Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation (Read 224537 times)

I'll post updates here: https://bitcointalksearch.org/topic/payout-updates-bitcoinica-site-is-taken-offline-for-security-investigation-84042

That's the new thread.

Thanks Proudhon, saves me some time.

no money returned yet :-( ah well, thats what I thought.

No money has been returned yet, and there haven't been any statements about when money will be returned.

Just been trying to catch up with the claims process by reading this thread.      


The shit fight between bitcoinicca consulting and zhoutong is NOT very inspiring. Frankly I don't give a shit about that stuff. Haven't read many of the latest pages of comments.



Has there been any real information about when we can expect our claims to be actioned ??

Has anyone had money refunded yet ?

Indeed, this is beyond comprehension. Apparently these cloud things have hypnotizing effect on Zhou's generation of Internet Pros "powered by google search".

People stop eating all the marketing BS you are being fed.

Been around long enough to have discovered that for myself (and to remember backing up to disks that were actually floppy). Hell, when I ran a 2400bps hermes board outta my mom's house I was backing up my user lists and warez to disks as fast as I could. I've still got boxes of disks full of gif porn and the names and phone numbers of freaks in Los Angeles somewhere in a storage unit, if those disks haven't degraded yet. "The cloud" is a fucking euphemism for shared hosting without the customer service and accountability that used to come with shared hosting. Why retailers would make a big deal out of a server wholesaler's new buzzword for shit service is totally beyond me. Guess it sounds fancy to their customers.

Most tripods can stand on two legs if you prop them up a little. Anyway, if everything was wiped out, one server hacked and the other two had drive malfunctions or whatever, it's not like you can blame people. But a few extra precautions might be in order when dealing with half a million dollars, even if they do cost a few hundred bucks a month. After all, what's that money worth if your reputation is shit?

They openly stated upthread that their priority was fixing the code rather than addressing other possible/known vulnerabilities and that they still believe that was the correct choice, so I don't think that money was the concern - it seems more like a case of tunnel vision.  I'm not sure why fixing the code and preventing further attacks/securing data against catastrophic loss were regarded as mutually exclusive options.

And yeah, the "rule of three" has been around for a long time.  Back in the days of DOS and 5 1/4 floppy disks we used to work on a three days worth of back ups (we had physical back ups for each of the last three days) and three locations rule (in practice, this meant that one set of backups stayed at the office and the boss and I each took home a set of back up disks).

what, blackjack ain't good enough for ya?

Now all you have to do is offer margin trading.

We're not an exchange, but given that we deal with people's Bitcoins we do have an obligation to state this: We have always maintained 1) hourly database backups to a second data center, 2) daily offline backups, 3) a hot wallet stored in a third datacenter, on a dedicated server, and 4) offline wallet storage of all funds other than petty cash. Furthermore, everything we run other than our blog is on offshore dedicated servers at datacenters with casino-grade physical security measures, NOT on VPS. A hacker who accessed one of our dedis would find our hot wallet basically empty and our user passwords hashed. At most we'd lose a hundred bucks or so.

We don't have anything near the volume of Bitcoinica. We've got about 1000 users. When we launched, and started paying for the servers involved in this elaborate setup, we had no users. There's no doubt the added security has come at a cost that dug into our bottom line. But what's the alternative? Hosting on a VPS somewhere and waiting for disaster? You don't screw around with cutting costs on security; a wise guy once told me it's better to be "insurance poor" than temporarily rich and waiting for the other shoe to drop. One of the dumbest things I've done in recent memory was send some of our first positive revenues into a Bitcoinica account. I would never have imagined the security there would be more lax than ours, but it's my fault for not doing more research. I accept that.

There is no formulaic way yet of definitively securing a site that deals in BTC, but having lots of backups and dedicated servers seems like kind of a no-brainer place to start. It's a shame all the "security experts" floating around the Bitcoinica scene couldn't afford an extra $200 a month for a dedicated / offline backup solution. We don't make the kind of money they do, and we trusted them with our profit; if I'd known they were so poverty-stricken I would have paid for it myself goddamn it.

No. Its a special corollary of Murphy's Law that I don't think has a name but most people are aware of: Murphy's Law is efficient, if you're sufficiently guarded against it in one way, it'll just strike you some other way.

Surely we're not talking about Hanlon's Razor on this thread, are we?


~BrunO~

In rjk's defense, Murphy's Law states that anything that can go wrong, will go wrong. This is similar but with a slight modification. In other words, "Any problem that you anticipate won't happen and every other one will."

http://www.rackspace.com/knowledge_center/rackspace_cloud_backup_faq

While penning my dad's obituary a couple years ago, I kept a copy in documents on this laptop as well as putting a copy in a dedicated image file. I see my error now. I should have also created a public folder to store a third copy. Luckily nobody logged into my laptop and deleted said files, for I wouldn't have had that third backup available to me at the time.

Lol!  You're just taking credit for Murphy's Law!

Nice to see the Rule of 3 is still a universal constant.

Guy: How many guys have you slept with?
Girl: 2

Answer: 2*3=6



Girl: How many girls have you slept with?
Guy: 9

Answer: 9/3=3


How many back-ups should you have?

Answer: 3

Great, seems like some people would have done a better job by asking you guys how it's done. 

The generic version of that is just Diablo's Rule #1: Redundancy in planning is not paranoia.

Additionally, rjk's Third Law Of Backups states that if your backup procedures are rigorous and the backups are stored in at least 3 locations, you will never ever have to recover from them. If however they suddenly disappear due to a freak accident, that is the day you are guaranteed to need them the most.

Kind of like the Law Of Extra Parts also by rjk: if you need 5 screws to complete a project, and you bring only 5, you are guaranteed to lose one of them. If however you bring 6 screws to a project that needs only 5, you are guaranteed to always have 1 left over.

VERY good saying.