NXT :: descendant of Bitcoin - Updated Information

[wesleyh]

@Wesley

A few results after testing your client:

• Settings > Custom choice by header, Sidebar, Page header (nothing happens)
• When I click "send NXT" or "send message" in the upperright, I can't click on the avatar to choose from my Contacts
• Wouldn't it be nice to see the account balance on all the pages, maybe in the header?
• How do I change my assets?
• I can't vote on other polls

4) What do you mean by changing assets?

I created an asset, but can't I change the description for example?

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.

[chanc3r]

That may be a possibility but for this we need other client developers to agree on the same standard and the same questions. We can't have all developers making their own implementation.

Thanks Wesley.

That is a valid point. I would also point out as the wallet.dat just contains the brain wallet passphrase, as long as one client supports this method of generation and the wallet.dat is consistent you could generate it and move it - the point is a trade off between security and ability to recover.

I think if you consider that no method is perfect then some kind of structured generation does not really reduce security much. If it is implemented and popular then others will copy anyway.

Also a user hashing a passphrase built from structured information for 30s or a minute is going to make it harder for someone to crack aren't they?

[Jerical13]

Just relax and chill. Rome wasn't build in one day. This is one of the best communities for a crypto!

that is true but I dont see much agreement , just some bits here and there. that doesnt make it stronger?

1)
Because you do not see the full picture at the moment....the more time you spent here the more things will become clear.

The pace of development is very fast that's the benefit of independent actors we are all termites building a termite mount....it's very hard for each termite to see the end result of each individual termites actions.


2)
If you look at all other "2nd GEN COIN" Nxt is not doing too bad.

Mastercoin has been in a steady slide while Nxt have been pretty stable.

  

Well Put Landomata.

We are not just building a coin that is being traded on an exchange.

Just like the termite analogy infers We are really building what has been termed an "ecosystem" but maybe a better way of looking at it is from the point of view that we are building an "ecocommunity" that is developing an "ecosystem".

[ChuckOne]

Uff. That's complicated.

Having 2 2 2 2 2 2 2 2 2 2 2 2 is okay, right? But that's only 24 characters.

No, it must always be at least 35 characters.

Okay, I am not sure how users will react to that password/passphrase policy.

Not that this one is better, but maybe it is easier for the most users to understand:

1) at least 35 characters
2) less than 50 characters requires upper case and numbers

[farl4web]

@Wesley

A few results after testing your client:

• Settings > Custom choice by header, Sidebar, Page header (nothing happens)
• When I click "send NXT" or "send message" in the upperright, I can't click on the avatar to choose from my Contacts
• Wouldn't it be nice to see the account balance on all the pages, maybe in the header?
• How do I change my assets?
• I can't vote on other polls

4) What do you mean by changing assets?

I created an asset, but can't I change the description for example?

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.

@Come-from-Beyond
Maybe not so convenient?

@Wesley
Maybe making a confirmation alert, so people are sure they wrote the right description/name/etc...?

[eightspaces]

ok, can somebody PLEASE recap 1-2 months, what was released and agreed on, what was implemented in the nxt software/core?

please forgive me, it is hard to keep up with this megathread and i cant see an actual overview

thank u so much

anyone? thank u!

[Jerical13]

In the end, it would be an inconvenience for large stakeholders but for nothing.

TF is going ahead the way it was planned regardless so why not take these pointless discussions to a new topic?

LOL

"....pondering the possibility that I philosophize too much."

[NxtMinnow]

eightspaces, you can critically review my site (type directly, not picked up by crawler yet) www.nxtcoinmagazine.com or directly to review summaries here http://www.nxtcoins.nl/50-2/

[rdanneskjoldr]

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.

I guess there is also no way of destroying an asset,even if you own 100% of it.

[Tobo]

ok, can somebody PLEASE recap 1-2 months, what was released and agreed on, what was implemented in the nxt software/core?

please forgive me, it is hard to keep up with this megathread and i cant see an actual overview

thank u so much

anyone? thank u!

here is the summary -
http://www.nxtcoins.nl/[Suspicious link removed]ummaries-1501-1601-2014/

[xyzzyx]

I created an asset, but can't I change the description for example?

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.

If you don't like CFB's decision, bypass his decision.  Nxt is a decentralized system after all.

Just decide on an AM data format for your client that will specify the new description for a specified asset.  Then document and publish the format so other client writers can implement it also.

[Jerical13]

THIS IS  ANOTHER REASON WHY WE HAVE LOST FOCUS!

Lock this thread and let's move to a new forum.

If we have a debate for something the whole thread get's derailed and you have the impression that NXT project is chaotic etc.

Having specialized topics like TF, Instant TXs, AT, AE etc will help a lot both progress and get rid of this feeling that progress is stalled, situation is fuzzy etc. that puts us in a negative feedback loop!

I agree with you.....I have realized the cons of staying on this thread now greatly exceed the benefits.

If you want more topic related, focused threads, go ahead and start using them.... But leave this thread alone.

I can understand if you need a work specific thread. But here is no cause to close this thread.

 Damelon gave a perfect analogy of this thread; This is the "Pub Thread". Closing the "Pub" is bad form.

[opticalcarrier]

does anyone know if its possible to make the unix shell command curl accept only a certain self-signed certificate?  I know there is the -k option to make it ignore security warnings but I want the server to use self-signed cert and for the curl client to allow it, but to not allow any other invalid certs.

[wesleyh]

I created an asset, but can't I change the description for example?

That is done by CFB, you can't change the description after you create it, EVER. Not my call, cfb decided this.

If you don't like CFB's decision, bypass his decision.  Nxt is a decentralized system after all.

Just decide on an AM data format for your client that will specify the new description for a specified asset.  Then document and publish the format so other client writers can implement it also.

well actually i agree with it, a description should not be changeable.

[wesleyh]

So community, what do you think about the user's own password rules.

Your secret phrase must consist of at least 12 random words separated by spaces. Alternatively, you can choose a secret phrase that is at least 35 characters long and contains a mixture of lower/uppercase characters, numbers and special characters.

Is this too complicated? what do you suggest instead.

[zorke]

The Mac client I am using first gives you this message before opening an account:
and when you choose a weak passphrase, you will get this message:
The other clients should implement this too.

huh,that is exactly what the official nrs client is ?!

I guess we all do what we think is best for NXT. Personally, I'm going to take a break from this community. Impossible this, impossible that. Whatever.

i have heard that nxt is going nowhere due to no strong joined development

is thatreally true?  i cant and dont want to afford to lose my investment if this goes lower

Just relax and chill. Rome wasn't build in one day. This is one of the best communities for a crypto!

There has been a pretty big step forward as far as becoming more goal oriented in the elections of the three committees. I think this will help to turn ideas into reality in time. It would be a loss to the community to not have people share their thoughts and ideas. Dialog, conversation and critical thinking is important in the creative process, and NXT is and hopefully always will be a creative and evolving process. The dialog here is important, or I guess megalog would be a better term; but it is still important. We have an apparatus in place now to help turn these ideas into real progress. We just have to trust in that apparatus and be patient. Results will come.

Keep posting. Keep reading posts (or at least the ones that you can.) It is part of the process. And remember that this whole thing is new and cutting edge, and there is no blue print for what we are doing. Your posts and others posts are helping to make that blue print. We are ta modern day "Corps of Discovery."

+1

[rickyjames]

THIS IS  ANOTHER REASON WHY WE HAVE LOST FOCUS!

Lock this thread and let's move to a new forum.

If we have a debate for something the whole thread get's derailed and you have the impression that NXT project is chaotic etc.

Having specialized topics like TF, Instant TXs, AT, AE etc will help a lot both progress and get rid of this feeling that progress is stalled, situation is fuzzy etc. that puts us in a negative feedback loop!

I agree with you.....I have realized the cons of staying on this thread now greatly exceed the benefits.

If you want more topic related, focused threads, go ahead and start using them.... But leave this thread alone.

I can understand if you need a work specific thread. But here is no cause to close this thread.

 Damelon gave a perfect analogy of this thread; This is the "Pub Thread". Closing the "Pub" is bad form.

Actually, I lay claim to first calling this thread the "pub" thread...

https://bitcointalk.org/index.php?topic=345619.msg4798054#msg4798054

All we need is a dart board.  Oh, wait...


www.candystand.com/play/darts‎
https://www.flyordie.com/darts/
www.mousebreaker.com/games/dartsparty/playgame‎

[Daedelus]

@Wesley
Just rebooted and did the following:

Tests
Firefox normal mode, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Firefox normal mode, 'send nxt' dialogue: 16248676195570366253 > "The account has a public key."

Firefox private mode, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Firefox private mode, 'send nxt' dialogue: 16248676195570366253 > "The account has a public key."

Internet Explorer, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Internet Explorer, 'send nxt' dialogue: 16248676195570366253 > "The account has a public key."

So far so good.

Then I thought, maybe I was still signed in on IE when I went back to Firefox. i.e. signed into the same account on two different browsers at the same time. So;

Tests
Firefox normal mode, while signed in to IE at the same time, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Firefox private mode, while signed in to IE at the same time, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."

Still no problem. Then I remembered I was at the log in screen for IE. So:

Tests
Firefox normal mode, while at log screen to in to IE at the same time, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."
Firefox private mode, while at log screen to in to IE at the same time, 'send nxt' dialogue: 5678029137156573042 > "The account has a public key."

Still flawless. Then, just for kicks, I signed in to IE and Firefox in both private and normal modes (three logins of the same account) and I still couldn't break it


The wording I got last time, sending to 5678029137156573042, was:

"The recipient account does not have a public key, meaning it has never had an outgoing transaction. The account has a balance of 2509900 NXT. Please double check your recipient address before sending."

Printscreen available


TL:DR I couldn't recreate the errors I was having before.

Thank you for your patience Wesley

[ChuckOne]

So community, what do you think about the user's own password rules.

Your secret phrase must consist of at least 12 random words separated by spaces. Alternatively, you can choose a secret phrase that is at least 35 characters long and contains a mixture of lower/uppercase characters, numbers and special characters.

Is this too complicated? what do you suggest instead.

Not that this one is better, but maybe it is easier for the most users to understand:

1) at least 35 characters
2) less than 50 characters requires upper case and numbers

[igmaca]

The difference between what? A secret phrase consists of multiple words, a password is typically one long word.

Why making this difference?

Because if you type a password it must be 35 characters in length AND have numbers AND uppercase AND special character. A 12 word phrase does not require this.

Uff. That's complicated.

Having 2 2 2 2 2 2 2 2 2 2 2 2 is okay, right? But that's only 24 characters.

No, it must always be at least 35 characters.

Passphrase Politics:

As the spreadsheet shows, password complexity is far less important than length when defending against brute-force crackers.  Hence, train your users to use long, easy-to-remember passphrases instead of short, random, hard-to-remember passwords.  Here's some advice for overcoming the political obstacles.

Don't announce to your users, "Henceforth all passwords must be 15-character passphrases", since this will only result in your assassination.  Instead, start a weekly internal e-mail security bulletin that includes a joke, cartoon, funny office story, or something else that will motivate users to open the e-mail instead of just deleting it.  Along with the joke or cartoon, include a security reminder (like "don't open e-mail attachments you're not expecting" or "alert IT staff if anyone asks for your password") and keep it as short as possible or else they're learn to trash the message on sight despite the jokes and cartoons.  

In your next weekly security reminder, include a tip like this:  

    "Passwords are hard to remember, so don't forget that you can use a pass-phrase instead (passphrases are short fun sentences with spaces between the words).  So imagine an incredible or funny scene and make that your easy-to-remember passphrase!  :-)    Here are some examples:

          kitty ate my face off!
          my 100 pups play fight
          naked clowns cost $$$
          20 carbs a day max
          I threw up a mellon?
          Vader is my father dude
          a 200% raise is nice
          I only love Star Wars
          Britney Spears = my wife


In the weeks to come afterwards, follow up with more reminders like this:

    "The more outrageous, dramatic, scandalous, humorous or shocking a passphrase is, the easier it is to remember and the better it is for security.  Go ahead, have fun!"  

    "Wouldn't it be nice if mis-speling words was a good thing?  It is!  The more words you missspell in your passphraze the better it is for netwerk sekurity!"

    "Song lyrics, well-known sayings, and famous poems are easy to remember, but not ideal as passphrases.  Here's a tip!  You can still use your favorite line, but change a word in it or make it goofy in some way...or IMPROVE it!  ;-) "  

    "A passphrase takes less time to type at your keyboard than a random-looking password, and it's easier to remember too.  Great passphrases are five words or longer (size does matter!) and please do include words that no self-respecting librarian would ever put in a dictionary!"

    "If everyone agreed to use passphrases instead of passwords, we wouldn't have to change them so darn often...hmmmmmm...."


After softening up your users like this for a couple months, enforce a passphrase policy, but only against the other administrators.  Why only the other admins first?  Because, one, the security of their accounts is vastly more important than those of regular users, and, two, THEY were the real targets of the above e-mail reminders anyway!  The real obstacle to enforcing a long passphrase policy is the prejudice of the other administrators who have always been taught that "nothing's better than a RANDOM passWORD".  Show them this spreadsheet (after deleting this paragraph) and run the numbers.  It's hard to argue against the math.  Once the other admins are convinced, you can get them to help you enforce the new policy throughout the forest.  "Enforcement" is the wrong word, however, since you'll get much further by educating users first about how passphrases can be easier to remember if they're funny/shocking/bizarre, and you might consider making a deal with them too, namely, if they accept the new passphrase policy then they won't have to change them as often.  

For the other admins, make sure they understand that 1) LM hashes are not stored if a password is 15 characters or longer, 2) their own passphrases should be 15+ characters long with mis-spellings, character complexity and/or very rare words, 3) cached credentials can be extracted from stolen laptops and possibly cracked, and 4) the actual strength of the encryption on a certificate's private key is really determined by the crackability of one's passphrase, not the advertised bit-length of the cipher used, and many things depend on the security of private keys, e.g., S/MIME, VPN, TLS, WPA, etc.  

Good luck!

https://www.dropbox.com/s/syd8vwf31y90ev4/Passphrase_Length_vs_Complexity.xls