2014-03-22 16:55 GMT+01:00 Troy Benjegerdes <[1]hozer@hozed.org>: If you think MtGox is incompetent, then show me the fucking code of a better exchange, or shut the fuck up. If you think you need 'money' to build such a thing, then you have even less of a grasp on the human factors than the banks do on cryptographic secrets. The sad part is that I got scared away from the exchange business because I thought it would be nearly impossible to get it 100% secure. And if it were less then 100% secure, how could I take people's money? I spent days feeling sick because I couldn't figure out a way to do exchanges distributed over sufficiently geographically disperse points to avoid trouble with a single government going mad. Then I realized the Megaupload situation means that any US-ally country is susceptible to a planned US-exercise. Once I found that I cannot trust maybe 150 countries in the world with the rest being mostly unsuitable, that turned into a bit of a problem. Suddenly you find yourself thinking about how to get servers up in Iran, Irak, India?, Morocco?, Laos?, Vietnam?, Cuba, Russia, China, North Korea (scratch that) and maybe Iceland and some micronations. You're thinking you can't trust others to set up the server, and you don't want the costs, exposure and actual unsafety that comes with visiting all America's enemies so you'll end up shipping wholesome servers to be loaded straight into a rack. Then you realize you're still not physically secure. The server itself is a hotbox of 100% exposure. It's exceedingly unusual to want a physically dispersed leaderless secure computing cluster with hot failover of a large portion of servers (>49% is impossible, can't determine if you're being fucked in the BGP). If you let the box call homes first (homes is the list of other servers) it can use it's already present crypto to prevent any possible MITM or listening in. So that's good. Problem is a little liquid nitrogen, connection on a bus or firewire port, etc. is enough to make the server bleed information faster than the Titanic ate water. So you have to cut the firefire connections (USB is okay and convenient AFAIC) and heat-conductive epoxy the motherboard, RAM and a good margin around the CPU too (use a taller and wider cooler than usual). Maybe even run some wires through it to measure breach. I have some additional ideas that are better obscure than open, but you get the level of obnoxious. It's still not secure yet though, and that bothers me a lot. Then you find out Intel's chips have all sorts of hyperintelligence on it to allow "remote administration" which just blew my fucking mind halfway across the galaxy. "Dear NSA, have a backdoor into any PC that has a NIC. Thank you for making us the industry leader, Kind regards\nX\nIntel". So I'm thinking you'll probably want the beefiest ARM processor or maybe even AMD (have to do more research). Of course a wiretap could expose the magic packets, to prevent the NSA from being able to launder the exploit as some more simple hack that doesn't point the finger at them. And then their ability here couldn't be used because they want to reserve it for, you know, WW3 time (hey China). Once you have your physical platform you have to make sure the software is okay. I found that it's entirely impossible to not trust your compiler. And the likelihood of cutting yourself is way too high with low level languages. I've so far permitted myself to use Node.js, and I feel plenty bad about that. You can not trust your SSL unit. You can not trust any library or database software. But you have to, because you can't do better. (I did go for OpenBSD, although many things required hand compilation which I wasn't familiar with ) By now I'm a week further in worrying and researching, I'm sweating more at night, I don't feel comfortable using my own computer anymore, I don't understand why the world isn't a chaotic place where no computer ever is not hacked out of it's guts. I realize it's probably because nobody is motivated and smart enough to go through the effort, and then also doesn't get caught except for those that'd pay a high price to hide their capabilities, which is why you'd never notice. Knowing all this I quite damn well decided I couldn't make a secure and reliable centralized exchange. No distributed exchange would earn me a profit, which I'd need to produce more software to help other people's life better, so that wouldn't really help either. Aside from the fact that it would not be popular because it'd be slower and less easy than a "central" exchange. Overall I decided I respect greatly the people that take on this challenge. This was over a year ago. Looking at the hacks that happen I'm mostly shocked to find the level of stupidity. Shocked as much to see how long things just go on without significant trouble. MtGox failing because money dissapeared over the years... That was shocking at an unbelievable level. The first thing would be a BIG CLOCK in the office, showing total supposed amount of Bitcoin according to the servers and the total amount supposedly in wallets according to the Blockchain. If not that than at least an alarm on a dedicated phone, e-mails and a message on the admin interface (if you have one). Somehow they had none of those. I'm amazed. This is just an aspect. They run Ubuntu (thick stack linux) and PHP (thick stack webserver), which are illogical choices. The list goes on. So I think I'm capable of making an exchange platform that's far better than what's out there right now. And I will once I have time (I really don't have it right now, life is such a fuzz). I still question if it'd be used by anyone. But at least I can try. References 1. mailto:hozer@hozed.org