|
|
PilotofBTC
Legendary
 Offline
Activity: 1736
Merit: 1001
|
 |
June 09, 2015, 02:28:09 PM |
|
How many confirmations does NXT need for a transaction to fully confirm? I sent some over 12 hours ago and it now has 528 confirmations, yet still doesn't show as fully confirmed. It doesn't seem viable for a currency for this to be normal. Is the network malfunctioning?
It depends on what you mean by "fully confirmed". It will take 1440 confirms before it will forge. But, the coins are probably pretty safe after 10 confirms or so. NXT attempted to do a roll back once, but just getting all the major forgers to do something is near impossible. |
|
|
|
|
PilotofBTC
Legendary
Offline
Activity: 1736
Merit: 1001
|
|
June 09, 2015, 02:44:51 PM |
|
How many confirmations does NXT need for a transaction to fully confirm? I sent some over 12 hours ago and it now has 528 confirmations, yet still doesn't show as fully confirmed. It doesn't seem viable for a currency for this to be normal. Is the network malfunctioning?
720 confirms for fully not rollback. Generally,10 confirms is enough. Wow. That's going to take close to a day to process a single transaction. Thanks for the info. Er, seems to be some confusion here...... 10 confirms is more than enough to be spendable, the 720 confirmations/blocks is the rollback limit coded into NXT: https://nxtforum.org/general/transaction-confirmations-best-practice/The confusion seems to be in the client, explorer, and/or network because I went to bed last night with over 850 confirmations yet the explorer showed it as "unconfirmed" and it still hadn't arrived. Just had a chance to check today and it now has over 1275 confirms yet the explorer still shows it as unconfirmed. However, the funds do seem to have finally arrived after a day and a half! How many confirmations does NXT need for a transaction to fully confirm? I sent some over 12 hours ago and it now has 528 confirmations, yet still doesn't show as fully confirmed. It doesn't seem viable for a currency for this to be normal. Is the network malfunctioning?
Are you running NRS v1.5.x? Can you post the transaction ID (or PM it me)? I was using Mofowallet's web client, my third attempt to get a working client (the one I had installed from months ago now gives the error "An error occurred, the server has quit. Please restart the application" when I try launching it), the official client apparently requires the command line to launch now (which I'm perfectly comfortable using) but just gives multiple error messages when I try, and the first web client I tried seemed to want me to register and create a new wallet with no way to use my existing one. Conceptually, I like NXT, but if the goal is widespread consumer adoption, it has a long way to go. Mofo Wallet is nice... but I don't think they have updated the NXT side to 1.5 yet. The standard NRS is pretty easy... as long as you have Java installed. I think they recently moved to a new version required. That may be why it doesn't run for you. |
|
|
|
|
bitcoinrocks
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
June 10, 2015, 10:53:19 AM |
|
If I'm not mistaken, the Oracle JDK is not open source and there are no ARM binaries available. How are people supposed to run NRS on the many (many!) available ARM devices such as the Raspberry Pi? |
|
|
|
|
|
|
tyz
Legendary
Offline
Activity: 3360
Merit: 1533
|
|
June 10, 2015, 06:27:17 PM |
|
Fully confirmed is relative. A transaction is fully confirmed after 1440 confirmations. After 720 confirmations a rollback is impossible. Usually it is enough when you have 10+ confirmations. How many confirmations does NXT need for a transaction to fully confirm? I sent some over 12 hours ago and it now has 528 confirmations, yet still doesn't show as fully confirmed. It doesn't seem viable for a currency for this to be normal. Is the network malfunctioning?
|
|
|
|
|
bitcoinrocks
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
June 11, 2015, 03:45:27 AM |
|
The latest available there is 8u33 which has 13 security vulnerabilities currently (3 of them rated 10/10 for severity): http://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/Oracle-JDK.htmlSo everyone running the latest NRS on an ARM device (Raspberry Pi, etc) is likely open to several severe security vulnerabilities. ARM users should be instructed to shut down their nodes until Oracle releases something newer than 8u40. NRS updates should have been delayed until a secure ARM binary is available from Oracle. This was not handled responsibly from a security standpoint. |
|
|
|
|
|
nexern
|
|
June 11, 2015, 10:18:03 AM |
|
The latest available there is 8u33 which has 13 security vulnerabilities currently (3 of them rated 10/10 for severity): http://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/Oracle-JDK.htmlSo everyone running the latest NRS on an ARM device (Raspberry Pi, etc) is likely open to several severe security vulnerabilities. ARM users should be instructed to shut down their nodes until Oracle releases something newer than 8u40. NRS updates should have been delayed until a secure ARM binary is available from Oracle. This was not handled responsibly from a security standpoint. can't remember when jdk ever was bug free (like many other complex dev-stacks). however, since i am not a java coder but running an arm node, it would be helpfull if you could point me to a more concret security problem or better to a non theoretical attack vector, where running the arm node isn't secure. if this is a real world security problem it has to be adressed ofc. |
|
|
|
|
|
Eadeqa
|
|
June 11, 2015, 01:29:12 PM |
|
http://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/Oracle-JDK.htmlSo everyone running the latest NRS on an ARM device (Raspberry Pi, etc) is likely open to several severe security vulnerabilities. ARM users should be instructed to shut down their nodes until Oracle releases something newer than 8u40. NRS updates should have been delayed until a secure ARM binary is available from Oracle. This was not handled responsibly from a security standpoint. Nonsense. The operating system you are running (whatever it is) probably have hundreds of bugs, like all software. Doesn't mean crap. |
|
|
|
bitcoinrocks
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
June 11, 2015, 04:19:38 PM |
|
The latest available there is 8u33 which has 13 security vulnerabilities currently (3 of them rated 10/10 for severity): http://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/Oracle-JDK.htmlSo everyone running the latest NRS on an ARM device (Raspberry Pi, etc) is likely open to several severe security vulnerabilities. ARM users should be instructed to shut down their nodes until Oracle releases something newer than 8u40. NRS updates should have been delayed until a secure ARM binary is available from Oracle. This was not handled responsibly from a security standpoint. can't remember when jdk ever was bug free (like many other complex dev-stacks). however, since i am not a java coder but running an arm node, it would be helpfull if you could point me to a more concret security problem or better to a non theoretical attack vector, where running the arm node isn't secure. if this is a real world security problem it has to be adressed ofc. As you know, bugs aren't the issue, security vulnerabilities are, and it looks like 8u41 and higher are free of known security vulnerabilities. The latest version for x86 looks to be 8u45. Details on the vulnerabilities are accessible via this link: http://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/Oracle-JDK.html |
|
|
|
|
|
|
bitcoinrocks
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
June 12, 2015, 09:55:48 AM |
|
|
|
|
|
|
yassin54
Legendary
Offline
Activity: 1540
Merit: 1000
|
|
June 12, 2015, 10:08:14 AM |
|
it is just me bizarre  |
|
|
|
|
|
Eadeqa
|
|
June 12, 2015, 10:13:52 AM |
|
The latest available there is 8u33 which has 13 security vulnerabilities currently (3 of them rated 10/10 for severity): http://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/Oracle-JDK.htmlSo everyone running the latest NRS on an ARM device (Raspberry Pi, etc) is likely open to several severe security vulnerabilities. ARM users should be instructed to shut down their nodes until Oracle releases something newer than 8u40. NRS updates should have been delayed until a secure ARM binary is available from Oracle. This was not handled responsibly from a security standpoint. can't remember when jdk ever was bug free (like many other complex dev-stacks). however, since i am not a java coder but running an arm node, it would be helpfull if you could point me to a more concret security problem or better to a non theoretical attack vector, where running the arm node isn't secure. if this is a real world security problem it has to be adressed ofc. As you know, bugs aren't the issue, security vulnerabilities are, and it looks like 8u41 and higher are free of known security vulnerabilities. The latest version for x86 looks to be 8u45. Details on the vulnerabilities are accessible via this link: http://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/Oracle-JDK.htmlInstead of giving random links with hundreds of vulnerabilities, can you post an exact vulnerability, explain how it works, and how is it relevant to Nxt? A lot of these vulnerabilities are related to applets where you are running UNTRUSTED code found on a random webpage. Nxt doesn't use applets. And Nxt isn't UNTRUSTED code as you download it from official source (Nxt developers who you presumably trust) Understand that difference and then you will see none of these 'vulnerabilities" have any relevance in your usecase. |
|
|
|
yassin54
Legendary
Offline
Activity: 1540
Merit: 1000
|
|
June 12, 2015, 10:22:53 AM |
|
may be the storm this is my Internet operator who has problem thank you for yur link  |
|
|
|
|
superresistant
Legendary
Offline
Activity: 2156
Merit: 1131
|
|
June 12, 2015, 01:41:16 PM |
|
may be the storm this is my Internet operator who has problem thank you for yur link I had the same "storm" problem this morning. I'm in the south of France. |
|
|
|
|
tyz
Legendary
Offline
Activity: 3360
Merit: 1533
|
|
June 12, 2015, 02:30:36 PM |
|
Same to me. Actually I do not trade much on Cryptsy. But each time I tried to withdrew, I had some troubles. So, choose Polo or Bittrex. Two better alternatives. Btw cryptsy has issues with NXT withdrawals very often based on my experience... it's definitely not the best option if you need to withdraw NXT fast
|
|
|
|
|
|
|
Mhr3io
Newbie
Offline
Activity: 30
Merit: 0
|
|
June 12, 2015, 05:50:37 PM |
|
NXT maybe this is the next coin to check
|
|
|
|
|
|
Eadeqa
|
|
June 13, 2015, 07:00:26 AM
Last edit: June 13, 2015, 07:11:14 AM by Eadeqa |
|
Once again, you failed to demonstrate how these are relevant to your case? You are not running untrusted code you found on a webpage. These security bugs are talking about running malicious untrusted code on JVM that can breach JVM's builtin security. Lesson? Don't run untrusted code on JVM. In your usecase, you are running software (Nxt in this case) that you downloaded yourself from official site. You trust the code you are running. If you don't understand that difference, then well too bad for you. Do you even understand how computers work? |
|
|
|
|
