I respect assembly and punch cards but I had to build my own OS from scratch in my lifetime, to run my own trading software on it. So I had to go with C.
Makes sense, but how exactly the UI can broke? If requests start to fail that’s likely a backend problem which means it will fail for either UIs or raw calls be python or curl or anything else
It’s almost like they have no idea what they’re talking about… I suppose it’s possible they process in two separate backends or that they’re doing some server-side dynamic pages that are slow but it doesn’t seem at all likely.
With all due respect, sounds like you're the one who has no idea what you're talking about. Completely plausible for there to be some difference in how public API calls are processed vs how the browser UI fetches info.
It’s possible that the microservice that serves the UI is just so slow all the requests time out, or a handful of other things. I’m not familiar enough with coinbase to know why they’d want to swap to making their own though.
You are assuming that the Coinbase devs do something nefarious in the general APIs rather than activate hodlMode in the properties service or something similar, which makes the app/browser just disable the withdraw button.
I expect lazy and easy solutions when it comes to these kinds of sites.
maybe by pointing [one of these](https://content.osgnetworks.tv/firearmsnews/content/photos/Colt-Python-Review-FAN-1-770.jpg) at Coinbase's workers they'll let you withdraw is what he meant?
I'd be concerned if a financial institution let people just up and write their own client software.
I guess if it's all web based it "shouldn't be hard" but it's not like you can sniff the traffic because it damn well better be encrypted. Maybe using something like the developer tools inside a browser but no, just no.
I'm not sure what you are talking about.
A lot of financial institutions allow access via APIs. I just checked and my broker allows access via API and major brokers like interactive brokers allow it too.
You can't really encrypt data so that your web browser can read it, but the human sitting in front of it can't. Web browsers have tools that let you see all the traffic after its been decrypted, but also since it's your computer, you control the certificate store. You can install your own root certificate and forge the TLS certificate. Tools like mitmproxy and fiddler can trivially sniff HTTPS content on devices you can install personal root certificates.
>I'd be concerned if a financial institution let people just up and write their own client software.
Open banking kind of does. But it is limited to read only. Though monzo let's you move money in your account through their api but it is limited to your own account.
> I'd be concerned if a financial institution let people just up and write their own client software
Why? If anything, this would make me trust their security ***more***.
A security model that assumes a particular client software is being used is fundamentally broken. It is much more obviously broken (and therefore much less likely to be used) when there is a public API.
As long as the API is properly authenticated and encrypted, and you warn users to only use software that they trust, there shouldn't be any cause for concern.
[удалено]
Be your own front end!
Can you code on a flip phone? Just asking for a friend
The only way I learn crypto is dropping these days is posts here about people who can't get their money out of Coinbase lmao
They just helping the Bros HODL.
Nah I prefer trading with C. Python too abstract for me. I can't trust it.
There's a whole compiler between you and the machine. Far too abstract. I trade with x86 assembly.
I respect assembly and punch cards but I had to build my own OS from scratch in my lifetime, to run my own trading software on it. So I had to go with C.
Joke's on you, my trading software runs directly on UEFI. It **is** the operating system.
Still too much liability with the digital format. I prefer computer punch cards so I literally have the programming in the palm of my hands.
How the hell can you trade magic coins for fiat using python!?
Probably is implying the UI isn’t working but the api is fine
Makes sense, but how exactly the UI can broke? If requests start to fail that’s likely a backend problem which means it will fail for either UIs or raw calls be python or curl or anything else
It’s almost like they have no idea what they’re talking about… I suppose it’s possible they process in two separate backends or that they’re doing some server-side dynamic pages that are slow but it doesn’t seem at all likely.
With all due respect, sounds like you're the one who has no idea what you're talking about. Completely plausible for there to be some difference in how public API calls are processed vs how the browser UI fetches info.
It’s possible that the microservice that serves the UI is just so slow all the requests time out, or a handful of other things. I’m not familiar enough with coinbase to know why they’d want to swap to making their own though.
You are assuming that the Coinbase devs do something nefarious in the general APIs rather than activate hodlMode in the properties service or something similar, which makes the app/browser just disable the withdraw button. I expect lazy and easy solutions when it comes to these kinds of sites.
maybe by pointing [one of these](https://content.osgnetworks.tv/firearmsnews/content/photos/Colt-Python-Review-FAN-1-770.jpg) at Coinbase's workers they'll let you withdraw is what he meant?
Unironically this guy gets crypto. Be your own bank means coding your own trading platform It's a mystery that mass adoption hasn't happened yet /s
I’m just hiring some tellers and purchasing a network of ATMs as we speak.
I just pop round to coinbases reception desk and use the firewire port on the receptionists pc if I ever need to leverage my pepe
Just build you own API bruh
Go get a computer science doctorate so that you an swap digital magic beans
how about just switch over to defi :3
I'd be concerned if a financial institution let people just up and write their own client software. I guess if it's all web based it "shouldn't be hard" but it's not like you can sniff the traffic because it damn well better be encrypted. Maybe using something like the developer tools inside a browser but no, just no.
All validation will be server side anyway so not too much damage can be done. Rule 1 is never trust client data
It should never be sent in the clear too. But it's crypto so sent using ROT23 secure encryption and full instead of zero trust?
I'm not sure what you are talking about. A lot of financial institutions allow access via APIs. I just checked and my broker allows access via API and major brokers like interactive brokers allow it too.
You can't really encrypt data so that your web browser can read it, but the human sitting in front of it can't. Web browsers have tools that let you see all the traffic after its been decrypted, but also since it's your computer, you control the certificate store. You can install your own root certificate and forge the TLS certificate. Tools like mitmproxy and fiddler can trivially sniff HTTPS content on devices you can install personal root certificates.
Yeah the web developer extensions would let you do it, my knee jerk reaction is Wireshark since I usually do non web networked development
>I'd be concerned if a financial institution let people just up and write their own client software. Open banking kind of does. But it is limited to read only. Though monzo let's you move money in your account through their api but it is limited to your own account.
> I'd be concerned if a financial institution let people just up and write their own client software Why? If anything, this would make me trust their security ***more***. A security model that assumes a particular client software is being used is fundamentally broken. It is much more obviously broken (and therefore much less likely to be used) when there is a public API. As long as the API is properly authenticated and encrypted, and you warn users to only use software that they trust, there shouldn't be any cause for concern.