The many ways available for talking to MPEx

Thursday, 14 March, Year 5 d.Tr. | Author: Mircea Popescu

I was saying recently that

At the end of the day, MPEx finds itself in a much better position to withstand similar attacks in the future (not similar in size, similar in type, irrespective of size).

This perhaps merits some detail. Let us examine an irc session together :

mircea_popescu !help
assbot List of commands:
assbot !ticker (desc: returns current ticker values, supported: MPEX, HAVELOCK, BTCTCO)
assbot !mp (desc: returns the response from MPEX order)

mircea_popescu !ticker m s.mpoe
assbot [MPEX:S.MPOE] 1D: 0.00076706 / 0.00076706 / 0.00076706 (5000 shares, 3.84 BTC), 7D: 0.00067334 / 0.00074201 / 0.00076718 (903469 shares, 670.39 BTC), 30D: 0.00061614 / 0.00069343 / 0.00078628 (45613856 shares, 31,630.07 BTC)

mircea_popescu !mp http://dpaste.com/ijustmadethisup
assbot Processing.
assbot Response: http://dpaste.com/1022369/plain/

This bot allows one to trade. All you need to do is sign and encrypt your order, put it into dpaste.com, report that url to the bot and you're golden : it talks to MPEx and passes along the response in a dpaste.com plaintext. It also passes along information about any arbitrary ticker you specify, in the following format : minimum price during past 24 hours / volume-weightedi average price during past 24 hours / maximum price during past 24 hours. Same again then for one week and one month (thirty days).

mircea_popescu $help post
mpexbot mircea_popescu: (post ) -- Supply a pastebin paste key containing a signed and encrypted MPEx command. Respondes with a pastebin URL with MPEx's response.

mircea_popescu $help vwap
mpexbot mircea_popescu: (vwap []) -- Returns a pastebin link with all available market data, excepting depth. If an MPSIC is specified, returns only the data relevant to that MPSIC in IRC.

mircea_popescu $help depth
mpexbot mircea_popescu: (depth []) -- Returns the full market depth. If an MPSIC is specified, returns only the depth of the specified MPSIC in IRC.

mircea_popescu $post qU4hTtcP
mpexbot mircea_popescu: http://pastebin.com/fyMWzm04

mircea_popescu $vwap O.BTCUSD.P750T
mpexbot mircea_popescu: {u'7d': {u'cnt': u'5', u'min': u'79079695', u'max': u'90144085', u'vsa': u'216644138243', u'vsh': u'2408', u'avg': u'89968495.9481'}, u'30d': {u'cnt': u'33', u'min': u'79079695', u'max': u'153153505', u'vsa': u'3065600173348', u'vsh': u'28783', u'avg': u'106507319.367'}, u'1d': {u'cnt': u'', u'min': u'', u'max': u'', u'vsa': u'', u'vsh': u'', u'avg': u''}}

mircea_popescu $depth S.BBET
mpexbot mircea_popescu: Bids: ['300 @ 150000', '500 @ 140000', '1000 @ 130000', '1000 @ 120010', '5000 @ 120000']
mpexbot mircea_popescu: Asks: ['300 @ 181000', '500 @ 183000', '1000 @ 185000', '3000 @ 190000', '2210 @ 197000']ii

mircea_popescu $proxies
mpexbot mircea_popescu: ["http://mpex.co", "http://mpex.ws", "http://mpex.bz", "http://mpex.coinbr.com", "http://mpex6.coinbr.com"]iii

This is a secondary bot with roughly the same capabilities. It runs on different hardware and reports his data slightly differently (using pastebin.com instead of dpaste.com, also different format for the volume-weighted average price and market depth reports). Importantly, it contains the official list of active MPEx proxies.

This covers the bots. One doesn't obviously need to talk to the bots to trade : MPEx websites (mpex.co, mpex.ws, mpex.bz) are available, as well as Coinbr's proxy and others.

Now that we've documented our options, let's do two things toghether.

First, let's walk the earth in the shoes of a disaster survivor. A bomb of some sort just hit and you would like to interact with MPEx.

If you are using something like the Ruby client, which is bot-aware, you don't need to do anything in particular, it'll just do it for you.iv If you're old school and actually hand-craftv your orders you'll need a website to stuff that result into. Well... if stumped irc is just a click away, and $proxies is just a single magic word.

That's all. Google filtering results ? MPEx user not affected. DDoS attack ? MPEx user not affected. DNS storm ? MPEx user not affected. ISP ban, government ban, corporate firewall ? MPEx user not affected. Enjoy the future, for it is nao.

Second, let's walk the earth in the shoes of a disaster maker.

So you wanna do the juju to MPEx, aaaaite ? Because maffs and stuffs, aaaite ? What can you do ? But to cause real trooble an' havok man, right ?!

Well... not so much. MPEx currently runs three machines that are superfast 32 core e5-2650s with 64 Gb RAM and 6 SSDsvi in RAID 10 arrangements fed by a 10 GBit dedicated pipe.vii

What can you do ? Take them out, I'm sure! Suppose you can manage that, and also take out all the proxies. TAKE OUT ALL THE PROXIES!!!viii So... what now ?

The trade engine is still up, and trade is still going through, as proven during the past week. Take out the irc bots ? Sure, by all means. Looky here :

mircea_popescu ;;ident assbot
gribble Nick 'assbot', with hostmask 'assbot!~assbot@unaffiliated/kakobrekla/bot/assbot', is not identified.
mircea_popescu ;;ident mpexbot
gribble Nick 'mpexbot', with hostmask 'mpexbot!~supybot@unaffiliated/smickles/bot/mpexbot', is not identified.

What exactly are you going to hit ? A Freenode server somewhere ? There's plenty more. All Freenode servers ? There's other irc networks out there. The bots stay, and trade goes through. It will happen at the cost of some inconvenience for those users that haven't fully upgraded their connectivity to MPEx, and for that I am thankful. You're giving my userbase an incentive to upgrade, what more could I wish for!

So... what are you going to do, hm ?

mpex-attacker-at-work

———
  1. All weighting done by actual BTC volume. []
  2. Note that only a few results close to midmarket are returned. []
  3. Does this start sounding a lot like botnet herding stuff to you ? Good. We fight fire with overpoweringly more fire around these here parts. []
  4. mpex_droidAlso available or coming soon :

    • a different, OpenGl-based GUI being worked on by smickles which showed some pretty promising screenshots so far (right)
    • jurov's MPExAgent which is based on the older workhorse pyMPEx
    • mod6 is also still working on a full Perl implementation (BitOtter) which aims for entreprise-class key security

    As you can see the state of the ecosystem is pretty Cambrian. []

  5. Perhaps something like

      echo -n 'STAT' | gpg --clearsign | gpg --encrypt --armor -r CFE0F3E1

    []

  6. SSDSA2SH064G1GC []
  7. According to their last published report MtGox runs on two quad-8 Core CPU machines with 96 GB of RAM and 600 GB worth of Raid 1, fed by dual 1 Gbit pipes, which makes MPEx marginally better equipped if they've not significantly upgraded since then. []
  8. Including the EC2 ones, right ? And all the secret ones too, even the ones that aren't published anywhere. Cool. []
Category: MPEx
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

11 Responses

  1. Mircea Popescu`s avatar
    1
    Mircea Popescu 
    Thursday, 14 March 2013

    (The picture doesn't have a source because it comes from a meanwhile abandoned wordpress blog which listed as its source a yahoo article which has been meanwhile deleted. Because yahoo sucks and a year is too long.)

  2. Tineye says http://commons.wikimedia.org/wiki/File:Waaah!.jpg

  3. Mircea Popescu`s avatar
    3
    Mircea Popescu 
    Thursday, 14 March 2013

    A noa deci bun.

  4. Buna tigaie.

  5. Mircea Popescu`s avatar
    5
    Mircea Popescu 
    Saturday, 16 March 2013

    Lol ok tarzanon.

  1. [...] MPEx - renting machines, bandwidth, administration etc - were negligible. This has changed with the March upgrade. We are currently running about $3`850 in monthly costs associated with hardware, bandwidth and [...]

  2. [...] GLBSE "asset" of some anonymous "tawsix". [↩]What's so hard about saying "and we shall buy X Y Z" ? [↩]Yes, I know this apparently happens on S.MPOE. I humbly submit that I have no idea why, [...]

  3. [...] $vwap s.mpoe mpexbot mircea_popescu: S.MPOE 1 day: average: 0.00085721 high: 0.00086297 low: 0.00084891 volume: 1624150 [...]

  4. [...] blogger's independent webhost. This is not feasible (and we know this is not feasible because it's tested, not because we presume it would be, or it "sounds like" it would [...]

  5. [...] so what's one to do ? Obviously Read Teh Flamboyant Trilema is too much to ask, so let's start with something [...]

  6. [...] 02DD2D91 mircea_popescu sdffsd nothing ? mircea_popescu anyway, if you have trouble with websites use the irc bots. assbot The many ways available for talking to MPEx pe Trilema - Un blog de Mircea Popescu. empyex [...]

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.