What is necessary, for NXT or any other crypto-finance software, is to prove independent reproducibility.
Compile it and your class files should be identical to released version, at least if using the same version of the compiler. This is independent reproducibility.
|
|
|
People, switch to linux and stop using windows. You will get rid of the majority of this security issues.
I use Windows and have never been hacked. Using Linux doesn't mean you can't be hacked. A malicious browser plugin will work in Firefox, Chrome, regardless of operating system, for example. How many servers we see get hacked everyday? Tons. They are all running Linux. Don't use Windows as an admin. Create a separate user account with standard privileges <-- this greatly increases security since if a malicious code is executed without your permission, it will only have privileges of logged in user. This trick alone will cut down majority of zero day exploits/trojans/viruses.
|
|
|
I also got "cerebrally exploited" as they say. I responded to the same email that turned out to be a phishing attempt. I entered my BTT user name and password, and the reason I fell for it was because I'd recently cleared out my browser cookies and was expecting to have to log into the Bitcoin Forum. Anyway, it took me a few minutes to figure out that I'd hit the wrong site, so I changed my password on BTT. Fortunately my BTT password was unique.
Another reason to use Lastpass: https://lastpass.com/You will never fell to fishing attempts as Lastpass won't fill the password if it's fishing/wrong site.
|
|
|
If anyone wants to lose money, send your Nxt to scam asset.
You have been warned.
|
|
|
No. Those hashes prove nothing. A deterministic build process enables multiple independent parties to generate the exact same output, given a git commit id. If you cannot prove what's in users hands is exactly what came out from the java->bytecode compiler, then you should not use that binary.
Funny logic. Do all million or so BTC users compile from the source before using it? I guess we should not even be using any online site, like coinbase, as we don't have source. All Windows users should never use BTC either as BTC is only for people who compile from the source. What's your point anyway? Nxt is open source. Anyone can compile it. Given it's in Java, anyone can even decompile it. We have dozens of clones. You have not made your point clear. Are you trying to claim Nxt security relies on obscurity? If that is the claim, that is provable false as you can decompile Java and steal Nxt. Given that isn't hapening, what are you trying to claim?
|
|
|
50,000,000 NEX has been issued in the Nxt Asset Exchange.
Asset Id: 4420962345269767688
Please send PM from the account you signified in your original pledge.
Please wait for a confirmation message as to the amount of NEX you will be allowed to purchase.
Any NEX that have not been purchased through this method will be offered to participants in the waiting list and on the open market.
Thank you.
Scam. Don't send your Nxt to scam assets
|
|
|
What's going on here? Is there no API? No exchange?
|
|
|
Is there estimate for launch? Something like, Winter 2015? Summer 2015?
|
|
|
Hey I need some help with Bter. I want to make an account to buy some SuperNet tokens, but whenever I try to make account with a strong password(50+ char password generator), I get an error "The re-inputed password does not mismatch". When I use a weak password to make an account it lets me... wth? I don't want to use an account to hold SuperNet tokens with a weak password and get hacked. Anyone know whats going on?
Use 50 chars, it's enough. as far as I recall BTER accepts max 50 char passwords. ie w2bu*9HBsBw3%8F=g3jx?/ztFX986w%GR{?m2P%ef]hFBLJei4 I just tried 50 chars, 45 chars, 40 chars and none worked. Finally 30 chars worked. Thx for help. But why does Bter limit the password length? So we can get hacked easier? This is the first exchange I used that actually has this limit. Wish polo did the ICO instead of Bter. Even 8 char is enough for online account where brute force is detectable -- forget 30 char. If ping time to bter server is only 10 millisecond (highly unlikely), it will take 25 thousand years to crack 8 char password , as the attacker cannot check more than 100 password per second with 10 milisecond ping time. Why would you need 50 char password for online account? That's retarded.
|
|
|
Can anyone summarize what the OP said in 2 to 4 lines?
|
|
|
I would like to see 2FA for wallet and forge. I know we already have 2nd passphrase. But I like the convenience it affords me with other sites. And I think it's a feature that new investors would find they are accustomed to and presents the coin as well rounded and protected investment.
Crypto currency works with digital signatures. Anyone who has the secret key can spend the money. You can give the secret key (encrypted by your password) to a third party and they will ask you for 2FA before you can download encrypted blob from their server (i.e blockchain info wallet), but if you have the secret key on your machine, there can't be any 2FA.
|
|
|
We have discussed 2FA internally. Some felt that tying Google or another company into wallet access might be an issue for some who want less involvement for those players, but when we do the fully featured web wallet, it will more than likely contain some form of 2FA. Not making any promises, but it is a desire of mine as well.
Google authenticator is open source and has nothing to do with google itself, as it's just implementation of TOTP tokens from RFC6238 ( http://tools.ietf.org/html/rfc6238 ) The real problem is that you can't implement 2FA with decentralized crypto. You can do with online wallet where you keep encrypted copy of the wallet/secret key (i.e like blockchain info encrypted wallet on their server) but 2FA cannot be implemented where user has the control of wallet/secret key.
|
|
|
TaunGawk
C-f-A:
C-f-A: is far more sensible than Taun.
|
|
|
does it mean NxT ppl have trust in NEM overtaking their $hitcoin so they can money on another $hitcoin? this is interesting. i mean nxt whales r there for money, they dont give a shit about nxt and theyre the first who know nxt distribution is utter bullshit crap.
No, it means that Nem project was started by people involved in Nxt so all Nxt users (and an their sock puppets) got Nem stakes, and then to top it off, they issued Nem stakes on Nxt asset exchange. its pretty cool to see two guys of the most hated coins fighting keep this up as long as i have beer and popcoin my barbie girls ! Enjoy. I am do.
|
|
|
Eadeqa is an exemplary patient, perfect! Thank you for volunteering.
I enjoy rubbing salt in your wounds. You are Nem troll who hates Nxt, but yet all Nxt whales have more Nem stakes than you. That's funny.
|
|
|
why are you offensive? I did not recommend anything - I was asking for your opinion. Now I have it thanks.
This particular patient thinks other people would fail to look through his lowly attempts at ridiculing other individuals by intentionally suggesting inferior material. Although this is common behavior of obsessive protective disorder patients, the patients themselves usually fail to realize that the clinical psychologists easily see through their poorly motivated and self-protective behavior. Patients infested by the doctrines as preached by the church of NxT are particularly obsessed with such irrational methods of protecting their investment. I am pretty sure I have more Nem stakes than you -- so do all the Nxt whales. Too bad for you, you will always be a jealous little poor prick, regardless of what crypto succeeds.
|
|
|
WTF? He is same Nxm troll with a new account. The guy is an idiot. I would rather prefer he never gets involved in Nxt. Do we really need idiots? Nem deserves him
Here's the next attack of this patient. Calling a spade a spade isn't' an attack. You are a jealous idiot. How is that an attack? EVen you know that is true.
|
|
|
|