nexern
|
|
December 07, 2013, 09:52:10 AM |
|
have had the same problems with nxt-bce last night. badMessage: java.lang.IllegalStateException: too much data after closed for ... badMessage: 400 Illegal character for HttpChannelOverHttp@235eb171{r=0,a=ID ... the explorer was also flooded with bot api requests, not from local fetcher. changed to 0.3.14. and now it seems better. i tried to bind allowedBotHosts to localhost but this doesn't work. is there any additional tag i have to set? (otherwise i could solve this via iptables) ps: cfb, anything we can do to support you against the hackers?
|
|
|
|
Jean-Luc
|
|
December 07, 2013, 10:08:49 AM |
|
Yes, and seems like our networking is too dependent on the bootstrap nodes. Last night fluke.airdns.org crashed with the java process exceeding the 1024 number of open files limit. At that point it had more than 400 active peers. I increased the open files limit to 16384 and restarted, this morning it had crashed again. Right now it is at 200 active peers, will see how long it lasts.
|
|
|
|
|
nexern
|
|
December 07, 2013, 10:18:30 AM |
|
Yes, and seems like our networking is too dependent on the bootstrap nodes. Last night fluke.airdns.org crashed with the java process exceeding the 1024 number of open files limit. At that point it had more than 400 active peers. I increased the open files limit to 16384 and restarted, this morning it had crashed again. Right now it is at 200 active peers, will see how long it lasts. yes, have raised ulimit too, running with 300+ peers fine now. do you have any additional/usefull port restrictions to protect your node?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
December 07, 2013, 10:21:33 AM |
|
have had the same problems with nxt-bce last night. badMessage: java.lang.IllegalStateException: too much data after closed for ... badMessage: 400 Illegal character for HttpChannelOverHttp@235eb171{r=0,a=ID ... the explorer was also flooded with bot api requests, not from local fetcher. changed to 0.3.14. and now it seems better. i tried to bind allowedBotHosts to localhost but this doesn't work. is there any additional tag i have to set? (otherwise i could solve this via iptables) ps: cfb, anything we can do to support you against the hackers? Use http://myserver.com:7874/nxt?requestType=getMyInfo, put value of "host" into allowedBotHosts. PS: I'm preparing a long post about 0.3.15, will post it very soon. 0.3.15 is a "migration" version to prepare the network for 0.3.16 that will have a special defense against cancer nodes.
|
|
|
|
Jean-Luc
|
|
December 07, 2013, 10:25:37 AM |
|
yes, have raised ulimit too, running with 300+ peers fine now. do you have any additional/usefull port restrictions to protect your node?
Not really, it is behind a vpn which effectively acts as a firewall, the only ports forwarded are 7874 and 7875. And there is nothing but Nxt running on it, with -Xmx3584M.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
December 07, 2013, 10:26:35 AM |
|
Yes, and seems like our networking is too dependent on the bootstrap nodes. Last night fluke.airdns.org crashed with the java process exceeding the 1024 number of open files limit. At that point it had more than 400 active peers. I increased the open files limit to 16384 and restarted, this morning it had crashed again. Right now it is at 200 active peers, will see how long it lasts. Aye, we depend on bootstrapping nodes. Luckyly if a node got a list of other public nodes it doesn't depend on the bootstrappers anymore. In the future I'm planning to implement a special fallback mechanism that will let to connect to nodes unreachable from the Internet.
|
|
|
|
bybitcoin
|
|
December 07, 2013, 10:36:55 AM |
|
Any update on when the 3.15 will be release? Totally locked with 3.14, stuck at block 9157, only generates incorrect blocks and the balance is sometimes 0 and sometimes the actual one
|
|
|
|
|
salsacz
|
|
December 07, 2013, 10:58:48 AM |
|
great job, as always
|
|
|
|
klee
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
December 07, 2013, 11:39:50 AM |
|
Hey CfB can you clarify something please? If u r an owner of non-trivial amounts in NXT u should run ur own node(s) accessible on the Internet to protect the network.
So if I run a local client should I make all these steps? If I use a bootstrap node am I more vulnerable to attacks?
|
|
|
|
bybitcoin
|
|
December 07, 2013, 11:43:36 AM |
|
Do we need to attach the same nxtfiles.zip file into this new 3.15 too? Or it can work independently?
About the hallmark do I really need it even if my account is usually offline and not much of in the mining mode?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
December 07, 2013, 11:45:51 AM |
|
So if I run a local client should I make all these steps? If I use a bootstrap node am I more vulnerable to attacks?
Is ur local client visible from the outside? Does it have static IP or domain? If "yes" then "yes". What do u mean "If I use a bootstrap node"?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
December 07, 2013, 11:48:21 AM |
|
Do we need to attach the same nxtfiles.zip file into this new 3.15 too? Or it can work independently?
About the hallmark do I really need it even if my account is usually offline and not much of in the mining mode?
0.3.15 supplied with the most recent *.nxt files. But u should always rewrite them with ur own ones (if u have any). It doesn't matter if u account offline. If u have a node visible on the Internet then u should "mark" it. Doing so will increase stability of ur own node as well.
|
|
|
|
starik69
Legendary
Offline
Activity: 1367
Merit: 1000
|
|
December 07, 2013, 11:58:22 AM |
|
Sorry, didn't understand a bit What is Hallmark? What are weights? What should i do if i own >1M NXT, want to mine but i am behind NAT?
|
|
|
|
Jean-Luc
|
|
December 07, 2013, 12:01:20 PM |
|
Is there an API to verify whether a node has been marked, and with what account? Or to retrieve the node hallmark?
The node on which an account is unlocked (in order to mine) doesn't need to be marked, and a marked node doesn't need to have the account unlocked, correct?
If one marks a node, which is not behind a vpn, an attacker can correlate the marking account with the node IP, thus compromising your anonymity, correct?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
December 07, 2013, 12:02:06 PM |
|
Sorry, didn't understand a bit What is Hallmark? What are weights? What should i do if i own >1M NXT, want to mine but i am behind NAT? If u behind NAT then u can do nothing atm. Hallmark is used to set weights to nodes according to amounts tied to them. It's like a reputation system based on proof-of-stake. A hacker can run thousands of nodes but without a big amount of coins in his possession such nodes will be ignored.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
December 07, 2013, 12:06:47 PM |
|
Is there an API to verify whether a node has been marked, and with what account? Or to retrieve the node hallmark?
No. I'll add it into 0.3.16. PM me with the details if u wish. The node on which an account is unlocked (in order to mine) doesn't need to be marked, and a marked node doesn't need to have the account unlocked, correct?
Marked node doesn't need an unlocked account. But a node with unlocked account doesn't get a hallmark automatically (in current implementation). If one marks a node, which is not behind a vpn, an attacker can correlate the marking account with the node IP, thus compromising your anonymity, correct?
What do u mean "correlate"? Soft checks real host of a peer. An attacker can't just say "I am 88.198.210.245".Got it. Yes, this compromises anonymity.
|
|
|
|
starik69
Legendary
Offline
Activity: 1367
Merit: 1000
|
|
December 07, 2013, 12:14:59 PM |
|
Got it. Yes, this compromises anonymity.
And without hallmark is there any mechanism to know which account mines from which ip?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
December 07, 2013, 12:18:05 PM |
|
Got it. Yes, this compromises anonymity.
And without hallmark is there any mechanism to know which account mines from which ip? Yes, if u own the most part of the nodes. If u worry about ur anonymity then use Tor.
|
|
|
|
|