Bitcoin Forum
December 14, 2024, 05:11:53 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 [2125] 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 ... 2557 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2761621 times)
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 09, 2014, 11:12:53 PM
 #42481

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. 

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?



There is no such thing as bad publicity Smiley

Ah, yeah.
godt
Member
**
Offline Offline

Activity: 87
Merit: 10


View Profile
March 09, 2014, 11:13:13 PM
 #42482


Why shouldn't it be?

But it is very unlikely that somebody has control over this account.

What are the chances?
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 09, 2014, 11:16:15 PM
 #42483

How do you want to prevent people creating pools?

It seems to me that the comprehension problem I have right now is why would anybody want a PoS coin not to be secured by TF.

Until now, there is no such thing as TF => NXT has no TF.

With TF, every node can decide without any doubt what is wrong and what is right.
TF would not be gameable.
TF would not allow cheating.

You have to read the whole dialog from today to understand my post. You put my quote out of context.

1. I asked why some parallel chains would not want to choose TF
2. I asked how to prevent pools in these chains without TF

Why should pools be prevented at all?
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 09, 2014, 11:22:46 PM
 #42484

In my thinking there are two balances, - apologies if this is a bit long....

The Reserve Balance which is an amount of NXT you cannot withdraw and you can initiate instant transactions up to that level - this is a permanent reserve until cancelled.

The other balance is the Instant Balance which is updated as soon as an instant transaction is broadcast by a node i.e. 0 confirmations.
This reflects the liability the account has created with an instant transaction.
The node the transaction is broadcast through will have an realtime view of this because it will update the accounts instant balance before broadcasting the tx, all nodes seeing the TX will also update the instant balance for that account.
If the account tries to initiate more TX that would make Instant Balance > Reserve Balance this would create an error.

An attack vector such as you describe would rely on being able to send the TX through a node which had not yet updated its instant balance total for the account in question.

For instant transactions to work I would want to ensure that both accounts had to be connected to a node and both nodes had the same view of the instant transaction balance of the sending account. If the seller is logged into the buyer node then this is a possible edge case attack.

This means that the sellers account can confirm that there are sufficient reserved funds for the instant purchase because it also has a view of the buyers instant balance that it can verify with other nodes - this would be a possible client verification/check  during the purchasing process, the seller NRS node is passive in this process other than providing data to the sellers software client.

Even if the buyer switches nodes, the seller doesn't and the sellers node reconciles the instant balance of the sellers account using normal time line rules.... So unless the buyer can get the seller onto a node that doesn't know the buyers balance or initiate trades with lots of sellers which it knows are connected to nodes which won't get the instant balance update then an attack will fail ( I think)


Once the instant TX is confirmed the liability reduces and the instant balance can be reduced.


Me, as a bad buyer could easily game the system by replaying all the transactions over and over again, in order let nodes delete all (except one). I can play this game over and over again.

I would rather have a combination of http://qubic.boards.net/thread/9/fighting-scam (hope CfB does not mind) and CCT.

One part we missing so far is that the seller can cheat as well.

We should have a refunding transaction instead of arbitrary limits.
Fern
Sr. Member
****
Offline Offline

Activity: 247
Merit: 250



View Profile
March 09, 2014, 11:25:20 PM
 #42485

Guys, relax!

Password generator will get implemented in Wesleyh's installer (NRS + nice GUI). And now, move on.

Please read this monster thread before you post Wink

Thank you.

OK,cool. I was just checking up on progress for this week coming. I think Pinarello was helping to make sure it happens. That is, Wesley's client becoming the official one. I'm going to keep banging on about it until it's done.

I pretty sure this Alvin Lee character is a woman from Netherlands. It's hard to believe she used a short password with 20% of her portfolio. Hopefully she tweets about the new client next week.
StuartGT
Member
**
Offline Offline

Activity: 104
Merit: 10


View Profile
March 09, 2014, 11:27:57 PM
 #42486

There is no such thing as bad publicity Smiley

Agreed! Smiley
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 09, 2014, 11:29:19 PM
 #42487

Until now, there is no such thing as TF => NXT has no TF.

Not 100% correct. We have 50% of it.

You made me smile.

-----

You have seen my analysis: as far as I can tell, the 90%-deterministic approach would be susceptible to the puppet-account attack as would be the 100%-deterministic approach.
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 09, 2014, 11:36:45 PM
 #42488

@CfB

It would be advisable to have 51%-attack protection in place rather than the 34%-attack protection.
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1134


View Profile WWW
March 09, 2014, 11:40:53 PM
 #42489

Crazy idea, someone has already thought of it?
A coin as the NXT might have similar features with ebay?

1 - I own the account 111111
2 - I want to buy something from the seller who has the account 22222
3 - I send 100NXT, which would be trapped in blockchain at to confirm that I received my purchase.
4 - If I receive the product unlock the 100NXT account for 222.
5 - If not receive but gets stuck and only come back to me if the account venderdor 222 mark as not completed.
6 - Upon completion of the deal or not, we could both evaluate and add 1 point to the "reputation system" of accounts.
7 - Accounts with high reputation, could mediate situations where there was no agreement.

So instead of being added to ebay, etc ... that is the dream of any currency, would replace. To facilitate the exchange of NXT for other currencies without using exchange.
What if acct 111111 receives the product, but doesnt mark it as so? acct 22222 will not be happy.
If you can solve that part, this could work

James

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1134


View Profile WWW
March 09, 2014, 11:42:18 PM
 #42490

So, using guid we can lookup the txid to verify that Evil Bob's txid he submits is different than the real one and reject him. There is no way for Evil Bob to change the GUID. 10 confirmations is recommended.

Anyone can change transaction. All that u need is to rely on guid.

OK, so I change all my code to treat GUID as txid and just ignore the current txid's when this is available and all will be well

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 09, 2014, 11:42:55 PM
 #42491

https://bitbucket.org/JeanLucPicard/nxt/commits/45cc27d7b90cda5f41a5fc2bb5b29384fa84a207

Interesting. Thought that this would be obvious. But good to know it's in place now.
EvilDave
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1001



View Profile
March 09, 2014, 11:43:25 PM
 #42492

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW.  

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?

Er...yes.


There is no such thing as bad publicity Smiley

This is pretty close to being as bad as bad publicity can get.

At least AlvinLee has acknowledged her (?) role in the loss, but losing 20% in one pop......ouch.
Anyone want to give her some compensation and a copy of Wesleys shiny, more secure, client when it comes out?

Nulli Dei, nulli Reges, solum NXT
Love your money: www.nxt.org  www.ardorplatform.org
www.nxter.org  www.nxtfoundation.org
VanBreuk
Sr. Member
****
Offline Offline

Activity: 460
Merit: 250



View Profile
March 09, 2014, 11:44:26 PM
 #42493

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. 

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?


Er...yes.

There is no such thing as bad publicity Smiley

This is pretty close to being as bad as bad publicity can get.

At least AlvinLee has acknowledged her (?) role in the loss, but losing 20% in one pop......ouch.
Anyone want to give her some compensation and a copy of Wesleys shiny, more secure, client when it comes out?

+1
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1134


View Profile WWW
March 09, 2014, 11:45:57 PM
 #42494


Why shouldn't it be?

But it is very unlikely that somebody has control over this account.

What are the chances?
getAccountPublicKey.10388 {"errorCode":5,"errorDescription":"Unknown account"}


If somebody knows the key, they havent used it yet

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
pandaisftw
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
March 09, 2014, 11:50:37 PM
 #42495

Still catching up to the thread (at least 20 pages behind), but reiterating what I said earlier:

Now that I think about it, parallel chains is a very nice way to achieve the 1000 TPS goal. It is highly unlikely that everyone needs to use all the parallel chains at once, so by providing many, many chains, people would only have to secure the ones they are interested in. NXT as a whole could have 1000 TPS, but a regular user would probably only need to secure at most 100 TPS on the chains he/she is interested in.

It is unlikely someone in India using NXTIndia will need to secure the NXTChina parallel chain (although both would secure the master chain). So with just 10 countries using NXT at 100 TPS, you got your 1000 TPS without the entire network having to have super-mega-fast internet speeds.

Add in specialized services with their own chain, and this number could be much higher than 1000 TPS.

Pandaisftw

Why are people so concerned with a single "super-duper-high-speed-secured-by-super-hubs"-chain?

100 parallel chains at 10 TPS each is equivalent to 1 chain at 1000 TPS.
10 TPS can be done easily with even the lowest-end hardware and internet connections.

Case 1 (Assumptions):
These chains use NXT as their base currency, and the total NXT between all of these chains remains 1 bil.
There is a way for NXT to transfer across chains without having to create new NXT or destroying NXT (presumably atomic transactions). If not, why can't NXT transactions have a "chain-destination" field, allowing seamless cross-NXTchain transactions?

Case 2:
Even if Case 1 is not true, then each chain would simply have it's own "coin", but still secured by the master chain, thus part of the NXT ecosystem.

Why is this practical? Because no one needs to use all 100 chains at once. People only need to secure the chains they use (in addition to the master chain) - think NXTUSA or NXTChina. Thus, there is less waste (infrastructure costs) than creating a single chain that can do 1000 TPS, but only during spike periods. It may only do 100 TPS normally, or even less. And then there's the fact that only super-hubs (centralization) can secure this network. By letting people choose what chains they want to secure, this gives nodes the flexibility to support as many chains as their hardware and bandwidth allows. Therefore, average users with Pi's can support maybe 10 chains, while those running VPSs with high bandwidth connections can support hundreds. They can also dynamically allocate their resources depending on network load via switching chains they support.

This also gives us the flexibility to go beyond 1000 TPS without needing to upgrade any hardware or internet speeds. More users = more chains = more users to support more chains.

Additionally, more chains means less bloat per chain. A single 1000 TPS chain would have immense bloat, and would have to be trimmed at a rapid pace. Imagine trying to catch up to a 1000 TPS chain, the chain will be rapidly growing while you're trying to download it. At this rate, the chain would be growing at 460 megabytes per hour. With many, many parallel chains, you would only have to worry about the blockchains you are securing. So a raspi user securing 10 chains at 10 TPS each would only need to worry about 100 TPS worth of bloat... much more manageable.

So I'll ask again, why is there a need for a single 1000 TPS chain when you can have hundreds of 10 TPS chains?

NXT: 13095091276527367030
crazybonkers
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
March 09, 2014, 11:51:51 PM
Last edit: March 10, 2014, 12:11:26 AM by crazybonkers
 #42496

He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW.  

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?




I agree. Developers must make the clients as easy and as fool proof as possible for the unaware user who doesn't quite grasp how important a very long passphrase is when using Nxt brain wallet.  
+infinity



YinCoin YangCoin ☯☯First Ever POS/POW Alternator! Multipool! ☯ ☯ http://yinyangpool.com/ 
Free Distribution! https://bitcointalk.org/index.php?topic=623937
Bwincoin - 100% Free POS. BGMvuxaH47mwfQJ7iZ6tgJipB1XQLRhFCP
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1134


View Profile WWW
March 09, 2014, 11:59:29 PM
 #42497

Still catching up to the thread (at least 20 pages behind), but reiterating what I said earlier:

Now that I think about it, parallel chains is a very nice way to achieve the 1000 TPS goal. It is highly unlikely that everyone needs to use all the parallel chains at once, so by providing many, many chains, people would only have to secure the ones they are interested in. NXT as a whole could have 1000 TPS, but a regular user would probably only need to secure at most 100 TPS on the chains he/she is interested in.

It is unlikely someone in India using NXTIndia will need to secure the NXTChina parallel chain (although both would secure the master chain). So with just 10 countries using NXT at 100 TPS, you got your 1000 TPS without the entire network having to have super-mega-fast internet speeds.

Add in specialized services with their own chain, and this number could be much higher than 1000 TPS.

Pandaisftw

Why are people so concerned with a single "super-duper-high-speed-secured-by-super-hubs"-chain?

100 parallel chains at 10 TPS each is equivalent to 1 chain at 1000 TPS.
10 TPS can be done easily with even the lowest-end hardware and internet connections.

Case 1 (Assumptions):
These chains use NXT as their base currency, and the total NXT between all of these chains remains 1 bil.
There is a way for NXT to transfer across chains without having to create new NXT or destroying NXT (presumably atomic transactions). If not, why can't NXT transactions have a "chain-destination" field, allowing seamless cross-NXTchain transactions?

Case 2:
Even if Case 1 is not true, then each chain would simply have it's own "coin", but still secured by the master chain, thus part of the NXT ecosystem.

Why is this practical? Because no one needs to use all 100 chains at once. People only need to secure the chains they use (in addition to the master chain) - think NXTUSA or NXTChina. Thus, there is less waste (infrastructure costs) than creating a single chain that can do 1000 TPS, but only during spike periods. It may only do 100 TPS normally, or even less. And then there's the fact that only super-hubs (centralization) can secure this network. By letting people choose what chains they want to secure, this gives nodes the flexibility to support as many chains as their hardware and bandwidth allows. Therefore, average users with Pi's can support maybe 10 chains, while those running VPSs with high bandwidth connections can support hundreds. They can also dynamically allocate their resources depending on network load via switching chains they support.

This also gives us the flexibility to go beyond 1000 TPS without needing to upgrade any hardware or internet speeds. More users = more chains = more users to support more chains.

Additionally, more chains means less bloat per chain. A single 1000 TPS chain would have immense bloat, and would have to be trimmed at a rapid pace. Imagine trying to catch up to a 1000 TPS chain, the chain will be rapidly growing while you're trying to download it. At this rate, the chain would be growing at 460 megabytes per hour. With many, many parallel chains, you would only have to worry about the blockchains you are securing. So a raspi user securing 10 chains at 10 TPS each would only need to worry about 100 TPS worth of bloat... much more manageable.

So I'll ask again, why is there a need for a single 1000 TPS chain when you can have hundreds of 10 TPS chains?
Could the network automatically adapt and support the chains that they are able to? I doubt most users will know enough to properly select what chains to support. If the network can be smart and reallocate resources where it is needed, then that would be really cool. semi-intelligent emergent behavior?

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
SZZT
Sr. Member
****
Offline Offline

Activity: 273
Merit: 250


View Profile
March 10, 2014, 12:02:07 AM
 #42498

+1
User end = paralytic amoeba

+1

1HceYnNAUv5zBjJUhEncmmvxU1C7yjWoX8
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1134


View Profile WWW
March 10, 2014, 12:06:01 AM
 #42499

He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. 

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?




I agree. Developers must make the clients as easy and as fool proof as possible for the unaware user who doesn't quite grasp how important a very long passphrase is when using Nxt brain wallet.  
+infinity
I suggested to Wesley adding a reverse steganographic password generator combined with PIN
I think that makes it super easy.

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
crazybonkers
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
March 10, 2014, 12:11:54 AM
 #42500

He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. 

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?




I agree. Developers must make the clients as easy and as fool proof as possible for the unaware user who doesn't quite grasp how important a very long passphrase is when using Nxt brain wallet.  
+infinity
I suggested to Wesley adding a reverse steganographic password generator combined with PIN
I think that makes it super easy.


Jus an added thought...

Is there not a way that we could add a maximum number of tries to unlock an account? After the maximum number of tries you have to wait 1 minute before you can try again (or however long is a good time). I'm not sure how hackers hack a passphrase. Im assuming they need to keep entering a different passphrase until they hit one? Having a max limit to the number of times you can enter your passphrase would slow a hacker down?

This is just a thought and I don't know if this could be implemented to the clients or if im understanding things correctly as im neither a hacker or a coder Wink Just trying to help.

YinCoin YangCoin ☯☯First Ever POS/POW Alternator! Multipool! ☯ ☯ http://yinyangpool.com/ 
Free Distribution! https://bitcointalk.org/index.php?topic=623937
Bwincoin - 100% Free POS. BGMvuxaH47mwfQJ7iZ6tgJipB1XQLRhFCP
Pages: « 1 ... 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 [2125] 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 ... 2557 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!