Pages:
Author

Topic: [Full Disclosure] Live mtgox.com trade matching bug. (Read 15367 times)

member
Activity: 111
Merit: 10
I really appreciate people bringing this out in the open.  I'd rather know how insecure my trading platform is so I can make an informed decision to take my business somewhere else.

Thanks to the OP for keeping us in the loop!

You do realize that there really was no problem to begin with, right?  This is complete BS and should simply be ignored.
newbie
Activity: 24
Merit: 0
I really appreciate people bringing this out in the open.  I'd rather know how insecure my trading platform is so I can make an informed decision to take my business somewhere else.

Thanks to the OP for keeping us in the loop!
hero member
Activity: 672
Merit: 500
Dear MtGox:

jr. member
Activity: 56
Merit: 1
Well.  I hope OP is happy he got what he wanted:

http://www.thinq.co.uk/2011/6/28/mt-gox-flaw-opens-door-free-bitcoins/

This isn't any kind of serious journalism, it's some dyslexic hit piece ("psuedo-currency", also check out the article heading beneath: "Court scambles to accommdate Ryan Cleary" - noone even proof reads this stuff).

BTW, respect to OP's convictions.
member
Activity: 84
Merit: 10


thread went from this:


to this:


newbie
Activity: 25
Merit: 0
Guys, the hate isn't necessary.  Full Disclosure vs. other methods is a (computer) age old debate that is like arguing Right Wing politics vs. Left Wing.  No one is right, no one is wrong.  They are opinions on how to handle these situations.  If MtGox wants people to minimize impact of disclosed security vulnerabilities, they need to fix them promptly.  I assume they are doing so.
Absolutely. And what people don't seem to realize is that Full Disclosure is infinitely better than No Disclosure, which was another option open to the OP.
full member
Activity: 196
Merit: 100
Quote
I really doubt either of you have the slightest clue what "anarchist philosophy" actually is.

Only to the extent that self-professed anarchists don't. Its always such an elusive thing, as every time something about it is mentioned, someone will conveniently float in to say that this or that "isn't true anarchist thought".
sr. member
Activity: 294
Merit: 252
Quote
I've seen things get fractured like this before in other like minded anarchist underground communities, it creates an us versus them mentality against it's very own, which essentially destroys the entire community, partitioning it into very small stagnant circle jerks.

I'm not surprised, as this is the logical conclusion of anarchist philosophy.

I really doubt either of you have the slightest clue what "anarchist philosophy" actually is.
member
Activity: 78
Merit: 10
Guys, the hate isn't necessary.  Full Disclosure vs. other methods is a (computer) age old debate that is like arguing Right Wing politics vs. Left Wing.  No one is right, no one is wrong.  They are opinions on how to handle these situations.  If MtGox wants people to minimize impact of disclosed security vulnerabilities, they need to fix them promptly.  I assume they are doing so.
full member
Activity: 196
Merit: 100
Quote
I've seen things get fractured like this before in other like minded anarchist underground communities, it creates an us versus them mentality against it's very own, which essentially destroys the entire community, partitioning it into very small stagnant circle jerks.

I'm not surprised, as this is the logical conclusion of anarchist philosophy.
newbie
Activity: 57
Merit: 0
I've finally had enough of MtGox.  Orders not executing, security issues, poor communication, bugs and God knows what else have eroded my trust.  Until they get their act together and fix these lingering problems I'm moving out of their exchange. 

MT, if you're reading this, best of luck.  I'm taking my ball and going home. 

(read I took the small amount of cash and BTCs in my MtGox account and moved them to other exchange accounts I use)
member
Activity: 84
Merit: 10
Everyone here who is mad because something less-than-perfect was disclosed and may threaten their investment is an absolute FOOL and are behaving in the same way as the investment bankers who tried to cover up the imperfections in the real market. Yet many of you are the same anti-establishment zealots who wear your militia jackets and talk about the underhanded skulduggery of the Federal Reserve and the powers-that-be. Look at yourselves.




I've seen things get fractured like this before in other like minded anarchist underground communities, it creates an us versus them mentality against it's very own, which essentially destroys the entire community, partitioning it into very small stagnant circle jerks.
You might think you are doing a favor to justice, but really it's just reaping what you sow.
member
Activity: 84
Merit: 10
I'm assuming everyone is behind i2p, swarm and/or the onion router, reading this through lynx/links correct?
There is discrepancy between your imagination and reality.

You imply this forum is secure?
full member
Activity: 196
Merit: 100
Everyone here who is mad because something less-than-perfect was disclosed and may threaten their investment is an absolute FOOL and are behaving in the same way as the investment bankers who tried to cover up the imperfections in the real market. Yet many of you are the same anti-establishment zealots who wear your militia jackets and talk about the underhanded skulduggery of the Federal Reserve and the powers-that-be. Look at yourselves.


legendary
Activity: 2408
Merit: 1121
Someone's 15 minutes of 'fame' are over, but like a bad houseguest, he just doesn't get the hint he should head home.

Maybe this will help:

"Okay, you are super-smart, good job propeller-head. Now go away."
member
Activity: 111
Merit: 10
If you're so worried feel free to stop using the services provided by companies with horrible security records or, as previously stated, petition said service providers to open their code and/or make public the results of 3rd party code/security audits.

So what alternative services would you recommend, that are guarenteed to be perfect?
member
Activity: 112
Merit: 10
I applaud the OP.  The idiots who still trust in Mt Gox deserve to get defrauded in every way possible.  I'd recommend informing hacker forums every time you find an exploit in that shithole of a business.
newbie
Activity: 67
Merit: 0
I for one hope that when/if someone does discover some potentially damaging exploit that they won't put us all at risk by instantly sharing it with everyone, including those who will jump at an opportunity to take advantage, at least until site admin has had an opportunity to take action.
If you're so worried feel free to stop using the services provided by companies with horrible security records or, as previously stated, petition said service providers to open their code and/or make public the results of 3rd party code/security audits.

To everyone sending me hate-filled PMs:

I don't care. See the above.

Additionally:

It is not my responsibility to enforce responsible journalism. If the blog d'jour is posting ill-informed "articles" about your pet bitcoin project, petition them to hold themselves to a higher standard of journalism.

I thought this forum was full of lolbertarians who believe in "absolutely free market capitalism?" Vote with your feet and your wallet.

Oh wait, I get it, your idealistic "free market" concepts only apply when they work in your favor. Brilliant!
member
Activity: 111
Merit: 10
I don't think anyone is suggesting anything but truth and honesty and disclosure, but when someone doesn't even give the site admin a chance to correct a potential problem (good thing this wasn't actually a serious exploit), they are just being irresponsible towards the users of the site in question and the community as a whole.  I for one hope that when/if someone does discover some potentially damaging exploit that they won't put us all at risk by instantly sharing it with everyone, including those who will jump at an opportunity to take advantage, at least until site admin has had an opportunity to take action.
newbie
Activity: 7
Merit: 0
I cannot guarantee this order will execute but from everything I've observed about the new trade matching code I have no reason to believe it will not.

It will not execute, and I told you it'll be fixed in a couple of hours. Thanks for disclosing this before.

Yes, it is all our fault:

Quote
Today 16:51 GMT on #mtgox
anyone know what that weird spike around 18:00 is? looks erroneous to me, no? it went up to 17.52 apparently, but my order at 17.25 did not get filled.
molecular: it's the closing of a bug, some orders were blocked and are now freed

It is because we let such people have our money!
Pages:
Jump to: