[ANN] Metaexchange.info bitBTC gateway, soft launch

[monsterer]

Seems to be working ok now. Weird, I did confirm the certificate fingerprint as I'm accessing through Tor. Even though a misbehaving/malicious exit node is rare in my experience, it can happen.

Did you change anything server side just now?

No, nothing changed.

SSH is protected by denyhosts.

I guess it's no big deal as you're not holding funds.

Security is always a concern, I take these things seriously, regardless of the fact that we don't hold funds. I don't lock SSH to one IP address because I like to work in different places around town. denyhosts prevents anyone not on my ip whitelist from failing to login more than twice.

End result is the same though, have to reuse an address if I want to send funds to the same account >1 time.


So far it seems to be working fine, bitBTC have been credited. Good job!

You're welcome.

[karnal]

I'm showing no such certificate errors in chrome - what version/platform are you testing on?

Seems to be working ok now. Weird, I did confirm the certificate fingerprint as I'm accessing through Tor. Even though a misbehaving/malicious exit node is rare in my experience, it can happen.

Did you change anything server side just now?

SSH is protected by denyhosts.

I guess it's no big deal as you're not holding funds.

Something else, the deposit address seems to be a function of the bitshares account name.

Deposit address is reusable for multiple deposits to the same market, and is not a function of account name, it is randomly generated.

Thanks for testing, though

End result is the same though, have to reuse an address if I want to send funds to the same account >1 time.


So far it seems to be working fine, bitBTC have been credited. Good job!

[monsterer]

The encryption is too weak. You are using TLS 1.0 and with chrome it negotiated AES_128_CBC, with SHA1.

Use TLSv1.2 and at least SHA256 for hashing. Use ephemeral DH.

Also, at least on chrome, the certificate shows as invalid. You probably forgot to include the certificate chain.
No problems on firefox (and yeah, I confirmed the fingerprint, it's not a mitm).

Also, your SSH port is open to the world which is usually not necessary.


As for the service proper, I'll let you know. Just sent a small amount to test.

I'm showing no such certificate errors in chrome - what version/platform are you testing on?

SSH is protected by denyhosts.

Something else, the deposit address seems to be a function of the bitshares account name.

Deposit address is reusable for multiple deposits to the same market, and is not a function of account name, it is randomly generated.

Thanks for testing, though

[karnal]

Something else, the deposit address seems to be a function of the bitshares account name.

Reusing addresses in bitcoin severely compromises privacy. Please consider changing this part of the system.


On a side note, good catch on detecting whether a bitshares account is really registered or not before accepting it.

[karnal]

The encryption is too weak. You are using TLS 1.0 and with chrome it negotiated AES_128_CBC, with SHA1.

Use TLSv1.2 and at least SHA256 for hashing. Use ephemeral DH.

Also, at least on chrome, the certificate shows as invalid. You probably forgot to include the certificate chain.
No problems on firefox (and yeah, I confirmed the fingerprint, it's not a mitm).

Also, your SSH port is open to the world which is usually not necessary.


As for the service proper, I'll let you know. Just sent a small amount to test.

[lafona]

Used this a little while ago to get some bitBTC. I was surprised at how fast it was. Its nice being able to convert btc->bts without having to go through a centralized exchange. Awesome!

[monsterer]

Got the message, we're back up again

[Shentist]

Is the exchange working?  I'm not seeing any value / amounts?

Maximum BTC per transaction

thanks for the information.  i informed Paul, but probably he is still sleeping -  to early in Europe.

[jz831]

Is the exchange working?  I'm not seeing any value / amounts?

Maximum BTC per transaction

[Shentist]

BTER hacked! Terrible news, but this makes our mission much stronger.

Try our bridge today and give us feedback.

We strongly believe that it is important to minimize 3rd party risk as much as possible, so we are holding your funds only for a couple of seconds. To be true, anyone could or will be hacked, so you want to less exposed to this kind off risks as possible.

Today monsterer updated the site:

- we are now providing https
- API documentation are now available

We are slowly increasing the available volumen and will for the next step will add more trading pairs!

metaexchange.info

[Shentist]

we are slowling increasing the transfer limits, so try metaexchange.info and let us know if we can improve something.

[monsterer]

FYI until now my status is always down
nothing changed the last days...

Thanks for the heads up - just fixed the display bug

[Shentist]

Service status: Down
http://metaexchange.info/
?

The site polls the deamon to get it's active status, but due to RPC calls lagging by over 30 seconds sometimes, there can be a big delay which causes the daemon to look like its gone down to the site. I'll have to increase the time it waits before declaring man overboard!

FYI until now my status is always down
nothing changed the last days...

at work i have the same issue, maybe because of a firewall?

service is "green" and running.

[liondani]

Service status: Down
http://metaexchange.info/
?

The site polls the deamon to get it's active status, but due to RPC calls lagging by over 30 seconds sometimes, there can be a big delay which causes the daemon to look like its gone down to the site. I'll have to increase the time it waits before declaring man overboard!

FYI until now my status is always down
nothing changed the last days...

[monsterer]

Why is the bitBTC -> BTC rate higher than the other way round?
Woudn't it make more 'sense' marketing-wise to flip that rates?

The rate is adjusted to account for the bias in our holdings - simple inventory management