Software is not like hardware. Software is much more plastic and it is very often not obvious what the best design is. TDD allows you to build your components one small step at a time, this is the heart and soul of agile development. It also has to integrate with other principles like having a good model/metaphore. If the model is well thought out, then small low level code modules can be developed to adhere to a fairly simple and straightforward set of tests. This feeds into the concept of short iterations where only a very specific set of functionality is built into the code during any one given iteration, thus allowing you to focus on that one thing.
The code written in iteration one may not be capable of addressing the requirements of iteration two, but you CAN now refactor it because you can now test it, and you will find it will be MUCH MUCH easier to test because you were forced to build it to BE testable. Testability needs to be a fundamental attribute of all code, probably the single most critical attribute.
Software is nothing like a product coming off an assembly line. You don't 'duplicate indefinitely'. You construct a module of code and if it is developed correctly according to an agile methodology it WILL be highly reusable, but you should never expect a particular piece of code to function correctly in any old environment. On the flip side every time your code is operating in the environment it IS designed and tested to operate properly in, it should function correctly, or fail gracefully.
You in fact made a perfect case for the argument that the code SHOULD have been developed test first, because then all the interdependencies you describe would not exist. Instead your application would be properly designed to be composed of a number of modules which operate independently of each other and only expose well defined interfaces which are ALL tested.
It may well be that when a complex application is being developed you may find that there are several 'layers' of abstraction, and testing some of the higher layers MAY require mocking components to which they delegate functionality, but then the same thing should hold, the lower level code should be so modular and maintain so little state that it should be quite simple to mock. If it isn't then the fault is not TDD, it is the design of your code.
The cost of setting up a couple DNS servers in a couple of different locations is going to be pretty trivial for anything but the very smallest shops. Basically depends on if it is worth the bother and minor expense.
And even a pretty busy DNS server doesn't require vast hardware resources. You already obviously have a hosting infrastructure, etc. Bind 9 can serve up a LARGE amount of DNS requests on a couple of fairly low end machines.
It is just that the average person very seldom has a need to actually USE them. So, they have very little incentive to learn HOW to use them, and in many cases they'll know ahead of time they need a camera, so they'll use a real camera.
Same goes for all the other features. It just is not worth all the time and hassle to figure it all out. 90% of people are just not going to bother and they aren't going to miss what they never had a pressing need for in the 1st place.
My guess is that over the next 20 years the population in general will get a lot more sophisticated in its use of technology, and the technology will get a lot simpler to use and more reliable, and then yes, it probably will be used by a lot higher fraction of people. But there is likely to always be 30-50% of the people that can't really be bothered.
90% of the people never have a NEED to take a picture with a cell phone. If all you had to do was point it and say 'Fido, take picture, send to Jane' it still wouldn't interest 50% of the population, they just plain don't need or want to take pictures. If they really DO want a picture, they want a good picture.
So basically there are 2 issues here, one being people aren't all that interested, and secondly the extra gewgaw features on phones really aren't all that great. The cameras are mostly marginal to almost useless, etc.
It is pretty much THE gold standard. There are one or two other vendors that have good chipsets as well, but probably half the servers in existence are using Intel NICs, and 3/4 of the rest are Broadcomm.
When you pay 20 bucks for an ethernet card, you get what you pay for. 95% of the time it is fine for everyday use in a PC, but they aren't at the same quality level (and not even close to the same performance level) as the enterprise class products. Same is true of all the other vendors.
You'll have to go take a look at their docs, but I can see no reason why you cannot point MX records for a domain you control (you can use a registrar's DNS) and just set up your gmail account to accept mail from your domain. You can also set it up to SEND your mail with FROM set to your domain by default. Technically you can get mail via username@gmail.com as well, but so what?
They support IMAP and POP3, so you really don't need to use the gmail web interface. It is fast, reliable, and offers a lot of storage capacity. I don't really see a downside.
Besides, you may think IMAP and POP3 are all you want, but realistically there is always that day when you aren't anyplace you have client software and need to just check your mail. Web interfaces are damned handy for that, you can hop on any machine and just browse your mail.
I can't honestly think of a good reason why anyone short of at least a small business would need anything else, and even most smaller businesses/organizations don't need anything more than that.
DNSSEC has been around for quite some time. It isn't some kind of brand new protocol.
I also never said that DNSSEC was some kind of panacea. It is a NECESSARY component of a secure internet. Without it you can't be secure. I never said that HTTPS wasn't also a component of security, all I said was if you think HTTPS BY ITSELF is making you secure, then you are just plain demonstrably WRONG.
Several studies have been done on what users actually will and won't do. If your security is based on the myth that your users will do the right thing, then you HAVE no security.
Again, from this paper:
This paper examines the mechanics of the SSL protocol attack, then focusses on the greater risk of SSL attacks when the client is not properly implemented or configured. One faulty SSL client implementation, Microsoft's Internet Explorer, allows for transparent SSL MITM attacks when the attacker has any CA-signed certificate. An even
greater risk is posed by unprotected systems where an attacker can preload his/her own trusted root authority certificates. In public environments such as libraries and computer labs, there is little to prevent such an attack from taking place. Casual observation of such places indicates that an attacker would see them as low-risk, high-opportunity environments.
Although HTTPS and SSH are encrypted, they both rely on weakly bound public key certificates to identify servers and to establish security contexts for symmetric encryption. As the vast majority of users fail to comprehend the obtuse digital trust management PKI presents (e.g. is an X.509v3 DN really meaningful to you?), a simple monkey-in-the-middle attack works quite well in practice.
Client traffic to a target server may be intercepted using dnsspoof and relayed to its intended destination using the sshmitm and webmitm proxies (which also happen to grep passwords in transit). For example, to sniff Hotmail webmail passwords, create a dnsspoof hosts file such as:
1.2.3.4 *.passport.com 1.2.3.4 *.hotmail.com
where 1.2.3.4 is the IP address of your attacking machine. Local clients attempting to connect to Hotmail will be sent to your machine instead, where webmitm will present them with a self-signed certificate (with the appropriate X.509v3 distinguished name), and relay their sniffed traffic to the real Hotmail site.
sshmitm is perhaps most effective at conference terminal rooms or webcafes as most travelling SSH users don't carry their server's key fingerprint around with them (only presented by the OpenSSH client, anyhow). Even sophisticated SSH users who insist on one-time passwords (e.g. S/Key), RSA authentication, etc. are still at risk, as sshmitm supports monitoring and hijacking of interactive sessions with its -I flag.
Sure, but if I control your DNS I can just patch your browser to do whatever I want... So for example I can install my own root cert.
DNS HAS to be secure, all other aspects of security on the net indirectly depend on the integrity of DNS, and once that is gone, then you have already lost all other battles. Its game over.
Actually unless BOTH the client and server must present certificates (which is not supported by any web site I know of) then a MITM attack is PERFECTLY feasible over SLL.
It is true that if I'm 'evil hacker' and I spoof your DNS for say www.irs.gov then I have a problem that if that URL is HTTPS I don't have a copy of their SSL certificate and I can't get one that will work without a pop up warning.
HOWEVER that is rarely the case, home pages are always straight HTTP. So evil hacker can now present me with any content he wishes and as far as I can tell it is coming from www.irs.gov, and NOTHING will tell me different, or even could in theory tell me different.
At that point anything I navigate to within that site is under evil hacker's control and there are trivially simple ways evil hacker can present content to me that will be HTTPS and yet be going to whatever site he does control, like simply pointing an insecure FORM at an HTTPS target on a URL evil hacker DOES own (which will have a good SSL cert). Combine that with clever framing and use of some plausible sounding URLs and the probability that the victim will ever notice what's happening is pretty small.
HTTPS is a useful security mechanism, but in the face of compromised DNS it is not at all sufficient. Besides, as I pointed out above, a MITM attack is perfectly feasible and so yet another tool is in the hacker's arsenal, one which is trivial to deploy in the face of DNS spoofing.
Now, lets think really evil for a bit. Suppose I can spoof your DNS. HOW CAN YOU EVER BE SURE ANYTHING YOU DO FROM THEN ON FOREVER is not under my control? I can redirect your email, I can in fact be in the position of controlling EVERY SINGLE INTERACTION you have with ANYTHING from then on. I can take control of your A/V updates, your OS patches, your VOIP, absolutely anything. Not to say it would be worth all the work for evil hacker to do that in all probability, but once I own your DNS, I own your interaction with the network at a deep level.
The 2 things are orthogonal to each other. DNSSEC insures that the site you go to is ACTUALLY the site you wanted to go to.
HTTPS just encrypts the traffic to/from that site once you get there.
In principle an SSL cert insures that the site is what it claims to be, but there are so many possible ways to fool people on that score that it really isn't all that effective.
Besides, if someone subverts DNS, then basically all bets are off anyway because at that point they have the ability to make any particular URL point where they want, so the opportunities to fool you are legion. Form submissions can easily be sent off to anywhere, etc. You MIGHT see a browser pop up warning at some point, but it is pretty unlikely people will be alarmed by that.
Yeah, this will be an endless worthless flame war, but I'm sorry you are living in some kind of fantasy land man. The whole Republican Party is rotted to the core. Sure, once maybe it stood for something, now it is just the tool of those who are utterly unprincipled and for whom nothing is unthinkable. No lie is too base, no act unconscionable.
No politician in 21st century Amerika dares to cross the line of the Corpocrats who effectively run everything. Look where the money flows my friend, the 100 richest families in the US gained $670 BILLION DOLLARS in network in the last 7 years. If you cross them, they just edit you out of the news cycle friend. There's no end to the dirty money and no way you'll stay in office.
The real estate bubble was caused by the fact that Wall St in its infinite greed simply kept ratcheting up the leverage and lowering its lending standards until the lid popped off the whole house of cards (good mixed metaphore, eh). Where were all the regulators? Oh, I forgot, a 'free market' means we don't actually pay attention to those pesky LAWS anymore! Just buy them lunch and hire them for some cushy jobs when they retire and its no problem.
Doesn't help that your precious Republicans happily dismantled as much of that oversight as they possibly could. NOW the Corpocrats are using the Republicans to spend MY money to bail out their carelessly run (or looted) companies? Forget it. NEVER VOTE REPUBLICAN AGAIN AS LONG AS YOU LIVE. If John McAncient had 1/10th of the integrity he pretends to he wouldn't even be able to stomach calling himself one.
But don't worry, they won't have to pay, because they've already probably just ignored the last possible chance they had to even possibly avert an environmental catastrophe so vast that in a few years eating will be a luxury and nobody will even know what the word 'vote' means.
Specific places do offer terminals at very low prices. As to whether or not they would like it if you were running your own software instead of using their terminal, eh... Probably not.
Here's the problem. It takes a significant amount of net capital, not to mention you have to be a brokerage and a FINRA member, etc.
The market for "do-it-yourselfers" has to be incredibly small. Add in the fact they will be potentially high liability customers (heaven knows what sort of trading these people will do, but experience says they will mostly loose money big time). It doesn't really look like a very sustainable business model, nor even profitable enough for an existing firm to want to go after that market.
Technologically it is easy. I have a system that can easily do it, take in orders over FIX, sanitize them, do risk analysis, and route them either via a clearing firm system or DMA with a giveup in theory.
We have considered that the most likely possibility would be to form a coop and essentially just pool resources of small brokers and possibly individuals to provide the capital requirements and supply everyone with basic services like compliance reporting. Then it might be feasible, but don't hold your breath.
FINRA is TOTALLY corrupt. They're entirely controlled by a few big firms (and just that many fewer and bigger as of the last couple weeks). They're main function right now is to crush anything else. At best it is a real uphill battle.
That is the trading system I've spent several years working on is built entirely using Open Source tools and libraries. The system itself is not currently open, but that is a possibility we here certainly look favorably at.
As far as actual entire free trading systems, there is JavaTraders@googlegroups.com which is a good place to start. Also check out the quickfixj.org site, you will find some things there. There is also an Eclipse plugin which provides some level of GUI.
Frankly we didn't any of the code in any of those projects (although we do use ta-lib). But as I say, you can do a lot with ActiveMQ, any good open source RDBMS (PostgreSQL,MySQL) and your Enterprise Java framework bits of choice.
Basically if I were you I'd pick one of the java based projects that is kicking and does roughly what you want, the way you want to do it. For simple basic trading of one or two instrument classes you can probably put together something pretty workable.
Perl itself is exceedingly well documented, and the whole perl community has been YEARS ahead of the curve in terms of documentation for libraries, code examples, and just general support and good information.
As far as the state is concerned, no, we aren't professionals, though we are probably all considered 'exempt' (IE salaried staff). In common parlance I have no problem with the use of the term professional, it can be used in a few different ways. At its broadest it can be applied to anyone who makes their living by a specific activity (IE 'professional athlete').
The nice Coast Guard cutter that boards you don't care about your webcams, lol. And if you so much as spit at them they've every right under the law of the sea to just send you to Davey Jones Locker. An unflagged vessel is AFAIK just about like an unclaimed island, anyone who feels like occupying it, owns it (principle of Terra Nullis in the case of an island, little different for ships, same basic idea).
It would be FUN, but I doubt Google's shareholders would approve, lol.
Regulation does not create professionalism. All those professions predate regulation of them by a State. If you were an embezzling accountant 600 years ago and got caught, having your license revoked would probably be a welcome alternative to the likely consequence.
I think my observation still stands. What would be the point of giving a lawyer a test? The state bar exam does that. Whether or not it insures that individual is good at their job or has suitable expertise is another matter. The same could be said for ANY test. I'd note though that in the case of lawyers states usually have specific qualifications for specific areas of the law. Even if that isn't the case a licensed professional is still generally required to carry insurance and can be held liable for malpractice. That isn't particularly the case for unregulated employment categories like IT workers.
There are professionals in IT and there are rubes. Having the State regulate that wouldn't get rid of the rubes. Just that fact that States revoke licenses proves there are licensed rubes in each occupation that is licensed. I'm going to favor a trusted LinkedIn recommendation over a State license anyway, so the concept is becoming obsolete already.
Well, sure, there are plenty of idiots in every walk of life. Notice though that at least in the case of professionals they HAVE a license which can be revoked, and they can't practice legally without it. It is a legal distinction, professionals are state licensed and regulated. IT workers aren't, so while they might fall under the common usage definition of 'professional' they don't fall under the same legal definition as people who require a state license. I'm not advocating licensing for say software engineers, just pointing out a distinction that does exist.
The more likely people you'd want to be legally protected against wouldn't be say the US govt, it would be people that might not like what you're doing. International waters, privacy laws? What privacy laws? Nice safe place to do people's dirty work for them and never have to answer for it.
Anyway, as someone else pointed out, these things would be docked in a port. Frankly I think they'll find it would make just as much sense to just put up a building next to the ocean...
Slashdot Mirror
Software is not like hardware. Software is much more plastic and it is very often not obvious what the best design is. TDD allows you to build your components one small step at a time, this is the heart and soul of agile development. It also has to integrate with other principles like having a good model/metaphore. If the model is well thought out, then small low level code modules can be developed to adhere to a fairly simple and straightforward set of tests. This feeds into the concept of short iterations where only a very specific set of functionality is built into the code during any one given iteration, thus allowing you to focus on that one thing.
The code written in iteration one may not be capable of addressing the requirements of iteration two, but you CAN now refactor it because you can now test it, and you will find it will be MUCH MUCH easier to test because you were forced to build it to BE testable. Testability needs to be a fundamental attribute of all code, probably the single most critical attribute.
Software is nothing like a product coming off an assembly line. You don't 'duplicate indefinitely'. You construct a module of code and if it is developed correctly according to an agile methodology it WILL be highly reusable, but you should never expect a particular piece of code to function correctly in any old environment. On the flip side every time your code is operating in the environment it IS designed and tested to operate properly in, it should function correctly, or fail gracefully.
You in fact made a perfect case for the argument that the code SHOULD have been developed test first, because then all the interdependencies you describe would not exist. Instead your application would be properly designed to be composed of a number of modules which operate independently of each other and only expose well defined interfaces which are ALL tested.
It may well be that when a complex application is being developed you may find that there are several 'layers' of abstraction, and testing some of the higher layers MAY require mocking components to which they delegate functionality, but then the same thing should hold, the lower level code should be so modular and maintain so little state that it should be quite simple to mock. If it isn't then the fault is not TDD, it is the design of your code.
And you have to escalate properly, so it is like:
11.)???
12.)NAZIs
13.)Cthulhu
14.)D100 san loss
The cost of setting up a couple DNS servers in a couple of different locations is going to be pretty trivial for anything but the very smallest shops. Basically depends on if it is worth the bother and minor expense.
It isn't all that hard you know...
And even a pretty busy DNS server doesn't require vast hardware resources. You already obviously have a hosting infrastructure, etc. Bind 9 can serve up a LARGE amount of DNS requests on a couple of fairly low end machines.
It is just that the average person very seldom has a need to actually USE them. So, they have very little incentive to learn HOW to use them, and in many cases they'll know ahead of time they need a camera, so they'll use a real camera.
Same goes for all the other features. It just is not worth all the time and hassle to figure it all out. 90% of people are just not going to bother and they aren't going to miss what they never had a pressing need for in the 1st place.
