Topic: bitfloor needs your help! - page 26. (Read 177459 times)

It was for at least an hour, but it started working right after i posted. 

False.  Good one though.

Interestingly, Mt.Gox is down also it seems.

Also, I trust MtGox because it was previously hacked, and was forced to review its security procedures. Someone new may not care until they got hurt badly. Should it come back, I would trust Bitfloor more than other new exchanges (assuming their security policies we're also publicly scrutinized), because, like MtGox, they were forced to learn from mistakes and the owner knows just now much stupid oversights can cost him.

I don't think selling ownership of the company is a good idea. Loans or bonds may be a better way to go. Running the numbers, to borrow $260k for 15 years at 5% interest will cost $2,056 per month (extra $20k to get the infrastructure and security rebuilt). If Roman can't borrow that from a bank, it may be prudent to sell long-term bonds that pay out a dividends the sum of which equal to that monthly amount. Now, in bitcoinworld, a paltry 5% a year dividend may seem like crap, especially compared to 7% a week ponzis, AND there's a huge risk that this business may not survive for very long anyway (using personal bank accounts for deposits?), but the benefits are:

1) All the money needed to cover stolen BTC are raised immediately
2) Roman still takes a hit (punishment) by working for zero profit for a few months, until revenues exceed the dividend payouts.
3) Roman still retains ownership of the company, and has incentive in keeping it going, because
4) While the volume continues to grow, and Bitcoin continues to increase in value, the fixed ~$2,000 monthly payments remain the same, and become easier and easier to pay off, and once the business is established enough, Roman can start buying the bonds back early (though he may not have the incentive to do so).

Again, it's important to keep in mind that this business itself is risky, with plenty of competition and regulatory traps, and it's dealing with a risky currency, so 15 years (even with the hope that once Bitfloor revenues improve, it may turn into 2 to 5 years) may be hard for people to swallow. Especially since this is in computer years. We were using dial-up and Windows 95 15 years ago. Who knows where Bitcoin and our tech will be 15 years from now. But, if run well, a 5% a year bond is still a damn good investment in the real world.

This is the closest I could find: http://webcache.googleusercontent.com/search?q=cache:sm6wAI8jZJYJ:https://bitfloor.com/docs/+&cd=1&hl=en&ct=clnk&gl=us

Somebody else may desire to copy and paste what's available.

~Bruno~

I like Roman and Bitfloor, but I agree with barbarousrelic.

If ever I'm putting any service public (I have a Facebook wallet), I will have my cold storage on an air gaped computer and not hold more in hot storage than I can afford to loose as I would get hacked like all the others. If that service doesn't make money to hire people to charge the hot wallet, this would mean the service might perform much worse when I'm on vacation but I would never loose money to a hacker exceeding what I can afford to loose.

(Ok, if the hacker manages to send out payments that look legit over an extended period of time without my users reporting anything, this could kill me but so far, all hacks went in one go and frankly I can't believe all these stories of being hacked.)

 

What's interesting is how all of these activities tend to drive the community toward the kinds of rules and regulations that many tend to despise.. I know the answer will be that "we can do it better" but ultimately I think it will drive down the same path because the community as a whole isn't much different, ultimately purists aren't driving the value of bitcoins, the same types that play in other financial markets are.

That's kind of what I was thinking... I'd much rather have secured funds at this point than the ability to instantly withdraw them.

the stupid feature of exchanges are instant withdrawals....why not keep everything in cold wallets and process btc withdrawls once a day...manually...

This is exactly right. Banking website have to comply with countless rules and regulations. BitCoin websites are setup by people with no practical experience of building secure sites and those people always miss things.

Tangible Cryptography doesn't have 24/7 manned monitoring or independent auditing.  Then again we never accept sales we can't promptly pay and we hold all coins in an offline wallet which greatly reduces out attack surface.

The reality is setting the bar that high is probably useless.  Bitcoin simply isn't that big.  MtGox "maybe" meets your requirement.  All the hacks to date could have been prevented and/or reduced in scope with some more realistic standards.

It's a shame. I really liked this exchange. Lets see if the owner makes things right.

Interesting.  After we saw hacks and/or incompetent management from MtGox, Bitomat, Bitconica (x2), etc, exchanges are still getting hacked.  Probably best to leave matters to the professionals with 24/7 monitoring of both hardware and software involved in the project.

Anyone else running an exchange without 24/7 surveillance and independent auditing?  Best to own up now so users can proactively flee.

You don't.  You have a process on the 'wallet server' that checks an external source and base it off of that.

In a 100% ideal security scenario you don't have ANY incoming connections.  That isn't 100% possible because bitcoind needs to get blocks so that has to be at least port 8333 open.  Also other ports were probably open as well for convenience, just firewalled to allow certain machines access.

EDIT:  Or what the other 100 people above me said (teach me to reply without reading the whole thread).

It's simply not believable that anyone involved enough with Bitcoin to make such a site, who has undoubtedly heard about all the other large-scale hacks, would simply leave an unencrypted wallet file worth a quarter mil lying around waiting to be hacked.

Right now, the owner should be desperately trying to convince us he didn't steal the money himself.

I have but a tiny percentage of the wealth of that wallet, and I am not smart enough to run such an exchange website, but I know enough to encrypt my fucking wallet .

BBC as well: http://www.bbc.com/news/technology-19486695

You can't eliminate your risk 100% and still have a functional usable interface, but you can drastically limit your risk.  If you put sanity checks into the daemon that runs on the box that does the polling, you can limit the size of any single transaction, you can limit the total amount of BTC that are transferred out over any time range, you can require authorization for certain transactions, and as I said earlier you can immediately shut down bitcoind, and the polling daemon as well as delete the wallet.dat in the event of anything that is identified as a theft attempt.  Without access to the code in this daemon, a hacker can't know what limits exist or what triggers will result in the system administrators being alerted to his efforts.  If the hacker unknowingly attempts a few really large transfers he will be stopped in his tracks.  If a hacker is more patient, he might be able to size his transactions to match the typical transaction of the service and keep the total number of transactions in line with typical traffic.  This might allow the hacker to get away with a few coins, but it will slow them way down limiting your exposure and allowing you time to identify the breach and respond.  I suspect that most users of most services would be willing to wait on human authorization and manual transfer of any large transaction if it means keeping their money safe in the first place.