Pages:
Author

Topic: holy shit, china is going parabolic.. (Read 9712 times)

sr. member
Activity: 252
Merit: 250
a wolf in sheeps clothing. suckerfish
May 07, 2013, 12:19:30 AM
1:17 PM
 Tuesday, May 7, 2013 (CST)
 Time in China


why is btc not 289.95 what is going on  Shocked   haha
full member
Activity: 238
Merit: 100
RMBTB.com: The secure BTC:CNY exchange. 0% fee!
I began with a set of VPSes in Japan, but actually found connection to west-coast US much better. I think a lot of locals use nearby VPSes as proxies (I know I do), and so connections, particularly https, seem to be getting throttled and blocked more often. I got blocked due to someone else on my same IP range -- didn't bode well.

Serving through CDN, I see sub-1-second page loads over 3G to W coast US. All assets will be served from CDN edge locations so it should be OK. How that scales to full-time trading will be the real test though.

For comparison, BTCChina, when not behind CloudFlare, seems to be on an east-coast Linode.

i had horrible experiences with running us-based services to the mainland. but what you say about vpses and cdns makes a lot of sense. i've only just started using maxcdn myself and haven't been able to run any mainland tests just yet.

i stress location and performance, but it really depends on what you're offering. basic trading should be fine, but if you're offering live charts and apis, then it could become a problem when serving the mainland's non-vpn userbase (especially if you're competition IS in mainland -- YOUR service will seem slow and spotty). but i'm with you, when i'm there i have 3 private vpns in the us, eu and sg and just use the one that's giving me the best performance at the time.

For the Bitcoin server -- I looked; we began with a self-hosted solution. However, the only secure way I am really comfortable with is a dedicated server under my own control -- even whole-disk encryption means nothing on a VPS. The intermediate code is relatively backend-agnostic, so I can always go back to that route if needs be. Will possibly be adding alt currencies down the road, so would need to self-host anyway.  I think the biggest draw for blockchain.info is that we plan to market it as a secure solution -- are new users more likely to trust a(nother) new exchange, or one of the biggest players on the block? I know where my money would go. It will help me sleep at night too...

i don't have any experience with the blockchain.info api, so what i know is purely from outside observation, but i just assumed so many people used the api for its "convenience" and "reliability" not so much for its security. imo security is still very much localized to your transaction server. i assume the exchange you've built will be automated for the most part, which means you will need to store those api keys on the server and at some point they will need to be unencrypted and then transmitted to the api (which will probably be via ssl). the point right before transmission will be the weakest link in your security chain. if that gets compromised, blockchain can't help you.

This is why I like blockhain... Yes we have to store the main password (encrypted, but reversible encryption means nothing) . But the second password is required for any move or send.

Btc in is automated by listening for transactions among a pool of user addresses that is created ahead of time (since addresses cant be created without the second password). Withdrawals are grouped and processed by an administrator who provides a secret to piece together the second password.

This second password is never stored anywhere, other than the split second in memory when actions are processed.

(Both passwords are long sha256 hashes of pretty obscure information combined with secrets.... So brute forcing isn't really an option)

So an administrator can't run off with the hot wallet coins (since they don't know either password), and someone owning the server can't do much with the coins, since they don't have the second password.

Obviously all comms with blockchain is SSL ( and we check the certificate each time)

I think it's a nice solution... And they make some nice fee income since they charge 0.0005 on everything, including moves. The main elephant in the room in my mind is uptime.

We could build something similar but on a VPS it would become the weakest link. So this way reduces the possible attack vectors a bit. Either way, this is just the current account, but it should make us less interesting.

Thank you for the recommendations. We have a waf and intrusion detection in place, and also run a self-built change check on all files. Agree that side channel attacks are probably the weakest link right now, but there's a lot we'll have to stay on top of. There's always a way in somewhere.



there are many side-channel attacks, but these 2 tools will at least cover the obvious and and alert you when attention is needed. paper wallets, hardened passwords, etc, etc, are a given.

i wish you the best of luck and look forward to the release


legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
Damn I wish I could understand their language.

Would be at least a little satisfying. ching chong chang ching...maka dong dong


well you may not understand it but it appears you speak it pretty well smoothie...


(sorry to all Chinese I couldn't resist)

lol  Tongue
sr. member
Activity: 364
Merit: 250
"to be or not to be, that is the bitcoin"
Damn I wish I could understand their language.

Would be at least a little satisfying. ching chong chang ching...maka dong dong


well you may not understand it but it appears you speak it pretty well smoothie...


(sorry to all Chinese I couldn't resist)
legendary
Activity: 1036
Merit: 1000
I'm just saying Japanese is in total a lot harder than Chinese as far as reading goes, even though some things can be said in J without any kanji.
legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
I have essentially native-level Japanese reading ability, only studied Chinese for few days, but I can already read a lot of Chinese. Chinese has more characters than Japanese and they often have different meanings, but they are MUCH easier to learn. For one thing, they usually can only be read one way and are one syllable, of course very unlike Japanese.

Well you missed one important fact, I am not you.

 Tongue
legendary
Activity: 1036
Merit: 1000
I have essentially native-level Japanese reading ability, only studied Chinese for few days, but I can already read a lot of Chinese. Chinese has more characters than Japanese and they often have different meanings, but they are MUCH easier to learn. For one thing, they usually can only be read one way and are one syllable, of course very unlike Japanese.
legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
Damn I wish I could understand their language.

Would be at least a little satisfying. ching chong chang ching...maka dong dong

Its really not that hard depending on how your mind works.. I mean like 300 million 8 year old kids speak it fluently haha.. I actually found spanish much harder to pick up because I can't conjugating quickly. You should take some btc profits and go to China, it will be an incredible experience you remember for the rest of your life.

Learning a language in which you need to relearn the characters makes it that more difficult. Japanese is what I am familiar with.

Chinese...good lord...another language to try and piece together. If you are younger it is easier to pick up the language.
full member
Activity: 211
Merit: 100
"Living the Kewl Life"
I began with a set of VPSes in Japan, but actually found connection to west-coast US much better. I think a lot of locals use nearby VPSes as proxies (I know I do), and so connections, particularly https, seem to be getting throttled and blocked more often. I got blocked due to someone else on my same IP range -- didn't bode well.

Serving through CDN, I see sub-1-second page loads over 3G to W coast US. All assets will be served from CDN edge locations so it should be OK. How that scales to full-time trading will be the real test though.

For comparison, BTCChina, when not behind CloudFlare, seems to be on an east-coast Linode.

i had horrible experiences with running us-based services to the mainland. but what you say about vpses and cdns makes a lot of sense. i've only just started using maxcdn myself and haven't been able to run any mainland tests just yet.

i stress location and performance, but it really depends on what you're offering. basic trading should be fine, but if you're offering live charts and apis, then it could become a problem when serving the mainland's non-vpn userbase (especially if you're competition IS in mainland -- YOUR service will seem slow and spotty). but i'm with you, when i'm there i have 3 private vpns in the us, eu and sg and just use the one that's giving me the best performance at the time.

For the Bitcoin server -- I looked; we began with a self-hosted solution. However, the only secure way I am really comfortable with is a dedicated server under my own control -- even whole-disk encryption means nothing on a VPS. The intermediate code is relatively backend-agnostic, so I can always go back to that route if needs be. Will possibly be adding alt currencies down the road, so would need to self-host anyway.  I think the biggest draw for blockchain.info is that we plan to market it as a secure solution -- are new users more likely to trust a(nother) new exchange, or one of the biggest players on the block? I know where my money would go. It will help me sleep at night too...

i don't have any experience with the blockchain.info api, so what i know is purely from outside observation, but i just assumed so many people used the api for its "convenience" and "reliability" not so much for its security. imo security is still very much localized to your transaction server. i assume the exchange you've built will be automated for the most part, which means you will need to store those api keys on the server and at some point they will need to be unencrypted and then transmitted to the api (which will probably be via ssl). the point right before transmission will be the weakest link in your security chain. if that gets compromised, blockchain can't help you.

i'm currently documenting my own experiences with enterprise-level bitcoin security and will hopefully have it online sooner than later for anyone to review and comment. there's tons and tons of info online about how to secure bitcoin (but it mainly applies to users not busineses). the one thing i would like to say to you (something that i've never seen mentioned) is to make sure you install an intrusion detection system like OSSEC. if you've employed an outside security firm GREAT!, otherwise use something like OpenVAS for penetration testing. both are open-source and very well supported

there are many side-channel attacks, but these 2 tools will at least cover the obvious and and alert you when attention is needed. paper wallets, hardened passwords, etc, etc, are a given.

i wish you the best of luck and look forward to the release

hero member
Activity: 784
Merit: 1000
Chinese government likes bitcoin for the same reasons it likes precious metals.  They want to bring wealth into the country.

And China will promote anything tha hurts us dollars dominance over the world.

If I had to bet, China gov will support Bitcoin as long as it helps bring down dollar dominance and then turn strongly against it if that ever happens.

Bear in mind that China's vast foreign reserves are largely denominated in US dollars. They're likely not as keen as you think to see them drop in value.

They have written off their paper $ assets already - there is no way they can get anything for 1 Trillion of bonds and money anywhere. They will use it any way they see fit.

Actually, if they can inject just $1 billion into this market it will explode, which is pocket change for them.
anu
legendary
Activity: 1218
Merit: 1001
RepuX - Enterprise Blockchain Protocol
Chinese government likes bitcoin for the same reasons it likes precious metals.  They want to bring wealth into the country.

And China will promote anything tha hurts us dollars dominance over the world.

If I had to bet, China gov will support Bitcoin as long as it helps bring down dollar dominance and then turn strongly against it if that ever happens.

Bear in mind that China's vast foreign reserves are largely denominated in US dollars. They're likely not as keen as you think to see them drop in value.

They have written off their paper $ assets already - there is no way they can get anything for 1 Trillion of bonds and money anywhere. They will use it any way they see fit.
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Actually just thinking about it in the long run this is good may have a trillion chinese miners mining our bitcoins soon but at least were marketing to a large nation with 2 billion people Bitcoin would need to do that eventually, so the market grows exponentially also ironically or strangely enough (A culture of saving helps the bitcoin appreciate in value) Due to the deflationary effect Which leads them to spend those bitcoins to make money (therefore contradicting themselves XD) Save and invest or sell now for good cash all those savers Cheesy
Also 2 billion people think of all the lost bitcoins everytime a wallet gets lost lol
full member
Activity: 193
Merit: 100
Always riding the Bull...
Damn I wish I could understand their language.

Would be at least a little satisfying. ching chong chang ching...maka dong dong

Its really not that hard depending on how your mind works.. I mean like 300 million 8 year old kids speak it fluently haha.. I actually found spanish much harder to pick up because I can't conjugating quickly. You should take some btc profits and go to China, it will be an incredible experience you remember for the rest of your life.
legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
Damn I wish I could understand their language.

Would be at least a little satisfying. ching chong chang ching...maka dong dong
hero member
Activity: 784
Merit: 1000
Thanks. The ICP is the crux of the issue with the hosting at the moment. We're working on it.... red tape is enormous and we don't want to rock the boat too early.

understandable.

so where will you be putting those servers?
if you're serving the mainland, then this is critical (us and eu are really out of the question)
i've done extensive testing in hong kong and singapore (still need to test from taiwan)
hong kong had the best performance, but signapore had the best infrastructure.


On the blockchain.info api... Let's see. It will be costing me more than self hosting since they charge transaction fees on moves. The record to date of people running their own isn't great. I'm prepared to fall back on my own.

no it is not. but there in lies the challenge.
not a c programmer so i can't make any sense of bitcoind, but check out bitcoinj as well as bitcoinjs-server.

True.

I began with a set of VPSes in Japan, but actually found connection to west-coast US much better. I think a lot of locals use nearby VPSes as proxies (I know I do), and so connections, particularly https, seem to be getting throttled and blocked more often. I got blocked due to someone else on my same IP range -- didn't bode well.

Serving through CDN, I see sub-1-second page loads over 3G to W coast US. All assets will be served from CDN edge locations so it should be OK. How that scales to full-time trading will be the real test though.

For comparison, BTCChina, when not behind CloudFlare, seems to be on an east-coast Linode.



For the Bitcoin server -- I looked; we began with a self-hosted solution. However, the only secure way I am really comfortable with is a dedicated server under my own control -- even whole-disk encryption means nothing on a VPS. The intermediate code is relatively backend-agnostic, so I can always go back to that route if needs be. Will possibly be adding alt currencies down the road, so would need to self-host anyway.  I think the biggest draw for blockchain.info is that we plan to market it as a secure solution -- are new users more likely to trust a(nother) new exchange, or one of the biggest players on the block? I know where my money would go. It will help me sleep at night too...


I guess you will have to get your site online while waiting for the ICP, that's what people normally do.
full member
Activity: 238
Merit: 100
RMBTB.com: The secure BTC:CNY exchange. 0% fee!
Thanks. The ICP is the crux of the issue with the hosting at the moment. We're working on it.... red tape is enormous and we don't want to rock the boat too early.

understandable.

so where will you be putting those servers?
if you're serving the mainland, then this is critical (us and eu are really out of the question)
i've done extensive testing in hong kong and singapore (still need to test from taiwan)
hong kong had the best performance, but signapore had the best infrastructure.


On the blockchain.info api... Let's see. It will be costing me more than self hosting since they charge transaction fees on moves. The record to date of people running their own isn't great. I'm prepared to fall back on my own.

no it is not. but there in lies the challenge.
not a c programmer so i can't make any sense of bitcoind, but check out bitcoinj as well as bitcoinjs-server.

True.

I began with a set of VPSes in Japan, but actually found connection to west-coast US much better. I think a lot of locals use nearby VPSes as proxies (I know I do), and so connections, particularly https, seem to be getting throttled and blocked more often. I got blocked due to someone else on my same IP range -- didn't bode well.

Serving through CDN, I see sub-1-second page loads over 3G to W coast US. All assets will be served from CDN edge locations so it should be OK. How that scales to full-time trading will be the real test though.

For comparison, BTCChina, when not behind CloudFlare, seems to be on an east-coast Linode.



For the Bitcoin server -- I looked; we began with a self-hosted solution. However, the only secure way I am really comfortable with is a dedicated server under my own control -- even whole-disk encryption means nothing on a VPS. The intermediate code is relatively backend-agnostic, so I can always go back to that route if needs be. Will possibly be adding alt currencies down the road, so would need to self-host anyway.  I think the biggest draw for blockchain.info is that we plan to market it as a secure solution -- are new users more likely to trust a(nother) new exchange, or one of the biggest players on the block? I know where my money would go. It will help me sleep at night too...
sr. member
Activity: 434
Merit: 250
Because Bitcoin wasn't interesting enough already?!?!
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Hmm the Chinese got wind of this things are about to hit the fan or things just got interesting
Also Everyone Defend the architecture they may try cheating
I would say if a 50% attack could be done lol 1 billion computers all together next golden shield Tongue
full member
Activity: 211
Merit: 100
"Living the Kewl Life"
Thanks. The ICP is the crux of the issue with the hosting at the moment. We're working on it.... red tape is enormous and we don't want to rock the boat too early.

understandable.

so where will you be putting those servers?
if you're serving the mainland, then this is critical (us and eu are really out of the question)
i've done extensive testing in hong kong and singapore (still need to test from taiwan)
hong kong had the best performance, but signapore had the best infrastructure.


On the blockchain.info api... Let's see. It will be costing me more than self hosting since they charge transaction fees on moves. The record to date of people running their own isn't great. I'm prepared to fall back on my own.

no it is not. but there in lies the challenge.
not a c programmer so i can't make any sense of bitcoind, but check out bitcoinj as well as bitcoinjs-server.
full member
Activity: 238
Merit: 100
RMBTB.com: The secure BTC:CNY exchange. 0% fee!
Chinese government likes bitcoin for the same reasons it likes precious metals.  They want to bring wealth into the country.

2 billion people just now getting exposed to a store a wealth beyond the control of any state. the culture is all about "saving". they won't care so much about what you can buy so long as their investment grows. bitcoin has yet to see what real deflation is

Alipay, Tenpay & OKPay at the start; but we will have controls in place to prevent direct CNY -> USD transfer to comply with the law (e.g. if you put CNY in using Alipay, you can't get USD out using OKPay).

Two-factor authentication for login, + additional un-keyloggable trade PIN stored in separate database for trading & withdrawals.

This should be the last week before we open up -- we don't want to launch too soon.

Will save the rest for a thread where I'm allowed to post this stuff.

On BTCChina, they keeping switching to/from cloudflare -- they were on it last month. Unfortunately cloudflare performance can be horrible in China, so they tend to switch back. DDoS suck for all of us.

awseome! great news.
yeah the cny -> usd is expected and makes perfect sense.
i look forward to the official post.


Hosting overseas. We're using blockchain.info for hosting bitcoind -- we believe it is the most secure way as it means attackers can't do anything with the server even if it gets owned. Using a scaleable solution with load balancing. Over the past few months we have tested a few hosting strategies; this is the best.

are your local "client facing" servers going to be hosted in shanghai? will you use a .cn name? i just ask, to know if you will acquire an icp license. i tend to believe that would be a major validation of the governments acceptance of the bitcoin movement.

there is something about a full exchange using blockchain.info's api that doesn't seem right to me; imho you'd be "more secure" with your own local solution (over a private network); but i'm just gonna mind my business on that one

anyway, this is all very exciting stuff and i wish you the best of luck with your launch.
(definitely gonna have some fun watching the events unfold in the upcoming weeks)

Thanks. The ICP is the crux of the issue with the hosting at the moment. We're working on it.... red tape is enormous and we don't want to rock the boat too early.

On the blockchain.info api... Let's see. It will be costing me more than self hosting since they charge transaction fees on moves. The record to date of people running their own isn't great. I'm prepared to fall back on my own.
Pages:
Jump to: