|
Jean-Luc
|
 |
March 23, 2014, 09:09:57 PM |
|
How can I get a trusted list of transaction hashes to know what to lookup?
Scanning each block for all transactions to find asset transfers is the only way I know of to get a list of asset transfers for an asset (or acct). For buy/sells, getTrades gets the list, but again I think it is a list of txids...
To go to an unmalleable hash based tx wouldnt there need to be a method to get all the transactions without ever using txid?
http://localhost:7876/test for a listing of all available APIs and their parameters. getAccountTransactions supports filtering by type and subtype, you can get asset transfer transactions for a given account. But this still returns transaction id's only, not the full transaction json. The API needs improvement. Are you sure you need to use the hash and not just the transaction id? IDs are still guaranteed to be unique and continue to be used as the unique identifier internally. Hashes are used to make sure no new transactions are accepted that are duplicates (in all fields other than the signature) of an existing transaction even though they may have a different id. |
|
|
|
|
EvilDave
|
|
March 23, 2014, 09:15:31 PM |
|
cos i feel so loved here  hey pinarello, alles goed met je ?  Gotverdomme...een stealth-Nederlander! |
|
|
|
jl777
Legendary
 Offline
Activity: 1176
Merit: 1134
|
|
March 23, 2014, 09:16:20 PM |
|
How can I get a trusted list of transaction hashes to know what to lookup?
Scanning each block for all transactions to find asset transfers is the only way I know of to get a list of asset transfers for an asset (or acct). For buy/sells, getTrades gets the list, but again I think it is a list of txids...
To go to an unmalleable hash based tx wouldnt there need to be a method to get all the transactions without ever using txid?
http://localhost:7876/test for a listing of all available APIs and their parameters. getAccountTransactions supports filtering by type and subtype, you can get asset transfer transactions for a given account. But this still returns transaction id's only, not the full transaction json. The API needs improvement. Are you sure you need to use the hash and not just the transaction id? IDs are still guaranteed to be unique and continue to be used as the unique identifier internally. Hashes are used to make sure no new transactions are accepted that are duplicates (in all fields other than the signature) of an existing transaction even though they may have a different id. Fantastic page! I missed it. I am not sure of anything about this hash stuff. It sounds like I can continue to index everything by txid, but put in a check to make sure that there is no other txid with the same hash?! Sorry if I am asking silly stuff. It sounded like people could fiddle with txid and that I couldnt trust txids to be valid. From what you are saying, it sounds like this is not the case. The attack the hash is addressing is people submitting the same transaction and making it look like a totally new one. So if I make sure that there is no conflict at the transaction hash level, we will know this didnt happen. If there is a collision of the transaction hash, which one is the imposter? I guess safer to invalidate both? James |
|
|
|
|
lyynx
|
|
March 23, 2014, 09:19:08 PM |
|
Just bumping this, we cannot allow disinformation to run unchecked. |
|
|
|
mr_random
Legendary
Offline
Activity: 1344
Merit: 1001
|
|
March 23, 2014, 09:20:58 PM |
|
nxt is for geeks, not for average joe.
What do you think Bitcoin started off as?  |
|
|
|
|
mikesbmw
|
|
March 23, 2014, 09:23:09 PM |
|
cos i feel so loved here hey pinarello, alles goed met je ? Gotverdomme...een stealth-Nederlander! godverdomme* Hè jakkiebah* FIFY |
|
|
|
|
opticalcarrier
|
|
March 23, 2014, 09:26:57 PM |
|
Can I summarise the SSL situation as: No SSL on nodes. Not needed. SSL on forums/wiki may be useful, if only as security theater. Wesleys client must have SSL in order to function securely. http://nxtra.org/nxt-client/Correct me if i'm wrong. My client doesn't need SSL to function securely (No passwords are sent to the server). Jean-luc talks about privacy. Not sure what he means by that though. However if you want to forge, the API requires that you send your password so that does needs SSL. SSL is needed to ensure that javascript client is not manipulated during transmission depending on the client and how "light" it is, this may/not be the case (assuming a not-so-light-client does verify the returned bytes before signing). But it always IS the case that its possible to tie an account ID to IP address if not using SSL. But the infrastructure committee deems tor to be the solution. Im about to upgrade all my VPSs to 0.8.12 and will remove SSL. So everyone prepare for the howls of "ahhhh, now we dont have to use the java client, but we have to figure out TOR???" Wesley, can your client be configured to also handle its own DNS, and route DNS requests through tor or does it hand DNS off to the OS? if the latter then this setup will leak DNS even if tor is used. |
|
|
|
|
^[GS]^
Member
Offline
Activity: 112
Merit: 10
|
|
March 23, 2014, 09:28:44 PM |
|
I have a bug report! This is happening, since I can remember. If I unlock an account at the node, the blocks are always kept updated. (0.7.x+) But if I unlock more than one account, the blocks are retarded and need to restart every 24 hours to be updated.  I'll make logs, so they can see if something special happens.  Greetings! |
|
|
|
|
|
Sebastien256
|
|
March 23, 2014, 09:30:47 PM |
|
I have a bug report! This is happening, since I can remember. If I unlock an account at the node, the blocks are always kept updated. (0.7.x+) But if I unlock more than one account, the blocks are retarded and need to restart every 24 hours to be updated. I'll make logs, so they can see if something special happens. Greetings! I'll would create a topic on the new official forum to avoid lost track of your bug. It is messy here and not the place to post bug: http://107.170.117.237/index.php |
|
|
|
|
Jean-Luc
|
|
March 23, 2014, 09:34:36 PM |
|
SSL is needed to ensure that javascript client is not manipulated during transmission
Right. But the user is getting the javascript from nxtra.org, which I presume is under Wesley's control. If so, user has to trust him (and still use SSL so it is not modified in transit), but he already is trusting him that the client he maintains is not malicious. Now, if there is a copy of Wesley's javascript available for example at https://wallet.nxtcrypto.org, which is not under Wesley's control, we are back to where we started, the user has to absolutely trust the owner of nxtcrypto.org, as indeed even the javascript could have been modified. |
|
|
|
|
rickyjames
|
|
March 23, 2014, 09:38:18 PM |
|
OK, everybody, your favorite dictator rickyjames here, flapping my gums wildly once more.We've coming up on 2500 pages on this Bitcointalk thread. What an accomplishment!!! Woo Hoo!!! We have a new forum that is Our Very Own at nxtforum.org . Go ahead, enter it into your address bar of your browser, it works and it's a Simple Machine forum just like this one at Bitcointalk. You'll feel right at home. I've created a thread there called NXT Pub Thread - 2500 More Pages Here Or Bust http://107.170.117.237/index.php/topic,91.0.htmlI propose that 2Kool lock this thread at page 2500 and we do a mass migration over there. It would be nice, neat, poetic closure. And a new beginning. Like this: https://www.youtube.com/watch?v=gUQbLz7AoYcC'mon, everybody. Think Nike. Just do it.
|
|
|
|
|
|
Conurtrol
|
|
March 23, 2014, 09:39:14 PM |
|
Some guy from Mastercoin says about Nxt "Their proof of stake algorithm for consensus depends on developer checkpoints so without the developers it doesn't work" Any comments from developers? |
|
|
|
|
|
Passion_ltc
|
|
March 23, 2014, 09:41:36 PM |
|
OK, everybody, your favorite dictator rickyjames here, flapping my gums wildly once more.We've coming up on 2500 pages on this Bitcointalk thread. What an accomplishment!!! Woo Hoo!!! We have a new forum that is Our Very Own at nxtforum.org . Go ahead, enter it into your address bar of your browser, it works and it's a Simple Machine forum just like this one at Bitcointalk. You'll feel right at home. I've created a thread there called NXT Pub Thread - 2500 More Pages Here Or Bust http://107.170.117.237/index.php/topic,91.0.htmlI propose that 2Kewl lock this thread at page 2500 and we do a mass migration over there. It would be nice, neat, poetic closure. And a new beginning. Like this: https://www.youtube.com/watch?v=gUQbLz7AoYcC'mon, everybody. Think Nike. Just do it. +1 www.nxtforum.org |
|
|
|
|
btler420
|
|
March 23, 2014, 09:42:02 PM |
|
Some guy from Mastercoin says about Nxt "Their proof of stake algorithm for consensus depends on developer checkpoints so without the developers it doesn't work" Any comments from developers? Do you wanna say the developers are not working on Nxt? Wow  |
y1.
|
|
|
|
instacalm
|
|
March 23, 2014, 09:42:47 PM |
|
can you lock this thread so only mods can comment? i think this thread is important for advertising to people on btt.. perhaps the mods could just post links to new threads on nxtcointalk? that way anyone that mainly uses btt can keep this thread in there watch list to keep up to date with new nxtcointalk threads?
If the thread here is locked, it's locked for good. |
|
|
|
|
|
Emule
|
|
March 23, 2014, 09:45:04 PM |
|
Some guy from Mastercoin says about Nxt "Their proof of stake algorithm for consensus depends on developer checkpoints so without the developers it doesn't work" Any comments from developers? +1 |
|
|
|
|
|
marcus03
|
|
March 23, 2014, 09:45:32 PM |
|
If you use SSL, at least you are protecting the client privacy from the ISP and anyone who can spy along the route.
This is very easy to attack. A simple correlation between a SSL encyrpted HTTP package of matching size and the timestamp of the transaction will let a third party correlate a transaction with the originator IP. You also have to trust the node operator, since he owns the SSL certificate. For forums and wiki SSL is indeed essential, unless we all start signing each of our posts and PMs with GPG.
+1 It does make sense to protect the Wiki and forum with SSL (I previously missed that you have to login into the Wiki) and as such, I think InfCom should fund the SSL certificate. The NRS nodes should however not use SSL. Users of Wesley's client that sign transactions client-side will have their privacy compromised without SSL, even though the transactions and their password will be secure (assuming he is verifying the bytes before signing). I do see the value of SSL in this use case, because it is much simpler for the end user than setting up tor, and we are targeting users who presumably are not sophisticated enough to be running the Java server themselves.
I beg to differ: - Their privacy is easily compromised to 3rd parties even with SSL (see above).
- Their privacy is always compromised to the node operator since he owns the SSL certificate, thus this is still not a trustless solution.
- If privacy is needed, Tor can deliver.
- I've added support for Tor in my client in like 2 hours (version not yet released). It will come with the tor.exe client and my NXT client simply starts the Tor client if Tor is not running already and shuts it down again on exit if it was started by my client.
All the end user has to do is set the checkbox to use Tor. I also have proposed a bounty for client developers who implement support for Tor (https://bitbucket.org/nxtinfrastructure/committee/issue/33/tor-enabled-capable-nxt-clients) since this would solve the privacy issue very efficiently.
....and we are targeting users who presumably are not sophisticated enough to be running the Java server themselves.
Well, then we exclude these users from forging, since we can't really encourage them to send account secrets to public NRS nodes (even with Tor and SSL used). I fear that the secretPhrase parameter for forging will backfire on us some day. IMHO, forging (and anything else that needs a secretPhrase parameter) should only be possible when the request comes from localhost. |
|
|
|
|
|
salsacz
|
|
March 23, 2014, 09:47:43 PM |
|
I propose that 2Kool lock this thread at page 2500 and we do a mass migration over there.
-1. This thread on Bitcointalk is a massive free advertisement of Nxt |
|
|
|
|
|
salsacz
|
|
March 23, 2014, 09:49:19 PM |
|
Some guy from Mastercoin says about Nxt "Their proof of stake algorithm for consensus depends on developer checkpoints so without the developers it doesn't work" Any comments from developers? PoS checkpoints are used in Peercoin etc. Nxt solved this problem, it doesn't use checkpoints... |
|
|
|
|
farl4web
Legendary
Offline
Activity: 1205
Merit: 1000
|
|
March 23, 2014, 09:50:01 PM |
|
cos i feel so loved here hey pinarello, alles goed met je ? Gotverdomme...een stealth-Nederlander! godverdomme* Ga jullie mond wassen, goDverdomme! |
|
|
|
|
|
