No they are not, Bitcoin uses proof of work to create the block chain.
Maybe you can tell me in a few lines, what exactly is the algorithm here.
Just replace PoW with PoS. Or look at lines 1275 - 1283. You can't even explain the algorithm in a few words. C'mon you can do it. Just a couple of sentences explaining your PoS algorithm. C'mon you can do it. Waiting... |
|
|
|
Inject flaws and have people manually find the flaws? What the hell is the point in that?
The point is to assess number of unknown bugs. So... I am still waiting for the specification... if its not the source (coz you claim to have injected flaws)... then where is it?
Can't help with this until I talk to Cunicula, sorry. But I could answer questions. You know when having a meeting with a customer, its always not a good idea to bring with a sales person a technical guy. The reason is, the sales person can always say, "I don't know the answer, but I can ask my technical folk". Is it not very strange that a technical person like you is saying... "I'm sorry, but some other dude wrote the spec. Let him come back from vacation and I'll have an answer". |
|
|
|
You don't have a spec. for a distributed consensus algorithm?
Ah, if u need only distributed consensus algorithm then u could read about Bitcoin's algo. They r the same. No they are not, Bitcoin uses proof of work to create the block chain. Maybe you can tell me in a few lines, what exactly is the algorithm here. |
|
|
|
It seem to be a personal crusade of FrictionlessCoin against nxt  Have you ever been in a code review? The criticism I am providing is actually quite tame. My assessment, throw this garbage out and start again correctly. This is a typical kind of response from a good software developer who see crap code. Fair enough, but I must point out (again) that we are not investing in source code, we are investing in the algorithms, the big ideas (BCNext) and the huge community supporting NXT. Source code clean up is a minor issue and will come as the project develops. Some great developers have joined the NXT team (e.g. Jean-Luc) and are improving the software engineering practices as we speak. However, let us get back to the point. This is a code review for security issues, so let's try to focus on those. I think the point about cleaning up, refactoring the code has been made and taken. So, perhaps FrictionlessCoin has found some non-superficial security issue he would like to share? Ok... so if you are investing on the algorithm.... then were can I find a specification of the algorithm? (if you answer look at the source, then it is clear that you have no specification) Thing's don't always have to start with a spec. Ya know, this isn't a big software house. Anything more useful to contribute, if not pure rage? You don't have a spec. for a distributed consensus algorithm? So you think you can seriously conjure up one that is secure without actually spending quality time thinking of a specification? As I said in the beginning, this is amateur hour. |
|
|
|
If he knews of the flaws, then why is he asking this forum?
Well, if u know about JUnit u should know how to find logical bugs in algos. One of the approaches is to inject flaws and let the others to find them. If u injected 10 flaws and 15 r reported, then u count proportion of injected flaws to assess number of unknown ones that r not found yet. Inject flaws and have people manually find the flaws? What the hell is the point in that? So... I am still waiting for the specification... if its not the source (coz you claim to have injected flaws)... then where is it? |
|
|
|
If he knews of the flaws, then why is he asking this forum?
How do you create a hash of something you don't know exists?
Besides, what the heck are you even hashing? Some text that describes the flaw?
The B.S. is unbelievable and you folks are just too ignorant to see it.
Ok... you clearly just proved to everybody that you DO NOT even realize that the flaws are there intentionally. IGNORE!If the flaws were intentional, then why then did the author point me to the source as being the specification? So, are you saying that the source code was actually never released and this entire exercise is a gimmick? |
|
|
|
Ok... so if you are investing on the algorithm.... then were can I find a specification of the algorithm? (if you answer look at the source, then it is clear that you have no specification)
Cunicula was going to publish the whitepaper. He is still on holidays, I suppose, coz I don't see him online. U can find description of the algo here - https://bitcointalk.org/index.php?topic=345619.0. Or I can answer ur questions if u don't want to read the thread. Well if you wrote the code, then shouldn't you have the specification handy? The link you sent, that's called a feature list, that's not a specification of an algorithm that does distributed consensus. This is becoming more comical by the minute! |
|
|
|
NXT is just some code that some junior programmer is trying to cook up one the fly.
