davout (OP)
Legendary
 Offline
Activity: 1372
Merit: 1007
1davout
|
 |
July 13, 2012, 02:24:40 PM |
|
|
|
|
|
|
|
|
|
|
No Gods or Kings. Only Bitcoin
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
 |
July 13, 2012, 03:02:01 PM |
|
Can you copy their ToS and post it here?
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
July 13, 2012, 03:03:27 PM |
|
Can you copy their ToS and post it here?
Will you post a link to the source code? |
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
July 13, 2012, 03:39:54 PM |
|
Can you copy their ToS and post it here?
Will you post a link to the source code? Did you miss the link here? It's in the first post. |
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
davout (OP)
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
July 13, 2012, 03:49:50 PM |
|
Can you copy their ToS and post it here?
Here you go : http://pastebin.com/AMrABK66The good thing is that what genjix posted contains a full git repository, meaning we see can all the different ToS versions. |
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
July 13, 2012, 04:00:18 PM |
|
Can you copy their ToS and post it here?
Here you go : http://pastebin.com/AMrABK66The good thing is that what genjix posted contains a full git repository, meaning we see can all the different ToS versions. Awesome thanks! I wonder what insights we will gain from seeing under the hood just how exactly did Bitcoinca operate, it might turn out that the attack was actually a good thing and it stopped a bucket shop scam where people were unfairly losing loads of money vs the house. Of course there's no question the loss for everyone who had their funds there is very unfortunate and regrettable and wrong. |
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
ashleyconnor
Newbie
Offline
Activity: 38
Merit: 0
|
|
July 13, 2012, 04:38:19 PM |
|
Just had a quick look.
Not one test in the whole codebase.
|
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
July 13, 2012, 04:59:00 PM |
|
Just had a quick look.
Not one test in the whole codebase.
"I am a god-level programmer and every line that I write turns to gold and bows down at my feet. Unit tests? What an insult!"  |
|
|
|
|
paulie_w
|
|
July 13, 2012, 06:49:43 PM |
|
Just had a quick look.
Not one test in the whole codebase.
aren't unit tests a default part of rails these days? or is that some other kind of test? |
|
|
|
|
davout (OP)
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
July 13, 2012, 07:05:17 PM |
|
Just had a quick look.
Not one test in the whole codebase.
You can't judge an app on that, tests mean you're protecting yourself against regressions. The app was written in 4 days, I think it is an impressive piece of work despite a couple major security flaws I identified by simply having a quick look. aren't unit tests a default part of rails these days?
or is that some other kind of test?
Rails gives you the infrastructure to easily write them since day one. But they don't just write themselves  The real facepalm flaw is the fact that production passwords are stored in the code itself. This is plain wrong. You're effectively giving the github (or whatever source control system you use) access to all funds at all times. And it's fucking trivial to get right, just make a deploy hook to copy the production configuration files from the production server, to the production server. |
|
|
|
|
paulie_w
|
|
July 13, 2012, 07:17:32 PM |
|
Rails gives you the infrastructure to easily write them since day one. But they don't just write themselves The real facepalm flaw is the fact that production passwords are stored in the code itself. This is plain wrong. You're effectively giving the github (or whatever source control system you use) access to all funds at all times. And it's fucking trivial to get right, just make a deploy hook to copy the production configuration files from the production server, to the production server. so, this is good material for the wiki that should be written. even if it is "fucking trivial to get right" (ie, fucking obvious). |
|
|
|
|
davout (OP)
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
July 13, 2012, 07:51:34 PM |
|
so, this is good material for the wiki that should be written. even if it is "fucking trivial to get right" (ie, fucking obvious).
It would be pointless to write this in the wiki, all the Rails security basics are widely available online. If you want your app to be secure it's not the lack of information that's in the way. |
|
|
|
davout (OP)
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
July 13, 2012, 07:52:16 PM |
|
Additionally the app itself has never been hacked (which is a little surprising  ) |
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
July 13, 2012, 08:10:53 PM |
|
Could you in layman's terms explain what the app actually does in terms of positions and matching and liquidating, ect...
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
davout (OP)
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
July 13, 2012, 08:14:25 PM |
|
Could you in layman's terms explain what the app actually does in terms of positions and matching and liquidating, ect...
I haven't gotten there yet. Took a bit of time to get every moving part in place to have it actually running. |
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
July 13, 2012, 08:28:16 PM |
|
Cool, I can't wait to hear how it really worked.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
|
paulie_w
|
|
July 13, 2012, 08:43:59 PM |
|
Could you in layman's terms explain what the app actually does in terms of positions and matching and liquidating, ect...
I haven't gotten there yet. Took a bit of time to get every moving part in place to have it actually running. can you talk a bit about that? i assume there's no easy install of all dependencies listed neatly in a Gemfile? i would like to know how the app interfaces with the local bitcoin client or client(s). |
|
|
|
|
davout (OP)
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
July 13, 2012, 09:05:02 PM |
|
i assume there's no easy install of all dependencies listed neatly in a Gemfile?
Your assumption is incorrect i would like to know how the app interfaces with the local bitcoin client or client(s).
It uses the bitcoiner gem which is my code (extracted from bitcoin-central) packaged by someone I don't know as a ruby gem |
|
|
|
ashleyconnor
Newbie
Offline
Activity: 38
Merit: 0
|
|
July 13, 2012, 10:25:53 PM |
|
Could you in layman's terms explain what the app actually does in terms of positions and matching and liquidating, ect...
I haven't gotten there yet. Took a bit of time to get every moving part in place to have it actually running. I installed redis but I was getting nilClass errors. I'll give it more time later. |
|
|
|
|
|
