Bitcoin Forum
December 03, 2016, 09:56:37 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 »  All
  Print  
Author Topic: Should a bitcoinica clone be put online ?  (Read 6660 times)
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 02:51:50 PM
 #1

With the leak of the code I'm asking myself whether it would be a good idea to setup a bitcoinica clone.

Pros :
  • Would make some good money
  • There is demand for gambling margin trading
  • Half the profits could go to the people who lost money because of Bitcoin Consultancy/Bitcoinica/[insert scapegoat here]
  • The app itself has never been broken into (even though it's quite surprising when reading the code)

Cons :
  • Needs moar reverse-engineering/fixing
  • Needs moar testing
  • ...

Thoughts ?

1480802197
Hero Member
*
Offline Offline

Posts: 1480802197

View Profile Personal Message (Offline)

Ignore
1480802197
Reply with quote  #2

1480802197
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480802197
Hero Member
*
Offline Offline

Posts: 1480802197

View Profile Personal Message (Offline)

Ignore
1480802197
Reply with quote  #2

1480802197
Report to moderator
1480802197
Hero Member
*
Offline Offline

Posts: 1480802197

View Profile Personal Message (Offline)

Ignore
1480802197
Reply with quote  #2

1480802197
Report to moderator
2112
Legendary
*
Offline Offline

Activity: 1708



View Profile
July 14, 2012, 02:55:38 PM
 #2

I would suggest that everyone runs their own clone localy.

Could you post what Mac IDE you were using in your original post as well as any other steps required to make it run on a freshly out-of-the-box Mac?

I think that way many more people would join you in reverse engineering.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 02:59:42 PM
 #3

Could you post what Mac IDE you were using in your original post as well as any other steps required to make it run on a freshly out-of-the-box Mac?
The IDE is Rubymine, it's the bomb.

If you're a Rails coder you won't have much trouble getting it running, you basically need to install the dependencies with bundler, launch a couple moving parts (bitcoin client, redis, resque, clockwork) and you're all set. Oh, and you need to create a MtGox API key and feed it to the code.

markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
July 14, 2012, 03:02:48 PM
 #4

I am concerned about security holes in the code. Web can be a scary attack-surface. I was thinking it might not therefore be a good idea even if I disconnect it from the money, using it just as a glorified calculator to tell me how much of what to move where and do the actual handling of the funds in Open Transactions.

However I am many years out of date on secure coding of CGI scripts and never did move on from securing CGIs to securing PHP. (And have never touched Ruby.) If someone who is really really up to date on how (or is that still "whether") PHP or Ruby can be secure can fix it up for security I expect to see lots of little MyBitcoinica sites spring up.

The suggestion of using it as a local app behind one's firewall ("everyone runs their own clone locally")  sounds cool but presumably loses the ability to bucketshop the players off against each other thus losing what is likely a huge part of how it makes money. Actually come to think, if you are the only player on your instance who are you to bet against?

I was afraid the thing would be too easily attacked thus maybe not worth in effect paying $350,000 for the code in the form of making whole the victims of Bitcoinica.

If the code is really good or can have its holes plugged pretty certainly then maybe Gox themselves might find it a good springboard to adding the functionality to their own suite of services.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Bigpiggy01
Hero Member
*****
Offline Offline

Activity: 616



View Profile
July 14, 2012, 03:07:27 PM
 #5

Hmmm maybe altcoinica so peeps can get the margin devil out of their system without risking too much?

BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
July 14, 2012, 03:09:19 PM
 #6

Code is not inherently insecure.  Coders practices create insecurities.

There is absolutely a need desire for a bitcoinica clone.  However based on recent events I believe the community would demand (but maybe not!):

1.  Clear declaration of ownership
2.  Proof/validation of security practices
3.  Regular third party financial audits.

That wouldn't be inexpensive however the evident profit margins of such a business would certainly warrant the expense.
2112
Legendary
*
Offline Offline

Activity: 1708



View Profile
July 14, 2012, 03:11:49 PM
 #7

If you're a Rails coder you won't have much trouble getting it running
I'm not "Rails coder" and most of the people here aren't either. But we are all curious and capable of coding or at least reading code. I would suggest that your target audience shouldn't be a "Rails coder", but any curious hacker not afraid to code.

Since you've mentioned Mt.Gox API key I have another question: how difficult is to stub out the portion that queries Mt.Gox and instead plays back a stored ticker tape in the csv or any other spreadsheet-compatible format.

Many people are interested what the secret pricing algorithm did to the bid/ask spreads on Bitcoinica. This could probably be of paramount importance if any litigation comes to fuition.

And thank you for the Rubymine reference.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 03:12:16 PM
 #8

Code is not inherently insecure.
I can assure you this one is.

markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
July 14, 2012, 03:15:31 PM
 #9

Hmmm maybe altcoinica so peeps can get the margin devil out of their system without risking too much?

Yes indeed. Being able to short any coin type against any other coin type would be very interesting and is where I will be heading with Open Transactions if I can actually figure out how shorting is woth implementing at all. I am still not clear on why anyone would loan an asset to someone else knowing the someone else is going to use it to lower its value so as to ideally be paying back less value than they borrowed...

Also I worry about how to ensure there are enough on the market to buy come payback time. It seemed to me there is a double cost in shorting if secured by a marketmaker who puts aside enough of what someone borrowed from someone to ensure there will be enough left on the market at payback time for the borrower to buy to pay back the loaned assets.

The more "alt" the asset the more need, it seemed to me at first glance at least, there is for a marketmaker like that because if there are none of the borrowed thing on the market there is no price available to determine how much value needs to be paid back in some different type of thing.

(If you short 1968 Coupe de Villes, and there are not Coupe de Villes on the market come payback time, how can anyone figure out how much dollars or gold or something you'd need to pay to make up for having defaulted on paying back the loan of Coupe de Villes?)

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
July 14, 2012, 03:17:53 PM
 #10

Code is not inherently insecure.
I can assure you this one is.

I know NOTHING about ruby... but I don't doubt your assessment.  Yahoo Voice stores passwords in plaintext so don't event begin to think that any larger entity's online security practices are any better.  The bigger the entity the more money that have to throw any security breach when it happens and for now it seems that is cheaper for them then rolling out fully secured code into production.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 03:21:10 PM
 #11

I'm not "Rails coder" and most of the people here aren't either. But we are all curious and capable of coding or at least reading code. I would suggest that your target audience shouldn't be a "Rails coder", but any curious hacker not afraid to code.
Understood, if you want to read the business logic it is in the app/models folder (each model is linked to a database table), and in the app/workers folder (this one contains all the periodic running tasks) the pricing logic probably resides in one of the workers.

Since you've mentioned Mt.Gox API key I have another question: how difficult is to stub out the portion that queries Mt.Gox and instead plays back a stored ticker tape in the csv or any other spreadsheet-compatible format.
I don't think it would be extremely difficult, Ruby is awesome for this kind of things, you can transparently replace code at runtime.
See pastebin below

Many people are interested what the secret pricing algorithm did to the bid/ask spreads on Bitcoinica. This could probably be of paramount importance if any litigation comes to fuition.
I've added a couple comments, but this is pretty much the raw TickingJob http://pastebin.com/4Ej858a8

And thank you for the Rubymine reference.
I love it, and JetBrains gave me a free open-source license for developing Bitcoin-Central.net Cheesy

jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
July 14, 2012, 03:46:20 PM
 #12

No, for reasons like this.

Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 03:53:05 PM
 #13

From my understanding there are actual trades happening when users place orders, if they have a long position actual BTCs are bought for example.
I'm not really far in understanding how it actually works, until then, calling it a bucket shop (or a legitimate trading platform for the matter) is IMO a little premature.

markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
July 14, 2012, 03:53:20 PM
 #14


Hmm so they were a bucket-shop but just not a totally self-contained one? The use of MtGox was just a way of helping keep the bucket shop from getting caught out a little longer by at least sometimes actually buying or selling actual assets?

I have been testing Open Transactions for a year or so now and am very pleased with its progress so I am very interested in figuring out a "right" way of implementing leverage and shorting. But if "doing it wrong" is what the customers want, as evidenced by their flocking to those who "do it wrong" to avoid the costs involved in "doing it right" maybe having floods of MyBitcoinica sites springing up all over the place is going to be inevitable?

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 03:55:55 PM
 #15

But if "doing it wrong" is what the customers want, as evidenced by their flocking to those who "do it wrong" to avoid the costs involved in "doing it right" maybe having floods of MyBitcoinica sites springing up all over the place is going to be inevitable?
Doesn't mean it's desirable Smiley

2112
Legendary
*
Offline Offline

Activity: 1708



View Profile
July 14, 2012, 03:58:44 PM
 #16

I've added a couple comments, but this is pretty much the raw TickingJob http://pastebin.com/4Ej858a8
Ah, OK then. I was worried that you are going to waste your skill and time on doing the security audit on the cadaver.

Zhoutong's key invention was the secret semi-random pricing algorithm. I recall that somebody reverse-engineered his original pricing algorithm and posted a Python script to reliably scrape small profits (maybe that person was "macbookair"?). Then he added some randomness and it worked like catnip on all the gamblers here.

I would let other people do the necromancy and create Frankencoinica, Litecoinica, Solidcoinica and whatever else.

Actually it will probably be Биткоиница.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 04:00:15 PM
 #17

Zhoutong's key invention was the secret semi-random pricing algorithm.
How was the pricing algo an invention ?
From what I thought I understood it was simply the mtgox price at a certain depth.

elux
Legendary
*
Offline Offline

Activity: 1454



View Profile
July 14, 2012, 04:18:51 PM
 #18

With the leak of the code I'm asking myself whether it would be a good idea to setup a bitcoinica clone.


The original code surely belongs to someone, regardless of whether it's been leaked.

Though given the leak it looks trivial to reverse engineer and write a clone from scratch.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
July 14, 2012, 04:21:14 PM
 #19

With the leak of the code I'm asking myself whether it would be a good idea to setup a bitcoinica clone.


The original code surely belongs to someone, regardless of whether it's been leaked.

Though given the leak it looks trivial to reverse engineer and write a clone from scratch.
Yep, so that's basically a non-issue Smiley

kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
July 14, 2012, 04:22:52 PM
 #20

NOO! You must use emacs!  Angry

Pages: [1] 2 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!