Topic: Open letter to GLBSE operators and developers. (Read 5969 times)

This thread makes me sad now...

Looks like a lot of progress has been made.

Congrats.

Glad to see you are back and working

If you setup a good enough API, you won't even need to worry about the frontend; anyone would be able to write it.  If you build a restful API that returns JSON, it wouldn't be too hard for any third party to write their own clients.

I have been working on my own namecoin project, but I think GLBSE is more important.  I would be willing to work on a front-end.  I prefer python or PHP, but I have recently started playing with backbone.js.  I just recently found http://brunch.io/.  In a version or two, I think it would be perfect for a javascript client.

In fact, a couple days ago I was looking at how you were doing auth and started to implement a very similar system in a brunch site.

Thank you for the suggestions and interest. It's clear that there is still demand for the crypto side of things.

So I'll keep the current system available as is while bringing out the new one, with the goal of having a hybrid system.

Sadly I wont be able to continue development of the in-browser client (the current web client) as it's beyond my Javascript ability, and I've not been able to find someone else who can move it along. So I'm going to have to either find someone else to do so or find a way around it.

The techniques used ARE secure as far as the cryptographic tools being used themselves are. But usability is terrible and development is considerably more difficult than a more classical system.

Also under the current system, when I'm paying attention a lot of my time is taken up with support for quite basic issues. I don't know how many people have gone and locked themselves out of their accounts (lots is the correct answer) but it's prone to mucking up across a number of steps. Often users don't even know their account numbers so I spend hours trying to get bits of information from them to use to identify their accounts.

So my focus is on a very easy to use system, this will take care of the non-crypto experts. Following that when I've covered basic needs and GLBSE is able to operate without me having to watch over EVERYTHING then I'll start on the crypto side.

I will certainly attempt to improve a whole host of elements and aspects including share issuer/ holder communication.

With regards to people being rewarded for buying fake shares of GLBSE, that is partially my own fault as I had not reserved the ticker symbol, it was a social engineering attack that worked. At the end of the day it's social engineering that is the easiest and often (not always) most effective form of attack which can bypass the best crypto.

Please bear in mind that roughly only 20btc worth of shares had been sold, and that GLBSE will be made available to the public early in the new year.

The problem was that a ratings agency was supposed to spring up, and do all the checking on new assets on the exchange but that never materialised, there was a blog that did reviews but I don't know how popular that became. It's probably because GLBSE hasn't hit critical mass because it's difficult to use.

I want to say that I think GLBSE is awesome. I think the security techniques used are innovative and smart (although I don't know much about security). Ease of use is definitely lacking, but I feel like that could be vastly improved just by better documentation.

That said, I think it makes sense to give people the option to forgo those security measures and leave their account information in the hands of the website, protected only by a username and password. I agree with the other suggestions that a hybrid of the two would be ideal.

As long as we're telling Nefario what we'd like for Christmas, here's my wishlist:

• Some way to communicate with shareholders. Even a simple one way messaging system (operator to shareholders) would be a huge improvement. A two way system, or a message board visible only to those that own shares would be even better, I think.
• Some way for the operator to identify the shareholders. The idea of asking a shareholder to put up a sell order with a specific price is clever, but a more straightforward method would be nice. Perhaps a listing of the account public keys and number of shares held by each. Shareholders could then prove who they are using their private key or something (again, I'm no security expert).
• Along the same lines, a way for operators to know who their shareholders are and how many shares they currently hold even if GLBSE is down. I imagine this could be done with a public transaction log like the block chain, and offsite public backups of that log. If GLBSE completely disappeared one day, I could at least know who is owed what and settle up with the shareholders outside of GLBSE.

Yeah..  I didn't like that part very much either..

I did the same. It annoys me that users who did not do their DD (even just checking the signature on the contract) and bought the fake asset have now been rewarded for their foolishness with partial ownership of GLBSE, which is not otherwise publicly available.

A couple features I'd love to see:

-- a transaction history of my BTC balance including all deposits, withdrawals, purchases, sales, and received dividend payments.
-- a received dividends history for each of my assets (and an aggregate)

I agree.  There's not a huge need to change the current in-browser encryption, just fix the interface.  

For example, have users set up a normal server-side website account with username and password.  When I'm in this account, I can see all my "trading accounts", which hold my assets.  These trading accounts are stored encrypted server-side. If a good passphrase is used, they are useless to someone breaking in.  When I want to use one of the trading accounts, I enter my passphrase and the account is decrypted client side, and I can use it, much like I currently can.

Then fix all the other UI stuff like making it easy to list and search all assets, see history and charts for them, etc.

