefario]

I can't login with my account and pwd, and if I want to reset my pwd, internal error always raises

The other issue we found in glbse is that there is no way for the issuer to check/verify and/or backup who owns shares. This would basically mean if the site is taken or forced down there is no way to keep dividends going, people that invested in your company are just lost and there is absolutely nothing you can do about that!

This isn't an issue with GLBSE (find another bitcoin exchange that does this), the reality is, if an issuer asked to get taken off GLBSE and get the needed details of account holders of his share we would do it.

GLBSE data is backed up several times a day, we're working on realtime, if we were to ever be shut down (less likely with us since we're not hosting copyrighted porn) it would mean only a delay on us getting back up again.

[Insu Dra]

This isn't an issue with GLBSE (find another bitcoin exchange that does this), the reality is, if an issuer asked to get taken off GLBSE and get the needed details of account holders of his share we would do it.

Ok so it is a issue with all exchanges, at this point in time I only looked at glbse, it doesn't take away that it remains a problem.

If I where to issue shares to investors I would want to protect these investors and make sure there is little to no chance of me having to break my word towards them. The solution you offer still requires you (as glsbe) to be active and responsive, no mater how match trust I have in you, there is always the risk of something happening and me losing access to data I need to continue normal operations.

Having access to take snapshots of said data on my end would minimize the risk for both me and investors. If investors truly want to remain anonymous you could link a external btc address provided by them in staid of a email or just add a opt out option (that explains the risk) in there settings.

As it stands now there is just one entity that holds the data, even if there is sufficient trust this is still a risk I'm not comfortable with.

[Nefario]

This isn't an issue with GLBSE (find another bitcoin exchange that does this), the reality is, if an issuer asked to get taken off GLBSE and get the needed details of account holders of his share we would do it.

Having access to take snapshots of said data on my end would minimize the risk for both me and investors. If investors truly want to remain anonymous you could link a external btc address provided by them in staid of a email or just add a opt out option (that explains the risk) in there settings.

It's not an easy problem to solve, the only way to ensure that the numbers  for who has what shares are accurate it to take them off the exchange (i.e. stop trading them). Snapshots do nothing, as seconds after the snapshot shares can be sold or transferred making the whole exercise useless and open to fraud and abuse.

It's either on the exchange or it's not, there can't really be any middle ground, which kind of requires issuers to trust the exchange (which they do already).

[Insu Dra]

Snapshots do nothing, as seconds after the snapshot shares can be sold or transferred making the whole exercise useless and open to fraud and abuse.

We seem to disagree on that, a snapshot can act as a fall back in case of "catastrophic failure", it would be meant as a extra backup and not as a middle ground. Just like most backup systems, even if the data is incomplete or delayed to some degree it's still better then nothing at all.

As to opening the doors to fraud, I disagree again. The only abuse possible with a backup is the one where the issuer would stop trading on glbse and only use the backup to id valid ownership. The risk of that happening is the same as a issuer vanishing in to thin air, it would destroy the issuers credibility and at no point in time could glbse be kept accountable for such actions. Again I'm amusing this is just a extra backup and not a middle ground.

Don't get me wrong I still believe your offering a great service to community, but having a single point/entity of failure is bad practice no mater how you look at it.

[throwaway]

Are btc withdrawals not working? Did one 35 minutes ago and it hasn't shown up (I'm checking both my client and blockchain.info).

Edit: ...and it shows up a few seconds after I post this.

[piotr_n]

if an issuer asked to get taken off GLBSE and get the needed details of account holders of his share we would do it.

So I guess now Nefario, after Pirate had said that he wants the details of each PPT sub-account to pay it out directly, otherwise he's not going to pay at all - it seems like a perfect time for you to keep up the promise, doesn't it?

[Garr255]

Doesn't it bother you Nefario that people access GLBSE though CloudFlare, which creates a technical risk of a man-in-the middle attack, since CloudFlare has access to an unencrypted connection?

I mean, I do understand the reasons and all the advantages of using CloudFlare, but I am wondering about your reasoning to trust this specific service.
As much as I do trust you, I wouldn't want to discover one day that my money has been withdrawn to a different address from the one I entered into the form and there is no way to prove it...
I hope you understand my concerns.

Additionally: What means is there currently to keep track of existing shareholders in the case of GLBSE being unreachable for an extended period of time?

Even a Bitcoin address and a fraction representing the amount of ownership would be much better than nothing!

[Nefario]

if an issuer asked to get taken off GLBSE and get the needed details of account holders of his share we would do it.

So I guess now Nefario, after Pirate had said that he wants the details of each PPT sub-account to pay it out directly, otherwise he's not going to pay at all - it seems like a perfect time for you to keep up the promise, doesn't it?

Pirate has no assets on GLBSE, he is not an issuer, why would I give him any details of GLBSE users?

What we deem to be "needed details of account holders" is a list of codes with how many of the asset each code as, then the GLBSE user is given the code, with which they are free to go to the issuer. They are also free not to.

I've said this in another thread but it bears repeating here, we don't give user details to outside parties, and PPT asset holders have no contract, contact, or deal with pirate, it is with the asset issuers.

Pirate himself has said exactly this, both to me personally via PM and in a public forum post. That he has no deal with "sub-account" holders, and he is only responsible for the people who have accounts directly with him.

mother fucker can't have his cake and eat it too.

[SebastianJu]

Why should pirate should need this data? Its nothing he need to concern about because when he would like to pay out then he would pay out his owners in the value they get and they should spread it to their shareholders. What pirate says here sounds to me only like an excuse why he "cant" pay out. I heard these stories too often because i invested unknowingly into hyip before too and at the end they invent all kind of stories why they cant pay back. Nefario not giving out the details probably will become such a reason for pirate soon too. Even though it doesnt make any sense at all. Its all a retreat-fight.

[piotr_n]

Pirate himself has said exactly this, both to me personally via PM and in a public forum post. That he has no deal with "sub-account" holders, and he is only responsible for the people who have accounts directly with him.

He told me that as well - but that was around Friday the 17th...

Obviously later he realized that you and your goats are going to screw the little people over, using the BS&T liquidation as an excuse.
So IMO he's played it very well. And now you are fucking screwed Nefario, together with your fucking goat.

If anyone is going to trust you again, these will be only stupid people with no money.
I warned you that Goat was going to pull you down, to the very bottom where he already was - you should have believed me.

[ribuck]

Why should pirate should need this data? Its nothing he need to concern about because when he would like to pay out then he would pay out his owners in the value they get and they should spread it to their shareholders.

Here's why pirate might hypothetically want the details of passthrough asset-holders. Suppose pirate has consulted a lawyer and decided to go the bankruptcy route.

Pirate could insist on getting a list of the PPT asset-holders, to be entered into the bankruptcy proceedings as the claimants against pirate's assets (instead of the PPT operators being the claimants). The bankruptcy court would probably rule that these asset-holders have no claim against pirate's assets, because their claim (if any) is against the PPT operators.

In an insolvency, you don't get two bites at the cherry. If your claim is disallowed, you can't have another try. So in one fell swoop, pirate's outstanding debt (as believed by the bankruptcy court) is vastly reduced.

The above is just one speculative possibility. I have no financial involvement with pirate or with any passthrough. But if I was a PPT operator, I would be lodging a single claim with pirate rather than a set of claims on behalf of my asset-holders.

[Nefario]

Why should pirate should need this data? Its nothing he need to concern about because when he would like to pay out then he would pay out his owners in the value they get and they should spread it to their shareholders.

Here's why pirate might hypothetically want the details of passthrough asset-holders. Suppose pirate has consulted a lawyer and decided to go the bankruptcy route.

Pirate could insist on getting a list of the PPT asset-holders, to be entered into the bankruptcy proceedings as the claimants against pirate's assets (instead of the PPT operators being the claimants). The bankruptcy court would probably rule that these asset-holders have no claim against pirate's assets, because their claim (if any) is against the PPT operators.

In an insolvency, you don't get two bites at the cherry. If your claim is disallowed, you can't have another try. So in one fell swoop, pirate's outstanding debt (as believed by the bankruptcy court) is vastly reduced.

The above is just one speculative possibility. I have no financial involvement with pirate or with any passthrough. But if I was a PPT operator, I would be lodging a single claim with pirate rather than a set of claims on behalf of my asset-holders.

I'm sure the PPT issuers have some brains and will do just this, make a single claim and not on behalf of asset holders.

[Bitcoin Oz]

if an issuer asked to get taken off GLBSE and get the needed details of account holders of his share we would do it.

So I guess now Nefario, after Pirate had said that he wants the details of each PPT sub-account to pay it out directly, otherwise he's not going to pay at all - it seems like a perfect time for you to keep up the promise, doesn't it?

Pirate has no assets on GLBSE, he is not an issuer, why would I give him any details of GLBSE users?

What we deem to be "needed details of account holders" is a list of codes with how many of the asset each code as, then the GLBSE user is given the code, with which they are free to go to the issuer. They are also free not to.

I've said this in another thread but it bears repeating here, we don't give user details to outside parties, and PPT asset holders have no contract, contact, or deal with pirate, it is with the asset issuers.

Pirate himself has said exactly this, both to me personally via PM and in a public forum post. That he has no deal with "sub-account" holders, and he is only responsible for the people who have accounts directly with him.

mother fucker can't have his cake and eat it too.

Thanks for doing the right thing by GLBSE users. It would be unethical to do otherwise in this situation.

[Bitcoin Oz]

Pirate himself has said exactly this, both to me personally via PM and in a public forum post. That he has no deal with "sub-account" holders, and he is only responsible for the people who have accounts directly with him.

He told me that as well - but that was around Friday the 17th...

Obviously later he realized that you and your goats are going to screw the little people over, using the BS&T liquidation as an excuse.
So IMO he's played it very well. And now you are fucking screwed Nefario, together with your fucking goat.

If anyone is going to trust you again, these will be only stupid people with no money.
I warned you that Goat was going to pull you down, to the very bottom where he already was - you should have believed me.

Dont be a douchebag. Nefario is doing exactly the right thing. So is Goat by refusing to hand over private customer data to a third party.