Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 13, 2014, 05:55:13 AM |
|
If someone wants to write up an overview of what exactly we need for the crypto auditing, I can send it to a few Crypto experts I've been in contact with. Just PM me.
Please, CfB, help with that. Edit: what kind of 'experts'? I've been in contact with several people, including Matt Green (zerocoin). I was originally referred to Matt by Susan Waters ( http://cs.jhu.edu/~susan/) who was his professor, and Susan also recommended Lisa Yin in the same email. I've had contact with Lisa and she sounds open to an audit. Lisa has a PHD from MIT in Crypto. I have contact with a few other academics as well. Right, Lisa. I remember ( https://bitcointalk.org/index.php?topic=345619.msg4989534#msg4989534). Well, what do you think, CfB? Just do it. We need someone to check that Curve25519 and Crypto have no bugs.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 13, 2014, 05:56:26 AM |
|
Are there some flaws or disadvantages when defining a stack on this low level?
Yes, it's hard to predict how much memory u'll need if u heavily exploit stack by using recursions and similar stuff. Python has a recursion limit if a function calls itself for n cycles the interpreter break execution and will throw an error. Could something similar be implemented in NXT turing scripts? Also if you reconsidered about stack languages maybe this project could be something that could help you or give idea about development or maybe I' m wrong http://freecode.com/projects/magicjarI says is sandboxed and it runs on java VM. We don't need someone else's VM, we need opcodes that could be interpreted.
|
|
|
|
allwelder
Legendary
Offline
Activity: 1512
Merit: 1004
|
|
February 13, 2014, 06:03:28 AM |
|
From doing the Chinese flyer I can understand a few words (coin, future)... seeing this is very nice! You and miramare have been doing great work for Nxt. yes,not only more and more other forum added Nxt, our Chinese Nxt forum www.nxts.info also have more and more members.
|
|
|
|
Eadeqa
|
|
February 13, 2014, 06:03:57 AM |
|
So stolen accounts for some and audited open source clients for others it is then...
How can people fail to grasp the most basic importance of this. It has nothing to do with "open source initiatives". Its that people MUST know its safe to use based not on a persons guarantee (trust), but on open code that can be audited by anyone, anywhere, any time. This is peoples money and livelihoods were talking about.
If someone wants to release closed source software for Nxt, so be it. Just don't download and install them. Or run them on virtual machines with no access to parent OS. Besides, open source doesn't really mean "safe" as most people just download and run the compiled binaries. There is no way to be sure if the complied executable is the same as "sources" .
|
|
|
|
Eadeqa
|
|
February 13, 2014, 06:05:36 AM |
|
If someone wants to write up an overview of what exactly we need for the crypto auditing, I can send it to a few Crypto experts I've been in contact with. Just PM me.
Please, CfB, help with that. Edit: what kind of 'experts'? I've been in contact with several people, including Matt Green (zerocoin). I was originally referred to Matt by Susan Waters ( http://cs.jhu.edu/~susan/) who was his professor, and Susan also recommended Lisa Yin in the same email. I've had contact with Lisa and she sounds open to an audit. Lisa has a PHD from MIT in Crypto. I have contact with a few other academics as well. Right, Lisa. I remember ( https://bitcointalk.org/index.php?topic=345619.msg4989534#msg4989534). Well, what do you think, CfB? Just do it. We need someone to check that Curve25519 and Crypto have no bugs. You should email him (or her directly) the source for 0.73
|
|
|
|
Eadeqa
|
|
February 13, 2014, 06:07:02 AM |
|
If someone wants to write up an overview of what exactly we need for the crypto auditing, I can send it to a few Crypto experts I've been in contact with. Just PM me.
Please, CfB, help with that. Edit: what kind of 'experts'? I've been in contact with several people, including Matt Green (zerocoin). I was originally referred to Matt by Susan Waters ( http://cs.jhu.edu/~susan/) who was his professor, and Susan also recommended Lisa Yin in the same email. I've had contact with Lisa and she sounds open to an audit. Lisa has a PHD from MIT in Crypto. I have contact with a few other academics as well. Right, Lisa. I remember ( https://bitcointalk.org/index.php?topic=345619.msg4989534#msg4989534). Well, what do you think, CfB? Just do it. We need someone to check that Curve25519 and Crypto have no bugs. You should email him (or her directly) the source for 0.73 Her email is listed at http://people.csail.mit.edu/yiqun/
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 13, 2014, 06:13:42 AM |
|
|
|
|
|
CoinTropolis_JustaBitTime
Member
Offline
Activity: 98
Merit: 10
|
|
February 13, 2014, 06:14:34 AM |
|
Where is the source code?
Will be made available in a few weeks. With all respect "in a few weeks" is unacceptable. You shouldn't have made it available if you weren't ready to release the source code. You should also be explicitely stating that its closed source. I'll do it for you. The Offspring Nxt client is CLOSED SOURCE. Use at your own risk!Considering that most people store their money on Dgex or Bter it's not a big deal. I'm not going to get into the whole dgex debacle, but we can assume that most people with funds on there probably don't want them on there. Nonetheless, only about 10% of Nxt sits on exchanges. Closed source is a no go. Seriously why even make this comment? Lets just have everything closed source then. The point is requiring basic standards no matter who is in question. The dgex standards have been... questionable in several ways. Different strokes for different folks. Don't get me wrong... love open source initiatives. However, as we look to the masses (our future market) open source means crap to them. Lots of clients in development, support the one that rings your bell. So stolen accounts for some and audited open source clients for others it is then... How can people fail to grasp the most basic importance of this. It has nothing to do with "open source initiatives". Its that people MUST know its safe to use based not on a persons guarantee (trust), but on open code that can be audited by anyone, anywhere, any time. This is peoples money and livelihoods were talking about. Not to mention this: Agree with buybitcoinscanada. There's no reason for me to mistrust Graviton/GCinc, BUT: closed source client(!) with blockchain included(!) by the owner of an exchange and the biggest NXT forum.... hmmmm, could be dangerous and is not really the way to go! Cool. Free market, I see no reason to disrupt it. Ok, back to business... I just heard back from Travis at CoinMKT: "John, Thanks for the intro. I'm replying all - but please, don't everyone email at once . We'd be happy to take a look at Nxt. From what I've heard, the implementation is somewhat different than most coins, can you gents provide more info? I can't promise anything other than we will take a look and review. Thanks." So we're confirmed with Vault of Satoshi and CoinMKT will review it. Could I please get a solid list of resources to make it a no-brainer implementation for the exchange.
|
|
|
|
allwelder
Legendary
Offline
Activity: 1512
Merit: 1004
|
|
February 13, 2014, 06:16:09 AM |
|
PROPOSAL FOR AUTOMATED GATEWAY BACKED BY NXT COMMUNITY
I wanted to get the community's feedback on having a community backed gateway for the popular cryptos, eg. BTC, DOGE, LTC, etc. Long term, I want to have fully automated DAC's, but rather than wait for the NXT VM to be completed, I want to have a way for everyone to be able to trade cryptos in a decentralized way with a minimal amount of trust required.
What I am envisioning is the community will create automated gateway code that will be open sourced and it would be run on a hardened community server. If we cant find a volunteer to code the automated gateway, then I would be willing to hire for NXT someone to write the code. I have the design pretty much worked out, even using the existing AE restrictions.
deposit BTC -> gateway -> get BTC Asset <BTC Asset is traded via AE> withdraw BTC Asset -> gateway -> get BTC in wallet
The above is a simplified flow and you can replace BTC with DOGE or whatever we end up supporting. While the gateway would still be a single point of failure, it would be backed by the NXT community. Trusted members would manage the hardened server(s) and I think it makes sense to have a bit of NDIC (NXT deposit insurance by community) so in case of a loss caused by failure of gateway server. I am thinking that a 100000 NXT allocation against exploding data center will give additional peace of mind for people using the gateway. No protection if your computer gets hacked, the insurance is against the gateway server failures.
Assuming the community approves and I can get a volunteer to do the coding and a volunteer to get a hardened server (or maybe add this to an existing NXT node?) we can get this in place very quickly. As long as the gateway code runs, the deposits and withdrawals will be processed automatically. Once inside the AE, everybody can trade it knowing it can be automatically withdrawn to the real thing at any time.
This means that within NXT there will be a decentralized exchange for all the cryptos, possibly within weeks!
If the client devs will also add a custom crypto exchange to the clients, NXT will effectively have this built in for all users. I am pretty sure DOGE can't do this!
James
Edit: Since community is paying for this, there will be no costs charged other than bare minimum protocol requires.
good idea
|
|
|
|
allwelder
Legendary
Offline
Activity: 1512
Merit: 1004
|
|
February 13, 2014, 06:20:19 AM |
|
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 13, 2014, 06:23:58 AM |
|
|
|
|
|
swartzfeger
|
|
February 13, 2014, 06:24:23 AM |
|
So we're confirmed with Vault of Satoshi and CoinMKT will review it. Could I please get a solid list of resources to make it a no-brainer implementation for the exchange.
Ugh, this is great news... I just wish we could get you this list ASAP instead of having to pull teeth. Since brooklynbtc/msin might be taking over https://nxtchg.com soon, maybe'll they'll be willing to share a list. CfB, any input here for Justabit?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 13, 2014, 06:24:30 AM |
|
So we're confirmed with Vault of Satoshi and CoinMKT will review it. Could I please get a solid list of resources to make it a no-brainer implementation for the exchange.
This could help a lot - http://wiki.nxtcrypto.org/wiki/Nxt_API
|
|
|
|
dzarmush
Legendary
Offline
Activity: 1806
Merit: 1001
|
|
February 13, 2014, 06:25:10 AM |
|
Where is the source code?
Will be made available in a few weeks. With all respect "in a few weeks" is unacceptable. You shouldn't have made it available if you weren't ready to release the source code. You should also be explicitely stating that its closed source. I'll do it for you. The Offspring Nxt client is CLOSED SOURCE. Use at your own risk!Considering that most people store their money on Dgex or Bter it's not a big deal. I'm not going to get into the whole dgex debacle, but we can assume that most people with funds on there probably don't want them on there. Nonetheless, only about 10% of Nxt sits on exchanges. Closed source is a no go. Seriously why even make this comment? Lets just have everything closed source then. The point is requiring basic standards no matter who is in question. The dgex standards have been... questionable in several ways. Agree with buybitcoinscanada. There's no reason for me to mistrust Graviton/GCinc, BUT: closed source client(!) with blockchain included(!) by the owner of an exchange and the biggest NXT forum.... hmmmm, could be dangerous and is not really the way to go! I understand what are you guys talking about. And agree with you. Open source is a must. Although I see nothing really bad in using close source client for several weeks if it's released by Dgex, Bter, Vircurex etc. At least for someone who keeps his money on these exchanges. If you personally don't trust Dgex then don't use their client until it's open source. If you trust them and store you money on Dgex, then there's no reason for not using their client.
|
|
|
|
abctc
Legendary
Offline
Activity: 1806
Merit: 1038
|
|
February 13, 2014, 06:57:28 AM |
|
PROPOSAL FOR AUTOMATED GATEWAY BACKED BY NXT COMMUNITY
If the client devs will also add a custom crypto exchange to the clients, NXT will effectively have this built in for all users. I am pretty sure DOGE can't do this!
James
Edit: Since community is paying for this, there will be no costs charged other than bare minimum protocol requires.
If this is safe and works, I'd be willing to back this with some funds (5000 Nxt) I can't judge that myself, but if some devs say it is, I'm game. - me too (2000 NXT). Great idea, James!
|
██████████████████████████████████████████████████ ████████████████████████████████████████████████████ ██████████████████████████████████████████████████████ ████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████ | , the Next platform. Magis quam Moneta (More than a Coin) |
|
|
|
bitcoinpaul
|
|
February 13, 2014, 07:01:01 AM |
|
If someone wants to write up an overview of what exactly we need for the crypto auditing, I can send it to a few Crypto experts I've been in contact with. Just PM me.
Please, CfB, help with that. Edit: what kind of 'experts'? I've been in contact with several people, including Matt Green (zerocoin). I was originally referred to Matt by Susan Waters ( http://cs.jhu.edu/~susan/) who was his professor, and Susan also recommended Lisa Yin in the same email. I've had contact with Lisa and she sounds open to an audit. Lisa has a PHD from MIT in Crypto. I have contact with a few other academics as well. Right, Lisa. I remember ( https://bitcointalk.org/index.php?topic=345619.msg4989534#msg4989534). Well, what do you think, CfB? Just do it. We need someone to check that Curve25519 and Crypto have no bugs. What about signing? Is crypto = using the curve function? Please specify.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 13, 2014, 07:03:35 AM |
|
What about signing? Is crypto = using the curve function? Please specify.
Yes, Crypto class uses Curve25519 class to do key agreement and message signing.
|
|
|
|
|
fmiboy
|
|
February 13, 2014, 07:15:38 AM |
|
PROPOSAL FOR AUTOMATED GATEWAY BACKED BY NXT COMMUNITY
If the client devs will also add a custom crypto exchange to the clients, NXT will effectively have this built in for all users. I am pretty sure DOGE can't do this!
James
Edit: Since community is paying for this, there will be no costs charged other than bare minimum protocol requires.
If this is safe and works, I'd be willing to back this with some funds (5000 Nxt) I can't judge that myself, but if some devs say it is, I'm game. Community will review the source code to make sure it is safe. I am thinking that we verify cross chain transactions with both the local bitcoind and also blockchain.info to get two sources of transaction confirmation. To minimize any concentration of deposits issue, we can create many deposit wallets that withdrawals are taken from. On each server, only the server admin will know the wallet address for that server, so we compartmentalize the financial risk. If we wanted to take the insurance concept a bit further, we could have the server operators put up a bond against any deposits disappearing. The entire trust issue is something that MUST be solved, otherwise AE will not be useful for trading anything with real value. Directed donations to NXTcommunityfund are alway welcome. Just post here and rickyjames will tally it all up. James let's give it a try
|
|
|
|
Eadeqa
|
|
February 13, 2014, 07:22:54 AM |
|
How does running potentialy malicious software used to directly access your money inside a VM protect the money that you're using the software to access? That's not good logic. Sure it segregates the rest of your system, but it does not protect the money.. Don't put most of your money in VM client account. There is a huge difference. The source code can be audited. Then I can compile the open source code and run that. Then I can distribute those binaries to friends and family to use.
No one (at least not 99.999%) compile the source and run it. They just download and run the executable. There is no way to be sure if they are same. At some point, there has to be trust involved. You trust your operating system (did you compile it yourself?) You trust your browser (did you compile it yourself?) There is no such thing as zero trust. I personslly won't run bter software on my main system as I don't trust them (yet). To each it's own.
|
|
|
|
|