I know everyone is gleefully using the failure of three poorly-coded Bitcoin exchanges to crow about the many wonders of regulations.
However, has anyone stopped to ask why so many exchanges are poorly-coded? No, it's not because everyone in Bitcoin adores PHP. I've met some of the most capable coders among cryptocurrency enthusiasts. Go check out Conformal's btcd, or any of Jeff Garzik or Warren Togami's projects, or the amazing talents of the Bitcoin core dev team. (If you decide to denigrate the abilities of any of these Bitcoin/cryptocurrency developers in a response, please be sure to include a link to your own github)
No, it's not because there's no talent. Rather, it's because nobody who is competent in the Bitcoin world is willing to risk their hides or the welfare of their families on something they know the authorities will eventually crack down on. You see, competent people actually learn about the space, and the relevant regulations before jumping in. And they understand that -- absent several million in start-up funding -- there is no way to legally open an exchange at this point.
So by process of elimination, the only ones left to open exchanges are either scammers, or ignorant, incompetent coders who can barely code up a PHP site, or a very few brave, mostly-competent individuals who have the money and lawyers to at least (hopefully!) keep them out of jail when the inevitable crackdown occurs.
I know personally of several extremely competent entrepreneur-developers who have abandoned Bitcoin projects out of regulatory concerns. And I'm sure that's just a small sample.
So that's the reason for the prevalence of poor coders among Bitcoin exchanges. Your solution to this problem will of course be a function of your worldview.
My suspicion is that simply removing barriers to entry for more cautious folks would not effectively resolve this sort of problem. Methodical people who take their time in engineering ironclad software systems backed by rock-solid accounting practices don't get first mover advantage, and they might not have bottom lines capable of supporting the kind of fee structures that would allow them to compete effectively with faster, sloppier businesses.
An unstated major premise of the "wonders of regulations" argument is that regulations exist because sometimes the hand of government is needed to handle situations where the invisible hand is a demonstrable failure.
Perhaps, in the case of the most cautious developers. But right now, I'd be happy with just competent developers.
And to me, at least, it's pretty clear why competent, responsible developers are not participating in this space -- we're too frightened by possible government sanctions.
it's pretty clear why competent, responsible developers are not participating in this space -- we're too frightened by possible government sanctions
Where's 'rayiner? He'll love this.
Writing bitcoin software is like writing crypto. You need to get it exactly right.
But instead of starting with a spec written down that the crypto community tears to pieces, instead the developers eat their own dogfood. No, change that: they build critical infrastructure out of their own dogfood. All before it's ever been vetted by the really smart people.
I'd say competent people don't write Bitcoin marketplaces that handle real money for the same reason competent people don't write their own home-grown crypto and then make it a single-point-of-failure for their entire business.
The arrogance here is unfortunate. First, you start out with a remark reminiscent of a high school bully. Do you really need a co-conspirator to share in your attempt to ridicule someone?
Also, you're pretty uninformed about the history of Bitcoin. Satoshi did start with a spec, or at least a white paper (yes, the lack of a proper spec for Bitcoin has been a major problem). Satoshi presented the white paper to the cryptography e-mail list several months before releasing the software. He got some feedback at that time, and then he got significant feedback when upon his initial release, which he integrated into the protocol.
This list included many of the top cryptographers in the cryptocurrency space, including Hal Finney and Adam Back.
Finally, with the exception of the transaction malleability issue, the failures in exchanges have had nothing to do with cryptography, but rather with basic secure software development practices and architectures.
I'm talking about exchanges, not the protocol itself.
Every exchange seems to be a bespoke system and that is just begging for trouble.
They should publish their architecture, then publish their source code, and then make sure that smart people have tried as hard as they can to find all the weaknesses in their stuff, and then turn it into a business.
Of course, there are business reasons not to do that: someone else can use your verified source, someone else can get a first-mover advantage, you might not get the smart people to pay attention, you might not know when it's ever good enough, and (the more pernicious idea) is the worry that seeing the source will give the attackers ways of attacking your stuff.
They fail for the same reasons that secret crypto systems fail. I fully understand why they are doing it, but it's still doomed to failure.
Is it really just government sanctions? Or do regulatory cost and exposure to liability have something to do with it, too?
I think that in the USA at least, government sanctions are far from guaranteed - the courts have confirmed that BTC is a currency. What that means is that there is no longer a question of if you can legally start a Bitcoin exchange in the USA - it's a question of what hoops you have to jump through to do it. (And liability. . . I'm curious if the Flexcoin situation means we'll soon be finding whether a clickthrough EULA that says, "Not responsible for lost or stolen bank accounts" is enforceable.)
Now, perhaps the hurdles are prohibitively high. I'm more than willing to believe that's true. But if so, then you're being rather melodramatic to frame this in terms of "government sanctions". That makes it sound like people aren't doing it because they don't want to knowingly engage in illegal activity. It'd be more realistic to just say that competent people are staying out because the regulatory environment results in an excessive cost of doing business for anyone who wants to make sure they're operating on the up-and-up.
The hurdles may be high for a couple of guys in a garage, but since the US courts have agreed BTC is a currency, the hurdles are well known and well understood by existing players in the finance world. I suspect their reticence to get into BTC is a combination of limited customer interest, underworld associations (SilkRoad), and volatility. If those three things would go away (i.e. Lots of people want it to use for mundane things, and the price remains relatively stable) I'd bet Bank of America would be happy to get into BTC.
>It'd be more realistic to just say that competent people are staying out because the regulatory environment results in an excessive cost of doing business for anyone who wants to make sure they're operating on the up-and-up
That's exactly what I meant. Apologies if I made it sound like anything else. It costs millions to start up a money transmission business in all 50 states (like an online exchange would need to), and the federal government has been explicit that they consider a Bitcoin exchange a money transmitter.
> And to me, at least, it's pretty clear why competent, responsible developers are not participating in this space -- we're too frightened by possible government sanctions.
I don't think that's clear at all.
In fact I think bunderbunder has it right. Those who make the best products will require a large enough expense for formal design, implementation, secure hardware acquisition, physical security (i.e. no simply running your exchange on someone else's cloud without a lot of oversight), the works. This requires tons of time and resource investment.
Because if any part of that chain is improperly coded, designed, implemented, etc. it will eventually be exploited and you'll be no better than the Poloniex type exchanges of the world.
In the meantime there will be those "incompetent" developers you mention with a shipping product already on the market. And theirs will be much cheaper as they don't need to devote "Space Shuttle computer software" levels of development design and implementation effort. So you'll be both late to market and more expensive.
If you're talking about financial security here then you effectively need to be building a Bentley instead of a Pinto. But you'll be competing in that unregulated market with Pintos with a consumer base full of people willing to take the risk of driving in a Pinto instead of a Bentley they can't afford anyways.
And this has nothing to do with the government yet, either sanctions or regulations.
In fact this type of "tragedy of the commons" is exactly why there is government regulation. They help ameliorate the inevitable "race to the bottom" by artificially limiting where the bottom may be.
But government regulation probably won't help too much here since you can always run your exchange out of a country that doesn't care and people can make their transactions with whatever identity they wish.
Who knows, maybe the industry will self-create and self-adopt appropriate regulation as a market differentiator. But that still would open the question of who does the enforcement; if competitors discover their competition isn't actually following the regs then they'd be forced to "streamline" themselves and then the whole thing goes to pot again.
But here's where I disagree with you: it costs literally millions of dollars to get the needed state money licenses to legally operate a Bitcoin exchange[1]. FinCEN has been very explicit that they consider Bitcoin exchanges to be money transmitters.
So those millions are money that could go toward building the infrastructure you describe. Bitcoin companies like Coinbase who have finished their Series A have to spend their runway on licenses instead of developers or infrastructure.
It's a huge problem, whether or not people are willing to admit it.
But thank you for arguing in a rational and non-bullying/non-contemptuous manner.
Well as long as the cost is fairly applied to new entrants then I don't see that as being problematic per se (as after all, any new entrant will have to deal with the same selectivity). In fact that's practically the point, to ensure that the "fly by night" Bitcoin exchange shops that couldn't survive a theft of 50 Bitcoins without going under don't actually make it into legit business.
Yes, this is unfortunate for those devs out there who could solve the problem of making a good Bitcoin exchange if only the cost-of-entry were cheaper, but that happens in tons of other industries too (and not always due to the government), and it already has an answer.
I think deposit insurance is a better solution to the problem. Part of underwriting Bitcoin deposit insurance would be a code and design review and proof of reserves etc, and it would also allow reimbursement if it does get hacked.
For whatever reason, decentralised cryptocurrencies seem to be a very polarized subject.
As somebody in the financial markets regulatory space, your comment aligns with my own thoughts - there is a middle-ground: a balanced but essentially prudent view of Bitcoin and altcoins that is seldom seen in these threads full of naive ideals and cynical strawmen.
Another aspect of this middle-ground viewpoint: both of these polarized sides seem to be focused exclusively on fully automated Bitcoin-based systems. I find this highly unlikely.
If Bitcoin-based systems do become popular, there is no reason to imagine they won't involve some human (e.g. back office settlement systems with STP rules, payment tests and 4-eye reviews of breaches) and legal elements (e.g. declare your BTC addresses to your government tax office, KYC/AML compliance for exchanges, etc.) to solve certain problems that have been in the news lately.
However, has anyone stopped to ask why so many exchanges are poorly-coded? No, it's not because everyone in Bitcoin adores PHP. I've met some of the most capable coders among cryptocurrency enthusiasts. Go check out Conformal's btcd, or any of Jeff Garzik or Warren Togami's projects, or the amazing talents of the Bitcoin core dev team. (If you decide to denigrate the abilities of any of these Bitcoin/cryptocurrency developers in a response, please be sure to include a link to your own github)
No, it's not because there's no talent. Rather, it's because nobody who is competent in the Bitcoin world is willing to risk their hides or the welfare of their families on something they know the authorities will eventually crack down on. You see, competent people actually learn about the space, and the relevant regulations before jumping in. And they understand that -- absent several million in start-up funding -- there is no way to legally open an exchange at this point.
So by process of elimination, the only ones left to open exchanges are either scammers, or ignorant, incompetent coders who can barely code up a PHP site, or a very few brave, mostly-competent individuals who have the money and lawyers to at least (hopefully!) keep them out of jail when the inevitable crackdown occurs.
I know personally of several extremely competent entrepreneur-developers who have abandoned Bitcoin projects out of regulatory concerns. And I'm sure that's just a small sample.
So that's the reason for the prevalence of poor coders among Bitcoin exchanges. Your solution to this problem will of course be a function of your worldview.