bitcoinpaul
|
|
January 10, 2014, 11:09:24 AM |
|
No more analysis, only flaw crawler?
|
|
|
|
ImmortAlex (OP)
|
|
January 10, 2014, 04:10:32 PM |
|
No more analysis, only flaw crawler? 1. Most of discussions are there, on flaw reporting thread. "We need to go deeper" 2. It's hard to do QA for code, that is known to move forward already. Jean-Luc restrained my ardour on the very first page 3. If I find something to analyse I will write post
|
|
|
|
Jaguar0625
|
|
January 11, 2014, 04:55:51 PM |
|
No more analysis, only flaw crawler? 1. Most of discussions are there, on flaw reporting thread. "We need to go deeper" 2. It's hard to do QA for code, that is known to move forward already. Jean-Luc restrained my ardour on the very first page 3. If I find something to analyse I will write post Agreed. We kept finding things here that were either (1) already fixed or (2) already known as todo items.
|
NEM - nem.io
|
|
|
jubalix
Legendary
Offline
Activity: 2632
Merit: 1023
|
|
January 13, 2014, 11:13:57 AM |
|
i'm a little confused why would you need a spec if you have the code and can code with proficiency, you should be able to read through it in about a week or 2 and figure it out?
|
|
|
|
ImmortAlex (OP)
|
|
January 13, 2014, 05:44:37 PM |
|
One small late night thought...
The User class hold secretPhrase. Every time when we need public or private key, Crypto is used (actually, it is Curve25519.keygen() on SHA-256 hash of secretPassphrase).
As software developer I personally dislike that result of keypair generation is not cached, so recalculated every time. We talk a lot about how PoS is power saving, and than do math (not very simple math!) again and again, and create the job for GC again and again.
And as user I dislike that my passphrase is stayed in memory. Yes, in terms of Nxt security there's no difference what to steal - my passphrase or my private key. But... being cyborg I can invent new password for every service I use. Those of you who are humans use common patterns often. So thief accessing memory of you device can not only steal your coins, but use your password to steal your FB account for example.
|
|
|
|
FrictionlessCoin
Legendary
Offline
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
|
|
January 20, 2014, 12:18:11 PM |
|
Seeking Additional Java Developers
We have successfully decompiled the Nxt source and are now in the process of performing a massive refactoring and cleanup of the code base.
Short term goals.
Remove the primitive addressing scheme and use a scheme that looks like Bitcoin. Bitcoin addresses are more readable, have a checksum and have many tools to generate them. Nxt addresses that are all numerical are something that came out of the 1950's.
Secure Wallet. Nxt wallet is fundamentally insecure. Exposing a wallet to the public internet for everyone to hack is just idiotic. No wonder so many Nxt users have lost money!
Nxt does not use an internal database like every other alt coin. This is idiotic because NXT nodes easily fail and run out of memory. Furthermore, if you accidentally turn off your node... your wallet can get corrupted!
NEX strives not only to be a fairer distributed Nxt variant, but a technologically super version.
Join the enterprise... participate with your coding skills!!!
We will not ship SHIT like the Nxt folks. We will ship product that will secure our users coins!
May I join? Time to join the winning team! We have the latest 0.5.9 code for your review! None of this old garbage, 0.4.7 code that is not relevant!
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 20, 2014, 12:19:28 PM |
|
Seeking Additional Java Developers
We have successfully decompiled the Nxt source and are now in the process of performing a massive refactoring and cleanup of the code base.
Short term goals.
Remove the primitive addressing scheme and use a scheme that looks like Bitcoin. Bitcoin addresses are more readable, have a checksum and have many tools to generate them. Nxt addresses that are all numerical are something that came out of the 1950's.
Secure Wallet. Nxt wallet is fundamentally insecure. Exposing a wallet to the public internet for everyone to hack is just idiotic. No wonder so many Nxt users have lost money!
Nxt does not use an internal database like every other alt coin. This is idiotic because NXT nodes easily fail and run out of memory. Furthermore, if you accidentally turn off your node... your wallet can get corrupted!
NEX strives not only to be a fairer distributed Nxt variant, but a technologically super version.
Join the enterprise... participate with your coding skills!!!
We will not ship SHIT like the Nxt folks. We will ship product that will secure our users coins!
May I join? Time to join the winning team! We have the latest 0.5.9 code for your review! None of this old garbage, 0.4.7 code that is not relevant! Oh, we shouldn't rely on 0.5.9, it has unimplemented features. Without this features ur coin won't fly.
|
|
|
|
FrictionlessCoin
Legendary
Offline
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
|
|
January 20, 2014, 12:19:51 PM |
|
One small late night thought...
The User class hold secretPhrase. Every time when we need public or private key, Crypto is used (actually, it is Curve25519.keygen() on SHA-256 hash of secretPassphrase).
As software developer I personally dislike that result of keypair generation is not cached, so recalculated every time. We talk a lot about how PoS is power saving, and than do math (not very simple math!) again and again, and create the job for GC again and again.
And as user I dislike that my passphrase is stayed in memory. Yes, in terms of Nxt security there's no difference what to steal - my passphrase or my private key. But... being cyborg I can invent new password for every service I use. Those of you who are humans use common patterns often. So thief accessing memory of you device can not only steal your coins, but use your password to steal your FB account for example.
NEX is working to fix this problem. Head over and please contribute your development talents to a "Fair and Honest" coin.
|
|
|
|
FrictionlessCoin
Legendary
Offline
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
|
|
January 20, 2014, 12:20:44 PM |
|
Seeking Additional Java Developers
We have successfully decompiled the Nxt source and are now in the process of performing a massive refactoring and cleanup of the code base.
Short term goals.
Remove the primitive addressing scheme and use a scheme that looks like Bitcoin. Bitcoin addresses are more readable, have a checksum and have many tools to generate them. Nxt addresses that are all numerical are something that came out of the 1950's.
Secure Wallet. Nxt wallet is fundamentally insecure. Exposing a wallet to the public internet for everyone to hack is just idiotic. No wonder so many Nxt users have lost money!
Nxt does not use an internal database like every other alt coin. This is idiotic because NXT nodes easily fail and run out of memory. Furthermore, if you accidentally turn off your node... your wallet can get corrupted!
NEX strives not only to be a fairer distributed Nxt variant, but a technologically super version.
Join the enterprise... participate with your coding skills!!!
We will not ship SHIT like the Nxt folks. We will ship product that will secure our users coins!
May I join? Time to join the winning team! We have the latest 0.5.9 code for your review! None of this old garbage, 0.4.7 code that is not relevant! Oh, we shouldn't rely on 0.5.9, it has unimplemented features. Without this features ur coin won't fly. Our code base is decompiled off the latest 0.5.9 release, so it has every feature that Nxt has ever implemented. Also, we don't care anymore if you release any new feature, because we are refactoring of of it for to create a more secure and fair platform. Nxt is going to be ancient technology pretty soon with its PROPRIETARY SOURCE CODE.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 20, 2014, 12:22:01 PM |
|
Our code base is decompiled off the latest 0.5.9 release, so it has every feature that Nxt has ever implemented.
Why do u want me to submit the code then?
|
|
|
|
FrictionlessCoin
Legendary
Offline
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
|
|
January 20, 2014, 12:25:21 PM |
|
Our code base is decompiled off the latest 0.5.9 release, so it has every feature that Nxt has ever implemented.
Why do u want me to submit the code then? To save us the trouble of validating our decompilation. If you don't want to submit source code, then say so for the record. We are giving you this last opportunity to save face to the world. (our next steps is to run one last validation step and then we fork forever)
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 20, 2014, 12:26:24 PM |
|
Our code base is decompiled off the latest 0.5.9 release, so it has every feature that Nxt has ever implemented.
Why do u want me to submit the code then? To save us the trouble of validating our decompilation. If you don't want to submit source code, then say so for the record. We are giving you this last opportunity to save face to the world. (our next steps is to run one last validation step and then we fork forever) Well, u have to wait for a while if u want to get a code without flaws.
|
|
|
|
FrictionlessCoin
Legendary
Offline
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
|
|
January 22, 2014, 11:05:15 AM |
|
Nxt code is extremely vulnerable.
We therefore decided to remove source code 5.9 that we decompiled (and got working) from our repository.
Fix your code.
NXT tip jar: 1552250839866495550
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 22, 2014, 12:11:38 PM |
|
Nxt code is extremely vulnerable.
We therefore decided to remove source code 5.9 that we decompiled (and got working) from our repository.
Fix your code.
NXT tip jar: 1552250839866495550
U r allowed to return the source code back online.
|
|
|
|
jubalix
Legendary
Offline
Activity: 2632
Merit: 1023
|
|
January 24, 2014, 12:16:31 AM |
|
can you put a link to the solutions as well as crossing them out.
|
|
|
|
|