There are multiple exchanges all around the world that compete for the business of customers and innovating in a break-neck speed, none of which would even exist if there was government regulation. Bugs are fixed and problems are addressed faster than the average legislator can spell "malleability".
It would work even better if there was less regulation and investors could fund exchanges in the US without having to buy a bank, so that development could actually happen everywhere and not only in Japan and Slovenia.
Lack of regulation means that others learn from their misfortune.
Quite how you manage to link it to be a result of a "truly free market" is beyond me.
Instead of greedy speculators who are willing to pump and dump or crash the economy to make money off of the ignorant?
No matter what bugs, attacks, malware or whatever happens, the US Government will pay you back your deposited money, to the fullest extent that it can.
If you don't see why this is useful, maybe you need a sanity check.
Without many real places to deal with USD <-> BTC, then of course it will be hard to deal with the cryptocurrency (the passage is needed to allow for a transition period in currencies).
If you understood cryptocurrency you would understamd that their success is not measured in the price point. That is the most marketable aspect so that is what you know, the utility and use of the protocol is as good if not a better measure of their success. the relative speed with which issues are identified and resolved speaks to the success of the protocol not the daily/weekly highs and lows.
It shouldn't surprise anyone that after months (years!) of BTC services absconding with millions of dollars worth of users money and now the exchanges starting to collapse in a similar fashion (users can't get money out) that the wider user base of bitcoin would begin to default toward not trusting services that purport to store coins 'securely'.
This is bad in the short term as the remaining exchanges prices show, but likely a positive progression in the safe use of crypto currencies going forward--
This is not going to kill any exchange (except perhaps mtgox, but that is due to an accumulation of poor performance rather than this minor issue).
We need exchanges that are also P2P like Bitcoin.
Gambling exchanges have worked well for years, I wonder if the first serious competitor in the btc exchange space will be from one of those exchanges. (Unlike established financial exchanges they might be willing to risk a reputation hit for getting established in the space.)
What they should have done was waited an hour then done an O(n) scan of all transactions globally in history to find the transaction by inspecting for parameters which exactly matched the ones they provided. That is, the Bitcoin developers now say, the correct use of the create transaction API.
Let me use an example programmers may be familiar with. Twilio lets you do SMS messages with three parameters: from_number, to_number, message. You are given back an SMS ID, which you can query to see the results of the SMS message (like, say, was it delivered successfully or did it fail with an error like "that telephone number did not exist").
Here's a discussion with Twilio in the bizarro world where it's like Bitcoin.
Me: "Hey Twilio I created an SMS message but when I try to query it for the results it 404s."
Them: "Are you sure you created the message?"
Me: "Yep pretty sure."
Them: "Are you sure you are looking for the right message ID in /messages/:id?"
Me: "Yep, I'm using the one that I got back when I created it."
Them: "Maybe it changed."
Me: "... What?"
Them: "Message IDs can change."
Me: "They don't usually change."
Them: "Of course, they don't usually change. Why have an ID if they usually changed? They only change some of the time."
Me: "What determines if a message ID changes?"
Them: "Oh, anyone globally can change your message IDs."
Me: "That sounds a bit insecure for a system which is, by its nature, deployed in a hostile environment."
Them: "Don't worry, they can't change after about an hour. Well, probably. It would be pretty expensive for an attacker to change them after an hour. Don't worry though, you'll never need an ID."
Me: "I find IDs useful for querying things. Like, say, messages. Which I have to do. To see whether the message was successful or not."
Them: "Well you're already downloading every message ever. Just scan through for one which matches the same from number, to number, and message contents."
Me: "... You're serious."
Them: "Don't worry though: they can't touch the from number, to number, or the message contents."
Me: "... Does this sound a little problematic to anyone else?"
Them: "It's on our wiki, noob!"
[Edit: Maybe somebody thinks I'm joking. Let me point you to one of the dangerous functions.
https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_calls...
