Sorry to be obtuse... but with Buy/Sell orders on Gox, what value does a trading bot do for you???
How can you tell gox to sell/buy 20coins at market price, only if the price drops/rise under/above a threshold?
Topic: Building a trading bot for the "trust no-one" guys . (Read 3222 times)
How can you tell gox to sell/buy 20coins at market price, only if the price drops/rise under/above a threshold?
Firewalls won't help! You could do some clever thing such as modify the cache of a browser to make it pass your API keys to your site when next opened. Inject into another process. Etc etc. There's tons of possibilities.
Source code or GTFO. Seriously, I'm not trusting anything I don't build from source, especially when it involves thousands of dollars.
yeah Source code or GTFO. Seriously, I'm not trusting anything I don't build from source, especially when it involves thousands of dollars.
Sorry to be obtuse... but with Buy/Sell orders on Gox, what value does a trading bot do for you???
The question isn't really about a trading bot. The author is trying to figure out how to get closed source software trusted enough to be used.
A bot that does nothing but trade on mtgox could be trivially reverse engineered to find out whatever super secret algorithm is used.
Sorry to be obtuse... but with Buy/Sell orders on Gox, what value does a trading bot do for you???
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public?
Hi nitrous 
Yes it is necessary that the bot remain closed source. The business model will be embedded in the source code and I can't allow people to just comment out those lines.
People on betalist will have to sign an NDA and will face consequences if distributing the source without authorisation.
Thank you again for your suggestions!
That's extraordinarily poor design
Hi joshki, I'd love to hear from you better designed solutions.
Why? I have no desire to enable you, or teach you basic software design.
Firewalls won't help! You could do some clever thing such as modify the cache of a browser to make it pass your API keys to your site when next opened. Inject into another process. Etc etc. There's tons of possibilities.
Source code or GTFO. Seriously, I'm not trusting anything I don't build from source, especially when it involves thousands of dollars.
Source code or GTFO. Seriously, I'm not trusting anything I don't build from source, especially when it involves thousands of dollars.
Thanks for the feedback TradeFortress, I will consider getting TFO. However I'm not forcing you (nor anybody else) to use it. I totally understand your point of view. If you have something else to add on the topic help me out!
PS: since you care so much about security, why would you be logged in as root on a ubuntu machine?
Sincerely, Nicolò
Because it makes him seem like some sort of l33tanonhax0r.
To OP, I do suggest you release the software as open source. Bitcoin is pretty new and any open source things you release are helpful.
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public?
Hi nitrous Yes it is necessary that the bot remain closed source. The business model will be embedded in the source code and I can't allow people to just comment out those lines.
People on betalist will have to sign an NDA and will face consequences if distributing the source without authorisation.
Thank you again for your suggestions!
That's extraordinarily poor design
Hi joshki, I'd love to hear from you better designed solutions.
Why? I have no desire to enable you, or teach you basic software design.
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public?
Hi nitrous Yes it is necessary that the bot remain closed source. The business model will be embedded in the source code and I can't allow people to just comment out those lines.
People on betalist will have to sign an NDA and will face consequences if distributing the source without authorisation.
Thank you again for your suggestions!
That's extraordinarily poor design
Hi joshki, I'd love to hear from you better designed solutions.
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public?
Hi nitrous Yes it is necessary that the bot remain closed source. The business model will be embedded in the source code and I can't allow people to just comment out those lines.
People on betalist will have to sign an NDA and will face consequences if distributing the source without authorisation.
Thank you again for your suggestions!
That's extraordinarily poor design
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public?
Hi nitrous Yes it is necessary that the bot remain closed source. The business model will be embedded in the source code and I can't allow people to just comment out those lines.
People on betalist will have to sign an NDA and will face consequences if distributing the source without authorisation.
Thank you again for your suggestions!
The part in bold sounds very bad...
why is that?
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public?
Hi nitrous Yes it is necessary that the bot remain closed source. The business model will be embedded in the source code and I can't allow people to just comment out those lines.
People on betalist will have to sign an NDA and will face consequences if distributing the source without authorisation.
Thank you again for your suggestions!
The part in bold sounds very bad...
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public?
Hi nitrous Yes it is necessary that the bot remain closed source. The business model will be embedded in the source code and I can't allow people to just comment out those lines.
People on betalist will have to sign an NDA and will face consequences if distributing the source without authorisation.
Thank you again for your suggestions!
Hi Advanced,
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public? You can still distribute precompiled binaries for those who don't know enough to compile it themselves, and other people can verify the authenticity of the binary for you. Many open source projects do this, and unless you intend to keep the source closed, this could help you with the trust issue. Of course, there would still be some who might question whether the binary is compiled from different code, but they would be able to check and compile it themselves.
Is it important that your bot remain closed source? I don't have anything against closed source, but if you're willing to give access to your source code to those on the beta list, who could potentially release it themselves, why not just release the code to the public? You can still distribute precompiled binaries for those who don't know enough to compile it themselves, and other people can verify the authenticity of the binary for you. Many open source projects do this, and unless you intend to keep the source closed, this could help you with the trust issue. Of course, there would still be some who might question whether the binary is compiled from different code, but they would be able to check and compile it themselves.
