Hacker News new | comments | ask | show | jobs | submit login

Many people are expressing surprise by the events that have unfolded here with Mark Karpeles and Mt. Gox, but I'm not surprised in the least.

I've known several web developer "enthusiasts" over the years who know just enough PHP (usually it's PHP, but this applies to other technologies as well) to build things that mostly work and feel confident that they can solve anything with "a little PHP." Working mostly alone, these people prefer to spend their time building constantly, and little time learning or keeping up with current best practices (or in this case, cryptography).

There are a large number of companies (many of them doing very well) built by people like this, and even when they bring on other developers, no one has the courage to tell the original developer (who is often CEO) that their code sucks and needs to be scrapped completely. They keep throwing more crap onto the pile because the machine "works" and customers are demanding new features. The original (incompetent) developer feels a sense of pride for his or her work, and nothing short of total failure (in this case, spectacular failure) will convince them that their work is anything less than genius.

It's unfortunate that some companies thrive in situations like this (it sets them up for failure), but it happens all the time.

I don't know Mark personally, but from everything I've read from him over the years, he seems to fit the description above. It doesn't necessarily mean he's a terrible person or a thief (he could be that as well, but I have no knowledge to prove one way or the other). It just means he got in over his head, and kept the site running on deeply flawed assumptions and implementations (e.g., no standard accounting, little understanding of security, etc). It's a shame that people kept coming back to Mt. Gox and entrusted the site with their money, even after those behind Mt. Gox proved themselves to be incompetent over and over again.

Is it sad? Yes. Is it surprising? The only surprising thing is how people kept going back.

As for the missing and suddenly reappearing coins, I honestly think they just had absolutely no idea where everything was. I've heard people describe Mt. Gox's infrastructure as a hodgepodge of random scripts and servers duct-taped together, and it's easy to imagine a dozen hard drives filled with an unorganized mess of Bitcoin wallets, private keys, database dumps, etc. I believe they're honestly trying to pick up the pieces, but the pieces are scattered everywhere.

> I've known several web developer "enthusiasts" over the years who know just enough PHP (usually it's PHP, but this applies to other technologies as well) to build things that mostly work and feel confident that they can solve anything with "a little PHP."

Not trying to start another language debate, but this point I think epitomizes the sort of hate PHP gets from a lot of developers. Regardless of any pros of the language/tool and how much better it might have gotten over the years PHP as a language and ecosystem seems to encourage this mentality. Another, more recent example, seems be NodeJS. You can write beautiful, rigorous, well tested and thought out code in PHP or Javascript, but that hardly seems to be what most people are doing or even what those communities, in general, encourage.

I agree. I've seen some beautiful PHP over the years, but much of it... isn't so beautiful. The culprit as you say isn't so much the current state of the language, but the legacy left as the language has evolved and the community that emerges as a result of the language's features/attractive qualities.

PHP is popular, readily available, and has a very low barrier to entry. It's the first language I picked up, primarily because it was the "gateway drug" of programming (for me). I had little intention to learn programming, but began making some basic HTML web pages in the mid 90's for fun. Other languages looked like greek and didn't interest me at all, but when I first saw a few snippets of PHP, I felt empowered because it felt more like an "HTML tag" that could perform logic rather than being a "full" intimidating language; I was naive, but that's how it felt. At the time, I didn't even completely understand the fact that PHP was executed on the server-side, while JavaScript (in my web page) was executed client-side.

Ironically, from what I understand, PHP was originally intended to be little more than a template language. OOP and other features were added later to allow PHP to function more like a "proper" programming language. Unfortunately, it still carries some oddities from the early days (procedural and OOP ways to do many things, the default use of PHP opening/closing tags even in scripts where HTML/markup may not be applicable, etc.).

I'm happy that PHP got me interested in programming, and I think it still captures the interest of otherwise non-programmers today. It still empowers people to do amazing things without forcing all of the complexities (or best practices) of other languages. I don't fault PHP for the situations described above (incompetent people getting in over their heads and turning a blind eye to best practices), but many of the features that make PHP accessible to these kinds of people (including myself years ago) don't exactly help encourage or enforce best practices. The same could be said for NodeJS and others as you say.

The current incarnations of PHP, NodeJS, and others certainly allow for more disciplined and well-designed code, but the culture/community behind a language is shaped by much more than just the current state-of-the-art.

Why pick on PHP and Node? This can be said for X, Y, and Z programming languages.

PHP and Node are unusually easy to get started in. I think this is where many of the issues originate.

Unfortunately, PHP has replaced VB6 in this way (not in other ways though!).

We're definitely in that position, except we know our stuff is shit and we're rebuilding it and hiring furiously to rebuild it. 99% percent of life is knowing the difference isn't it?

Maybe the biggest tragedy of Mt. Gox is that even after doing well and earning loads of revenue, they still didn't recognize (or hire someone who would help them recognize) their own weaknesses.

This story should be a wake-up call for any entrepreneur/developer to never become complacent, even when things are going well.

There's a big difference between making an app that loops an MP3 (no offense - certainly well done and well marketed) and one that handles millions of financial transactions. Don't feel bad - if something goes wrong with yours, nobody loses their life savings.

I think it's fair to say at this point that if somebody placed all their life savings in Mt Gox, they themselves probably deserve at least some of the blame for their loss.

I appreciate that - I actually run a fintech startup that handles some of the most sensitive information that exists. Our security around THAT information is solid, but the front end that interacts with it is shit and that makes me nervous.

I just noticed your profile mentions Coffitivity's revenue. What's the revenue model, if you don't mind my asking?

We sold the apps for a while and made enough money to power the company for a while, making the move to freemium now. I'm actually no longer actively involved with Coffitivity, I founded knoxpayments.com and am doing that full time. Coffitivity is in some extremely capable hands though.


Which company are you involved with?

KnoxPayments.com - connecting all US bank accounts so people can make payments just by logging into their online banking. Working pretty furiously to make it way better, which forces us to stay in closed Beta and hold off on some of larger integrations that would be pushing our revenue up.

He's a founder at http://coffitivity.com

> It's unfortunate that many companies thrive despite situations like this, but it happens all the time.

Would you prefer successful company run by incompetent people or unsuccessful company run by competent people?

Neither. I prefer a successful company run by competent people since it has greater chances of survival ;)

Then it becomes a big and successful corporation that is usually loathed here. No strategy can win this game :)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact