pandaisftw
|
|
March 10, 2014, 12:16:07 AM |
|
Still catching up to the thread (at least 20 pages behind), but reiterating what I said earlier: Now that I think about it, parallel chains is a very nice way to achieve the 1000 TPS goal. It is highly unlikely that everyone needs to use all the parallel chains at once, so by providing many, many chains, people would only have to secure the ones they are interested in. NXT as a whole could have 1000 TPS, but a regular user would probably only need to secure at most 100 TPS on the chains he/she is interested in.
It is unlikely someone in India using NXTIndia will need to secure the NXTChina parallel chain (although both would secure the master chain). So with just 10 countries using NXT at 100 TPS, you got your 1000 TPS without the entire network having to have super-mega-fast internet speeds. Add in specialized services with their own chain, and this number could be much higher than 1000 TPS. Pandaisftw Why are people so concerned with a single "super-duper-high-speed-secured-by-super-hubs"-chain?100 parallel chains at 10 TPS each is equivalent to 1 chain at 1000 TPS. 10 TPS can be done easily with even the lowest-end hardware and internet connections. Case 1 (Assumptions): These chains use NXT as their base currency, and the total NXT between all of these chains remains 1 bil. There is a way for NXT to transfer across chains without having to create new NXT or destroying NXT (presumably atomic transactions). If not, why can't NXT transactions have a "chain-destination" field, allowing seamless cross-NXTchain transactions? Case 2: Even if Case 1 is not true, then each chain would simply have it's own "coin", but still secured by the master chain, thus part of the NXT ecosystem. Why is this practical? Because no one needs to use all 100 chains at once. People only need to secure the chains they use (in addition to the master chain) - think NXTUSA or NXTChina. Thus, there is less waste (infrastructure costs) than creating a single chain that can do 1000 TPS, but only during spike periods. It may only do 100 TPS normally, or even less. And then there's the fact that only super-hubs (centralization) can secure this network. By letting people choose what chains they want to secure, this gives nodes the flexibility to support as many chains as their hardware and bandwidth allows. Therefore, average users with Pi's can support maybe 10 chains, while those running VPSs with high bandwidth connections can support hundreds. They can also dynamically allocate their resources depending on network load via switching chains they support. This also gives us the flexibility to go beyond 1000 TPS without needing to upgrade any hardware or internet speeds. More users = more chains = more users to support more chains. Additionally, more chains means less bloat per chain. A single 1000 TPS chain would have immense bloat, and would have to be trimmed at a rapid pace. Imagine trying to catch up to a 1000 TPS chain, the chain will be rapidly growing while you're trying to download it. At this rate, the chain would be growing at 460 megabytes per hour. With many, many parallel chains, you would only have to worry about the blockchains you are securing. So a raspi user securing 10 chains at 10 TPS each would only need to worry about 100 TPS worth of bloat... much more manageable. So I'll ask again, why is there a need for a single 1000 TPS chain when you can have hundreds of 10 TPS chains?Could the network automatically adapt and support the chains that they are able to? I doubt most users will know enough to properly select what chains to support. If the network can be smart and reallocate resources where it is needed, then that would be really cool. semi-intelligent emergent behavior? Yes, this can actually be done without the user ever knowing, if the user doesn't want to know. Advanced users can specify which chains specifically to support, while new users just let the client decide for them. A client can simply have a few fields such as "Max bandwidth", "Max chains", etc. to control how many chains the node will support. The client will then find the the most profitable chains to forge - profitability is a function of the number of people forging a particular chain + the number of transactions. It should balance out by itself, no chain will ever be unsupported because it would be so profitable that clients would jump on it immediately. It would be a semi-intelligent emergent behavior, based on the laws of economics. If a particular chain is used more (more transactions) it will attract more powerful nodes to support it, until equilibrium between # of forgers and profitability is reached.
|
NXT: 13095091276527367030
|
|
|
funnynews
|
|
March 10, 2014, 12:17:35 AM |
|
Crazy idea, someone has already thought of it? A coin as the NXT might have similar features with ebay?
1 - I own the account 111111 2 - I want to buy something from the seller who has the account 22222 3 - I send 100NXT, which would be trapped in blockchain at to confirm that I received my purchase. 4 - If I receive the product unlock the 100NXT account for 222. 5 - If not receive but gets stuck and only come back to me if the account venderdor 222 mark as not completed. 6 - Upon completion of the deal or not, we could both evaluate and add 1 point to the "reputation system" of accounts. 7 - Accounts with high reputation, could mediate situations where there was no agreement.
So instead of being added to ebay, etc ... that is the dream of any currency, would replace. To facilitate the exchange of NXT for other currencies without using exchange.
What if acct 111111 receives the product, but doesnt mark it as so? acct 22222 will not be happy. If you can solve that part, this could work James 7 - Accounts with high reputation, could mediate situations where there was no agreement. Has no the advantage, since NxT is stuck until enter into any agreement or Intervene mediator. if you do not pay do not receive a positive rating. Accounts with high reputation could be mediators(optional) for and receive NXT some reward. We have a clone of ebay here in my country Brazil using reputation system: http://perfil.mercadolivre.com.br/SO+FAST.COM The reputation points are the "gold" for sellers and buyers. In case the blocchain could charge a fee to reward mediators in the case of such transaction buying and selling.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 10, 2014, 12:26:37 AM |
|
We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move. Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless. I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT. When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. THIS IS A DISASTER. WE COULD HAVE AVOIDED THIS DISASTER IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO. ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW? I agree. Developers must make the clients as easy and as fool proof as possible for the unaware user who doesn't quite grasp how important a very long passphrase is when using Nxt brain wallet. +infinity I suggested to Wesley adding a reverse steganographic password generator combined with PIN I think that makes it super easy. Jus an added thought... Is there not a way that we could add a maximum number of tries to unlock an account? After the maximum number of tries you have to wait 1 minute before you can try again (or however long is a good time). I'm not sure how hackers hack a passphrase. Im assuming they need to keep entering a different passphrase until they hit one? Having a max limit to the number of times you can enter your passphrase would slow a hacker down? This is just a thought and I don't know if this could be implemented to the clients or if im understanding things correctly as im neither a hacker or a coder Just trying to help. password cracking can be done with local copy of blockchain. I believe at the lowlevel bitcoin is the same way, they just have a standard wallet.dat overlay that hides this
|
|
|
|
bakedrice
|
|
March 10, 2014, 12:30:49 AM |
|
Thanks for helping me out and letting the community know about what happened. I know that the NXT team is hard at work & continually making improvements. Keep it up! I hope this can help developers quickly sort out the problems I highlight, and make it easier for the end user to use NXT as a currency. We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move. Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless. I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT. When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. THIS IS A DISASTER. WE COULD HAVE AVOIDED THIS DISASTER IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO. ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW? Actually, I just looked at his account and he is very open about using a short and unsafe pass. He isn't attacking Nxt at all and acknowledges he wasn't smart to do it. I don't see it as a major PR problem. The reactions he gets are good, too. Most of his followers are traders themselves who had losses, too. I'm not saying I think we shouldn't care, but he did this himself and knows it was stupid. If people want to help him, that's cool. And we should get it sorted, but that will be done. Thanks for highlighting this. I am not here to flame NXT of course. I like the innovation, and met a few NXTcoin representatives in Berlin recently, and also know of some upcoming development plans. I have always kept my NXTcoins in DGEX since I first bought them, but since DGEX removed the NXT fees, I decided to move them into a local client. Explained at the bottom is why I used an 8 character password. I'm just here to say 1 thing; security is a huge issue with cryptocurrencies and I understand that, and take necessary precautions to protect my funds. I'm not a developer designer or anything, but I consider myself a rather tech-savvy person that could navigate around websites, software, and hardware without reading a manual. But this is the first time I've ever used a login process which only requires a password and acts also as a username. On hindsight, I am surprised the client does not automatically prevent you from using a non secure password. If a website requires a secure password, they implement several restrictions to help their users save themselves in case they are careless. As much as this version of the client is a "beta" version, I am still disappointed that the system allows users to make such a simple error, knowing very well that creating an account and sending NXT into any account w <20 chars password will get hacked immediately. Like I said, security is #1 priority in crypto. I just find it amusing that the client has such a big loophole to leave users vulnerable. I don't think its a disaster, its unfortunate, and when the 'official' client's are all out with a better solution, put up a page and tweet a url to it with the same tags. I agree we have to protect the unwary from having direct access to a brain wallet but we will always have this if people do not follow instructions, he doesn't say what client he uses... Was it NRS directly? Currently you get this when you click 'unlock' in NRS.... If opening a new account, please note: A simple passphrase will certainly result in your NXT being stolen! Do not use any phrase that appears in any printed or online material, no matter how long or obscure. A secure passphrase will be at least 35 characters long and consist of random letters, numbers, and special characters, or a meaningless combination of 10 random words.