+1. Of course, the general aspect and usability of the web interface could be (much) improved, but the system is very good as it is.

The encryption tools / techniques are awesome man.  Don't throw away your idea because some people don't understand.  Maybe a hybrid of the two ideas, but don't go completely fluffy.  I saw the fake GLBSE stock checked BG, your public key, anything I could find, and was like nope this is not nefario/glbse/BG.  That is a huge benefit to the systems architecture.  It also allows organizations that may not be able to publicly disclose exactly who they are to trade on the platform with trust.  I think that is extremely valuable. 

Here we come to the problem of the architecture of GLBSE along with the timing of my absence. Contracts never could be changed,  I had intended to add that functionality and told senbonzakura this WAS going to be the case. Of course I went missing at that time.

So anyway, the new version of GLBSE will not include any of the encryption tools and techniques of the old one, simply put it's going to be a stock exchange with ease of use being the number one priority, with the second being security.

So a way to settle this contract changing business is to state what percentage of a vote(or shareholders) is required to change the terms of the contract. This then becomes a part of the contract terms so that buyers can know before buying that a contracts terms can be changed (to something they don't like) if it states so.

With the exception of 100% approval being required for a change this is always going to be the case.

The current version of GLBSE is incredibly inflexible, and I'm racing to get it replaced.

Nefario.
 

I am communication privately with him, to minimize the amount of public debate. He seems to be taking a reasoned approach, and I am prepared to give it some time to see what happens.

Whoa! This is a contract and an agreement between the Fund and the asset owners. Discussions on a forum, or notices on outside websites, unless specifically referenced in the contract do not affect that contract. SLV and the operating entity need to address the question of selling something completely different than the the contract that represented the item offered for sale on the GLBSE. I purchased shares based on the contract description on the GLBSE, at that point going forward the entire body of the agreement was that contract, not a discussion thread here or elsewhere.

If Nefario is willing to change a contract, that change should only be considered after a majority vote of the owners of the Fund. I can categorically state that my 5% ownership of the shares of the Fund will not support a vague liquidation based on a conversion of the asset that was not permitted under the terms of the asset contract. I expect my shares to be backed by physical silver, as stated in the contract, or with prudent re-investment in the Fund, with full distribution of the profits of liquidating the physical silver as described in the contract. Those are the only two things permitted by the contract that I purchased shares of.

I don't like this. What if 60% of the asset holders agree to change the contract in a way that makes the holdings of the other 40% meaningless?
When I buy a single piece of an asset, it should be invariant and immutable, regardless of what anybody else wants to change about it in the future.

Contracts that require certain policy changes (e.g. portfolio policy) should manage this particular aspect by votes, but the changes should not be done over the contract, but in other 3rd party place.

For some reason I can't reply to that topic.

I don't think that shares should be editable after they're issued. It is a contract that you cannot change ... otherwise, it would be worthless.
If you want to change the contract, you should issue a new share, and convince people to switch old shares for new shares, until only you own all shares.

A good number of the locked accounts support issues have now been taken care of. There are a couple still outstanding.

I will provide a way to include user verification with share listings, it will be made optional but clearly labelled as missing verification.

Exactly and it is entirely possible completely opaque deals will exist. For example I could create a contract, provide no details, and issue 100 very opaque shares.  Now the public market value of these shares will be essentially nil but based on outside private information it could have robust anonymous trade.

Those who want to benefit from public market pressure will likely need to provide verification of identity, company registration, and assets in order to bolster the price.  Those who don't need those benefits and simply wish to leverage the GLBSE infrastructure to handle private dealings can do so also by submitting opaque unverified contracts.

Hmm, for some reason I was under the impression you were annonymous. That's great to hear.
You might want to strengthen that with a public photo ID ... you know, similar to what I believe you're planning to request issue holders. Not saying it's mandatory or anything, but just that writing a name on a website doesn't prove anything.


Great - just make sure there's someone you trust that can at least answer some support calls if needed.


I think this should be your #2 priority (#1 being resolving current support issues / downtimes) - it makes all the difference in the world. From what I've seen so far, I think there are a lot of people in the community and outside of it that would strongly consider it, if you made an effort to reach out for them. Finding a co-founder for GLBSE should not be a hard problem. A public blog post about it would be a a great kickstart.

I'm also interested in hearing your thoughts about re-architecturing GLBSE around a new decentralized stock exchange backend. GLBSE could provide the nice UI and verification services, while the stocks and Bitcoin themselves are not controlled by GLBSE.

I hope all my advice are not taken as condescending - I would really like to see GLBSE take off.

All the best,
ripper234 AKA Ron Gross