NXT :: descendant of Bitcoin - Updated Information

[Damelon]

He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW.  

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?

Actually, I just looked at his account and he is very open about using a short and unsafe pass.
He isn't attacking Nxt at all and acknowledges he wasn't smart to do it.

I don't see it as a major PR problem. The reactions he gets are good, too. Most of his followers are traders themselves who had losses, too.

I'm not saying I think we shouldn't care, but he did this himself and knows it was stupid. If people want to help him, that's cool.

And we should get it sorted, but that will be done.

[jl777]

Proposal for "Create NXTcoins" function


Before I code it up, I wanted to make sure I didnt miss anything obvious. I will use a centralized pool server, but this is very similar to a lot of coins at launch where there is only one or a few pools and solo mining is not practical.

My model is that a NXTcoins will have an issuer that is the basis for the coin. It is assumed that the issuer will also be the pool operator or be working closely with the pool operator. Maybe I will offer NXTcoins pool operating service. Anyway, if this works out well, I can always add support for multiple pool operators later.

All miners will be monitoring adherence to the NXTcoins parameters to ensure compliance.

The coin issuer will issuer the asset (up to 1 billion) and distribute whatever presale amounts (if any) to the NXTaccts before issuing the Create NXTcoins AM. Once the Create NXTcoins is processed, the parameters are enforced by peer review. The coins that are to be mined will be either with the issuer or the pool operator. It will be the responsibility of the issuer to make sure the pool operator has enough coins to distribute to miners.

I have specified royalty, bounty and donation rates. This is a percentage of the mined coins that go to the issuer, bountyfund and donationfund. I will default the donationfund to me, hopefully people wont have a problem with that. The royalty goes to the founder, but it is not a premine, it is from the coins that are mined. I think this is much better for a coin. I put the presale in there though, so people can choose how they want to distribute their coin. 100% presale would be PoS. I also have a bountyfund so that as the coin grows, it will be possible to have a continuous stream of funds, if there is any coins mined.

There is maxblockrewards[16][2] that is set to be the maximum number of coins that can be issued at any point in time, along with when that limit is enforced. The details of how the coin is mined is totally up to the issuer as long as the maxblockrewards are followed.

There is a URL to sourcecode that implements the mining and pooling part of the coin.

If this structure looks good, I will implement a reference pooler for nodecoin along with nodeminer, subject to changes as I run into implementation issues, but I think this is a decent place to start. Once this is done, there will essentially be a create coin API for NXT, and we dont have to wait for any NXT core changes, I am designing to current testnet version.

James

Code:

struct NXTcoins_data    // 1% of presale and mined goes to pooling acct, send (authorized - .99*presale) to pooling acct
{
    int64_t totalcoins __attribute__ ((packed));    // in satoshis
    
    int64_t presale __attribute__ ((packed));       // in satoshis, must be less than authorized and exactly match preissued
    int64_t royalty __attribute__ ((packed));       // rate in satoshis, goes to issuer
    int64_t bountyrate __attribute__ ((packed));    // rate in satoshis, goes to bountyfund
    int64_t donation __attribute__ ((packed));      // rate in satoshis, goes to donationfund, defaulted to NXTcoins
    int64_t maxblockrewards[16][2] __attribute__ ((packed));    // in satoshis reward and threshold active

    char coin_name[16];
    char website[64],sourcecode[64];
    char issuer[MAX_NXTADDR_LEN],poolingacct[MAX_NXTADDR_LEN],assetidstr[MAX_NXTADDR_LEN];
    char bountyfund[MAX_NXTADDR_LEN],presalefund[MAX_NXTADDR_LEN],donationfund[MAX_NXTADDR_LEN];
    
};

[bitcoinpaul]

Guys, relax!

Password generator will get implemented in Wesleyh's installer (NRS + nice GUI). And now, move on.

Please read this monster thread before you post

Thank you.

[salsacz]

he used this page:
http://www.nxtcrypto.org/nxt-coin/create-your-nxt-account-number

all of these pages are... unfriendly
http://www.nxtcrypto.org/nxt-coin/install-nxt-software-your-computer
http://www.nxtcrypto.org/nxt-coin/create-your-nxt-account-number

- no info about brainwallet
- no warnings about using brainwallet

- no info how batch file is created (and do we still have to create it?)

I can see this text:

SHA256 hash of Client 0.8.8
837973d4313b6d3e835ff46c41870ca5ced367b8dc8a160a912d8124f1721b5e

- if my fiancee looked at it, she would have no idea what those lines are, why they are there and how they can be used..

[chanc3r]

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW.  

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?

I don't think its a disaster, its unfortunate, and when the 'official' client's are all out with a better solution, put up a page and tweet a url to it with the same tags.

I agree we have to protect the unwary from having direct access to a brain wallet but we will always have this if people do not follow instructions, he doesn't say what client he uses... Was it NRS directly?

Currently you get this when you click 'unlock' in NRS....

If opening a new account, please note:
A simple passphrase will certainly result in your NXT being stolen!
Do not use any phrase that appears in any printed or online material,
no matter how long or obscure. A secure passphrase will be at least
35 characters long and consist of random letters, numbers, and special
characters, or a meaningless combination of 10 random words.

And if you ignore that and type in a stupid password you get...

Your secret phrase is too short
and can be easily picked by a hacker!

So that was TWO WARNINGS that he did something stupid, unless he used some other client and that means we have a downloadable client on our site that accepts bad practice without any warnings, or he got a client from somewhere else which means it could have a trojan in it anyway...

We cannot protect the gullible from themselves and we cannot protect ourselves completely from the bad news that the gullible being taken advantage of will always generate... But I do agree we could/need-to be better at security than we are currently.

[Eadeqa]

wesleys client:

Is there any way to display also the forging transactions like in NRS?

Yes, will add this later on.

Wesleyh, I understand your client is going to be the official client that will replace NRS at nxtcrypto.org this week.
About passwords: It might be included already, but it is obvious we need something like a series of prompts to make sure new users use a long password.

We don't need "prompts". Some people will never use strong passwords. And some will not even understand why the password is weak. We need a client that creates password for the user by default. Don't give user easy option to make their own password or you will continue to see this problem every month.

[bidji29]

wesleys client:

Is there any way to display also the forging transactions like in NRS?

Yes, will add this later on.

Wesleyh, I understand your client is going to be the official client that will replace NRS at nxtcrypto.org this week.
About passwords: It might be included already, but it is obvious we need something like a series of prompts to make sure new users use a long password.

We don't need "prompts". Some people will never use strong passwords. And some will not even understand why the password is weak. We need a client that creates password for the user by default. Don't give user easy option to make their own password or you will continue to see this problem every month.

Yeah, clients could create a password in the background and the user would directly see his account number when he open the client for the first time.
It NEED to be that simple

[funnynews]

wesleys client:

Is there any way to display also the forging transactions like in NRS?

Yes, will add this later on.

Wesleyh, I understand your client is going to be the official client that will replace NRS at nxtcrypto.org this week.
About passwords: It might be included already, but it is obvious we need something like a series of prompts to make sure new users use a long password.

We don't need "prompts". Some people will never use strong passwords. And some will not even understand why the password is weak. We need a client that creates password for the user by default. Don't give user easy option to make their own password or you will continue to see this problem every month.

Yeah, clients could create a password in the background and the user would directly see his account number when he open the client for the first time.
It NEED to be that simple

+1
User end = paralytic amoeba! Keep this in mind when developing a front-end.

[zorke]

Dear people,

In the light of all doubts and frustration, I want to give a view from the other side.

Today, I had a follow-up meeting with the co-owner of the following projects, which I have already posted before:

https://trackprotect.com
http://www.soundframework.com/
http://www.rhosmovement.com/

I was introduced to this person a few days ago and he we had some exploratory talks.

In today's talks, we discovered that what Nxt provides with its framework is exactly what he wants from a digital asset system.

Talks are going well, and all involved are satisfied.

This investor does NOT care about the technical side: he has people for that.
He does NOT care to explain to his users how the software works, just THAT it works.
He also does NOT care about the doubt of others: he cares about what hé sees as the potential.

We are four months old. We have an amazing potential: not just as a "coin", bit as a group of talented people who can get things done.

If you want to buy into Emule's playing on your fears, you can. He's very good at that, and a skilled thermometer of where the communities' fears are: that we actually have jack shit, that we will fail, that all your investments will be worthless, that we will be taken down by hoarders, that we will be left standing out in the cold and laughed at.

These are all fears, and people like him are extremely skillful at playing on that. As said: feel free to agree with him. All things he says MAY come to pass. Let's be honest about that. MAY!

I, however, am bolstered once more by a real investor, with a project worth millions of euros and five years of development and a working system, who after only two days and talks with me and some other big Nxt people (developers ánd stakeholder) and who already runs a business, and who thinks what we have is both promising and useful and wants to use it!

I choose to go with that, and also keep in mind that we are young and still very much a developing system.

We have people testing and developing, and that comes with delays and changes of plan when things don't work out the way we thought they would.
NOTHING ever does!

We will be having another talk on Wednesday. I will keep you up to date.

Thanks man!

[funnynews]

It would be interesting to a wizard, after install client.

1 - An option button on the client, asking if it's the first time user in NTX, or if he already has an account.
2 - If you already have an account and password is short, less than 30 characters, always get warning that the password is weak, suggesting to create another account and transfer your NXT immediately.
3 - If it is a new account, do not accept less than 30 characters with all possible validations, requiring a percentage of letters, numbers, and special characters.

Only then will work!

[bitcoinpaul]

Guys, relax!

Password generator will get implemented in Wesleyh's installer (NRS + nice GUI). And now, move on.

Please read this monster thread before you post

Thank you.

But of course, if you have nothing better to do, just go on with the discussion

[Come-from-Beyond]

I pushed code that supports GUIDs. When Jean-Luc puts it into the production exchanges will be able to use guids to track transactions without worrying about transaction malleability. NIP #1 is not ready yet so I created the solution as I felt it should be.

[Damelon]

Guys, relax!

Password generator will get implemented in Wesleyh's installer (NRS + nice GUI). And now, move on.

Please read this monster thread before you post

Thank you.

But of course, if you have nothing better to do, just go on with the discussion

We can also start our own conversation.
It'll be like a pub!

How've you been, Paul?

[bitcoinpaul]

I pushed code that supports GUIDs. When Jean-Luc puts it into the production exchanges will be able to use guids to track transactions without worrying about transaction malleability. NIP #1 is not ready yet so I created the solution as I felt it should be.

+1

[bitcoinpaul]

How've you been, Paul?

Pretty good, thank you. And you?

Hey, Emule. Want to jump in? Just a chit chat, no Nxt talk

[Damelon]

Pretty good, thank you. And you?

Hey, Emule. Want to jump in? Just a chit chat, no Nxt talk

I'm good, having a quiet evening in, watching a movie, relaxing before the start of the week...

Yeah, Emule, pull up a virtual chair! Let's get to know each other. 

[nhil8r]

can someone send me some testNXT.  Thanks

14490676957985063422

[Come-from-Beyond]

Pretty good, thank you. And you?

Hey, Emule. Want to jump in? Just a chit chat, no Nxt talk

I'm good, having a quiet evening in, watching a movie, relaxing before the start of the week...

Yeah, Emule, pull up a virtual chair! Let's get to know each other. 

Haha. Should be interesting. I've unignored him.

[verymuchso]

We don't need "prompts". Some people will never use strong passwords. And some will not even understand why the password is weak. We need a client that creates password for the user by default. Don't give user easy option to make their own password or you will continue to see this problem every month.

Yet you still want to allow people to enter an existing passphrase when adding an account.

[jl777]

I pushed code that supports GUIDs. When Jean-Luc puts it into the production exchanges will be able to use guids to track transactions without worrying about transaction malleability. NIP #1 is not ready yet so I created the solution as I felt it should be.

Thanks!

Could you explain a bit how this GUID makes it immune?

James

P.S. Multisig next?