Emerge
Legendary
Offline
Activity: 854
Merit: 1000
|
|
March 23, 2016, 03:58:09 AM |
|
Can we get more info about dApps? Is it like appstore or google store where you can buy games/apps with Lisk? If so, cool yup also someone can make a DAPP and then sell that dapp to anyone wanting to purchase the dapp to run it on their own. There can be a whole ecosystem of people buying up small digital lisk businesses. So have you guys figured out the potential flaw with javascript yet? I'm waiting....... javascript is one of the most popular language. How do you think it has flaw? big companys won't work with javascript Au contraitre my friend. Actually EVERY big company uses Javascript: https://trends.builtwith.com/docinfo/Javascript...and btw, you think all those 100,000+ developers learned Javascrypt so they can work at small companies? Well said MGM What? Don't you know that most companies are moving from NATIVE apps (iPhone, Android) to HYBRID apps? (HTML5, JAVASCRIPT, CSS) You should try doing a bit more research.
|
|
|
|
devking
Member
Offline
Activity: 96
Merit: 10
|
|
March 23, 2016, 03:59:57 AM Last edit: March 23, 2016, 04:52:59 AM by devking |
|
I'm a full stack developer and a early investor (2nd week). I like Lisk because of JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.
My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).
Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.
Situation 1:
Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.
Situation 2:
Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.
Situation 3:
Man in the middle attacks.
If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.
Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.
I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.
|
|
|
|
iambitcoin5
|
|
March 23, 2016, 04:13:17 AM |
|
Why does April 11th have to be so far away? I wish it was next week. Did you go all in on lisk or something? Lol just be patient bro. April 11th will be here soon. Just relax and trade some shitcoins. LOL at shitcoins But seriously I'm just excited and can't wait to watch the price and trade action.
|
|
|
|
forzendiablo
Legendary
Offline
Activity: 1526
Merit: 1000
the grandpa of cryptos
|
|
March 23, 2016, 04:29:10 AM |
|
when will this trade and launch ?
|
yolo
|
|
|
deadpoolx
|
|
March 23, 2016, 04:53:22 AM Last edit: March 23, 2016, 05:28:20 AM by deadpoolx |
|
Can we get more info about dApps? Is it like appstore or google store where you can buy games/apps with Lisk? If so, cool yup also someone can make a DAPP and then sell that dapp to anyone wanting to purchase the dapp to run it on their own. There can be a whole ecosystem of people buying up small digital lisk businesses. So have you guys figured out the potential flaw with javascript yet? I'm waiting....... javascript is one of the most popular language. How do you think it has flaw? So, the WBB guy still complaining... If you have to attack Lisk to feel that your WBB Coins are safely valued, then the project you support is the one full of flaws. And they are saying out there WBB will beat Lisk and Ethereum. Don't take these guys so seriously... lol at Wild Beast Bitcoin. "Hey bro send me some wild beast bitcoin." lmfao "Hey Do you guys accept wild beast bitcoin?" lol Looks like alot of fluff tech no one will use in their ANN to try to pump the price. Its a P&D coin. When it dumps I'll buy some to ride the next wave. lol LOL But, that's the guys ideas. TrueAnon, the best you can do, for sure, is to buy Lisk at the launch before it go to 100x valued and stop writing this kind of crap: $WBB Wildbeastbitcoin deserves this kinda btc injection, not LISK. Just again shows how ass-backwards crypto is.
https://bitcointalk.org/index.php?topic=1346646.msg14265569#msg14265569
|
|
|
|
Cryptoartist
Jr. Member
Offline
Activity: 41
Merit: 8
|
|
March 23, 2016, 05:06:48 AM |
|
I'm a full stack developer and a early investor (2nd week). I like Lisk because of JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.
My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).
Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.
Situation 1:
Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.
Situation 2:
Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.
Situation 3:
Man in the middle attacks.
If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.
Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.
I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.
Finally, nice to see a post for a change that is actually about the technology and not price speculation. I am also interested in learning more about lisk Security. Anyone who can address these questions? @LiskHQ?
|
|
|
|
|
mistercashking
Legendary
Offline
Activity: 1044
Merit: 1050
|
|
March 23, 2016, 05:11:10 AM |
|
I'm a full stack developer and a early investor (2nd week). I like Lisk because of JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.
My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).
Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.
Situation 1:
Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.
Situation 2:
Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.
Situation 3:
Man in the middle attacks.
If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.
Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.
I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.
Finally, nice to see a post for a change that is actually about the technology and not price speculation. I am also interested in learning more about lisk Security. Anyone who can address these questions? @LiskHQ? Great questions, I think I saw a similar discussion on Lisk chat about it (Situation 1).
|
|
|
|
BTCRoyal
Member
Offline
Activity: 92
Merit: 10
Early Bitcoin Supporter
|
|
March 23, 2016, 05:16:35 AM |
|
when will this trade and launch ?
Launching on the 11th of April. Trading is somewhere near that date but not 100% sure of an exact day yet.
|
|
|
|
Stealth27374
Newbie
Offline
Activity: 15
Merit: 0
|
|
March 23, 2016, 05:40:42 AM |
|
so over 7mil was raised in the ico.. which a portion will be used to fund development of lisk. may i suggest the devs hedge its value incase of bitcoin catastophy.
possibly something like this would be good idea.
50% vautoro gold 50% slit up over USDT, ETH, BTC.
just a thought.. as wouldnt want a btc crash, to also crash development of lisk.
|
|
|
|
cc001
|
|
March 23, 2016, 06:10:32 AM Last edit: March 23, 2016, 06:44:14 AM by cc001 |
|
Hey Guys I will run a delegate Node cc001, I hope I get your votes! Who else will run one an who is planning to vote for whom? So far I have following people on my voting list: MalReynolds, PunkRock, Emerge, cannabanana, bigcabrito?, nextgencrypto who else? who wants my vote and gives me his vote?
|
|
|
|
NextGenCrypto
|
|
March 23, 2016, 06:30:59 AM |
|
Hey Guys I will run a delegate Node cc001, I hope I get your votes! Who else will run one an who is planning to vote for whom? So far I have following people on my voting list: MalReynolds, PunkRock, Emerge, cannabanana, bigcabrito? who else? who wants my vote and gives me his vote? I'll give you a vote! I'll be running as "nextgencrypto". Stability is the key!
|
|
|
|
lordoliver
Legendary
Offline
Activity: 1666
Merit: 1020
expect(brain).toHaveBeenUsed()
|
|
March 23, 2016, 06:31:39 AM |
|
I'm a full stack developer and a early investor (2nd week). I like Lisk because of JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.
My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).
Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.
Situation 1:
Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.
Situation 2:
Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.
Situation 3:
Man in the middle attacks.
If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.
Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.
I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.
@ 1: We are in a decentralized environment. Any kind of censoring by the devs will hurt lisk. The only way is a reputational... removing malicious code will probably not be possible. But who knows, maybe the reputation system can offer that. @ 2+3: you don't need to send your password to the server hopefully. You also don't have to do that in NXT. Just the Frontend needs it.
|
|
|
|
Emerge
Legendary
Offline
Activity: 854
Merit: 1000
|
|
March 23, 2016, 06:34:45 AM |
|
I'm a full stack developer and a early investor (2nd week). I like Lisk because of JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.
My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).
Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.
Situation 1:
Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.
Situation 2:
Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.
Situation 3:
Man in the middle attacks.
If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.
Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.
I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.
@ 1: We are in a decentralized environment. Any kind of censoring by the devs will hurt lisk. The only way is a reputational... removing malicious code will probably not be possible. But who knows, maybe the reputation system can offer that. @ 2+3: you don't need to send your password to the server hopefully. You also don't have to do that in NXT. Just the Frontend needs it. 2 and 3 does concern me a bit, I'll be waiting for Max's and Oliver's answer and maybe this can all be worked out, or be worked ON if ever Hopefully Lisk will find a way
|
|
|
|
cc001
|
|
March 23, 2016, 06:38:14 AM |
|
Hey Guys I will run a delegate Node cc001, I hope I get your votes! Who else will run one an who is planning to vote for whom? So far I have following people on my voting list: MalReynolds, PunkRock, Emerge, cannabanana, bigcabrito? nextgencrypto who else? who wants my vote and gives me his vote? I'll give you a vote! I'll be running as "nextgencrypto". Stability is the key! added you
|
|
|
|
devking
Member
Offline
Activity: 96
Merit: 10
|
|
March 23, 2016, 06:54:55 AM |
|
I'm a full stack developer and a early investor (2nd week). I like Lisk because of JavaScript as main language. I have just started looking at the dapp development, noticed some serious security concerns with dapp development.
My understanding with dapps is (correct me if I'm wrong), a dapp is hostable component that exposes an http external api and is capable of doing some transactions (withdrawals and deposits). Every dapp can be hosted within in some sidechain. Users can access dapp functionality with the help of exposed api by passing secret and transaction info. It means you have to pass your pass phrase to every dapp you want to do a transaction lets say a withdrawal (paying to dapp owners).
Apple, Microsoft, and google stores are centralized. Every app has to go rigorous review process before getting published in stores ( I published few apps in google and windows stores). The review process mainly includes scanning for malicious code that exposes user phone to external attackers.
Situation 1:
Lisk has no such review process but the code can be viewed by others. Lets say if dapp included with some malicious code that records pass phrases somewhere (not in the dapp), lisk-cli just creates a foundation base for dapp development and users extends it with their own api. How lisk prevents user from accessing dapp and removes from store if malicious code found.
Situation 2:
Lisk dapps and their sidechains can be hosted by third party entities. Lets say owner setup two VMS. One with actual sidechain with clean dapp code internally and installed a reverse proxy on another VM(that sits on external point and forwards request to internal VM that hosted dapp). The reverse proxy receives the request from user first and records pass phrase and then forwards same request to internal VM without modifying request headers.
Situation 3:
Man in the middle attacks.
If the dapp owner not hosting sidechain with SSL, How Lisk ensures user data not compromised.
Just wondering how lisk handles these situations and prevents owner from misusing pass phrases. Last year, I encountered similar issue with NXT and lost around 10K coins. I used a remote nxt web node to check my transactions frequently. I suspect they recorded my pass phrase and transferred my 10k to theirs account.
I think users shouldn't be forced to send pass phrases to dapp owners, its like sending your BTC private keys to others.
@ 1: We are in a decentralized environment. Any kind of censoring by the devs will hurt lisk. The only way is a reputational... removing malicious code will probably not be possible. But who knows, maybe the reputation system can offer that. Ok, I agree but this doesn't mean system should be infected with all malicious dapps. Reputation wise its not good. Still the dapp has to communicate with mainnet to keep consistency. I think Lisk mainnet holds meta information about each dapp. This should be enough to record info about dapp. Now the question is how to warn the user about that particular malicious dapp .
I'm thinking few alternatives, will present them in coming posts. @ 2+3: you don't need to send your password to the server hopefully. You also don't have to do that in NXT. Just the Frontend needs it. I think Dapp UI asks for pass phrase, and pass same to server through api call or http post. its enough to capture pass phrase. Its not like Dapp UI (client face) directly talking to mainnet. it doesn't matter, Whether its UI or api all should go through http endpoints on the server.
|
|
|
|
Piesel
|
|
March 23, 2016, 06:55:50 AM |
|
What was the final price per coin?
|
|
|
|
Stealth27374
Newbie
Offline
Activity: 15
Merit: 0
|
|
March 23, 2016, 06:57:32 AM |
|
At the rate bankers are jumping out Windows and the cabal's failure to hijack Syria's banking system and oil, I wouldn't use USD to hedge value at this point in time. Gold fluctuates, but retains value through the ages.
|
|
|
|
cannabanana
|
|
March 23, 2016, 07:01:06 AM |
|
Hey Guys I will run a delegate Node cc001, I hope I get your votes! Who else will run one an who is planning to vote for whom? So far I have following people on my voting list: MalReynolds, PunkRock, Emerge, cannabanana, bigcabrito? nextgencrypto who else? who wants my vote and gives me his vote? I'll give you a vote! I'll be running as "nextgencrypto". Stability is the key! added you added you both
|
|
|
|
Digital_Currency_LTD
|
|
March 23, 2016, 07:08:24 AM |
|
Hey Guys I will run a delegate Node cc001, I hope I get your votes! Who else will run one an who is planning to vote for whom? So far I have following people on my voting list: MalReynolds, PunkRock, Emerge, cannabanana, bigcabrito? nextgencrypto who else? who wants my vote and gives me his vote? I'll give you a vote! I'll be running as "nextgencrypto". Stability is the key! added you added you both Please someone tell me what is delegate Node and what is votes? Same like masternodes? Any link? Delegate node can earn LISKs? Thank you!
|
|
|
|
|