You can't trust much in this particular corner of the internet.
How many people are monitoring the blockchain in that way - sounds like an app idea.
Through these giant waves of expansion, they've kept their trade engine running quickly (people have described a few brief periods of slower operation, but it never affected me).
A lot of folks discount them because they're in Eastern/Central Europe, but really Slovenia's business environment shares more with Germany than it does the rest of Eastern Europe.
All in all, I think Bitstamp is doing a great job.
Checked with the team and we couldn't find any interaction matching that description. http://www.reddit.com/r/Bitcoin/comments/1wtbiu/how_i_stole_...
We work with a community of security researchers who help us test these sort of things https://coinbase.com/whitehat including quite a lot on race conditions. We use a variety of datastores for different parts of the app where they are best suited.
Some people view this as a problem, personally I view this as a benefit. Because of them being a little bit sketchy, they don't ask for ID verification and offer some services, margin trading for example that other exchanges do not due to legal complications. As long as you use it as an exchange and not as storage I think it's perfectly fine.
Why is MongoDB bad? It's not ACID compliant. It's hard to determine the state of the database with concurrent processes attempting to modify its data. Given the explanation it's fairly clear that it's Coinbase being talked about.
(Also, MongoDB is like the worst NoSQL data store out there for a task like this.)
It makes sense to use mongodb for commenting system where nobody cares if you lose a comment or certain comments are written before others.
But no competent architect would use mongodb for financial/currency transactions.
If coinbase did use mongodb, it will be inevitable they will have transactional issues. The more popular coinbase gets, the more transactions they process, the more issues they'll have. I don't envy the poor souls that have to track down these kinds of issues...
It's not particularly likely to eat your data or kill you as you get started, and the ecosystem is relatively unified which means consistent and generally good best practices documentation. Becoming a Postgres expert could take a lifetime as the database offers an astonishing depth of features, but it won't bite you if you just use the basics. Plus the source is quite good if you ever find the urge to dig deep.
A couple of gotchas might bother you. You'll need to implement your own strategy for upserts if you need those. But you do get robust native support for popular data types commonly seen in today's apps: geographic data as well as document data (via HStore or JSON).
The MySQL/MariaDB family is well-proven as well, but with tens of available storage engines, two core forks, and a bit of non-standard SQL magic sprinkled throughout it's harder for a beginner to learn the best practices IMO.
The challenge comes once you exceed what one machine can do and want to move beyond the simple client(s) <-> (possibly replicated) server model. Keep in mind that depending on your project, this might not ever happen to you. Certain types of mid-sized sites like Basecamp and Stack Exchange have gotten away with throwing bigger hardware at their database systems.
If or when you reach the point where you need a distributed database, you have to choose between consistency and availability. I'll let the experts explain some of those concepts by linking to this excellent article by Coda Hale: http://codahale.com/you-cant-sacrifice-partition-tolerance/ . That's when you'll find yourself in the NoSQL world - many NoSQL databases are useful in that they try to trade consistent for available in some way or another. While they generally fail completely to actually do so, as illustrated in Kyle Kingsbury's excellent "Call Me Maybe" series, the largest -scale systems are all based on a "NoSQL" data store in some way or another.
Having said all of that on my personal site I actually use RethinkDB because it is delightfully easy to setup and code against (I just persist my Go structs to the db and don't worry about a relational schema to maintain) and I don't really care about data integrity there, so I don't mind that RethinkDB is relatively new and untested. So one size doesn't fit all, but PostgreSQL is still, IMO, generally the "safest bet" if you do care about data integrity and don't want to spend hundreds of thousands of dollars on licensing to scale it up.
If you do want to experiment with NoSQL databases, MongoDB is probably the easiest to get going with (which is why it is so widely used). However, you seem statistically unlikely to be in the group that is happy with MongoDB in production :-)
HBase has a much brighter future for the NoSQL use cases (and is even getting SQL support!)
From the point of view of NoSQL data stores, it'll really depend on your application needs, and I can't give you a full overview, buuuut.... Amazon did a solid job with its DynamoDB database, and Apache Cassandra did a solid job cloning it. I believe I've also heard decent things about the sanity level of Redis and Hypderdex.
It is loosely based on the Dynamo paper like most modern distributed databases, but Dynamo and DynamoDB are very different things.
Riak could be another interesting option in that space. Redis is more adapted for small datasets with high workloads and low durability expectations (i.e. do not host a Bitcoin exchange purely on it unless you really know what you are doing :p).
Else you're better off with NoSQL (I found CouchDB amazingly easy).
The problem here is that developers not taking the time to understand their application and how their tools work. Yes, MongoDB gives you enough rope to hang yourself and I certainly wouldn't suggest using it for a financial ledger, but you could have a durable application based on it if you really wanted to.
However if developers of a financial system cant grasp the need for atomicity in the transaction path then they're going to be buggering things up all over the place.
Tokutek engineers are top notch.
If you are even thinking about following any of the advice on that page, you are no longer in the MongoDB use case: you plainly need transactions.
In particular, dijit asserted that "Not ACID => Not secure" (which is debatable, but that doesn't matter here) from which you can also validly deduce the contrapositive "Secure => ACID". However, you then (sarcastically) asserted that dijit is saying "ACID => Secure", whereas in fact he said nothing like that.
That being said, I don't think a schemaless database is really appropriate for carefully considered (or what should be carefully considered) financial data.
I dislike MongoDB, but if I had to try to summarize objectively:
1) It is marketed very heavily, including to use cases to which it is poorly suited
2) It can be very complicated to run in production, I think because it actually wasn't originally designed to be distributed.
3) It has a history of data loss. I think this is because it generally favors performance over reliability, combined with #1 and #2
I have run it in production, thrown over the fence by some dumb devs who believed the lies that "you don't need a DBA". Well you need a full time team and a lot of hardware, and that's comparing it to Oracle.
What about other NoSQL solutions?
MOST other NoSQL solutions actually do things like treat their index differently than their bulk data so that it isn't accidentally swapped out, ruining performance. Many also do important things like supplying durable writes. (Your data may not be consistent at any one given moment, but it'll get there.)
Trust is a slow process.
For example, they need to know where do you get your money from, and if it's from mining, they want copies of bills for the mining rigs, and so on.
But you have to have robust systems first.
There is also the huge problem that they do not have MSB licenses in the US, so it's only a matter of time until Florida or NY sues them, or demands the arrest and extradition of the owners for not complying with US laws yet still allowing American customers.
Foreign services stopped dealing with US residents because last year new FBAR and FATCA compliance rules went into effect, requiring US taxpayers to provide more information about their foreign assets, and the US signed numerous new agreements with most major nations to share data about U.S. account-holders (agreements under which either nation could demand specified information about account-holders in the other nation as if they were domestic institutions) Many European banks stopped doing business with Americans because it was a paperwork nightmare to deal with the compliance.
The Final Rule requires each foreign-located MSB to appoint a person residing in the United States as an agent for service of legal process with respect to compliance with the BSA and its implementing regulations.
Translation: Bitstamp, if they take $1 from an American customer are now required to register with FinCen, possibly apply for licenses (nobody has figured this out yet at the bitcoin foundation) and have an agent based in the US to oversee legal compliance. I haven't heard of Bitstamp doing this. Use at your own risk.
Just like you don't worry about crazy laws in Saudi Arabia or Kuwait that prohibit drinking alcohol.
They can try and press the UK, but that, at best, will only result in Bitstamp moving its headquarters to a different country, which would result in a ton of taxes leaving too.
They can and do go after banks that have subsidiaries in the US. They also can pressure those banks that don't by going after their affiliates that do.
These exchanges have to have a certain amount of capital set aside and can't simply disappear with account holder's money if they get hacked due to incompetence.
The Bitcoin team did push out a change in 8 hours once for a critical signed/unsigned bug that threatened the whole system , but this problem looks to me like NOTABUG/WONTFIX. The transaction malleability is an annoyance, not a real bug. Basically the support team just needs to spend an extra 5 seconds checking a transaction instead of blindly issuing refunds.
My recent article  goes into the Bitcoin protocol in great detail if you want to know more about transaction signing, which should help explain technically what is going on with malleability.
Is this an excuse for Mt Gox to withhold coins? Absolutely not. Who knows whether they are giving a big fuck you to the bitcoin community, now that there's little left to lose, or whether they've lost or outright stolen the coins.
But whats more important is that this malleability stuff is not very much related to fraud risk, I explained more here: http://sourceforge.net/mailarchive/message.php?msg_id=319565...
He's a cancer and nobody should be using MtGox. You're supposed to trade coins in IRC decentralized using the web of trust, or localbitcoins in person. Exchanges should only be used if you have a business bank account and are on first name basis with the guy who runs Bitstamp or Cavirtex on IRC otherwise you get delays and holds for identity verification, limits, other problems like your bank freezing your account when they notice wires going to Slovenia too often.
*Edit Gavin just posted a response on the bitcoin foundation blog, confirming Gox is indeed full of shit.
If people lose all confidence in Gox, but still retain faith in other exchanges, then that means we're going to witness MtGox's price drop while the other exchanges' prices rise. However, this becomes an economic opportunity for anyone who wants to do arbitrage between exchanges. Therefore it seems like the prices won't ever diverge too much.
