Topic: holy shit, china is going parabolic.. (Read 9656 times)

1:17 PM
 Tuesday, May 7, 2013 (CST)
 Time in China


why is btc not 289.95 what is going on     haha

This is why I like blockhain... Yes we have to store the main password (encrypted, but reversible encryption means nothing) . But the second password is required for any move or send.

Btc in is automated by listening for transactions among a pool of user addresses that is created ahead of time (since addresses cant be created without the second password). Withdrawals are grouped and processed by an administrator who provides a secret to piece together the second password.

This second password is never stored anywhere, other than the split second in memory when actions are processed.

(Both passwords are long sha256 hashes of pretty obscure information combined with secrets.... So brute forcing isn't really an option)

So an administrator can't run off with the hot wallet coins (since they don't know either password), and someone owning the server can't do much with the coins, since they don't have the second password.

Obviously all comms with blockchain is SSL ( and we check the certificate each time)

I think it's a nice solution... And they make some nice fee income since they charge 0.0005 on everything, including moves. The main elephant in the room in my mind is uptime.

We could build something similar but on a VPS it would become the weakest link. So this way reduces the possible attack vectors a bit. Either way, this is just the current account, but it should make us less interesting.

Thank you for the recommendations. We have a waf and intrusion detection in place, and also run a self-built change check on all files. Agree that side channel attacks are probably the weakest link right now, but there's a lot we'll have to stay on top of. There's always a way in somewhere.

lol 

well you may not understand it but it appears you speak it pretty well smoothie...


(sorry to all Chinese I couldn't resist)

I'm just saying Japanese is in total a lot harder than Chinese as far as reading goes, even though some things can be said in J without any kanji.

Well you missed one important fact, I am not you.

 

I have essentially native-level Japanese reading ability, only studied Chinese for few days, but I can already read a lot of Chinese. Chinese has more characters than Japanese and they often have different meanings, but they are MUCH easier to learn. For one thing, they usually can only be read one way and are one syllable, of course very unlike Japanese.

Learning a language in which you need to relearn the characters makes it that more difficult. Japanese is what I am familiar with.

Chinese...good lord...another language to try and piece together. If you are younger it is easier to pick up the language.

i had horrible experiences with running us-based services to the mainland. but what you say about vpses and cdns makes a lot of sense. i've only just started using maxcdn myself and haven't been able to run any mainland tests just yet.

i stress location and performance, but it really depends on what you're offering. basic trading should be fine, but if you're offering live charts and apis, then it could become a problem when serving the mainland's non-vpn userbase (especially if you're competition IS in mainland -- YOUR service will seem slow and spotty). but i'm with you, when i'm there i have 3 private vpns in the us, eu and sg and just use the one that's giving me the best performance at the time.


i don't have any experience with the blockchain.info api, so what i know is purely from outside observation, but i just assumed so many people used the api for its "convenience" and "reliability" not so much for its security. imo security is still very much localized to your transaction server. i assume the exchange you've built will be automated for the most part, which means you will need to store those api keys on the server and at some point they will need to be unencrypted and then transmitted to the api (which will probably be via ssl). the point right before transmission will be the weakest link in your security chain. if that gets compromised, blockchain can't help you.

i'm currently documenting my own experiences with enterprise-level bitcoin security and will hopefully have it online sooner than later for anyone to review and comment. there's tons and tons of info online about how to secure bitcoin (but it mainly applies to users not busineses). the one thing i would like to say to you (something that i've never seen mentioned) is to make sure you install an intrusion detection system like OSSEC. if you've employed an outside security firm GREAT!, otherwise use something like OpenVAS for penetration testing. both are open-source and very well supported

there are many side-channel attacks, but these 2 tools will at least cover the obvious and and alert you when attention is needed. paper wallets, hardened passwords, etc, etc, are a given.

i wish you the best of luck and look forward to the release

Actually, if they can inject just $1 billion into this market it will explode, which is pocket change for them.

They have written off their paper $ assets already - there is no way they can get anything for 1 Trillion of bonds and money anywhere. They will use it any way they see fit.

Actually just thinking about it in the long run this is good may have a trillion chinese miners mining our bitcoins soon but at least were marketing to a large nation with 2 billion people Bitcoin would need to do that eventually, so the market grows exponentially also ironically or strangely enough (A culture of saving helps the bitcoin appreciate in value) Due to the deflationary effect Which leads them to spend those bitcoins to make money (therefore contradicting themselves XD) Save and invest or sell now for good cash all those savers
Also 2 billion people think of all the lost bitcoins everytime a wallet gets lost lol

Its really not that hard depending on how your mind works.. I mean like 300 million 8 year old kids speak it fluently haha.. I actually found spanish much harder to pick up because I can't conjugating quickly. You should take some btc profits and go to China, it will be an incredible experience you remember for the rest of your life.

Damn I wish I could understand their language.

Would be at least a little satisfying. ching chong chang ching...maka dong dong

I guess you will have to get your site online while waiting for the ICP, that's what people normally do.

True.

I began with a set of VPSes in Japan, but actually found connection to west-coast US much better. I think a lot of locals use nearby VPSes as proxies (I know I do), and so connections, particularly https, seem to be getting throttled and blocked more often. I got blocked due to someone else on my same IP range -- didn't bode well.

Serving through CDN, I see sub-1-second page loads over 3G to W coast US. All assets will be served from CDN edge locations so it should be OK. How that scales to full-time trading will be the real test though.

For comparison, BTCChina, when not behind CloudFlare, seems to be on an east-coast Linode.



For the Bitcoin server -- I looked; we began with a self-hosted solution. However, the only secure way I am really comfortable with is a dedicated server under my own control -- even whole-disk encryption means nothing on a VPS. The intermediate code is relatively backend-agnostic, so I can always go back to that route if needs be. Will possibly be adding alt currencies down the road, so would need to self-host anyway.  I think the biggest draw for blockchain.info is that we plan to market it as a secure solution -- are new users more likely to trust a(nother) new exchange, or one of the biggest players on the block? I know where my money would go. It will help me sleep at night too...

Because Bitcoin wasn't interesting enough already?!?!

Hmm the Chinese got wind of this things are about to hit the fan or things just got interesting
Also Everyone Defend the architecture they may try cheating
I would say if a 50% attack could be done lol 1 billion computers all together next golden shield

understandable.

so where will you be putting those servers?
if you're serving the mainland, then this is critical (us and eu are really out of the question)
i've done extensive testing in hong kong and singapore (still need to test from taiwan)
hong kong had the best performance, but signapore had the best infrastructure.



no it is not. but there in lies the challenge.
not a c programmer so i can't make any sense of bitcoind, but check out bitcoinj as well as bitcoinjs-server.

Thanks. The ICP is the crux of the issue with the hosting at the moment. We're working on it.... red tape is enormous and we don't want to rock the boat too early.

On the blockchain.info api... Let's see. It will be costing me more than self hosting since they charge transaction fees on moves. The record to date of people running their own isn't great. I'm prepared to fall back on my own.