Pages:
Author

Topic: is/was Bitcoinica a shady business...? (Read 2323 times)

hero member
Activity: 560
Merit: 500
May 14, 2012, 11:05:54 PM
#24
Well that is possible.

It's the first thing people cry when a site has it's bitcoins hacked and leaves the customers hanging.

I don't see why no one has brought it up in this case. I must be missing some obvious fact here.
vip
Activity: 490
Merit: 271
Well that is possible.

But what I think is that people really good at one thing think they are really good at other things. There is a reason there are 'pinch hitters' in baseball.

Plus Zhou didn't have the best PR consul here because it does look bad.

However, reading between the lines, I see it as him being shown the door with some respect for his accomplishments.

OR put another way: YOU'RE FIRED, but we'll let you resign.

Just a guess.
hero member
Activity: 560
Merit: 500
Can someone explain why this would not be possibe?:

Guy starts company
Guy sells company
Guy "hacks" said company and takes all the BTC
Guy announces he is leaving the scene soon after, claims his departure is not related to the hack.

I don't know Zhoutong or every fine detail of the full sorry, but from what I could skim over, this was a con worthy of an Oceans sequel.
hero member
Activity: 686
Merit: 500
Shame on everything; regret nothing.
I guess the professor thought that the letters themselves in the Sqrt command was the algo.

Yikes... what school do you attend??

There are different ways of solving sqrt. Which method is your algo using?

by use of Taylor series  Grin ...
...
not
vip
Activity: 490
Merit: 271
But anyone in the IT business (like myself) also knows that implementing IT security is expensive (especially in development time).

I think these costs are exaggerated most of the time. When building software with security in mind from the beginning, the required extra development time is almost negligible. The problem lies in many existing libraries and framework which are insecure by design, or where security was not considered during development. When these are used, securing the whole system becomes prohibitively expensive.

When thinking somewhat about that issue, it seems to be an instance of the same problem we're discussing here. Let me explain.

If Zhoutong and his friends had been "old style" coders, they'd picked a general purpose language and just some very basic libraries and built the whole distributed Bitcoinica application from ground up. And when considering the use of some additional framework, the'd spend days to weeks to understand that framework in and out. For example, they'd probably dissected the source code of the standard bitcoin daemon and replaced the Berkely DB by another database fitting better into the general picture. As an by-product the resulting system would have a reasonable amount of security built right into the core. Just brilliant -- now we're talking rather about several man months of work.  Undecided

But that's probably not what they did. (note, the following is just a guess. I might be wrong here!) They happened to know how to apply some web application toolkit set plus they happened to know how to use some cloud hosting service. So this was just a perfetly suitably skill set, allowing them to concentrate on coding up the finance mathematical part of the business. Thus, while the "proper coding craftsman" would still be dissecting other people's framework code and bothering about possible sublte concurrency and security issues, they where allready making money.

This is exactly the equivalent to trading on leverage. You achieve an impressively amplified effect by relying on borrowed knowledge and skills (living in the toolkits and services you use to code up your App). And according to the predominant opinion in the open source culture, that is actually the right thing to do. You know, the cathedral and the bazar.

And now something nasty happened and some script kiddy used a blatant security weakness to hack Bitcoinica. And all of a sudden, everyone yells and points with fingers upon both Zhoutong and the Bitcoin Consultancy, calling them unprofessional, sketchy and harmful for the Bitcoin idea.

So what are the criteria, and who judges?

--Ichthyo


At first, we should probably define what you mean by "old style coders". Does it mean that they refuse to use libraries in order to avoid duplicating effort? If so, I'd rather call these people "students", because that's what the typical student will do: Re-implementing something just for the sake of learning how it works. Not a bad decision for personal progress, but (as you stated correctly) not useful on a competitive market as it will take many extra months.

But this is not what I was talking about. A good coder who is serious about security does not refuse to use libraries. But he will choose secure libraries (also, secure programming languages, secure frameworks etc.) in order to get his stuff done. This may mean a little bit of extra time once in your life (at the point where you have to research what tool to use the first time), but when it comes to actually implementing a project, the extra time needed becomes negligible.

I think it is dangerous to spread the rumour that security is expensive or time-intensive because it leads to a "don't care" mentality in executives which would not be necessary if they were working with the right people.

However, I will not engage in speculations about how this relates to bitcoinica. It might well be that the developers used perfectly secure programming frameworks, and wrote their code diligently, having security breached by a mistake from their hosting platform, for example.

There are programs where it must be written from scratch, no libraries allowed.

A long time ago, a class was to come up with a challenge for the programming class. I suggested why not write the Sqrt algo. The teacher/professor said you could just use the sqrt command and that would be to easy. I guess the professor thought that the letters themselves in the Sqrt command was the algo.

Knowledge is being lost or diminished because of the reliance and trust in other people's work.

There are different ways of solving sqrt. Which method is your algo using?
full member
Activity: 170
Merit: 100
So what are the criteria, and who judges?

This one is simple, I think. The idea can be judged by its success. If it was a bad idea, it will fail sooner or later. I think we can go with such simple criteria because, due to bitcoin's open nature, scamming is much harder than with the traditional money system, thus people which don't do some useful service to the community will fail.
full member
Activity: 170
Merit: 100
I think they're shady, but for different reasons.

I suspect anyone that talks about regulating bitcoin. The whole point of bitcoin is to NOT be regulated. If people want to be "regis_tered" and "regulated", they can go be part of the current financial system.

Yeah but so many people lives in a fairy tale where governments serves people's interest.

When I see core members pushing for the law to recognize bitcoin... such a waste of energy...

Governments had to (and still have to) learn the hard way that they are not stronger than the internet, and that they have to bend to its mechanisms in order to stay in today's game. The same is happening with bitcoin right now. Like the internet, it is sufficiently self-regulating to succeed, and works more efficiently than the traditional mechanisms it replaces.

I think there is nothing wrong with working with the governments so they can understand bitcoin better. In fact, they need people willing to do that if they don't want to fail miserably. But when it comes to pushing for the law to recognize bitcoin, I must ask: Recognize it as what? Do we want it to be recognized as finance (and thus be subject to the same laws) even though it lacks many deficiencies traditional finance (as recognized by law) has? Can't we rather inherit the positive things from traditional finance, leave out the negative things, and just wait for what laws they think will be applicable for this new technology?
full member
Activity: 170
Merit: 100
But anyone in the IT business (like myself) also knows that implementing IT security is expensive (especially in development time).

I think these costs are exaggerated most of the time. When building software with security in mind from the beginning, the required extra development time is almost negligible. The problem lies in many existing libraries and framework which are insecure by design, or where security was not considered during development. When these are used, securing the whole system becomes prohibitively expensive.

When thinking somewhat about that issue, it seems to be an instance of the same problem we're discussing here. Let me explain.

If Zhoutong and his friends had been "old style" coders, they'd picked a general purpose language and just some very basic libraries and built the whole distributed Bitcoinica application from ground up. And when considering the use of some additional framework, the'd spend days to weeks to understand that framework in and out. For example, they'd probably dissected the source code of the standard bitcoin daemon and replaced the Berkely DB by another database fitting better into the general picture. As an by-product the resulting system would have a reasonable amount of security built right into the core. Just brilliant -- now we're talking rather about several man months of work.  Undecided

But that's probably not what they did. (note, the following is just a guess. I might be wrong here!) They happened to know how to apply some web application toolkit set plus they happened to know how to use some cloud hosting service. So this was just a perfetly suitably skill set, allowing them to concentrate on coding up the finance mathematical part of the business. Thus, while the "proper coding craftsman" would still be dissecting other people's framework code and bothering about possible sublte concurrency and security issues, they where allready making money.

This is exactly the equivalent to trading on leverage. You achieve an impressively amplified effect by relying on borrowed knowledge and skills (living in the toolkits and services you use to code up your App). And according to the predominant opinion in the open source culture, that is actually the right thing to do. You know, the cathedral and the bazar.

And now something nasty happened and some script kiddy used a blatant security weakness to hack Bitcoinica. And all of a sudden, everyone yells and points with fingers upon both Zhoutong and the Bitcoin Consultancy, calling them unprofessional, sketchy and harmful for the Bitcoin idea.

So what are the criteria, and who judges?

--Ichthyo


At first, we should probably define what you mean by "old style coders". Does it mean that they refuse to use libraries in order to avoid duplicating effort? If so, I'd rather call these people "students", because that's what the typical student will do: Re-implementing something just for the sake of learning how it works. Not a bad decision for personal progress, but (as you stated correctly) not useful on a competitive market as it will take many extra months.

But this is not what I was talking about. A good coder who is serious about security does not refuse to use libraries. But he will choose secure libraries (also, secure programming languages, secure frameworks etc.) in order to get his stuff done. This may mean a little bit of extra time once in your life (at the point where you have to research what tool to use the first time), but when it comes to actually implementing a project, the extra time needed becomes negligible.

I think it is dangerous to spread the rumour that security is expensive or time-intensive because it leads to a "don't care" mentality in executives which would not be necessary if they were working with the right people.

However, I will not engage in speculations about how this relates to bitcoinica. It might well be that the developers used perfectly secure programming frameworks, and wrote their code diligently, having security breached by a mistake from their hosting platform, for example.
hero member
Activity: 868
Merit: 1000
I think they're shady, but for different reasons.

I suspect anyone that talks about regulating bitcoin. The whole point of bitcoin is to NOT be regulated. If people want to be "regis_tered" and "regulated", they can go be part of the current financial system.

Yeah but so many people lives in a fairy tale where governments serves people's interest.

When I see core members pushing for the law to recognize bitcoin... such a waste of energy...
legendary
Activity: 1120
Merit: 1003
I think they're shady, but for different reasons.

I suspect anyone that talks about regulating bitcoin. The whole point of bitcoin is to NOT be regulated. If people want to be "regis_tered" and "regulated", they can go be part of the current financial system.

If bitcoin is for real, there is no doubt in my mind that the powers that be would be placing their people to control it. They have the resources to start large exchanges and other 3rd party services. They can make themselves the "hero members" on here very easily. Then use their pull in the community to start suggesting regulations and other bullshit to completely destroy the purpose of bitcoin.

Combined with the fact that the way they lost this last batch of coins is suspicious to say the least and their crappy communication about what happened, leads me to believe that the whole thing is a false flag and a way to rip people off.

vip
Activity: 490
Merit: 271
Quote
I am not trolling, I want to understand what makes the difference in the essence of things, when stripping away all that funny legislative and finanical terminology.

Place your bets. Is the terminology. You have 1:1 Odds to 10:1 Odds with the spread going to the House.
hero member
Activity: 602
Merit: 500
Let's say I rent out bicycles in a tourist area.  You as a tourist pay the deposit ... $100 deposit for an $80 bike.    While eating at at a restaurant the bike gets stolen from the bike rack out front.     All the locals know this happens.  I had nothing to do with the theft, but I knew it happens pretty often and didn't warn you.

Is what I did shady?

Hey, cool example.

Now, to apply the anarchistic decentral Bitcoin philosophy: then it was not shady, because the deaf average tourist could have just employed his f**ing common sense and either watch the rented bike better or not use and support your business. And when the majority of tourists just choose to ignore that danger and continue to rent your bikes, then, by definition your business would be acceptable.  Cheesy

hero member
Activity: 602
Merit: 500
But anyone in the IT business (like myself) also knows that implementing IT security is expensive (especially in development time).

I think these costs are exaggerated most of the time. When building software with security in mind from the beginning, the required extra development time is almost negligible. The problem lies in many existing libraries and framework which are insecure by design, or where security was not considered during development. When these are used, securing the whole system becomes prohibitively expensive.

When thinking somewhat about that issue, it seems to be an instance of the same problem we're discussing here. Let me explain.

If Zhoutong and his friends had been "old style" coders, they'd picked a general purpose language and just some very basic libraries and built the whole distributed Bitcoinica application from ground up. And when considering the use of some additional framework, the'd spend days to weeks to understand that framework in and out. For example, they'd probably dissected the source code of the standard bitcoin daemon and replaced the Berkely DB by another database fitting better into the general picture. As an by-product the resulting system would have a reasonable amount of security built right into the core. Just brilliant -- now we're talking rather about several man months of work.  Undecided

But that's probably not what they did. (note, the following is just a guess. I might be wrong here!) They happened to know how to apply some web application toolkit set plus they happened to know how to use some cloud hosting service. So this was just a perfetly suitably skill set, allowing them to concentrate on coding up the finance mathematical part of the business. Thus, while the "proper coding craftsman" would still be dissecting other people's framework code and bothering about possible sublte concurrency and security issues, they where allready making money.

This is exactly the equivalent to trading on leverage. You achieve an impressively amplified effect by relying on borrowed knowledge and skills (living in the toolkits and services you use to code up your App). And according to the predominant opinion in the open source culture, that is actually the right thing to do. You know, the cathedral and the bazar.

And now something nasty happened and some script kiddy used a blatant security weakness to hack Bitcoinica. And all of a sudden, everyone yells and points with fingers upon both Zhoutong and the Bitcoin Consultancy, calling them unprofessional, sketchy and harmful for the Bitcoin idea.

So what are the criteria, and who judges?

--Ichthyo
legendary
Activity: 2506
Merit: 1010
I am not trolling, I want to understand what makes the difference in the essence of things, when stripping away all that funny legislative and finanical terminology.

Let's say I rent out bicycles in a tourist area.  You as a tourist pay the deposit ... $100 deposit for an $80 bike.    While eating at at a restaurant the bike gets stolen from the bike rack out front.     All the locals know this happens.  I had nothing to do with the theft, but I knew it happens pretty often and didn't warn you.

Is what I did shady?
full member
Activity: 170
Merit: 100
But anyone in the IT business (like myself) also knows that implementing IT security is expensive (especially in development time).

I think these costs are exaggerated most of the time. When building software with security in mind from the beginning, the required extra development time is almost negligible. The problem lies in many existing libraries and framework which are insecure by design, or where security was not considered during development. When these are used, securing the whole system becomes prohibitively expensive.
full member
Activity: 170
Merit: 100
So Bitcoinica itself doesn't need to be "shady", but its current form allows shady business a place to operate.

This might be the most important question to ponder. If we really want the Bitcoin market to be that free/uncontrolled entity, only regulated by demand and supply, then it seems we've inevitably to accept the fact that surprising / upsettling / destructive actions occur within that market. On the other hand, if we want some kind of regulation, we should again think of building up centralised institutions, which turns us back into all those unsolved questions our current governmental and regulatory systems are suffering from.

I really like your thread. Yesterday I ws thinking about how much implicit democratic momentum bitcoin gives us without requiring any explicit regulation through laws etc. (see here: https://bitcointalksearch.org/topic/separation-of-powers-81367). Now the thoughts from this thread make me want to expand on this because it seems like bitcoin's nature, together with internet anonymity, creates yet another form of implicit regulation. If a company (be it bitcoinica or someone else) does something too risky, they will just go down when anonymity makes sure that there is no one they can blame or seek compensation from. This creates an incentive to build up solid business models and might prevent some avalanche effects we have (and experienced during the near past) on traditional financial markets.

My bottom line is: When a bitcoin company can afford to offer their service to anonymous users (ideally without any backdooring, like trying to lock out Tor proxies) and stays alive for a long time, their business model could probably be considered robust.
hero member
Activity: 602
Merit: 500
Well, this really has little to do with "banking".  Bitcoinica operates a type of contract for difference (CFD) marketplace.  In the U.S. for instance, CFD markets are not allowed due to OTC market restrictions by the SEC.  The foreign exchange that is offered in the U.S. differs from CFDs because cash is used to settle gains or losses from price movements of the CFDs whereas with forex spot, swap and futures transactions there is essentially a delivery requirement for the underlying asset.

if we accept those regulations as set in stone and dont question anything ever, then yes, there might be a difference somewhere in the formal definitions.

But my question actually aims at something more fundamental. We have Bitcoin, which is not regulated and not supposed to be just a carbon copy of an existing economy. There is no point hiding behind some U.S. regulations. I am asking about the essence of things.

Why is it shady, when there is just a virtual ballance
and why ist it "claean" when there is a promise of delivery (which is also just the promise to deliver something virtually, electronically).

What is the difference when Bitcoinica delivers the final gains as BTC redeemable code?
When I get a loan from my favorite real world bank, all I get is a redeemable code.

Why is the one thing "good" and "beneficial", while the other thing is "questionable"?

I am not trolling, I want to understand what makes the difference in the essence of things, when stripping away all that funny legislative and finanical terminology.

--Ichthyo
legendary
Activity: 2506
Merit: 1010
So basically this looks like any kind of banking business,

Well, this really has little to do with "banking".  Bitcoinica operates a type of contract for difference (CFD) marketplace.  In the U.S. for instance, CFD markets are not allowed due to OTC market restrictions by the SEC.  The foreign exchange that is offered in the U.S. differs from CFDs because cash is used to settle gains or losses from price movements of the CFDs whereas with forex spot, swap and futures transactions there is essentially a delivery requirement for the underlying asset.

hero member
Activity: 602
Merit: 500

...interesting read indeed.

Just to play "advocatus diaboli": Isnt, by that definition, a fractional reserve banking based business a "bucket shop": handing out paper money, assuming there was an actual transaction in the underlying currency, while actually they are just shoveling around virtual positions "in the bucket"?

okok -- I know, fractional reseve is official and there are laws, supervision and monitoring. But, to translate that into the world of Bitcoin, where there is no central authority: What exactly could be the criteria to define a business to be "shady" or "clean", "acceptable" or "being frowned upon" ?

-- Ichthyo
legendary
Activity: 1120
Merit: 1003

This might be the most important question to ponder. If we really want the Bitcoin market to be that free/uncontrolled entity, only regulated by demand and supply, then it seems we've inevitably to accept the fact that surprising / upsettling / destructive actions occur within that market. On the other hand, if we want some kind of regulation, we should again think of building up centralised institutions, which turns us back into all those unsolved questions our current governmental and regulatory systems are suffering from.


In the free/uncontrolled market, those destructive actions that occur are good and allow the market to correct itself (ie. I know I'm not trading there anymore).
Pages:
Jump to: