Welcome to NexusFi: the best trading community on the planet, with over 150,000 members Sign Up Now for Free
Genuine reviews from real traders, not fake reviews from stealth vendors
Quality education from leading professional traders
We are a friendly, helpful, and positive community
We do not tolerate rude behavior, trolling, or vendors advertising in posts
We are here to help, just let us know what you need
You'll need to register in order to view the content of the threads and start contributing to our community. It's free for basic access, or support us by becoming an Elite Member -- see if you qualify for a discount below.
-- Big Mike, Site Administrator
(If you already have an account, login at the top of the page)
That is true mostly for unobfuscated code. Machine code generated from C++ has always been hacked and no popular commercial produce has ever been able to avoid that. If somebody can hack into your servers they most likely will easily find the person that can read assembly code. It's not even hacking, the code is there you just need to know how to read assembly. (Which many hackers and expert developers can).
It's a none issue. Having coding errors in C++ is so much more likely that it's not worth the effort in virtually all cases.
But all of this is really off topic.
If you have any questions about IQBroker's products or services, please send me a Private Message.
I wanted to targeting only the security aspect. With "VM" i meant tactics like SecureTeams Code Virtualization. All other obfuscations are currently insufficient. If your code is running in a "Code Virtualization" environment the speed is decreased by the factor 3-10.
Hacking an exe/dll isn't the point. You have to protect your IP and thats a HUGE HUGE advantage to get this from a exe/dll from opcodes only. A professional coder knows how to program in C++ error free. Microsoft beginns to think about the C# roadmap and will be even more focussing at C++ again (early bird twittering).
But for you as a vendor of a product there is nothing to worry about. A security minded developer can easily connect his C++ dll to your C# infrastructure to do backtesting. My backtesting is also done with C# language - the execution release will be a C++ DLL with all the security steps applied i mentioned previously.
Using Code virtualization is too slow for sure.. I don't think anybody would consider using that as protection. Obfuscations are good enough and provide similar protection as compiled code, even if they are much easier to read. A hacker that makes the effort to steal a profitable compiled strategy can either read assembly or find one of the millions of developers that can.
Protecting expensive code should be done before the hacker has it... afterwards who cares if it takes him a day or two weeks to understand it. Note that it isn't even hacked, just read and understood.
Microsoft's move into C++ is mostly for mobile and tables. The advantages of managed code for human developers are huge, I don't see them being abandoned just to gain a few milliseconds, developer are sticking with Java, C#, JavaScript, Python, they are unlikely to move back 20 years and start managing their memory.
C++ / Objective C are needed in the mobile world, at least for now. But as these mobile machines become stronger, you'll see managed code running more and more on them.
If you have any questions about IQBroker's products or services, please send me a Private Message.
Actually I started coding in the 80s, in Turbo Pascal, then assembly, C and C++, Java and .NET. (Including web related technologies).
I loved assembly and C, which is why I think you're giving it too much credit, many developers can just read it. It's a none issue for veteran developers.
My way of thinking is that you're not protecting a strategy by writing C++ code. It's a false sense of security. Protect the code by not allowing people access to it. You only need 1 assembly coder to fetch the strategy, that's hardly protection.
Let's drop it, it's a discussion for Microsoft forums not Big Mike Trading.
Good luck to us all! and happy trading.
If you have any questions about IQBroker's products or services, please send me a Private Message.
I am close with the Rizm platform and saw the most recent video about their platform. It is in beta testing right now. The video is up on vimeo under "rizm beta update"
Yes, I am a cofounder and the CEO EquaMetrics. I am just happy to see the Rizm trading platform being discussed. We have recently started to come out of stealth mode, but still offer relatively little information about our product at the moment. We should be out of beta testing by December.
Until then,
Chris
If you have any questions about Rizm or EquaMetrics, please send me a Private Message.
I am curious as to your thoughts on the security discussion. What do you offer to ensure the privacy and security of customers strategies?
Can you also talk more about your co-location? I see you are in New York. For InteractiveBrokers customers, this is good, as they are in New York. But most everyone else is in Chicago. Do you have infrastructure in Chicago?
Your website mentions microsecond resolution. Most retail feeds currently available only support resolution down to the one second level. Is the data feed you are providing as part of Rizm a microsecond feed, timetamped from the Exchange? Or are you timestamping it upon receipt?
Can you give us an idea of how much historical tick data you make available to customers? How many years back on popular products like the ES and CL and other popular futures instruments? What about equities?
Apologies for the slow response. Things have been crazy in NYC with the recent hurricane.
I'll do my best to answer your questions methodically.
1. Customer's own their strategies and will be able to sell or buy strategies through our marketplace. The code that is produced with our visual programming language is not exportable outside of the Rizm platform however. Rizm's security is of the highest importance and we have SSL encryption and authentication, database encryption to protect user's saved strategies, and a firewall to protect our web application.
2. Our cloud execution method is one of our patent pending technologies that I can't go into much detail about, but the short answer is that we have servers that are co-located next to the servers of whoever is clearing our trades.
3. Rizm is a unique platform in that it primarily focuses on building and managing trading algorithms, opposed to research and charting for example. So, yes, the latency attached to quote delivery from our data provider may take up to a second to be received on our web application. However, a running algorithm lives on the co-located server next to the exchange and more often than not, the data providers server too. So, if the algo is trading off of this data then it will be happening at a quicker speed than which you will actually see the quote on our trading platform.
4. We go 10 years back on daily data for all of the asset classes we offer. The smaller the bar size, however, the shorter period of time that we offer to back test on.
If you have any questions about Rizm or EquaMetrics, please send me a Private Message.