NXT :: descendant of Bitcoin - Updated Information

[Damelon]

I made these for friends and family. They are all like "why didnt you tell me about bitcoin earlier", well this time they wont have any excuses.

Nice!

[yan83]

Nice!

[instacalm]

Vote for hash's logo here: https://nextcoin.org/index.php/topic,1927.0.html

[smartwart]

what is the current count at the voting?

[notsoshifty]

CfB

Architecture question.

All nodes run the same software, each maintaining synchronized copy of blockchain
Your reflex objection to any secondary authentication is that it can only be implemented using some sort of centralized method, defeating the robustness gained from the distributed nature.

I have been thinking about this at a high level this afternoon, so I am sure not all the details are right, but conceptually if we can implement a "centralized" type of action when all the nodes are running the same software and replicating the same dataset, then authentication could be implemented in a distributed context.

Correct or incorrect?

James

You can't assume all nodes run the same software. Rogue nodes do/will exist, although their rogueness may not be apparent to their peers.

[jl777]

notsoshifty

OK, change "same software" to "software that uses the same protocol"

My question is still unanswered

James

[ferment]

can I get some SSH remote command help here?

on a box, I can do lynx -dump http://localhost:7874/nxt?requestType=getPeer\&peer=79.102.159.249
to see the stats for the 79.102.159.249 peer if it is connected.  The results look like this (notice I had to escape the & there):

Code:

{"platform":"?","application":"NRS","weight":0,"state":1,"announcedAddress":"","
downloadedVolume":8758,"version":"0.4.7e","uploadedVolume":12675225}

why can I not use this to do a remote SSH command?

Code:

root@vps1:~# ssh -i .ssh/vps root@vps1 lynx -dump http://localhost:7874/nxt?requestType=getPeer\&peer=79.102.159.249
{"errorCode":3,"errorDescription":"\"peer\" not specified"}
root@vps1:~#

Try:

Code:

ssh root@vps1 -t -C 'curl "http://localhost:7874/nxt?requestType=getPeer&peer=79.102.159.249"'

[newcn]

Oh my god, my nxt was stolen by some one,
and the client behaves strange today: when I unlock my account, it stucked there and client complains:

Code:

2014-01-02 08:29:52.060:INFO:oejs.ServerConnector:main: Started ServerCon
d1a23c{SSL-http/1.1}{0.0.0.0:7875}
2014-01-02 08:31:48.263:WARN:oejs.ServletHandler:qtp14109749-51: /nxt
java.lang.IllegalStateException: WRITER
        at org.eclipse.jetty.server.Response.getOutputStream(Response.jav
        at Nxt.doGet(Nxt.java:9306)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.j
)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(
Handler.java:1568)
        at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.j
)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:3
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:2
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(
Handler.java:1539)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandl
:524)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHa
ava:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHand
a:568)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(Sessi
er.java:221)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(Conte
er.java:1110)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandle
453)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(Sessio
r.java:183)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(Contex
r.java:1044)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHa
ava:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.hand
extHandlerCollection.java:199)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(Hand
ection.java:109)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handler
.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:459)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:2
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnect
a:229)
        at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnecti
:505)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedTh
l.java:607)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThr
.java:536)
        at java.lang.Thread.run(Unknown Source)
[2014-01-02 08:31:49.677] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.974] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.977] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.978] 17: java.lang.IllegalStateException: WRITER

the theft transaction is
sender: 16886318053889080545 recipient: 9793828175536096502 amount: 18197 fee: 1 confirmations: 453
which happened yesterday!

[PaulyC]

I literally saw my client a few moments after it happened (it was open) so how this happened is odd!

My actual User account that has been stolen from is
NXT
16821029889165561706

I don't have any idea how this may have happened either. Just wanted to confirm, at the moment the theft happened your client was running and you had the browser window opened, and your account was unlocked (you were seeing your balance and the "send money" arrow), is that all correct?

Just trying to differentiate the possibilities, whether the hacker obtained you password via brute-force or some other way and initiated the transaction from another machine, or somehow your own machine was tricked to initiate the transaction.

And you were running 0.4.8 at the time, right? I added the second check for secret phrase before send money exactly to increase security, so that even if you account is unlocked in the browser you still need to enter your password again.

Another question, did you generate your random-looking password using some software - password manager, online service, or created it manually by typing at random?

I just wanted to clarify, with this, I had my server and client open.  Was just perusing the blocks within the client, seeing if I was up-to-date, something I just do sometimes, and the account balance went from 7808, then on next look 0, maybe a moment later, less than 10 seconds.

No one was remotely accessing my computer etc.  It was just balance 0, account recipient ID under sent transactions with 7808, etc.

Update ran a full scan with my antivirus software, ESET, all up to date, no viruses or intrusions found.


The other question about password, this is the very first account I made so I did use the password generator that I had seen recommended on nextcoin.org
used "local" mode, to a certain degree,
http://passwordsgenerator.net/
(i definitely wouldn't recommend using one of these)

for 25 of the char of the PW, then I just made up the rest randomly 9 more characters.

and I'm not sure about what online nodes refers to exactly, but I can honestly say I never used anything online with that PW until today with CfB.
I don't see any strange opened ports so I believe I'm good on that end.


Has anyone else noticed the 4.8 download zip from nextcoin.org vs. the one from this exact link
Nxt 0.4.8 - https://mega.co.nz/#!yV5A1BTR!oi33K7WovgccuEHvP05nzggTnxrkZHJbwFmv5tGeXNI

Are 5 Kb in difference? is that anything to be concerned about?


I want to buy more NXT, but it just sucks cuz i got in somewhat early and thought I was following all the instructions correctly, and I honestly don't know what happened which makes me hesitant.

It's not cool everyone thinks I'm some troll planning this all out, but I guess that's a natural reaction. I would hope in the future there's someway to stop someone from just taking someone's NXT like this, (I actually thought the two step PW on "sending" was a good idea, but didn't stop them in this case)

I'll try to keep an eye out on this hacker's acct# to see if he hits anybody else.
http://22k.io/-account/16204974692852323982

[PaulyC]

Oh my god, my nxt was stolen by some one,
and the client behaves strange today: when I unlock my account, it stucked there and client complains:

Code:

2014-01-02 08:29:52.060:INFO:oejs.ServerConnector:main: Started ServerCon
d1a23c{SSL-http/1.1}{0.0.0.0:7875}
2014-01-02 08:31:48.263:WARN:oejs.ServletHandler:qtp14109749-51: /nxt
java.lang.IllegalStateException: WRITER
        at org.eclipse.jetty.server.Response.getOutputStream(Response.jav
        at Nxt.doGet(Nxt.java:9306)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.j
)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(
Handler.java:1568)
        at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.j
)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:3
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:2
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(
Handler.java:1539)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandl
:524)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHa
ava:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHand
a:568)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(Sessi
er.java:221)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(Conte
er.java:1110)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandle
453)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(Sessio
r.java:183)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(Contex
r.java:1044)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHa
ava:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.hand
extHandlerCollection.java:199)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(Hand
ection.java:109)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handler
.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:459)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:2
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnect
a:229)
        at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnecti
:505)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedTh
l.java:607)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThr
.java:536)
        at java.lang.Thread.run(Unknown Source)
[2014-01-02 08:31:49.677] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.974] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.977] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.978] 17: java.lang.IllegalStateException: WRITER

the theft transaction is
sender: 16886318053889080545 recipient: 9793828175536096502 amount: 18197 fee: 1 confirmations: 453
which happened yesterday!

Newcn are you serious? cuz this is almost exactly what happened to me, I'm pretty sure my server had some language like this too! I just closed mine and didn't copy it like you did.. what is this? When I open it now it opens fine, but my balance is 0.

[S3MKi]

I literally saw my client a few moments after it happened (it was open) so how this happened is odd!

My actual User account that has been stolen from is
NXT
16821029889165561706

I don't have any idea how this may have happened either. Just wanted to confirm, at the moment the theft happened your client was running and you had the browser window opened, and your account was unlocked (you were seeing your balance and the "send money" arrow), is that all correct?

Just trying to differentiate the possibilities, whether the hacker obtained you password via brute-force or some other way and initiated the transaction from another machine, or somehow your own machine was tricked to initiate the transaction.

And you were running 0.4.8 at the time, right? I added the second check for secret phrase before send money exactly to increase security, so that even if you account is unlocked in the browser you still need to enter your password again.

Another question, did you generate your random-looking password using some software - password manager, online service, or created it manually by typing at random?

I just wanted to clarify, with this, I had my server and client open.  Was just perusing the blocks within the client, seeing if I was up-to-date, something I just do sometimes, and the account balance went from 7808, then on next look 0, maybe a moment later, less than 10 seconds.

No one was remotely accessing my computer etc.  It was just balance 0, account recipient ID under sent transactions with 7808, etc.

Update ran a full scan with my antivirus software, ESET, all up to date, no viruses or intrusions found.


The other question about password, this is the very first account I made so I did use the password generator that I had seen recommended on nextcoin.org
used "local" mode, to a certain degree,
http://passwordsgenerator.net/
(i definitely wouldn't recommend using one of these)

for 25 of the char of the PW, then I just made up the rest randomly 14 more characters.

and I'm not sure about what online nodes refers to exactly, but I can honestly say I never used anything online with that PW until today with CfB.
I don't see any strange opened ports so I believe I'm good on that end.


Has anyone else noticed the 4.8 download zip from nextcoin.org vs. the one from this exact link
Nxt 0.4.8 - https://mega.co.nz/#!yV5A1BTR!oi33K7WovgccuEHvP05nzggTnxrkZHJbwFmv5tGeXNI

Are 5 Kb in difference? is that anything to be concerned about?


I want to buy more NXT, but it just sucks cuz i got in somewhat early and thought I was following all the instructions correctly, and I honestly don't know what happened which makes me hesitant.

It's not cool everyone thinks I'm some troll planning this all out, but I guess that's a natural reaction. I would hope in the future there's someway to stop someone from just taking someone's NXT like this, (I actually thought the two step PW on "sending" was a good idea, but didn't stop them in this case)

I'll try to keep an eye out on this hacker's acct# to see if he hits anybody else.
http://22k.io/-account/16204974692852323982

do not worry much bro

[S3MKi]

Oh my god, my nxt was stolen by some one,
and the client behaves strange today: when I unlock my account, it stucked there and client complains:

Code:

2014-01-02 08:29:52.060:INFO:oejs.ServerConnector:main: Started ServerCon
d1a23c{SSL-http/1.1}{0.0.0.0:7875}
2014-01-02 08:31:48.263:WARN:oejs.ServletHandler:qtp14109749-51: /nxt
java.lang.IllegalStateException: WRITER
        at org.eclipse.jetty.server.Response.getOutputStream(Response.jav
        at Nxt.doGet(Nxt.java:9306)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.j
)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(
Handler.java:1568)
        at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.j
)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:3
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:2
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(
Handler.java:1539)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandl
:524)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHa
ava:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHand
a:568)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(Sessi
er.java:221)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(Conte
er.java:1110)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandle
453)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(Sessio
r.java:183)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(Contex
r.java:1044)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHa
ava:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.hand
extHandlerCollection.java:199)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(Hand
ection.java:109)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(Handler
.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:459)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:2
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnect
a:229)
        at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnecti
:505)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedTh
l.java:607)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThr
.java:536)
        at java.lang.Thread.run(Unknown Source)
[2014-01-02 08:31:49.677] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.974] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.977] 17: java.lang.IllegalStateException: WRITER
[2014-01-02 08:31:49.978] 17: java.lang.IllegalStateException: WRITER

the theft transaction is
sender: 16886318053889080545 recipient: 9793828175536096502 amount: 18197 fee: 1 confirmations: 453
which happened yesterday!

omg. How do they steal your nxt!?!?

[newcn]

Newcn are you serious? cuz this is almost exactly what happened to me, I'm pretty sure my server had some language like this too! I just closed mine and didn't copy it like you did.. what is this? When I open it now it opens fine, but my balance is 0.

's
Im not joking, the thief take all from my account, there're 1696 nxt arrive after, that's all my balance now
and I can't transfer to other account

[S3MKi]

Newcn are you serious? cuz this is almost exactly what happened to me, I'm pretty sure my server had some language like this too! I just closed mine and didn't copy it like you did.. what is this? When I open it now it opens fine, but my balance is 0.

's
Im not joking, the thief take all from my account, there're 1696 nxt arrive after, that's all my balance now
and I can't transfer to other account

Where did you download your client 0.4.8?

[notsoshifty]

Has anyone else noticed the 4.8 download zip from nextcoin.org vs. the one from this exact link
Nxt 0.4.8 - https://mega.co.nz/#!yV5A1BTR!oi33K7WovgccuEHvP05nzggTnxrkZHJbwFmv5tGeXNI

Are 5 Kb in difference? is that anything to be concerned about?

You've quoted one, but what is the second link exactly?

[PaulyC]

Newcn are you serious? cuz this is almost exactly what happened to me, I'm pretty sure my server had some language like this too! I just closed mine and didn't copy it like you did.. what is this? When I open it now it opens fine, but my balance is 0.

's
Im not joking, the thief take all from my account, there're 1696 nxt arrive after, that's all my balance now
and I can't transfer to other account

and let me guess.. when you tried to re-enter your client.. it was sort of "sticking".. like mine was hanging for a second after entering the passphrase, I don't think it ever did that b4. it's always like passphrase, enter, bam client right there.. but when i noticed it gone, i trying to start the server/client from scratch in hopes it was just something in the browser history was off.

I'm on Chrome Google, download link was the one directly from nextcoin.org, I think it's a different mega link I used from the one placed on page 1 here.

@notsoshifty.. umm..

This is the place and link I actually DLed and was using when my NXT was stolen (I think I'm not sure if it's the exact same file it coulda been updated?)
https://nextcoin.org/index.php/topic,4.0.html

https://mega.co.nz/#!yV5A1BTR!oi33K7WovgccuEHvP05nzggTnxrkZHJbwFmv5tGeXNI

Ok I just realized those two links (front page and nextcoin.org) are the same. weird.  Could they have been different yesterday?

[mnightwaffle]

I'm getting somewhat similar things on one of the auto clients posted on nextcoin org


http://postimg.org/image/gyklwzb9n/

I do not get any data feed readings like that the manual way.

[utopianfuture]

I literally saw my client a few moments after it happened (it was open) so how this happened is odd!

My actual User account that has been stolen from is
NXT
16821029889165561706

I don't have any idea how this may have happened either. Just wanted to confirm, at the moment the theft happened your client was running and you had the browser window opened, and your account was unlocked (you were seeing your balance and the "send money" arrow), is that all correct?

Just trying to differentiate the possibilities, whether the hacker obtained you password via brute-force or some other way and initiated the transaction from another machine, or somehow your own machine was tricked to initiate the transaction.

And you were running 0.4.8 at the time, right? I added the second check for secret phrase before send money exactly to increase security, so that even if you account is unlocked in the browser you still need to enter your password again.

Another question, did you generate your random-looking password using some software - password manager, online service, or created it manually by typing at random?

I just wanted to clarify, with this, I had my server and client open.  Was just perusing the blocks within the client, seeing if I was up-to-date, something I just do sometimes, and the account balance went from 7808, then on next look 0, maybe a moment later, less than 10 seconds.

No one was remotely accessing my computer etc.  It was just balance 0, account recipient ID under sent transactions with 7808, etc.

Update ran a full scan with my antivirus software, ESET, all up to date, no viruses or intrusions found.


The other question about password, this is the very first account I made so I did use the password generator that I had seen recommended on nextcoin.org
used "local" mode, to a certain degree,
http://passwordsgenerator.net/
(i definitely wouldn't recommend using one of these)

for 25 of the char of the PW, then I just made up the rest randomly 9 more characters.

and I'm not sure about what online nodes refers to exactly, but I can honestly say I never used anything online with that PW until today with CfB.
I don't see any strange opened ports so I believe I'm good on that end.


Has anyone else noticed the 4.8 download zip from nextcoin.org vs. the one from this exact link
Nxt 0.4.8 - https://mega.co.nz/#!yV5A1BTR!oi33K7WovgccuEHvP05nzggTnxrkZHJbwFmv5tGeXNI

Are 5 Kb in difference? is that anything to be concerned about?


I want to buy more NXT, but it just sucks cuz i got in somewhat early and thought I was following all the instructions correctly, and I honestly don't know what happened which makes me hesitant.

It's not cool everyone thinks I'm some troll planning this all out, but I guess that's a natural reaction. I would hope in the future there's someway to stop someone from just taking someone's NXT like this, (I actually thought the two step PW on "sending" was a good idea, but didn't stop them in this case)

I'll try to keep an eye out on this hacker's acct# to see if he hits anybody else.
http://22k.io/-account/16204974692852323982

Looks like you downloaded a bogus client. Scary stuff. The client at the front page of this thread is legit. You need to calculate the hash256 of the zip file of your client and compare to the hash in the 0.4.8 in the front page. They have to match exactly.
As you said you have two same client with 5Kb difference in size. One is certainly bogus. Sorry for your loss. This should really be sticky.
I could have fallen for this since I never checked the file until today.
But for now, only use client file from trusted source and do a checksum hash256 the zip file before using.

This needs to be in wiki and the front page.

[notsoshifty]

Looks like you downloaded a bogus client. Scary stuff. The client at the front page of this thread is legit. You need to calculate the hash256 of the zip file of your client and compare to the hash in the 0.4.8 in the front page. They have to match exactly.
As you said you have two same client with 5Kb difference in size. One is certainly bogus. Sorry for your loss. This should really be sticky.
I could have fallen for this since I never checked the file until today.
But for now, only use client file from trusted source and do a checksum hash256 the zip file before using.

This needs to be in wiki and the front page.

If this is correct, then PaulyC please upload the bogus client somewhere and post the link (or give its original link); it would be interesting to see it.

[yan83]

When will the explorer be back online?
区块浏览何时可以用？？