Author Topic: Most of 100% delegates don't provide Asset feeds - why?  (Read 6263 times)

0 Members and 1 Guest are viewing this topic.

Offline vegolino

  • Sr. Member
  • ****
  • Posts: 450
  • Reality is Information
    • View Profile
In my modification of xeroc's feed script each delegate is free to set weight to each exchange. Exchanges can even be ignored. It also accounts for relative volume between exchanges.
You could have unique configuration if you want to.
Current scripts were created in a hurry. There could be a lot of improvement over them. However they are tested and they seem to be working so far.

I think more important for security is that all delegates provide feeds regardless of the method. And then each delegate can customize and change or upgrade his script.
If there are 60 delegates publishing feeds (instead of 100) then smaller set of malicious delegates is needed to manipulate the median price.

  +5%

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
it should be a official basic feed script available/approved  on  the bitshares github 

Sent from my ALCATEL ONE TOUCH 997D


Offline emski

  • Hero Member
  • *****
  • Posts: 1282
    • View Profile
    • http://lnkd.in/nPbhxG

In addition, I'm not comfortable giving a third-party script access to my delegate's private key.


I'm no genius in programming , but even I could spot a command that can get your private key if it's in the script .
It's really that simple .

Neither was I comfortable... That is why I reviewed and modified the script.

Offline btswildpig

  • Hero Member
  • *****
  • Posts: 1424
    • View Profile

In addition, I'm not comfortable giving a third-party script access to my delegate's private key.


I'm no genius in programming , but even I could spot a command that can get your private key if it's in the script .
It's really that simple .
这个是私人账号,表达的一切言论均不代表任何团队和任何人。This is my personal account , anything I said with this account will be my opinion alone and has nothing to do with any group.

Offline emski

  • Hero Member
  • *****
  • Posts: 1282
    • View Profile
    • http://lnkd.in/nPbhxG
In my modification of xeroc's feed script each delegate is free to set weight to each exchange. Exchanges can even be ignored. It also accounts for relative volume between exchanges.
You could have unique configuration if you want to.
Current scripts were created in a hurry. There could be a lot of improvement over them. However they are tested and they seem to be working so far.

I think more important for security is that all delegates provide feeds regardless of the method. And then each delegate can customize and change or upgrade his script.
If there are 60 delegates publishing feeds (instead of 100) then smaller set of malicious delegates is needed to manipulate the median price.
« Last Edit: February 05, 2015, 08:15:36 am by emski »

Offline cube

  • Hero Member
  • *****
  • Posts: 1404
  • Bit by bit, we will get there!
    • View Profile
  • BitShares: bitcube
I'd like to pimp my script to "rock solid" too .. what are the missing points for that? Better exception handling? flexible exchange RPC parsing? are we even talking about code style or about doing the "calculation" right?

Can't we have one rock-solid script that pulls prices at individual times and use individual feed-publishing-rules and price calculated (weighted, non-weighted, set of exchanges, etc..)

Disclaimer: I am not selling my script here, just wanted to start a discussion about what degree of freedom is necessary

I am looking forward to a 'rock-solid' script too.  This would raise standard across.
ID: bitcube
bitcube is a dedicated witness and committe member. Please vote for bitcube.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I've started writing a feed script, but I want to make sure it is rock solid.  No feed at all is better than a feed script that's poorly tested.
I'd like to pimp my script to "rock solid" too .. what are the missing points for that? Better exception handling? flexible exchange RPC parsing? are we even talking about code style or about doing the "calculation" right?

Can't we have one rock-solid script that pulls prices at individual times and use individual feed-publishing-rules and price calculated (weighted, non-weighted, set of exchanges, etc..)

Disclaimer: I am not selling my script here, just wanted to start a discussion about what degree of freedom is necessary

Offline cube

  • Hero Member
  • *****
  • Posts: 1404
  • Bit by bit, we will get there!
    • View Profile
  • BitShares: bitcube

They should definitely be audited by each delegate (_another reason why it is important to separate concerns_ by making sure the person actually running the delegate is a tech person and not just a good worker for the DAC).


This is a good point and should be a good practice for all 100% delegates.
ID: bitcube
bitcube is a dedicated witness and committe member. Please vote for bitcube.

Offline mint chocolate chip

Lame excuses, which invariably sets a bad precedent. Part of being a delegate are these feeds.

Isn't the price feed market trading a 'core blockchain feature'?
My main area of interest is design and implementation of core blockchain features.

If you say you will do it, do it.
I will start publishing feeds just for this

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1335
    • View Profile
just tweak the update rate and atleast provide some sort of feed.. we know devs are lazy but cmon
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
As far as I am concerned, every delegate should run a script with private customizations not publicly disclosed, it's much harder to game 101 different algorithms whose details are unknown, than it is to game a single published algorithm that everybody uses.

So... security through obscurity?

In addition, I'm not comfortable giving a third-party script access to my delegate's private key.

They should definitely be audited by each delegate (another reason why it is important to separate concerns by making sure the person actually running the delegate is a tech person and not just a good worker for the DAC).

I've started writing a feed script, but I want to make sure it is rock solid.  No feed at all is better than a feed script that's poorly tested.

I agree there.
« Last Edit: February 05, 2015, 03:02:14 am by arhag »

Offline theoretical


Like Toast said, I'm not going to want to run the same script everyone else is.  As far as I am concerned, every delegate should run a script with private customizations not publicly disclosed, it's much harder to game 101 different algorithms whose details are unknown, than it is to game a single published algorithm that everybody uses.

In addition, I'm not comfortable giving a third-party script access to my delegate's private key.

I've started writing a feed script, but I want to make sure it is rock solid.  No feed at all is better than a feed script that's poorly tested.

But I am pretty busy doing actual work, and doing this is pretty far down on my list at the moment.  Maybe after 1.0 is out.
BTS- theoretical / PTS- PZxpdC8RqWsdU3pVJeobZY7JFKVPfNpy5z / BTC- 1NfGejohzoVGffAD1CnCRgo9vApjCU2viY / the delegate formerly known as drltc / Nothing said on these forums is intended to be legally binding / All opinions are my own unless otherwise noted / Take action due to my posts at your own risk

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
I'll publish feeds when I get around to making a UNIQUE feed script. Running another copy of alt's or xeroc's scripts adds no extra security (negative security due to false perceived security?) but makes me feel "done" with that task.

Can't we argue that some scripts can be compared to other scripts as objectively better? So stakeholders shouldn't want a poor script just because it is unique. I am sure there will be scripts that cannot be objectively compared because of some value judgement, but in that case we have a choice of having diversity in the value judgements made by these scripts or to just choose the scripts that make value judgements that is agreeable to most stakeholders (or perhaps proportional representation would be better?).

What I am trying to say is if we had one open source script that was really great (as in it would be hard to argue that any other script is better than this one) which takes the price of many different exchanges into account in a sensible way (factors in volume as well as a weight of the credibility of the exchange, which itself would somehow have to be communicated by the stakeholders to the delegates who actually set the weights in their scripts), what would be the issue if all 101 delegates use that one script? Is it a concern of putting all eggs in one basket in which a vulnerability found in the script could be exploited by whales manipulating the market in clever ways (I can't imagine the scripts are that complicated that we wouldn't quickly find nearly all of these vulnerability if we had many eyes looking at it). Or are you arguing for security through obscurity?

I think even if all 101 delegates were runnning that single uber script we would still have better security than if only 86 are running multiple scripts. For example, if 49 delegates were to collude to run a different script to, for example, profit from unfair margin calls, they would be able to seriously manipulate the median price in the BitUSD market right now. But if all 101 delegates were providing feeds (even if was through the same script), then that attack by the 49 colluding delegates would not be possible.

All of this isn't to say that I want the reduced stakeholder pressure from you providing feeds through alt or xeroc's script to prevent you from making your own awesome script.  :)

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
I'll publish feeds when I get around to making a UNIQUE feed script. Running another copy of alt's or xeroc's scripts adds no extra security (negative security due to false perceived security?) but makes me feel "done" with that task.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline btswildpig

  • Hero Member
  • *****
  • Posts: 1424
    • View Profile
Talked to Stan , he said no legal concerns involved  . He will push them to publish feeds .
这个是私人账号,表达的一切言论均不代表任何团队和任何人。This is my personal account , anything I said with this account will be my opinion alone and has nothing to do with any group.