Topic: [BitFunder] Asset Exchange Marketplace + Rewritable Options Trading - page 63. (Read 129174 times)

Thanks - answered my questions, however a new one now arises.

FAQ says : "Selling fees range between between 1% and 0.5%(or lower with discounts) based on your account tier.
We be offering some promo permenant discounts and can lower your accounts fee rate per tier."

But the table listing permanent rates (no discounts) has all rates between 0.1% and 0.05%.  Either there's a decimal place error somewhere or the table is listing some sort of initial promotional rate rather than the actual permanent rates.

I changed the wording a bit, and added a tier/volume/max fee table. Take a look and see if that helps.


Changed the questions to:
Q: WAIT A SECOND! Do I have to pay WeExchange some hidden fees to be able to deposit or withdraw BTC??
A: No. WeExchange is a mostly free service. Currently the only fees are on some fiat deposits and withdraws.

Q: How long does it take to transfer BTC to/from BitFunder and WeExchange?
A: Instant.

Q: How many confirms does WeExchange require for direct BTC deposits?
A: WeExchange requires 6 confirms to credit BTC sent from your wallet.

Does that cover everything?


Ahh, I see your point. Currently anytime you place a bid, that amount is in reserve and can not be re-reserved for another bid.
I do see a very valid point though so I will spend some time debating how I want to approach such an option code wise.

Done. Looks much nicer now honestly.
Ask and ye shall receive.

From my experience with WeExchange over the last year, I knew to put that there. I just did not have it high on the priority list.
Now the the core system is done, it's alright to focus on the UI a bit.

I also added a balances bar to the asset page that show btc and shares for the asset that are total, reserved, and available.

If you have anything else, let me know.

-Ukyo

Thanks for the answers - the ones I haven't quoted above addressed my questions fully.

On 2. I think you missed my point.  The FAQ tells me that there ARE different fee rates (from .5% to 1%) but not what the volume requirements for those points are.  e.g. you start off at 1%, after paying X BTC fees it drops to .9% after another Y BTC to .8% etc.


On 3. You part-answered half the question (it's instant to withdraw from site to my WeExchange wallet) but not the main issues:  Do they charge me a fee for using their service and are withdrawls from them instant (I tried going to their website but there's basically no info there unless I register which involves giving a name, address etc).

On 4.  The question isn't whether everything's backed - obviously any order on the book MUST be able to be filled: if someone places an Ask at .00001 then it should fill every Bid on there without exception (assuming prices are limited to 5 dec places precision).  But allowing the same funds to cover multiple orders on DIFFERENT assets doesn't break that - it just means that if someone clears one order book then some orders on other books may go.  That can happen anyway - key is that every book is still 'honest' in that every order in it is backed all the time it's up.  The system I prefer helps pretty much everyone: daytraders (like me) can leverage their funds better, covering multiple (relatively) illiquid markets with the same cash.  Investors who want whichever of a few 'good' deals fills first can do that.  That adds more liquidity meaning lower spreads for those investing - and more confidence in liquidity for investors which leads to more sales for asset issuers.  And the increased volume gives more revenue for the site.  To be completely clear i absolutely do NOT support anyone being able to place bids exceeding available cash on a single asset - but using the same cash to bid on multiple assets (with auto-cancellation when a purchase would otherwise make a bid uncovered) is totally fine: it's no different to anyone else to if the bidder actually had more cash but was cancelling their orders on other assets when a sale on one occurred.

Done. If 2-Factor is enabled, you must enter your code to change this.

This actually was in the F.A.Q. Fourth item down.
Q: What are the fees?
A: Fees range between between 1% and 0.5% based on your account tier. When logged in, YOUR current fee tier is listed under the 'Settings' page.


Excellent point sir!
I have updated the WeExchange linking page, as well as the F.A.Q. page to point people where they need to go to transfer funds in/out and that it is instant.
I plan to re-structure the settings page as it is getting cluttered, and copying the withdraw section there as well along with instructions on how to deposit from WeExchange.
I am also looking to add an access pin code to merchant options on WeExchange. This would allow users to transfer funds from their WeExchange account directly from the BitFunder site using this pin.

Everything must be backed/reserved. We will not fluff our numbers.
I did add that to the F.A.Q. page in about 3 question forms, in case someone does not understand the wording in one of the cases.
Some people had problems understanding the meaning of each of them when I was testing the wording on guinea pigs.

Ask and ye shall receive. I am debating changing the layout of the assets table a bit. Kind of crowded. Possibly dual line listings, along with 7-Day numbers.

Thanks! I plan to keep trying to de-cluster, clean up, and arrange the site to be as efficient, and easy for new people to "guess" where things are as possible.

I have an account and just tried the trading interface, I would have to agree with the post above about showing more info.  May i suggest something JUST like btc-e site.  shows the calculation of the trade .. I should not have to use a calculator to know how much btc i need to make a trade.

Nice simple interface......  thank you ( I tend to shy away from the crazy DHTML type sites)

Just had anohter look at your site - good to see some more assets on there.  Am considering creating an account there - before I do, I have a few quick questions (I've read the FAQ - apologies if any were answered there).

1.  Is it possible to change the BTC address associated with an account or are you tied to the one you enter on account creation?  I haven't actually fired up a BTC client for ages (use just exchange accounts) but would obviously need to so so if the account I enter on creation is not changable thereafter.

2.  I see there's a floating scale for trading fees.  Where can I find a list of the rates and volumes needed to qualify for them?

3.  I see references to Weexchange.  As best I can make out, I'd need to create an account there then deposits/withdrawals to/from my account on your exchange would be done through them.  Two questions arise from this (if my understanding is correct - if not, then I'm totally at a loss as to what they do):
a) Is there any fee charged for using them as an intermediary (fee to me that is - don't care whether or not you pay a fee on top)?
b) Do you know if deposits/withdrawals to/from them are instant or have to go through some approval process?  i.e. if I withdraw from your site can I be confident to get the BTC to wherever I want 6 blocks later (I'm assuming the withdrawal from site to my wallet on Weexchange would be immediate)?

4.  Can't tell from looking at orders - but is it possible to apply the same funds to orders on different securities (as on BTC.CO) or does every order have to be backed by seperate BTC (as on GLBSE and CRYPTO)?

5.  Is there a reason for listing volume per asset in number of shares not in BTC?  BTC gives a much clearer picture of activity level (10 shares at 0.1 BTC is, to me, same economic activity as 1 share at 1 BTC - not 10 times as much)?

Good to see a nice clean/clear interface like BTC.CO rather than the abortion that Crypto is (can't find ANY way there to see my orders on an asset at the same time as the market orders for it).

Ahh, you got me on that one. The system had already notified me of an error in the system and I had just corrected it.
You should not be able to place any more. (If I am wrong let me know.) Sandbox shows to be working right now.

I checked, so far only you and one other have done this.
You can cancel a bid or two or I can do it for you.
You were still limited to your balance, it just was ignoring the reserve.

I expect there will probably be one or two more minor things that come up.
Please let me know if you find any more. Bitfunder _is_ responsible for it's own screw-ups.

Thanks!

It looks like one can place more bids for an asset than they currently have in their account? Is this expected? To me it seems the platform should not allow people to place more bids than they have bitcoins?

Yeah, if you take the $150/mo option, you can upload any certificate.

Last time I checked there custom cert options required a cert with private key on there servers, if they changed that good for them. If your sure the encryption is 100% end-to-end it should be fine, I still dislike and avoid supporting them sins they offer insecure services as well.

Ahh, that is why I generally do not like forums.

A lot of people bickering back and fourth in the public to get everyone's attention and try to win them over to their own side.
It's like having an argument out in the middle of the street over who is right.
https://www.youtube.com/watch?v=LaQXOrbqAbM
Wonder if there is another term for things like this other than Zax?


I am too as previously posted.


Side comments that do not contribute to the discussion with comparisons to your preferences with an ambiguous statement that is highly suggestive
that the sites customer data is somehow at risk without any details of how or why is really just an attack, intended or not.

In other threads you have now repeatedly publicly questioned my "age" within the community and made yourself sound to have been around longer as if it was a plus somehow, which in fact was never the case, and upon confrontation  you drop the subject like a rock. I think this has happened a few other times already.

Reminded me of btcash who did a similar thing https://bitcointalksearch.org/topic/m.1399421
He made some bad (in my opinion) comparisons, and has yet to post weather he is even a shareholder of that asset or not or if I misunderstood his comments
and what could be done to better the situation as I asked him.
(When he confirms it I will edit this post and post an apology to him. I just found it odd how he was on for hours later, and on today, and have not responded.)

I still want to believe you have no ill-intent towards myself, or BitFunder, as I have none towards BTCT, LTC-Global and I am even a stockholder that would
like to see everyone succeed.

If you are truly not meaning any harm, then I would ask that you attempt to refrain yourself from posting in regards to BitFunder or myself, unless you have something positive to say (and not sarcastic, or suggestive), and you have my word I will not only do the same, but that I WILL post plenty of positive things about BTC-Global, and BTCT as they are truthful.

Let this be the last of it.

Thank you for your understand.

I prefer to keep things public.

Didn't mean to light a fire, so to speak.  It was a side comment on someone else's observation.

I'm open to discussion related to security of any of my projects in their respective threads.

And don't worry so much about what the romanians think.  They make fun of everyone.  

I am considering just posting a direct SSL cert for BitFunder on cloudflares system. This way they will not have the private key, and there is no question that
the data encrypted end to end.

What are your thoughts on this?