And if you ignore that and type in a stupid password you get... Your secret phrase is too short and can be easily picked by a hacker!
So that was TWO WARNINGS that he did something stupid, unless he used some other client and that means we have a downloadable client on our site that accepts bad practice without any warnings, or he got a client from somewhere else which means it could have a trojan in it anyway... We cannot protect the gullible from themselves and we cannot protect ourselves completely from the bad news that the gullible being taken advantage of will always generate... But I do agree we could/need-to be better at security than we are currently.Yes chanc3r we need a better & more secure system that can cater to non-technical users, which imo is the most vital ingredient in making NXT a viable and sustainable currency. But as to why I continued to be stupid and use a short password: It's not about the password. I misintepreted how the client functions. I expected it to work like how a normal wallet works; that you require 1 username and 1 password to access the account. I assumed the password entered was an encryption password or similar. even up reading the warnings, it doesn't at any point ring any bells that this password is both an account username & password together.
I admit, it's a simple but costly mistake. But my point here is that the NXT client is really un-user-friendly. I like the idea of having ur password as your login, but most users are not accustomed to such a system. the NXTcoin teams needs to seriously educate users properly about how to manage the wallet etc. I followed the guide on nxtcrypto.org, and the guide doesn't mention the differences the client has with a normal Cryptocoin wallet. If any other user like me blindly follows this guide, I'm sure a small percentage would have done the exact same thing I did.
|
|
|
|
bidji29
|
|
March 10, 2014, 12:47:14 AM |
|
password cracking can be done with local copy of blockchain. I believe at the lowlevel bitcoin is the same way, they just have a standard wallet.dat overlay that hides this
http://directory.io/List of all the bitcoin adress with the corresponding private key. Good luck ^^
|
|
|
|
funnynews
|
|
March 10, 2014, 12:49:28 AM |
|
OK, But should have a validation in the next versions of the client for existing accounts saying: Hello asshole, you have 50,000 NXT and uses a 10-character password? You are asking to get screwed, please create another account with a password of over 30 characters including numbers, letters and special characters and move your values or soon someone will steal you. Do not cry when it happens. You have been warned.
|
|
|
|
bakedrice
|
|
March 10, 2014, 12:54:21 AM |
|
OK, But should have a validation in the next versions of the client for existing accounts saying: Hello asshole, you have 50,000 NXT and uses a 10-character password? You are asking to get screwed, please create another account with a password of over 30 characters including numbers, letters and special characters and move your values or soon someone will steal you. Do not cry when it happens. You have been warned.
The client should not even allow anything like that from happening. Put a minimum password length of 20 characters, what so hard about that? I think using that exact language would have worked so much better though.
|
|
|
|
Damelon
Legendary
Offline
Activity: 1092
Merit: 1010
|
|
March 10, 2014, 12:56:00 AM |
|
Thanks for highlighting this. I am not here to flame NXT of course. I like the innovation, and met a few NXTcoin representatives in Berlin recently, and also know of some upcoming development plans. I have always kept my NXTcoins in DGEX since I first bought them, but since DGEX removed the NXT fees, I decided to move them into a local client. Explained at the bottom is why I used an 8 character password.
