Bitcoin Forum
November 08, 2024, 05:08:39 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 [79]
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 224562 times)
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
May 27, 2012, 05:06:14 PM
 #1561

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
May 27, 2012, 05:20:55 PM
 #1562

http://www.rackspace.com/knowledge_center/rackspace_cloud_backup_faq
Quote
Where are my backups stored?
Your backups are stored in your personal Cloud Files storage account.

While penning my dad's obituary a couple years ago, I kept a copy in documents on this laptop as well as putting a copy in a dedicated image file. I see my error now. I should have also created a public folder to store a third copy. Luckily nobody logged into my laptop and deleted said files, for I wouldn't have had that third backup available to me at the time.
edd
Donator
Legendary
*
Offline Offline

Activity: 1414
Merit: 1002



View Profile WWW
May 27, 2012, 05:22:31 PM
 #1563

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

Still around.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
May 27, 2012, 06:24:34 PM
 #1564

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

Surely we're not talking about Hanlon's Razor on this thread, are we?

Quote
Never attribute to malice that which is adequately explained by stupidity.

~BrunO~
DiabloD3
Legendary
*
Offline Offline

Activity: 1162
Merit: 1000


DiabloMiner author


View Profile WWW
May 27, 2012, 06:29:31 PM
 #1565

Theres an old saying that a backup doesnt exist untill its in 3 separate places Smiley

thats a good saying.
Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

Grin

Lol!  You're just taking credit for Murphy's Law! Wink

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

Surely we're not talking about Hanlon's Razor on this thread, are we?

Quote
Never attribute to malice that which is adequately explained by stupidity.

~BrunO~


No. Its a special corollary of Murphy's Law that I don't think has a name but most people are aware of: Murphy's Law is efficient, if you're sufficiently guarded against it in one way, it'll just strike you some other way.

ssaCEO
Hero Member
*****
Offline Offline

Activity: 568
Merit: 500



View Profile WWW
May 27, 2012, 07:50:48 PM
 #1566


I guess this would be a perfect time to ask the operators of every single Bitcoin exchange if they have a backup of their database. Each and every one of them should go on record stating that they do. I suggest that this should be done within the next 48 hours. Any exchange that does not go on record in stating that they do within this time frame, users of those exchanges should immediately remove their funds from those exchanges.

~Bruno~


We're not an exchange, but given that we deal with people's Bitcoins we do have an obligation to state this: We have always maintained 1) hourly database backups to a second data center, 2) daily offline backups, 3) a hot wallet stored in a third datacenter, on a dedicated server, and 4) offline wallet storage of all funds other than petty cash. Furthermore, everything we run other than our blog is on offshore dedicated servers at datacenters with casino-grade physical security measures, NOT on VPS. A hacker who accessed one of our dedis would find our hot wallet basically empty and our user passwords hashed. At most we'd lose a hundred bucks or so.

We don't have anything near the volume of Bitcoinica. We've got about 1000 users. When we launched, and started paying for the servers involved in this elaborate setup, we had no users. There's no doubt the added security has come at a cost that dug into our bottom line. But what's the alternative? Hosting on a VPS somewhere and waiting for disaster? You don't screw around with cutting costs on security; a wise guy once told me it's better to be "insurance poor" than temporarily rich and waiting for the other shoe to drop. One of the dumbest things I've done in recent memory was send some of our first positive revenues into a Bitcoinica account. I would never have imagined the security there would be more lax than ours, but it's my fault for not doing more research. I accept that.

There is no formulaic way yet of definitively securing a site that deals in BTC, but having lots of backups and dedicated servers seems like kind of a no-brainer place to start. It's a shame all the "security experts" floating around the Bitcoinica scene couldn't afford an extra $200 a month for a dedicated / offline backup solution. We don't make the kind of money they do, and we trusted them with our profit; if I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

R-
Full Member
***
Offline Offline

Activity: 238
Merit: 100

Pasta


View Profile WWW
May 27, 2012, 08:07:54 PM
 #1567

If I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

Now all you have to do is offer margin trading.
ssaCEO
Hero Member
*****
Offline Offline

Activity: 568
Merit: 500



View Profile WWW
May 27, 2012, 08:09:16 PM
 #1568

If I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

Now all you have to do is offer margin trading.

what, blackjack ain't good enough for ya?

repentance
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
May 27, 2012, 09:59:55 PM
 #1569


There is no formulaic way yet of definitively securing a site that deals in BTC, but having lots of backups and dedicated servers seems like kind of a no-brainer place to start. It's a shame all the "security experts" floating around the Bitcoinica scene couldn't afford an extra $200 a month for a dedicated / offline backup solution. We don't make the kind of money they do, and we trusted them with our profit; if I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

They openly stated upthread that their priority was fixing the code rather than addressing other possible/known vulnerabilities and that they still believe that was the correct choice, so I don't think that money was the concern - it seems more like a case of tunnel vision.  I'm not sure why fixing the code and preventing further attacks/securing data against catastrophic loss were regarded as mutually exclusive options.

And yeah, the "rule of three" has been around for a long time.  Back in the days of DOS and 5 1/4 floppy disks we used to work on a three days worth of back ups (we had physical back ups for each of the last three days) and three locations rule (in practice, this meant that one set of backups stayed at the office and the boss and I each took home a set of back up disks).

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
ssaCEO
Hero Member
*****
Offline Offline

Activity: 568
Merit: 500



View Profile WWW
May 27, 2012, 10:45:31 PM
 #1570

And yeah, the "rule of three" has been around for a long time.  Back in the days of DOS and 5 1/4 floppy disks we used to work on a three days worth of back ups (we had physical back ups for each of the last three days) and three locations rule (in practice, this meant that one set of backups stayed at the office and the boss and I each took home a set of back up disks).

Been around long enough to have discovered that for myself (and to remember backing up to disks that were actually floppy). Hell, when I ran a 2400bps hermes board outta my mom's house I was backing up my user lists and warez to disks as fast as I could. I've still got boxes of disks full of gif porn and the names and phone numbers of freaks in Los Angeles somewhere in a storage unit, if those disks haven't degraded yet. "The cloud" is a fucking euphemism for shared hosting without the customer service and accountability that used to come with shared hosting. Why retailers would make a big deal out of a server wholesaler's new buzzword for shit service is totally beyond me. Guess it sounds fancy to their customers.

Most tripods can stand on two legs if you prop them up a little. Anyway, if everything was wiped out, one server hacked and the other two had drive malfunctions or whatever, it's not like you can blame people. But a few extra precautions might be in order when dealing with half a million dollars, even if they do cost a few hundred bucks a month. After all, what's that money worth if your reputation is shit?

Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
May 27, 2012, 11:50:48 PM
 #1571

Why retailers would make a big deal out of a server wholesaler's new buzzword for shit service is totally beyond me. Guess it sounds fancy to their customers.

Indeed, this is beyond comprehension. Apparently these cloud things have hypnotizing effect on Zhou's generation of Internet Pros "powered by google search".

People stop eating all the marketing BS you are being fed.


-
btcgoldsilver
Member
**
Offline Offline

Activity: 63
Merit: 10


Bitcoins Gold Silver


View Profile
May 28, 2012, 12:06:39 AM
 #1572



Just been trying to catch up with the claims process by reading this thread.   Angry  Angry  Angry


The shit fight between bitcoinicca consulting and zhoutong is NOT very inspiring. Frankly I don't give a shit about that stuff. Haven't read many of the latest pages of comments.



Has there been any real information about when we can expect our claims to be actioned Huh??

Has anyone had money refunded yet Huh?




16ZodW6mxFkmxrCy5MSii7PLJ6VdfNknue
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1311



View Profile
May 28, 2012, 12:15:25 AM
 #1573



Just been trying to catch up with the claims process by reading this thread.   Angry  Angry  Angry


The shit fight between bitcoinicca consulting and zhoutong is NOT very inspiring. Frankly I don't give a shit about that stuff. Haven't read many of the latest pages of comments.



Has there been any real information about when we can expect our claims to be actioned Huh??

Has anyone had money refunded yet Huh?





No money has been returned yet, and there haven't been any statements about when money will be returned.

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
btcgoldsilver
Member
**
Offline Offline

Activity: 63
Merit: 10


Bitcoins Gold Silver


View Profile
May 28, 2012, 01:05:21 AM
 #1574

Thanks Proudhon, saves me some time.

no money returned yet :-( ah well, thats what I thought.


16ZodW6mxFkmxrCy5MSii7PLJ6VdfNknue
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1076


View Profile
May 28, 2012, 06:08:29 AM
 #1575

I'll post updates here: https://bitcointalk.org/index.php?topic=84042

That's the new thread.
Pages: « 1 ... 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 [79]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!