I completely agree about low transaction cost but also want to note that NXT does not need to be used for micropayments. The load could be too much for the system to handle. It would be better to target Nxt to high value transaction. All the talk about Bitcoin for uses in micro-transaction has not yet materialize. just fancy talk so far.
One of the features that Transparent Forging brings is very high number of transactions that can be processed. in TF, everyone knows who will generate next block. whats to keep an attacker (who can also easily find out who should generate the next block) from DDOSing the hell out of that next generator?
|
|
|
we need to. how many nodes total would the devs like? im still thinking about my private VPN solution
|
|
|
Introducing the NXT Foundations forums site at https://forums.nxtcrypto.orgEveryone, as part of the NXT Foundation initiative, I am pleased to announce that bitcointalk user btc24 has completed migration of his nxtalk.org forums over to forums.nxtcrypto.org effective immediately. We formed the NXT Foundation in an effort to collaborate on the promotion of NXT as the 2nd generation cryptocurrency. The first goal will be to set up a set of sites under the Foundation's official domain NXTCRYPTO.ORG. As one of the main functions of NXT is decentralization, we have devised a decentralized method of control of the information between all sites of the domain, such that 1 person does not control everything and from cooperation, things get done. The NXT dev team will have little to no connection at all with the foundation, though we certainly intend to assist the dev team however we can. Wiki:Joefox@bitcointalk has stepped up and provided hosting for http://wiki.nxtcrypto.org as well as DDOS protection on a MediaWiki system. Please visit the wiki if you are interested in translation help. He is paying for all this himself, so donations are appreciated. Info:A person wishing to remain anonymous has stepped up and provided hosting for http://info.nxtcrypto.org as well as DDOS protection on that site. The site is intended for critical updates and critical info/news from the dev team. As he wishes anonymity, he is unable to receive donations. Web:QBTC from nextcoin.org has stepped up and provided hosting for http://www.nxtcrypto.org as well as DDOS protection on that site. She is paying for all this herself, so donations are appreciated. Forums:NXTALK.ORG has moved to forums.nxtcrypto.org and will become the official forums for the NXT Foundation. Please visit the forums if you are interesting in moderating one of the language boards. Adminius on forums.nxtcrypto.org AKA btc24 on bitcointalk has stepped up and provided hosting for http://forums.nxtcrypto.org as well as DDOS protection on the site. He is paying for all this himself, so donations are appreciated. DNS administrator:These duties will be my particular area. Since that is the case I will not be administering any of the sites. Though I will be helping out with the forums, moderation, ultimate control of these forums falls to Adminius. Thanks to 2Kool4Skewl for paying for the domain and to the anonymous Info site manager for the SSL certs. Hopefully in a year when these are renewed I'll have lots of $ to pay for it. Please support the new https://forums.nxtcrypto.org[/size][/b][/size][/color] to take the bloat off this thread
|
|
|
Is there any news concerning Drexme?
His story was that he took the funds to "invest" them and will host a giveaway with them sometime next week. Im not sure if he meant a ggiveaway for use here at NXT or over at his dogecoin stuff hes been working on
|
|
|
NRS 0.4.8 is ready and can be downloaded from:http://info.nxtcrypto.org/nxt-client-0.4.8.zipsha256: ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 From now on I will also be posting the latest version number and sha256 as the value of NRSversion alias on the blockchain: https://localhost:7875/nxt?requestType=getAliasURI&alias=nrsversionChange log: - Added Transparent Forging, will be turned on at block 32000. - Memory leak fixed. - Send money from the browser now also asks for the secret phrase. There is only one new parameter in the web.xml, myPlatform. It is used to announce your platform - PC, Mac, Raspberry, NeXTstation, VAX, zombie... The zip file does not contain blocks.nxt and transactions.nxt. Make sure you preserve your own *.nxt files before upgrading! Can we please have it also as latest.zip symlinked there, so that users always know how to download the latest. Starting to deploy now. yes we are working on this, and a common naming system for archived versions, across all the .nxtcrypto.org sites
|
|
|
Good grief people.... op has another thread for the naming issue. Go argue over there. op you may want to make this very clearinthe op.
And while the domain wouldnt get siezed right off, the site could get shut down if it ignored a cease and desist order which VISA would easily get gramted
|
|
|
can you verify with your IT guy how that DDOS prevention works? Cause Im not certain yet if that will help us, as I thought the DDOS we were seeing was a specialized protocol that worked well above OSI layers 4/5. I thought the DDOS attacks we were seeing were well into the cient protocol operation. IF that is the case then Im not sure this DDOS thing you have will help.
Can an expert who has analyzed the DDoS attacks comment here? Please let us know what your IT guy says. If this is viable then we all really need to go figure out how to make this work on our particular distros on our VPSs
Yes I would like to know this as well. If if does, I can deploy it on my VPSs
Forwarded this to him, I will let u know asap... "The ddos-deflate bash script is a free anti-ddos solutions so if you suffer from a large scale DDos attack it will not be possible to stop it. In that case you will need a hardware firewall in front from your VPS which are very expensive ( ~$30k ) or you could move to some host that provides anti-ddos firewall protection ( which is also too expensive). So at the layer 7 DDOs attack attacker looks like a legitimate connection, and is therefore passed on to the application server. At that time the attacker begins requesting large numbers of files/objects using HTTP GET. The DDOS Deflate will monitor these requests (to the ports that we have already configure at the Iptables firewall or the Advanced Policy Firewall) and block the IPs that exceed the threshold that we have configure at the ddos.conf file." I hope this help guys, my friend registered here but is isolated in the Newbies section atm. I will be away today so I wish everyone a happy New Year with health, luck, love & wealth! Ok thanks this is good info. Someone whohas analyzed our recemt ddos attacks would have to comment next
|
|
|
when is the block explorer going to be back up? Would it be possible to run the blockexplorer software on our own systems? Has nexern released it?
|
|
|
is anyone else seeing fork city?
|
|
|
much thanks to aldrin for generating 3 hallmarks for me to use on my 3 8GB VPSs
|
|
|
From my IT guy: DDoS Deflate is a bash shell script which purpose is blocking a denial of service attack. the following installation guide is about cent os . How to install 1. Login to Cent OS as root 2. run terminal 3. run the following commands a. "wget http://www.inetbase.com/scripts/ddos/install.sh" b. "chmod 0700 install.sh" c. "./install.sh" Configure After installing the script the following directories and files will be created program directory =/usr/local/ddos program =/usr/local/ddos/ddos.sh ignore_ip_list=/usr/local/ddos/ignore.ip.list cron (scheduller) =/etc/cron.d/ddos.cron apf ( advanced policy firewall) =/etc/apf/apf ipt (iptables) =/sbin/iptables edit configuration file run the following command on terminal cd /usr/local/ddos vi ddos.conf ( to edit the file with vi editor just type "i" , when finished press escape then ":" "w" "q" and enter ) Configuration file settings Freq= ( how often the script is executed in minutes ) Ddos - cron ( cron sceduller update ) No_of_connections ( number of connections received before an IP is blocked ) Apf_ban ( 1 means that it will use apf , 0 it will use iptables ) Ban_period ( time in seconds to block an IP ) Email_to ( address to send an email when an IP is blocked ) Kill ( when value is 0 no IP is banned ) In case you get blank IP edit the main script ddos.sh and replace "netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST" with this one "netstat -ntu | grep ‘:’ | awk ‘{print $5}’ | sed ‘s/::ffff://’ | cut -f1 -d ‘:’ | sort | uniq -c | sort -nr > $BAD_IP_LIST" ( be sure to keep the command in a single line ) Uninstall DDos Deflate 1. Login to Cent OS as root 2. run terminal 3. run the following commands a. "wget http://www.inetbase.com/scripts/ddos/uninstall.sh" b. "chmod 0700 uninstall.sh" c. "./uninstall.sh" can you verify with your IT guy how that DDOS prevention works? Cause Im not certain yet if that will help us, as I thought the DDOS we were seeing was a specialized protocol that worked well above OSI layers 4/5. I thought the DDOS attacks we were seeing were well into the cient protocol operation. IF that is the case then Im not sure this DDOS thing you have will help. Can an expert who has analyzed the DDoS attacks comment here? Please let us know what your IT guy says. If this is viable then we all really need to go figure out how to make this work on our particular distros on our VPSs
|
|
|
Hey CfB, regarding that account# 100000 sitting there with 10M NXT in it... It seems to me that since that account doesn't yet have a public key floating around for it, then my thinking is that to crack it, the keyspace to crack for is not 2^256, but merely 2^64, right? Dont we only have to construct a passphrase that ends up having zeros in only the first 64bits of the long form 256bit account ID? BRB gonna fire up my vanity account generator..... Right. But there are only 100K, not 10M. Though when u manage to find the key it will be worth billions of USD, so JUST DO IT! Please pm me the account number. I will crack it. http://localhost:7874/nxt?requestType=getBalance&account=100000 and you only need to crack for the 1st 14 digits of a candidate shortform/visible account ID to be zeros. But I think I may have been wrong on the keyspace part. Is it 2^64 or is it 2^(256-64) I cant think right now. Regardless of all that, can someone explain how the first 64bits of a 256bit long account# is translated into the "shortform" or visible ID we see as 20digits? I cant figure out that math in my head either. Is it some kind of weird BCD?
|
|
|
Hey CfB, regarding that account# 100000 sitting there with 10M NXT in it... It seems to me that since that account doesn't yet have a public key floating around for it, then my thinking is that to crack it, the keyspace to crack for is not 2^256, but merely 2^64, right? Dont we only have to construct a passphrase that ends up having zeros in only the first 64bits of the long form 256bit account ID? BRB gonna fire up my vanity account generator.....
|
|
|
I think this has gone on long enough. I'm sending this over to Visa's legal department, see what they think about this nonsense. And for "VisaCoin"... Trademarks and Brand Names The trademarks, logos and service marks, whether registered or unregistered (collectively the "Trademarks") displayed on the Visa Site are Trademarks of Visa and others. VISA®, the Three Bands Design Mark®, CLASSIC®, the Comet Design Mark®, the Dove Design Mark®, ELECTRON®, ENTREE®, the Impulse Design Mark®, INTERLINK®, the Network Design Mark®, PLUS®, the PLUS Design Mark®, and It's Everywhere You Want To Be® are registered Trademarks of Visa in the United States and other countries (trademark denotations on the Visa Site indicate federal registrations in the United States). Nothing contained on the Visa Site should be construed as granting by implication, estoppel, or otherwise, any license or right to use any Trademark displayed on the Visa Site without the written permission of Visa or such third party that may own the Trademark. Misuse of any Trademarks, or any other content, displayed on the Visa Site is prohibited. Visa aggressively enforces its intellectual property rights, including via civil and criminal proceedings. Highlighted the relevant parts for you. Who the fck cares about US trademarks? The OP certainly not. Who would Visa want to file a lawsuit against? There is nobody to reach. ... this project itself is a different story Visa is trademarked in most countries in the world on the just the US, read their terms. They also have a history of aggressively crushing anyone that conflicts with their trademark I think this is a concern that the dev should address here if this is to be a long term project You sure are right, but as you can see there is not even a reply. The unknown dev resides in cryptoanarchy and is not going to care about trademarks, you see. what you did not think about, however, was how VISA will come after any forums sites that "harbor" threads about visacoin or VSC. Thus forcing bitcointalk and other sites to censor threads on VSC.
|
|
|
Or just VCoin. XVC trading code
|
|
|
I have an idea which would help distribute some of your Nxt and also help Nxt develop for the long term.
We will start a contest where the 10 best ideas for a client feature or application which would help Nxt grow over the next 5 years.
We would be open to entries from all Nxters and the community will vote for the best 10 ideas which would get funding.
The development fund would be managed by those currently in charge of the bounty program.
10 idea's each get 200,000 NXT to implement their feature or application to the Nxt ecosystem.
Total Development Fund Needed: Nxt 2,000,000
I can immediately start the thread where idea's can be deposited....Final voting can begin in a weeks time.
What do you guys think?
Make sure you start itas a moderated thread
|
|
|
I hope you realize that its possible according to this distribution method that you have, for the people after 50th place who invest, to receive a larger percentage return?
Anyhow, interesting to see how it turns out
|
|
|
Good catch, I overlooked this You might have overlooked this... but it still SOLVES the issue because a hacker would not get far if he/she found only the cmd window open because the passphrase is needed in order to send NXT this way... as opposed to finding the browser open with an unlocked account where they would freely send NXT without needing the passphrase (at least until a client comes out that will ask for the passphrase again). Just explaining for the rest... I know you get it! Then I did misunderstand your original question. Yes, with the cmd window open there appears to be no easy way to s(p)end NXT without knowing the passphrase. Certainly no supported API call. However, if someone does get SSH access to your server and can login with the unix user that is running the Java process (or root, or a user that can sudo, etc), and you have used the web browser to unlock your account using your passphrase since Java was last restarted (i.e. your are actively trying to forge), then that person can get your passphrase. It's not trivial, but it's not difficult either. I've tested it on a remote instance just now, and it was relatively straightforward. It could probably be scripted to get the passphrase quickly and transparently, and bundled into your favourite trojan/virus/rat/etc. (I was testing on Linux, but the same would likely apply with remote access to Windows). So there are interesting questions about where you should forge, what precautions you should take, and with how much of your nxt stash. Don't assume that typing your passphrase over SSL to your VPS is necessarily enough. I don't believe this is purely a client-related topic, so long as the key required to forge is the same as the key required to send/spend nxt. I understand that transparent mining/forging and/or multi-sig (?) may fix this, but I don't know much about those concepts yet. Thanks for spelling this out!! The fear of being hacked has stopped me forging now. I asked a question along these lines a couple of days ago on a related theme but haven't had a response yet (I know everyone on the dev side is super busy now) - My question is, is it possible to detect the location and status of unlocked accounts on other nodes? If it is, then forging with a large account is too risky IMO. https://bitcointalk.org/index.php?topic=345619.msg4182386#msg4182386I have a large account balance, and the other day I noticed a few separate transactions in my history where unknown users to me had sent 1 NXT amounts to my account. I hadn't noticed them before, as the only difference between a forged NXT and a sent NXT is the small icon next to the transaction number. I suspect someone was experimenting with trying to identify the location of accounts with large balances on the network. I don't have much experience with these things, but I suspect there could be ways of analysing transaction logs and other data sources to try and determine the IP address, or identity/location of an open account. My account number is one of the accounts on the block explorer page of top accounts, so I think someone was searching for the location & account status of big accounts. That said, I have done some thinking, and I would like to explore the possibility of using my account to forge NXT for community activities like faucets, promotion, and bounties. I would retain full ownership of the account, but I would be happy for all the forging revenue to go into funding community activities. My intention would be to help create a consistent revenue stream to help fund worthwhile activities. I have enough NXT, but I don't have the time or skills to contribute much to all the good things going on at the moment. I am also not interested in choosing worthwhile people and projects myself. I have too many commitments (work & family), and I'm finding it too hard to keep up with all the reading required to be an active, and informed, participant. I can see that there are others in the NXT community with time, passion and skills. I want to help supply those people with a small, but consistent revenue stream. I am prepared to investigate this, but I think the hacking threat of forging with a known account is too great at the moment. Once this risk is eliminated (if it can be) my account could forge 24/7. That would be 1-4% of the NXT supply, depending on how much more NXT I sell. If other big stake holders contributed we could create a semi-permanent funding source to help NXT in these formative years. But the security situation has to be 100% water tight. if you are not going to use your hallmarked balance then please get with me so I can use your hallmark on some high powered nodes public vps is that I am running
|
|
|
ok then so is there anyone here who has sent BTC but hasnt heard back yet?
|
|
|
hahhaa i wonder if anyone in this thread has gotten confirmation from any of the BTC that has been funded so far? Anyone in this thread hear back from the OP yet? Or has it all the funds been donated from people outside this thread?
good grief.
|
|
|
|