Author

Topic: How to avoid another MtGox Affair (Read 1189 times)

sr. member
Activity: 350
Merit: 250
June 22, 2011, 06:55:01 PM
#10
MtGox clones should use CloudFlare, which filters DDOS and SQL/XSS attacks before returning clean traffic to your site. Combine that with Banshee secure PHP and Hiawatha serving up pages on separate partitions with nosuid/noroot/ect limited access, wrappers instead of direct database calls, and apparmor for protection instead of chroot (or could use both) and should be good2go.



newbie
Activity: 13
Merit: 0
June 21, 2011, 08:49:25 PM
#9
Check out what this guy has to say on an inter-bank exchange mechanism. http://www.reddit.com/r/Bitcoin/comments/i5lnj/mtgoxs_demise_provides_an_opportunity_to/
newbie
Activity: 14
Merit: 0
June 19, 2011, 11:53:56 PM
#8
I am not sure that having more exchanges would prevent future MtGox-like incidents. Having too many exchanges creates different types of problems, for example:
1. if any script-kiddie can start an exchange tomorrow, security will be worse, not better.
2. building a secure open-source codebase is difificult, requires many COMPETENT contributors, and takes time. meanwhile, what prevents a hacker from exploiting weaknesses found in the code (which would be, of course, open and public). this is NOT the Linux community, with thousand of geeks eyeballing the soure code looking for love and honor, not money  Cheesy
3. the user base being relatively small, too many exchanges could fragment the market to the point where the price would fluctuate a lot simply because of fragmentation.
newbie
Activity: 13
Merit: 0
June 19, 2011, 11:15:13 PM
#7
Bitcoin is secure.. the miners, the client. The node based system that it is.

Maybe a sister Node based exchange?

I'm not sure. I don't know if this is a scalability problem that will become chronic or if we just have a temporary problem to overcome.

There really shouldn't be any particular exchange that should have this kind of power to completely degrade the value of the currency. This seems like a really critical point of failure. It may be simply because there are only so many resources available, as far as volunteers and entrepreneurs who are available to deploy labor and capital, and thus temporary. I fear there is a small potential for this to become an ongoing problem, as I suspect the natural state of the market may eventually prefer only a handful of exchanges.

Maybe we need to adapt to this threat and build something into the system so there are no too big to fail nodes in this network?
newbie
Activity: 14
Merit: 0
June 19, 2011, 10:44:33 PM
#6
I'm just throwin' some ideas out there to chew on, so here's something else...

We already have this concept of a node in the P2P network, which is essentially a machine running the Bitcoin client. And that Bitcoin client has a certain role in all this, which is well established. Maybe we need to introduce some sort of new concept. Perhaps a collection of nodes could act as exchanges.

Part of the problem, with regards to scalability, is staying within the limits of the $1,000/$10,000 trading rule.

One way to work within that limit is to make it easier to build exchanges, such as I suggested with some sort of OS framework that could be easily implemented, both quickly and cheaply.

Or, perhaps we need to add some new concept to the P2P network, where the work of the MtGox type exchanges could be off-loaded to some sort of anonymous, decentralized network. I'm sort of weak on implementation ideas on that option though.



well... real markets do have safeguards in place (automated) that if something like this were to happen everything would be suspended pretty quickly and locked down, specifically because of something like this happening.

newbie
Activity: 14
Merit: 0
June 19, 2011, 10:42:44 PM
#5
being that much higher profile website useraccounts have been exploited recently (paypal, facebook, twitter, sony online etc) this is just par for the course at the moment in my opinion, the amount of security at mtgox is kind of a joke with the amount of money being thrown around it to be honest.


Right, I agree, this is not some sort of signal about the failure of bitcoin, this is about the failure to apparently provide adequate security at one particular exchange. The real negative in all this is that having just one web site compromised caused such havoc in BTC value and trade volume. If we're gonna run a decentralized network, then let's run a decentralized network.

Yea I see what you are saying, at the moment tho I agree with the other poster and you that they might want to get some people like was said to work together and get a framework established and start using that framework to create other exchanges, since by the looks of it mtgox's programmers well... noone should have trusted them with real money by what i've seen.

newbie
Activity: 13
Merit: 0
June 19, 2011, 10:41:11 PM
#4
I'm just throwin' some ideas out there to chew on, so here's something else...

We already have this concept of a node in the P2P network, which is essentially a machine running the Bitcoin client. And that Bitcoin client has a certain role in all this, which is well established. Maybe we need to introduce some sort of new concept. Perhaps a collection of nodes could act as exchanges.

Part of the problem, with regards to scalability, is staying within the limits of the $1,000/$10,000 trading rule.

One way to work within that limit is to make it easier to build exchanges, such as I suggested with some sort of OS framework that could be easily implemented, both quickly and cheaply.

Or, perhaps we need to add some new concept to the P2P network, where the work of the MtGox type exchanges could be off-loaded to some sort of anonymous, decentralized network. I'm sort of weak on implementation ideas on that option though.

newbie
Activity: 13
Merit: 0
June 19, 2011, 10:35:01 PM
#3
being that much higher profile website useraccounts have been exploited recently (paypal, facebook, twitter, sony online etc) this is just par for the course at the moment in my opinion, the amount of security at mtgox is kind of a joke with the amount of money being thrown around it to be honest.


Right, I agree, this is not some sort of signal about the failure of bitcoin, this is about the failure to apparently provide adequate security at one particular exchange. The real negative in all this is that having just one web site compromised caused such havoc in BTC value and trade volume. If we're gonna run a decentralized network, then let's run a decentralized network.
newbie
Activity: 14
Merit: 0
June 19, 2011, 10:31:33 PM
#2
being that much higher profile website useraccounts have been exploited recently (paypal, facebook, twitter, sony online etc) this is just par for the course at the moment in my opinion, the amount of security at mtgox is kind of a joke with the amount of money being thrown around it to be honest.
newbie
Activity: 13
Merit: 0
June 19, 2011, 10:24:43 PM
#1
The primarily problem with this MtGox Affair is not that some poorly secured web site got hacked, the problem is that there are too few exchanges.

I propose we need to talk about the possibility of building some sort of open source, out of the box Bitcoin exchange solution. Maybe it needs to be some sort of toolkit, some sort of framework, or maybe some full blown system that you can get up and running quickly, and then make it easy for implementers to improve upon their exchange with contributions from the OS community.

In addition to immediately making it easier for far more exchanges to exist, this would allow for greater trade volume and increased liquidity, given the $1,000/day-$10,000 month rule.

This may sound ambitious, but not so much given that someone has already done a great deal of work to produce such an OS product -- MtGox.

I'm thinking that perhaps MtGox should be asked to release their framework to the public. Let us fix it and let's just get on with this thing. Because, let's face it, their reputation is absolutely trashed. But if we can bring transparency into the game, I have no reason not to trust a brand who has a product that I am capable of auditing.

Thoughts?

(Speaking as programmer of 10 years -- lots of experience with PHP, MySQL, JavaScript (Dojo. jQuery, Prototype), HTML, CSS)
Jump to: