Author

Topic: BRB, reverse-engineering Bitcoinica (Read 2009 times)

newbie
Activity: 38
Merit: 0
July 13, 2012, 05:25:53 PM
#19
Could you in layman's terms explain what the app actually does in terms of positions and matching and liquidating, ect...
I haven't gotten there yet.
Took a bit of time to get every moving part in place to have it actually running.

I installed redis but I was getting nilClass errors.

I'll give it more time later.
legendary
Activity: 1372
Merit: 1008
1davout
July 13, 2012, 04:05:02 PM
#18
i assume there's no easy install of all dependencies listed neatly in a Gemfile?
Your assumption is incorrect Smiley

i would like to know how the app interfaces with the local bitcoin client or client(s).
It uses the bitcoiner gem which is my code (extracted from bitcoin-central) packaged by someone I don't know as a ruby gem
sr. member
Activity: 420
Merit: 250
July 13, 2012, 03:43:59 PM
#17
Could you in layman's terms explain what the app actually does in terms of positions and matching and liquidating, ect...
I haven't gotten there yet.
Took a bit of time to get every moving part in place to have it actually running.

can you talk a bit about that?

i assume there's no easy install of all dependencies listed neatly in a Gemfile?

i would like to know how the app interfaces with the local bitcoin client or client(s).
legendary
Activity: 1078
Merit: 1003
July 13, 2012, 03:28:16 PM
#16
Cool, I can't wait to hear how it really worked.
legendary
Activity: 1372
Merit: 1008
1davout
July 13, 2012, 03:14:25 PM
#15
Could you in layman's terms explain what the app actually does in terms of positions and matching and liquidating, ect...
I haven't gotten there yet.
Took a bit of time to get every moving part in place to have it actually running.
legendary
Activity: 1078
Merit: 1003
July 13, 2012, 03:10:53 PM
#14
Could you in layman's terms explain what the app actually does in terms of positions and matching and liquidating, ect...
legendary
Activity: 1372
Merit: 1008
1davout
July 13, 2012, 02:52:16 PM
#13
Additionally the app itself has never been hacked (which is a little surprising Cheesy)
legendary
Activity: 1372
Merit: 1008
1davout
July 13, 2012, 02:51:34 PM
#12
so, this is good material for the wiki that should be written. even if it is "fucking trivial to get right" (ie, fucking obvious).
It would be pointless to write this in the wiki, all the Rails security basics are widely available online.
If you want your app to be secure it's not the lack of information that's in the way.
sr. member
Activity: 420
Merit: 250
July 13, 2012, 02:17:32 PM
#11
Quote
Rails gives you the infrastructure to easily write them since day one. But they don't just write themselves Smiley

The real facepalm flaw is the fact that production passwords are stored in the code itself. This is plain wrong.
You're effectively giving the github (or whatever source control system you use) access to all funds at all times.
And it's fucking trivial to get right, just make a deploy hook to copy the production configuration files from the production server, to the production server.

so, this is good material for the wiki that should be written. even if it is "fucking trivial to get right" (ie, fucking obvious).
legendary
Activity: 1372
Merit: 1008
1davout
July 13, 2012, 02:05:17 PM
#10
Just had a quick look.
Not one test in the whole codebase.
You can't judge an app on that, tests mean you're protecting yourself against regressions.
The app was written in 4 days, I think it is an impressive piece of work despite a couple major security flaws I identified by simply having a quick look.

aren't unit tests a default part of rails these days?
or is that some other kind of test?
Rails gives you the infrastructure to easily write them since day one. But they don't just write themselves Smiley

The real facepalm flaw is the fact that production passwords are stored in the code itself. This is plain wrong.
You're effectively giving the github (or whatever source control system you use) access to all funds at all times.
And it's fucking trivial to get right, just make a deploy hook to copy the production configuration files from the production server, to the production server.
sr. member
Activity: 420
Merit: 250
July 13, 2012, 01:49:43 PM
#9
Just had a quick look.

Not one test in the whole codebase.

aren't unit tests a default part of rails these days?

or is that some other kind of test?
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
July 13, 2012, 11:59:00 AM
#8
Just had a quick look.

Not one test in the whole codebase.
"I am a god-level programmer and every line that I write turns to gold and bows down at my feet. Unit tests? What an insult!"  Undecided
newbie
Activity: 38
Merit: 0
July 13, 2012, 11:38:19 AM
#7
Just had a quick look.

Not one test in the whole codebase.
legendary
Activity: 1078
Merit: 1003
July 13, 2012, 11:00:18 AM
#6
Can you copy their ToS and post it here?
Here you go : http://pastebin.com/AMrABK66

The good thing is that what genjix posted contains a full git repository, meaning we see can all the different ToS versions.

Awesome thanks!

I wonder what insights we will gain from seeing under the hood just how exactly did Bitcoinca operate, it might turn out that the attack was actually a good thing and it stopped a bucket shop scam where people were unfairly losing loads of money vs the house. Of course there's no question the loss for everyone who had their funds there is very unfortunate and regrettable and wrong.
legendary
Activity: 1372
Merit: 1008
1davout
July 13, 2012, 10:49:50 AM
#5
Can you copy their ToS and post it here?
Here you go : http://pastebin.com/AMrABK66

The good thing is that what genjix posted contains a full git repository, meaning we see can all the different ToS versions.
legendary
Activity: 1078
Merit: 1003
July 13, 2012, 10:39:54 AM
#4
Can you copy their ToS and post it here?

Will you post a link to the source code?

Did you miss the link here? It's in the first post.
legendary
Activity: 2198
Merit: 1311
July 13, 2012, 10:03:27 AM
#3
Can you copy their ToS and post it here?

Will you post a link to the source code?
legendary
Activity: 1078
Merit: 1003
July 13, 2012, 10:02:01 AM
#2
Can you copy their ToS and post it here?
legendary
Activity: 1372
Merit: 1008
1davout
July 13, 2012, 09:24:40 AM
#1
Jump to: