Interesting, but why use ruby instead of a typed language? 
hmmm 
it's quite difficult
Topic: Let's deploy free open-source crypto-exchange in 15 minutes (Read 499 times)
it's quite difficult
Open source isn't so bad for almost everything. I'm led to thinking that everything somehow starts from open source. If one really needs to run proprietary software, they can start from scratch and implement their own.
I think there is no need to be so negative about open source exchange software code. Free licenses always clarify that the responsability for any damage due to malfunction (which includes hacking) is exclusively of the persons that use it. So: If you don't have the skills to run an exchange, then don't do it, be it with open source or a custom implementation (exception: if you out-source the entire maintenance task to a skilled team).
However, OP, I think the title of this thread is also a bit irresponsible. If you claim that an exchange can be "deployed in 15 minutes", then you make certain people believe that exchange operation is easy and doesn't require special skills. It may make only reference to the time it takes to install. But the psychological connotations unfortunately are clear (short == easy) and thus the title can be confusing.
So I would strongly recommend to change the thread title and add perhaps a warning to the OP. Otherwise, good luck with the project.
However, OP, I think the title of this thread is also a bit irresponsible. If you claim that an exchange can be "deployed in 15 minutes", then you make certain people believe that exchange operation is easy and doesn't require special skills. It may make only reference to the time it takes to install. But the psychological connotations unfortunately are clear (short == easy) and thus the title can be confusing.
So I would strongly recommend to change the thread title and add perhaps a warning to the OP. Otherwise, good luck with the project.
Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Well, on the other hand anyone who goes for an open source exchange to run their platform as if it were just another WordPress site is probably better off that way than trying to cobble their own custom solution. Whether one should use such an exchange is a different question of course, but if one is not to be stopped from running an exchange of their own, using an open-source platform might be the lesser evil. Even without having looked at the code of this project I'm fairly certain crypto has seen worse exchanges in terms of security. Not that the bar has been set that high, unfortunately.
In our experience over the past years, the dreaded code vulnerabilities - the major blame, have not even been remotely close to the source of issue as the human factor.
When another exchange claims it "got hacked" it's just management tampering with the wallets, and that's about it.
thank your for the project!but if i may ask why did you choose to make it as an open source project?
Thank you for the interest
We believe the open-source is the way to proceed, same as Blockchain's transparency.
But the major point is that you own your software, and are free to change it, unlike closed projects, where you have no idea if you are actually on a shared service or not and have no access to repositories, being hostage to the code provider.
thank your for the project!but if i may ask why did you choose to make it as an open source project?
Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Well, on the other hand anyone who goes for an open source exchange to run their platform as if it were just another WordPress site is probably better off that way than trying to cobble their own custom solution. Whether one should use such an exchange is a different question of course, but if one is not to be stopped from running an exchange of their own, using an open-source platform might be the lesser evil. Even without having looked at the code of this project I'm fairly certain crypto has seen worse exchanges in terms of security. Not that the bar has been set that high, unfortunately.
Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.
People think that open source is the answer to everything just like they think that the Blockchain can be implemented into everything and greatly benefit it but that is not true for the majority of the cases presented. Although I normally am an advocate for open source software exchanges are one of the exceptions to this. You do not publish the code on the internet when you are storing hundreds of thousands on your exchange. If you were to do this you would be exposing your code to many more black hat hackers than you would if you kept it closed source. You would also encourage white hats to commit to your code and make it better in that way but the risk of black hat hackers getting into your system is way too great. The better option is to only have trustworthy members in the community open exchanges with a multisig address that acts as an insurance if everything fails and the exchange is breached. This multisig should be handled by people who are separate to the exchange but have handled more than what is in the fund while being extremely trusted members of the community. This is extremely complicated and has its downfalls for sure but would be a better alternative to openly distributing your code online when it is responsible for holding hundreds of members funds.
Any exchange that opens should be tested by multiple penetration testers before its released to the public.
Open source is simply a philosophy, in my opinion, and anyone who makes software and wants to make it open source, simply subsribes to the idea that the crowd knows best and the crowd finds bugs faster, and fixes them faster, and that gathered intelligence makes for better innovation than solestanding development.
I think simply using open source because it is, that gets you in trouble. The piece of software still needs people looking at it and using it, and trying to debug it, for it to benefit from being open source.
But to get that benefit, you do have to open source.
Closing your software for security is the argument used by MS in the 1990s. But maybe this DAX doesn't even store anything?
I get your point, but I think you might be mistaken that open source compromises people's accounts. Hackers find loopholes and hack closed source systems all the time anyway. And with closed source, you wouldn't even know they exist until a huge hack is discovered. But at least with open source, the bugs are usually found and loopholes identified and informed to the devs BEFORE they are made public. That's kind of part of the whole point isn't it?
Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.
People think that open source is the answer to everything just like they think that the Blockchain can be implemented into everything and greatly benefit it but that is not true for the majority of the cases presented. Although I normally am an advocate for open source software exchanges are one of the exceptions to this. You do not publish the code on the internet when you are storing hundreds of thousands on your exchange. If you were to do this you would be exposing your code to many more black hat hackers than you would if you kept it closed source. You would also encourage white hats to commit to your code and make it better in that way but the risk of black hat hackers getting into your system is way too great. The better option is to only have trustworthy members in the community open exchanges with a multisig address that acts as an insurance if everything fails and the exchange is breached. This multisig should be handled by people who are separate to the exchange but have handled more than what is in the fund while being extremely trusted members of the community. This is extremely complicated and has its downfalls for sure but would be a better alternative to openly distributing your code online when it is responsible for holding hundreds of members funds.
Any exchange that opens should be tested by multiple penetration testers before its released to the public.
Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Just look at the Issues on github.
One person doesn't know how to add a new currency.. but obviously believes he is capable of running an exchange
Another person can't even get the software to run.. and even worse.. then another one suggests him to give the user running the service root permissions
People using such open source software to get an exchange running are asking to lose money. Either by the developer through built in vulnerabilities or through other script kiddies.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Just look at the Issues on github.
One person doesn't know how to add a new currency.. but obviously believes he is capable of running an exchange
Another person can't even get the software to run.. and even worse.. then another one suggests him to give the user running the service root permissions
People using such open source software to get an exchange running are asking to lose money. Either by the developer through built in vulnerabilities or through other script kiddies.
IOU 1+ merit for that post.
I could not agree more
Anyone who truly wants to run an exchange shouldn't touch those open source 'exchanges' at all.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Just look at the Issues on github.
One person doesn't know how to add a new currency.. but obviously believes he is capable of running an exchange
Another person can't even get the software to run.. and even worse.. then another one suggests him to give the user running the service root permissions
People using such open source software to get an exchange running are asking to lose money. Either by the developer through built in vulnerabilities or through other script kiddies.
Even if we assume that the author did not include an intentional vulnerability which wouldn't be found by a code review (which we shouldn't assume at all),
how would you think you'd handle occurring issues ? Outdated software, new vulnerabilities, etc.. ?
People who have the bankroll and want to run an exchange, get a customized software built for them for several 10k / 100k $.
People who don't have any clue at all, use free open source software. Then they either get hacked or lose funds because of other unforeseen issues.
Just look at the Issues on github.
One person doesn't know how to add a new currency.. but obviously believes he is capable of running an exchange
Another person can't even get the software to run.. and even worse.. then another one suggests him to give the user running the service root permissions
People using such open source software to get an exchange running are asking to lose money. Either by the developer through built in vulnerabilities or through other script kiddies.
is this rubekube fork? what are main differences?
Yes thank you - there are links to the tutorials in the very first post.
We also have a tutorial video on a channel, but it needs more final edits and tuning, will do after the holidays
Doing a video to explain how the whole platform works makes sense - I will see if we can do one.
You know how it goes - everyone loves coding, but when you ask guys to make a full documentation or a video, everybody running away
We also have a tutorial video on a channel, but it needs more final edits and tuning, will do after the holidays
Doing a video to explain how the whole platform works makes sense - I will see if we can do one.
You know how it goes - everyone loves coding, but when you ask guys to make a full documentation or a video, everybody running away
You should make some sort of how to article, maybe with an almost or actual example (minus the personal details), maybe a short video showing how the whole thing works.
Is this based on Rubykube software?
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?
Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data. It's not something to just go out and start an exchange there are a lot of things a user should factor in.
*EDIT*
On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.
Link to original source : https://github.com/rubykube/microkube
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?
Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data. It's not something to just go out and start an exchange there are a lot of things a user should factor in.
*EDIT*
On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.
Link to original source : https://github.com/rubykube/microkube
We are the guys who did RubyKube
We call it OpenDAX now
Kinda cooler, don't you think?But yeah, technical stuff aside - you need a good business logic if you want to run a financial exchange platform.
Why did you change from RubyKube?
It might be a good idea to state this in the main post or like I did people may think the projects are non-related.
I actually liked the name RubyKube was quite catchy.
Anyway I wish you guys the best of luck with the project I did have a poke around your github and play about with RK in the past.
Yeah it was a nice name, but kinda wanted to grow. Maybe we'll do something funky with it.
It hasn't been updated in a while now, coz we moved forward to OpenDAX and stuff. Still nice to see people remember RubyKube!
Ah thank you so much!
Is this based on Rubykube software?
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?
Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data. It's not something to just go out and start an exchange there are a lot of things a user should factor in.
*EDIT*
On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.
Link to original source : https://github.com/rubykube/microkube
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?
Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data. It's not something to just go out and start an exchange there are a lot of things a user should factor in.
*EDIT*
On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.
Link to original source : https://github.com/rubykube/microkube
We are the guys who did RubyKube
We call it OpenDAX now
Kinda cooler, don't you think?But yeah, technical stuff aside - you need a good business logic if you want to run a financial exchange platform.
Why did you change from RubyKube?
It might be a good idea to state this in the main post or like I did people may think the projects are non-related.
I actually liked the name RubyKube was quite catchy.
Anyway I wish you guys the best of luck with the project I did have a poke around your github and play about with RK in the past.
Is this based on Rubykube software?
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?
Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data. It's not something to just go out and start an exchange there are a lot of things a user should factor in.
*EDIT*
On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.
Link to original source : https://github.com/rubykube/microkube
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?
Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data. It's not something to just go out and start an exchange there are a lot of things a user should factor in.
*EDIT*
On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.
Link to original source : https://github.com/rubykube/microkube
We are the guys who did RubyKube
So we call it OpenDAX now
Kinda cooler, don't you think?But yeah, technical stuff aside - you need a good business logic if you want to run a financial exchange platform.
Is this based on Rubykube software?
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?
Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data. It's not something to just go out and start an exchange there are a lot of things a user should factor in.
*EDIT*
On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.
Link to original source : https://github.com/rubykube/microkube
The reason I ask is there is very few projects that use ruby for this type of thing and we have seen RubyKube in the past I wondered if this was based on that project?
Also running something like this takes a lot of skill and time, End of the day if people use it your dealing with customer funds and need to be aware of security processes to protect wallets and user data. It's not something to just go out and start an exchange there are a lot of things a user should factor in.
*EDIT*
On further inspection this seems to be a clone of RubyKube's, MicroKube system I would advise anyone looking to use this to compare it to the ORIGINAL source as the author of this topic has failed to tell you this is a clone of RubyKube.
Link to original source : https://github.com/rubykube/microkube
Interesting, but why use ruby instead of a typed language?
A question of preference, really
Ruby is elastic and dynamic, which is a good property to have for building gazillion plugins to support any blockchain and such.
That being said, for very important components we use Go, which is typed.
Interesting, but why use ruby instead of a typed language?
Jump to: