NXT :: descendant of Bitcoin - Updated Information

[ricot]

What web.xml options add most to stability of NXT server? The stability problems could simply be from suboptimal web.xml settings.

Does the 0.5.3 install use the most stable options in web.xml?
Are there any other files that need to be tweaked?

I am thinking that a lot of the problems in the field could be related to having a wrong set of settings. We are so close to a stable NXT server. I updated my peers list and now it is not going brain dead. Still need more time, but looking good so far.

The only thing that was changed was the list of peers, but I remember seeing a bunch of different tweaks. Has anybody tested the effect of the different tweaks on NXT server stability. So much work has been put into NXT, it would be a shame if a new NXT'er gets a bad experience due to suboptimal settings.

James

The problems we have been seeing were mostly due to one specific type of attack combined with a ddos. These attacks seem to have stopped now that they don't have the "desired" effect anymore.
The parameters are fine as they are, no need to adjust them. As are the peers, as soon as you see one peer, it will send you all it's other peers and you're good to go

[Zahlen]

Will make some sort of popover that shows where it links to (in browser extensions)

Blacklist of malicious aliases might be a good idea too...

Who will decide if an alias is malicious enough?

Could be through a 3rd-party web of trust type plugin, or blacklists maintained by 3rd parties. Most important I think is that the user retain the choice of how they want to filter malicious aliases (if at all). So ultimately users, and user demand decides.

Would you kindly pull your collective head out of your collective ass and start taking this issue seriously?

Well, give me an answer on a simple question:

- Where CRC should be added to protect a user from sending 90000 NXT instead of 80000 NXT and how is it different from incorrect account issue?

The solution to that does not have to be through CRC, or other checksums. For instance, to prevent miscommunication for short spoken strings, militaries pad out letters and digits. For instance, they may say NINER instead of NINE. If the problem is the number of digits, e.g. if folks worry about sending 800000 instead of 80000, commas can be used. Easier to spot the difference between 800,000 and 80,000. Different solutions for different problems.

I personally worry about these sort of inputs and double and triple check. As a newcomer to crypto$, all this worrying and checking stressed me out the night I made the trade offer in this thread. So it is a problem for me; I would much rather feel safer with more safeguards built into the protocol/client. For the amount to send, having to type it in two separate fields and disallow pasting in one of them (like email address confirmations) could be a way of solving the problem, and relieving user anxiety.

But I worried about the accuracy of addresses much, much more. NXT addresses are not easily eyeballed like transaction amounts or aliases.

A while back, when I asked CfB about using some of the 192 reserved address bits for check bits, he replied "We can't", which I took to mean it was impossible (without messing up a lot of things). I have much less coding experience and knowledge than most folks here, so on things like the current protocol I trust and defer to others. Now I'm reading stuff that suggests it might be possible. But whether client or protocol side, something MUST be done about this.

One of NxtChg.com's concerns is that if checksums are not implemented at the protocol level, it will not gain widespread adoption. I'm not so sure about this; seems like if no better solutions emerge, this could be adopted as a best practice when designing clients. I'm sure client designers also worry about address accuracy and don't want donations to get sent to the wrong places And after a while, maybe standard libraries/code fragments would get reused, so clients (and consequently users) would converge to standard ways of guarding against errors. He's got some server-side concerns too, which I don't have the experience to say anything about.

Breaking up NXT addresses into groups of digits (like credit cards) might help a little.

[NxtChoice]

@Luc @CfB @info.nxtcrypto

I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.

Thanks.

[opticalcarrier]

@Luc @CfB @info.nxtcrypto

I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.

Thanks.

I do this on the nxtcrypto forum post when I update it for new clients.  Ill get the info guy to do the same


But I dont think itll work out perfectly.  Most of the time, linking back to a post here just gets you to the top of the page the post is on.  Know how to fix that?

[newcn]

@Luc @CfB @info.nxtcrypto

I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.

Thanks.

I suggest creating an UPDATE button in the basic interface,
and relating this button to http://localhost:7874/update.html

[Zahlen]

If one American fueled only by curiosity calling himself rickyjames can find out so much about EpicThomas and ktirio2010 in the real world with just a few clicks of a mouse, imagine what 30,000 Americans fueled by $11 billion calling themselves the National Security Agency (NSA) can find out about YOU.  

This is absolutely terrifying.

I'm a loyal American with a security clearance, so I've got to say that what Edward Snowden was illegal and he should be arrested and tried for felony charges

Yet this terrifies me even more, that people are not free to say what they really want to say, because they are bound by laws that are not decided by them! And also by other things not decided by them, like religion, social ostracism, bad education and bad parenting.

Enjoy every single day and every single sunset, you crazy guys and gals out there, every day there's one fewer of them for you.

Trying my darnest May your days be awesome too.

[pandaisftw]

My client is crashing every time I send a transaction. The money gets sent (and confirmed later on), but the client crashes before I get the "The money is sent" message.

Code:

java.lang.IllegalStateException: WRITER
        at org.eclipse.jetty.server.Response.getOutputStream(Response.java:931)
        at Nxt.doGet(Unknown Source)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:696
)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(Servlet
Handler.java:1568)
        at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:457
)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:326)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:299)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(Servlet
Handler.java:1539)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java
:524)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.j
ava:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.jav
a:568)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandl
er.java:221)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandl
er.java:1110)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:
453)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandle
r.java:183)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandle
r.java:1044)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.j
ava:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(Cont
extHandlerCollection.java:199)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerColl
ection.java:109)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper
.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:459)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.jav
a:229)
        at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java
:505)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPoo
l.java:607)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool
.java:536)
        at java.lang.Thread.run(Unknown Source)

[opticalcarrier]

OK trying out the amazon free EC2 VPS... Now im no stranger to SSH key authentication, Ive got 12 VPS doing it now.  But this amazon shit dont work... it doesnt like the private key they gave me... Dont even see anywhere to go to ask them to reset it either.

what next?

[Noitev]

I have to limit my reading on this forum, my paranoia is just under "don't trust the doctors."

[joefox]

My client is crashing every time I send a transaction. The money gets sent (and confirmed later on), but the client crashes before I get the "The money is sent" message.

Code:

removed for brevity

My client is doing the SAME thing... but it only happens after my client has gone into the "negative recent blocks" and "thousands of unconfirmed transactions" phase.

[EmoneyRu]

OK trying out the amazon free EC2 VPS... Now im no stranger to SSH key authentication, Ive got 12 VPS doing it now.  But this amazon shit dont work... it doesnt like the private key they gave me... Dont even see anywhere to go to ask them to reset it either.

what next?

I converted .pem to openssh format. As said here it was not even needed. "note: PEM private keys are OpenSSH's native format for protocol 2 keys"

Check the username. For ubuntu default is "ubuntu"

[NxtChoice]

@Luc @CfB @info.nxtcrypto

I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.

Thanks.

I do this on the nxtcrypto forum post when I update it for new clients.  Ill get the info guy to do the same


But I dont think itll work out perfectly.  Most of the time, linking back to a post here just gets you to the top of the page the post is on. Know how to fix that?

Each post should has its own link url in this forum and we can exactly locate the post. For example, you post should be link https://bitcointalk.org/index.php?topic=345619.msg4401865#msg4401865

Edit: I also summarize a post for Nxt Client Update Link and see my signature.

[Come-from-Beyond]

Also, in case of the amount, the user can verify it, because it's human-readable.

Aliases r readable too.

Problem is aliases need to be looked up, and you have to be sure no one is poisoning the alias lookup with fake info (associated id). So you have to do at least 5+ lookups from different peers to be sure that the ID is correct.. (Is this correct?) - That's not very fast and you won't reach 10,000 tps (or however many you want) this way. I may be wrong.

Future clients will sign transactions by themselves. Sending a secret phrase to a remote node is insecure. That's why input should be validated on client side.

[Come-from-Beyond]

What, you 3 are so afraid of the cost of change, you willingly delude yourself into denial? What is it?

Ok, I'll tell u. We have plans that will make CRC on server side unnecessary. Can't tell u more right now.

[Come-from-Beyond]

P.S. If you have a pending deposit, PM me and I will help track it down

I got no reply on my question regarding account to send the reward to. Could u contact the owner and ask if he needs 20K for the 3rd place in Exchange category?

[Come-from-Beyond]

Technical question: is transaction ID enough to uniquely identify it or should I use the full signature?

If a transaction is confirmed then enough.

[mcjavar]

Is anybody willing to sell me 360k Nxt @ 0.000045?

There is no liquidity on Dgex..

[Come-from-Beyond]

Another technical question: what are transaction type and subtype?

http://localhost:7874/nxt?requestType=getConstants

[marcus03]

Another technical question: what are transaction type and subtype?

http://localhost:7874/nxt?requestType=getConstants

And:

http://wiki.nxtcrypto.org/wiki/Nxt_API
https://bitcointalk.org/index.php?topic=313082.0

[Dervish]

NxtPool - first forging NXT pool
https://bitcointalk.org/index.php?topic=406331