Pages:
Author

Topic: Building a trading bot for the "trust no-one" guys . - page 3. (Read 3259 times)

sr. member
Activity: 267
Merit: 250
Woodwallets.io
It has to be javascript? We are working on a java lib for trading...

Java is inherently unsecure

Hi Malawi, what do you mean by "inherently unsecure" ? I think that security is barely a property of a language itself. Some languages are more fault-prone than others, however I think this is not the case for java. Could you provide some reference ?

 You can write 'secure' code or 'unsecure' code in pretty much whatever comes to mind Wink

So you wouldn't use a bot only because the language it is written to?
sr. member
Activity: 267
Merit: 250
Woodwallets.io
It has to be javascript? We are working on a java lib for trading...

nope, indeed is Java(FX)
full member
Activity: 224
Merit: 100
One bitcoin to rule them all!
It has to be javascript? We are working on a java lib for trading...

Java is inherently unsecure
legendary
Activity: 965
Merit: 1000
It has to be javascript? We are working on a java lib for trading...
sr. member
Activity: 267
Merit: 250
Woodwallets.io
Hi everybody,
Some time ago I  released a node.js online bot for buying/selling BTC when price changes.

As I received good (and bad) feedback, I'm currently working to build a better bot for the "trust no-one" kind of traders.
I'm one of those guys Wink  I'd never give my api keys away to someone else.

This time I can't distribute the source-code ( this is not negotiable Sad ) .
Therefore the topic becomes not trivial. I know its not feasible to get a full-trust without seeing the code, but yet optimising the trust-level between this boundaries is a mind-challenging problem.
 I don't want you to trust me, I just want you to feel safe-enough to use the application. Here is what I have now

  • Anonymous : no registration needed whatsoever.
  • Offline : you need to download an application that runs locally .You will never give me your API keys, they will be stored locally on your machine.
  • It comes with a firewall : for the paranoid guys, I'm distributing the application with a third-party firewall (ipchains script, little snitch, etc) , pre-configured to block all outgoing connections of my application towards websites different from mtgox,btc-e, and others. Wink
  • Community tested: I'm currently recruiting beta-testers from the community. I give access to the source-code. (Get in touch if you want to be one of them - PM me). I will let them perform network traffic test to see how the traffic is only directed to mtgox.
  • Gox API v2 : uses the new and better-designed version of mtgox APIs to minimize risks related to resource saturation.
  • I'm considering getting some other sort of certifications. http://www.truste.com/?

EDIT : Ideas from this discussion

  • Proof of my real identity : The application will come with a proof of my real identity
  • Outgoing traffic tested by the community at network layer : When released the application will have to go through an open contest. I'll offer 1000 BTC to people able to spot any connection going somewhere different that data.mtgox.com . Use sniffers, or whatever you want.
  • Binaries distributed by someone else : I will recruit 10 members of the community from this thread to independently review the source code, compile it on their own machine, compute the md5 checksum and send the application to me. I will then distribute those binaries together with the md5 checksum.
  • You name it : < there is still space>

Since you will be among early-adopters (and many of you already wrote their own trading bot), I'm here to ask you to help me make you feel safe.

What else would you like to have to feel safer?

Nicolò.
Pages:
Jump to: