salsacz
|
|
February 08, 2014, 07:26:25 AM |
|
I am currently studying some useful apps, so here is my attempt of Nxt plugin Name: Nxt File Sharing Description: The File Shares (Windows) plugin uses the popular Samba (SMB) daemon to host files on a local network. These files can be accessed from any computer in the network using the network name of the device hosting it and the applicable share name. This plugin is used to coordinate filesharing with Windows-based devices on your network. https://wiki.arkos.io/wiki/File_Shares_(Windows) Source: https://arkos.io/downloads/+ many other plugins: https://arkos.io/genesis/pluginsWebsites - The Websites app allows you to add, remove and edit websites to your arkOS server. It automatically downloads the configuration data for each app type and configures them in the background. Databases - The Databases app allows you to manage a variety of databases depending on the types that are installed on your system. These databases can be used for individual plugins or webapps that you use with Genesis. Different database types can be installed by going to the Applications pane from the Settings menu, then downloading and installing them as you would another plugin.
|
|
|
|
DeadlyEskimo
|
|
February 08, 2014, 07:30:01 AM |
|
Are there any mining services that let you convert your newly mined coin directly to NXT instead of BTC?
|
|
|
|
abctc
Legendary
Offline
Activity: 1792
Merit: 1038
|
|
February 08, 2014, 07:32:36 AM |
|
Another extra; That looks cool! Nice work! +1440 It shows that Nxt is not just a coin, but crypto-PLATFORM !
|
██████████████████████████████████████████████████ ████████████████████████████████████████████████████ ██████████████████████████████████████████████████████ ████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████ | , the Next platform. Magis quam Moneta (More than a Coin) |
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
February 08, 2014, 07:33:50 AM |
|
25000 NXT bounty for a method and Java implementation that verifies NXTplugin process has not changed. Need an OS independent way of finding the executable code of a previously registered NXTplugin. This means we can constrain the creation method (linker output), probably need to do this for unix, Mac and Windows separately.
I am looking for a practical solution that will allow realtime verification by the NXTcore to make sure that the NXTplugin has not been tampered with. NXTplugins will have to be opensourced and publish signatures for specific compilers. This signature is then verified prior to any usage of that plugin by the NXTcore.
BEFORE we would ever consider submitting this to jean-luc, we of course need to test it like crazy. If the code is changed at all, we assume it is tampered. This probably means we cant do any dynamic linking, and need either static or relative jumps. Not sure though. Just finding where the code is might not be so easy. Figuring out how to get a ptr to the Java process will probably be pretty difficult. Any reasonable one way hash function is fine for this bounty, just want to get the system issues out of the way so we can validate in realtime that a plugin has not been tampered with.
As long as the source is reviewed for Evil Bobness and the code that is executing generates the same signature, I think we are getting close to where we can trust it almost as much as a hardcoded plugin where the plugin is actually part of the NXT core. Once we have the ability to have NXT plugins that are external to the NXT core, that is when things can really take off. We still need a formal validation process before it is approved for inclusion in the approved list of plugins, but maybe we can sidestep that issue by just having web.xml entries?
PLEASE if anybody can find a security flaw in this method, post ASAP. Remember Evil Bob is very evil
James
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
February 08, 2014, 07:41:30 AM |
|
I am currently studying some useful apps, so here is my attempt of Nxt plugin Name: Nxt File Sharing Description: The File Shares (Windows) plugin uses the popular Samba (SMB) daemon to host files on a local network. These files can be accessed from any computer in the network using the network name of the device hosting it and the applicable share name. This plugin is used to coordinate filesharing with Windows-based devices on your network. https://wiki.arkos.io/wiki/File_Shares_(Windows) Source: https://arkos.io/downloads/+ many other plugins: https://arkos.io/genesis/pluginsWebsites - The Websites app allows you to add, remove and edit websites to your arkOS server. It automatically downloads the configuration data for each app type and configures them in the background. Databases - The Databases app allows you to manage a variety of databases depending on the types that are installed on your system. These databases can be used for individual plugins or webapps that you use with Genesis. Different database types can be installed by going to the Applications pane from the Settings menu, then downloading and installing them as you would another plugin. I am not sure how it is possible to implement a decentralized filesharing or website configuration. Remember that there will be hundreds of nodes, any of which could end up forging the next block. The one that forges the block would scan all AM's in that block and if it finds a plugin invoked, it will make sure it hasnt been tampered with and then will invoke it. There also needs to be a way to add this event to the blockchain with some sort of transaction id that can be verified by all the other nodes. So all the data for the plugin needs to fit in an AM. I guess I need to clarify that. Sorry about not being clear enough. Since I wasnt clear enough, I will authorize 500 NXT for you, but following submissions need to be something that fits into the NXTplugin model. All the input needs to be available in the blockchain (including AM) and there also needs to be a way for other nodes to verify that the action has been done, eg the one way hash of email content and destination email address. James Edit: I think my usage of plugin is what was a bit confusing. I am talking only about NXTplugins, eg. external actions that can be invoked by NXT VM (turing scripts) from the AM that it outputs.
|
|
|
|
pinarello
Full Member
Offline
Activity: 266
Merit: 100
NXT is the future
|
|
February 08, 2014, 07:44:39 AM |
|
Another extra; That looks cool! Nice work! +1440 It shows that Nxt is not just a coin, but crypto-PLATFORM ! very nice just like building blocks....
|
|
|
|
Eadeqa
|
|
February 08, 2014, 07:45:00 AM |
|
Funny how we are taking about plugins (more security issues) when one fatal flaw that existed in all versions prior to 0.6 could have completely ended Nxt experiment https://nextcoin.org/index.php/topic,3884.0.html Had this flaw been discovered by someone more nefarious, that would have been pretty much the end (40 million Nxt stolen for bter, for example).
|
|
|
|
pinarello
Full Member
Offline
Activity: 266
Merit: 100
NXT is the future
|
|
February 08, 2014, 07:47:01 AM Last edit: February 08, 2014, 08:09:25 AM by pinarello |
|
why is this still on version 0.5.11 http://87.230.14.1/nxt/nxt.cgi?action=20come on guys this is blockchain explorer. NEXERN where are you?
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
February 08, 2014, 07:48:28 AM |
|
I am a bit concerned that there has been very little feedback on my recent proposals, blockchain FIFO and NXT plugin architecture.
This either means its Friday night and nobody has had a chance to think about them, or it is so ridiculous nobody bothered to comment, or maybe I am on everyone's ignore list?
Please, if you see anything wrong, now is the time to find it. Also, if you think it is mostly right, just +1 it or short comment. I feel like I am in a vacuum here...
James
P.S. I just cant believe that I got everything right as that is the fourth possibility.
|
|
|
|
pinarello
Full Member
Offline
Activity: 266
Merit: 100
NXT is the future
|
|
February 08, 2014, 07:53:33 AM |
|
I am a bit concerned that there has been very little feedback on my recent proposals, blockchain FIFO and NXT plugin architecture.
This either means its Friday night and nobody has had a chance to think about them, or it is so ridiculous nobody bothered to comment, or maybe I am on everyone's ignore list?
Please, if you see anything wrong, now is the time to find it. Also, if you think it is mostly right, just +1 it or short comment. I feel like I am in a vacuum here...
James
P.S. I just cant believe that I got everything right as that is the fourth possibility.
or people don't understand what you talking about like me
|
|
|
|
salsacz
|
|
February 08, 2014, 07:57:41 AM |
|
I am currently studying some useful apps, so here is my attempt of Nxt plugin Name: Nxt File Sharing Description: The File Shares (Windows) plugin uses the popular Samba (SMB) daemon to host files on a local network. These files can be accessed from any computer in the network using the network name of the device hosting it and the applicable share name. This plugin is used to coordinate filesharing with Windows-based devices on your network. https://wiki.arkos.io/wiki/File_Shares_(Windows) Source: https://arkos.io/downloads/+ many other plugins: https://arkos.io/genesis/pluginsWebsites - The Websites app allows you to add, remove and edit websites to your arkOS server. It automatically downloads the configuration data for each app type and configures them in the background. Databases - The Databases app allows you to manage a variety of databases depending on the types that are installed on your system. These databases can be used for individual plugins or webapps that you use with Genesis. Different database types can be installed by going to the Applications pane from the Settings menu, then downloading and installing them as you would another plugin. I am not sure how it is possible to implement a decentralized filesharing or website configuration. Remember that there will be hundreds of nodes, any of which could end up forging the next block. The one that forges the block would scan all AM's in that block and if it finds a plugin invoked, it will make sure it hasnt been tampered with and then will invoke it. There also needs to be a way to add this event to the blockchain with some sort of transaction id that can be verified by all the other nodes. So all the data for the plugin needs to fit in an AM. I guess I need to clarify that. Sorry about not being clear enough. Since I wasnt clear enough, I will authorize 500 NXT for you, but following submissions need to be something that fits into the NXTplugin model. All the input needs to be available in the blockchain (including AM) and there also needs to be a way for other nodes to verify that the action has been done, eg the one way hash of email content and destination email address. James Edit: I think my usage of plugin is what was a bit confusing. I am talking only about NXTplugins, eg. external actions that can be invoked by NXT VM (turing scripts) from the AM that it outputs. well, I don't understand much, but I am still guessing such things will be possible after revealing of the 2nd/3rd parts of BCNext's plan. I am pretty sure Nxt isn't about currency. Currency was only an easy way to spread the app
|
|
|
|
Eadeqa
|
|
February 08, 2014, 07:57:45 AM |
|
I do not feel confident with the idea of "plugins" and "turing compete" scripting implementation before more basic stuff is complete. We need thorough code rechecking from many more independent sources , finishing already announced projects, and other basic stuff. I am surprised how little reaction there is to the fact that a guy who discovered a fatal flaw with Nxt code two days ago could have stolen 40 million from bter Nxt account https://nextcoin.org/index.php/topic,3884.0.htmlHow many more flaws exist? We don't know, but yet we want to implement "plugins" Wow. This isn't firefox. Seriously. Forget plugins and spend more resources on code auditing and finishing the announced features.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
February 08, 2014, 07:58:14 AM |
|
Funny how we are taking about plugins (more security issues) when one fatal flaw that existed in all versions prior to 0.6 could have completely ended Nxt experiment https://nextcoin.org/index.php/topic,3884.0.html Had this flaw been discovered by someone more nefarious, that would have been pretty much the end (40 million Nxt stolen for bter, for example). blockchain.info is a pretty big outfit and I think they had the same issue. I cannot help with cryptographic algo analysis, but I can do what I am doing. Also, we have been searching for a crypto reviewer for a while now. NXT has many different parts and I am assuming that the NXT core is something that can be built upon. In fact BCNext has said he wants us to build on it. What is wrong about multi-tasking? I am intentionally specifying bounties for miniprojects that can be done by people who are not working on the current mission critical parts. Also, by trying to add new features, it helps me understand better what NXT is and what its true potential is. I think it is doing the same for others, but I am just guessing. What benefit is there to everyone holding their breath waiting for the things we all know are being worked on? Eadeqa, please suggest what you think we should do right now that is not already being done. You brought up some good security issues about external services, so I came up with a proposed solution. Do you see a flaw? What should I work on instead? What is more important that the future feature set of NXT that is not already under way? James
|
|
|
|
pinarello
Full Member
Offline
Activity: 266
Merit: 100
NXT is the future
|
|
February 08, 2014, 08:00:32 AM |
|
I do not feel confident with the idea of "plugins" and "turing compete" scripting implementation before more basic stuff is complete. We need thorough code rechecking from many more independent sources , finishing already announced projects, and other basic stuff. I am surprised how little reaction there is to the fact that a guy who discovered a fatal flaw with Nxt code two days ago could have stolen 40 million from bter Nxt account https://nextcoin.org/index.php/topic,3884.0.htmlHow many more flaws exist? We don't know, but yet we want to implement "plugins" Wow. Seriously. Forget plugins and send more resources on code auditing and finishing the announced features. +1 for some kind of odd reason we always drift away from the initial plan and features, they are still NOT implemented. We cant even walk and already try to run. finish what is promissed and started.
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
February 08, 2014, 08:01:04 AM |
|
I am a bit concerned that there has been very little feedback on my recent proposals, blockchain FIFO and NXT plugin architecture.
This either means its Friday night and nobody has had a chance to think about them, or it is so ridiculous nobody bothered to comment, or maybe I am on everyone's ignore list?
Please, if you see anything wrong, now is the time to find it. Also, if you think it is mostly right, just +1 it or short comment. I feel like I am in a vacuum here...
James
P.S. I just cant believe that I got everything right as that is the fourth possibility.
You have more energy than a toddler that has found her mother's diet pills. Blockchain FIFO: I was thinking along similar lines: https://bitcointalk.org/index.php?topic=345619.msg4981325#msg4981325But it's only a general idea, and incomplete. NXT plugins: you could sign the plugin with the issuer's private key and publish the public key for verification purposes in an Alias. Have the client check the signature before loading of the plugin. Or something similar <waves hands.>
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
allwelder
Legendary
Offline
Activity: 1512
Merit: 1004
|
|
February 08, 2014, 08:02:33 AM |
|
|
|
|
|
salsacz
|
|
February 08, 2014, 08:02:55 AM |
|
I am a bit concerned that there has been very little feedback on my recent proposals, blockchain FIFO and NXT plugin architecture.
It would be nice to have each week a new plugin. 1 week testing and implementation and move on to the nxt plugin...
|
|
|
|
Eadeqa
|
|
February 08, 2014, 08:07:07 AM |
|
Funny how we are taking about plugins (more security issues) when one fatal flaw that existed in all versions prior to 0.6 could have completely ended Nxt experiment https://nextcoin.org/index.php/topic,3884.0.html Had this flaw been discovered by someone more nefarious, that would have been pretty much the end (40 million Nxt stolen for bter, for example). blockchain.info is a pretty big outfit and I think they had the same issue. It was not the same issue. blockchain.info is web based wallet. This was a fatal flaw with Nxt code. He could have stolen money from any Nxt account, not just bter. Even yours. You think this is some kind firefox browser where we want plugins.Really? How many more flaws exist? We don't know. Get the code reviewed by many more sources. Finish the announced projects.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
February 08, 2014, 08:07:17 AM |
|
I do not feel confident with the idea of "plugins" and "turing compete" scripting implementation before more basic stuff is complete. We need thorough code rechecking from many more independent sources , finishing already announced projects, and other basic stuff. I am surprised how little reaction there is to the fact that a guy who discovered a fatal flaw with Nxt code two days ago could have stolen 40 million from bter Nxt account https://nextcoin.org/index.php/topic,3884.0.htmlHow many more flaws exist? We don't know, but yet we want to implement "plugins" Wow. Seriously. Forget plugins and send more resources on code auditing and finishing the announced features. What announced features? the 1000TPS infrastructure. I proposed blockchain FIFO to solve that. Do you want me to code it too? I can only do so much, plus I am not a Java programmer. When I program, I program in C and that does not allow me to help with the cryptographic review, or even code auditing or finishing announced features. In any case, it is the tech committee's responsibility to make sure the announced features are completed. My charter is primarily strategic marketing, which means I need to look into the future and make sure it is as happy for NXT as possible. You have to realize that you cant just add more people to a project to make it go faster. That is the manhours fallacy. If a project will take one person 100 hours, 10 people should be able to get it done in 10 hours. WRONG! Software dev does not work that way. Even if the 10 devs are as good as the single dev, a lot of time is used up coordinating the project and it could even end up taking more actual time that just letting the single dev finish in 100 hours. For example, if I were to barge in on nexern and say hey, I am going to help you. I don't know the language you use, any of your code base, but I will take up your time as you waste it explaining it to me. Then I wont really understand what he needs done, so all I will be able to do is repeatedly pester him. I guess maybe I could order pizzas for him. Is that what I should do? slow down other devs progress? James
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
February 08, 2014, 08:08:28 AM |
|
I am a bit concerned that there has been very little feedback on my recent proposals, blockchain FIFO and NXT plugin architecture.
It would be nice to have each week a new plugin. 1 week testing and implementation and move on to the nxt plugin... It all depends on what the plugins are. Also, I want to get reference implementations out there and a plugin dev kit to really accelerate development by allowing people brand new to NXT to create them. App store and all that
|
|
|
|
|