Bitcoin Forum
October 18, 2018, 06:19:05 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Questions by gweedo; split from: Kick-off Discussion  (Read 2064 times)
augustocroppo
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 500


View Profile
April 01, 2014, 01:03:25 AM
 #21

Also for someone that could apparently "code an API in 2-4 days" and knows "node.js" you can't even bring up a simple Node.js project? Did you make sure all the dependencies were installed? Did you even bother to check? If you did, list them out. I'll tell you what you're missing. Because it runs fine for all of us here at Slickage. Hell, I'm hacking away on it right now.

And another thing, with all that whining about how there was no public Github repo, when the project has been public since the start, you aren't very good at looking through the Slickage Github profile.

Oh BTW, don't think I'm mad at you or anything. You've provided hours of laughter and enjoyment for everyone at the Slickage office. Actually you've become a sort of meme in our office. I actually look forward to your posts because I need a good laugh every now and then.

Lastly, to everyone else in the forum. It's really just gweedo that I'll be negative towards. He has shown time and time again that he's childish and is looking for a fight. I've been reluctant to engage with him in that manner but after another thread being locked because of him. I have no other choice but to follow him around on his threads and embarrass his apparently coding prowess. I will not post in any other forum or in any thread where my negative input would only help to derail that thread more. Just gweedos.

I'm more than happy to answer any questions any of you other guys have. As long as they aren't malicious in any way. There have been a few others who are here to just to spite us and I find it funny. I really couldn't care less. But if it gets to the point where you are negatively effecting the progress or a thread where we are trying to solicit genuine counsel from the rest of the forum. Well, I'm going to have to call you on your shit.

Here we go, ladies and gentleman. Look above, look at the arrogant tone of someone which never participated of this forum before us. He speaks like he already knows our old participant gweedo and feel already entitled to call him "childish".

...and they believe to be professionals!

 Roll Eyes
1539843545
Hero Member
*
Offline Offline

Posts: 1539843545

View Profile Personal Message (Offline)

Ignore
1539843545
Reply with quote  #2

1539843545
Report to moderator
1539843545
Hero Member
*
Offline Offline

Posts: 1539843545

View Profile Personal Message (Offline)

Ignore
1539843545
Reply with quote  #2

1539843545
Report to moderator
Creating a Bitcoin client that fully implements the network protocol is extremely difficult. Bitcoin Core and some of its derivatives are the only known safe implementations of full nodes. Some other projects attempt to compete, but it is not recommended to use such software for anything serious. (Lightweight clients like Electrum and Bither are OK.)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
augustocroppo
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 500


View Profile
April 01, 2014, 01:10:13 AM
 #22

I have already asked him to ask me questions over PM so that the threads we were in did not derail with the explicit promise that those PM would be made public to all forum users. He has not done so. He continues to attack developers even after we've answered his questions with remarks about how we are either incompetent, slow, or otherwise.

But he is right, you are completely incompetent for the job. You did not provided any evidence you deserve R$350000 (+R$750000) to build a forum software from the scratch. He did not attacked you, he merely told the truth. Your incapacity to implement GPG support in the forum software because is "CPU intensive" is the real source of laugh around here, d00d.
gweedo
Legendary
*
Offline Offline

Activity: 1246
Merit: 1000


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
April 01, 2014, 01:33:24 AM
 #23

I have already asked him to ask me questions over PM so that the threads we were in did not derail with the explicit promise that those PM would be made public to all forum users. He has not done so. He continues to attack developers even after we've answered his questions with remarks about how we are either incompetent, slow, or otherwise.

But he is right, you are completely incompetent for the job. You did not provided any evidence you deserve R$350000 (+R$750000) to build a forum software from the scratch. He did not attacked you, he merely told the truth. Your incapacity to implement GPG support in the forum software because is "CPU intensive" is the real source of laugh around here, d00d.

Thank you for posting in this thread, you really have reasons to be upset, you spent that 50 BTC to make their job possible.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Maged
Legendary
*
Offline Offline

Activity: 1260
Merit: 1004


View Profile
April 01, 2014, 04:28:36 AM
 #24

Your incapacity to implement GPG support in the forum software because is "CPU intensive" is the real source of laugh around here, d00d.
He never said that he was incapable. On the contrary, he was smart enough to think through the consequences that such a feature would have to the point where he realized that there might be a theoretical DoS vulnerability introduced by adding it. That is, unfortunately, a very rare quality among software developers these days. We are fortunate to be employing such a person for this task.

I sure that if he thinks about it further, he will figure out how best to avoid the DoS issue. Or he'll just recommend in the documentation to run that part in the cloud where more servers can be spun up on demand. Node.js scales quite well for parallel CPU-bound tasks.

gweedo
Legendary
*
Offline Offline

Activity: 1246
Merit: 1000


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
April 01, 2014, 05:03:43 AM
 #25

Your incapacity to implement GPG support in the forum software because is "CPU intensive" is the real source of laugh around here, d00d.
He never said that he was incapable. On the contrary, he was smart enough to think through the consequences that such a feature would have to the point where he realized that there might be a theoretical DoS vulnerability introduced by adding it. That is, unfortunately, a very rare quality among software developers these days. We are fortunate to be employing such a person for this task.

I sure that if he thinks about it further, he will figure out how best to avoid the DoS issue. Or he'll just recommend in the documentation to run that part in the cloud where more servers can be spun up on demand. Node.js scales quite well for parallel CPU-bound tasks.

Yes because so many sites get DoS thru their own GPG encryption. UHMMMMMMMMMMM Do you know how queuing works? It is so trivial to implement a queue system, that is bounded by time, so these DoS can't happen. It would make this theoretical DoS vulnerability unable to be execute.

I will admit that this forum does need to be the most secure so taking risk isn't something they should be doing, but we also want privacy more and I think that far exceeds the risk of being DoS thru spamming messages thru the site.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
taesup
Member
**
Offline Offline

Activity: 99
Merit: 10


View Profile
April 01, 2014, 05:14:49 AM
 #26

Wow all this talk over a fictitious scenario.

In the end, it's all what ifs. We'll know more when we've figured out the requirements.

Also Augusto, such strong words. I'm sure kinder words would get you answers much quicker.

As for the DB access issue, Maged is quite spot on. Although, we didn't work with live data, we did work with a blanked out set. We ended up using a stored procedure I believe.

I am a Epochtalk (New Forum Software) Developer.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3178
Merit: 3812


View Profile
April 01, 2014, 05:21:37 AM
 #27

Maybe it can be tried out later once the main features are done. The server currently sends an average of about 20 mails per minute, which is not so bad. Though troubles might start occurring if this ever increased to a few mails per second (over a long period of time), as public-key crypto is extremely slow. No amount of software trickery is going to help if the hardware just can't keep up.

If standard public-key crypto isn't possible, the forum and the user could establish a long-term shared secret and then use symmetric crypto, which is very fast.

But IMO this is a pretty low priority. Emails usually don't contain sensitive info.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Maged
Legendary
*
Offline Offline

Activity: 1260
Merit: 1004


View Profile
April 01, 2014, 06:06:42 AM
 #28

Do you know how queuing works? It is so trivial to implement a queue system, that is bounded by time, so these DoS can't happen. It would make this theoretical DoS vulnerability unable to be execute.
Yes, I do. And so does Slickage:
There are ways to mitigate the CPU issue by locking it down to a few or just one core but that comes with its own trade offs. The speed at which the emails are being sent out may be drastically lower. If the email isn't time-sensitive but contains sensitive information, this is fine. But what if a system wide breach of the DB were to occur and all user's login/pass were compromised. A time-sensitive and possibly information sensitive email needs to go out...

Maybe it can be tried out later once the main features are done. The server currently sends an average of about 20 mails per minute, which is not so bad. Though troubles might start occurring if this ever increased to a few mails per second (over a long period of time), as public-key crypto is extremely slow. No amount of software trickery is going to help if the hardware just can't keep up.
Remember, the sweet part about Node.js is that it practically forces you to design your application in such a way that it can be scaled to multiple servers. It would be nice if you didn't have to add another server for cost reasons, but the option is certainly available.

Raize
Donator
Legendary
*
Offline Offline

Activity: 1414
Merit: 1004


View Profile
April 01, 2014, 05:20:34 PM
 #29

But IMO this is a pretty low priority. Emails usually don't contain sensitive info.

This got me thinking. On the current forum there is an option to include the text of a reply to a post I've made to myself via email. I've left this option off. For PMs, I'd like to get a notification, but it seems to always include the text of the PM itself. I don't know if I just have my settings wrong, but in a future system, it'd be nice to have a clear distinction between "notification" and "contents" when it comes to PMs.

OrganofCorti's Neighbourhood Pool Watch - The most informative website on blockchain health
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!