ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 19, 2014, 06:26:07 PM |
|
Question:
How much do you think would a java based blockchain.info-like wallet for NXT cost to program? Do you think it would be worth to start a bounty for that?
Which part? Do you mean the iPhone mobile app? Or the website? The part where blockchain.info works within you browser and no information leaves your browers, only the encrypted backup on your server. As i understand, we can now sign transactions without the client? We basically need an online wallet WITHOUT trust. How is that possible?
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
February 19, 2014, 06:29:23 PM |
|
Question:
How much do you think would a java based blockchain.info-like wallet for NXT cost to program? Do you think it would be worth to start a bounty for that?
Which part? Do you mean the iPhone mobile app? Or the website? The part where blockchain.info works within you browser and no information leaves your browers, only the encrypted backup on your server. As i understand, we can now sign transactions without the client? We basically need an online wallet WITHOUT trust. How is that possible? Your browser downloads the java file (code?!?) and your wallet gets decrypted only within this java environment on your browser. With bitcoin you can prepare a transaction locally, you don't need a connection to the blockchain for that. After you have finished signing the transaction, you can broadcast it. No sensitive information ever leaves your browser!
|
|
|
|
EvilDave
|
|
February 19, 2014, 06:30:05 PM |
|
Guys,
would there be interest in promotional clothing and giveaways?
I've been in contact with my brother and he would be wiling to create several mockups and some samples at cost price. At first it will be paid for by me and possibly a friend.
We're thinking about the following:
- T-shirts - caps - Umbrellas (those small foldable ones you can keep in your car) - Sweaters (fleece) - Scrafs
The clothing items would have a logo on the left side chest and no LARGE BANNERS on the back. All very classy. Something you could wear all the time. The umbrella would have a logo every other part on the top side. The scarfs have a logo on the end. I have some samples at home from a company I used to have and every single one I handed out back then to friends and relatives is still being used today.
I think these items would have value at conventions and general gatherings / meetings.
One other possibility would be to sell them from a simple store at one of our sites (but that could be potentially difficult with distribution). The NXT that is gained from those sales could flow back into an operational account of some sort.
I know we are very much into decentralization, but some stuff needs to be taken care of in a more centralized manner to have some coherency.
Let me know what you think about this.
Mikes...welcome to Holland, mate. Still playing catch-up with this thread, suggest that all NXT'ers with promo material projects (clothing, stickers, monoliths, commemorative beer-mugs, etc) post on the marketing thread: https://bitcointalk.org/index.php?topic=412243.760This will give us a chance to get an overview of what we have available. (BTW, more on my stickers soon.) QUICK UPDATEAtomic-Trade will be adding Nxt. I'm paying for integration with my own funds since AT agreed to add USD/Nxt trade abilities. This will allow any users to buy Nxt with USD directly. Currently AT only offers USD/BTC trading, so we will have an advantage over other alts on the exchange. Also, when I get home this evening, expect Nxt to lead the voting in Mintpal that is big, thank you very much msin! +10, this could be huge for NXT.
|
|
|
|
abuelau
|
|
February 19, 2014, 06:30:35 PM |
|
Yes but the signing happens on your server, that is the problem. With blockchain.info type wallet, NOTHING leaves the browser. Only the broadcast happens on the server there. This is a HUGE difference.
Why is it such a big difference? If an attacker has a keylogger you may lose your coins the same way in mynxt.info and blockchain.info. What is important is that the wallet is encrypted and in order to decrypt it you need the user's password. Whether the decrypting happens on the server or on the browser, I don't think this is such a big deal. In fact, I can imagine people developing a malware that you get in your browser (since your browser holds an unencrypted version of your wallet). The really big difference is, that the person that hosts the wallet can spend your coins if you send your password. Because if you sign serverside, your wallet has to be decrypted atleast once for a short period of time. You as the owner of the server can interfere if you chose to, or if your server is compromised and bad code is implemented coins can be stolen. That is the reason that the guy that created blockchain.info said that all wallets that don't offer browserside signing WILL be hacked/scamed. Well, of course the guy would say that. Everyone will say their product is better. The fact is: you need to decrypt the wallet at some point in order to spend coins. The decryption can happen on the browser or the server, and to decrypt it you will need to type your password. Don't forget when you sign up in blockchain.info you ALSO type your password on their website. There's no guarantee that they didn't save a copy of your password somewhere. What I am saying is that I don't see the "save in the browser" as being any safer, to me this is more marketing that actual security. If there's any security experts here please prove me wrong (and I will be happy to be proven wrong).
|
|
|
|
msin
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
February 19, 2014, 06:31:02 PM |
|
QUICK UPDATEAtomic-Trade will be adding Nxt. I'm paying for integration with my own funds since AT agreed to add USD/Nxt trade abilities. This will allow any users to buy Nxt with USD directly. Currently AT only offers USD/BTC trading, so we will have an advantage over other alts on the exchange. Also, when I get home this evening, expect Nxt to lead the voting in Mintpal Wow good news. When will Atomic Trade add it you think? Not sure, he is working on it asap and I've contacted a few members here to help him integrate as he had some api questions. Also, if anyone else wants to offer him help with integration, here is the contact email (subject "Nxt Integration") info@atomic-trade.comWill you disclose how much you paid for that? Sure, 2.5btc. Thank you, i actually thought that they might charge an order of magnitude more. Yeah, I only agreed with the stipulation that USD/Nxt be offered, and he also has a rewards program so he claims there is no big profit made.
|
|
|
|
stereotype
Legendary
Offline
Activity: 1554
Merit: 1000
|
|
February 19, 2014, 06:32:46 PM |
|
Question:
How much do you think would a java based blockchain.info-like wallet for NXT cost to program? Do you think it would be worth to start a bounty for that?
Which part? Do you mean the iPhone mobile app? Or the website? The part where blockchain.info works within you browser and no information leaves your browers, only the encrypted backup on your server. As i understand, we can now sign transactions without the client? We basically need an online wallet WITHOUT trust. How is that possible? http://kryptokit.com/ ?
|
|
|
|
abuelau
|
|
February 19, 2014, 06:32:50 PM |
|
Yes but the signing happens on your server, that is the problem. With blockchain.info type wallet, NOTHING leaves the browser. Only the broadcast happens on the server there. This is a HUGE difference.
Why is it such a big difference? If an attacker has a keylogger you may lose your coins the same way in mynxt.info and blockchain.info. There is a big difference. You are sending your password to a third party who is running the server. Password should never leave your computer. Only signed transactions should be broadcast to the servver You are not sending your wallet key. You are sending a password that you defined that was used to encrypt the wallet. I get the trust argument though. As with any online services, you need to trust the person running the server. Same for blockchain.info and all the exchanges out there.
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 19, 2014, 06:34:44 PM |
|
Your browser downloads the java file (code?!?) and your wallet gets decrypted only within this java environment on your browser. With bitcoin you can prepare a transaction locally, you don't need a connection to the blockchain for that. After you have finished signing the transaction, you can broadcast it. No sensitive information ever leaves your browser!
Ohh noo. No java applet, please. I could imagine that this is implemented in JavaScript. But then you rely on the server, sending you the JS. So, where is the trust? You need to trust your browser vendor, you need to trust the server that sends you the JS, you need to trust your browser plugins/addons, you need to trust your OS, you hardware, etc. etc.
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
February 19, 2014, 06:34:55 PM |
|
Yes but the signing happens on your server, that is the problem. With blockchain.info type wallet, NOTHING leaves the browser. Only the broadcast happens on the server there. This is a HUGE difference.
Why is it such a big difference? If an attacker has a keylogger you may lose your coins the same way in mynxt.info and blockchain.info. What is important is that the wallet is encrypted and in order to decrypt it you need the user's password. Whether the decrypting happens on the server or on the browser, I don't think this is such a big deal. In fact, I can imagine people developing a malware that you get in your browser (since your browser holds an unencrypted version of your wallet). The really big difference is, that the person that hosts the wallet can spend your coins if you send your password. Because if you sign serverside, your wallet has to be decrypted atleast once for a short period of time. You as the owner of the server can interfere if you chose to, or if your server is compromised and bad code is implemented coins can be stolen. That is the reason that the guy that created blockchain.info said that all wallets that don't offer browserside signing WILL be hacked/scamed. Well, of course the guy would say that. Everyone will say their product is better. The fact is: you need to decrypt the wallet at some point in order to spend coins. The decryption can happen on the browser or the server, and to decrypt it you will need to type your password. Don't forget when you sign up in blockchain.info you ALSO type your password on their website. There's no guarantee that they didn't save a copy of your password somewhere. What I am saying is that I don't see the "save in the browser" as being any safer, to me this is more marketing that actual security. If there's any security experts here please prove me wrong (and I will be happy to be proven wrong). You get this wrong i think. You don't operate on "their website". You can actually download the java code and run it WITHOUT internet connection, then you reconnect and broadcast the transaction. There is a BIG difference. They are NOT able to steal your password. He isn't some random actually, but one of the most respected member of the whole bitcoin community.
|
|
|
|
bitcoinpaul
|
|
February 19, 2014, 06:35:24 PM |
|
Just to inform, 0.7.6 runs smoothly on Android TV stick public node. For a while +1
|
|
|
|
Eadeqa
|
|
February 19, 2014, 06:35:34 PM |
|
Question:
How much do you think would a java based blockchain.info-like wallet for NXT cost to program? Do you think it would be worth to start a bounty for that?
Which part? Do you mean the iPhone mobile app? Or the website? The part where blockchain.info works within you browser and no information leaves your browers, only the encrypted backup on your server. As i understand, we can now sign transactions without the client? We basically need an online wallet WITHOUT trust. How is that possible? Your browser downloads the java file (code?!?) and your wallet gets decrypted only within this java environment on your browser. With bitcoin you can prepare a transaction locally, you don't need a connection to the blockchain for that. After you have finished signing the transaction, you can broadcast it. No sensitive information ever leaves your browser! The thing is that NRS does not yet have API to accept signed transactions. CFB is working on that, as I understand it. Once that is done, the browser can sign the transaction and broadcast it to any public node.
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
February 19, 2014, 06:37:11 PM |
|
Question:
How much do you think would a java based blockchain.info-like wallet for NXT cost to program? Do you think it would be worth to start a bounty for that?
Which part? Do you mean the iPhone mobile app? Or the website? The part where blockchain.info works within you browser and no information leaves your browers, only the encrypted backup on your server. As i understand, we can now sign transactions without the client? We basically need an online wallet WITHOUT trust. How is that possible? Your browser downloads the java file (code?!?) and your wallet gets decrypted only within this java environment on your browser. With bitcoin you can prepare a transaction locally, you don't need a connection to the blockchain for that. After you have finished signing the transaction, you can broadcast it. No sensitive information ever leaves your browser! The thing is that NRS does not yet have API to accept signed transactions. CFB is working on that, as I understand it. Once that is done, the browser can sign the transaction and broadcast it to any public node. Oh, i though that is ready already. Well then this is on hold anyway.
|
|
|
|
bitcoinpaul
|
|
February 19, 2014, 06:37:48 PM |
|
Maybe change it to a simpler version: Unregistered users = 3 votes per hour!
Just click 3 times on the VOTE Button for NXT - that's it!
>>>>>>>>>>>>>>> PLEASE VOTE! <<<<<<<<<<<<<<<
Much color, so many less words, yammy nxt
|
|
|
|
bitcoinpaul
|
|
February 19, 2014, 06:38:18 PM |
|
QUICK UPDATEAtomic-Trade will be adding Nxt. I'm paying for integration with my own funds since AT agreed to add USD/Nxt trade abilities. This will allow any users to buy Nxt with USD directly. Currently AT only offers USD/BTC trading, so we will have an advantage over other alts on the exchange. Also, when I get home this evening, expect Nxt to lead the voting in Mintpal Another great day for nxt!
|
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 19, 2014, 06:42:37 PM |
|
It's an Amazon AWS EC2, I have a lot of experience working with AWS.
Great. That should be it. Regardless of the issues presented above. I think you did a great service to NXT. Have you already been supported/funded by some of these committees? For the online wallet - no. Don't know where to add a request. Maybe somebody could help on that?
|
|
|
|
|
antanst
|
|
February 19, 2014, 06:43:13 PM |
|
Abuelau, ChuckOne, you should really read this: https://blockchain.info/wallet/technical-faqand pay attention to TwinWinNerD. If you can't sign transactions offline (that is without transmitting private keys to anyone), you can't build a secure web wallet. Period. The way to do this in the browser is via JS a-la blockchain.info.
|
|
|
|
abuelau
|
|
February 19, 2014, 06:43:29 PM |
|
Yes but the signing happens on your server, that is the problem. With blockchain.info type wallet, NOTHING leaves the browser. Only the broadcast happens on the server there. This is a HUGE difference.
Why is it such a big difference? If an attacker has a keylogger you may lose your coins the same way in mynxt.info and blockchain.info. What is important is that the wallet is encrypted and in order to decrypt it you need the user's password. Whether the decrypting happens on the server or on the browser, I don't think this is such a big deal. In fact, I can imagine people developing a malware that you get in your browser (since your browser holds an unencrypted version of your wallet). The really big difference is, that the person that hosts the wallet can spend your coins if you send your password. Because if you sign serverside, your wallet has to be decrypted atleast once for a short period of time. You as the owner of the server can interfere if you chose to, or if your server is compromised and bad code is implemented coins can be stolen. That is the reason that the guy that created blockchain.info said that all wallets that don't offer browserside signing WILL be hacked/scamed. Well, of course the guy would say that. Everyone will say their product is better. The fact is: you need to decrypt the wallet at some point in order to spend coins. The decryption can happen on the browser or the server, and to decrypt it you will need to type your password. Don't forget when you sign up in blockchain.info you ALSO type your password on their website. There's no guarantee that they didn't save a copy of your password somewhere. What I am saying is that I don't see the "save in the browser" as being any safer, to me this is more marketing that actual security. If there's any security experts here please prove me wrong (and I will be happy to be proven wrong). You get this wrong i think. You don't operate on "their website". You can actually download the java code and run it WITHOUT internet connection, then you reconnect and broadcast the transaction. There is a BIG difference. They are NOT able to steal your password. He isn't some random actually, but one of the most respected member of the whole bitcoin community. I understand what you are saying. But I think you don't understand what I am saying. Tell me one scenario where an attacker would be able to steal your NXT from wallet.mynxt.info but not your Bitcoins from Blockchain.info using the same technique. Btw, I am not questioning any individual. Blockchain.info is a company and as such you would expect it to do what companies do (earn money, spend money, do marketing, sales, plans, etc).
|
|
|
|
msin
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
February 19, 2014, 06:44:19 PM |
|
Maybe change it to a simpler version: Unregistered users = 3 votes per hour!
Just click 3 times on the VOTE Button for NXT - that's it!
>>>>>>>>>>>>>>> PLEASE VOTE! <<<<<<<<<<<<<<<
Much color, so many less words, yammy nxt We should be in 1st place in a little bit.
|
|
|
|
|