"Whew, wondered where we'd put those 200,000 BTC!"

[Lodewijk andré de la porte]

2014-03-22 16:55 GMT+01:00 Troy Benjegerdes <hozer at hozed.org>:

> If you think MtGox is incompetent, then show me the fucking code of a
> better
> exchange, or shut the fuck up. If you think you need 'money' to build such
> a thing, then you have even less of a grasp on the human factors than the
> banks do on cryptographic secrets.
>

The sad part is that I got scared away from the exchange business because I
thought it would be nearly impossible to get it 100% secure. And if it were
less then 100% secure, how could I take people's money?

I spent days feeling sick because I couldn't figure out a way to do
exchanges distributed over sufficiently geographically disperse points to
avoid trouble with a single government going mad. Then I realized the
Megaupload situation means that any US-ally country is susceptible to a
planned US-exercise.

Once I found that I cannot trust maybe 150 countries in the world with the
rest being mostly unsuitable, that turned into a bit of a problem. Suddenly
you find yourself thinking about how to get servers up in Iran, Irak,
India?, Morocco?, Laos?, Vietnam?, Cuba, Russia, China, North Korea
(scratch that) and maybe Iceland and some micronations.

You're thinking you can't trust others to set up the server, and you don't
want the costs, exposure and actual unsafety that comes with visiting all
America's enemies so you'll end up shipping wholesome servers to be loaded
straight into a rack.

Then you realize you're still not physically secure. The server itself is a
hotbox of 100% exposure. It's exceedingly unusual to want a physically
dispersed leaderless secure computing cluster with hot failover of a large
portion of servers (>49% is impossible, can't determine if you're being
fucked in the BGP).

If you let the box call homes first (homes is the list of other servers) it
can use it's already present crypto to prevent any possible MITM or
listening in. So that's good. Problem is a little liquid nitrogen,
connection on a bus or firewire port, etc. is enough to make the server
bleed information faster than the Titanic ate water. So you have to cut the
firefire connections (USB is okay and convenient AFAIC) and heat-conductive
epoxy the motherboard, RAM and a good margin around the CPU too (use a
taller and wider cooler than usual). Maybe even run some wires through it
to measure breach.

I have some additional ideas that are better obscure than open, but you get
the level of obnoxious. It's still not secure yet though, and that bothers
me a lot.

Then you find out Intel's chips have all sorts of hyperintelligence on it
to allow "remote administration" which just blew my fucking mind halfway
across the galaxy. "Dear NSA, have a backdoor into any PC that has a NIC.
Thank you for making us the industry leader, Kind regards\nX\nIntel". So
I'm thinking you'll probably want the beefiest ARM processor or maybe even
AMD (have to do more research). Of course a wiretap could expose the magic
packets, to prevent the NSA from being able to launder the exploit as some
more simple hack that doesn't point the finger at them. And then their
ability here couldn't be used because they want to reserve it for, you
know, WW3 time (hey China).

Once you have your physical platform you have to make sure the software is
okay. I found that it's entirely impossible to not trust your compiler. And
the likelihood of cutting yourself is way too high with low level
languages. I've so far permitted myself to use Node.js, and I feel plenty
bad about that. You can not trust your SSL unit. You can not trust any
library or database software. But you have to, because you can't do better.
(I did go for OpenBSD, although many things required hand compilation which
I wasn't familiar with )

By now I'm a week further in worrying and researching, I'm sweating more at
night, I don't feel comfortable using my own computer anymore, I don't
understand why the world isn't a chaotic place where no computer ever is
not hacked out of it's guts. I realize it's probably because nobody is
motivated and smart enough to go through the effort, and then also doesn't
get caught except for those that'd pay a high price to hide their
capabilities, which is why you'd never notice.

Knowing all this I quite damn well decided I couldn't make a secure and
reliable centralized exchange. No distributed exchange would earn me a
profit, which I'd need to produce more software to help other people's life
better, so that wouldn't really help either. Aside from the fact that it
would not be popular because it'd be slower and less easy than a "central"
exchange.

Overall I decided I respect greatly the people that take on this challenge.
This was over a year ago.


Looking at the hacks that happen I'm mostly shocked to find the level of
stupidity. Shocked as much to see how long things just go on without
significant trouble. MtGox failing because money dissapeared over the
years... That was shocking at an unbelievable level. The first thing would
be a BIG CLOCK in the office, showing total supposed amount of Bitcoin
according to the servers and the total amount supposedly in wallets
according to the Blockchain. If not that than at least an alarm on a
dedicated phone, e-mails and a message on the admin interface (if you have
one). Somehow they had none of those. I'm amazed. This is just an aspect.
They run Ubuntu (thick stack linux) and PHP (thick stack webserver), which
are illogical choices. The list goes on.


So I think I'm capable of making an exchange platform that's far better
than what's out there right now. And I will once I have time (I really
don't have it right now, life is such a fuzz).

I still question if it'd be used by anyone. But at least I can try.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7368 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140323/a016f804/attachment-0001.txt>