Guys, there is a simple legit way to generate interest on Bitcoin without risk: borrowing it for shorting.

The bank borrows 100 BTC to some party for a month for 3 BTC. It gives 2.5 BTC to the person depositing the BTC and keeps 0.5 BTC as fee.

Sombody wants to short BTC. It borrows 100 BTC, paying 3 BTC for this privilege to the bank. It sells the 100 BTC. One month later it buys the BTC back (hopefully for a lower price) and gives it back to the bank. The profit covers the commission.

The central banks do this with gold for example, earning interest with zero risk. This assumes no counter-party risk, but this is what contracts are for. Of course, in Bitcoin world everything flies, no contracts needed

He could do a partial rollback. Again, nothing forces him to treat all of it's members equally. He could give whatever money he has back to the "investors" in whatever order he pleases. Regulated financial entities, like brokers, are bound to follow certain rules which force them to treat clients equally. For example, my Forex broker is not allowed to quote different prices to different clients at one moment in time. Everybody must get the same price. Mt. Gox is not under this obligation for example. I'm not saying that he messes with the price, probably he doesn't, that would be very obvious.

What I'm saying is that Mt. Gox is not regulated like a bank or like a stock/forex dealer. The normal protections that are in place at these entities are not applicable to Mt. Gox. He is under no legal obligation to behave in fair ways. BTW, brokers are forced by regulators to keep large amount of cash with third parties OUTSIDE their reach, just in case shit like this happens. For example all US forex dealers are required to deposit $21 mil USD as guarantee in case something goes wrong.

I had to sign 60-page contracts with my Forex brokers. Everything is mentioned in there, including the fact that the take ownership of the money that I send, that I can get it back under certain circumstances, that they will buy currencies on my behalf, what happens in case something goes wrong, ....

While Mt. Gox couldn't probably just take the money, there is nothing preventing him doing a rollback for example, or canceling whatever order he wants, including ones before the hack. For example, if in your account lifetime you only sent 1000 USD to your account, then by trading bitcoins you grow your account to 10000 USD, he could just say that he owns you only the original 1000 USD you sent to him, that everything else was a game. You couldn't do nothing in that case.

Ok, now that everybody agrees that I'm a moron regarding the JSON, any comments of my pictures requests?

BTW, I'm gigi, a programmer with 30 years experience in coding financial systems, great business development skills, and was CEO of a major investment bank for 10 years. Trust me, because I say so on the Internets. (check the "TradeHill - Who we are" thread if you don't get it)

What about the other numbers which are integers?

I deal with a lot of Forex sites, they list the quotes as numbers - http://rates.fxcm.com/RatesXML

The problem you are describing is real, and that is why the Decimal data type was invented (fixed point decimal, like you said).

Look at the way the JSON response from their API is formatted.

https://api.tradehill.com/API/USD/Trades
https://api.tradehill.com/API/USD/Orderbook

How it is (notice the " around values):

How it should be (notice the lack of " around values):

A senior level programmer would not make this trivial mistake. You do not send numbers out as strings. My firm wouldn't even hire for junior level the people who designed such a thing. The other exchanges at least format these responses correctly. And they still got hacked due to other vulnerabilities. How can I trust the security of a site dealing with money, when they can't get basic stuff like JSON right?

I noticed this since I started logging their prices (for historical purposes), but I feel compelled to point it out now since there is lot of talk about how "professional" they are and due to the attack people started searching for Mt Gox alternatives.

What I would like to see is for TradeHill to post pictures of their faces, their offices, their infrastructure, each one of them including the secure timestamp from a Financial Times copy.

Cryptographic secure timestamp:
http://upload.wikimedia.org/wikipedia/en/6/6c/Guardtime_timestamping_newspaper_publication.png

I can prove that at least some of the programmers from TradeHill are amateurs.

But I can't post in the main forum since I'm a newbie. I wanted to be a nice person and warn you, but you make me jumps through hoops. If you don't want my input, fine, whatever.

BTW, I "logged" many hours browsing these forums as a Guest (not logged in) in the last months.

@nodemaster: No, I'm not talking about copyright infringement, but of illegal content (ie: which you are not legally allowed to have possession of).

Situation 1: You are a web-hosting firm. One day, somebody notifies you that one of the files that is hosted on your servers is actually an encrypted file which can be decrypted using BestCrypt with the password "nasty" and if you do that you will get access to illegal content. Are you required to check, notify the authorities and delete the file? The mail in which you were informed is equivalent with clicking Report Abuse on Youtube - you are required to investigate to avoid legal problems.

Situation 2: You are hosting an ISO image of some Linux distribution. Like someone said here, using a large enough XOR key you can make that into anything. The relevant question is where exactly is the illegal content - in the ISO file or in the application with the XOR key? If you can prove that the illegal question is in the ISO file, that ISO file is illegal and must be deleted.

The fact that you have to go through a process to access the content (download Bitcoin blocks, run this software using this password) is not relevant. Think about this: everybody would be doing this if you could get away with this. Illegal content stored on secret Internet sites with complicated access protocols (port knocking) and multiple layers of encryption is still illegal.

To the previous post: no, your code is illegal if contains a XOR pattern (or something else) which is actually an encoded representation of illegal information.

EDIT: Don't forget that forensics/cryptography experts can be brought in to determine exactly where the illegal content is. The judge doesn't need to understand cryptography.

I work in a large US software company which deals with UGC (user generated content).

Illegal content is serious shit. We have systems which MOVE the illegal data when we find it to non-production machines. We are also required to notify the authorities. The authorities come and potentially REMOVE THE HARD DRIVES with the illegal data. If we don't move the data off the production machines, they have the authority to shut them down and/or seize them.

Not removing illegal content that you are aware of is very serious.

That wouldn't be as easy as you said. You would need to create an account on two different exchanges (one in each country), and you would be exposed to bitcoin value fluctuations between steps 2-4.

BTW, it won't be long before exchanges will start requiring ID.

What's the allowed rate to poll MtGox API?

My software accesses it once a minute, to record the quotes and the book. Is that too frequent?

In the last week the API (and the site) was down for me for tens of hours at a time. Could it be that I was banned?

BTW, it would be nice if you would record and make historical prices and book info available.