Eadeqa
|
|
September 17, 2014, 12:23:07 AM Last edit: September 17, 2014, 12:48:27 AM by Eadeqa |
|
Guys there is really no point in keeping on with this here, it is accomplishing nothing. We can come back once supernet is up and operational and discuss what is a scam then.
Yeah, but what do you do with guys who outright lie and make up stuff? This guy is bitcoin core developer? That's really shameful. confiscate his NXT Given he now has the source code, he should try to confiscate mine to demonstrate his claim that Nxt can be hacked. Otherwise he was blowing hot air.
|
|
|
|
slothbag
|
|
September 17, 2014, 12:27:23 AM |
|
This whole argument about deterministic builds is pointless. The only reason it exists for Bitcoin is because compiling Bitcoin is a PITA! Especially on windows, I have never been able to get a working statically linked binary on Windows.. its a very time consuming and complicated process. The deterministic build process is a great solution to this problem by allowing regular uses to download precompiled binaries and be pretty sure its safe due to several devs producing the same result.
But with Nxt the compilation is so simple, once you have the JDK installed, its a matter of running the ./compile.sh, and in 2-5 seconds you have your binary.
In fact its easier/faster to do a git pull; ./compile.sh than it is to download the binaries and install from the website!
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1100
|
|
September 17, 2014, 01:16:17 AM Last edit: September 17, 2014, 01:29:31 AM by jgarzik |
|
This whole argument about deterministic builds is pointless. The only reason it exists for Bitcoin is because compiling Bitcoin is a PITA! Especially on windows, I have never been able to get a working statically linked binary on Windows.. its a very time consuming and complicated process. The deterministic build process is a great solution to this problem by allowing regular uses to download precompiled binaries and be pretty sure its safe due to several devs producing the same result.
But with Nxt the compilation is so simple, once you have the JDK installed, its a matter of running the ./compile.sh, and in 2-5 seconds you have your binary.
In fact its easier/faster to do a git pull; ./compile.sh than it is to download the binaries and install from the website!
To repeat for the cheap seats: Wrong. This is irrelevant, because the majority of users do not do this. The majority of users just run the pre-built jar (which is what the NXT readme instructs them to do anyway). A reproducible build process is helpful because... This helps ensure that the release manager is not under duress, unknowingly infected with malware, or corrupt. No security solution is perfect, but it raises the bar significantly when multiple parties verify the build.
And on to, I didn't see bitcoin closing down its open source model just because there were IPO scams whatnot? I think if NXT is truly closed source its a very telling telltale that its not what it seems.
Closed dev process. As I noted the source code snapshot is published, but not live commits and open feedback/criticism like normal open source projects. NXT is ivory tower. Apparently the project has bounced between open and closed source at least once.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
Eadeqa
|
|
September 17, 2014, 01:27:19 AM |
|
To repeat for the cheap seats: Wrong. This is irrelevant, because the majority of users do not do this. The majority of users just run the pre-built jar (which is what the NXT readme instructs them to do anyway). A reproducible build process is helpful because... This helps ensure that the release manager is not under duress, unknowingly infected with malware, or corrupt. No security solution is perfect, but it raises the bar significantly when multiple parties verify the build.
It's much easier for multiple parties to verify java classes. This doesn't have to come from Nxt core developer. It could be independent third parties, forum members, and even you. Here is how cd nxt jar xvf nxt.jar mv nxt nxt-orig rm -f nxt.jar ./compile.sh jar xvf nxt.jar diff -r nxt nxt-orig
If you don't see a difference, this means the class files contained in the nxt.jar file included in the nxt-client-1.2.8.zip package (now under nxt-orig) are exactly the same as those produced when compiling the jar file yourself, under nxt.
Why would the verification have to come from multiple core developers? Lets have volunteers/independent third parties who verify it, as it's much easier/trivial with Java
|
|
|
|
slothbag
|
|
September 17, 2014, 01:30:45 AM |
|
I would argue that the "lazy" people who download and run the JAR rather than compiling their own are probably similar in proportion to the lazy people who download bitcoin-qt without checking the hashes match.. i.e. nearly everyone.. Its 2 seconds to compile Nxt, its 2 seconds to compare Bitcoin binary hashes.. both are ways to ensure your running what you think your running.. both are seldom used
|
|
|
|
NewLiberty
Legendary
Offline
Activity: 1204
Merit: 1002
Gresham's Lawyer
|
|
September 17, 2014, 02:12:33 AM |
|
I personally think bitshares x has a better product than nxt with a truly decentralized AND collateralized market. I believe this achievement is being overlooked because this is the first time in human history that any asset on earth can be traded with actual collateral backing up the trade (btsx) and enforced automatically by an algorithm instead of people. This is NOT an IOU for an asset, which has been the only option in markets until now. Also, the DPOS model will be great if it stands the test of time because of the 10s confirmation times.
Bitcoin and nxt have both been tested with bailouts/qe/inflation with Mt gox and bter repectively and both have passed the test. The question remains; is work truly required to give a money it's value? This is more of a socionomic question and a bit harder to predict but I don't think so. I believe we will see 3 to 5 dominant chains emerge with Bitcoin being the primary POW, or digital gold. Other chains will provide other uses but their associated currencies will act as money in many cases. The alternative is for Bitcoin to survive as the sole form of money with open transactions, side chains, or some type of m of n oracle system to provide collateralized markets with Bitcoin being collateral.
Is not the alternative (bolded) more likely? Is this a true statement?: The features of any appcoin can be emulated by a m-of-n oracles system that uses tokens pegged to bitcoin as fuel. If that is true, I don't see why, should some useful "app" actually emerge, that the equivalent systems that use bitcoin wouldn't outcompete the appcoins that use proprietary tokens. Which, like Cypher said, suggests that the value of these proprietary tokens should trend to zero. The appcoins appear to be further along in development. As a test on the btsx platform, I successfully sold 124 btsx for $5(bitusd) on Sept 11 and then sold that $5 for 134 btsx on sept 15, keeping in line with overall market prices. This was all done completely in a decentralized system with btsx as the underlying collateral and enforced automatically by a smart contract, keeping the entire trade in a trustless, yet collateralized environment. Once I can do this with bitcoin I will definitely take notice. Perhaps I already can and just don't know about it? Gold (bitgld) can also be traded. Obviously this is in the early stages (alpha) of development and this design has never been tried before so plenty can go wrong. The client is also buggy at this version. I am all for a working solution and if devs can make this happen with bitcoin then that would be great. I own both. The appcoins are further along because that's their angle--that's the value proposition they use to monetize their proprietary tokens. What I'm arguing is that if any of these apps prove useful, then if it is possible to create the same app but using bitcoin as fuel, then someone will create that app, and it will tend to outcompete the proprietary token. The example you gave about the decentralized BITUSD assets is interesting and a potentially useful product. But I don't see what's special about BitShares other than it was the first to do this. This functionality could be built on top of bitcoin (no protocol changes), and, by learning from the BitShares experience, probably executed better. I don't think the bitcoin core devs should do anything in the way of "more features." Bitcoin is just better money. Any truly useful apps can be implemented on top using oracles, sidechains or open transactions like you said. I see this as a vastly more robust solution than some hodgepodge cryptocurrency with a feature set that changes from week to week. Well I for one am tired of hearing that x can be built on top of bitcoin using y, z etc etc etc yet constantly seeing nothing delivered. Counterparty was built on top and that is a pretty horrible experience. Open Transactions has been talked about as the answer for years yet still nothing working there either. And sidechains? That is so far from ever getting off the ground that it shouldn't even be mentioned. The reason I got interested in Nxt was because it has a lot of features already implemented and working now! By the time these other things come out it'll already be on to the next thing! Bitcoin doesn't want these things to be added on to it, it is allergic to change. Which is ok, because it does it's job as a layer 1 currency well and that's how it should be. Weird, I see Counterparty & OT as more tried, tested and proven than NXT, and they seem to do plenty. Very fit for purpose. What are these NXT features already implemented that you haven't found elsewhere?
