"Whew, wondered where we'd put those 200,000 BTC!"

tpb-crypto at laposte.net tpb-crypto at laposte.net
Sat Mar 22 19:14:02 PDT 2014

> Message du 23/03/14 02:46
> De : "Lodewijk andré de la porte" 
> A : "Troy Benjegerdes" 
> Copie à : "cypherpunks at cpunks.org" 
> Objet : Re: "Whew, wondered where we'd put those 200,000 BTC!"

> 2014-03-22 16:55 GMT+01:00 Troy Benjegerdes :
> > If you think MtGox is incompetent, then show me the fucking code of a
> > better
> > exchange, or shut the fuck up. If you think you need 'money' to build such
> > a thing, then you have even less of a grasp on the human factors than the
> > banks do on cryptographic secrets.
> >
> The sad part is that I got scared away from the exchange business because I
> thought it would be nearly impossible to get it 100% secure. And if it were
> less then 100% secure, how could I take people's money?
> I spent days feeling sick because I couldn't figure out a way to do
> exchanges distributed over sufficiently geographically disperse points to
> avoid trouble with a single government going mad. Then I realized the
> Megaupload situation means that any US-ally country is susceptible to a
> planned US-exercise.
> Once I found that I cannot trust maybe 150 countries in the world with the
> rest being mostly unsuitable, that turned into a bit of a problem. Suddenly
> you find yourself thinking about how to get servers up in Iran, Irak,
> India?, Morocco?, Laos?, Vietnam?, Cuba, Russia, China, North Korea
> (scratch that) and maybe Iceland and some micronations.
> You're thinking you can't trust others to set up the server, and you don't
> want the costs, exposure and actual unsafety that comes with visiting all
> America's enemies so you'll end up shipping wholesome servers to be loaded
> straight into a rack.
> Then you realize you're still not physically secure. The server itself is a
> hotbox of 100% exposure. It's exceedingly unusual to want a physically
> dispersed leaderless secure computing cluster with hot failover of a large
> portion of servers (>49% is impossible, can't determine if you're being
> fucked in the BGP).
> If you let the box call homes first (homes is the list of other servers) it
> can use it's already present crypto to prevent any possible MITM or
> listening in. So that's good. Problem is a little liquid nitrogen,
> connection on a bus or firewire port, etc. is enough to make the server
> bleed information faster than the Titanic ate water. So you have to cut the
> firefire connections (USB is okay and convenient AFAIC) and heat-conductive
> epoxy the motherboard, RAM and a good margin around the CPU too (use a
> taller and wider cooler than usual). Maybe even run some wires through it
> to measure breach.
> I have some additional ideas that are better obscure than open, but you get
> the level of obnoxious. It's still not secure yet though, and that bothers
> me a lot.
> Then you find out Intel's chips have all sorts of hyperintelligence on it
> to allow "remote administration" which just blew my fucking mind halfway
> across the galaxy. "Dear NSA, have a backdoor into any PC that has a NIC.
> Thank you for making us the industry leader, Kind regards\nX\nIntel". So
> I'm thinking you'll probably want the beefiest ARM processor or maybe even
> AMD (have to do more research). Of course a wiretap could expose the magic
> packets, to prevent the NSA from being able to launder the exploit as some
> more simple hack that doesn't point the finger at them. And then their
> ability here couldn't be used because they want to reserve it for, you
> know, WW3 time (hey China).
> Once you have your physical platform you have to make sure the software is
> okay. I found that it's entirely impossible to not trust your compiler. And
> the likelihood of cutting yourself is way too high with low level
> languages. I've so far permitted myself to use Node.js, and I feel plenty
> bad about that. You can not trust your SSL unit. You can not trust any
> library or database software. But you have to, because you can't do better.
> (I did go for OpenBSD, although many things required hand compilation which
> I wasn't familiar with )
> By now I'm a week further in worrying and researching, I'm sweating more at
> night, I don't feel comfortable using my own computer anymore, I don't
> understand why the world isn't a chaotic place where no computer ever is
> not hacked out of it's guts. I realize it's probably because nobody is
> motivated and smart enough to go through the effort, and then also doesn't
> get caught except for those that'd pay a high price to hide their
> capabilities, which is why you'd never notice.
> Knowing all this I quite damn well decided I couldn't make a secure and
> reliable centralized exchange. No distributed exchange would earn me a
> profit, which I'd need to produce more software to help other people's life
> better, so that wouldn't really help either. Aside from the fact that it
> would not be popular because it'd be slower and less easy than a "central"
> exchange.
> Overall I decided I respect greatly the people that take on this challenge.
> This was over a year ago.
> Looking at the hacks that happen I'm mostly shocked to find the level of
> stupidity. Shocked as much to see how long things just go on without
> significant trouble. MtGox failing because money dissapeared over the
> years... That was shocking at an unbelievable level. The first thing would
> be a BIG CLOCK in the office, showing total supposed amount of Bitcoin
> according to the servers and the total amount supposedly in wallets
> according to the Blockchain. If not that than at least an alarm on a
> dedicated phone, e-mails and a message on the admin interface (if you have
> one). Somehow they had none of those. I'm amazed. This is just an aspect.
> They run Ubuntu (thick stack linux) and PHP (thick stack webserver), which
> are illogical choices. The list goes on.
> So I think I'm capable of making an exchange platform that's far better
> than what's out there right now. And I will once I have time (I really
> don't have it right now, life is such a fuzz).
> I still question if it'd be used by anyone. But at least I can try.

I can't answer to all your concerns separately as it seems you have got one very big problem: you are into computers, but you have trouble compiling - merely compiling - programs for OpenBSD.

You are in the same boat of Karpeles and Ulbricht, they also were barely able to code some interpreted language and they were overwhelmed by the intricacies of the systems they were building. Until they finally brought disaster for themselves and everyone that depended on them.

In order to grasp the seriousness of things, you gotta start with something simpler which doesn't require so many security skills, like games. Then you build up your knowledge until one day you can make your own exchange.

But until that point, it is irresponsible to try as you have well noticed.

Regarding the rest of your concerns, everything can be dealt with properly, but it takes years of learning. There's a reason computer security professionals are amongst the most well paid employees which big corporations and rich governments only can hire.

More information about the cypherpunks mailing list