Monday, November 24, 2014

RippleDex, a 100% Dart-powered Ripple experiment

The last three weeks, I have been working on a small experimental project to showcase both Ripple and Dart technology. I've been working on a Dart port of ripple-lib for several weeks and I wanted something to showcase it's current state of operation.

What does it do?

RippleDex is a service that monitors the Ripple network for value exchange. With this information, it tries to be an index for the currencies that are available inside Ripple. In the current state, currencies can onle be expressed in comparison to the native currency XRP and only XRP trades are considered for the calculation of the index. However, the plan is to extend the functionality and take all value exchanges into account.

How does it work?

The website itself has a page with a very brief explanation on the technology that is used to build RippleDex. It is 100% Dart-powered and since Dart is a fairly young language, it uses several experimental technologies. The code is hosted entirely on GitHub. The backend code runs on Google Compute Engine and is deployed using Docker. The website is hosted on GitHub pages and only serves static HTML pages that query the API.


The daemon that does the important work: monitoring all Ripple transaction in search for exchange of value. MongoDB is used to store the data. mongo_dart is a MongoDB driver for Dart that works surprisingly well. The main functionality here is the ripple-lib library that provides an easy-to-use stream of transactions. 
For those that know Ripple and wonder how to find value exchanges in the transaction feed, I've come up with the following strategy: Every Payment or OfferCreate transaction can delete or modify ledger entries of the type Offer. Whenever that happens, and only when that happens, two people did actually exchange currency. The actual exchange can be calculated from the PreviousFields and the FinalFields data from the transaction metadata.


As described on the website, the actual information endpoint is provided at The service is hosted on Google Compute Engine using the Dart server capabilities. There are currently two endpoints: a static gateways endpoint that has a list of known gateways (explained below) and the price endpoint that allows anyone to query the information gathered by the daemon.


An effort to maintain a list of known established gateways. First of all, this allows us to ignore irrelevant transactions. But furthermore, this information is required when we want to provide a gateway-generic currency index. Malicious gateways could manipulate the statistics, so a trusted list is necessary to create a generic index calculated over all gateways according to their weight in the transaction volume. The list is easy to interpret and all contributions are more than welcome. Changed to the list are automatically taken into account by both the daemon and the API.


In order to simplify the use of the API, both for other developers and for myself in the sample site, I've created some web components to interact with the API using nothing but HTML. The components are made with PolymerDart, but can be compiled to Javascript to be used in any website with a simple HTML import. 
Currently, I created two components, both of them are used in the homepage.

  • <rippledex-issue-selector>
    This component provides an input element to select a currency/issuer pair from the list of trusted gateways. It supports change events, defining a default issue, providing HTML to insert between the two selector menus and it can be styled using CSS and the shadow DOM selectors.
  • <rippledex-convert>
    Convert any issue into another one. It's as easy as that. Provide an amount, the issue this amount is in and a base issue, and the component will contain the converted value in the base amount. Currently issues must consist of a currency and an issuer, but I plan to add support for just currencies. That way, this element can replace any price-ticker on the net and it will be updated live from the Ripple network!


This helper package contains functionality used by both the daemon and the API packages. Nothing special, logger initialization, a MongoDB interface and several model classes.

Can we help?

What do you think? All help is always more than appreciated. 

What I imagine RippleDex to become is a widely-used price index for Ripple-related services. The fact that its development is this open, allows developers to put a lot of trust in the service. After all, there will be a community that can help fix issues as they occur. 
A gateway-generic price index is very useful for listing prices in the preferred currency of the users of your service.

What does still need to be done for RippleDex to become useful?

A ran into several issues while developing this project. Some of them small and trivial, some quite crucial for a useful service.
  • I suck at website design. I used a very basic Bootstrap UI that is so basic that it's not even worth to be called a UI. Someone with some experience with HTML design could really contribute at that part.
  • I could not get HTTPS to work. I bought a certificate for the domain, but I failed to get it up and running for the Dart server, even though Dart supports HTTPS. A lot of tutorials can be found for configuring existing web servers with SSL, but Dart is so new that I doubt that a lot people actually did it before.
    Concerning the homepage, GitHub is thinking about a way to allow users of GitHub pages for custom domains to support HTTPS. 
  • I don't know if (D)DoS or other load-related measures will become a problem, but we better be prepared. The service runs on Compute Engine, so it can always grow if performance becomes a problem. But more computers means a higher cost, so accepting donations or displaying ads might be a requirement in the future.
  • Currently only XRP exchanges are taken into account. This means that whenever two people exchange non-XRP currency for non-XRP currency, the exchange is ignored. There should be a way to take these transactions into account to create a global price index of an issue. I'll probably look into this more deeply in the future, but all suggestions are welcome.
So, if you find any of this interesting, consider pulling the code from GitHub and taking a look at it! At this point, this project is nothing more than a demonstration of the possibilities of Dart and Ripple, but with a little more work, it can grow into an actual useful service.

Friday, May 24, 2013

An open letter on transparency to Mt.Gox and other Bitcoin businesses

Dear Bitcoin business or Bitcoin user

In this open letter to all Bitcoin businesses and future businesses, I want to draw some attention to issues concerning transparency towards Bitcoin customers.
The main motive for writing this letter is my recent confrontation with extreme delays and unexpected fees at Mt.Gox.

Because there is little regulation in the world of Bitcoin it is hard for an individual to raise an issue when a Bitcoin business treats him in a way he finds unacceptable. The fact that the Bitcoin ecosystem is still very immature contributes to this problem as many businesses have no real competition and do not have to care very much about customer satisfaction.
However, this situation signals to the outside world that the Bitcoin world is one in which the managing few of miners and exchanges make profit from the regular users. Doesn't this situation very much remind us of the current economic system in which banks are the managing few and we all are the regular users? Isn't it one of Bitcoin's primary incentives to do away with this situation?

For this reason, I think it is important, for Bitcoin to be successful, that the whole Bitcoin ecosystem and particularly the big businesses treat their customers in an honest and transparent manner.

Specifically, transparency should be met at several areas:
  • Be transparent about fees.
    • Create a dedicated page listing all fees your customers can get involved with.
    • Remind users about fees the moment before they take an action on which the fee will be applied.
  • Be transparent about lock-ins.
    • If deposits cannot be withdrawn afterwards warn your customers before they do.
    • Also, if there are withdrawal limits, inform your customers before they deposit.
  • Be transparent about delays.
    • Try to approximate deposit and withdrawal delays as accurately as possible and advertise them to your customers before they perform an action.
    • If delays are long, explaining why they are can make a customer decide to accept the delay.
  • Be transparent about security.
    • For eWallet services, communicate how you secure the bitcoins you hold from your customers. What fraction is held in hot storage?
    • Communicate what technology is used to secure the hot storage bitcoins and customer data on your servers.
    • Most customers prefer large withdrawals to take a little longer above a higher hot storage amount. If you don't have the resources for the best security solutions, try to avoid hot storage of bitcoins.
To make these suggestions a little more concrete, you can find two examples attached to this letter that show what transparency means and what not.

I believe we all want Bitcoin to be successful. It's a beautiful example of what globalization can achieve and it has the potential to change the whole world's economic system. For the better.

Due to the decentralized nature of Bitcoin, which is of course also one of its greater strengths, no one has ultimate responsibility on the way Bitcoin is represented to the outside world.
Instead, we all have. Especially the businesses, developers and advocates that are closely involved with the Bitcoin ecosystem. You are the ones new users and new businesses will come to when questions arise regarding the thrustworthyness and reliability of Bitcoin as a currency.
We are all together responsible for the success of Bitcoin.

That being said, I hope my suggestions will be conceived as helpful feedback to make your products more consumer-friendly and transparent and not as an accusation of intended withholding of information from users, which is of course not the case for most services that lack a certain level of transparency.



To proof that the current state of some big Bitcoin businesses is not as it should be, I'd like to take Mt.Gox as an example. I made this choice because of  recent  personal experiences with them. Of course not only Mt.Gox, but many other Bitcoin exchanges are vague about fees and delays as well.
Then, because Bitcoin does not only have businesses that should improve their transparency, I'd like to use BitPay as an example of a company that already is as transparent as wel want every company to be.


  • Mt.Gox has a fee schedule. However, it only includes trading fees. No mentions about deposit/withdrawal fees.
  • On their FAQ page, they have a section about deposits and withdrawals. 
    • Note that they initially mention for SEPA transfers:
      "SEPA Euro transfers (WITHIN 1 business day - NO FEE)"
    • A little bit lower, there is a section about SEPA transfers specific, mentioning the following:
      "Deposits incur a fee of up to 10 PLN."

      "Withdrawals come with a 1% fee with minimum of 5.5 PLN"
    It is clear that this information is contradictory and even misleading as the initial statement is just false. Also, why would all European customers have to get fees in PLN, the Polish currency. Isn't SEPA all about using the Euro all across Europe? I did both a SEPA deposit and a SEPA withdrawal at Mt.Gox, both times I was charged with an unexpected fee.
  • On the page to initiate a SEPA deposit, the following paragraph mentions fees:
    "If you have a European bank account you can send a SEPA direct deposit IN EURO to our european account, free of transfer charges (this excludes the receiving fee charged by our bank). Our bank charges up to 10 PLN for receiving deposits."
    If the fee charged by Mt.Gox bank is deducted from the customer's deposit amount, then it should be counted among "transfer charges".
  • While adding a new withdrawal method for SEPA transfers, during the process, on the validation page where you have to confirm the entered information is correct, you get a small and quick notice about the fee involved for withdrawing that is very easy to miss:
    "Euro transfers include a 1% fee with minimum of 5.5 PLN"
    Afterwards, this fee is never mentioned again. When withdrawing, you will just get the following form, only asking for an amount and asking you to confirm the withdraw amount.

  • Another issue many customers of Mt.Gox are experiencing is a  huge withdrawal delay. I placed my withdrawal on April 10th and received it just recently, May 15th. Mt.Gox does not communicate anything about this delay of over a month. I asked their customer support why my withdrawal was taking so long and they answered that they have a withdrawal limit on their bank account themselves so that they could only process a certain amount each day. You say what??
    "Due to our daily withdrawal limits from polish bank, all the withdrawals in queue. According to the queue withdrawals will be processed. Once your withdrawal reaches queue, it will be processed and we will update you on that."
    Mt.Gox is the biggest Bitcoin exchange, trading more than 450 million USD and 29 million EUR a month, and they have a withdrawal limit on their bank account??
    They also told me that they had to check every single withdrawal if it complied with Anti Money Laundering laws they were subject of.
    "However, our Polish colleague is now facing AML issues and we will have to manually verify all SEPA Withdrawal. Once our AML team is done with this process, SEPA Withdrawal will be processed as soon as possible. We appreciate your patience through this while we are working to resolve the issue."


  • BitPay has this Pricing page that has a lot of the mentioned transparency information on it.
    • It contains the BitPay fee, which is for simplicity the same trading-only fee for all services.
      It also explicitely states that no other fees hold for withdrawal and depositing.
    • It also clearly contains minimum settlements before withdrawals are possible as well as that daily limits apply for unverified merchants.
    • Delays are explicitely mentioned for different regions.
  • BitPay shows their phone number on the top of their website. Having a phone line active in support of customers, shows that you are a company that is comitted to its customers.
  • Although BitPay does not offer insights in its security mechanisms, this is no longer too relevant since it is clear that BitPay alread is a settled company. They got multiple compliments from various technology writers, making it clear to new customers that they are about do business with a company for which already many users showed faith.