|
1821
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: January 01, 2014, 02:07:40 PM
|
Is this a really random pass or a passphrase that you can remember ? While Nxt security is not yeat at a desirable level I think it is an user's issue that your acc got hacked. Utopian, thanks. COMPLETELY random like (not exactly) *&D(_xa,I7:{"X plus another 28 characters, etc. 35 total. wth? Gotta try to sleep now. argh! Then it wasn't brute forced. Not possible. How much NXT did you lose pal? |
|
|
|
|
1822
|
Alternate cryptocurrencies / Service Discussion (Altcoins) / Re: http://ecrypto.net/ is down - No surprises
|
on: January 01, 2014, 02:04:34 PM
|
I believe I mentioned SQL injection as a possibility in the original thread on ecrypto. It's basic security 101 for SQL and user input though.
Someone specifically said the GET variables were not being sanitised. I didn't check myself at the time. If that is the case then it's almost certainly how the hacker gained entrance so easily. A single un-escaped input gives the hacker complete control over the server. There's no way to check for GET sanitation on the front end of the site that I'm aware of, as it happens on the server after it retrieves the input. An SQL query is just a string, like any data. If you're coding a website that processes financial transactions and don't know how to prevent SQL injection, then you shouldn't be coding financial websites period. I cannot express how basic knowledge that is in secure web development. If this is what caused the hack, then I'm sorry, but I wouldn't put a single Dimecoin on Ecrypto. Yes I am assuming the person who claimed there is no GET sanitisation injected into the sql to test his hypothesis, otherwise it would make no sense since there's literally a million ways to penetrate a server. It is v basic php security which you'll learn in any beginner's book on php. This is why I posed OP the question, to ascertain how much of a php noob he is. Unfortunately the fact his site got hacked so damn quickly suggests in itself it was a basic security hole he left uncovered and not some sophisticated hack attempt. |
|
|
|
|
1823
|
Alternate cryptocurrencies / Service Discussion (Altcoins) / Re: http://ecrypto.net/ is down - No surprises
|
on: January 01, 2014, 12:31:17 AM
|
I believe I mentioned SQL injection as a possibility in the original thread on ecrypto. It's basic security 101 for SQL and user input though.
Someone specifically said the GET variables were not being sanitised. I didn't check myself at the time. If that is the case then it's almost certainly how the hacker gained entrance so easily. A single un-escaped input gives the hacker complete control over the server. |
|
|
|
|
1824
|
Alternate cryptocurrencies / Service Discussion (Altcoins) / Re: http://ecrypto.net/ is down - No surprises
|
on: December 31, 2013, 11:30:13 PM
|
Thanks for the update. The old posting pof dating profile trick usually works  Tbh it looks like you're only updating because you're realised you can't just run away from this without consequences. Why has it taken you so many days to issue *any* kind of statement? I made great efforts to make the servers impossible to hack, however the hacker simply walked right in and stole everything.
Someone suggested you was not sanitising user input on your GET variables? Is this true? Because it would leave the doors to your database wide open for anyone to walk in via SQL injection. |
|
|
|
|
1828
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: December 29, 2013, 07:20:10 PM
|
What do you mean by automate dgex? withdrawal are now handled manually....but deposits are automated. That is because of the risk of bugs in the new software or chain forks. If withdrawals are automated (handled by code with no intervention) and the dgex site owner is not awake and something bad happens money on the exchange will be lost. Potentially a lot of money. I assume automatic NXT withdrawal will happen when confidence grows? |
|
|
|
|
1829
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: December 29, 2013, 07:17:45 PM
|
Do we have a list of all the developers working on NXT. From what I can gather we have: Developers- BCNext - Come-From-Beyond - Nexern? (This is from memory correct me if I am wrong) - Jean Luc 1. Is this list complete? 2. Are all these individuals anonymous or do we have a public figurehead here? Someone like Gavin for Bitcoin rather than BCNext acting as Satoshi. 3. What is the development timeline? - My understanding is parts of the source code will be open sourced on January 3rd. What features will be complete and when? I know when is difficult in software development The more developers we have working on this, the better it looks (and is) for NXT! And the development timeline is also important in my opinion to inspire confidence that we are working to a schedule and have a plan. It will also make the features seem more real. When alias suddenly appeared it generated a lot of buzz for NXT. Three things are important I feel: - Development/features - Marketing! Spreading the word in related forum topics, reddit, blog posts, getting on sites like coindesk etc - Services Those are my thoughts for the day  I am trying to collect Nxteam here: https://docs.google.com/spreadsheet/ccc?key=0AgAGADgnQcrtdHRrV3V3Z1lzOXVEMWtqdElUaEtqV1E&usp=drive_web#gid=6But - BCNext - Come-From-Beyond - Jean Luc belong to the paid Core, while othes are only activists Cool. When you said paid Core, you mean they are being paid for their development work? If so, full details of this should be provided (not the amounts obviously, but who is paying who, for what duration etc). Development team is a major plus of this coin. |
|
|
|
|
1831
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: December 29, 2013, 06:55:08 PM
|
Do we have a list of all the developers working on NXT. From what I can gather we have: Developers- BCNext - Come-From-Beyond - Nexern? (This is from memory correct me if I am wrong) - Jean Luc 1. Is this list complete? 2. Are all these individuals anonymous or do we have a public figurehead here? Someone like Gavin for Bitcoin rather than BCNext acting as Satoshi. 3. What is the development timeline? - My understanding is parts of the source code will be open sourced on January 3rd. What features will be complete and when? I know when is difficult in software development The more developers we have working on this, the better it looks (and is) for NXT! And the development timeline is also important in my opinion to inspire confidence that we are working to a schedule and have a plan. It will also make the features seem more real. When alias suddenly appeared it generated a lot of buzz for NXT. Three things are important I feel: - Development/features - Marketing! Spreading the word in related forum topics, reddit, blog posts, getting on sites like coindesk etc - Services Those are my thoughts for the day |
|
|
|
|
1832
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: December 29, 2013, 02:16:51 PM
|
Turned out it's the DGEX reserve account with 75 mil  What is your source for this statement? If true, it totally invalidates salsacz's video claim that 30% of NXT has changed owners in 21 days or my analysis that 20% had done so thru Dgex in 30 days... why would it invalidate anything? reserve account doesn't mean DGEX necessarily owns all of NXTs in it, it's just users of DGEX store their NXTs there, it's their trade money. Same goes for bitcoin exchanges, some of the biggest bitcoin wallets are actually exchanges' wallets with thousands of users owning bitcoins in those wallets. If it's still in storage at DGex it hasn't changed hands yet on the exchange and still belongs to the depositor. It can't be counted as NXT that has found a new owner yet until it's actually sold. We don't know what fraction of that 75 million belongs to buyers and sellers. If I deposit 1 million NXT, sell it on dgex, and the person who bought it hasn't withdrawn it from the exchange it will remain in the dgex reserves. Yet the 1 million NXT is now belonging to and controlled by the buyer not the seller. etc |
|
|
|
|
1833
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: December 29, 2013, 01:09:20 AM
|
Distribution of NXT among the original 71 vs the rest of us, and the effects this will have on forging revenues for the "little guys" is one of the main points that NXT critics can use against NXT, and I kind of see their point. If enough people see NXT as a scam coin used by an elite inner circle to get rich, that could play hard against NXT, no matter how good it is or how pure the motives of the initial stakeholders are. The only solution: give all of the NXT to me, I'll take good care of it.....  But seriously: I propose some sort of massive giveaway to coincide with the Jan 3 launch. From what I can see on the blockchain explorer there are only 5000 or so active accounts (seems low, tbh). Give every account 10,000 NXT, that'll cost 50 million NXT, 5% of the total, and will generate the most publicity ever for a crypto launch. (imagine the headlines: Crypto-anarchists give away millions! ) And imagine the tsunami rush of new users hoping to get a piece of the action.......ready to buy in hard. Everyone will go to the moon...... i hugely second this idea. but i have to say if there was a large stakeholder who was interested in doing this he would definitely have to keep it quiet and it would definitely have to take everyone totally by surprise. either way if we want this thing to succeed the large stakeholders will HAVE to find ways to get rid of large portions of their stash soon. it must be done and it CANT be put off. I just hope that they understand that giving away huge portions of their stake is more likely to make them wealthy in the future than hording it. everyone has to do anything they can to make sure that the large stake holders understand this. one should give a 1M to Max Keiser Seriously this isn't a bad idea. Send him a link to the new video and a 1M donation. Maybe wait til the distributed exchange is out. As for the richest founders giving away significant chunks of their new found wealth - wonderful idea to dream about but in reality I can't see it happening. |
|
|
|
|
1836
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: December 27, 2013, 11:25:12 PM
|
A compromise could be to logarithmically weight the votes based on NXT balance. So a larger NXT balance has more of a say but not linearly more.
A bit of a hassle, but couldn't a large stakeholder sidestep that (or any other method that isn't just a count of the votes) by distributing his/her coins amongst multiple accounts? Yes. NXT is a proof of stake currency and holders of more NXT should certainly have more of a say in how it's to change if it should. The largest stakeholders have the most to risk after all and so, it's just plain rational that the market would seek the greatest amount of input from those market actors if the currency is to be democratized in this way. Arguments that amount to "it's unfair" are emotional arguments, not economic ones...generally. The arguments that are economic that favour weighted influence to favour smaller stakeholders are simply wishful thinking when you boil them down. I agree actually. Stupid people won't though. We could always vote about how to handle the voting mechanism But seriously, I'm fine with votes having more weight linearly in accordance with account balance |
|
|
|
|
1837
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: December 27, 2013, 10:48:37 PM
|
Perhaps weight votes in accordance with how much NXT is in the account.
this approach could bring us in another ethical problem ;-) (I got your point to make it expensive to gain the vote-power via multiple accounts) LOL. The NXT transaction fee distribution algorithm already weights participation in accordance with how much NXT is in the account of an individual, not the sheer number of nodes being contributed by computers operated by that individual - which is far more important to the health of the NXT network. And you talk about ethical problems applying the exact same arrangement to member voting? Just a wry observation, I see the merit (and pitfalls) of both approaches... A compromise could be to logarithmically weight the votes based on NXT balance. So a larger NXT balance has more of a say but not linearly more. |
|
|
|
|
1838
|
Alternate cryptocurrencies / Announcements (Altcoins) / Re: Nxt :: descendant of Bitcoin - Updated Information
|
on: December 27, 2013, 09:56:29 PM
|
Hey there!
about the voting system, just for my understanding...
from what I understand every account will have one vote, right?
how can we avoid that one person create thousands of accounts and vote?
so one opinion could change the majority.
UPDATED easyCopyString:
162.243.214.68; 95.85.46.164; 162.243.216.55; 162.243.143.15; 95.85.46.249; 93.190.92.74; 37.209.120.192; 93.190.92.75; 85.25.134.59; 93.190.92.76; vps1.nxtcrypto.org; vps2.nxtcrypto.org; vps3.nxtcrypto.org; vps4.nxtcrypto.org; vps5.nxtcrypto.org; nxtwallet.com; 31.220.50.208; nxt.ddos.me; 203.174.12.25; 88.198.142.92; 66.197.138.90; 64.120.180.106; 109.230.224.65; 80.86.92.50; node1.nextcoin.it; node2.nextcoin.it; node3.nextcoin.it; node4.nextcoin.it; node5.nextcoin.it; nxt.homer.ru; 31.204.130.123; 209.222.0.194; 209.222.16.10; node1.nxtbase.com; node11.nxtbase.com; node21.nxtbase.com; node31.nxtbase.com; node41.nxtbase.com; node51.nxtbase.com; node61.nxtbase.com; node71.nxtbase.com; node81.nxtbase.com; node91.nxtbase.com; 85.214.222.82;
Vps Owners: keep updated the easycopystring adding your nodes!!!!
Perhaps weight votes in accordance with how much NXT is in the account. |
|
|
|
|
1839
|
Alternate cryptocurrencies / Altcoin Discussion / Re: RIP Doge
|
on: December 27, 2013, 08:24:00 PM
|
LOL
doges community is to strong and big, they are not going to let that happend.
DOGE's one strength was it's virality. Now that has gone and with so many DOGE coins being made a day, wait for the price to drop now. |
|
|
|
|
Show Posts
