BMF has lost access to it's wallet [UnModerated]

[twentyseventy]

I am sick and tired of scammers hiding themselves under the guise of moderated posts. For every moderated thread that is posted here, I will post an unmoderated version.

I have no ulterior motive except to provide an uncensored thread for anyone to discuss any thread that is moderated here.

My security does not operate under a moderated thread and I do not expect or think it should be allowed for anyone else to do so.

Usagi has deleted many posts critical of him, so I hope that this thread can be a place where people can be openly critical without the threat of deletion.

Those that have the most to hide have the most to lose because of the revelation of the truth.

OP:

Hello. This is the letter I never expected I would have to write, primarily because I never saw this coming.

On MayMarch 29th, 2014, I received the last e-mail which passed through tsukino.ca and the website was shut down by BitVPS.

The official story is that a RAID disk was pulled and was no longer in use. How this could have happened to a live server, esp. one of the more expensive plans (KVM-6) was never explained. The problem was not noticed by BitVPS but two weeks after, I sent them a letter asking about my server. I was assured someone would look into it.

How the remote backups which I had running via cron disappeared was never explained or commented on.

Over the next month, there were few emails sent to support. The responses were typically "someone is looking into it" or abouts; I didn't pay it much attention. In the back of my mind I had always assumed someone was looking into it and that the problem would be fixed soon. In the last two weeks (or so) I have stepped up efforts; On the 20th I ended up opening a ticket because email and IRC was something of a dead-end. Not because I couldn't talk to people like arij and Starsoccer and a few others, but because nothing was ever done.

On the 23rd my ticket expired unanswered so I reopened it. It remains unanswered and just expired again.

On the 27th I sent arij (the president of BitVPS) a detailed e-mail letter explaining what was going on and he assured me on IRC that he would open a new server for me "right away" while they worked on the backups so that I could at least resume development and have a webpage.

Of course, two days later, nothing has been done. Unfortunately I still don't know precisely why this hasn't been fixed and due to the exceedingly odd circumstances surrounding it, I am forced to disclose this as material information about BMF; BMF's webpage and it's wallet were hosted on that server (primarily because I was developing a web wallet service called hotwallet.ca since a couple of years ago). This wallet and all the bitcoins in it have been lost. The total estimated damage is about $10,000 in realized costs. There is a much larger amount possibly lost in losing the ability to prove we are GLBSE claimants. Not a small amount of money by any means, but not a huge and ugly number like "millions" (I pity some web businesses). However it means we can never prove a legal claim to money owed to us by HashKing, AmazingRando, Ian Bakewell, BitcoinRS, etc.

I have to admit, I have been assured by tech support that I would be taken care of and that a new server would be set up for us. However, it has not been done. Two months is a long time; if it gets done later I'll post an update.

This has set us back about 2 years. Essentially, our only asset now is our mining income stream. We have 36 mHash/share which is a significant increase over our last reported number, but please excuse me for not calculating the gain in percentage terms because this setback is deeply troubling to me.

I may have slightly panicked; they have assured me a new server can be up in about a day. Fingers crossed!

We can all learn something from here:
   The act of spilling cofee absolve everybody from any guilt. Nobody is to blaim. Look no further! (but if you do you will be deleted)

Nahh I don't delete people unless they're trolling. As I said I am sorry it happened but these things do end up occurring one in a million once in a while. It's like having a top executive commit suicide; If you want I guess you can blame the boss for giving him too much pressure at work but it's a bit of a stretch, isn't it?

EDIT: Removed the name of the Security to assuage concerns that this is a self-promoting post.

[1714817036]

1714817036

[1714817036]

1714817036

[1714817036]

1714817036

[1714817036]

1714817036

[usagi]

I am sick and tired of scammers hiding themselves under the guise of moderated posts. For every moderated thread that is posted here, I will post an unmoderated version.

I have no ulterior motive except to provide an uncensored thread for anyone to discuss any thread that is moderated here.

My Security, BDD, does not operate under a moderated thread and I do not expect or think it should be allowed for anyone else to do so.

Usagi has deleted many posts critical of him, so I hope that this thread can be a place where people can be openly critical without the threat of deletion.

You have a competing security?

You should be very careful about calling me a scammer as you just did. I deleted posts which stated I had committed criminal negligence and that I had a history of mishandling customer's money, both of which are untrue. Please don't paint yourself into a corner where you sound like you're talking trash about your competitors.

You will note that your post above quoted my entire OP from my thread which I haven't deleted. Why quote the whole thing here all over again, as if I had something to hide? I didn't delete MY own OP either? What are you trying to show here? That I know how to post to bitcointalk.org?

I'm really surprised at you twentyseventy esp. considering how we worked together to go after Ian Bakewell. I'd have to say overall, you let me down.

[twentyseventy]

I am sick and tired of scammers hiding themselves under the guise of moderated posts. For every moderated thread that is posted here, I will post an unmoderated version.

I have no ulterior motive except to provide an uncensored thread for anyone to discuss any thread that is moderated here.

My Security, BDD, does not operate under a moderated thread and I do not expect or think it should be allowed for anyone else to do so.

Usagi has deleted many posts critical of him, so I hope that this thread can be a place where people can be openly critical without the threat of deletion.

You have a competing security?

You should be very careful about calling me a scammer as you just did. I deleted posts which stated I had committed criminal negligence and that I had a history of mishandling customer's money, both of which are untrue. Please don't paint yourself into a corner where you sound like you're talking trash about your competitors.

You will note that the OP quoted my entire OP from my thread in my thread and I haven't deleted it, nor posts which call to question my culpability. This thread is uncalled for. I'm really surprised at you twentyseventy esp. considering how we worked together to go after Ian Bakewell. I'd have to say overall, you let me down.

A competing security? Not at all. I run a derivative based upon the DMS model. Yours is a hedge fund model, if I remember correctly. Welcome to the unmoderated thread.

[usagi]

A competing security? Not at all. I run a derivative based upon the DMS model.

Oh lord, the irony.

Are you incorporated?

[fluffypony]

All the original posts are still up here: https://bitcointa.lk/threads/bmf-has-lost-access-to-its-wallet.321036/

I'm quite confused as to whether this was a hot wallet for a webwallet, or a wallet used to receive funds from mining operations?

In the case of the former, running a hot wallet on a VPS (shudder) or even on the same physical hardware is an architecturally terrible decision. Isolating the hot wallet is, like, step 1 in operating infrastructure that handles money for other people.

In the case of the latter...well...why even bother to have it hosted anywhere at all? It could be operated in a VM on one's own laptop without issue.

So either we have a case of ignorance, negligence, stupidity, or all 3. Were this a n00b with 4 posts it could be written off as "n00bs gonna n00b", but I think a certain level of expertise is expected from someone that has been here for 3 years and is a "VIP".

[usagi]

Anyway, on the subject of this thread, it's probably a good occasion to talk about backups.

While most users learn to make backups after a loss, I can always hope some don't. Again, if you manage someone else's data or funds, you should be extra careful and do the last step regularly.

I know what you mean. I had regular weekly backups. Check.

A good backup is offsite. That means storing it elsewhere than where the data is. If you're with provider A, the backup shouldn't be managed by provider A. And obviously, in another physical location.

Check, we had offsite backups. But there's no reason not to trust the same provider; I'd be interested to know a scenario other than outright fraud where keeping a backup with another provider would add security. In many ways, keeping an offsite backup with the same provider increases security vs. using a second provider.

A good backup is offline. If somehow your automated backup fails and deletes the old stuff, you're screwed. Offline backups have the advantage of being in a certain, know state. Of course, they aren't always practical, but you should have at least one offline backup at all times.

Point taken, but the likelyhood of a fire in a home destroying a piece of paper is greater than the likelyhood of a fire in a well-managed data center with an auto shutdown procedure. From the standpoint of security, encrypted communicatoins from one place to another with rsync is much more secure than keeping a paper backup.

A good backup has history - don't keep only the latest copy. Maybe something is broken in the new ones. The ability to go back is very comfortable.

Check. Our backups were incremental (and our new backups are incremental as well). I like incremental backups -- damn you, Time Machine!