Take it from an expert in these coding matters.
Don't believe me, well good luck with your NXT investments.
So... how come you 're not spitting out ALL THREE FLAWS then? Is this not plain and simple B.S.? "Each flaw has a small description. Here r SHA256 hashes of these descriptions: bd34c891e9e3df9ea8b8eafc4dc3edc129f81365d42bf204ea58271e320f3ce5 - 1K reward 888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530 - 10K reward f5236644f4306699bb0fa90a905afe2454683c0aad6995e4433d712e2fdb257c - 100K reward " If he knews of the flaws, then why is he asking this forum? How do you create a hash of something you don't know exists? Besides, what the heck are you even hashing? Some text that describes the flaw? The B.S. is unbelievable and you folks are just too ignorant to see it. |
|
|
|
It seem to be a personal crusade of FrictionlessCoin against nxt Have you ever been in a code review? The criticism I am providing is actually quite tame. My assessment, throw this garbage out and start again correctly. This is a typical kind of response from a good software developer who see crap code. Fair enough, but I must point out (again) that we are not investing in source code, we are investing in the algorithms, the big ideas (BCNext) and the huge community supporting NXT. Source code clean up is a minor issue and will come as the project develops. Some great developers have joined the NXT team (e.g. Jean-Luc) and are improving the software engineering practices as we speak. However, let us get back to the point. This is a code review for security issues, so let's try to focus on those. I think the point about cleaning up, refactoring the code has been made and taken. So, perhaps FrictionlessCoin has found some non-superficial security issue he would like to share? Ok... so if you are investing on the algorithm.... then were can I find a specification of the algorithm? (if you answer look at the source, then it is clear that you have no specification) |
|
|
|
I am curious, is the NXT algorithm described anywhere?
A paper somewhere, a specification or a simulation?
Or perhaps we are just making this up on the go?
Use the source.... luke... use the source.... Well you confirmed it... making this all up on the go. You guys have no clue as to what you're building. Absolutely no clue. |
|
|
|
Thrilled that my small investment in NXT is being represented by someone who uses "u" instead of "you."  Then get the fuck out man. Couldn't be more irrelevant. I haven't seen ONE example of someone who's against NXT while delivering founded reasons to have disbelieve in it. I think your over investment in NXT is blinding you to the reality. The code is just made up on the fly. It doesn't really work. It really isn't secure. Distributed consensus in precense of adversarial participants is a damn difficult thing to cook up. That is why Satoshi Nakomoto's Bitcoin is utterly brilliant. NXT is just some code that some junior programmer is trying to cook up one the fly. Take it from an expert in these coding matters. Don't believe me, well good luck with your NXT investments. |
|
|
|
all this is fucked up. they should have just delivered the miner to a member here that ordered one. That would have made more sense. A review from a paying customer is better then some random person that didn't spend there hard earn money.
The bright side is this... the reviewer is reviewing a bitfury system ( there is a youtube video from AMT that shows a running bitfury system). It is not the bitmine system for sure. That's because bitmine just got their initial batch a few days ago and it is doubtful that AMT has that batch. |
|
|
|
|
I am curious, is the NXT algorithm described anywhere?
A paper somewhere, a specification or a simulation?
Or perhaps we are just making this up on the go?
|
|
|
|
It seem to be a personal crusade of FrictionlessCoin against nxt Have you ever been in a code review? The criticism I am providing is actually quite tame. My assessment, throw this garbage out and start again correctly. |
|
|
|
I hope you already remove "double copy" peers = ((HashMap<String, Peer>)Nxt.peers.clone()).values(); from thread, which is start every second  Which is dumb as hell because concurrent collections handles this kind of stuff. So why is this poorly designed code out in the wild securing a currency? It is only a matter of time before some guy drains out all the money out of all accounts. This is a ticking time bomb! Don't tell me I did not warn you folks. |
|
|
|
For us common folks, what does this mean in plan english? in plain english... the code has not been tested exhaustively. So its like flying an airplane that hasn't been tested to fly. |
|
|
|
While lurking for injected bugs, I found that some parts of Nxt code makes my eyes bleed. With hope that I have enough programming skills (probably better, than my runglish ), I'm starting this thread. Not for bounty, but for better quality (but donations welcome, as usual ). First of all, thanks to IntelliJ IDEA code analysis, I see a lot of syncronized with potentially wrong usage. Static variables like peers, blocks, accounts, users are not final. They are initialized at start, so it is not a big flaw right now, but who knows about future. When I look more deeply in syncronizations, I see a lot of places, where author get content of such global collection and then sync on it, but not sync on collection itself. Example: Block.analyse() method:
Account generatorAccount = accounts.get(Account.getId(generatorPublicKey));
synchronized (generatorAccount) {
generatorAccount.setBalance(generatorAccount.balance + totalFee * 100L);
generatorAccount.setUnconfirmedBalance(generatorAccount.unconfirmedBalance + totalFee * 100L);
} While in some places such usage may be safe, I think it's very bad practice anyway. More to come... The author did not even bother to run the code through static code analysis. Also, where the hell are the JUnit tests? How can anyone expect this kind of code to be used to handle their currency? I do not think that this should be taken here as an opportunity to insult the developer. Please, show more humility for the work of others, even if you dont like the project. This code is supposed to secure the currency that people own, so I expect top notch software development best practices, not work that looks like it came out of a high school coding project. I am teling you like it is, if you can't handle the truth then so be it. |
|
|
|
Talk about amateur hour!!
So let's get this right, the source code is released and we find it all in a single .java file.
One class with a lot of inner classes.
Does the developer ever know what a java package is for?
Then he declares all the member variables of the Nxt class as static. Does he know the difference between static and instance variable?
To place matters worse, the Nxt class happens to be a servlet. Does he not know that a new servlet is instantiated per thread??!
Well, to be honest, 21 BTC original invested may have been too generous!
You are nitpicking over insignificant details. This is not a beauty contest. NXT's beauty is in the algorithms and maths that have brought forward the state-of-the-art. I seriously doubt the creator cares about keeping tidy with the code. In fact, I know quite a few genius computer scientists who produce really ugly, stupid code. However, that doesn't matter one iota when the algorithms are groundbreakingly better than anything that's come before. Dude... where are the unit tests? If you don't care for style, you should care that it is at least tested. This code is so bad, that I'm just itching to fork it! |
|
|
|
Found static byte[] convert(String string) and static String convert(byte[] bytes) ineffictive. Need I suggest some solutions (like Apache Commons )? Edit: nevermind. I'm too strict this evening... I don't think this developer has even heard of Apache commons. I mean, it is obvious that he doesn't even know how to use a java package. |
|
|
|
While lurking for injected bugs, I found that some parts of Nxt code makes my eyes bleed. With hope that I have enough programming skills (probably better, than my runglish ), I'm starting this thread. Not for bounty, but for better quality (but donations welcome, as usual ). First of all, thanks to IntelliJ IDEA code analysis, I see a lot of syncronized with potentially wrong usage. Static variables like peers, blocks, accounts, users are not final. They are initialized at start, so it is not a big flaw right now, but who knows about future. When I look more deeply in syncronizations, I see a lot of places, where author get content of such global collection and then sync on it, but not sync on collection itself. Example: Block.analyse() method:
Account generatorAccount = accounts.get(Account.getId(generatorPublicKey));
synchronized (generatorAccount) {
generatorAccount.setBalance(generatorAccount.balance + totalFee * 100L);
generatorAccount.setUnconfirmedBalance(generatorAccount.unconfirmedBalance + totalFee * 100L);
} While in some places such usage may be safe, I think it's very bad practice anyway. More to come... The author did not even bother to run the code through static code analysis. Also, where the hell are the JUnit tests? How can anyone expect this kind of code to be used to handle their currency? |
|
|
|
|
Show Posts
