Topic: Yet another analyst :) - page 54. (Read 269580 times)

How will this break?

Relying solely on obscurity as a security measure is obviously braindead.
But those who are fanatically preaching that obscurity is not desired, you guys are also braindead.

Obscurity gives you always a tactical advantage.

When the professionals frown upon "obscurity" is when it is used as the only measure to protect something, like relying that nobody will be able to open an unlocked door in the room just because it is dark and nobody will be able to find there the door is located.
But obscurity is always a tactical advantage when there is good design is involved, like a really good lock like an ASSA Abloy in the door AND in the dark. When you get to the door, you know nothing about what the fuck they are using and you will waste a lot of time to figure it out in the first place. And on such a venture, you will probably trigger thousands of alarms.
It is a pain in the ass to attack a system that you know absolutely nothing about.

If the room had the light on the attacker can optimize his attack by being already prepared and studied the security measures in place.
That is called gathering intelligence.

The whole arms race relies on obscurity, even if the designs are amazingly spectacular. That's why top secret classified information even exists.
Yes, secure by design is vital, but when it is a high risk priority you must make private audits, not rely on the open source community.

Yes, nice reason to cashout :-) So, will we move to 50 again? :-) For what time i forgot... third or 5th..

You should factor in the bid depth on Mt. Gox order book. It hit an all time high today.

What do i do here... Between people who know shit about security, finances, trading basics... Oh. I just boring :-) Have some fun.

I think the problem with most published code is not that it was published, but that it was poor. I'm setting up an exchange soon and went through them with a fine-toothed comb. Each of the two main published codes had fairly obvious flaws -- both in terms of security and performance. One in particular had obvious contention problems dealing with user funds, and didn't use SQL transactions. Another ran up queries in loops without freeing results.

I'm planning for mine to hold up better. Happy to talk after I release. Key part of my strategy though is NOT to handle bitcoind in-house.

I see you never set up any serious financial service. Nothing to discuss here :-)

No, but the computer equivalent of most of that infrastructure is not part of the application code that is published.

I agree that the entire exchange setup (including server layout, firewalls, intrusion detection, etc.) should not be published, but for example an order matching engine would benefit greatly from being open source.  Multiple exchanges could use it and share improvements and bug fixes.  They will still have other components, but the engine itself can run as a service using a standard api like the json-rpc that bitcoind uses (or likely something more lightweight for efficiency).  Ideally, there would be multiple competing engines that various exchanges use.  Bugs always happen and they are found eventually for any lasting piece of software.... open source just helps them get found and fixed faster.

Regarding bitcoin-central, I wouldn't use Rails for an exchange though.... way too big of an attack surface.

I just say "rally" is very weak, still on bearish deviation territory and this is very weak even for bounce.

Down we go then ?

Very weak move up. Dead crosses/hooks everywhere. Volume divergences.

The spx had some nice trendline breakage today. "I am very excite"

https://bitcointalksearch.org/topic/bitfloor-issues-179135

bitfloor can be considered dead. How about coinlab? Oh that US exchanges...

Mt Gox 2.0?


Look, I don't know everything... but together we can figure this out.  Come have a look and throw down your thoughts:

https://bitcointalksearch.org/topic/the-next-mt-gox-mtgox-20-179147

I think i also replied to this stupid assertion elsewhere.

NOT IN CASE OF FINANCIAL SERVICE.

Did you saw any bank who gives all his internal security structure, security instructions, security camera's locations, etc to any desirous person?

I'm not sure, I would have to do some simple prototyping and testing, and then we could discuss target performance (X orders per second, with lag under Y milliseconds, etc).  We would also need to discuss what exactly you want built.  I'm booked for the next 3 weeks at least, but maybe after that I could look into it.  If you can put together a list of features and just label them required, desired, and optional I will put together a few quotes (all required only plus extra cost for each of the desired and optional features).  Again, it will be May 13th at the earliest before I could start looking at it.  PM me.



Security through obscurity is not security.  Nearly every server on the internet runs an open source OS and everything below the specific application is open source as well.

I'm not defending the bitcoin-central codebase though... it would need some work to be put to use on any scale.  I suppose I should have put that caveat in my previous post, so thanks for forcing the issue.

Don't make me laugh. They were hacked because their all internal structure was in open source!

Internal structure (and especially code!) public disclosing is absolutely unacceptable in financial services.

btce were also hacked when they trade out their software to private buyer.

It should be visible on daily chart and it is. There are no other time restirctions?

Yes, this is right. Exchange should have good both technical and financial/legal internals.