Since we're in Bitcoin, and you're likely to store sensitive information, you should definitively encrypt your backups.
Of course, you also have to not lose your way of decrypting it. There are various choices which I'm not going to expose here.

Aye. If someone got ahold of my paper copy privkeys they would not be able to use that information to directly input and get the bitcoins. They're not quite encrypted but without knowing the key it would be useless information.

RAID is not a backup. It helps reduce service interruptions, but will never protect against many type of data loss.

A good backup is tested. Which means restoring your data on a new system with only the backup available. I have seen backups systems that were not tested, and were broken, incomplete, etc. This is probably the least done thing in backups.

A remote raid array keeping an incremental copy is a backup copy of your data.

No matter how you store your data it is at risk. You can go to tape and you will be at risk of magnetic interference. You can go to punchcards and be at risk of fire, or even careless folding, spindling and mutilating. Right now we have a local raid array as a remote backup, but I can tell you first hand that is not 100% secure -- just two weeks ago a disk failed on another RAID in the office and before I could replace it the volume crashed.

The main point of a backup is that when your main copy fails you can go to the backup to restore your data. If you want extra security the best you can do is have two or more backups in different locations. I assure you that this is a risk vs. reward scenario; I just spent $1200 on a new DS-4 and drives; if I spend another $2000-$3000 on a better backup solution and maybe again in another location, I quickly approach the value of what was just lost. From a risk vs reward scenario doing that does not make sense based on how much money I kept in the wallet. That is what I find so humorous about people like floppypony and the team -- they just don't get it. I did the all the right things -- including not overspending on financially unjustifiable redundancy.

And there's a good chance the backups will be found and restored any day now. After all, I did have offsite backups.

[twentyseventy]

I am sick and tired of scammers hiding themselves under the guise of moderated posts. For every moderated thread that is posted here, I will post an unmoderated version.

I have no ulterior motive except to provide an uncensored thread for anyone to discuss any thread that is moderated here.

My Security, BDD, does not operate under a moderated thread and I do not expect or think it should be allowed for anyone else to do so.

Usagi has deleted many posts critical of him, so I hope that this thread can be a place where people can be openly critical without the threat of deletion.

You have a competing security?

You should be very careful about calling me a scammer as you just did. I deleted posts which stated I had committed criminal negligence and that I had a history of mishandling customer's money, both of which are untrue. Please don't paint yourself into a corner where you sound like you're talking trash about your competitors.

You will note that your post above quoted my entire OP from my thread which I haven't deleted. Why quote the whole thing here all over again, as if I had something to hide? I didn't delete MY own OP either? What are you trying to show here? That I know how to post to bitcointalk.org?

I'm really surprised at you twentyseventy esp. considering how we worked together to go after Ian Bakewell. I'd have to say overall, you let me down.

First, you're inferring here that I'm calling you a scammer. However, from all that I can see, this appears to be an honest but quite negligent mistake on your part.

In the clarity that often comes in the morning, I admit that this post was made more out of frustration against censorship and self-moderated posts than serious thought that you're running with $10,000 or so of BTC. I apologize for the unfounded nature of my comments. In my defense, loss of BTC on this forum is much more often theft than true loss/deletion.

I was trying to recall why I harbored mistrust for you and I recalled that, funny enough, it was because you deleted one of my posts about you and Deprived (months ago). I'll see if I can track that down.

That being said, I stand behind my comments regarding these types of threads - you'll notice that I didn't name this thread 'Scammer this' and 'Fraud' that - it simply says the post title with [Unmoderated] after it.

I don't consider our securities to be competing, as mine is listed on-exchange and has a different model than yours; I've removed the name of my security from the OP. My comments still stand; I had people calling me this and that, left and right when I started it - my reputation, however, has stood the test of time and trolling comments.

Finally, I don't recall 'going after' Ian Bakewell at all; I believe that was a bit before my time here, but I could be wrong.

[Blazed]

What blows my mind in all of this is the fact he does not think he did anything wrong...

[twentyseventy]

My deleted post, for posterity:

A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Your post isn't critical of me, it's just asinine. [snip]

It was meant to be critical of you; I've always been wary of your dealings in the past. One of the first things to happen are accusations, baseless or otherwise. I don't see the point in deleting a post if you're going to leave the 'record' of it up - what's the point.

In any case, it's extremely irresponsible to not be checking on the backups with that amount of money at stake.

*shrug* Thanks for your opinion, but you don't know what you are talking about. Try designing a web wallet sometime. You need to keep what happened here in perspective. You are flying off the handle at me because someone spilled coffee on a raid disk 5,000 miles away? Huh? Go back and read the OP then read what you just wrote. If you aren't embarrassed enough to delete your own post I would be very surprised. Beyond that, unless you have something positive to say no you are not welcome to post in this thread anymore.

It's you who is creating the situation of "One of the first things to happen are accusations..." -- if you don't like it, then don't be part of the problem.

Something positive to say? In this post? Should there be?

I'm not flying off the handle here, far from it. You should be more careful to guard BTC against the failure of a single disk, regardless of whether the failure is coffee-related or whether it's 5,000 inches or 5,000 miles away. The point remains.

Best of luck to BMF holders.

[usagi]

...no you didn't.

Oh yes I did.

[usagi]

What blows my mind in all of this is the fact he does not think he did anything wrong...

Do you have any experience in developing web applications, or programming in general? I.E. do you know what you're talking about or are you just here to troll?

[Blazed]

What blows my mind in all of this is the fact he does not think he did anything wrong...

Do you have any experience in developing web applications, or programming in general? I.E. do you know what you're talking about or are you just here to troll?

What does web dev have to do with not backing up your wallet??? I am a systems admin for my job, and guess what...I backup stuff!  We do have several colo'd servers and I make sure that I have backups...not hope that they are doing it.

[pummle]

What blows my mind in all of this is the fact he does not think he did anything wrong...

Do you have any experience in developing web applications, or programming in general? I.E. do you know what you're talking about or are you just here to troll?

Ad hominem attacks do not help your side. It does not matter who asks the question if it is a good question.

[Blazed]

Hey guys I wrote a web wallet...my coding skills rock!!!  Oh do we back it up??...hmmm let me ask my VPS provider and get back to you on that.  Seems legit 

[E.Sam]

[pascal257]

You should be very careful about calling me a scammer as you just did. I deleted posts which stated I had committed criminal negligence and that I had a history of mishandling customer's money, both of which are untrue.

I connect your name at least with high incompetence. The lines between scammers and idiots are quite thin. Which group you belong to needs to be determined here, but it does not speak for you that you're deleting comments on the main thread.

Do we have the addresses available and can trace the flow of the coins?

[usagi]

I know! This thread is a laugh riot. It's clearly full of trolls; all you can do is eat more popcorn.

Gotta hand it to that guy who claims to be a web admin yet so obviously has no concept of the delegation of authority or any management experience whatsoever.

[bitlind]

I need to point out, if someone is drinking coffee around your SAN or DAS units, or in any DC, they need to be fired, flogged, and shot.  Food and drink should be no where near any equipment, let alone hundreds of thousands of dollars of equipment.

Backups are not a programmers job, they are that of a server admin/engineer.  Programming skills have nothing to do with due diligence.

Just my 2c

[fluffypony]

I know! This thread is a laugh riot. It's clearly full of trolls; all you can do is eat more popcorn.

Gotta hand it to that guy who claims to be a web admin yet so obviously has no concept of the delegation of authority or any management experience whatsoever.

Whether he does or not is irrelevant - I do, at C-level at a listed company for several years, and everything he has said has been entirely valid. Delegation of authority does not mean you hand the job of backing up over to an external company. It means you or a trusted aide ensures you have fully controlled backups on your territory and THEN you additionally allow someone else to handle encrypted backups for a faster and smoother DRP.

Again, operating at your level means backing the wallet.dat up to a couple of flash drives, no need for any formal DRP or delegation of anything.

[usagi]

Again, operating at your level means backing the wallet.dat up to a couple of flash drives, no need for any formal DRP or delegation of anything.

How will backing up wallet.dat to a couple of flash drives work if your house burns down? You're such a 'tard. You act like it is impossible to lose data. Let me be honest with you -- I'm laughing at you. You and twentyseventy clearly have no idea what is going on here.