Bitcoin Forum
December 09, 2016, 05:43:47 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [40] 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201815 times)
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 15, 2012, 01:00:41 PM
 #781

IIRC the Armory client doesn't use any of the Satoshi codebase. I am not sure how useful it is for automated processing but the argument that all clients use the Satoshi codebase is simply wrong.  On edit: I was wrong.  It uses bitcoin-qt codebase under the surface.

Still moving the discussion forward, what is really needed is a "client" which exists solely as a daemon (or windows service) communicates to a variety of database platforms through ODBC and is designed specifically for backend processing (integration with shopping carts, order processing systems, customer databases, etc).  Keeping the private keys in an encrypted database would also provide another layer of security.  Access to the server doesn't necessarily mean access to the database (or specifically tables containing keys).  Having a "client" which requires manual startup and loads digitally signed business rules (limits on tx volume, max tx size, velocity, etc) would provide another layer of security.

I am working on forking the bitcoinsharp (.net library) to handle a merchant backend (database driven) wallet.  One limit of the bitcoinsharp codebase is that it doesn't maintain a local copy of the blockchain.  It relies on peers for transactional data.  However that limitation can be overcome by ensuring the processing node only connect to a handful of trusted peers which are running as full nodes (satoshi or otherwise).
1481305427
Hero Member
*
Offline Offline

Posts: 1481305427

View Profile Personal Message (Offline)

Ignore
1481305427
Reply with quote  #2

1481305427
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
May 15, 2012, 01:03:10 PM
 #782

IIRC the Armory client doesn't use any of the Satoshi codebase. I am not sure how useful it is for backend processing but the argument that no other client exists is simply wrong.  

Still moving the discussion forward I would love to see a "client" which exists solely as a daemon (or windows service) communicates to a variety of database platforms through ODBC and is designed specifically for backend processing.  I am working on forking the bitcoinsharp (.net library) to handle a merchant backend (database driven) wallet.
I'm keeping an eye on bitcoinjs it uses nodejs so it'll easily scale, libbitcoin is very promising too

davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
May 15, 2012, 01:19:00 PM
 #783

Armory uses bitcoin QT.
http://bitcoin.org/clients.html

Multibit uses bitcoinjava

bitcoin-js is not a full client anymore and is unmaintained

Davout, you quoted me as saying "implementing" not reimplementing. New clients can use the Satoshi code base or Libbitcoin which is a reimplementation of the original bitcoin codebase.

There are/were 4 codebases

*Satoshi

*bitcoinjava - mobiles and not full implementation (no scripting or block validation)
            bitcoinjava is used in all mobile clients and multibit

*bitcoin-js which is unmaintained and doesnt have the new changes. nor is it complete.

*electrum off libbitcoin (in it's newest form. formerly bitcoind/ABE)
Interesting.

I'm still curious about how MultiBit manages to send coins if it can't do the scripting magic.

But hey, thanks for clearing some stuff up!

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 15, 2012, 01:19:39 PM
 #784

*bitcoinjava - mobiles and not full implementation (no scripting or block validation)
            bitcoinjava is used in all mobile clients and multibit

It could be used securely for web applications by limiting its connections to trusted peers.  Right?
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 15, 2012, 01:41:48 PM
 #785

Shouldn't you be making a claims page instead of trolling about the nuances of different clients?
To be fair, there were those here wanting a response. You got it, even if it wasn't what you wanted to hear.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
May 15, 2012, 01:43:43 PM
 #786

Shouldn't you be making a claims page instead of trolling about the nuances of different clients?
To be fair, there were those here wanting a response. You got it, even if it wasn't what you wanted to hear.

I agree, a posting was warranted.  They even made a splash page on Bitcoinica.com.  Bickering about the subtleties in the clients isn't productive, producing the remainder of what was promised to their customers is.

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
disclaimer201
Legendary
*
Offline Offline

Activity: 1316


View Profile
May 15, 2012, 01:46:53 PM
 #787

Armory uses bitcoin QT.
http://bitcoin.org/clients.html

Multibit uses bitcoinjava

bitcoin-js is not a full client anymore and is unmaintained

Davout, you quoted me as saying "implementing" not reimplementing. New clients can use the Satoshi code base or Libbitcoin which is a reimplementation of the original bitcoin codebase.

There are/were 4 codebases

*Satoshi

*bitcoinjava - mobiles and not full implementation (no scripting or block validation)
            bitcoinjava is used in all mobile clients and multibit

*bitcoin-js which is unmaintained and doesnt have the new changes. nor is it complete.

*electrum off libbitcoin (in it's newest form. formerly bitcoind/ABE)

Shouldn't you be making a claims page instead of trolling about the nuances of different clients?

+1

realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
May 15, 2012, 02:39:39 PM
 #788

Armory uses bitcoin QT.

Shouldn't you be making a claims page instead of trolling about the nuances of different clients?

I'm as annoyed with Intersango as the next man; but this sort of response is just contrarian for the sake of it.

Is it not conceivable that not every single member of Intersango is working on the claims page at once?  Is it possible that the PR account is being run by... a PR person?

Five minutes ago, there were shouts that we hadn't heard anything from Intersango, and that they had probably run off with all our money.  If anything, the fact that Intersango is responding to mundane technical questions is a sign that they are not all on a flight to the bahamas.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
May 15, 2012, 03:01:25 PM
 #789

I'm as annoyed with Intersango as the next man; but this sort of response is just contrarian for the sake of it.

Is it not conceivable that not every single member of Intersango is working on the claims page at once?  Is it possible that the PR account is being run by... a PR person?

Five minutes ago, there were shouts that we hadn't heard anything from Intersango, and that they had probably run off with all our money.  If anything, the fact that Intersango is responding to mundane technical questions is a sign that they are not all on a flight to the bahamas.


It was just the nature of the posts.  I think you'd agree that a status update was warranted.  Worrying about which client was the most significant rewrite isn't exactly a priority.

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
ElectricBrain
Jr. Member
*
Offline Offline

Activity: 33


View Profile
May 15, 2012, 03:06:29 PM
 #790

*there's always a possibility that the attacker tampered with the database. But it's nearly impossible to tell which data was tampered with and which wasn't, so either way they're in pretty hot water.

If only database technology was available for financial services where there is the ability to store transactions with auditable history as well as there being an archive log such that recovery to a point in time is possible.  If only such a thing existed ....

I find myself wanting to +1 90% of the stuff you write.

Shuai
Full Member
***
Offline Offline

Activity: 189


View Profile
May 15, 2012, 03:24:53 PM
 #791

BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
May 15, 2012, 03:31:15 PM
 #792


So you guys chose to take over a bucket shop which is constantly at the risk of getting into massive BTC denominated debt (while BTC rallies way up), blinded by greed upon the profits the few shares the mystery investor gave you would promise and now had your reputation tarnished.

You made the mistake of operating for free just to commit another one to correct it. Sad

While it is true that the identity of the investor did not have to be shared, I believe the fact that ownership changed in November SHOULD have been announced. Unless there was an announcement I am aware of, zhoutong deceived us for half a year into believing he solely owned the company.


+10000

Fine, I don't care who the investor is. Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

And by the way, Bitcoin LP (the NZ structure) is a PARTNERSHIP and not a corporation, and as per NZ rules, the name of the general partner must be public and known.

You don't want to reveal who owns the shop? That's fine. But please provide a name for a responsible officer of the company as required by law.




I guess I understand your need to know who you are working with in this industry.

Lack of information is information in of itself. There are plenty of legal ways of hiding ownership. Although they do take some money to do so. There are shell corporations, basically companies that own companies, all leading back to a registered agent somewhere who happens to be a trust or organization's attorney (law firm), and it would take a very long legal fight to get the information you seek. Or you are a government and just go get the information.

But apart from that need for anonymous non-anonymity which plagues the community, do you actually need to know?

I mean, can't you judge based off of their actions, past and present, to determine whether you want to be associated with them.

Although, I strongly agree, the change in ownership should have been broadcast to everyone. That is like giving someone else your private gpg key in the -otc. (Which I am sure had been done).

Aurumxchange, btw: you might want to remove bitcoinica from your sig.




Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
May 15, 2012, 03:57:20 PM
 #793


So you guys chose to take over a bucket shop which is constantly at the risk of getting into massive BTC denominated debt (while BTC rallies way up), blinded by greed upon the profits the few shares the mystery investor gave you would promise and now had your reputation tarnished.

You made the mistake of operating for free just to commit another one to correct it. Sad

While it is true that the identity of the investor did not have to be shared, I believe the fact that ownership changed in November SHOULD have been announced. Unless there was an announcement I am aware of, zhoutong deceived us for half a year into believing he solely owned the company.


+10000

Fine, I don't care who the investor is. Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

And by the way, Bitcoin LP (the NZ structure) is a PARTNERSHIP and not a corporation, and as per NZ rules, the name of the general partner must be public and known.

You don't want to reveal who owns the shop? That's fine. But please provide a name for a responsible officer of the company as required by law.




In other words spit out who the damn fiduciary of the secret owner is already.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
arby
Donator
Member
*
Offline Offline

Activity: 112


keybase.io/arblarg


View Profile
May 15, 2012, 03:59:10 PM
 #794

The owner is former US president George W. Bush.

Jabber/XMPP: arby@darkness.su
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
May 15, 2012, 04:24:42 PM
 #795


So you guys chose to take over a bucket shop which is constantly at the risk of getting into massive BTC denominated debt (while BTC rallies way up), blinded by greed upon the profits the few shares the mystery investor gave you would promise and now had your reputation tarnished.

You made the mistake of operating for free just to commit another one to correct it. Sad

While it is true that the identity of the investor did not have to be shared, I believe the fact that ownership changed in November SHOULD have been announced. Unless there was an announcement I am aware of, zhoutong deceived us for half a year into believing he solely owned the company.


+10000

Fine, I don't care who the investor is. Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

And by the way, Bitcoin LP (the NZ structure) is a PARTNERSHIP and not a corporation, and as per NZ rules, the name of the general partner must be public and known.

You don't want to reveal who owns the shop? That's fine. But please provide a name for a responsible officer of the company as required by law.




+ ∞

Introducing constraints to the economy only serves to limit what can be economical.
JohnBigheart
Full Member
***
Offline Offline

Activity: 167



View Profile
May 15, 2012, 04:29:58 PM
 #796

I don't mean to be rude but I don't understand how people on this forum manage to get scammed literally every day by something new.... and the worst part is.. nothing ever happens.. You guys will make a collection thread no doubt.. and that will be that..

It must be embarrassing for some of you.... ?

My unpopular opinion is that these ripoffs actually benefit the Bitcoin economy:
  • Vulnerabilities are discovered, security awareness and best practices are spread while Bitcoin is still in beta
  • Stolen Bitcoins get into circulation and level the initial imbalance of early adopters vs. others
  • Risk of theft counteracts hoarding and the deflationary spiral and encourages people to spend Bitcoins while they still have them

World renowned expert on silly sketches and stupid gif animations.
Your tips are welcome: 17cETm8zDugFKuNQMprW6GgAFEpmrcPUA
BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
May 15, 2012, 04:38:02 PM
 #797

Quote
Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

It is, but it isn't required to be public knowledge.

If they promised him/her/them to not reveal it then they should stand by their word if not contractual obligations.

btw: I do believe it is in the businesses best interest, but that information shouldn't be forced by us. It should be made known for the business' best interest. OR Said another way: Where do their best efforts lay? With the business or themselves.

I am not for forcing them to do it tho... they should do it because it is the right thing to do. If they don't, then they should bear the consequences of it. Not for any moral or ethical reasons but just for purely business reasons.

This is the nature of business today. Everyone wants the money but nobody wants the accountability.

I would much rather have a person who says: Guys, I fucked up. Here is how. I will try to make it right. Rather than a guy that says: I dunno, it wasn't me, I was sleeping. Isn't that what leaders do, even if it is not their fault? Of course, heads roll but that is the nature of the beast.




Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 15, 2012, 04:52:05 PM
 #798

Quote
Who is the CEO and/or Director, and/or Officer in charge of the day to day operations of the company? You surely must have a name for us? This is required by any government on earth as far as I know.

It is, but it isn't required to be public knowledge.

If they promised him/her/them to not reveal it then they should stand by their word if not contractual obligations.

btw: I do believe it is in the businesses best interest, but that information shouldn't be forced by us. It should be made known for the business' best interest. OR Said another way: Where do their best efforts lay? With the business or themselves.

I am not for forcing them to do it tho... they should do it because it is the right thing to do. If they don't, then they should bear the consequences of it. Not for any moral or ethical reasons but just for purely business reasons.

This is the nature of business today. Everyone wants the money but nobody wants the accountability.

I would much rather have a person who says: Guys, I fucked up. Here is how. I will try to make it right. Rather than a guy that says: I dunno, it wasn't me, I was sleeping. Isn't that what leaders do, even if it is not their fault? Of course, heads roll but that is the nature of the beast.

LOL the sleeping excuse is the latest and greatest. Sleeping during lunchtime ( post was made at 2:15 UK time ) = EPIC excuse for Intersango.

proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 15, 2012, 06:14:57 PM
 #799

Hopefully the fact that I used two-factor authentication makes getting my bitcoins back easier.   Undecided
mobodick
Hero Member
*****
Offline Offline

Activity: 826



View Profile
May 15, 2012, 06:16:35 PM
 #800

Nice  Shocked


Can the current owner(s) of bitcoinica comment on these transactions that took place today?
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [40] 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!