olcaytu2005
Legendary
Offline
Activity: 1470
Merit: 1024
|
|
May 18, 2015, 07:21:30 AM |
|
F.ci bter and poloniex. We need bittrex.
|
|
|
|
Lorenzo
|
|
May 18, 2015, 07:55:08 AM |
|
poloniex has come a long way. funny because I thought they were the underdog, and so far to my knowledge they haven't had major issues.
They did have one major issue back in March 2014 when they were hacked (or more accurately, someone discovered a method to exploit a bug in their withdrawal mechanism) which saw them lose about 15% of their users' funds. They did eventually make all of this back though. Few exchanges have had zero major security issues. Cryptsy is one of the luckier ones, although lots of people complain about withdrawal delays there. I think Bittrex is another one that hasn't suffered a major hack yet. I know some people actually prefer to deal with exchanges that have been hacked in the past too. The idea is that they would have learned from the experience and strengthened their security practices. Personally, after witnessing what happened to Mt. Gox and Bter after their first hacking incidents, I think it's a stupid idea.
|
|
|
|
CryptKeeper
Legendary
Offline
Activity: 2044
Merit: 1055
|
|
May 18, 2015, 09:33:03 AM |
|
Very interesting! I'm trying to wrap my head around this. I see a potential security issue with the "refund timeouts". What if Alice post her tx just before the timeout elapses, resulting in Bob never get the chance to receive his BURST? Could you elaborate on that?
|
Follow me on twitter! I'm a private Bitcoin and altcoin hodler. Giving away crypto for free on my Twitter feed!
|
|
|
Vrontis (OP)
|
|
May 18, 2015, 09:39:26 AM |
|
Very interesting! I'm trying to wrap my head around this. I see a potential security issue with the "refund timeouts". What if Alice post her tx just before the timeout elapses, resulting in Bob never get the chance to receive his BURST? Could you elaborate on that?
Bob's AT must have have less length (expiration) than Alice's AT.So in case Alice sends the TX with the key to Bob's AT just before the expiration, Bob will have time to send the key to Alice's AT afterwards.
|
|
|
|
CryptKeeper
Legendary
Offline
Activity: 2044
Merit: 1055
|
|
May 18, 2015, 10:29:21 AM |
|
Very interesting! I'm trying to wrap my head around this. I see a potential security issue with the "refund timeouts". What if Alice post her tx just before the timeout elapses, resulting in Bob never get the chance to receive his BURST? Could you elaborate on that?
Bob's AT must have have less length (expiration) than Alice's AT.So in case Alice sends the TX with the key to Bob's AT just before the expiration, Bob will have time to send the key to Alice's AT afterwards. Can this be enforced by the AT code or must the trade participants agree on the timeouts?
|
Follow me on twitter! I'm a private Bitcoin and altcoin hodler. Giving away crypto for free on my Twitter feed!
|
|
|
vbcs
Full Member
Offline
Activity: 137
Merit: 100
AT - Automated Transactions - CIYAM Developer
|
|
May 18, 2015, 10:36:25 AM |
|
Very interesting! I'm trying to wrap my head around this. I see a potential security issue with the "refund timeouts". What if Alice post her tx just before the timeout elapses, resulting in Bob never get the chance to receive his BURST? Could you elaborate on that?
Bob's AT must have have less length (expiration) than Alice's AT.So in case Alice sends the TX with the key to Bob's AT just before the expiration, Bob will have time to send the key to Alice's AT afterwards. Can this be enforced by the AT code or must the trade participants agree on the timeouts? No it cannot be enforced by the AT code itself as the AT on one side is not aware of the other AT. When user A initiates the ACCT then user B can see the timeout and use a proper one when creating the response ACCT.
|
1ELCU3hahFLMPPqsoHS2Mg2Rqjya6VXjAW
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
May 18, 2015, 10:41:13 AM |
|
Can this be enforced by the AT code or must the trade participants agree on the timeouts?
The timeouts can be defaulted by the UI but of course you cannot prevent a user from changing the default. This is why Bob and Alice must carefully check each others AT's before proceeding. I think we'll eventually create a tool for AT "verification" down the track in order to make it very easy to be sure you aren't being cheated by an incorrectly coded AT.
|
|
|
|
favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
May 18, 2015, 11:00:57 AM |
|
news from BTER Support: "we are updating and configure the qora wallet. withdrawal and deposit will be effect. it is expected to finish in 1-2 days."
|
|
|
|
CryptKeeper
Legendary
Offline
Activity: 2044
Merit: 1055
|
|
May 18, 2015, 01:23:04 PM |
|
Can this be enforced by the AT code or must the trade participants agree on the timeouts?
The timeouts can be defaulted by the UI but of course you cannot prevent a user from changing the default. This is why Bob and Alice must carefully check each others AT's before proceeding. I think we'll eventually create a tool for AT "verification" down the track in order to make it very easy to be sure you aren't being cheated by an incorrectly coded AT. OK, I understand that if Alice's AT - which goes first - has a small timeout of 24 hrs and Bob's AT has a much greater timeout, say 72 hrs, not much can go wrong. Could the timeouts somehow be part of the secret, so that none of the participants can be tamper with it?
|
Follow me on twitter! I'm a private Bitcoin and altcoin hodler. Giving away crypto for free on my Twitter feed!
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
May 18, 2015, 01:27:52 PM |
|
OK, I understand that if Alice's AT - which goes first - has a small timeout of 24 hrs and Bob's AT has a much greater timeout, say 72 hrs, not much can go wrong.
Actually you haven't quite got it - Alice's timeout needs to be the longer one (as it is Alice that will be sending the "key" to Bob's AT first). Could the timeouts somehow be part of the secret, so that none of the participants can be tamper with it?
I'm not sure how that could be achieved - the best approach IMO is that the hash of the ACCT AT code could be published and compared to (to prove that it is the code that you think it is without having to actually understand AT machine code) and that you check the timeout value before proceeding. Assuming there is enough of a time gap then there is not much that can go wrong (unless Bob's internet dies after Alice sent the secret and he can't get it working until the refund expiry time for Alice happens).
|
|
|
|
Lorenzo
|
|
May 18, 2015, 02:12:17 PM |
|
news from BTER Support: "we are updating and configure the qora wallet. withdrawal and deposit will be effect. it is expected to finish in 1-2 days."
Sweet! I just checked Poloniex and it seems that they were able to fix whatever issues they had with their wallet. Only a few weeks ago, there was no way to buy, sell, or trade QORA. With both exchanges working again (or soon to be working again) and the recent news regarding ACCT integration, Qora is looking much healthier these days.
|
|
|
|
CryptKeeper
Legendary
Offline
Activity: 2044
Merit: 1055
|
|
May 18, 2015, 02:28:04 PM |
|
OK, I understand that if Alice's AT - which goes first - has a small timeout of 24 hrs and Bob's AT has a much greater timeout, say 72 hrs, not much can go wrong.
Actually you haven't quite got it - Alice's timeout needs to be the longer one (as it is Alice that will be sending the "key" to Bob's AT first). I always fail when the chances are 50:50 ... Could the timeouts somehow be part of the secret, so that none of the participants can be tamper with it?
I'm not sure how that could be achieved - the best approach IMO is that the hash of the ACCT AT code could be published and compared to (to prove that it is the code that you think it is without having to actually understand AT machine code) and that you check the timeout value before proceeding. Assuming there is enough of a time gap then there is not much that can go wrong (unless Bob's internet dies after Alice sent the secret and he can't get it working until the refund expiry time for Alice happens). Couldn't you hard code reasonable timeout values into the AT code and publish the code's hash? So if everyone agrees on using the same AT code for ACCT, the timeout values would be common knowledge.
|
Follow me on twitter! I'm a private Bitcoin and altcoin hodler. Giving away crypto for free on my Twitter feed!
|
|
|
mrvegad
|
|
May 18, 2015, 02:40:35 PM |
|
OK, I understand that if Alice's AT - which goes first - has a small timeout of 24 hrs and Bob's AT has a much greater timeout, say 72 hrs, not much can go wrong.
Actually you haven't quite got it - Alice's timeout needs to be the longer one (as it is Alice that will be sending the "key" to Bob's AT first). Could the timeouts somehow be part of the secret, so that none of the participants can be tamper with it?
I'm not sure how that could be achieved - the best approach IMO is that the hash of the ACCT AT code could be published and compared to (to prove that it is the code that you think it is without having to actually understand AT machine code) and that you check the timeout value before proceeding.
Assuming there is enough of a time gap then there is not much that can go wrong (unless Bob's internet dies after Alice sent the secret and he can't get it working until the refund expiry time for Alice happens). Can you have this has a pop up where the user has to click OK on the pop up to close it? Having some kind of reminder is better then nothing, might help cut down on mistakes.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
May 18, 2015, 02:44:07 PM |
|
It is possible to hard-code values into ATs but understand as the Initiator and Responder would need different values we'd have to have two ACCT ATs rather than just one (at the moment the code is the same regardless of which role).
The next main focus for the AT project is going to be UI so we will consider how we can make the workflow and UX better as we proceed.
|
|
|
|
rlh
|
|
May 18, 2015, 03:08:24 PM |
|
Check out thr block explorer. What's with the 0 tx blocks, with 50 Qora fees. Is this a bug on the explorer, or is Qora being exploited?
|
A Personal Quote on BTT from 2011: "I'd be willing to make a moderate "investment" if the value of the BTC went below $2.00. Otherwise I'll just have to live with my 5 BTC and be happy. :/" ...sigh. If only I knew.
|
|
|
wizzardTim
Legendary
Offline
Activity: 1708
Merit: 1000
Reality is stranger than fiction
|
|
May 18, 2015, 03:11:11 PM |
|
Check out thr block explorer. What's with the 0 tx blocks, with 50 Qora fees. Is this a bug on the explorer, or is Qora being exploited?
Quoting from slack: http://qora.co.in/?q=AVMvpJxRpdHxxEHcmnibDt6nYC3cBe8oH5 this is the address of an Infinite Loop AT that make's the 50 :qora: block reward you can extend it by sending funds to it So it is a gift for forgers!
|
Behold the Tangle Mysteries! Dare to know It's truth.
- Excerpt from the IOTA Sacred Texts Vol. I
|
|
|
rlh
|
|
May 18, 2015, 03:12:54 PM |
|
Ah, ok. Nice! I would have assumed there would have been a 0 Qora TX for such a thing. I'll take a look in the code to try and figure this one out.
|
A Personal Quote on BTT from 2011: "I'd be willing to make a moderate "investment" if the value of the BTC went below $2.00. Otherwise I'll just have to live with my 5 BTC and be happy. :/" ...sigh. If only I knew.
|
|
|
bonipper
|
|
May 18, 2015, 03:14:11 PM |
|
It is possible to hard-code values into ATs but understand as the Initiator and Responder would need different values we'd have to have two ACCT ATs rather than just one (at the moment the code is the same regardless of which role).
The next main focus for the AT project is going to be UI so we will consider how we can make the workflow and UX better as we proceed.
Have you considered testing your blockchain pruning concept on Qora?
|
|
|
|
wizzardTim
Legendary
Offline
Activity: 1708
Merit: 1000
Reality is stranger than fiction
|
|
May 18, 2015, 03:16:45 PM |
|
|
Behold the Tangle Mysteries! Dare to know It's truth.
- Excerpt from the IOTA Sacred Texts Vol. I
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
May 18, 2015, 03:22:50 PM |
|
Have you considered testing your blockchain pruning concept on Qora?
I am not sure exactly what you are referring to - but in regards to blockchain pruning ATs could be removed provided that they have become inactive (we are likely to further formalise this down the track).
|
|
|
|
|