ChuckOne
Sr. Member
 Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
 |
February 05, 2014, 06:15:55 PM |
|
1) As I see it, a friend of mine would say: that plays no barrel organ. If a malicious forger uses a different client, what prevents him from executing some op or some pre-defined scripts differently that they are supposed to?
This gives no advantage at all. Actually this leads to blockchain corruption. The malicious forger will create his own fork which he will be forging alone. How's that fork being defined? By majority vote? |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 05, 2014, 06:16:12 PM |
|
Shouldnt this announcement be in big bold red letters all over the place? How do you expect everyone to upgrade due to a critical bug if you don't make it seem serious and disclose the matter nonchalantly.
Jean-Luc said "immediatelly", why do we need big bold red letters? Because it just blends and gets washed away with the torrent of posts. Really, there should be a separate thread for important client updates and everyone should be directed to it so we have an easy way to check for important info like this without it getting buried in 5 minutes. The only reason I caught jean lucs post was because it was quoted on the most recent page and I happened to scroll down to it. Also because the emphasis is clearly needed if its a critical bug. The average user, if they even happen to catch that post, isn't going to drop everything they are doing and upgrade their client unless it actually seems urgent. They will read that, tell themselves they'll do it a bit later, then forget. Does this bug put users money at risk? Look at my post above. |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 05, 2014, 06:16:54 PM |
|
How's that fork being defined? By majority vote?
All the other forgers will reject blocks of this malicious forger. |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:17:49 PM |
|
Shouldnt this announcement be in big bold red letters all over the place? How do you expect everyone to upgrade due to a critical bug if you don't make it seem serious and disclose the matter nonchalantly.
Jean-Luc said " immediatelly", why do we need big bold red letters? Because, people. Not machines.  Well, u have 2 options: 1. Do as Jean-Luc says 2. Don't do it, lose money and next time u'll do as Jean-Luc says CfB, that's not what I meant. I mean it's people. Humans. They need 'big bold red letters'. |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 05, 2014, 06:18:30 PM |
|
Well I made it a global sticky at NXTCrypto Forums
and have asked all translators to notify as well
I wouldn't do it. If ppl don't take Jean-Luc words seriously they deserve to learn a lesson.Ah, that's right. |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 05, 2014, 06:18:54 PM |
|
CfB, that's not what I meant.
I mean it's people. Humans. They need 'big bold red letters'.
Look at my post above  |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:20:49 PM |
|
How's that fork being defined? By majority vote?
All the other forgers will reject blocks of this malicious forger. Hope that suffices. 51% attack possible, right? Not by stake but by number of nodes? |
|
|
|
|
|
bidji29
|
|
February 05, 2014, 06:21:28 PM |
|
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 05, 2014, 06:21:44 PM |
|
What about exchanges? Do you contact them explicitely about something like this so they are sure to address it?
I notified BTER. |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:22:33 PM |
|
CfB, that's not what I meant.
I mean it's people. Humans. They need 'big bold red letters'.
Look at my post above Err which one?  You made so many. |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 05, 2014, 06:23:09 PM |
|
Hope that suffices. 51% attack possible, right? Not by stake but by number of nodes?
Impossible. He hurts only himself. |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:23:41 PM |
|
Well I made it a global sticky at NXTCrypto Forums
and have asked all translators to notify as well
I wouldn't do it. If ppl don't take Jean-Luc words seriously they deserve to learn a lesson. Ah, that's right. What? Are you kidding me? Yes, he's just a little joker tonight. (And he needs some psychology lessons. ) |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 05, 2014, 06:24:00 PM |
|
What? Are you kidding me?
I didn't notice that it's one of the main Nxt forums. |
|
|
|
|
|
marcus03
|
|
February 05, 2014, 06:27:40 PM |
|
+1 It's so easy to be constructive... EDIT: I actually missed the trick in this... I just was reliefed to see someone simply post in red instead of discussing why this wasn't posted in red... |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:27:55 PM |
|
Hope that suffices. 51% attack possible, right? Not by stake but by number of nodes?
Impossible. He hurts only himself. Then which nodes should a new node trust? I know it could perform all the scripts that have been run for years now. But this would take weeks to complete? I mean it's highly unlikely but even ghash.io reached 51% mining power which by then seemed undoable. |
|
|
|
|
|
|
landomata
Legendary
Offline
Activity: 2184
Merit: 1000
|
|
February 05, 2014, 06:29:20 PM |
|
These last few pages has brought back memories of when the Nxt community was at battle with the zombies... watch this Turing or whatever you want to call it language/script be Nxt History before you know it!  |
|
|
|
achimsmile
Legendary
Offline
Activity: 1225
Merit: 1000
|
|
February 05, 2014, 06:30:04 PM |
|
NRS (0.5.11) @ PC
NRS (0.5.11) @ PC
NRS (0.5.11) @ zd70c1whxP
NRS (0.5.5) @ VPS
NRS (0.5.11) @ nxtio.org
NRS (0.5.12) @ 22k.io
NRS (0.5.10) @ PC
NRS (0.5.12) @ nxt.now.im
NRS (0.5.11) @ PC
NRS (0.5.5) @ PC
NRS (0.5.12) @ nxt.now.im
NRS (0.5.11) @ 3frjUYA4NZ
NRS (0.5.11) @ PC
NRS (0.5.12) @ NCC-1701-D
NRS (0.5.11) @ Linux
NRS (0.5.11) @ PC
NRS (0.5.12) @ 22k.io
NRS (0.5.5) @ Happymining
NRS (0.5.12) @ 22k.io
NRS (0.5.11) @ Linux
NRS (0.5.11) @ PC
NRS (0.5.11) @ NEM-Genesis
NRS (0.5.11) @ PC
Too many are on 5.11
if this is indeed a critical bug, update asap!
spread the word
|
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 05, 2014, 06:31:00 PM |
|
Fixed a critical bug. Everybody should upgrade immediately.
signatureLastBytes collects last QWORD of every transaction signature... Could you or CfB explain this change inside pushBlock: Long lastBytes = Long.valueOf(new BigInteger(Arrays.copyOfRange(transaction.signature, transaction.signature.length - 8, transaction.signature.length)).longValue());
if ((!Nxt.signatureLastBytes.add(lastBytes)) && (transaction.height != 58294)) {
return false;
}
this looks really disturbing... |
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 05, 2014, 06:32:10 PM |
|
Then which nodes should a new node trust? I know it could perform all the scripts that have been run for years now. But this would take weeks to complete?
Trust noone. Check everything. Noone can create a very long running script. We have less than 1 billion coins. |
|
|
|
|
|
