Conurtrol
|
|
March 23, 2014, 10:37:10 PM |
|
I don't like people spreading FUD about Nxt and thinking they will come away unscathed. If I had any real technical knowledge I would be in the Mastercoin thread ripping him a new one. Anyway, no one probably cares like you say.
|
|
|
|
opticalcarrier
|
|
March 23, 2014, 10:43:19 PM |
|
If you use SSL, at least you are protecting the client privacy from the ISP and anyone who can spy along the route.
This is very easy to attack. A simple correlation between a SSL encyrpted HTTP package of matching size and the timestamp of the transaction will let a third party correlate a transaction with the originator IP. You also have to trust the node operator, since he owns the SSL certificate. For forums and wiki SSL is indeed essential, unless we all start signing each of our posts and PMs with GPG.
+1 It does make sense to protect the Wiki and forum with SSL (I previously missed that you have to login into the Wiki) and as such, I think InfCom should fund the SSL certificate. The NRS nodes should however not use SSL. Users of Wesley's client that sign transactions client-side will have their privacy compromised without SSL, even though the transactions and their password will be secure (assuming he is verifying the bytes before signing). I do see the value of SSL in this use case, because it is much simpler for the end user than setting up tor, and we are targeting users who presumably are not sophisticated enough to be running the Java server themselves.
I beg to differ: - Their privacy is easily compromised to 3rd parties even with SSL (see above).
- Their privacy is always compromised to the node operator since he owns the SSL certificate, thus this is still not a trustless solution.
- If privacy is needed, Tor can deliver.
- I've added support for Tor in my client in like 2 hours (version not yet released). It will come with the tor.exe client and my NXT client simply starts the Tor client if Tor is not running already and shuts it down again on exit if it was started by my client.
All the end user has to do is set the checkbox to use Tor. I also have proposed a bounty for client developers who implement support for Tor (https://bitbucket.org/nxtinfrastructure/committee/issue/33/tor-enabled-capable-nxt-clients) since this would solve the privacy issue very efficiently.
....and we are targeting users who presumably are not sophisticated enough to be running the Java server themselves.
Well, then we exclude these users from forging, since we can't really encourage them to send account secrets to public NRS nodes (even with Tor and SSL used). I fear that the secretPhrase parameter for forging will backfire on us some day. IMHO, forging (and anything else that needs a secretPhrase parameter) should only be possible when the request comes from localhost. being able to correlate a single transaction like you describe is an extremely bold claim. Maybe now its not so terribly difficult, but once NXT transactions start to pop it will definitely be impossible. And of course a light client ALWAYS has to trust the node operator. This is the case whether or not you use either SSL or TOR (or not use either/both of them). So just take this argument away. Like I said before, depending on tor for a home user is just not feasable. I find it extremely hard to believe that you see the SSL correlation such a risk yet completely ignore TOR correlation that is possible unless, like I said previously, the user takes EXTREME steps, nearing on the impossible. Without these drastic extreme steps, eventually tor is correlated. It just takes time. But whatever, just ignore the dev. Hint, you might want to do a little research about tor correlation, before you depend on it yourself though. In fact, unless you go do your research on it, Im going to assume that not only do you not care about it for yourself, but you also dont care about it for others. IMO this is not exactly the way things should be done, but, oh well, you guys in the committee are supposed to be the experts, after all. For the user who was asking about wildcard SSL (I think it was xyzzyx) the cost to do it anonymosly is fairly high, almost 500 euro. So unless someone knows that rapidssl/comodo/someoneElse will allow purchase with either anonymous or with known-to-be-not-real ID (startssl is very strict about real names, address, TN, etc) then thats the way to go.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 23, 2014, 10:50:01 PM |
|
I never said you should care about everyone. This isn't emule we're talking about
I don't care even if Satoshi says that Nxt uses checkpoints, coz it's not the truth. And I'm not going to waste my time trying to tell the others what the truth is. That guy doesn't know what he is talking about, or knows and lies. Anyway, 99% of the listeners don't care about checkpoints, decentralization and other stuff. I coded up guards against duplicate GUID hashes, so I can detect if two different txids have the same GUID. I am just using the "hash" field from getTransaction. Assuming 10 confirmations, am I safe from transaction malleability and other evils? If I have to calculate the SHA256 of raw bytes myself, I dont see the point of the "hash" field... Anyway, what should I do if I detect a collision of identical GUIDs? James
|
|
|
|
intmain()
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 23, 2014, 10:51:37 PM |
|
From what I understand tf uses deterministic selection based on specific environmental variables to form a consensus on who will be able to forge next... I don't think the devs at mastercoin know what they're talking about, at all.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 23, 2014, 10:52:52 PM |
|
nxt donations: 2319251
Whoa! just noticed your super short acct! Nice one
|
|
|
|
EvilDave
|
|
March 23, 2014, 11:01:50 PM Last edit: March 23, 2014, 11:21:01 PM by EvilDave |
|
In InfCom mode: Bounty ANN:: Papers on NXT network security requested.The Infrastructure Committee (infCom) would like to put out a public request for papers on aspects of NXT network security. http://107.170.117.237/index.php?topic=49.msg111#msg111The papers should address the following from both a general P2P and a specifically NXT perspective: An analysis/description of the NXT P2P network architecture and the communication within. Attacks that could be conducted on Nxt infrastructure (the NXTwork), identification methods and countermeasures that could be used against them, including : - DoS - Sybil - Poisoning - Eclipse - Tracking - Node Spoofing and any other relevant attack vectors. InfCom will be rewarding two bounties for submitted papers, the bounties will be somewhere between 10-20,000 NXT per paper. Deadline is 2 months from now, 24 May 2014. If you have any questions: https://bitcointalk.org/index.php?topic=506757.80the new NxtForums.org thread: http://107.170.117.237/index.php/topic,102.0.html or contact one of the InfCom members via PM. As inspiration: http://world-comp.org/p2012/SAM9754.pdf
|
|
|
|
instacalm
|
|
March 23, 2014, 11:17:18 PM |
|
The new NXT forum doesn't send out mails -- wesleyh, check and fix your server's sendmail, please.
|
|
|
|
Damelon
Legendary
Offline
Activity: 1092
Merit: 1010
|
|
March 23, 2014, 11:29:56 PM |
|
The new NXT forum doesn't send out mails -- wesleyh, check and fix your server's sendmail, please.
Could you put that here, please? http://107.170.117.237/index.php/board,34.0.htmlOtherwise we might miss it tomorrow (it's night where we are)
|
|
|
|
opticalcarrier
|
|
March 23, 2014, 11:32:26 PM |
|
The new NXT forum doesn't send out mails -- wesleyh, check and fix your server's sendmail, please.
Im waiting on root access and I will fix it
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 23, 2014, 11:32:40 PM |
|
How can I get a trusted list of transaction hashes to know what to lookup?
Scanning each block for all transactions to find asset transfers is the only way I know of to get a list of asset transfers for an asset (or acct). For buy/sells, getTrades gets the list, but again I think it is a list of txids...
To go to an unmalleable hash based tx wouldnt there need to be a method to get all the transactions without ever using txid?
http://localhost:7876/test for a listing of all available APIs and their parameters. getAccountTransactions supports filtering by type and subtype, you can get asset transfer transactions for a given account. But this still returns transaction id's only, not the full transaction json. The API needs improvement. Are you sure you need to use the hash and not just the transaction id? IDs are still guaranteed to be unique and continue to be used as the unique identifier internally. Hashes are used to make sure no new transactions are accepted that are duplicates (in all fields other than the signature) of an existing transaction even though they may have a different id. Sorry to keep bugging you, but due to the possibility of multiple txid having the same hash, I think I need to verify that all tx's that I honor, not have a duplicate hash. I see no way of doing this, short of tracking all transactions. If I use getAccountTransactions, then wouldnt I miss hash conflicts between txids in different subsets of what getAccountTransactions returns? Maybe there is a way to know for sure that all possible hash conflicts are contained within a certain set of filtered getAccountTransactions txids. I dont understand this well enough to know anything, other than I dont understand it well enough... Maybe it is as simple as the fake transaction, has to be identical in all respects other than the signature. So maybe every filtered subset is the spanning set for itself, actually every isolated tx could be. However, if that was the case, then I am not sure I need to do an hash based error checking as I am assuming the NXT core is doing this now. Any guidance is appreciated. James
|
|
|
|
salsacz
|
|
March 23, 2014, 11:39:14 PM |
|
it is interesting for different reasons - right now this video is super-boring for me, because we already have this and I have spent a lot of attention to mesh networks here: http://justpaste.it/nxt-decentralized-internet (Fiber optic cables are addition by NxtMinnow). So the guy is like prehistoric talking for me. BUT - he was telling to the audience about something new. So the interesting part is - how he decided to do that. By 10 minutes faery tale and 5 minutes of very uncertain datas. No techbullshits
|
|
|
|
marek3ball
|
|
March 24, 2014, 12:07:40 AM Last edit: March 24, 2014, 12:22:07 AM by marek3ball |
|
|
|
|
|
Touque
Member
Offline
Activity: 94
Merit: 10
|
|
March 24, 2014, 12:17:16 AM |
|
OK, everybody, your favorite dictator rickyjames here, flapping my gums wildly once more.We've coming up on 2500 pages on this Bitcointalk thread. What an accomplishment!!! Woo Hoo!!! We have a new forum that is Our Very Own at nxtforum.org . Go ahead, enter it into your address bar of your browser, it works and it's a Simple Machine forum just like this one at Bitcointalk. You'll feel right at home. I've created a thread there called NXT Pub Thread - 2500 More Pages Here Or Bust http://107.170.117.237/index.php/topic,91.0.htmlI propose that 2Kool lock this thread at page 2500 and we do a mass migration over there. It would be nice, neat, poetic closure. And a new beginning. Like this: https://www.youtube.com/watch?v=gUQbLz7AoYcC'mon, everybody. Think Nike. Just do it. Nxt community might have been ready to do this. But you still need to persuade CFB to make the change. I don't know how he feel about it. I hope he will give it a try.
|
|
|
|
Daedelus
|
|
March 24, 2014, 12:25:58 AM |
|
How many posts per day/hour do we need to keep this top of the altcoin board here on bct? We could double post marketing, news, critical emule updates etc here to keep the thread top and get to have a shiny new forum too. Best of both worlds? I am back working on Daedelus' personal notebook the Nxt Wiki Glossary tommorow so prepare to be spammed... Goodnight
|
|
|
|
Damelon
Legendary
Offline
Activity: 1092
Merit: 1010
|
|
March 24, 2014, 12:49:11 AM |
|
OK, everybody, your favorite dictator rickyjames here, flapping my gums wildly once more.We've coming up on 2500 pages on this Bitcointalk thread. What an accomplishment!!! Woo Hoo!!! We have a new forum that is Our Very Own at nxtforum.org . Go ahead, enter it into your address bar of your browser, it works and it's a Simple Machine forum just like this one at Bitcointalk. You'll feel right at home. I've created a thread there called NXT Pub Thread - 2500 More Pages Here Or Bust http://107.170.117.237/index.php/topic,91.0.htmlI propose that 2Kool lock this thread at page 2500 and we do a mass migration over there. It would be nice, neat, poetic closure. And a new beginning. Like this: https://www.youtube.com/watch?v=gUQbLz7AoYcC'mon, everybody. Think Nike. Just do it. Nxt community might have been ready to do this. But you still need to persuade CFB to make the change. I don't know how he feel about it. I hope he will give it a try. CfB might still post here, but he is also registered over there, as is Jean Luc No worries! We are making quite a smooth transfer at the moment.
|
|
|
|
Touque
Member
Offline
Activity: 94
Merit: 10
|
|
March 24, 2014, 12:59:24 AM |
|
CfB might still post here, but he is also registered over there, as is Jean Luc No worries! We are making quite a smooth transfer at the moment. Woohoo! That is all I can say.
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
March 24, 2014, 01:03:18 AM |
|
P.S. Any URL for good SHA256 C source code?
NaCL has a C implementation of SHA256. See http://nacl.cr.yp.to/hash.html
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
Touque
Member
Offline
Activity: 94
Merit: 10
|
|
March 24, 2014, 01:09:48 AM |
|
This guy Peter Todd is listed as Chief Scientist of the Mastercoin Foundation. Don't you think we could make an exception when the FUD reaches this level?
I am with you. Now you can see how decentralized we are while he accused us centralized. Maybe once the FT get more implemented, people will get better understanding about Nxt.
|
|
|
|
dhit
Newbie
Offline
Activity: 20
Merit: 0
|
|
March 24, 2014, 01:12:21 AM |
|
I'm going wherever the discussion is certainly, but I'm curious.. why the move?
This will be awesome if this is the last message ever in the thread. lol
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
March 24, 2014, 01:15:52 AM |
|
This guy Peter Todd is listed as Chief Scientist of the Mastercoin Foundation. Don't you think we could make an exception when the FUD reaches this level?
I had some kind of appreciation to this guy before his comments on LTB... I hope he is just unaware... I find it is kinder to apply Hanlon's Razor to all communications (even Emule's.)
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
|