Hacker News new | ask | show | jobs
by crystaln 4496 days ago
"Some exchanges were in fact completely unaffected, revealing as false Gox’s claims that this was a bug in bitcoin."

This reveals a lack of objectivity here. There IS a bug in bitcoin. There are workarounds, and some exchanges implemented those properly.

Of course, MtGox should have followed best practices and implemented a workaround, but the above sentence is - on its face - flawed and biased. The fact that some exchanges were immune to the bug does NOT mean that bitcoin bears no fault or that Gox's claims are false. This was and is, in fact, an acknowledged and widely known bug in bitcoin.
1 comments
davidw 4496 days ago
I'm inclined to agree with cperciva, who is no slouch with security stuff: https://news.ycombinator.com/item?id=7289273
link
crystaln 4496 days ago
The statement is inherently flawed, regardless of its source. Because some exchanges were unaffected does not mean that MtGox was not affected, and the statement itself implies that other exchanges were affected which would be evidence in MtGox' favor.

I'm not saying MtGox was not incredibly incompetent, however nobody is helped by this false defensiveness over a very serious and clear bug in bitcoin that seems to have affected at least a few exchanges.

Regardless of MtGox' incompetence, this IS a serious bug in bitcoin for which a workaround is required, and without which a bitcoin theft is possible.

link
eliasmacpherson 4496 days ago
If this implementation is bugged:

http://blog.magicaltux.net/2010/06/27/php-can-do-anything-wh...

then is ssh broken?

link
crystaln 4496 days ago
Please state your point rather than providing just a link. I don't know what you are trying to say.
link
seabee 4496 days ago
That a bug in one implementation does not imply a bug in the protocol.
link
crystaln 4496 days ago
I didn't say there was a bug in the protocol.

There is a bug in the REFERENCE implementation, which is used by almost every exchange. And one criticism of MtGox was that they used a custom version of the reference implementation, and should have used the standard one. You can't have it both ways.

link
hoggle 4496 days ago
Listening to Andreas, it sounds more like a feature than a bug and that's also why it hasn't been "fixed" since 2011 - organizations introducing blockchain technology into their stacks should know about that and develop work-arounds:

https://soundcloud.com/mindtomatter/e85-mtgox-and-malleabili...

link