Stumbled over this interesting and somewhat ominous exchange from last year.
http://news.ycombinator.com/item?id=2973313An interesting read in light of recent events. Some excerpts:
Hi HN,
I'm the creator of Bitcoinica. I'm not so established here. To be honest, I'm only 17.
Please try it out. (I can pay $1 for you if you're not willing/able to deposit, email me at
[email protected]. :-D ) You can leave any suggestions, comments, bug reports and feature requests here. I'll look through every single comment. Thanks!
Without meaning to put a damper on your technical work, you should keep in mind a few things:
-- systems that work with money are attacked hard and often, by intelligent skilled people
-- in fact some of the people who attack your system are likely to be both more skilled and more intelligent than you are
-- systems that work with money that fail, fail spectacularly ("What do you mean someone withdrew $8 million last night?")
-- banking websites, Paypal, etc. are all like icebergs - you don't see 9/10ths of the things they've done to prevent spectacular failure
-- spectacular failure is your destiny if you don't work very hard to prevent it
-- spectacular failure may be your destiny even if you do work very hard to prevent it
You should plan accordingly.
Doing your best probably isn't enough. To have any hope you'll have to hire expensive security people and buy lots of insurance.
All you need in order to be exploited is to be using software with 0day exploits. Many known exploits are not public. In a very real sense, you are only protected to the extent that you are a small target.
As the potential payoff of a hacker approaches $1 million, the likelihood of being hacked approaches 90%. Software really is THAT insecure and bitcoin thefts are not prosecuted making it basically risk-free to steal bitcoins.
To be honest, your age isn't a problem, because the average above-average developer is still not competent to write this sort of software. If you had been doing security and financial software since birth, I might consider putting a bit of trust in the kitty to start.
I'm going to pitch a different take than a few others: Yes, great initiative, please keep trying things and building things, but end this project now. There are no probable outcomes where you do not end up having to explain where thousands of dollars of other people's money went to some angry people. There's also very nontrivial odds of being on the wrong end of armed Federal agents, based on some of the other comments you've made here. This is a horrible, horrible first-project sort of project.
Let me put it this way: Would you be willing to convert the BitCoins in your system into cash, put it in your front window, and post daily pictures of the pile of cash to your Facebook account, set to public visibility? Because that's roughly what you're doing.
Ah well, hindsight is 20/20.