Bitcoin Forum
November 12, 2024, 12:44:57 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 ... 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 [2143] 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 ... 2557 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2761606 times)
wesleyh
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
March 10, 2014, 08:48:03 PM
 #42841

@Wesley

A few results after testing your client:

  • Settings > Custom choice by header, Sidebar, Page header (nothing happens)
  • When I click "send NXT" or "send message" in the upperright, I can't click on the avatar to choose from my Contacts
  • Wouldn't it be nice to see the account balance on all the pages, maybe in the header?
  • How do I change my assets?
  • I can't vote on other polls



4) What do you mean by changing assets?

I created an asset, but can't I change the description for example?

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.
chanc3r
Sr. Member
****
Offline Offline

Activity: 952
Merit: 253



View Profile
March 10, 2014, 08:48:27 PM
 #42842


That may be a possibility but for this we need other client developers to agree on the same standard and the same questions. We can't have all developers making their own implementation.
Thanks Wesley.

That is a valid point. I would also point out as the wallet.dat just contains the brain wallet passphrase, as long as one client supports this method of generation and the wallet.dat is consistent you could generate it and move it - the point is a trade off between security and ability to recover.

I think if you consider that no method is perfect then some kind of structured generation does not really reduce security much. If it is implemented and popular then others will copy anyway.

Also a user hashing a passphrase built from structured information for 30s or a minute is going to make it harder for someone to crack aren't they?

Jerical13
Full Member
***
Offline Offline

Activity: 266
Merit: 100



View Profile
March 10, 2014, 08:53:19 PM
 #42843

Just relax and chill. Rome wasn't build in one day. This is one of the best communities for a crypto!

that is true but I dont see much agreement , just some bits here and there. that doesnt make it stronger?


1)
Because you do not see the full picture at the moment....the more time you spent here the more things will become clear.

The pace of development is very fast that's the benefit of independent actors we are all termites building a termite mount....it's very hard for each termite to see the end result of each individual termites actions.


2)
If you look at all other "2nd GEN COIN" Nxt is not doing too bad.

Mastercoin has been in a steady slide while Nxt have been pretty stable.

  
Well Put Landomata.

We are not just building a coin that is being traded on an exchange.

Just like the termite analogy infers We are really building what has been termed an "ecosystem" but maybe a better way of looking at it is from the point of view that we are building an "ecocommunity" that is developing an "ecosystem".
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 10, 2014, 08:55:03 PM
 #42844

Uff. That's complicated.

Having 2 2 2 2 2 2 2 2 2 2 2 2 is okay, right? But that's only 24 characters.

No, it must always be at least 35 characters.

Okay, I am not sure how users will react to that password/passphrase policy.

Not that this one is better, but maybe it is easier for the most users to understand:

1) at least 35 characters
2) less than 50 characters requires upper case and numbers
farl4web
Legendary
*
Offline Offline

Activity: 1205
Merit: 1000



View Profile
March 10, 2014, 08:55:22 PM
 #42845

@Wesley

A few results after testing your client:

  • Settings > Custom choice by header, Sidebar, Page header (nothing happens)
  • When I click "send NXT" or "send message" in the upperright, I can't click on the avatar to choose from my Contacts
  • Wouldn't it be nice to see the account balance on all the pages, maybe in the header?
  • How do I change my assets?
  • I can't vote on other polls



4) What do you mean by changing assets?

I created an asset, but can't I change the description for example?

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.
@Come-from-Beyond
Maybe not so convenient?

@Wesley
Maybe making a confirmation alert, so people are sure they wrote the right description/name/etc...?
eightspaces
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
March 10, 2014, 08:56:20 PM
 #42846

ok, can somebody PLEASE recap 1-2 months, what was released and agreed on, what was implemented in the nxt software/core?

please forgive me, it is hard to keep up with this megathread and i cant see an actual overview

thank u so much

anyone? thank u!
Jerical13
Full Member
***
Offline Offline

Activity: 266
Merit: 100



View Profile
March 10, 2014, 09:02:25 PM
 #42847

In the end, it would be an inconvenience for large stakeholders but for nothing.

TF is going ahead the way it was planned regardless so why not take these pointless discussions to a new topic?


LOL Cheesy

"....pondering the possibility that I philosophize too much."
NxtMinnow
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
March 10, 2014, 09:03:01 PM
 #42848

eightspaces, you can critically review my site (type directly, not picked up by crawler yet) www.nxtcoinmagazine.com or directly to review summaries here http://www.nxtcoins.nl/50-2/
rdanneskjoldr
Sr. Member
****
Offline Offline

Activity: 288
Merit: 250


View Profile
March 10, 2014, 09:06:07 PM
 #42849


That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.

I guess there is also no way of destroying an asset,even if you own 100% of it.
Tobo
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500


View Profile
March 10, 2014, 09:06:17 PM
 #42850

ok, can somebody PLEASE recap 1-2 months, what was released and agreed on, what was implemented in the nxt software/core?

please forgive me, it is hard to keep up with this megathread and i cant see an actual overview

thank u so much

anyone? thank u!

here is the summary -
http://www.nxtcoins.nl/[Suspicious link removed]ummaries-1501-1601-2014/

xyzzyx
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


I don't really come from outer space.


View Profile
March 10, 2014, 09:13:56 PM
 #42851

I created an asset, but can't I change the description for example?

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.

If you don't like CFB's decision, bypass his decision.  Nxt is a decentralized system after all.

Just decide on an AM data format for your client that will specify the new description for a specified asset.  Then document and publish the format so other client writers can implement it also.


"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
Jerical13
Full Member
***
Offline Offline

Activity: 266
Merit: 100



View Profile
March 10, 2014, 09:14:56 PM
 #42852


THIS IS  ANOTHER REASON WHY WE HAVE LOST FOCUS!

Lock this thread and let's move to a new forum.

If we have a debate for something the whole thread get's derailed and you have the impression that NXT project is chaotic etc.

Having specialized topics like TF, Instant TXs, AT, AE etc will help a lot both progress and get rid of this feeling that progress is stalled, situation is fuzzy etc. that puts us in a negative feedback loop!


I agree with you.....I have realized the cons of staying on this thread now greatly exceed the benefits.



If you want more topic related, focused threads, go ahead and start using them.... But leave this thread alone.

I can understand if you need a work specific thread. But here is no cause to close this thread.

 Damelon gave a perfect analogy of this thread; This is the "Pub Thread". Closing the "Pub" is bad form.
opticalcarrier
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
March 10, 2014, 09:17:17 PM
 #42853

does anyone know if its possible to make the unix shell command curl accept only a certain self-signed certificate?  I know there is the -k option to make it ignore security warnings but I want the server to use self-signed cert and for the curl client to allow it, but to not allow any other invalid certs.
wesleyh
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
March 10, 2014, 09:18:17 PM
 #42854

I created an asset, but can't I change the description for example?

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.

If you don't like CFB's decision, bypass his decision.  Nxt is a decentralized system after all.

Just decide on an AM data format for your client that will specify the new description for a specified asset.  Then document and publish the format so other client writers can implement it also.



well actually i agree with it, a description should not be changeable.
wesleyh
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
March 10, 2014, 09:19:36 PM
 #42855

So community, what do you think about the user's own password rules.

Quote
Your secret phrase must consist of at least 12 random words separated by spaces. Alternatively, you can choose a secret phrase that is at least 35 characters long and contains a mixture of lower/uppercase characters, numbers and special characters.

Is this too complicated? what do you suggest instead.
zorke
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
March 10, 2014, 09:22:52 PM
 #42856

The Mac client I am using first gives you this message before opening an account:
and when you choose a weak passphrase, you will get this message:
The other clients should implement this too.

huh,that is exactly what the official nrs client is ?!

I guess we all do what we think is best for NXT. Personally, I'm going to take a break from this community. Impossible this, impossible that. Whatever.

i have heard that nxt is going nowhere due to no strong joined development

is thatreally true?  i cant and dont want to afford to lose my investment if this goes lower
Just relax and chill. Rome wasn't build in one day. This is one of the best communities for a crypto!

There has been a pretty big step forward as far as becoming more goal oriented in the elections of the three committees. I think this will help to turn ideas into reality in time. It would be a loss to the community to not have people share their thoughts and ideas. Dialog, conversation and critical thinking is important in the creative process, and NXT is and hopefully always will be a creative and evolving process. The dialog here is important, or I guess megalog would be a better term; but it is still important. We have an apparatus in place now to help turn these ideas into real progress. We just have to trust in that apparatus and be patient. Results will come.

Keep posting. Keep reading posts (or at least the ones that you can.) It is part of the process. And remember that this whole thing is new and cutting edge, and there is no blue print for what we are doing. Your posts and others posts are helping to make that blue print. We are ta modern day "Corps of Discovery."

+1
rickyjames
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
March 10, 2014, 09:23:56 PM
 #42857


THIS IS  ANOTHER REASON WHY WE HAVE LOST FOCUS!

Lock this thread and let's move to a new forum.

If we have a debate for something the whole thread get's derailed and you have the impression that NXT project is chaotic etc.

Having specialized topics like TF, Instant TXs, AT, AE etc will help a lot both progress and get rid of this feeling that progress is stalled, situation is fuzzy etc. that puts us in a negative feedback loop!


I agree with you.....I have realized the cons of staying on this thread now greatly exceed the benefits.



If you want more topic related, focused threads, go ahead and start using them.... But leave this thread alone.

I can understand if you need a work specific thread. But here is no cause to close this thread.

 Damelon gave a perfect analogy of this thread; This is the "Pub Thread". Closing the "Pub" is bad form.

Actually, I lay claim to first calling this thread the "pub" thread...

https://bitcointalk.org/index.php?topic=345619.msg4798054#msg4798054

All we need is a dart board.  Oh, wait...


www.candystand.com/play/darts‎
https://www.flyordie.com/darts/
www.mousebreaker.com/games/dartsparty/playgame‎
Daedelus
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
March 10, 2014, 09:27:04 PM
 #42858

@Wesley
Just rebooted and did the following:

Tests
Firefox normal mode, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Firefox normal mode, 'send nxt' dialogue: 16248676195570366253 > "The account has a public key."

Firefox private mode, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Firefox private mode, 'send nxt' dialogue: 16248676195570366253 > "The account has a public key."

Internet Explorer, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Internet Explorer, 'send nxt' dialogue: 16248676195570366253 > "The account has a public key."

So far so good.

Then I thought, maybe I was still signed in on IE when I went back to Firefox. i.e. signed into the same account on two different browsers at the same time. So;

Tests
Firefox normal mode, while signed in to IE at the same time, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Firefox private mode, while signed in to IE at the same time, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."

Still no problem. Then I remembered I was at the log in screen for IE. So:

Tests
Firefox normal mode, while at log screen to in to IE at the same time, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Firefox private mode, while at log screen to in to IE at the same time, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."

Still flawless. Then, just for kicks, I signed in to IE and Firefox in both private and normal modes (three logins of the same account) and I still couldn't break it Sad


The wording I got last time, sending to 5678029137156573042, was:

"The recipient account does not have a public key, meaning it has never had an outgoing transaction. The account has a balance of 2509900 NXT. Please double check your recipient address before sending."

Printscreen available Cheesy


TL:DR I couldn't recreate the errors I was having before.


Thank you for your patience Wesley Smiley
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 10, 2014, 09:27:53 PM
 #42859

So community, what do you think about the user's own password rules.

Quote
Your secret phrase must consist of at least 12 random words separated by spaces. Alternatively, you can choose a secret phrase that is at least 35 characters long and contains a mixture of lower/uppercase characters, numbers and special characters.

Is this too complicated? what do you suggest instead.

Not that this one is better, but maybe it is easier for the most users to understand:

1) at least 35 characters
2) less than 50 characters requires upper case and numbers
igmaca
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
March 10, 2014, 09:28:38 PM
 #42860

The difference between what? A secret phrase consists of multiple words, a password is typically one long word.

Why making this difference?

Because if you type a password it must be 35 characters in length AND have numbers AND uppercase AND special character. A 12 word phrase does not require this.

Uff. That's complicated.

Having 2 2 2 2 2 2 2 2 2 2 2 2 is okay, right? But that's only 24 characters.

No, it must always be at least 35 characters.


Passphrase Politics:


As the spreadsheet shows, password complexity is far less important than length when defending against brute-force crackers.  Hence, train your users to use long, easy-to-remember passphrases instead of short, random, hard-to-remember passwords.  Here's some advice for overcoming the political obstacles.

Don't announce to your users, "Henceforth all passwords must be 15-character passphrases", since this will only result in your assassination.  Instead, start a weekly internal e-mail security bulletin that includes a joke, cartoon, funny office story, or something else that will motivate users to open the e-mail instead of just deleting it.  Along with the joke or cartoon, include a security reminder (like "don't open e-mail attachments you're not expecting" or "alert IT staff if anyone asks for your password") and keep it as short as possible or else they're learn to trash the message on sight despite the jokes and cartoons.  

In your next weekly security reminder, include a tip like this:  

    "Passwords are hard to remember, so don't forget that you can use a pass-phrase instead (passphrases are short fun sentences with spaces between the words).  So imagine an incredible or funny scene and make that your easy-to-remember passphrase!  :-)    Here are some examples:

          kitty ate my face off!
          my 100 pups play fight
          naked clowns cost $$$
          20 carbs a day max
          I threw up a mellon?
          Vader is my father dude
          a 200% raise is nice
          I only love Star Wars
          Britney Spears = my wife


In the weeks to come afterwards, follow up with more reminders like this:

    "The more outrageous, dramatic, scandalous, humorous or shocking a passphrase is, the easier it is to remember and the better it is for security.  Go ahead, have fun!"  

    "Wouldn't it be nice if mis-speling words was a good thing?  It is!  The more words you missspell in your passphraze the better it is for netwerk sekurity!"

    "Song lyrics, well-known sayings, and famous poems are easy to remember, but not ideal as passphrases.  Here's a tip!  You can still use your favorite line, but change a word in it or make it goofy in some way...or IMPROVE it!  ;-) "  

    "A passphrase takes less time to type at your keyboard than a random-looking password, and it's easier to remember too.  Great passphrases are five words or longer (size does matter!) and please do include words that no self-respecting librarian would ever put in a dictionary!"

    "If everyone agreed to use passphrases instead of passwords, we wouldn't have to change them so darn often...hmmmmmm...."


After softening up your users like this for a couple months, enforce a passphrase policy, but only against the other administrators.  Why only the other admins first?  Because, one, the security of their accounts is vastly more important than those of regular users, and, two, THEY were the real targets of the above e-mail reminders anyway!  The real obstacle to enforcing a long passphrase policy is the prejudice of the other administrators who have always been taught that "nothing's better than a RANDOM passWORD".  Show them this spreadsheet (after deleting this paragraph) and run the numbers.  It's hard to argue against the math.  Once the other admins are convinced, you can get them to help you enforce the new policy throughout the forest.  "Enforcement" is the wrong word, however, since you'll get much further by educating users first about how passphrases can be easier to remember if they're funny/shocking/bizarre, and you might consider making a deal with them too, namely, if they accept the new passphrase policy then they won't have to change them as often.  

For the other admins, make sure they understand that 1) LM hashes are not stored if a password is 15 characters or longer, 2) their own passphrases should be 15+ characters long with mis-spellings, character complexity and/or very rare words, 3) cached credentials can be extracted from stolen laptops and possibly cracked, and 4) the actual strength of the encryption on a certificate's private key is really determined by the crackability of one's passphrase, not the advertised bit-length of the cipher used, and many things depend on the security of private keys, e.g., S/MIME, VPN, TLS, WPA, etc.  

Good luck!

https://www.dropbox.com/s/syd8vwf31y90ev4/Passphrase_Length_vs_Complexity.xls
Pages: « 1 ... 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 [2143] 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 ... 2557 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!