Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2014-07-28 16:45:09 @bittrex-richie ok.. this isn't meant to be some long drawn out conversation...
- 2014-07-28 16:45:29 @bittrex-richie but this is a brainstorming session
- 2014-07-28 16:45:51 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 16:46:03 ◀▬▬ jstefanop (~jstefanop@107.14.54.0) has quit (Ping timeout: 255 seconds)
- 2014-07-28 16:46:16 @bittrex-richie heres the crux of the problem.. I do NOT want to be a central authoritative agency
- 2014-07-28 16:46:26 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 16:46:38 ▬▬▶ sinetek (~sinetek@modemcable128.59-80-70.mc.videotron.ca) has joined #bittrex
- 2014-07-28 16:47:01 ▬▬▶ chnchapters (~chnchapte@168-1-229.static.customer.clearrate.com) has joined #bittrex
- 2014-07-28 16:47:17 @bittrex-richie how do we get the community to take ownership of it
- 2014-07-28 16:47:35 @bittrex-richie i'm more than happy to show coins that are more 'vetted' than others
- 2014-07-28 16:47:36 +cryptocobain I think the main issues with code audit from a community perspective is simply that a scam can be formed at any point in a coin's life span - a one time audit is not enough. For example if MiscCoin (which lets say is now entirely Proof Of Stake) pushes an update which re-introduces a Proof Of Work reward of 1,000,000 coins in a single block, which is still
- 2014-07-28 16:47:36 +cryptocobain less than MAX_MONEY of, for example, 3m then you have a post-mine scam that was not detected with initial code audits.
- 2014-07-28 16:47:46 +axion richie, we both know even a large team would find it difficult to audit every coin for scams. i suggest we come up with a few basic rules a coin must follow to be added. top priority being a clear forked coin/commit history and can be MANUALLY diff'd as to not exploit the shortcomings of git
- 2014-07-28 16:47:58 ▬▬▶ AltcoinAdam (~AltcoinAd@ip4daade4a.direct-adsl.nl) has joined #bittrex
- 2014-07-28 16:48:04 @bittrex-richie well before we talk about HOW to audit...
- 2014-07-28 16:48:06 +Wuher cryptocobain: MAX_MONEY does not mean what you think it means
- 2014-07-28 16:48:07 @bittrex-richie lets tlak about ownership
- 2014-07-28 16:48:12 +cryptocobain Wuher yes it does
- 2014-07-28 16:48:18 ℹ AltcoinAdam is now known as Guest58518
- 2014-07-28 16:48:20 +cryptocobain Max_money is the max in a tx or in a wallet
- 2014-07-28 16:48:24 @bittrex-richie lets not tlak about the technical details of hiding pre/post/whatever mine
- 2014-07-28 16:48:28 +Wuher In a transaction, yes.
- 2014-07-28 16:48:34 +cryptocobain or a wallet address
- 2014-07-28 16:48:44 ◀▬▬ cryptocruise (uid38236@gateway/web/irccloud.com/x-swgudhxuuklofoar) has quit
- 2014-07-28 16:48:54 +cryptocobain if the post-mine is less than max_money, the code is 'legit' but its a mining reward that was added without anyones knowledge
- 2014-07-28 16:49:02 +cryptocobain and since nobody is mining due to entirely PoS, the dev gets 1m coins
- 2014-07-28 16:49:04 ◀▬▬ wonderloops (5653993d@gateway/web/freenode/ip.86.83.153.61) has quit (Quit: Page closed)
- 2014-07-28 16:49:09 +cryptocobain which could be double current supply, for example
- 2014-07-28 16:49:13 @bittrex-richie ok.. lets uplevel...
- 2014-07-28 16:49:27 @bittrex-richie how do we get the community to do this...?
- 2014-07-28 16:49:29 @bittrex-ryan richie the only way is to list coins with a big notice
- 2014-07-28 16:49:31 +Wuher bittrex-richie: The only way to get anyone to do anything, is for there to be an incentive to do it.
- 2014-07-28 16:49:34 ▬▬▶ loops (5653993d@gateway/web/freenode/ip.86.83.153.61) has joined #bittrex
- 2014-07-28 16:49:34 +cryptocobain my point is, a one-time audit does not work
- 2014-07-28 16:49:38 @bittrex-richie agreed..
- 2014-07-28 16:49:42 @bittrex-richie it would have to be a continual audit.
- 2014-07-28 16:49:45 +cryptocobain yes
- 2014-07-28 16:49:46 @bittrex-ryan "This product could contain things that are harmful, may even cause cancer, invest at your own risk"
- 2014-07-28 16:49:47 +kassado it's a full time job, or more
- 2014-07-28 16:49:53 ◀▬▬ loops (5653993d@gateway/web/freenode/ip.86.83.153.61) has quit (Client Quit)
- 2014-07-28 16:49:57 +Wuher Continual audit of every coin on the market - sounds unfeasible already
- 2014-07-28 16:50:01 +kassado but if it's costing the community 60 btc a day
- 2014-07-28 16:50:03 +kassado it's worth it
- 2014-07-28 16:50:32 @bittrex-richie heres the thing... we won't solve the problem
- 2014-07-28 16:50:32 ▬▬▶ wonderloops (53aa5cba@gateway/web/cgi-irc/kiwiirc.com/ip.83.170.92.186) has joined #bittrex
- 2014-07-28 16:50:34 +CryptoAsian that's why going to the source with Proof of Developer IMO along with Proof of Code would work best.
- 2014-07-28 16:50:34 +Wuher kassado: Worth it to whom? The cost is distributed. You would need funding, presumably.
- 2014-07-28 16:50:34 @bittrex-richie but we can raise the bar
- 2014-07-28 16:50:41 +cryptocobain coins can pay for audits to an Altcoin Audit Foundation to approve their latest releases, but it doesnt really help
- 2014-07-28 16:50:41 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Ping timeout: 250 seconds)
- 2014-07-28 16:51:06 +cryptocobain the only way to combat it entirely is to not re-enable a market until the code is reaudited every single time, which is infeasible in terms of man-hours IMO
- 2014-07-28 16:51:09 ◀▬▬ Guest58518 (~AltcoinAd@ip4daade4a.direct-adsl.nl) has left #bittrex
- 2014-07-28 16:51:11 +kassado I think anyone who takes on the project will quickly give it up
- 2014-07-28 16:51:13 +CryptoAsian Not necessarily releasing the information of the developer (unless dev is ok with it) but having an analysis of the dev and then rate it
- 2014-07-28 16:51:21 +kassado a "foundation" won't last long
- 2014-07-28 16:51:22 +Wuher CryptoAsian: Easy to fake
- 2014-07-28 16:51:25 @bittrex-richie again.. we go back to raising the bar right?
- 2014-07-28 16:51:31 +axion i would definitely agreed with kassado there
- 2014-07-28 16:51:33 +ziddey it's not the exchange's responsibility. to impose requirements would make you an "authority." if that's really the path you want to go down, then maybe something like what tf2 has been trying to do needs to go more full scale. the big 4 need to all agree on some set criteria.
- 2014-07-28 16:51:55 +CryptoAsian I don't think it would be that easy given the set of standards that I am asking
- 2014-07-28 16:51:58 ◀▬▬ shovel_boss (~shovel_bo@unaffiliated/shovel-boss/x-4881665) has quit (Read error: Connection reset by peer)
- 2014-07-28 16:52:07 +cryptocobain ^ i actually agree that it's not an exchanges responsibility
- 2014-07-28 16:52:10 ▬▬▶ abc123 (180c47c7@gateway/web/cgi-irc/kiwiirc.com/ip.24.12.71.199) has joined #bittrex
- 2014-07-28 16:52:31 +cryptocobain but if there is a method of creating a platform with enhanced confidence in coin options, that is a better exchange, a better trading platform
- 2014-07-28 16:52:34 +Wuher I think the most direct, feasible course of action is to have a trusted 3rd party that hosts block explorers for every coin. The first step to do that, IMO, is to create a universal block explorer that operates on RPC calls
- 2014-07-28 16:52:51 +CryptoAsian i don't think it's the exchanges either, they are doing their part by just listing the coins. E-Trade doesn't take responsibility for companies that go straight scam and neither should Trex
- 2014-07-28 16:52:51 +cryptocobain ^ you can cheat even that, though
- 2014-07-28 16:52:57 +kassado block explorer lets you look back at the problem.. after the fact
- 2014-07-28 16:53:00 +kassado :/
- 2014-07-28 16:53:03 ▬▬▶ InsertNameHere (43a9ef57@gateway/web/cgi-irc/kiwiirc.com/ip.67.169.239.87) has joined #bittrex
- 2014-07-28 16:53:07 +Wuher kassado: It helps discover some types of problems
- 2014-07-28 16:53:14 @bittrex-richie so heres the thing guys
- 2014-07-28 16:53:18 @bittrex-richie we can't solve this problem
- 2014-07-28 16:53:23 @bittrex-richie al we can do is start raising the bar
- 2014-07-28 16:53:27 +kassado example?
- 2014-07-28 16:53:42 @bittrex-richie we put a star next to coins taht the community has "vetted"
- 2014-07-28 16:53:45 +Wuher Also, exchanges can implement a basic safeguard - to raise the bar, as richie says. If you have a block explorer, you can track transactions on the blockchain and keep a tally versus the claimed amount, and what's on deposit or incoming into the exchanges.
- 2014-07-28 16:54:05 @bittrex-richie we are looking at things we can add
- 2014-07-28 16:54:10 @bittrex-richie tahts on us..
- 2014-07-28 16:54:13 +Wuher You can detect discrepancies and disable coins automatically, the same way you do for blockchain problems/etc.
- 2014-07-28 16:54:25 +cryptocobain bittrex-richie: when you update a coin, do you compile from source or DL compile binary?
- 2014-07-28 16:54:28 @bittrex-richie yup.. rami and i are working on some ideas..
- 2014-07-28 16:54:33 ▬▬▶ shovel_boss (~shovel_bo@unaffiliated/shovel-boss/x-4881665) has joined #bittrex
- 2014-07-28 16:54:34 @bittrex-richie we recompile everythting
- 2014-07-28 16:54:38 @bittrex-richie and verify diffs when we can
- 2014-07-28 16:54:49 +axion bittrex-richie: if we had a set of guidelines for a coin to follow, we could give them the incentive of a guaranteed longer listing, etc...if not only to add coins that follow these rules
- 2014-07-28 16:54:50 ▬▬▶ jstefanop (~jstefanop@cpe-72-225-188-228.nyc.res.rr.com) has joined #bittrex
- 2014-07-28 16:54:55 ▬▬▶ johndaugherty (44a98e9b@gateway/web/freenode/ip.68.169.142.155) has joined #bittrex
- 2014-07-28 16:55:11 @bittrex-richie axion: heres the thing though... we rarely list a coin that the pools haven't vetted
- 2014-07-28 16:55:13 +Wuher Guaranteed listing for coins that meet certain criteria may be a good way to do
- 2014-07-28 16:55:17 @bittrex-rami Not to monkey wrench the discussion, but the way this is regulated in the real world is accountability. You would need photo ID, a credit rating, etc. to open an account or create a coin. If you scam, the FBI show's up at your door. I think that would kill our current business model thou. I think casing a technical solution to this is a losing game.
- 2014-07-28 16:55:30 ▬▬▶ veryyy (6c3d3744@gateway/web/cgi-irc/kiwiirc.com/ip.108.61.55.68) has joined #bittrex
- 2014-07-28 16:55:35 @bittrex-rami casing = chasing
- 2014-07-28 16:55:40 +CryptoAsian I like the star or the asterisk. I am currently in contact with both QTL and GDN devs for my first POD analysis if you are interested in using that also
- 2014-07-28 16:55:41 +cryptocobain ok. im told that USBcoin's github wasnt the same as the compiled binary (where the extra coins were) so bit confused how you were on the same fork
- 2014-07-28 16:55:44 +cryptocobain but anyway, thats another discussion
- 2014-07-28 16:55:51 +cryptocobain i have a solution, but you might not like it
- 2014-07-28 16:55:58 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 16:56:21 ◀▬▬ veryyy (6c3d3744@gateway/web/cgi-irc/kiwiirc.com/ip.108.61.55.68) has quit (Client Quit)
- 2014-07-28 16:56:27 @bittrex-richie lets hear it ;)
- 2014-07-28 16:56:44 +eth2 any suggestion is good to hear ;p
- 2014-07-28 16:57:22 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 16:57:44 +cryptocobain You can introduce a Scam Bounty, the same way you have Bug Bounties. Just some small, pocket change kind of stuff (0.1-0.25btc depending on severity?). But if a technical scam is spotted in a coin's code that you currently have listed, and it is disclosed in private to an email address that you guys read on priority, the first person to spot it receives the
- 2014-07-28 16:57:44 +cryptocobain bounty and the coin is frozen.
- 2014-07-28 16:57:54 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 16:58:00 @bittrex-richie happy to do that...
- 2014-07-28 16:58:03 +cryptocobain It's not perfect, but I think it's a good step one to get people reading code of all coins from the community.
- 2014-07-28 16:58:13 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Read error: Connection reset by peer)
- 2014-07-28 16:58:15 ▬▬▶ dibdab (~dibdab@unaffiliated/dibdab) has joined #bittrex
- 2014-07-28 16:58:17 @bittrex-richie i'm sure i can get the pools to chip in there too ;)
- 2014-07-28 16:58:21 @bittrex-rami paid only if its spotted before the dev dumps?
- 2014-07-28 16:58:24 @bittrex-ryan well, there are ways around that, we already saw it happen with one of the recent coins. A guy saw it was a scam, emailed the scammer and blackmailed him to give hime 20% of the scam
- 2014-07-28 16:58:27 +cryptocobain Yes, of course
- 2014-07-28 16:58:31 @bittrex-rami one problem
- 2014-07-28 16:58:32 ▬▬▶ BLKFeeder|42110 (4db818ca@gateway/web/cgi-irc/kiwiirc.com/ip.77.184.24.202) has joined #bittrex
- 2014-07-28 16:58:39 @bittrex-ryan the scammer can pay more
- 2014-07-28 16:58:44 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 16:58:48 @bittrex-richie thats fine.. i think its a good idea
- 2014-07-28 16:58:54 @bittrex-richie lets not try to solve the problem.
- 2014-07-28 16:58:58 @bittrex-richie i want to repeat that.
- 2014-07-28 16:59:01 @bittrex-rami it is a good idea
- 2014-07-28 16:59:03 @bittrex-richie we CANNOT solve this problem
- 2014-07-28 16:59:05 @bittrex-richie lets raise the bar..
- 2014-07-28 16:59:05 +cryptocobain Scammer could do, if only one person has spotted it, and contacted them first, and they admit it
- 2014-07-28 16:59:10 @bittrex-rami but the case of USB is interesting, the coin has zero value
- 2014-07-28 16:59:11 +CryptoAsian That is one reason why I am not looking for revenue for POD analysis. I don't want people to think devs can pay me off
- 2014-07-28 16:59:20 ▬▬▶ triplef (~triplef@unaffiliated/triplef) has joined #bittrex
- 2014-07-28 16:59:21 ◀▬▬ RS^r (~something@c-71-230-10-145.hsd1.pa.comcast.net) has quit (Ping timeout: 250 seconds)
- 2014-07-28 16:59:27 @bittrex-rami it was launch comprimised
- 2014-07-28 16:59:29 +Wuher I think the biggest way to incentivize people to act against the problem is to allow shorting
- 2014-07-28 16:59:36 @bittrex-richie oh god
- 2014-07-28 16:59:37 @bittrex-rami people who touch it, dump or no dump have already been burned
- 2014-07-28 16:59:42 @bittrex-richie bad wuher
- 2014-07-28 16:59:48 +cryptocobain shorting is impossible in markets with such large slippage and poor liquidity
- 2014-07-28 16:59:54 @bittrex-rami +1
- 2014-07-28 16:59:58 +ziddey be careful going down this path. next scam will bring way more heat your way
- 2014-07-28 17:00:01 +Wuher You'll get a lot more people interested in finding bad code
- 2014-07-28 17:00:10 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 17:00:19 @bittrex-rami isn't this the whole code audit thing just outsourced?
- 2014-07-28 17:00:22 ℹ TrollishTroll is now known as kernels10
- 2014-07-28 17:00:26 ▬▬▶ xolokram (~q@port-92-206-82-116.dynamic.qsc.de) has joined #bittrex
- 2014-07-28 17:00:34 +cryptocobain yes, scam bounties is outsourcing SUCCESSFUL scam-code audits to the community
- 2014-07-28 17:00:46 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:00:48 ▬▬▶ randallc (423790ba@gateway/web/cgi-irc/kiwiirc.com/ip.66.55.144.186) has joined #bittrex
- 2014-07-28 17:00:52 @bittrex-richie im ok witht hat idea
- 2014-07-28 17:01:00 +cryptocobain i reckon we have a bunch of 16-19 year old programmers in crypto that the odd .2 btc is a lot of money to
- 2014-07-28 17:01:01 @bittrex-rami I am too, I just question its effectiveness
- 2014-07-28 17:01:02 @bittrex-richie we can set up a fund and publish the address
- 2014-07-28 17:01:02 ◀▬▬ N2NShadow (~CryptoKil@pool-96-243-108-166.sctnpa.east.verizon.net) has quit (Read error: Connection reset by peer)
- 2014-07-28 17:01:06 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Read error: Connection reset by peer)
- 2014-07-28 17:01:10 @bittrex-rami we should do it, no question
- 2014-07-28 17:01:12 +Wuher cryptocobain: I think the scam bounty idea is good, and I've suggested it before - but the amounts involve wouldn't make it worth people's time, and someone has to fund it
- 2014-07-28 17:01:12 @bittrex-richie rami, if it stops something it'll be effective
- 2014-07-28 17:01:13 +cryptocobain and will take 1 hour to check over every new coin add
- 2014-07-28 17:01:15 @bittrex-rami but its not going to solve the problem
- 2014-07-28 17:01:16 @bittrex-richie if it doesnt' no loss
- 2014-07-28 17:01:20 ▬▬▶ cryptocruise (uid38236@gateway/web/irccloud.com/x-wgqgbxoohmpxqkhl) has joined #bittrex
- 2014-07-28 17:01:24 @bittrex-rami agreed
- 2014-07-28 17:01:35 +cryptocobain rami, i think there is 100% ideal solution
- 2014-07-28 17:01:37 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:01:38 +Wuher It doesn't take 1 hour to check over a coin's source
- 2014-07-28 17:01:46 +cryptocobain Wuher, it does to find some
- 2014-07-28 17:01:49 @bittrex-richie i have a script i run across all coins we launch
- 2014-07-28 17:01:52 ▬▬▶ Fraxinus (4e16a772@gateway/web/freenode/ip.78.22.167.114) has joined #bittrex
- 2014-07-28 17:01:54 @bittrex-richie but i'm looking for dafuq
- 2014-07-28 17:01:54 ▬▬▶ dognip (~dognip@static-71-255-114-26.cncdnh.fast03.myfairpoint.net) has joined #bittrex
- 2014-07-28 17:01:59 @bittrex-rami I knew what the malicious code was doing this morning, and it took me an hour to find it
- 2014-07-28 17:02:00 +cryptocobain bitshift AND header ops
- 2014-07-28 17:02:03 +cryptocobain and you could fuck up some code
- 2014-07-28 17:02:04 +Wuher And scams will inevitably become more elaborate with time as soon as detection efforts step up
- 2014-07-28 17:02:05 @bittrex-richie im not looking for the 1921 wasys to hide a mine
- 2014-07-28 17:02:09 @bittrex-ryan how long was rami looking at usb code this morning to find the issue? It can take a lot of time depending on how they coded it
- 2014-07-28 17:02:25 ◀▬▬ coinictus (25b735ae@gateway/web/cgi-irc/kiwiirc.com/ip.37.183.53.174) has left #bittrex
- 2014-07-28 17:02:30 +kassado status update on usbcoin
- 2014-07-28 17:02:34 +cryptocobain Wuher, i think thats okay. increase the difficulty and expertise required to produce a scam is better than making it a copy/paste/cross-fingers job
- 2014-07-28 17:02:35 +kassado i'm having someone test the updated code now
- 2014-07-28 17:02:36 @bittrex-rami remember I knew exactly what I was looking for
- 2014-07-28 17:02:38 @bittrex-rami and it took an hour
- 2014-07-28 17:02:47 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 17:02:58 +Wuher Now.. let's pretend rami is a 16 year old working for 0.2 btc bounties - how long would it take?
- 2014-07-28 17:03:14 ▬▬▶ OliverHardy (~GrupoMDT@74.Red-79-148-39.dynamicIP.rima-tde.net) has joined #bittrex
- 2014-07-28 17:03:19 @bittrex-richie it gives potential security people a chance to make a name forthemseves
- 2014-07-28 17:03:25 @bittrex-richie taht is worth more than the bounty we pay
- 2014-07-28 17:03:29 @bittrex-richie if i was starting out, id do it
- 2014-07-28 17:03:29 ℹ Forex is now known as Fun
- 2014-07-28 17:03:29 +Wuher Sure, I agree bounties are a good thing.
- 2014-07-28 17:03:40 ℹ Fun is now known as Forex
- 2014-07-28 17:03:41 +axion best idea i heard all day
- 2014-07-28 17:03:42 +kassado fixing usb coin has had a dozen people message me for work
- 2014-07-28 17:03:46 +kassado so I believe it
- 2014-07-28 17:03:47 @bittrex-ryan one other thing, this would also require people to know what it is being listed before its listed. Are we offering this to any coin? People will start making their own coins and reporting their own scams for money
- 2014-07-28 17:03:50 +cryptocobain thanks axion :)
- 2014-07-28 17:04:03 +cryptocobain bittrex-ryan: nope, not necessarily
- 2014-07-28 17:04:04 @bittrex-richie i think its for all coins we've listed
- 2014-07-28 17:04:10 +cryptocobain because you can change the code into a scam AFTERWARDS, at any point
- 2014-07-28 17:04:11 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:04:13 +cryptocobain it can be an ongoing thing
- 2014-07-28 17:04:13 @bittrex-richie or poosls are mining
- 2014-07-28 17:04:14 ▬▬▶ bako (57ce2cb5@gateway/web/cgi-irc/kiwiirc.com/ip.87.206.44.181) has joined #bittrex
- 2014-07-28 17:04:22 ◀▬▬ Forex (c063a686@gateway/web/freenode/ip.192.99.166.134) has left #bittrex
- 2014-07-28 17:04:23 ▬▬▶ BiTMiND (~BiTMiND@unaffiliated/bitmind) has joined #bittrex
- 2014-07-28 17:04:25 +merx I'm late to the convo
- 2014-07-28 17:04:28 +merx but I'll contribute to bounties
- 2014-07-28 17:04:30 @bittrex-ryan but if we list the coin and it gets a ton of volume and takes 3 hours to find scam it could alerady be over
- 2014-07-28 17:04:31 ▬▬▶ Forex (c063a686@gateway/web/freenode/ip.192.99.166.134) has joined #bittrex
- 2014-07-28 17:04:32 +kassado I set usbcoin to roll back to block 6672
- 2014-07-28 17:04:41 @bittrex-richie please tell me your kidding
- 2014-07-28 17:04:45 @bittrex-richie pls dont' do that kassado
- 2014-07-28 17:04:47 +kassado lol
- 2014-07-28 17:04:52 +kassado do you want me to let it play out
- 2014-07-28 17:04:56 ▬▬▶ Browsie (uid37467@gateway/web/irccloud.com/x-lzdjxvwedhdukztv) has joined #bittrex
- 2014-07-28 17:05:01 +kassado even though the supply is crazy?
- 2014-07-28 17:05:05 ▬▬▶ BitcoinDad (uid39135@gateway/web/irccloud.com/x-aedogyarydsmyqhj) has joined #bittrex
- 2014-07-28 17:05:14 @bittrex-richie you can't roll back and leave us in any usable state.. you know that.
- 2014-07-28 17:05:24 +binaryclock kassado isn't the usbcoin dev
- 2014-07-28 17:05:24 +Wuher I would cut off new coins from being created, and let it go as is kassado
- 2014-07-28 17:05:26 +binaryclock :p
- 2014-07-28 17:05:30 @bittrex-richie if you fork from the last block we processed.. thats fine..
- 2014-07-28 17:05:38 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 17:05:39 ▬▬▶ Crypto_Nite (17189419@gateway/web/freenode/ip.23.24.148.25) has joined #bittrex
- 2014-07-28 17:05:42 +kassado which block did you process
- 2014-07-28 17:05:45 +kassado i'll set it to that
- 2014-07-28 17:05:50 ▬▬▶ janko33 (b2fd96e2@gateway/web/freenode/ip.178.253.150.226) has joined #bittrex
- 2014-07-28 17:05:54 +binaryclock Ocminer and I are looking over the BitTor code, newly launched. We haven't found any issues so far
- 2014-07-28 17:05:55 ▬▬▶ XBladeX (~kvirc@89-69-55-33.dynamic.chello.pl) has joined #bittrex
- 2014-07-28 17:05:58 +kassado but the supply is going to be like 55 mil or more
- 2014-07-28 17:06:01 +binaryclock kassado, want to have a look at bittor as well?
- 2014-07-28 17:06:04 +kassado lol have fun with that
- 2014-07-28 17:06:05 @bittrex-richie kassado: pleaes hold off on that.. till after this discussion
- 2014-07-28 17:06:08 +binaryclock https://github.com/BitTorCrypto/BitTor
- 2014-07-28 17:06:08 +kassado ok np
- 2014-07-28 17:06:15 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:06:17 @bittrex-richie i want to know what else we can do
- 2014-07-28 17:06:19 @bittrex-richie as a community
- 2014-07-28 17:06:21 @bittrex-richie not as an exchange.
- 2014-07-28 17:06:22 @bittrex-rami why are we talking 0.2btc bounty?
- 2014-07-28 17:06:23 ▬▬▶ thisuser (~thisuser@unaffiliated/thisuser) has joined #bittrex
- 2014-07-28 17:06:27 +binaryclock bittrex-richie, already happening
- 2014-07-28 17:06:31 @bittrex-rami I'd happily have paid 3-5 btc to avoid this mess this morning
- 2014-07-28 17:06:32 ▬▬▶ SyllaBear (~SyllaBear@unaffiliated/syllabear) has joined #bittrex
- 2014-07-28 17:06:39 +binaryclock bittrex-richie, ocminer and I are going over each coin launched now
- 2014-07-28 17:06:43 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Read error: Connection reset by peer)
- 2014-07-28 17:06:44 +binaryclock with a fine comb
- 2014-07-28 17:06:48 +cryptocobain bittrex-rami because then i make a coin, hide a fucking clever premine, then claim my own prize ;-)
- 2014-07-28 17:06:51 +binaryclock usbcoin was really sneaky tho
- 2014-07-28 17:07:00 +binaryclock kassado should help too
- 2014-07-28 17:07:03 @bittrex-richie ok... here's what we'll do
- 2014-07-28 17:07:06 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:07:07 @bittrex-richie i will add a special flag to coins
- 2014-07-28 17:07:11 @bittrex-rami crytpocobain only if you got us to list it first
- 2014-07-28 17:07:23 +Wuher bittrex-rami: he can add the scam later on
- 2014-07-28 17:07:23 ▬▬▶ cryptohall (1888666a@gateway/web/cgi-irc/kiwiirc.com/ip.24.136.102.106) has joined #bittrex
- 2014-07-28 17:07:24 @bittrex-richie and if something is vetted, we will put a mark next to it
- 2014-07-28 17:07:27 @bittrex-richie with who etted it
- 2014-07-28 17:07:28 +cryptocobain yes, rami, but i could make it legit, wait for you to add it, and then add the scam
- 2014-07-28 17:07:29 +binaryclock just if you see more than 20% of the coins transfered in x amount of time, freeze the market and have it alert you
- 2014-07-28 17:07:32 +kassado interesting
- 2014-07-28 17:07:38 @bittrex-rami fair enough
- 2014-07-28 17:07:42 +kassado I would vet coins all day long if it helped advertise rubycoin :)
- 2014-07-28 17:07:43 +binaryclock make VIPs on Bittrex
- 2014-07-28 17:07:47 +kassado in between normal work I mean
- 2014-07-28 17:07:48 ◀▬▬ OliverHardy (~GrupoMDT@74.Red-79-148-39.dynamicIP.rima-tde.net) has quit (Quit: OliverHardy)
- 2014-07-28 17:07:49 +binaryclock Kassado, ocminer, suchpool, me
- 2014-07-28 17:07:53 +Wuher I think the biggest thing that can be done is block the sale of scammed coins
- 2014-07-28 17:07:54 @bittrex-richie binaryclock: we are already talking about heuristics detection on stuff
- 2014-07-28 17:07:55 +binaryclock wuher
- 2014-07-28 17:08:03 +binaryclock you should make us all VIPs to veto
- 2014-07-28 17:08:10 @bittrex-rami but these scams cost us well over 10-20btc in terms of business impact.. on top of what our users get fleeced for
- 2014-07-28 17:08:13 @bittrex-richie it will most liekly set off more FPs than anything else..
- 2014-07-28 17:08:15 @bittrex-richie but whatever..
- 2014-07-28 17:08:15 +binaryclock if someone abuses it, they lose their powers
- 2014-07-28 17:08:30 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 17:08:33 @bittrex-rami random idea...
- 2014-07-28 17:08:36 +binaryclock half the time we see this shit happening but we can't warn you
- 2014-07-28 17:08:37 @bittrex-rami how about a github history requirement
- 2014-07-28 17:08:39 +Wuher If the incentive to scam goes away (because you can't sell it), scams should be reduced
- 2014-07-28 17:08:43 +cryptocobain i think VIPs will worsen insider trading claims
- 2014-07-28 17:08:45 @bittrex-rami your code must declare what coin it was forked from
- 2014-07-28 17:08:48 +axion bittrex-rami: as mentioned that can be spoofed
- 2014-07-28 17:08:50 +cryptocobain i'm already apparently a crypto gangster with a crypto crew
- 2014-07-28 17:08:57 +Wuher bittrex-rami: that's been suggested, and is a place to start certainly.
- 2014-07-28 17:08:59 +cryptocobain if i became a VIP on bittrex that would only make that worse, i imagine
- 2014-07-28 17:09:01 ▬▬▶ hello69 (d523fbaf@gateway/web/freenode/ip.213.35.251.175) has joined #bittrex
- 2014-07-28 17:09:03 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:09:13 @bittrex-rami I'm not saying we rely on github
- 2014-07-28 17:09:19 @bittrex-rami due to its obvious shortcommings
- 2014-07-28 17:09:22 @bittrex-rami but new rule
- 2014-07-28 17:09:25 +axion bittrex-rami: instead i suggest being able to manually diff a coin against a specified forked codebase
- 2014-07-28 17:09:28 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Read error: Connection reset by peer)
- 2014-07-28 17:09:30 @bittrex-rami if you want to be listed.. declare the code you forked, we'll start there
- 2014-07-28 17:09:33 @bittrex-rami manually diff
- 2014-07-28 17:09:35 @bittrex-rami and walk the changes
- 2014-07-28 17:09:40 ▬▬▶ N2NShadow (~CryptoKil@pool-96-243-111-124.sctnpa.east.verizon.net) has joined #bittrex
- 2014-07-28 17:09:42 @bittrex-rami if you don't , you don't get listed
- 2014-07-28 17:09:47 @bittrex-rami that makes the code review feasible
- 2014-07-28 17:09:53 @bittrex-rami no base 'known good' diff
- 2014-07-28 17:09:55 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:09:55 @bittrex-rami then fuck off
- 2014-07-28 17:10:00 @bittrex-richie ok guys....
- 2014-07-28 17:10:02 +cryptocobain Rami, you can probably write a python script to work out what happens in the ProofOfWork Reward functions too
- 2014-07-28 17:10:04 +binaryclock #1 rule should be: All listed coins MUST have a working block explorer
- 2014-07-28 17:10:05 @bittrex-richie this is getting off track..
- 2014-07-28 17:10:06 +Wuher That's fine for your average clone.. do you want to be responsible for diffs of anything more than that though?
- 2014-07-28 17:10:13 ▬▬▶ Vizakenj_ (~Vizakenja@host-85-237-48-108.dsl.sura.ru) has joined #bittrex
- 2014-07-28 17:10:22 @bittrex-richie binaryclock: totally agree with that as well.
- 2014-07-28 17:10:23 +cryptocobain to be honest you could probably write a python script to check all the 'basic' points of coin creation abuse
- 2014-07-28 17:10:35 @bittrex-rami lets be honest Wuher.. most of these coins are just cut and paste
- 2014-07-28 17:10:36 +cryptocobain binaryclock, cheating a block explorer is very easy though
- 2014-07-28 17:10:46 @bittrex-richie cryptocobain: you write taht script and ill run it
- 2014-07-28 17:10:48 +Wuher binaryclock: I think we need a centralized, 3rd block explorer
- 2014-07-28 17:10:49 +binaryclock cryptocobain, i just meant from the dev, we can make our own too
- 2014-07-28 17:10:52 +binaryclock yes
- 2014-07-28 17:10:55 +ziddey that would be nice so you can easily diff it. if anything, without imposing mandates, you could add additional safeguards for coins that don't meet whatever criteria. for those coins, allow trading after x confirms, but lock both sides of the balance up for an additional y confirms
- 2014-07-28 17:11:09 +cryptocobain im not writing the script, im rich, i have a hottub to be inside
- 2014-07-28 17:11:13 @bittrex-richie hehe.
- 2014-07-28 17:11:19 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 17:11:19 @bittrex-richie ok everyone
- 2014-07-28 17:11:20 ▬▬▶ theorangeace (uid39136@gateway/web/irccloud.com/x-kelexvepwlnfgltg) has joined #bittrex
- 2014-07-28 17:11:21 +cryptocobain but its possible for a mid-term goal
- 2014-07-28 17:11:21 ◀▬▬ abc123 (180c47c7@gateway/web/cgi-irc/kiwiirc.com/ip.24.12.71.199) has quit (Quit: http://www.kiwiirc.com/ - A hand crafted IRC client)
- 2014-07-28 17:11:21 +ziddey that would allow you to keep a more reasonable confirm for deposits, but safeguard against doublespends
- 2014-07-28 17:11:23 @bittrex-richie please shut it downfor one second.
- 2014-07-28 17:11:25 @bittrex-rami ok I'm hearing 3 good suggestions 1) scam bounty, 2) required 3rd part 'trusted' explorer host 3) declared source that was forked for easy diffs
- 2014-07-28 17:11:25 ▬▬▶ miaoux (~miaoux@host86-134-173-31.range86-134.btcentralplus.com) has joined #bittrex
- 2014-07-28 17:11:53 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:12:01 +binaryclock look, no matter how you like or or not, we need to have people designated to shut down the markets
- 2014-07-28 17:12:04 @bittrex-richie 1) Scam bounty, consider it done... we will work with the pools and other exchanges to pitch in.....
- 2014-07-28 17:12:05 +binaryclock when youg uys are sleeping
- 2014-07-28 17:12:11 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Read error: Connection reset by peer)
- 2014-07-28 17:12:16 +Wuher bittrex-rami: And detection of scammed coins -- both as part of the 3rd party block explorer deal, and on the exchange side
- 2014-07-28 17:12:20 +binaryclock or, have massive detection code
- 2014-07-28 17:12:23 ◀▬▬ Vizakenjack (~Vizakenja@host-85-237-48-108.dsl.sura.ru) has quit (Ping timeout: 240 seconds)
- 2014-07-28 17:12:29 ▬▬▶ Dave1983 (b537226d@gateway/web/freenode/ip.181.55.34.109) has joined #bittrex
- 2014-07-28 17:12:38 @bittrex-rami I'm open to giving TRUSTed members a kill switch
- 2014-07-28 17:12:40 ▬▬▶ BlkHandAfricanos (3e0c5863@gateway/web/freenode/ip.62.12.88.99) has joined #bittrex
- 2014-07-28 17:12:41 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:12:43 +axion I am most always here. I could help mod anytime
- 2014-07-28 17:12:44 +kassado if two or more "helpers" click the pause market button on a coin, it pauses it and sends you an alert
- 2014-07-28 17:12:50 +merx oo
- 2014-07-28 17:12:52 +merx a killswitch
- 2014-07-28 17:12:53 @bittrex-rami but that's an awfully big stick
- 2014-07-28 17:13:00 +kassado don't let just one person do it
- 2014-07-28 17:13:01 @bittrex-rami gives me the creeps just thinkning about it
- 2014-07-28 17:13:02 +cryptocobain kassado, i think it would need to be 3-5
- 2014-07-28 17:13:03 ▬▬▶ Junkratt-Work (~IceChat9@208.146.43.6) has joined #bittrex
- 2014-07-28 17:13:08 ◀▬▬ gpools (~gpools@113.162.145.79) has left #bittrex
- 2014-07-28 17:13:13 ▬▬▶ netshaper (uid39137@gateway/web/irccloud.com/x-iytkkoajyjkqsdpg) has joined #bittrex
- 2014-07-28 17:13:19 +binaryclock you could code something in your code that if the total coins exceed the maximum value, then disable the wallet
- 2014-07-28 17:13:28 +merx i'm sure there's some trusted peeps in here who are typically on.. make it like a 2-3 required or something to actually kill it
- 2014-07-28 17:13:32 ▬▬▶ TheDogeOfWallSt (~thedogeof@pool-173-68-93-19.nycmny.fios.verizon.net) has joined #bittrex
- 2014-07-28 17:13:36 +binaryclock it's a big sitck, but would merx, or myself or wuher abuse it?
- 2014-07-28 17:13:38 @bittrex-richie there is no way to figure out maximum value...
- 2014-07-28 17:13:42 +cryptocobain a 'trusted' block explorer authority could even be a community site eg. trustedexplorer.com and it adds/audits the blockexplorer validity for a small fee, since block explorers are easily cheated (changing COIN value, or etc)
- 2014-07-28 17:13:42 +binaryclock no, because that would fuck our reps
- 2014-07-28 17:13:47 @bittrex-richie ok stop.... w are designing solutions now..
- 2014-07-28 17:13:50 ▬▬▶ CyBrChRsT (~CyBrChRsT@75-135-25-228.dhcp.krny.ne.charter.com) has joined #bittrex
- 2014-07-28 17:13:50 @bittrex-richie can we leave that for later..
- 2014-07-28 17:13:59 @bittrex-richie lets focus on what the high level goals are...