I'm just here to say 1 thing; security is a huge issue with cryptocurrencies and I understand that, and take necessary precautions to protect my funds. I'm not a developer designer or anything, but I consider myself a rather tech-savvy person that could navigate around websites, software, and hardware without reading a manual. But this is the first time I've ever used a login process which only requires a password and acts also as a username.
On hindsight, I am surprised the client does not automatically prevent you from using a non secure password. If a website requires a secure password, they implement several restrictions to help their users save themselves in case they are careless. As much as this version of the client is a "beta" version, I am still disappointed that the system allows users to make such a simple error, knowing very well that creating an account and sending NXT into any account w <20 chars password will get hacked immediately.
Like I said, security is #1 priority in crypto. I just find it amusing that the client has such a big loophole to leave users vulnerable.
Hello, I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number! To me that shows real commitment and character, and I want to thank you for that. There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...
|
|
|
|
bakedrice
|
|
March 10, 2014, 12:57:54 AM |
|
Hello,
I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number!
To me that shows real commitment and character, and I want to thank you for that.
There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...
Life has to go on, right? I died for about 1 minute but I think that was about it.
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
March 10, 2014, 01:10:30 AM |
|
The client should not even allow anything like that from happening. Put a minimum password length of 20 characters, what so hard about that? Sorry for your troubles, man. Part of the problem is that the NRS client is close to the low-level network functions of Nxt. NRS is the reference implementation -- it is meant to be a temporary interface to the Nxt functions until the community comes up with alternative higher-level clients. When this happens (soon, it appears), NRS will be discarded. Edit: and there are already several alternative clients available for Nxt. I shouldn't leave that info out.
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
gs02xzz
|
|
March 10, 2014, 01:26:01 AM |
|
Hello,
I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number!
To me that shows real commitment and character, and I want to thank you for that.
There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...
Life has to go on, right? I died for about 1 minute but I think that was about it. I am sorry for your loss. Your spending 20% of your money on Nxt was a big endorsement to Nxt. You must have thought that Nxt have some potentials in the future. It could have some good marketing effects for Nxt. I hope Nxt and some big whales will give you a Marketing bounty for that.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 10, 2014, 01:31:03 AM |
|
OK, But should have a validation in the next versions of the client for existing accounts saying: Hello asshole, you have 50,000 NXT and uses a 10-character password? You are asking to get screwed, please create another account with a password of over 30 characters including numbers, letters and special characters and move your values or soon someone will steal you. Do not cry when it happens. You have been warned.
We are already doing this! NxtMac currently says: "If opening a new account, please note: A simple passphrase will certainly result in your NXT being stolen! Do not use any phrase that appears in any printed or online material, no matter how long or obscure. A secure passphrase will be at least 35 characters long and consist of random letters, numbers, and special characters, or a meaningless combination of 10 random words." The problem is that people dont necessarily read or understand or follow the warnings that are already there. We probably need to make it hard for people to not create a good password. The following generates a decent password: openssl rand -base64 50
|
|
|
|
bakedrice
|
|
March 10, 2014, 01:42:45 AM |
|
Hello,
I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number!
To me that shows real commitment and character, and I want to thank you for that.
There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...
Life has to go on, right? I died for about 1 minute but I think that was about it. I am sorry for your loss. Your spending 20% of your money on Nxt was a big endorsement to Nxt. You must have thought that Nxt have some potentials in the future. It could have some good marketing effects for Nxt. I hope Nxt and some big whales will give you a Marketing bounty for that. I saw NXT's potential and bought all of them when it was 1300 Satoshi. I had a little more than this previously. So no I didn't exactly spend 20%, but it was worth 20% when I lost it.
|
|
|
|
Voluntold
|
|
March 10, 2014, 01:56:05 AM |
|
Stefan Molyneux speaking at the recent conference. http://youtu.be/BhL1Y1lg35wI thought that 28:30 and 33:45 had some good points that this community could apply to Nxt. I would recommend watching the whole speech.
|
Nxt: NXT-5BHG-9VRE-QGW6-DRZVQ
|
|
|
btc2nxt
|
|
March 10, 2014, 02:10:33 AM |
|
Has anybody tested NRS against an application-level DOS/DDOS attack?
Stuff like this?: * Flood 7874 with garbage packets from 1-N peers. * Flood 7874 with valid NRS packets, but invalid transaction signatures. * more?
i will do these in testnet, but not test yet. i got a packet with true transaction but false order, in placing bid using marcus03.crypto signing it, later will flood these wrong packet to testnet. i will flood valid order to testnet throught peers, but peers are slowly then local NRS.
|
|
|
|
|
allwelder
Legendary
Offline
Activity: 1512
Merit: 1004
|
|
March 10, 2014, 02:41:55 AM |
|
NXT Funding Committee Election Certification Data
really good procedure of vote . And thank you rickyjames, for the specific statistic and organization of vote.
|
|
|
|
gs02xzz
|
|
March 10, 2014, 02:48:58 AM |
|
Hello,
I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number!
To me that shows real commitment and character, and I want to thank you for that.
There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...
Life has to go on, right? I died for about 1 minute but I think that was about it. I am sorry for your loss. Your spending 20% of your money on Nxt was a big endorsement to Nxt. You must have thought that Nxt have some potentials in the future. It could have some good marketing effects for Nxt. I hope Nxt and some big whales will give you a Marketing bounty for that. I saw NXT's potential and bought all of them when it was 1300 Satoshi. I had a little more than this previously. So no I didn't exactly spend 20%, but it was worth 20% when I lost it. It's still a big endorsement. It's still a big loss. IMO.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 10, 2014, 03:14:00 AM |
|
Nodecoin update
I didnt see anything really magical in XPT, I think I will just do my own networking code.
I think I finally solved the problem with nodecoin having to trust what the node reports as far as forging status goes. Not much can be done about Evil Bob disabling the forging enable call and reporting that he is forging, but it seems that there is no point for him to do that. So with that caveat in mind, here is my planned allocation of nodecoins.
We want to reinforce good node behavior, so that is what I am going to use as the "mining" shares. All nodes will report in the 20 active peers they are connected to and how much data was uploaded/downloaded since last block. This will also give us some useful info about network topology for infrastructure committee.
If a node is blacklisted or doesnt share their address, no credit. So for each block all the nodes report in the results of their peers along with their NXTacct and IP address and payout threshold, the pool server then sums up the contribution for each NXT acct as reported by peers. The blockreward then gets allocated on a prorata basis using satoshi fractions.
The server will return a packet with a listing of earned nodecoins, total nodecoins, etc. The fact that there will be NXT transactions costs to send the nodecoins is an issue. Unless there is a market for nodecoins, I think the miner will have to send in some NXT to pay for the transaction costs, then again if tx costs go to .01 it wont be a big deal and even some small donations will pay for these costs.
People can indirectly support the NXT network by bidding for nodecoins. This way you get some nodecoins and help the network at the same time. Nodecoins are earned by uploading and downloading data to peers. This seems like a pretty good metric. From what I saw in the NXT core, it selects the 20 active peers somewhat randomly, so I dont think Evil Bob can create is own set of nodes that peer each other and spam a lot of traffic, not sure.
The following are the steps left for nodecoin: 1) client: create server request packet and send to server 2) server: process client packets and allocate nodecoins, track cumulative, return packet 3) server: implement method for transferring earned nodecoins and dealing with tx fees 4) both: audit nodecoin inventory and mining output to verify conformance with Create NXTcoins parameters 5) admin: make a tool to generate a "Create NXTcoins" AM
James
|
|
|
|
allwelder
Legendary
Offline
Activity: 1512
Merit: 1004
|
|
March 10, 2014, 03:48:42 AM |
|
Did you want some TestNxt ?
Plz send some, TKS. 7191893623143661625 What ? TestNxt,as you aked.
|
|
|
|
|