

Straight: An Open-Source Bitcoin Payment Gateway - yrashk
http://straight.romansnitko.com/

======
tedivm
This is a great project, and I really like where it's going. I'm glad you're
upfront about bootstrapping this project using third party services, but even
more happy that you've architected this in a way where removing those third
party dependancies will not be a problem. That's going to be killer for a
gateway like this.

------
Cointopay
Guys, with cointopay.com we allow you to run your own altcoin node and use
that to accept payments. Just found this initiative, this is great and we want
to contribute for a solution that takes out the middleman. In someway
Cointopay is also a middleman, but at least our mindset is the correct one
regarding decentralization, hence we want to help.

@romansnitko, can you add me to skype: spunxz

------
0x93D2
It might be installed on your server, but it's relying on a heavily
centralized service (blockchain.info) that is frequently down for many hours
at a time. Even worse you're giving them information about every payment you
process, and giving them an opportunity to feed you falsified data whenever
they feel like it. I'm not sure this is at all what we should be encouraging
in the interests of safety and decentralization.

~~~
snitko
So, first of all, Straight currently uses two blockchain adapters, one for
Blockchain.info and another one for Helloblock.io. If one is down, it will
automatically switch to another one. I will be adding more adapters in the
future. It will also be possible to implement a cross check where if one
service is lying about a transaction, I can check with another.

More importantly, I will add a bitcoind adapter for those willing to store
blockchain on their server and not trust any third party service.

To sum it up, there is nothing in the architecture of this software that says
you should rely on third party services to query the blockchain.

~~~
0x93D2
> It will also be possible to implement a cross check where if one service is
> lying about a transaction, I can check with another.

That just means you're leaking all of your payment details to multiple parties
instead of one, makes you dependent on the uptime of two different services at
once, and doubles the number of outgoing requests.

> More importantly, I will add a bitcoind adapter for those willing to store
> blockchain on their server and not trust any third party service.

I'm not sure how you intend to accomplish this, bitcoind doesn't have an
interfaces or the indexes to do arbitrary "address balance" (addresses do not
have balances!) lookups like your blockchain.info adapter expects. You'll have
to built your own indexes from the raw block data, or implement an SPV node,
or some other such mess.

~~~
snitko
I think Bitpay recently released an opensource library (haven't looked into it
yet) that accomplishes just that. So I will probably take a look at it first.

As for leaking the data, I'm not sure about you mean. What adapters do is,
they simply check addresses and transactions. How does that qualify as
leaking? Straight doesn't tell Blockchain.info or Helloblock.info how much
money is expected, nor does it tell them who made the payment and which store
expects it.

~~~
0x93D2
> I think Bitpay recently released an opensource library (haven't looked into
> it yet) that accomplishes just that. So I will probably take a look at it
> first.

This requires 70GB of leveldb indexes on disk, as well as the 30GB block
chain, but is a better solution if you can spare the disk space and CPU time.
Else an lite client can be made to be very light weight for a situation like
this, around 75MB on disk all told.

> Straight doesn't tell Blockchain.info or Helloblock.info how much money is
> expected, nor does it tell them who made the payment and which store expects
> it.

Sure it does. It marks all of the "address balances" you query with payments
received by your service. You're making a request to an unused address moments
before it will be receiving a payment from another party, proof that
particular IP address is the receiver. As soon as you have a marker like that
you can begin exposing the customers involved much more easily.

~~~
snitko
Well, yes, I agree then, it does leak. I still think this is way way way
better than using Coinbase or Bitpay. There's really no other alternative
right now when it comes to accepting Bitcoin payments. I think, given enough
effort, we can make Straight more secure and private and leak less data, but
fundamentally, it looks like privacy vs convenience may always be a trade off,
at least to a certain extent.

If you have any ideas how to improve it, I'll be happy to listen.

~~~
0x93D2
There are others, actually.

[https://github.com/slickage/baron](https://github.com/slickage/baron)

Doesn't rely on Blockchain.info either :)