Quote
Sorry Advanced, but you aren't clear on what a firewall does, so i fear you have some things to learn before your project can take off. And I don't know why you are against open source for software you don't seem to be planning to sell. All the big boys in this movement invite others to read their code because they know the value is not in having the code, it's in being able to write good code to start with. All of your stuff with 3rd parties cross signing is a waste of time. Nobody will believe any of the "people" who cross sign your closed code - give it up.
Another way to put it: If an idiot copies code he can eat a fish for a day. The guy who writes good code will catch as many fish as he wants and will eat for a lifetime.
Another way to put it: If an idiot copies code he can eat a fish for a day. The guy who writes good code will catch as many fish as he wants and will eat for a lifetime.
Hello Professor,
I'm here to say that I don't take lessons of open source software. A simple bot with no algorithms whatsoever represent no contribution for the OSS community (it ain't no astrophysics http://arxiv.org/abs/1304.6780v1) . I've been contributing and I am contributing to OSS projects for the last 12 years, this is a different topic.
If you want to add something to this thread, try to help the others in finding workarounds to it. Otherwise,
so long and thanks for all the fish.
You cannot do what you wish to do.
If the application is closed source, it will not be trusted. That's the bottom line.
Publish your source or live with it.
If the application is closed source, it will not be trusted. That's the bottom line.
Publish your source or live with it.
THIS
Thank you Rampion.
I agree with his statement ^---- THAT ----^
Sorry Advanced, but you aren't clear on what a firewall does, so i fear you have some things to learn before your project can take off. And I don't know why you are against open source for software you don't seem to be planning to sell. All the big boys in this movement invite others to read their code because they know the value is not in having the code, it's in being able to write good code to start with. All of your stuff with 3rd parties cross signing is a waste of time. Nobody will believe any of the "people" who cross sign your closed code - give it up.
Another way to put it: If an idiot copies code he can eat a fish for a day. The guy who writes good code will catch as many fish as he wants and will eat for a lifetime.
You cannot do what you wish to do.
If the application is closed source, it will not be trusted. That's the bottom line.
Publish your source or live with it.
If the application is closed source, it will not be trusted. That's the bottom line.
Publish your source or live with it.
THIS
Would you consider writing a bot for something besides the Magic: The Gathering of Incompetents exchange? BTC-e for LTC (read cheapo) traders?
I'm on it. Would you be interested in trying it out?I probably would as I don't have any real wealth on BTC-e so if it was stolen the crying would be short lived. Shoot me PM when you have something ready and are ready to hack my computer. I am rather naive and dumb anyway.
Ok you are on the betalist ! Just be patient;) Thanks
Hi!
Ciao Andreas, I'm working in java too and I already implemented the Strategy.java and the Rule.java Thanks for sharing your ideas!
I'm adding a very simple demo bot these days, just to show the usage of the bot. However the loadable rule-set are done with drools here. But I don't have a very simple trading language yet, so the rules still look rather complicated. I looked for a collab to develop a better trading language, but it seems, that noone is interested in such stuff...
Ciao,
Andreas
My idea: use an opensource trading framework, that allows you to load your strategy. It might limit your orders to user-entered accounts, so your strategy will only move funds from one user-account to another (so your bot cannot run with the money 
).
However, I only release java-sources, so I don't know the javascript frameworks. If you want to look at some part of my sources: https://github.com/ReAzem/cryptocoin-tradelib
, but it still lacks the rule-engine stuff. Don't know if or how I should release it.
If you have a good concept, how to make money of it, let me know....
Ciao,
Andreas
).However, I only release java-sources, so I don't know the javascript frameworks. If you want to look at some part of my sources: https://github.com/ReAzem/cryptocoin-tradelib
, but it still lacks the rule-engine stuff. Don't know if or how I should release it.
If you have a good concept, how to make money of it, let me know....
Ciao,
Andreas
Ciao Andreas, I'm working in java too and I already implemented the Strategy.java and the Rule.java
Thanks for sharing your ideas!I'm adding a very simple demo bot these days, just to show the usage of the bot. However the loadable rule-set are done with drools here. But I don't have a very simple trading language yet, so the rules still look rather complicated. I looked for a collab to develop a better trading language, but it seems, that noone is interested in such stuff...
Ciao,
Andreas
Hi Andreas!
I'm interested
That seems fun! How can we proceed? lets talk about it out of this thread so we don't go OT Would you consider writing a bot for something besides the Magic: The Gathering of Incompetents exchange? BTC-e for LTC (read cheapo) traders?
I'm on it. Would you be interested in trying it out?I probably would as I don't have any real wealth on BTC-e so if it was stolen the crying would be short lived. Shoot me PM when you have something ready and are ready to hack my computer. I am rather naive and dumb anyway.
It has to be javascript? We are working on a java lib for trading...
Java is inherently unsecure
Hi Malawi, what do you mean by "inherently unsecure" ? I think that security is barely a property of a language itself. Some languages are more fault-prone than others, however I think this is not the case for java. Could you provide some reference ?
You can write 'secure' code or 'unsecure' code in pretty much whatever comes to mind
So you wouldn't use a bot only because the language it is written to?
There are found weaknesses/exploits all the time, thats why you get that "Justask" popup more or less every week.
IMHO - Java is fine for many tasks, but not for task that demand high security.
Here in Norway, the banks have publicly announced that you should avoid running java while doing your online banking.
Even found an english link about it - http://theforeigner.no/pages/news/java-issues-prompt-more-norway-warnings/
Jump to: