NXT :: descendant of Bitcoin - Updated Information

[Jean-Luc]

Is there an open source software with an online interface which we could use for logging testcases and bugs?
Something like JIRA?

For just keeping track of bugs, now we all should use the issue tracker on bitbucket, where the public source it.

There are tools like Jenkins and Hudson, to do continuous integration, but we don't have automated tests yet so it is a bit early to look into those.

For manual testing, writing test plans and keeping track of test results, somebody with more QA experience should speak up, I don't know what is out there.

We need an organized QA team and testing more urgently than we need java devs. The QA people can start contributing productively much faster than a new java dev can get familiar with the code, so we would see real results from getting a QA immediately.

[VanBreuk]

any date set for launch of AE yet?? or still to be decided?

I proposed the 13th march, and asked if not some one should step up and take ownership for the launch of AE.

March 13th is not possible. I posted my plan some time ago:
https://bitcointalk.org/index.php?topic=345619.msg5449690#msg5449690

The test network is ready, the known asset exchange bug looks fixed, but more testing is needed to make sure there are no others.

Now I need to start working on increasing the divisibility of amounts and fees, to allow for fractional amounts in the future, and I want to have this ready and tested before Asset Exchange is enabled on main net, because this type of transition would be really more difficult after AE is live. There is no time to do that before March 13th, end of March is more likely.

If that is realistic, it deserves full support. Let us grease the machines for the next 3 weeks then. I am testing.

In the meantime, looks like a great time to place an official client distribution for the average windows user on the table. NRS+wesleyh+mistafreeze installer. What's the status of this?

Do we need a name redux for the package?

[jl777]

Nxt :: Asset Exchange Testing

Let´s get things organized!

I´ve created a project for Nxt AE on TestPad.

https://nxt.ontestpad.com

Anyone willing to test AE please join the site so I can add you to the project.

What is TestPad for and why to join?

We can

- write test cases
- run tests step-by-step
- track tests step-by-step
- track bugs
- track bugfixing progress

Please PM me your username after registration.

Fantastic!
Everybody can help with this as long as you can use wesley's web GUI

James

[igmaca]

antanst, aka Evil Bob impersonator, has raised a security weak spot in the current gateway design.
Each gateway currently generates a custom deposit address and when a deposit comes in, it immediately sweeps it to the main multisig acct. The duration of exposure is less than a second (could be set to 50 milliseconds), but it is exposure.

So, I am changing things so that there is no sweeping into a main account. All custom deposit addresses will be 2 of 3 multisig. This will require a fair amount of internal changes, but it eliminates the in transit deposit exposure. Now, all deposits will go directly into a multisig account and stay there until a withdraw request needs the funds.

The multigateway isnt perfect, but I will do everything possible to make sure it is as safe as I can make it.

Does anybody know how to setup google authenticator? I think it works by having a seed value associated with each user. I can put the encrypted value of this seed in the AM response to the user. Then for people who choose to activate this feature, they would need to go to a webpage, input their NXT acct # and authenticator token

With such a setup, can anybody think of how Evil Bob can attack the gateway? All I can think of it a spite DDos attack that would just slow things down, but no money lost. Any other attack vectors? Can someone forge the NXT acct # in the "sender" field in a confirmed AM transaction?

James

The difficulty arises with the user authenticator Google documentation . One Base32 ( secret ) key is expected . You must set the secret key to Base32 in KeePass and restrict your secret key to the base 32 character set : az, 2-7. KeePass allows "= " but not Google authenticator . Base32 length secret key Apart expressed in multiples of 8 characters.
A configuration that works :
Adjust the settings OTP Lock :
Long: 6
Secret key : abcdefghxz234567 ( Base32 )
Counter : 0 ( Dec)
OTP Number 3
Looking forward 9 (allows 3 failed attempts to unlock using KeePass newly generated OTPs before a recovery is needed because the counters have become too out of sync. )

Set Google Authenticator
secret key : abcdefghxz234567
counter : counter based
The first 6 OTPs are:
442843
724600
994 767
847 513
160505
583 080
Make sure you never lose the secret key or it will be permanently locked out of KeePass if counters lose synchronization. It also recognizes that the real secret is the secret key is not the OTP .

OtpKeyProv
Plugin Author: Dominik Reichl, Plugin Language: English
http://keepass.info/plugins.html#keeotp

OtpKeyProv is a key provider based on one-time passwords. After protecting your database using this plugin, you need to generate and enter one-time passwords in order to open your database.

All generator tokens that follow the OATH HOTP standard (RFC 4226) are supported.

Download plugin: [v2.2 for KeePass 2.20 and higher]
Download source code: [v2.2 for KeePass 2.20 and higher]

If you instead want KeePass to generate one-time passwords, see the {HMACOTP} placeholder. For generating time-based OTPs, see the KeeOtp and Tray TOTP plugins.

[Jean-Luc]

about Asset Exchange test
everything looks like ok.

found a api error

1. getTrade  OK
{"trades":[{"timestamp":8778667,"price":200,"bidOrderId":"10668185170919619908","askOrderId":"11342895551343357312","quantity":15},{"timestamp":8778667,"price":300,"bidOrderId":"10668185170919619908","askOrderId":"627868227848821830","quantity":10}]}

2.getAskOrder
http://127.0.0.1:6876/nxt?requestType=getAskOrder&order=11342895551343357312 (this api don’t corret)
{"errorCode":5,"errorDescription":"Unknown order"}
askorder or bidorder api cannot return result.

3.getTransaction OK (use this api replace getaskorder api)
http://127.0.0.1:6876/nxt?requestType=getTransaction&transaction=11342895551343357312

btw
i have issued some tulips(quantity=100). Tomorrow i will launch Tulip Bubble TEST, who earned most testNxt will win the match. I will donate 500 true Nxt to the winner.

Was this order completely filled? If so, it has been removed from the system, so it is normal to get an unknown order. Trades are used to keep track of past orders that have been already executed.

[qqNxt]

BTC38 is asking about which coin to add next on their exchange. Please take a few minutes to let them know about Nxt:

https://bitcointalk.org/index.php?topic=501963.msg5525645#msg5525645

Done

[martismartis]

Why my public node seen in active peers window has red flag and shown as disconnected, while it is really live and I can connect to it from outside?

[l8orre]

FreeRider AE Client released later today. Stay Tuned.

Nxt :: Asset Exchange Testing

Let´s get things organized!

I´ve created a project for Nxt AE on TestPad.

https://nxt.ontestpad.com

Anyone willing to test AE please join the site so I can add you to the project.

What is TestPad for and why to join?

We can

- write test cases
- run tests step-by-step
- track tests step-by-step
- track bugs
- track bugfixing progress

Please PM me your username after registration.

Edit: TestPad is charging $9/month for every new user. I will pay for the subscription from my own pocket, so please, only join if you are serious about testing.

[Jean-Luc]

jean-luc

If you can get asset trades denominated in other assets implemented, then NXT AE would be able to dominate all other centralized exchanges. Basically all cryptos supported by the gateway could be directly traded against any other crypto. It would be fantastic!

After trading, people could withdraw directly to their wallet whatever crypto they have assets for

I think this is a much bigger change than assets supporting fractions, but maybe its a conditional handling in Order.java for all the trades of an asset denominated in another asset. Even if BTC is the only other asset something can be denominated in, that would get us 90% of the benefit, but I think the way the code is structured, it would be almost the same work to allow arbitrary denominations based in other assets.

James

I will look into that after I am done with the rest of my near term plan. I need to prioritize features, and this is again not a simple change. Supporting fractional amounts is critical because it is needed not only for the AE.

[Eadeqa]

In this case he is only using java.util.Random to pick up the length of the password, between 70 and 90 chars, so it does not need to be SecureRandom. Of course I hope the apache RandomStringUtils internally uses SecureRandom, this is where it would matter.

Instead of relying on RandomStringUtils, isn't it much simpler to just use SecureRandom to create the password?

char[] allowedCharacters = {'a','b','c','1','2','3','4'};

SecureRandom random = new SecureRandom();
StringBuffer password = new StringBuffer();

for(int i = 0; i < PASSWORD_LENGTH; i++) {
    password.append(allowedCharacters[ random.nextInt(allowedCharacters.length) ]);
}

[Jean-Luc]

about AE test

1. balance=2864
2. ask order (my asset)
  quantity:15, price=200(2nxt) fee=1
  quantity:10, price=300(3nxt)  fee=1
  balance=2862 Ok
3. bid order (my asset)
  quantity:25, price=300(3nxt)   fee=1
4.balance=2846
  should be 2864-3=2861
  so 2861-2846=15 is lost ( 25*3-15*2-10*3=15 )

test Ok  in .8.6

cancelling a order, there are two results :
e.g.
1. ask order
    quantity:5, price=100(1nxt) fee=1
    wait a minute, confrimed.
2. bid order
    quantity:4, price=100(1nxt) fee=1  
    not confrimed yet
3. cancel the ask order

two results:
2.bid order win ,confirmed before the cancelling ask order
  so order matched, and the left ask order cancelled ( quantity:1, price=100(1nxt))
3. cancel ask order win, confirmed before the bid order
  so bid order don't change, ask order all is cancelled.

test Ok  in .8.6

So you are saying I have managed to fix that bug? Are there any known AE bugs that are still reproducible in 0.8.6?

[Jean-Luc]

Is JL available for new dev core team consideration post CFB?

My understanding is that he is here long term

JL, can you confirm this? The community is just trying to take stock of who is and isn't on-board for the months to come.

Yes, I will still be here after CfB leaves.

[CIYAM]

Does anybody know how to setup google authenticator? I think it works by having a seed value associated with each user. I can put the encrypted value of this seed in the AM response to the user. Then for people who choose to activate this feature, they would need to go to a webpage, input their NXT acct # and authenticator token

https://github.com/ciyam/ciyam/blob/master/src/crypt_stream.cpp#L173

Although it is of course in C++ (if you search around you should be able to find it in C).

Am back from Hong Kong now (wasn't online at all for two days so have been busy trying catch up all afternoon).

As far as people wanting me to be a "core dev" I don't think it would make much sense as I am a C++ programmer not a Java programmer (and have only even looked at a small amount of the source code) so at this stage I will keep my main involvement to the AT side of things but may get involved with other things down the track.

As far as pools are concerned I think we are going to need them and without them we won't be able to create a "savings account" AT (which I think would be something fairly attractive from a marketing perspective).

I had stated before that my preference for limiting the power of an individual pool account would be to limit the number of accounts that it can use (so that trying to allocate your forging power to a "full" account would actually fail) or to limit the max. amount of forging power to a max. % of total coins (say 1%). Of course there is no reason that both of these limits would not be able to be imposed.

Someone else suggested the leased forging power to be restricted according to the balance of the forging account and I think that it could also be a reasonable way to do it.

The key thing that we are going to want to have is a "lot of small pools" rather then a "few huge ones" so I think we should try and focus on ideas that are going to make it easier for small pools and harder for large pools.

[verymuchso]

I did my research on random string generator libraries, it seems apache RandomStringUtils is not compromised.

Why aren't you using SecureRandom random = new SecureRandom()?

Simpler version from web

char[] allowedCharacters = {'a','b','c','1','2','3','4'};

SecureRandom random = new SecureRandom();
StringBuffer password = new StringBuffer();

for(int i = 0; i < PASSWORD_LENGTH; i++) {
    password.append(allowedCharacters[ random.nextInt(allowedCharacters.length) ]);
}

I don't believe I know better than the people from Apache who made that library.
That library is used in 1000s of production systems. You should not reinvent the wheel.

You are right about the difference between SecureRandom and Random, in the code I posted it does however not make sense to use SercureRandom. If you believe it does please explain why it does make sense in the code I posted.

[Forobitcoins]

To increase the benefit of "forging", we can add a commission (eg Nxt 0.01) each time you start the client, this creates more comisones for forging and people are more interested in not close the client, not to return to charge the fee.

Is this possible?

Sorry for my English
----------------------------------------
Para aumentar el beneficio de "forjar", podemos agregar una comision (ejemplo 0,01 Nxt) cada vez que iniciemos el cliente, esto crea mas comisones para los que forjan y la gente esta mas interesada en no cerrar el cliente, para no volver a cobrar la comision.

¿es esto posible?

Perdon por mi ingles

[muto]

Are there any plans to publish the complete and actual source code somewhere in the near future?

I only found the source code of v4.6. Is ther something more actual available?

[mcjavar]

...

I´m glad you are back

[Jean-Luc]

fractional assets also? If the comment field is not possible, I can work around that, but please let me know so I can plan accordingly.

Possibly, I will see what it takes for fractional assets. The comment field is an easier change, I will do that, but will have to reset the test blockchain again.

[mcjavar]

Are there any plans to publish the complete and actual source code somewhere in the near future?

I only found the source code of v4.6. Is ther something more actual available?

https://bitbucket.org/JeanLucPicard/nxt/src/

[Jean-Luc]

Are there any plans to publish the complete and actual source code somewhere in the near future?

I only found the source code of v4.6. Is ther something more actual available?

We only publish in the near past, this way we control the future