My guess is that over the next 20 years the population in general will get a lot more sophisticated in its use of technology, and the technology will get a lot simpler to use and more reliable, and then yes, it probably will be used by a lot higher fraction of people. But there is likely to always be 30-50% of the people that can't really be bothered.
90% of the people never have a NEED to take a picture with a cell phone. If all you had to do was point it and say 'Fido, take picture, send to Jane' it still wouldn't interest 50% of the population, they just plain don't need or want to take pictures. If they really DO want a picture, they want a good picture.
So basically there are 2 issues here, one being people aren't all that interested, and secondly the extra gewgaw features on phones really aren't all that great. The cameras are mostly marginal to almost useless, etc.
It is pretty much THE gold standard. There are one or two other vendors that have good chipsets as well, but probably half the servers in existence are using Intel NICs, and 3/4 of the rest are Broadcomm.
When you pay 20 bucks for an ethernet card, you get what you pay for. 95% of the time it is fine for everyday use in a PC, but they aren't at the same quality level (and not even close to the same performance level) as the enterprise class products. Same is true of all the other vendors.
You'll have to go take a look at their docs, but I can see no reason why you cannot point MX records for a domain you control (you can use a registrar's DNS) and just set up your gmail account to accept mail from your domain. You can also set it up to SEND your mail with FROM set to your domain by default. Technically you can get mail via username@gmail.com as well, but so what?
They support IMAP and POP3, so you really don't need to use the gmail web interface. It is fast, reliable, and offers a lot of storage capacity. I don't really see a downside.
Besides, you may think IMAP and POP3 are all you want, but realistically there is always that day when you aren't anyplace you have client software and need to just check your mail. Web interfaces are damned handy for that, you can hop on any machine and just browse your mail.
I can't honestly think of a good reason why anyone short of at least a small business would need anything else, and even most smaller businesses/organizations don't need anything more than that.
DNSSEC has been around for quite some time. It isn't some kind of brand new protocol.
I also never said that DNSSEC was some kind of panacea. It is a NECESSARY component of a secure internet. Without it you can't be secure. I never said that HTTPS wasn't also a component of security, all I said was if you think HTTPS BY ITSELF is making you secure, then you are just plain demonstrably WRONG.
Hahahaha, yeah, right.
Several studies have been done on what users actually will and won't do. If your security is based on the myth that your users will do the right thing, then you HAVE no security.
http://www.sans.org/reading_room/whitepapers/threats/480.php
Again, from this paper:
This paper examines the mechanics of the SSL protocol attack, then focusses on the
greater risk of SSL attacks when the client is not properly implemented or configured.
One faulty SSL client implementation, Microsoft's Internet Explorer, allows for
transparent SSL MITM attacks when the attacker has any CA-signed certificate. An even
greater risk is posed by unprotected systems where an attacker can preload his/her own
trusted root authority certificates. In public environments such as libraries and computer
labs, there is little to prevent such an attack from taking place. Casual observation of such
places indicates that an attacker would see them as low-risk, high-opportunity
environments.
http://www.monkey.org/~dugsong/dsniff/faq.html
Section 3.4, and I quote
Although HTTPS and SSH are encrypted, they both rely on weakly bound public key certificates to identify servers and to establish security contexts for symmetric encryption. As the vast majority of users fail to comprehend the obtuse digital trust management PKI presents (e.g. is an X.509v3 DN really meaningful to you?), a simple monkey-in-the-middle attack works quite well in practice.
Client traffic to a target server may be intercepted using dnsspoof and relayed to its intended destination using the sshmitm and webmitm proxies (which also happen to grep passwords in transit). For example, to sniff Hotmail webmail passwords, create a dnsspoof hosts file such as:
1.2.3.4 *.passport.com
1.2.3.4 *.hotmail.com
where 1.2.3.4 is the IP address of your attacking machine. Local clients attempting to connect to Hotmail will be sent to your machine instead, where webmitm will present them with a self-signed certificate (with the appropriate X.509v3 distinguished name), and relay their sniffed traffic to the real Hotmail site.
sshmitm is perhaps most effective at conference terminal rooms or webcafes as most travelling SSH users don't carry their server's key fingerprint around with them (only presented by the OpenSSH client, anyhow). Even sophisticated SSH users who insist on one-time passwords (e.g. S/Key), RSA authentication, etc. are still at risk, as sshmitm supports monitoring and hijacking of interactive sessions with its -I flag.
Sure, but if I control your DNS I can just patch your browser to do whatever I want... So for example I can install my own root cert.
DNS HAS to be secure, all other aspects of security on the net indirectly depend on the integrity of DNS, and once that is gone, then you have already lost all other battles. Its game over.
Actually unless BOTH the client and server must present certificates (which is not supported by any web site I know of) then a MITM attack is PERFECTLY feasible over SLL.
It is true that if I'm 'evil hacker' and I spoof your DNS for say www.irs.gov then I have a problem that if that URL is HTTPS I don't have a copy of their SSL certificate and I can't get one that will work without a pop up warning.
HOWEVER that is rarely the case, home pages are always straight HTTP. So evil hacker can now present me with any content he wishes and as far as I can tell it is coming from www.irs.gov, and NOTHING will tell me different, or even could in theory tell me different.
At that point anything I navigate to within that site is under evil hacker's control and there are trivially simple ways evil hacker can present content to me that will be HTTPS and yet be going to whatever site he does control, like simply pointing an insecure FORM at an HTTPS target on a URL evil hacker DOES own (which will have a good SSL cert). Combine that with clever framing and use of some plausible sounding URLs and the probability that the victim will ever notice what's happening is pretty small.
HTTPS is a useful security mechanism, but in the face of compromised DNS it is not at all sufficient. Besides, as I pointed out above, a MITM attack is perfectly feasible and so yet another tool is in the hacker's arsenal, one which is trivial to deploy in the face of DNS spoofing.
Now, lets think really evil for a bit. Suppose I can spoof your DNS. HOW CAN YOU EVER BE SURE ANYTHING YOU DO FROM THEN ON FOREVER is not under my control? I can redirect your email, I can in fact be in the position of controlling EVERY SINGLE INTERACTION you have with ANYTHING from then on. I can take control of your A/V updates, your OS patches, your VOIP, absolutely anything. Not to say it would be worth all the work for evil hacker to do that in all probability, but once I own your DNS, I own your interaction with the network at a deep level.
The 2 things are orthogonal to each other. DNSSEC insures that the site you go to is ACTUALLY the site you wanted to go to.
HTTPS just encrypts the traffic to/from that site once you get there.
In principle an SSL cert insures that the site is what it claims to be, but there are so many possible ways to fool people on that score that it really isn't all that effective.
Besides, if someone subverts DNS, then basically all bets are off anyway because at that point they have the ability to make any particular URL point where they want, so the opportunities to fool you are legion. Form submissions can easily be sent off to anywhere, etc. You MIGHT see a browser pop up warning at some point, but it is pretty unlikely people will be alarmed by that.
A ROMed Linux. lol. There are a couple tablet PCs out there that will ROM boot linux. Basically it is just about instant on.
Yeah, this will be an endless worthless flame war, but I'm sorry you are living in some kind of fantasy land man. The whole Republican Party is rotted to the core. Sure, once maybe it stood for something, now it is just the tool of those who are utterly unprincipled and for whom nothing is unthinkable. No lie is too base, no act unconscionable.
No politician in 21st century Amerika dares to cross the line of the Corpocrats who effectively run everything. Look where the money flows my friend, the 100 richest families in the US gained $670 BILLION DOLLARS in network in the last 7 years. If you cross them, they just edit you out of the news cycle friend. There's no end to the dirty money and no way you'll stay in office.
The real estate bubble was caused by the fact that Wall St in its infinite greed simply kept ratcheting up the leverage and lowering its lending standards until the lid popped off the whole house of cards (good mixed metaphore, eh). Where were all the regulators? Oh, I forgot, a 'free market' means we don't actually pay attention to those pesky LAWS anymore! Just buy them lunch and hire them for some cushy jobs when they retire and its no problem.
Doesn't help that your precious Republicans happily dismantled as much of that oversight as they possibly could. NOW the Corpocrats are using the Republicans to spend MY money to bail out their carelessly run (or looted) companies? Forget it. NEVER VOTE REPUBLICAN AGAIN AS LONG AS YOU LIVE. If John McAncient had 1/10th of the integrity he pretends to he wouldn't even be able to stomach calling himself one.
But don't worry, they won't have to pay, because they've already probably just ignored the last possible chance they had to even possibly avert an environmental catastrophe so vast that in a few years eating will be a luxury and nobody will even know what the word 'vote' means.
Specific places do offer terminals at very low prices. As to whether or not they would like it if you were running your own software instead of using their terminal, eh... Probably not.
Here's the problem. It takes a significant amount of net capital, not to mention you have to be a brokerage and a FINRA member, etc.
The market for "do-it-yourselfers" has to be incredibly small. Add in the fact they will be potentially high liability customers (heaven knows what sort of trading these people will do, but experience says they will mostly loose money big time). It doesn't really look like a very sustainable business model, nor even profitable enough for an existing firm to want to go after that market.
Technologically it is easy. I have a system that can easily do it, take in orders over FIX, sanitize them, do risk analysis, and route them either via a clearing firm system or DMA with a giveup in theory.
We have considered that the most likely possibility would be to form a coop and essentially just pool resources of small brokers and possibly individuals to provide the capital requirements and supply everyone with basic services like compliance reporting. Then it might be feasible, but don't hold your breath.
FINRA is TOTALLY corrupt. They're entirely controlled by a few big firms (and just that many fewer and bigger as of the last couple weeks). They're main function right now is to crush anything else. At best it is a real uphill battle.
That is the trading system I've spent several years working on is built entirely using Open Source tools and libraries. The system itself is not currently open, but that is a possibility we here certainly look favorably at.
As far as actual entire free trading systems, there is JavaTraders@googlegroups.com which is a good place to start. Also check out the quickfixj.org site, you will find some things there. There is also an Eclipse plugin which provides some level of GUI.
Frankly we didn't any of the code in any of those projects (although we do use ta-lib). But as I say, you can do a lot with ActiveMQ, any good open source RDBMS (PostgreSQL,MySQL) and your Enterprise Java framework bits of choice.
Basically if I were you I'd pick one of the java based projects that is kicking and does roughly what you want, the way you want to do it. For simple basic trading of one or two instrument classes you can probably put together something pretty workable.
Perl itself is exceedingly well documented, and the whole perl community has been YEARS ahead of the curve in terms of documentation for libraries, code examples, and just general support and good information.
We're essentially in the same boat.
As far as the state is concerned, no, we aren't professionals, though we are probably all considered 'exempt' (IE salaried staff). In common parlance I have no problem with the use of the term professional, it can be used in a few different ways. At its broadest it can be applied to anyone who makes their living by a specific activity (IE 'professional athlete').
The nice Coast Guard cutter that boards you don't care about your webcams, lol. And if you so much as spit at them they've every right under the law of the sea to just send you to Davey Jones Locker. An unflagged vessel is AFAIK just about like an unclaimed island, anyone who feels like occupying it, owns it (principle of Terra Nullis in the case of an island, little different for ships, same basic idea).
It would be FUN, but I doubt Google's shareholders would approve, lol.
Regulation does not create professionalism. All those professions predate regulation of them by a State. If you were an embezzling accountant 600 years ago and got caught, having your license revoked would probably be a welcome alternative to the likely consequence.
I think my observation still stands. What would be the point of giving a lawyer a test? The state bar exam does that. Whether or not it insures that individual is good at their job or has suitable expertise is another matter. The same could be said for ANY test. I'd note though that in the case of lawyers states usually have specific qualifications for specific areas of the law. Even if that isn't the case a licensed professional is still generally required to carry insurance and can be held liable for malpractice. That isn't particularly the case for unregulated employment categories like IT workers.
There are professionals in IT and there are rubes. Having the State regulate that wouldn't get rid of the rubes. Just that fact that States revoke licenses proves there are licensed rubes in each occupation that is licensed. I'm going to favor a trusted LinkedIn recommendation over a State license anyway, so the concept is becoming obsolete already.
Well, sure, there are plenty of idiots in every walk of life. Notice though that at least in the case of professionals they HAVE a license which can be revoked, and they can't practice legally without it. It is a legal distinction, professionals are state licensed and regulated. IT workers aren't, so while they might fall under the common usage definition of 'professional' they don't fall under the same legal definition as people who require a state license. I'm not advocating licensing for say software engineers, just pointing out a distinction that does exist.
The more likely people you'd want to be legally protected against wouldn't be say the US govt, it would be people that might not like what you're doing. International waters, privacy laws? What privacy laws? Nice safe place to do people's dirty work for them and never have to answer for it.
Anyway, as someone else pointed out, these things would be docked in a port. Frankly I think they'll find it would make just as much sense to just put up a building next to the ocean...