Name: sendtoaddress
Parameters: <bitcoinaddress> <amount> [comment] [comment-to]
Comments: <amount> is a real and is rounded to 8 decimal places. Returns the transaction ID <txid> if successful.
You should naturally, upon reading this documentation, figure "I should immediately discard that transaction ID, because it could be changed instantaneously after this message call. If I instead rely on that transaction ID, I will allow malicious users to break the software I am building."]
> Don't worry, they can't change after about an hour. Well, probably. It would be pretty expensive for an attacker to change them after an hour.
You use the term "pretty expensive" here without qualifying it. Changing a transaction encoded in the blockchain would require outpacing the current hashrate of the bitcoin network. That would require a significant hardware investment, on the order of tens of millions of dollars.
> Well you're already downloading every message ever. Just scan through for one which matches the same from number, to number, and message contents.
You make it sound as if you wouldn't have to do this if you had the transaction hash. You still need to iterate through the transactions regardless. It's just a question of whether you use the transaction hash, or derive your own from the parts of the transaction that are immutable.
Let's make your example a touch more realistic:
Me: "Hey Twilio I created an SMS message but when I try to query it for the results it 404s."
Them: "Has the message been delivered?"
Me: "I don't think so. I'm querying it shortly after I create it."
Them: "How are you querying it?"
Me: "With the message hash."
Them: "Ah, that explains it, then. A pending message may be changed before its delivered, altering the hash. This makes the hash unsuitable for identifying pending messages."
Me: "So how do I identify messages?"
Them: "Ideally you wait until they're delivered, but if you really need to check for pending messages, you can search through them looking for a message that matches on to, from and content."
Me: "That kinda sucks."
Them: "We know, but it's a difficult issue to fix. It's documented in our wiki."
Me: "What if I don't read your wiki, or follow your mailing list?"
Them: "Then should you really be running an exchange handling millions of dollars of transactions?"
Me: "... Good point."
It wasn't twilio, but it turned out that when we submitted a SMS message of over 160 characters, the provider split it into 160 chunks and sent out as multiple SMS.
So far, so normal. But what happened when the first chunk sent successfully and the second chunk failed?
We got back a notification to say "MessageID: 4ACB-etc Result: OK" but the customer never got the message, and scanning the report on the provider's site showed the customer number, time and message as having failed.
But then the representative agreed it was a problem and set out to fix it rather than blaming our dependence on the ID!
I find it quite ridiculous that people are trying to lay the blame on not reading an obscure wiki page. I remember reading much of the bitcoin wiki myself and never seeing ANYTHING about not relying on transaction IDs. The API list doesn't even warn you about it.
Why bother returning a transaction ID if it is spoofable? That is simply misleading.
I guess it shows you how how biased all the bitcoin backers are.
You don't have to scan all transactions: only those from a firm reference-point of available-funds state, essentially the same point that was used to compose the outbound transaction.
Robust software already has to examine all incoming confirmed-in-block transactions for whether those transactions have consumed prior funds. If they have, even if the local software had as its design goal exclusive control of those funds, the local software must adapt to the new information. (Given the possibility of backups/virtualization-clones/private-key-exports, software must always be open to the possibility another node elsewhere has spent pending funds first.)
So safety against this particular mischief is possible with the same practice that's necessary for other reasons: it's not involved extra work.
Also, it's not "an hour" that lets a node know when it can rely on transaction-state, but block-confirmations, a precise and observable transition. One block is almost always enough, but each additional block adds more certainty. Still, all Bitcoin software already needs to handle occasional orphaned blocks and short forks, so being sensitive to periods of uncertainty is a essential part of all implementations, not extra work because of this one gotcha.
A better analogy than Twilio would be commercial payment systems: there you need to systems that are checking for weeks or months for chargebacks or reversals.
But an even better analogy than proprietary pay-per-use payment systems is SMTP or BitTorrent. The system is an emergent mess anyone can plug into. There are a lot of sharp edges, and even with great care, you're going to hit some painful and costly bugs. Those building billion-dollar businesses on such systems need to be experts, and will still take some arrows, but each incident that doesn't kill the software/business stacks only leaves them stronger.
Oh, you mean the scanning they have to do already, to verify "all transactions globally in history"? Inspecting all parameters on all transactions since the genesis, like you'd already have to do to verify they are not stealing or creating money from nothing? The inspection you have to do just to locate even the same transaction you submitted to the network yourself, to verify it was accepted? And you have to spend like 10 whole seconds of CPU time doing this, per ~10 minutes that a new block comes out, verifying the transactions from the last 10 minutes? Golly, that is sooooo much more onerous than just running the blockchain securely! /sarcasm
I'll agree that it's embarrassing, misleading, not documented well, and not gracefully handled by the community now that everyone points their fingers at each other. But you are deliberately making it sound worse by re-describing standard parts of the bitcoin protocol, as if they are new requirements in order to get a sane ID. Anyone writing financial software should be more than capable of quickly adding a few function hooks into the existing process to get a deterministic normalized ID, and the amount of extra computing resources is negligible compared to what you already have to do, just to use bitcoin safely.
There seem to be two prevailing extremes of opinion which appear a lot on Hacker News and many other places, as extremes are wont to do while those in the middle don't feel strongly enough to contribute. Those are 1) BitCoin will replace government control of money and fix freedom, dude! and 2) What fucking morons, can't wait until you crash and burn.
I love this whole thing. It's fascinating, it's an interesting solution to a problem, and watching DogeCoin take off is fun to watch. In my opinion, BitCoin is kind of like when a naïve programmer decides to rewrite an existing library themselves, and comes up against the brutal reality that led the original developers to the compromises and apparently necessary hacks to get the thing working. The analogy here being regulation, insurance, all that jazz. It's educational, and I haven't been this interested in a technology for a while.
I'm picking on your reply here because it is one of many that exemplifies a "haha told you so" rather than really digging into the interesting technical and sociological aspects.
* Message IDs from one API do not equate to IDs from the other, so your example is a bit flawed; there's no way to check with Twilio except the ID.
* Is "ID" even the term used? I don't know for sure, but "Tx Hash" seems to be more widely spread. [Edit: patio11 edited his comment while I was typing mine; I withdraw this point!]
* "It's on our wiki noob" - someone running the 3rd largest exchange should hardly be a "noob"
* "O(n) scan of all transactions globally" - that's not particularly hard, nor is it necessary (why scan all transactions from all time?), nor is it unexpected (the entire thing requires everyone to have the complete ledger, so you have the data anyway)
There are valid points to be made that the BitCoin protocol needs improvements, and these are even acknowledged by the core devs. This whole situation is a bit ludicrous. But I wish we were talking about "what have we learned", not "told you so".
When it comes to BitCoin, the conversation seems to be full of radicals and optimists when success happens, and gloaters when it doesn't. I don't feel either add to the conversation, we could be talking about how to improve this as a currency or (as I believe the long term actual application to be) how this can influence distributed trust, especially important in the current climate.
I would be more inclined to believe that the majority of sites use the reference client and this is why issues are appearing.
What you want is an independent audit, not regulation.
Auditors generally have no incentive to rock the boat, and might have a disincentive in the form of losing future business. And even if they're really thorough, most auditors are only in for a few days or weeks and don't have time to go through things anything like as thoroughly as people who work on them full time. And even if they're really thorough and have the time to go through everything with a fine-toothed comb, insider threats can be undetectable, like if the guy preparing the cold storage wallet to put in the safety deposit box makes himself a copy.
The only audit of an exchange worth a damn is the audit undertaken by reputable insurers who will guarantee my entire deposit.
Maybe even some regulation requiring such a thing?
Any reading material on the subject (for a newbie) would be greatly appreciated.
Some reading:
http://qz.com/175565/why-nobody-can-withdraw-bitcoins-from-o...
Both exchanges use the JSON/RPC interface to the Satoshi bitcoin client. That is the One True Way to use Bitcoin to develop Bitcoin-consuming applications. To do otherwise is madness. (I've seen explanations that Mt. Gox was using a custom client, but I believe they mean "Mt. Gox was using a custom system which took care of bookkeeping for itself, because the Satoshi client cannot operate thousand of wallets in any sane fashion, but used the Satoshi client for interacting with the Bitcoin network.")
The Bitcoin RPC interface exposes many methods. I don't have intimate knowledge of which one these exchanges were using, but since they all have similar issues, let's assume they used sendtoaddress.
The message signature of sendtoaddress is (pseudo-code):
#returns transaction_id
sendtoaddress(from_account, to_bitcoin_address, amount, optional_message)
But it isn't. Transaction ID means absolutely nothing. It can be changed by any party, worldwide, for up to one hour after the invocation of sendtoaddress. If you use gettransaction(transaction_id) and it returns nil, that does not prove that the transaction you previously created did not succeed correctly. You should not attempt to retry the transaction until first verifying that you have all the coins you started with and that the recipient does not have some of your coins. You can conveniently do this with an O(n) scan over all Bitcoin transactions ever. (Someone pointed out to me on twitter that it isn't O(n) if you have your database indices set properly. Well, yeah, true.)
You'll need to know what addresses you actually sent from, which is obscured by the sentoaddress API described above, for that scan to succeed, so essentially you're going to reimpliment much of the Satoshi Bitcoin client, particularly around the area of wallet management. Don't reimpliment everything, though -- down that path lies madness. Also, try not to make any bugs anywhere, particularly not the kind which only show up when someone tries to steal from you.
Good luck!
As I understand it, this is not correct, the new tx must be functionally identical to the old one (same inputs and outputs), just with a different txid.
Someone correct me if I'm wrong
http://en.wikipedia.org/wiki/Bank_run
EDIT: See this for a more thorough description of what I mean: http://www.dailytech.com/Mt+Gox+Bitcoin+Bank+Run+Intensifies...
A bank run is where the bank does not hold enough money to cover everyones deposits. Bitstamp have enough BTC to cover everyones deposits they just are delaying withdrawals for 72 hours. Think of it like you rbank telling you you need to wait 3 days for a transaction to go through, not that unlikely and in fact quite common in traditional banking. It seems longer in bitcoin though because of the usually quick transactions.
http://www.coindesk.com/massive-concerted-attack-launched-bi...
> I am lucky that about two months ago I moved over to Coinbase from both Mt Gox and BitStamp. I wonder now if Coinbase is going to start having issues.
'Someone' didn't ensure their trading engine did atomic writes to a database (by the way, that database doesn't do write isolation on multiple documents by default.. guess which database is that? Hint: it starts with the letter 'M'), which resulted in a potential race condition that could be exploited.
Coinbase uses that database, and apparently did not know that you need to ensure atomic write operations.
edit nwh links to Coinbase CEO's comment that it was not them. Ok, good to know. However, I still can't see how anyone would use said database in critical/production infrastructure, sorry. Maybe in a few+ years time it will be mature enough.
Not even, since Coinbase is a webwallet not an exchange... People generally keep them there because its an easy way to manage/spend them (esp on a phone)
Just goes to show, there's no use looking at a website (when that site is effectively a black-box) and judging its competency from a general vibe.
On the other hand Bitstamp identified a problem within 24 hours of it starting to happen says they know how to fix it and will have everything back to normal shortly.
Personally I'd rather have my money with the latter.
Also, it appears that the Bitcoin network is under global attack by some large entity, so blame for the current exchange issues lie ultimately at the hands of some attacker who doesn't like Bitcoin, or wishes to plunge the price.
So... they didn't handle transaction processing correctly either. Are there any exchanges that are handling this properly?
I very much doubt it ;)
http://www.reddit.com/r/CoinedUp/comments/1xkft8/why_are_bit...