| Nxt | Blockchain Platform | Proof of Stake | Official

[bitcoinrocks]

These security bugs are talking about running malicious untrusted code on JVM that can breach JVM's builtin security.

Once again:

It sounds like you have already carefully gone over each of the 13 vulnerabilities

[Eadeqa]

These security bugs are talking about running malicious untrusted code on JVM that can breach JVM's builtin security.

Once again:

It sounds like you have already carefully gone over each of the 13 vulnerabilities

I understand how software works.  You don't. How would JVM sitting idly (not even running) on a hard drive a security risk? Is there some kind of magic involved?  How is running trusted software on that JVM a security risk? You seem to be a clueless idiot. I understand that there are security bugs that can be exploited if you run malicious untrusted code on that JVM which can bypass the JVM  builtin securities, but what the heck does that have to do with running Nxt? Let me guess: nothing.

[bitcoinrocks]

Try going outside.  Or at least take a breath.

Even if those 13 security vulnerabilities only pertain to running untrusted code as you say (you've obviously investigated each one: nice), what if an ARM+NRS user makes that vulnerable JDK their system JDK and runs a browser?  Like it or not, requiring users to run vulnerable software is bad.

[superresistant]

Like it or not, requiring users to run vulnerable software is bad.

Like it or not, everyone is using vulnerable software. Everyone.
Have you ever seen an invulnerable software ? I would like to know.

[Eadeqa]

Even if those 13 security vulnerabilities only pertain to running untrusted code as you say (you've obviously investigated each one: nice), what if an ARM+NRS user makes that vulnerable JDK their system JDK and runs a browser?  

There should be no problem  unless he is running untrusted software on the web. The browser will ask the user before it runs any java code. Don't run untrusted software. Even if your java/browser has zero bugs, running untrusted software could be be just as risky. For example installing malicious browser extension can  install a keylogger that steals all your passwords, regardless even if your browser has zero bugs and no java is installed.

[bitcoinrocks]

Like it or not, requiring users to run vulnerable software is bad.

Like it or not, everyone is using vulnerable software. Everyone.
Have you ever seen an invulnerable software ? I would like to know.

No one should be running a system that is susceptible to a published security vulnerability if they can help it.  That's common sense.

Code:

# glsa-check -t all
This system is not affected by any of the listed GLSAs
#

I'm disappointed that security isn't a higher priority here.  Just because nothing is 100% secure doesn't mean it's OK to require users to install software with published security vulnerabilities.

[superresistant]

No one should be running a system that is susceptible to a published security vulnerability if they can help it.  That's common sense.

Common sense doesn't exist.

I'm disappointed that security isn't a higher priority here.  Just because nothing is 100% secure doesn't mean it's OK to require users to install software with published security vulnerabilities.

Unless you found a flaw that can be used in Nxt, I don't think that devs have time to waste on fixing all the Unspecified vulnerability in Oracle Java SE or redo all the code from scratch.
A flaw on Oracle Java SE doesn't mean that is can be used in Nxt.
Open source tech have often many flaws that are not reported.

[bitcoinrocks]

No one should be running a system that is susceptible to a published security vulnerability if they can help it.  That's common sense.

Common sense doesn't exist.

I guess that's how we pitched Overstock.

[Damelon]

https://nxtforum.org/nrs-releases/nrs-v1-5-12/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Release 1.5.12

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.5.12.zip

sha256:

ac42f30dde2f84c624a78791befb44ed0f11dc8e456742388d410537914266f9  nxt-client-1.5.12.zip

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.5.12.jar

sha256:

f29d6229f9a14ee37b217ffcf6484b7efcd16ac5ce714b64e968de7ceafd311e  nxt-client-1.5.12.jar

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.5.12.exe



Change log:

Significantly reduced the number of threads used when WebSockets are enabled.
This should prevent the out of memory issues on some systems caused by
excessive number of native threads created.

Fixed important bugs in fork resolution during blockchain download.

Improved blockchain download speeds, reduce load on hallmarked nodes and avoid
slow peers during download.

Send event notifications when using the eventRegister and eventWait APIs only
after the database transaction has been committed, to make sure the changes
that triggered the event are visible at the time the event is emitted.

Added generateFileToken and decodeFileToken APIs, allowing creating and
verifying tokens for files.

Fixed file upload when using the test page.

The maximum file size accepted for upload can be restricted using the new
nxt.maxUploadFileSize property, default and minimum accepted value is 42 kB.


Client UI:

Fixed missing scrollbars in modals invoked from other modals.

Updated some translations. Added Romanian translation (experimental).

Updated bootstrap to version 3.3.4.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVfWnUAAoJEFOhyXc7+e2AwsAQANXmvSdHq3fgU/NJdJzM/vhL
NtPB/lQsXcMrB38QUADwvgKe2EAWf6re4aabjpNnXmVKntvYE/vJR4EQXpiXLFok
rSoPsbBYkxt1JKvb1lhWY90dTk+uWoziBzVd+cXDSABzWQyfqZGojAKe9SYpFSMS
qyoaALkL859xT3SREg3aFeiJ9Kk+dLflUFBb7oGH/ez0Q/WFCHtA88+HFL4fM8ro
UskRNj9IMjkqsw3l5GN3RgzRbfHCO6KxFDLXa4zg7toS6Vo9eODs4GO8eFSvsxnb
5VxqihpCgZ9Yo0wTuvAkoR5me3AWHQoia2ms93Uowa3GN8eF7KC8AYvFr7mhxjT/
+PLX5kun/yyhHk58ks/T9Wzn2eZ6ApgLT6tOLvmUVo82DVWcP4GkX4s0IXlHslwc
JpbKBDe75d/n+GfsibvcWeK0eTsePcLIFW4z0DtaUuADdStatjsmWbwXqPwWmLWd
+THOlBAIVIvSolIAHOL1tWT0jWDrgJj0eedOPlhNE3tzav+9j1N5fpC1+tOqRFr9
kuQwyK48S8KSX16y6VMKv2FjRVF3hHZnQMnUgOlUYEuTVBfw9ltdgxdFU5ZSmbwv
srAcS1M/fAJpirEi3+KBe2WPvN68MEeKr+OB3qOw0Z6Jwmu7mJBcWtwiO11h990b
jVEO+JbQWvTJAX1hXAP/
=6jAr
-----END PGP SIGNATURE-----

[c-cex]

Hello! I would like to introduce dedicated NXT pairing at C-CEX.com exchange.
You are welcome to trade any coin we have (140+) to NXT!

NXT pairing entry point is here:
https://c-cex.com/?lpm=nxt&p=nxt-btc

[EvilDave]

Nice work, C-CEX dudes!

[Armis]

I remember reading something about how an independent coin could be brought onto the NXT network, I don't remember if this was in the plans, in the works, or something that already exists, I have a coin that would be interested in that.  what is the status on that please?

[nzminer]

I remember reading something about how an independent coin could be brought onto the NXT network, I don't remember if this was in the plans, in the works, or something that already exists, I have a coin that would be interested in that.  what is the status on that please?

It does already exist!

Its called the NXT Monetary System (ME)!

[Armis]

I remember reading something about how an independent coin could be brought onto the NXT network, I don't remember if this was in the plans, in the works, or something that already exists, I have a coin that would be interested in that.  what is the status on that please?

It does already exist!

Its called the NXT Monetary System (ME)!

I'm not sure if you are joking or serious but, I know ME is for new coin production, but I'm referring to an existing coin with it's own blockchain being brought over to the NXT system, would that be via the ME, if so how would that logistically occur? 

[habraken]

I remember reading something about how an independent coin could be brought onto the NXT network, I don't remember if this was in the plans, in the works, or something that already exists, I have a coin that would be interested in that.  what is the status on that please?

It does already exist!

Its called the NXT Monetary System (ME)!

I'm not sure if you are joking or serious but, I know ME is for new coin production, but I'm referring to an existing coin with it's own blockchain being brought over to the NXT system, would that be via the ME, if so how would that logistically occur?  

They were talking (jokingly) about rescuing LTC by bringing it over to Monetary System (MS) here: https://nxtforum.org/general-discussion/ltc-is-about-to-disintegrate-we-need-to-reach-out-and-wint-them-over-to-nxt/
No technical info in that thread, but maybe some people that know how to implement such a plan.

Also some comments on the idea here: https://nxtforum.org/general-discussion/launching-1-4/msg143296/#msg143296 and here https://nxtforum.org/monetary-system/will-there-be-a-mechanism-to-bring-existing-currencies-into-ms/

[kushti]

First part of Phasing Transactions doc is out in the form of the blogpost: http://chepurnoy.org/blog/2015/06/phasing-transactions-in-nxt-part-1-introduction-phasing-safety/

[msin]

First part of Phasing Transactions doc is out in the form of the blogpost: http://chepurnoy.org/blog/2015/06/phasing-transactions-in-nxt-part-1-introduction-phasing-safety/

Thanks Kushti, great work.

[Callahan]

Hello! I would like to introduce dedicated NXT pairing at C-CEX.com exchange.
You are welcome to trade any coin we have (140+) to NXT!

NXT pairing entry point is here:
https://c-cex.com/?lpm=nxt&p=nxt-btc

Thanks guys, still working, you are #1

[tyz]

The price has been risen by almost 25% in 24hrs  Has there been released a new killer feature ?

[nexern]

First part of Phasing Transactions doc is out in the form of the blogpost: http://chepurnoy.org/blog/2015/06/phasing-transactions-in-nxt-part-1-introduction-phasing-safety/

great feature, thx kushti.