Bitcoin Forum
December 11, 2017, 12:00:41 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: maybe its time to stop building bitcoin web apps  (Read 3817 times)
paulie_w
Sr. Member
****
Offline Offline

Activity: 420


View Profile
July 31, 2012, 04:42:56 AM
 #1

...and start thinking about building bitcoin apps in a more distributed way, without central points of failure?
1512993641
Hero Member
*
Offline Offline

Posts: 1512993641

View Profile Personal Message (Offline)

Ignore
1512993641
Reply with quote  #2

1512993641
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 31, 2012, 04:47:08 AM
 #2

or you just build bitcoin web app that are more open and mirrored

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476


Tangible Cryptography LLC


View Profile WWW
July 31, 2012, 04:53:50 AM
 #3

Or stop holding massive amounts of client funds in a hot wallet.

We buy and sell coins.  
No hot wallet (no wallet at all on the server)
Manual verification of orders.
No user accounts (orders can't be changed once submitted so there is no value in trying to impersonate a user).
2 Factor encryption on all our trading & funding accounts.
Encrypted Enterprise grade database with off site backups.

Nothing is "hackproof" but we certainly present a lot smaller attack surface; a much less attractive target for hackers.  

What does every major (say 10,000+ BTC) hack have in common?  A massive shared online hotwallet holding user funds.  Maybe we start there.
mobile4ever
Hero Member
*****
Offline Offline

Activity: 518


View Profile
July 31, 2012, 04:58:36 AM
 #4

Or stop holding massive amounts of client funds in a hot wallet.


There you go. If there is nothing there to steal, there is no temptation to do so.
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
July 31, 2012, 06:54:36 AM
 #5

Tis will be great when an exchange incorporates multisig transactions... Nobody can steal at that point
c_k
Donator
Full Member
*
Offline Offline

Activity: 230



View Profile
July 31, 2012, 07:37:47 AM
 #6

Or learn to code securely.

shockD
Member
**
Offline Offline

Activity: 93


View Profile
July 31, 2012, 07:42:04 AM
 #7

Or learn to code securely.

Nah, keep putting funds you can't afford to lose in a site coded in 4 days by a 17 year old. Totally solid business proposition.
kangasbros
Hero Member
*****
Offline Offline

Activity: 812



View Profile
July 31, 2012, 07:47:25 AM
 #8

The most important thing bitcoin enables is easy-to-automate money transfers. This means that there can be web apps which were not possible with traditional money. Also it enables new business models. It is very difficult to implement any kind of business model in a distributed way.

Of course, this is very darwinian environment. Hopefully both users and developers will understand this. Users should not store large amount of funds in any service, and developers should be ultra cautious about developing these web apps.

shockD
Member
**
Offline Offline

Activity: 93


View Profile
July 31, 2012, 07:51:05 AM
 #9

Here's an idea:

If you don't have an actual security background with financial applications, don't code a fucking exchange.

I know that's a bit mindblowing, but think about it mr "learn ruby/python/php/node/perl (hey a guy can dream that kids are still into perl) in 24 hrs. book" guy.

Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
July 31, 2012, 07:54:20 AM
 #10

Here's an idea:

If you don't have an actual security background with financial applications, don't code a fucking exchange.

I know that's a bit mindblowing, but think about it mr "learn ruby/python/php/node/perl (hey a guy can dream that kids are still into perl) in 24 hrs. book" guy.


But how will any one get a integrity in financial security if they don't make financial applications?
shockD
Member
**
Offline Offline

Activity: 93


View Profile
July 31, 2012, 07:56:35 AM
 #11

Here's an idea:

If you don't have an actual security background with financial applications, don't code a fucking exchange.

I know that's a bit mindblowing, but think about it mr "learn ruby/python/php/node/perl (hey a guy can dream that kids are still into perl) in 24 hrs. book" guy.


But how will any one get a integrity in financial security if they don't make financial applications?

shockD
Member
**
Offline Offline

Activity: 93


View Profile
July 31, 2012, 07:59:26 AM
 #12

Stop the retardation, people, seriously.

You're coding a fucking financial application with no background in security? Prepare to have the shit hacked out of you. It's that simple.
NRF
Sr. Member
****
Offline Offline

Activity: 301



View Profile
July 31, 2012, 08:00:39 AM
 #13

But how will any one get a integrity in financial security if they don't make financial applications?

They could do it the way I did it, go to university, get a degree and then work in the industry for 20 years while keeping up to date, gaining certification's attending conferences, going on vendor & paid seminars.

There is no short cuts to becoming competent unfortunately.


      ▀███   ███   ████    ▄██████▄
       ████ █████ █████▄  ███▀  ▀███
        ███▄██▀██▄██████  ██████████
        ▀█████ █████▀████ ███▄  ▄▄▄
         ▀███   ███▀  ███▄ ▀██████▀▀
                      ▀███
███▄████▄     ▄█████▄  ████   ███   ███▀ ▄██████▄  ███▄██
████▀▀▀███▄ ▄███▀▀▀███▄ ███  █████  ███ ███▀  ▀███ █████▀
███     ███ ███     ███ ▀███ █████ ███  ██████████ ███
███▄   ▄███ ███▄   ▄███  ▀█████▀█████▀  ███▄  ▄▄▄  ███
█████████▀   ▀███████▀    ████▀ ▀████   ▀████████▀ ███
███ ▀▀▀▀       ▀▀▀▀▀       ▀▀▀   ▀▀▀      ▀▀▀▀▀▀   ▀▀▀
███
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
shockD
Member
**
Offline Offline

Activity: 93


View Profile
July 31, 2012, 08:02:55 AM
 #14

But how will any one get a integrity in financial security if they don't make financial applications?

They could do it the way I did it, go to university, get a degree and then work in the industry for 20 years while keeping up to date, gaining certification's attending conferences, going on vendor & paid seminars.

There is no short cuts to becoming competent unfortunately.



This man speaks the truth. To anyone who can sort of hack up some scripts and figure out the bitcoind api and decides to create an exchange, I have merely this to say:

Fuck you.

Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
July 31, 2012, 08:12:29 AM
 #15

Stop the retardation, people, seriously.

You're coding a fucking financial application with no background in security? Prepare to have the shit hacked out of you. It's that simple.
I thought this guy(gal?) makes the most sense.

i have met some good friends that are better educated on hacking then those that go to universities(nothing against the integrity of universities per se). I think its mostly due to there is the "unknowing" of certain problems and angles to hack at, so they learn about a systems vulnerabilities at all angles instead of a teacher or book lecturing a long list of ways (that tend to not burn into the memory) with the home-grown security skills you get the constant hands on learning and desensitisation of failure and patience on your belt. Of course just my view point and experience.
kangasbros
Hero Member
*****
Offline Offline

Activity: 812



View Profile
July 31, 2012, 08:16:23 AM
 #16

I say it is more of users fault than developers. For example, btc-e looked always very shady and unprofessional to me, compared to other exchanges. Bitcoinica was advertised as developed by 17-year-old.

I think it is great, that any kid can code a bitcoin application if he/she wants - no barriers to entry to the market. It is users responsibility to decide if they want to trust there services.

shockD
Member
**
Offline Offline

Activity: 93


View Profile
July 31, 2012, 08:17:05 AM
 #17

Stop the retardation, people, seriously.

You're coding a fucking financial application with no background in security? Prepare to have the shit hacked out of you. It's that simple.
I thought this guy(gal?) makes the most sense.

i have met some good friends that are better educated on hacking then those that go to universities(nothing against the integrity of universities per se). I think its mostly due to there is the "unknowing" of certain problems and angles to hack at, so they learn about a systems vulnerabilities at all angles instead of a teacher or book lecturing a long list of ways (that tend to not burn into the memory) with the home-grown security skills you get the constant hands on learning and desensitisation of failure and patience on your belt. Of course just my view point and experience.

I believe NRF stated it the most politely and professionally tbh, if you're going to reference anyone reference that poster. I'm on a bit of a tirade this evening Wink
shockD
Member
**
Offline Offline

Activity: 93


View Profile
July 31, 2012, 08:20:49 AM
 #18

I say it is more of users fault than developers. For example, btc-e looked always very shady and unprofessional to me, compared to other exchanges. Bitcoinica was advertised as developed by 17-year-old.

I think it is great, that any kid can code a bitcoin application if he/she wants - no barriers to entry to the market. It is users responsibility to decide if they want to trust there services.


Hm.. great? Sort of I guess, I do get your point. Your most poignant point, however, is that it is 100% users' fault that they get taken by shitty exchanges. I just wish people were a little more aggressive about calling a spade a spade with regard to shit exchanges. Really people are very upfront here about that but nobody listens. I guess my point is, I wish idiots didn't code exchanges but you're absolutely correct that it's the users' fault for falling for seedy, shitty, obviously crappy exchanges. Nobody can stop a savvy 10 year old kid from coding an exchange and advertising it and having suckers fall for it.

 
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
July 31, 2012, 08:20:59 AM
 #19

Stop the retardation, people, seriously.

You're coding a fucking financial application with no background in security? Prepare to have the shit hacked out of you. It's that simple.
I thought this guy(gal?) makes the most sense.

i have met some good friends that are better educated on hacking then those that go to universities(nothing against the integrity of universities per se). I think its mostly due to there is the "unknowing" of certain problems and angles to hack at, so they learn about a systems vulnerabilities at all angles instead of a teacher or book lecturing a long list of ways (that tend to not burn into the memory) with the home-grown security skills you get the constant hands on learning and desensitisation of failure and patience on your belt. Of course just my view point and experience.

I believe NRF stated it the most politely and professionally tbh, if you're going to reference anyone reference that poster. I'm on a bit of a tirade this evening Wink

In that case I shall take your opinions lightly --Just for this evening

NRF
Sr. Member
****
Offline Offline

Activity: 301



View Profile
July 31, 2012, 08:25:27 AM
 #20

better educated on hacking then those that go to universities(nothing against the integrity of universities per se)

I would agree with you to a certain extent, many a time I have attempted to bash my brains out on the sharp pointy bit offered by the corner of my desk when a new graduate "invents" some new and novel way to propel feces at astonishing speed into the revolving metal blades.

But on the other hand I have also had some talented novices do their level best to put the whole mess into orbit.

I suppose what I was trying to get at is there is nothing like years of experience and training when trying to keep the shit in the bowl.

      ▀███   ███   ████    ▄██████▄
       ████ █████ █████▄  ███▀  ▀███
        ███▄██▀██▄██████  ██████████
        ▀█████ █████▀████ ███▄  ▄▄▄
         ▀███   ███▀  ███▄ ▀██████▀▀
                      ▀███
███▄████▄     ▄█████▄  ████   ███   ███▀ ▄██████▄  ███▄██
████▀▀▀███▄ ▄███▀▀▀███▄ ███  █████  ███ ███▀  ▀███ █████▀
███     ███ ███     ███ ▀███ █████ ███  ██████████ ███
███▄   ▄███ ███▄   ▄███  ▀█████▀█████▀  ███▄  ▄▄▄  ███
█████████▀   ▀███████▀    ████▀ ▀████   ▀████████▀ ███
███ ▀▀▀▀       ▀▀▀▀▀       ▀▀▀   ▀▀▀      ▀▀▀▀▀▀   ▀▀▀
███
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!