- 2014-07-28 17:14:04 @bittrex-richie i'm going to state what we think we have
- 2014-07-28 17:14:06 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 17:14:10 @bittrex-richie 1) Scam Bounty
- 2014-07-28 17:14:16 ◀▬▬ IanCT (60e78e38@gateway/web/freenode/ip.96.231.142.56) has quit (Ping timeout: 246 seconds)
- 2014-07-28 17:14:31 ◀▬▬ shovel_boss (~shovel_bo@unaffiliated/shovel-boss/x-4881665) has quit (Ping timeout: 250 seconds)
- 2014-07-28 17:14:33 @bittrex-richie 2) Marking "vetted" coins... people will have to evaluate the person vettgin it.
- 2014-07-28 17:14:42 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:15:04 +cryptocobain Richie, my issue with #2 is that if I vet a coin, and it's all good, and then afterwards someone changes the coin -- I get blamed. "cobain said it was okay!"
- 2014-07-28 17:15:05 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Read error: Connection reset by peer)
- 2014-07-28 17:15:05 @bittrex-richie 3) Additional security checks - we are already woriking on things, but we are not going to enuermate it cause attackers will just know what to code around
- 2014-07-28 17:15:10 ◀▬▬ apmapm12|Work (c6a44449@gateway/web/cgi-irc/kiwiirc.com/ip.198.164.68.73) has quit (Quit: http://www.kiwiirc.com/ - A hand crafted IRC client)
- 2014-07-28 17:15:13 +Wuher bittrex-richie: Force coins to declare their total and daily maximum coin counts.. then it just takes a little math based on block rewards :)
- 2014-07-28 17:15:14 @bittrex-richie yes .. that is always a risk..
- 2014-07-28 17:15:31 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:15:34 ▬▬▶ apmapm12|Work (c6a44449@gateway/web/cgi-irc/kiwiirc.com/ip.198.164.68.73) has joined #bittrex
- 2014-07-28 17:15:34 +binaryclock there is a bit of a problem tho
- 2014-07-28 17:15:38 @bittrex-richie 4) Expose a kill switch to partners
- 2014-07-28 17:15:44 +binaryclock comes with random forced updates from dev
- 2014-07-28 17:15:58 +binaryclock devs should be forced to give 24 hours notice to github updates too
- 2014-07-28 17:16:07 @bittrex-richie every solution we come up with has a counteraction
- 2014-07-28 17:16:08 +binaryclock otherwise they can sneak shit in
- 2014-07-28 17:16:28 +kassado I think they just want to make it harder
- 2014-07-28 17:16:31 +kassado nothing will "fix" it
- 2014-07-28 17:16:33 +CryptoAsian there is no perfect solution, only checkpoints to better verify
- 2014-07-28 17:16:38 +merx thats why a single solution isnt the answer, but a combination should help
- 2014-07-28 17:16:41 @bittrex-richie yes..
- 2014-07-28 17:16:42 +Wuher bittrex-richie: Add a requirement on top of "must have block explorer" -- which is "must disclose coin count/schedule". If you detect a discrepancy, shut down the market until its resolved
- 2014-07-28 17:16:44 +cryptocobain richie, when you update do you take a market offline?
- 2014-07-28 17:16:56 @bittrex-richie cryptocobain, very rarely
- 2014-07-28 17:16:57 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Client Quit)
- 2014-07-28 17:17:08 +merx just remove the 'vetted by' on updates
- 2014-07-28 17:17:13 +ziddey well then you have the issue of emergency hardforks. it could be planned all along so they could sneak something in. in such a scenario, other exchanges may be willing to update immediately and people will be angry that you're imposing a 24h lockdown for review
- 2014-07-28 17:17:23 @bittrex-richie yup..
- 2014-07-28 17:17:33 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:17:37 +binaryclock if there is a hardfork, unplanned, then markets and pools should just go down
- 2014-07-28 17:17:42 @bittrex-richie every action has a reaction.
- 2014-07-28 17:17:43 +binaryclock end of story, not miners faults
- 2014-07-28 17:17:45 +cryptocobain richie, it might be possible when 'updating' to diff the old reward function, and other 'key' parts of the codebase against the previous srcc
- 2014-07-28 17:17:50 +Wuher You could force coins to pay for unplanned updates
- 2014-07-28 17:17:51 ◀▬▬ cryptobum (~cryptobum@90.198.250.239) has quit (Read error: Connection reset by peer)
- 2014-07-28 17:18:01 +binaryclock These devs are playing on the fact that everything is a rush
- 2014-07-28 17:18:03 @bittrex-richie cryptocobain: thats usually easier cause we can see the diffs in github
- 2014-07-28 17:18:19 +ziddey heh id gladly pay 5btc for an unplanned update if it meant i could scam 200btc
- 2014-07-28 17:18:22 ▬▬▶ cryptobum (~cryptobum@90.198.250.239) has joined #bittrex
- 2014-07-28 17:18:34 +Wuher ziddey: well, it would still have to be reviewed, you would just be buying a more immediate review
- 2014-07-28 17:18:37 @bittrex-richie ok.. guys
- 2014-07-28 17:18:47 @bittrex-richie based on this discussion , i think we have 4 action items
- 2014-07-28 17:18:56 @bittrex-richie i want to start a thread on BCT with these 4 items
- 2014-07-28 17:19:04 ◀▬▬ N2NShadow (~CryptoKil@pool-96-243-111-124.sctnpa.east.verizon.net) has quit (Ping timeout: 264 seconds)
- 2014-07-28 17:19:09 @bittrex-richie and have you guys back up the rationale behind it..
- 2014-07-28 17:19:18 @bittrex-richie peolpe need to learn that we cant just "code review" everythnig
- 2014-07-28 17:19:27 +binaryclock but we are
- 2014-07-28 17:19:29 +binaryclock dw
- 2014-07-28 17:19:32 +cryptocobain someone should post this log
- 2014-07-28 17:19:38 +axion i'm on it
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement