landomata
Legendary
Offline
Activity: 2184
Merit: 1000
|
|
January 09, 2014, 09:29:04 AM |
|
What is the time frame for No. 2
Edit: or are things still in the planning phase?.....if yes....how long would it take to implement once plans are finalized?
~6 months, but this is a rough assessment. We don't need to hurry, copycoins can't outpace us anyway, coz not all details of TF were revealed. Asset Exchange, Alias System... none of these features r ground-breaking, only Transparent Forging is a real improvement. Could we achieve msg per. day limit of a few million after that time...
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 09, 2014, 09:31:26 AM |
|
What is the time frame for No. 2
Edit: or are things still in the planning phase?.....if yes....how long would it take to implement once plans are finalized?
~6 months, but this is a rough assessment. We don't need to hurry, copycoins can't outpace us anyway, coz not all details of TF were revealed. Asset Exchange, Alias System... none of these features r ground-breaking, only Transparent Forging is a real improvement. Could we achieve msg per. day limit of a few million after that time... Yes
|
|
|
|
Jean-Luc
|
|
January 09, 2014, 09:37:12 AM |
|
I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.
See those *.asc files in the http://download.nxtcrypto.org/ directory? Those are GPG signatures of the corresponding zip files. If you download both nxt-client-0.5.3.zip and nxt-client-0.5.3.zip.asc in the same directory, you can run "gpg --verify nxt-client-0.5.3.zip.asc" to verify my signature of the zip package. This gives you one independent way of checking, and a hacker cannot provide a signature for a modified zip package without somehow stealing my private GPG key. The nxt-client-0.5.3.zip.sha256.txt.asc is again a GPG signed file containing the sha256 sum. You can run "gpg --verify nxt-client-0.5.3.zip.sha256.txt.asc" to verify its content, then run "sha256sum -c nxt-client-0.5.3.zip.sha256.txt.asc" which will say "nxt-client-0.5.3.zip: OK" if the sha256 sum matches (ignore the warning about the extra lines, those are the gpg signature). Finally, the value of the NRSversion alias on the blockchian contains the sha256 sum of the last stable release. That gives you quite a few independent ways of verifying the package.
|
|
|
|
landomata
Legendary
Offline
Activity: 2184
Merit: 1000
|
|
January 09, 2014, 09:39:30 AM |
|
What is the time frame for No. 2
Edit: or are things still in the planning phase?.....if yes....how long would it take to implement once plans are finalized?
~6 months, but this is a rough assessment. We don't need to hurry, copycoins can't outpace us anyway, coz not all details of TF were revealed. Asset Exchange, Alias System... none of these features r ground-breaking, only Transparent Forging is a real improvement. Could we achieve msg per. day limit of a few million after that time... Yes Can we implement my msg fee idea....you pay 1 Nxt in messenging fee every 1440 blocks to send messages to one other account....if you want to send to a new account you have to pay a fresh messaging fee.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 09, 2014, 09:49:33 AM |
|
Can we implement my msg fee idea....you pay 1 Nxt in messenging fee every 1440 blocks to send messages to one other account....if you want to send to a new account you have to pay a fresh messaging fee.
We can. U just have to convince the community that it's a useful feature and find someone who will write the code.
|
|
|
|
|
EmoneyRu
|
|
January 09, 2014, 10:00:03 AM |
|
I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.
See those *.asc files in the http://download.nxtcrypto.org/ directory? Those are GPG signatures of the corresponding zip files. If you download both nxt-client-0.5.3.zip and nxt-client-0.5.3.zip.asc in the same directory, you can run "gpg --verify nxt-client-0.5.3.zip.asc" to verify my signature of the zip package. This gives you one independent way of checking, and a hacker cannot provide a signature for a modified zip package without somehow stealing my private GPG key. The nxt-client-0.5.3.zip.sha256.txt.asc is again a GPG signed file containing the sha256 sum. You can run "gpg --verify nxt-client-0.5.3.zip.sha256.txt.asc" to verify its content, then run "sha256sum -c nxt-client-0.5.3.zip.sha256.txt.asc" which will say "nxt-client-0.5.3.zip: OK" if the sha256 sum matches (ignore the warning about the extra lines, those are the gpg signature). Finally, the value of the NRSversion alias on the blockchian contains the sha256 sum of the last stable release. That gives you quite a few independent ways of verifying the package. Add to this getting your public key based on "GPG key fingerprint" and it will be nice guide. And yes, we definitely need nxt-client-latest to automate all this steps
|
|
|
|
notsoshifty
|
|
January 09, 2014, 10:06:28 AM |
|
Brainstorming
I'd like to introduce a concept of a new feature called Account Control. This feature will allow to do different things with ur accounts. For example, u will be able to set a lock on an account to prohibit any outgoing transactions until a special condition met (e.g. an incoming transaction from a predefined account). Another example is Pooled Forging, when an account leases its forging power to another account.
Please, post here what u would like to see in Account Control.
(Not sure if this already part of pooled forging already). Pooled forging with agreed pro-rata payment to be made at the end of the lease. Example: - I lease 100,000nxt to Bob at an agreed rate of 0.0005 "nxt per day per nxt" (agreement to be reached using nxt network protocol). - Whilst leased, the funds aren't available for me to spend or forge with - After 3 days I decide I want to buy a car, so I revoke the lease - As part of the nxt being returned to my account, I also automatically receive 150 (==0.0005*100000*3) nxt from Bob's account - Network ensures that funds to pay all leases is available in the target account (or a separate nominated/linked account), and automatically cancels leases if this situation should arise So the pool operator takes on all forging risk, and the network ensures users are paid what they're due (so safe for them). Follow up to this: - Auctioning of my forging lease to the highest bidder; one-off, or similar to Amazon's "spot price" where if someone bids higher whilst my forging power is leased to one party the lease automatically gets transferred to the new highest bidder So, to create a competitive marketplace for forging power.
|
|
|
|
xibeijan
Legendary
Offline
Activity: 1232
Merit: 1001
|
|
January 09, 2014, 10:29:54 AM |
|
Does transparent forging work through firewalls?
|
|
|
|
Jean-Luc
|
|
January 09, 2014, 10:30:40 AM |
|
I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.
See those *.asc files in the http://download.nxtcrypto.org/ directory? Those are GPG signatures of the corresponding zip files. If you download both nxt-client-0.5.3.zip and nxt-client-0.5.3.zip.asc in the same directory, you can run "gpg --verify nxt-client-0.5.3.zip.asc" to verify my signature of the zip package. This gives you one independent way of checking, and a hacker cannot provide a signature for a modified zip package without somehow stealing my private GPG key. The nxt-client-0.5.3.zip.sha256.txt.asc is again a GPG signed file containing the sha256 sum. You can run "gpg --verify nxt-client-0.5.3.zip.sha256.txt.asc" to verify its content, then run "sha256sum -c nxt-client-0.5.3.zip.sha256.txt.asc" which will say "nxt-client-0.5.3.zip: OK" if the sha256 sum matches (ignore the warning about the extra lines, those are the gpg signature). Finally, the value of the NRSversion alias on the blockchian contains the sha256 sum of the last stable release. That gives you quite a few independent ways of verifying the package. Add to this getting your public key based on "GPG key fingerprint" and it will be nice guide. And yes, we definitely need nxt-client-latest to automate all this steps $ gpg --recv-keys FF2A19FA $ gpg --fingerprint FF2A19FA Then compare with fingerprint in my profile info.
|
|
|
|
xibeijan
Legendary
Offline
Activity: 1232
Merit: 1001
|
|
January 09, 2014, 10:30:49 AM |
|
I think BCNext has more important things to do instead of answering hunders of same (or new) stupid (or smart) questions.
I believe that BCNext is actually here doing all that and I am truly afraid that we might be getting close to the day that he STOPS!!! We don't need BCNext anymore. He kickstarted the snowball with name "Nxt", the rest is our work. We know you two are one in the same.
|
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 09, 2014, 11:00:36 AM |
|
We know you two are one in the same. Hehe, I know that u just guess this.
|
|
|
|
maxll
Legendary
Offline
Activity: 1011
Merit: 1006
|
|
January 09, 2014, 11:05:31 AM |
|
Tried to send some coins and my client crashed. A few minutes before it i did it successfully. Here is a log from my client v.0.5.3:
2014-01-09 14:18:43.201:WARN:oejs.ServletHandler:qtp1552615194-299: /nxt java.lang.IllegalStateException: WRITER at org.eclipse.jetty.server.Response.getOutputStream(Response.java:931) at Nxt.doGet(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:696) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1568) at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:457) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:326) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:299) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:199) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:459) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229) at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536) at java.lang.Thread.run(Unknown Source)
|
|
|
|
NxtChoice
|
|
January 09, 2014, 11:08:24 AM |
|
I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.
See those *.asc files in the http://download.nxtcrypto.org/ directory? Those are GPG signatures of the corresponding zip files. If you download both nxt-client-0.5.3.zip and nxt-client-0.5.3.zip.asc in the same directory, you can run "gpg --verify nxt-client-0.5.3.zip.asc" to verify my signature of the zip package. This gives you one independent way of checking, and a hacker cannot provide a signature for a modified zip package without somehow stealing my private GPG key. The nxt-client-0.5.3.zip.sha256.txt.asc is again a GPG signed file containing the sha256 sum. You can run "gpg --verify nxt-client-0.5.3.zip.sha256.txt.asc" to verify its content, then run "sha256sum -c nxt-client-0.5.3.zip.sha256.txt.asc" which will say "nxt-client-0.5.3.zip: OK" if the sha256 sum matches (ignore the warning about the extra lines, those are the gpg signature). Finally, the value of the NRSversion alias on the blockchian contains the sha256 sum of the last stable release. That gives you quite a few independent ways of verifying the package. Thank you Luc for your explanation.
|
|
|
|
NxtChg
|
|
January 09, 2014, 11:16:53 AM |
|
I know I said it before, but let me repeat this again, now without any guilt:
If I lose your money – tough luck! Go ask Come-from-Beyond why there are no checksums in the system.
I wash my hands.
|
|
|
|
bitcoinpaul
|
|
January 09, 2014, 11:21:25 AM |
|
I know I said it before, but let me repeat this again, now without any guilt:
If I lose your money – tough luck! Go ask Come-from-Beyond why there are no checksums in the system.
I wash my hands.
Washed hands? Wow, I am ashamed. It indeed looks like my stupid mistake.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 09, 2014, 11:33:20 AM |
|
I know I said it before, but let me repeat this again, now without any guilt:
If I lose your money – tough luck! Go ask Come-from-Beyond why there are no checksums in the system.
I wash my hands.
U should follow my advice how to conduct payments and u'll be safe.
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 09, 2014, 11:38:53 AM |
|
I know I said it before, but let me repeat this again, now without any guilt:
If I lose your money – tough luck! Go ask Come-from-Beyond why there are no checksums in the system.
I wash my hands.
How old are you? This is not the way to operate the exchange.
|
|
|
|
bidji29
|
|
January 09, 2014, 11:40:34 AM |
|
I know I said it before, but let me repeat this again, now without any guilt:
If I lose your money – tough luck! Go ask Come-from-Beyond why there are no checksums in the system.
I wash my hands.
U should follow my advice how to conduct payments and u'll be safe. If you want mass adoption, you can't ask people to "follow my advice" to not lose coin. People will not go on the forum to check your post, so it need to safe, the more possible. Checksum !
|
|
|
|
|