Also, while I do have multiple gige's at each of my locations, without using any CDN solution, and just exposing my own proxy servers still opens the door
to a DDoS even maxing out the GigE's. While I do have a BGP Blackhole system setup that analyzes network traffic for attacks, it still takes a few moments to
process the data, send a blackhole route to each of the upstreams routers and let them block it from getting to my network. I like using cloudflare for
things like this since it protects the network overall. Cloudflare's servers take the brunt of the hit, esp. if it is a common synflood, etc, and makes it easier.
I was worried that someone would use legitimate data to DDoS the systems and pass through CF, so I made sure that my routers would not block cloudflare,
and would instead look at cloudflares provided origination IP and use their API to take appropriate measures.

Thanks!

It is a good thing we are not passing any sensitive data such as SSN's, credit card numbers, addresses across it to BitFunder then.
If you are worried about passwords being sniffed or man in the middle attacked by CloudFlare itself, or any other network hop in between, then
you should be just as worried about who runs the network in Panama where your server is. I think a local ISP (Like the Linode incidents) that
probably has no auditing or accounting of tech actions is FAR more likely to review a customers website, sniff their data, learn what they do,
and possibly attempt steal any valuable information or in this case, bitcoins than a company as large as CloudFlare who does not even have
access to the server's and that could care less about small time websites that never even show up on their radar.

I would not trust any bitcoin related services to be housed where I did not maintain the servers. Then again, with the linode and other incidents,
I don't think people bother to consider things regularly and ask every site about server security. Probably much the same as they are probably
not worried about CloudFlare securely transmitting their data, and acting as a shield to help prevent all sorts of extra vulnerability attacks such
as being a proxy. It appears you run Apache on your servers, which like most all web daemons has been know for .. at least a few.. major vulnerabilities.
Having a proxy server helps protect the actual servers from most vulnerabilities. If you are not going to use cloudflare, you should at least setup a
reverse proxy of your own in front of the server to protect it.

GLBSE did switch to CloudFlare (and also ran proxies of his own), just as MTGox did for a while. Gox needed a better and more advanced
system than CloudFlare of the time, and switched to Prolexic (I believe). I hope no one at prolexic get's any crazy ideas. Although, I feel
as confident as one can given the situation that Gox's system also has protections in place for this type of situation. I think Mark has
made so to do everything necessary to protect users data and accounts.

Thankfully for us, we do not have any coin wallets tied to the website. So in the slim remote chance that a cloudflare employee decides
to go rouge and risk their job/freedom (not that this has stopped people before) to get a users password to login, there is nothing for
them to gain out of doing so. That is one of the best things about BF. I am setting the site up currently so that 2-fa users could even give
out their user and passwords should they so desire, and people would not be able to do anything with their accounts. (Using means above and
beyond just 2-fa)

I would be more afraid to pass, and put sensitive user data on a $45.99/mo server in another country where I do not know who might mirror hard
drive data at any time, have physical console access to the server/console, and who knows what else.

I would ask as I stated before in the BTCT thread where you also began to cross-post this stuff in, that these types of conversations be be
continued on IRC. I would be happy to continue answering your concerns on how BitFunder is different from BTCT in many ways on IRC as it
really does look like childish public mudslinging to quite a few people as I pointed out there already.    http://polimedia.us/dtng/c/res/17830.html

I have no intentions to continue these 'back and fourths' in some vain attempt to try to convince, each other? the public? who's ideas are better and why.
I think the whole thing has made us look like fools. Not that it is anything new for me.

As I said in the other thread, and now again, I will be happy to talk to you on IRC about these things and perhaps we can really learn from and help each other.
I have taken quite a few notes from BTCT that I think are great ideas that I plan to implement on BF as well.

Cheers.

For images, sure.  Not so much for actually passing their client's data through.

GLBSE used cloudflare I think.  So I guess if people didn't mind then, they won't mind now.  I won't be using it in my projects though.  I'd rather go offline to a DDoS than risk customer data to a 3rd party.  

Cheers.

What ? Did I just hear lemmings run by ? (sorry could not resist that line)

CDN is not the problem, most banks I know have there own 'Secure' CDN implementation. However CloudFlare and others are not secure, they ether replace your ssl certificate or require your private ssl key to work. (aka they can read and alter content)

As to heavy attacks a good firewall around CDN exit nodes does wonders (personally I pay for support in that department), next step would be to dynamically bind your firewall, dos detection with your name servers to create black holes for unwanted traffic and/or relay legit users to open nodes. (or use cisco to solve that if your in to them)


I’ll leave it at that, all I really meant to say was "Sad to see a other bitcoin related website go for the easy way out and good job, looks like a solid start."

Edit:
------
Having a big mouth without offering a solution is easy so let me just link.

Firewall, Intrusion detection, DDoS: http://www.infoworld.com/node/76855?source=fssr
CDN Setup: The guide works fine but it's just a guide so ... I worked with unixy once, good guy's but expensive. http://blog.unixy.net/2010/07/how-to-build-your-own-cdn-using-bind-geoip-nginx-and-varnish/

I noticed this wasn't mentioned in the thread yet. DMC is moving to BitFunder.

Ahh, you can apply that to most any major website you visit these days. Almost all use a CDN service of some brand or another. Banks do it, facebook, etc.