Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 05, 2014, 06:33:28 PM |
|
Fixed a critical bug. Everybody should upgrade immediately.
signatureLastBytes collects last QWORD of every transaction signature... Could you or CfB explain this change inside pushBlock: Long lastBytes = Long.valueOf(new BigInteger(Arrays.copyOfRange(transaction.signature, transaction.signature.length - 8, transaction.signature.length)).longValue()); if ((!Nxt.signatureLastBytes.add(lastBytes)) && (transaction.height != 58294)) { return false; }
this looks really disturbing... I can, will do it later.
|
|
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
relm9
|
|
February 05, 2014, 06:33:58 PM |
|
Maybe try and get a mod to update the thread title so more people are aware of this update.
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 05, 2014, 06:34:28 PM |
|
I vote for 0.01 fee. Makes currency more attractive
you might want to update dotnxt...
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:35:36 PM |
|
Then which nodes should a new node trust? I know it could perform all the scripts that have been run for years now. But this would take weeks to complete?
Trust noone. Check everything. Noone can create a very long running script. We have less than 1 billion coins. Valid. That takes us to 2). What are your suggestions and what do you think of the even split between the 1440 forgers of that day.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 05, 2014, 06:37:15 PM |
|
That takes us to 2). What are your suggestions and what do you think of the even split between the 1440 forgers of that day.
I like the idea when 1 forger gets all the fees of that script.
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:38:16 PM |
|
Shouldnt this announcement be in big bold red letters all over the place? How do you expect everyone to upgrade due to a critical bug if you don't make it seem serious and disclose the matter nonchalantly.
Jean-Luc said "immediatelly", why do we need big bold red letters? Because it just blends and gets washed away with the torrent of posts. Really, there should be a separate thread for important client updates and everyone should be directed to it so we have an easy way to check for important info like this without it getting buried in 5 minutes. The only reason I caught jean lucs post was because it was quoted on the most recent page and I happened to scroll down to it. Also because the emphasis is clearly needed if its a critical bug. The average user, if they even happen to catch that post, isn't going to drop everything they are doing and upgrade their client unless it actually seems urgent. They will read that, tell themselves they'll do it a bit later, then forget. Does this bug put users money at risk? A thread exists for updates. Add to your watchlist and post a message when a new version comes out. NxtChoice has kept the original post up-to-date, but would be better if accompanied by a new message for watchlist. https://bitcointalk.org/index.php?topic=406288.0Thanks. Watching now. Still, there is no data regarding changes in releases in that thread or the posts it links to. I could have already been following it and still not have known about any critical flaws. I made new post quoting JLP. Suggest others do the same when a new release comes out (once is enough per release). +1
|
|
|
|
marcus03
|
|
February 05, 2014, 06:40:28 PM |
|
Shouldnt this announcement be in big bold red letters all over the place? How do you expect everyone to upgrade due to a critical bug if you don't make it seem serious and disclose the matter nonchalantly.
Jean-Luc said "immediatelly", why do we need big bold red letters? Because it just blends and gets washed away with the torrent of posts. Really, there should be a separate thread for important client updates and everyone should be directed to it so we have an easy way to check for important info like this without it getting buried in 5 minutes. The only reason I caught jean lucs post was because it was quoted on the most recent page and I happened to scroll down to it. Also because the emphasis is clearly needed if its a critical bug. The average user, if they even happen to catch that post, isn't going to drop everything they are doing and upgrade their client unless it actually seems urgent. They will read that, tell themselves they'll do it a bit later, then forget. Does this bug put users money at risk? A thread exists for updates. Add to your watchlist and post a message when a new version comes out. NxtChoice has kept the original post up-to-date, but would be better if accompanied by a new message for watchlist. https://bitcointalk.org/index.php?topic=406288.0Thanks. Watching now. Still, there is no data regarding changes in releases in that thread or the posts it links to. I could have already been following it and still not have known about any critical flaws. I am about to go ballistic... Why havn't you updated that post? Are you here to critize only? Just get your a** up and act yourself instead of jumping onto others... Geez.
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:40:44 PM |
|
That takes us to 2). What are your suggestions and what do you think of the even split between the 1440 forgers of that day.
I like the idea when 1 forger gets all the fees of that script. Okay. Maybe, you can elaborate more on this.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 05, 2014, 06:42:13 PM |
|
Okay.
Maybe, you can elaborate more on this.
It's already implemented, no need to make things more complicated.
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:42:42 PM |
|
I am about to go ballistic... Why havn't you updated that post? Are you here to critize only? Just get your a** up and act yourself instead of jumping onto others... Geez.
Woooh, relax.
|
|
|
|
ejhuff
Newbie
Offline
Activity: 41
Merit: 0
|
|
February 05, 2014, 06:45:43 PM |
|
If there was a guide for how to run a static-IP / VPS node, I might be willing to do it.
It's the same as running a local node. Just set ur IP in web.xml. I've been looking all over for this little piece of information... It is not available on the wiki, or the OP, etc.
|
|
|
|
opticalcarrier
|
|
February 05, 2014, 06:49:12 PM |
|
If there was a guide for how to run a static-IP / VPS node, I might be willing to do it.
It's the same as running a local node. Just set ur IP in web.xml. I've been looking all over for this little piece of information... It is not available on the wiki, or the OP, etc. There is something on the wiki http://www.thenxtwiki.org/wiki/How-To:CreatePublicNodeI havent checked to see how you nav to it from the wiki frontpage though, so you may have given us a littly job to do.
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:52:39 PM |
|
Okay.
Maybe, you can elaborate more on this.
It's already implemented, Good point. no need to make things more complicated.
Well, I see potential for a lot of nodes dropping out (i.e. controlling the correct execution of the scripts) because they cannot afford executing them.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 05, 2014, 06:54:57 PM |
|
Well, I see potential for a lot of nodes dropping out (i.e. controlling the correct execution of the scripts) because they cannot afford executing them.
Let's get solid numbers of opcode/sec rate first.
|
|
|
|
VanBreuk
|
|
February 05, 2014, 06:55:51 PM |
|
Shouldnt this announcement be in big bold red letters all over the place? How do you expect everyone to upgrade due to a critical bug if you don't make it seem serious and disclose the matter nonchalantly.
The fact Jean-Luc urges everyone to update for a critical issue is enough to do it. Reasons might not be disclosed to avoid malicious exploits in a 0.5.11 vulnerability. Sorry, but it is not. If not updating has such large consequences, it needs to be coordinated at least with nxtcrypto so QBTC can put it in the front page. People who don´t read this thread have no idea they need to update and basically no way of knowing it. I understood buybitcoinscanada and others were questioning not only the discreet announcement, but why the details were not disclosed as well. Hence my comment. I didn't intend to suggest that spreading the word was unnecessary, apologies if it appeared that way... I did update my spanish resources and nextcoin.org's three hours ago.
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 06:58:16 PM |
|
Well, I see potential for a lot of nodes dropping out (i.e. controlling the correct execution of the scripts) because they cannot afford executing them.
Let's get solid numbers of opcode/sec rate first. Agreed. --------------- Just to have said it and not to forget it later: another note on that: we could limit the number of ops per block as we limit the number of transactions per block.
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 05, 2014, 07:00:32 PM |
|
I understood buybitcoinscanada and others were questioning not only the discreet announcement, but why the details were not disclosed as well. Hence my comment.
Because it's dangerous to disclose these details at once. We call this zero-day exploit.
|
|
|
|
marcus03
|
|
February 05, 2014, 07:01:19 PM |
|
Calming down already. I'm not the dev. They are.
This seems to be the common misconception. CfB is constantly hinting people that devs won't do all the work. Of course, if you are not a dev, you are not a dev, but nothing keeps you from being a part of the NXT community and do what you can do to make NXT a success. Just nagging doesn't help.
|
|
|
|
joefox
|
|
February 05, 2014, 07:01:35 PM |
|
If there was a guide for how to run a static-IP / VPS node, I might be willing to do it.
It's the same as running a local node. Just set ur IP in web.xml. I've been looking all over for this little piece of information... It is not available on the wiki, or the OP, etc. There is something on the wiki http://www.thenxtwiki.org/wiki/How-To:CreatePublicNodeI havent checked to see how you nav to it from the wiki frontpage though, so you may have given us a littly job to do. It's linked off the menu on the left-hand side, through "How To Guides". You can also use the search bar; in this case, "VPS" is a particularly useful search term.
|
|
|
|
pandaisftw
|
|
February 05, 2014, 07:02:35 PM |
|
I vote for 0.1. How hard is it to implement min fee change? If it is very difficult (either program-wise or logistically) then maybe 0.01 is a better idea for now.
|
NXT: 13095091276527367030
|
|
|
|