The conclusion, it seems, is that no matter how bad one exchange is, it will simply drag the overall price of Bitcoin down across all exchanges rather than suffer punishment as an individual company. The fact that arbitrage is doable seems to give MtGox some insulation from consumer outrage.
This poses a question: Is it true that as long as an exchange keeps functioning, then it's "here to stay" no matter how badly they behave? Is there any way that an exchange could go out of business from nothing more than consumers losing faith that one exchange?
Coinbase isn't an exchange. They are a dealer. When you buy or sell on Coinbase your are interacting directly with Coinbase. You trade with them at their discretion. There is even some jargon about Coinbase being able to "cancel or reverse potentially high-risk buys or sells of bitcoin", though it isn't clear what high-risk means from the context. See section 3 of their user agreement.
Prior to that, i'd buy some coins and they'd wait until the price dropped quite a bit to "complete the transaction." And i'd contact them again and again and it would take them a week to get back to me as the transaction was pending.
No, and that's evident by the fact that Mt.Gox has been losing market share steadily since their withdrawal problems started. People are leaving Mt.Gox but at a very slow rate because there is a limit of outgoing transfers like 100-200K EUR/day so at most they lose something like 6M worth of deposits every month. If they solve the withdrawal problems right now I'm pretty sure people will forget about all the issues over the years and will happily trade at MtGox again. But if the problems continue for 1 more year, I think Gox will be pretty much dead.
Realistically, Mt. Gox have said they won't allow withdrawals indefinitely. They know that fixing this issue — known since 2011 — is going to take time. It's already been 3 years with no fix.
This is their get out of jail free card, giving them as much time as possible to work on whatever they need to do to get things back to normal... if they even want to.
The headline is "Largest Bitcoin Exchange Doesn't Understand Bitcoin"
What hope do retailers and any but the very-technical have in managing the risk implicit in digital currencies?
Not to mention, seeing supporting forum posts where people are discussing the parts of fractions of coin being sent around... do people really think 8-10 digits past the decimal can hope to be manageable for consumers? It's bad enough to deal with Yen conversions.
Please tip your server .00343874938239487 bitcoin. When 15% of the value can evaporate while business is happening... when do you bill the customer for lunch? When they order?
We've been through this several times with Mt. Gox. It's time for everyone to STOP using them and start using something else for trading. Continuing to use them and making rationalizations that things will 'get better' will only result in a global case of cognitive dissonance.
They are threatening an ecosystem that is important and which has a large potential value. In my opinion, they need to be removed from that ecosystem.
Ugh. Local wallets, people. Local wallets.
I feel really sorry for those with funds tied up with MtGox. It was only recently where I used MtGox to store most of my bitcoin and I am lucky to have decided to move them all to paper wallets.
This demonstrates one of the biggest issues holding back widespread adoption of bitcoin, the ability of the layperson to securely hold large amounts of bitcoin.
Here are 2 easy solutions to this problem which do not require anything to be done by the bitcoin community, and could be exacted by Mt. Gox today:
1. Allow all transactions to go through as before, but state clearly that if your transaction does not go through after being submitted, it will take a long time to clear the transaction, because it will have to be checked by hand. Assuming that 90% of people are not planning to scam Mt. Gox, 90% of people would be able to get their money. The remaining 10% would have to wait a bit longer while Mt. Gox checks transactions by hand.
2. Alternatively, write a system were a user can request to withdraw bitcoins. The Mt. Gox server first generates a new wallet, than transfers the BTC to that wallet, than send the user the public and private keys for that wallet. Assuming that the user (for good reason) does not trust Mt. Gox, they than can simply transfer the BTC from a temporary wallet to a permanent one.
I'm in Europe, and I like Kraken very much. blockchain.info recommended them.
You'd rather place the process in the hands of people no more competent or interested than those already involved? and do so by threat of force?
Either way, MtGox has been consistently out of line with market price, in a market with plenty of arbitraging, indicating that they have problems and people know it.
I don't know how to get easy numbers on exchange volume over time, but I do know that Mt Gox has fallen from the obvious top exchange to a solid third over the time I've paid attention (maybe half a year.) Why they still have any decent volume, I don't know; inertia, people still cashing out or waiting for Mt Gox to improve, suckers lured by the arbitrage opportunity, perhaps the Japanese domestic market (they're the only Yen exchange). I know I wouldn't touch the place with a 29.5 foot pole.
However, in reality there are huge obstacles to moving fiat money around and the market is simply not allowed to improve liquidity how it desires.
That seems an incredibly preposterous statement to me. Also why isn't the market free exactly?
Sometimes I feel bitcoin people live on a different plane of reality.
5. http://www.nbcnews.com/tech/tech-news/bitcoin-goes-mainstrea... - scanning hands of the customers to protect ATM from raid.
If you are a merchant slightly interested in Bitcoin, your concern number 1 is "is it legal? Won't my taxman hit me with huge fines so I have to close the shop just because I did something suspicious?"
If you are a guy building an exchange your concern number 1 is "won't I go to jail for 'laundering' money for some guy who then goes and buys drugs elsewhere with coins he bought through my service". Also: FinCEN tells you to get "money transmitter" licenses in 48 states which is VERY EXPENSIVE, so only a few guys are allowed to even try.
If you are a guy with an ATM, your concern number 1 is "won't they confiscate it for investigation for several months and put me in jail meanwhile for aiding terrorists and child pornographers?"
There's a lot of pending demand to do anything related to Bitcoin. And the reason it's not serviced yet is a big legal concern and very-very-very harsh law enforcement behaviour. If you are a suspect, you've already lost. Even if you are free to go later, you already lost time, money, opportunity, some property etc. You simply can't do business in such landscape.
Free market would mean that there's no uber-controller over the entire property of the whole multi-state country. If every shop owner is free to own his piece of land how he wants and resolving disputes directly with anyone who's concerned, then you could see many more bitcoin ATMs and other businesses. But currently you are at a permanent risk of well-equipped guys with guns coming to you and taking your stuff and yourself, just for doing something innocent which is not yet explicitly allowed.
Any organization which is tax-funded has inequality and discrimination built in. Some are net tax payers, others are net tax receivers. Then, net tax receivers dictate why it's good and honest for them not to pay, but receive and why it's good and honest for them to extract payment from others. And under what "regulations". Obviously, tax-funded regulations cannot be applied indiscriminately to all participants.
Free market is not about equality. It's about ability to protect property against anyone's opinion. Bitcoin and the internet themselves are a fine example of a nearly free market: no matter what you think of me and no matter what I think of you, we both can avoid each other and no one can take each other's coins. But if we don't have such technology and have to keep our cash in a bank, then we both depend on someone's opinion how the money should be used and how much we can spend and where.
One of the problems with people advocating for a free market is that they don't understand what it really means: might makes right.
2. Free market for me is about protection, not aggression. Bitcoin network is a free market in a sense that everyone's property is very cheap to protect and very expensive to extract. No matter what I think about how government should work, your BTC is safe and same for my BTC regarding your opinions. We simply have no other way, but to stop arguing and start cooperating voluntarily or just ignore each other. With BTC scripts we can fully insure our contracts without any need for neither "law", not its "enforcement". You can be very-very rich guy, but it still will be more expensive for you to steal my coins than just to trade honestly.
Expanded argument: http://blog.oleganza.com/post/71410377996/crypto-anarchy-doe...
2) Using your own personalized definition of free market changes the discussion. "Free market" isn't about protection or aggression, or power of any kind. The common definition is that that the market is free of external influences, so that market forces determine all outcomes. Indeed--by the common definition of "free market" Bitcoin is the absolute opposite--it's the pinnacle of socialized currency: everyone owns the currency and everyone is responsible for protecting it. BTC scripts don't eliminate the law or its enforcement, they become the law. (Law is simply regulation--in whatever form it takes place. For example, in the US law is both statutory, case-based, and practice-based, depending on the context.)
> "...rather than their own bottom line."
Sooo how does it do it? How does it determine a unique transaction id?
I think a lot of the comments here and especially the article detracts from the discussion. The article seems to go on a rant of all the other mistakes mt gox make rather than addressing the issue.
What is the recommended solution by bitcoin implementers to verify a transaction succeeded, with transaction malleability existing ?
Cannot the bit coin protocol be used by end users with full features without a third party "wallet" service ?
Are these services purely for people that don't understand files and encryption utilities ?
I do not use bitcoin, but if I did, I assume I would just protect and back up those computer files like many other extremely valuable computer files I have.
What am I missing here ?
There are also end-user applications like Armory, which are meant to manage and secure a wallet on an end-user's machine, but its inevitable that people will use online services for foreseeable future.
They didn't discover anything - they were warned, quite some time ago, that they were not correctly spending and opening themselves up for double+ spends due to their own misunderstanding of how to reliably track a spend (compounded by their coding errors).
Magic The Gathering Online Exchange.
Chase Manhattan, they are not.
JP Morgan Chase started as The Manhattan Company (http://en.wikipedia.org/wiki/The_Manhattan_Company). Formed to provide a clean water supply instead the owners took 95% of the $2 million to form a bank and created a system of waterworks that caused massive cholera outbreaks ... I don't think MtGox has killed anyone yet, though I've been convinced for a time that they've probably made-off with a lot of the money.
JP Morgan Chase aren't exactly trustworthy either, motivation based on pure financial profit will do that - a synopsis of some of their major indiscretions: