Bitcoin Forum
December 04, 2016, 12:08:14 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: List of Bitcoin Companies with Adequate Backup--Please Submit  (Read 4950 times)
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 30, 2012, 05:12:58 AM
 #41

This is a waste of time.  You're asking owners for a statement saying their stuff is adequately backed up and that's how they get on the list?  No verification or auditing, just that they think their procedures are adequate.  Similar to how people thought it was adequate to go with cheap hosting on vps providers to hold thousands of btc only to have it stolen right out from under them?

It's a start, but, yes, I agree that we need something more than merely their word.
1480810094
Hero Member
*
Offline Offline

Posts: 1480810094

View Profile Personal Message (Offline)

Ignore
1480810094
Reply with quote  #2

1480810094
Report to moderator
1480810094
Hero Member
*
Offline Offline

Posts: 1480810094

View Profile Personal Message (Offline)

Ignore
1480810094
Reply with quote  #2

1480810094
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480810094
Hero Member
*
Offline Offline

Posts: 1480810094

View Profile Personal Message (Offline)

Ignore
1480810094
Reply with quote  #2

1480810094
Report to moderator
1480810094
Hero Member
*
Offline Offline

Posts: 1480810094

View Profile Personal Message (Offline)

Ignore
1480810094
Reply with quote  #2

1480810094
Report to moderator
1480810094
Hero Member
*
Offline Offline

Posts: 1480810094

View Profile Personal Message (Offline)

Ignore
1480810094
Reply with quote  #2

1480810094
Report to moderator
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
May 30, 2012, 05:15:34 AM
 #42

Didn't Mt.Gox provide something a while back that stated majority of their coins where covered?

vragnaroda
Jr. Member
*
Offline Offline

Activity: 40


View Profile
May 30, 2012, 05:16:58 AM
 #43

This is a waste of time.  You're asking owners for a statement saying their stuff is adequately backed up and that's how they get on the list?  No verification or auditing, just that they think their procedures are adequate.  Similar to how people thought it was adequate to go with cheap hosting on vps providers to hold thousands of btc only to have it stolen right out from under them?

What could be wrong with that?

On that note, add Bitcoinica and Mybitcoin to the list.  They both made claims about their adequacy and competence.

“99% of quotes on the Internet are wrong.”  -- Abe Lincoln
1Bv7pZAXK53L61defJR3m5HgXmh67hc4Ze
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
May 30, 2012, 05:34:53 AM
 #44

What this really comes down to is that for the list to be of any value, there needs to be a list of Bitcoin businesses who have an independent audit.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 1624



View Profile
May 30, 2012, 01:39:34 PM
 #45

What this really comes down to is that for the list to be of any value, there needs to be a list of Bitcoin businesses who have an independent audit.

+1

Best by someone known and trustworthy in bitcoin community as well as paid by that bitcoin business to carry out that audit.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
May 30, 2012, 02:43:23 PM
 #46

... as well as paid by that bitcoin business to carry out that audit.
Well, no. As they say, "he who pays the piper calls the tune". And look how poorly the credit rating agencies did in 2007.

Much better that the auditors are paid by the customers and depositors, than by the businesses.
ZodiacDragon84
Sr. Member
****
Offline Offline

Activity: 266


The king and the pawn go in the same box @ endgame


View Profile
May 30, 2012, 02:56:57 PM
 #47

... as well as paid by that bitcoin business to carry out that audit.
Well, no. As they say, "he who pays the piper calls the tune". And look how poorly the credit rating agencies did in 2007.

Much better that the auditors are paid by the customers and depositors, than by the businesses.

Sadly, with all the fees and interest, we are paying for it. And we were the ones that paid for it, after we paid for it. Damn credit agencies anyways

Looking for a quick easy mining solution? Check out
www.bitminter.com

See my trader rep at Bitcoinfeedback.com
!
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
May 30, 2012, 04:46:45 PM
 #48

What this really comes down to is that for the list to be of any value, there needs to be a list of Bitcoin businesses who have an independent audit.

+1

Best by someone known and trustworthy in bitcoin community as well as paid by that bitcoin business to carry out that audit.

My recommendation is with an auditing firm who does a SAS 70 / SSAE 16 audit.  This is how this problem is solved in the regular business world.  The auditors are paid by the business to carry out the audit, but are on the hook for the statements they make.  So if an auditor says "Yes they have a backup procedure and they follow it" and it turns out that there was no backup whatsoever and that the auditor just made it up to cover for his "buddy" client, that's liability for the auditor.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 30, 2012, 04:48:22 PM
 #49

Yeah it's too bad they are so expensive though. I doubt we will see much of that until there is some major profit to be made and many businesses involved.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
nimnul
Sr. Member
****
Offline Offline

Activity: 255


View Profile WWW
May 30, 2012, 07:44:39 PM
 #50

We at bitcoin-analytics.com automatically replicate sensitive data (user billing info and login history) to a backup server at a different hosting. We also have third server at yet another hosting fully operational so we can manually switch DNS records with little downtime if current bitcoin-analytics.com server goes down. We also monitor resource usage on all our servers.

Given that we are not an exchange and users only give us microscopic subscription fees, I think the backup is adequate Smiley

casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
May 30, 2012, 09:35:11 PM
 #51

Yeah it's too bad they are so expensive though. I doubt we will see much of that until there is some major profit to be made and many businesses involved.

It's not too much to ask of something as big as MtGox or Bitcoinica.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
M4v3R
Hero Member
*****
Offline Offline

Activity: 607



View Profile
June 07, 2012, 10:48:47 AM
 #52

We're not a big company or anything (as a matter of fact we are only two people) but BitMarket.eu takes every measure to protect our users' data and BTC:

- we use cold/hot wallet system
- we have hourly backups of database on-site
- we have daily backups of database off-site
- we have daily backups of wallet.dat on and off-site
- all backups are encrypted with 2048-bit RSA key before sending off-site, private key is known only to one person, protected by passphrase
- site codebase is in mercurial repository, cloned in several places on and off-site.
rapeghost
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
June 08, 2012, 04:11:15 AM
 #53

So those companies say they have a sweet backup plan..

What is it? I can tell you BitVPS is backed up to 100 servers globally. Doesn't make it true.
Kris
Donator
Hero Member
*
Offline Offline

Activity: 645


View Profile
June 08, 2012, 11:40:31 AM
 #54

Question to Phinneas: How do we determine that the owner of the said company is telling the truth? Perhaps we should specific that certain evidence is required in orer to prove one has adequate backups?

I was just about to say that. I could elaborate much on our whole infrastructure
and I happily do to people contacting me and wanting to know more,
but to what means is it necessary on a public forum? other than to allow bigger
insight for anonymous shady people wishing to do harm. Correct me if I am wrong.
And this is not me trying to hide behind security by obscurity, which is just plain stupid.

None the less this is what we have publicized and I would think it is prudent enough https://walletbit.com/about/security


ssaCEO of StrikeSapphire is the first Bitcoin related company to publically state that their site, one that deals with people's bitcoin, has an adequate backup system in place, protecting their user's funds.
July 15 2011 -> https://walletbit.com/about/security


Phinnaeus Gage, You are more than welcome to contact me directly, if you want to know more. As long as you do not disclose it publicly.


Speaking on behalf of WalletBit.
markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
June 08, 2012, 04:50:41 PM
 #55

TL;DR: My backups setup might seem pretty good compared to some, however I would like to convince myself it is adequate as I am probably less likely to imagine it so than others might be.

A lot of the posts talk about security too, not just backups, and many people may not even know what it is that I do, so I will start by describing some of what it is that I have that could benefit from backups.

I have some game sites on third party hosting, basically as tests of different game software and with so far so little money involved that if they needed to be restored from backups it is likely they'd just be shut down instead, the players compensated with in game goods/currencies from some other game such as whichever one is up next for testing. So I won't worry about their backup situation right now, they are not mission-critical and we might be better off without them as most turn out to be fundamentally flawed or, even if they work, to just be black holes to throw money at with no return. If they do pay for themselves though, then maybe I could also consider using them as yet another place to push triply-crypted backups to. Currently I have their level of hosting tier low enough though that using them to store such things would be frowned upon as they are currently a tier of hosting intended only for websites not for file-serving or file-storage.

So the servers I am concerned with right now are the cryptocoin-mission-critical servers, which are right here with me behind my steel-plated door.

Mostly of importance is the Open Transactions server. It is not accessed by means of web-browsers but, rather, by its own crypto-secured communications protocol by which remote users' clients communicate with it.

I have a second server that is not even powered up, because it is horribly noisy and does not need to be turned on most of the time, but which has a hard disk as large as the main drive in the running server so can be fired up to transfer backups onto.

I wrote scripts for doing backups, but no longer remember the exact details of what it is that they do (as in which username exactly sends on to which username type details); I am glad to have run across this thread as it motivates me to go look at those scripts to check exactly what they do and whether there is more I should now have them do in the light of development that has taken place since they were written.

Offhand I recall that they have three separate usernames involved, so that a backup once made is sent gpg-encrypted to a second user's pubkey then that second user re-crypts it to a third user's pubkey, because I did not want to risk offsite backups' security to just a single layer of 4096-bit encryption.

I would also like any ideas people can offer about how to deal with /home/*/.ssh and /home/*/.gpg directories, which I deliberately leave out when backing up home-directories partly because there is not much use having a backup of those types of keys if one needs them in order to access and/or decrypt the backups. I would prefer not to let backups of those critical (due to containing keys) directories onto third party machines at all, so I am considering using USB flash drives physically stored in safe deposit boxes or some such approach for offsite backup of that key (pun intended) data.

Having thus sanitised the normal backups from containing any .ssh or .gpg directories and triple-crypted them using keys located in the areas that they no longer themselves contain, I have been trying out various third party online data-storage sites whereby I can copy a backup to a certain directory on my hard drive that is automatically copied over to offsite storage.

Since I have not so far been dealing with significant sums of money, I have so far included among the offsite storage sites tested some that require me to run a daemon in order for this copying over to their site to happen. I create a new username for each such service, running its daemon as that user, and having it mirror only a directory located in that user's homedirectory. I have also been looking at things like GNUnet.

One of the offsite storage solutions I looked at offered to back up even stuff that does not live in that user's home-directory; I am thinking that a (closed source) daemon that is willing to go browsing over my entire filesystem, even as one specific user, is probably a bit too nosy to be considered for use once I do switch over to "real use", working with serious real money.

At least one service actually works using normal existing remote disk access systems instead of closed source (thus totally untrustable on general principles) custom daemons of their own devising. Those are kinds I am most interested in hearing about more of as it seems likely they are ultimately the only ones I should be considering using.

As to frequency of backups, that I will have to tune in accordance with usage. Right now days or weeks go by between third party tests of my Open Transactions server, so simply doing a backup after each such testing-session seems sufficient. As we move into "real use", maybe hourly will seem reasonable. Having cron run the scripts at any desired frequency is hardly rocket-science.

However, I believe the /home/*/.ot directories are also being segregated out like the .ssh and .gpg directories, so in any case the OT server and all the clients I use with it can be backed up more regularly than other less mission-critical subsystems once actually in constant use.

Input on how best to do these backups is very welcome.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!