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
September 17, 2014, 02:12:56 AM |
|
I would argue that the "lazy" people who download and run the JAR rather than compiling their own are probably similar in proportion to the lazy people who download bitcoin-qt without checking the hashes match.. i.e. nearly everyone.. Its 2 seconds to compile Nxt, its 2 seconds to compare Bitcoin binary hashes.. both are ways to ensure your running what you think your running.. both are seldom used i routinely check binary hashes as an investor, i very much disagree with how the Bter hack of 5% of all NXT was handled. i think it's a telling lesson. the debate was whether to freeze the coins after a hack of 5% of existing NXT, a huge %. i saw no attempt at a consensus mechanism. the devs released a patch to freeze the coins and the community rejected the patch. it was bad enough that the devs would even offer such a freeze and indicated mass confusion as far as i'm concerned and a lack of solid economic principles on the part of the devs. what if 51% of users accepted the patch? what would the community have done then? the devs should actually be embarrassed that they didn't accept the patch. with the Bitcoin consensus mechanism, a real effort is made beforehand to determine the pulse of the entire community so that any patches released have a very high likelihood of being accepted so that investors like myself have input and don't get skiddish about wishy washy devs or stakeholders making rash unilateral decisions. eventually, Bter owners had to pay off the hacker with a measly fraction (single digits iirc) of the "market value" of the NXT coins, ironically with BTC. and yet the hacker still holds some. it was clear Bter (composed of majority NXT stakeholders) was terrified that the hacker would put the NXT up for sale and crash the price. the community claims this was a successful outcome. i see it as a failure.
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1100
|
|
September 17, 2014, 02:16:30 AM |
|
Why would the verification have to come from multiple core developers? Lets have volunteers/independent third parties who verify it, as it's much easier/trivial with Java
Yes. As I said, The next step is to proactively have developers and community members cross-check each other, to make sure the build produced is the same for all.
It is important for the community to demand this of themselves. The community must get into the habit of rigourously checking each release. "Anyone can check for themselves" is not sufficient, because in practice, people are lazy and do not check before 10000x users have downloaded and run the new release. Cross-check before massive download. Anyone in the community can do this. You do not have to be a developer. The critical point is establish the habit, the process of protecting users with a cross-check prior to general release. If you rely on after-the-fact checking, the release manager (NXT's Jean Luc?) could be infected with malware and be producing an infected jar. Many users would be impacted, before the problem is noticed. Set up processes to protect users. I would argue that the "lazy" people who download and run the JAR rather than compiling their own are probably similar in proportion to the lazy people who download bitcoin-qt without checking the hashes match.. i.e. nearly everyone.. Its 2 seconds to compile Nxt, its 2 seconds to compare Bitcoin binary hashes.. both are ways to ensure your running what you think your running.. both are seldom used Quite true on both points. That's why the community must have a quick cross-check of the release manager's output before opening up to large numbers of downloads (and potentially infecting large numbers of users). The software protects Real Money, people. It must be held to strict security and accountability standards. For any project, bitcoin, NXT or anything crypto-finance, you must be able to (a) prove the developers are not backdoor'ing you, by reviewing source code + checking build output, and (b) fire the developers (by forking) if they add something unexpected that the user base dislikes. Reading "I trust JLP!" posts on the NXT forum just makes for one big facepalm. The processes should be in place so that the community doesn't have to trust.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
September 17, 2014, 02:22:39 AM |
|
You don't even need a derivative market (although that is another way to leverage the nothing at stake problem). You have some coins in block x, you sell the coins, you now have nothing however you can re-org the chain back from block x. Why? Although you have nothing "now" in the past back at block x you did have something. You are attacking with the "memory" or history of coins.
First you must secure $50 bln. (as in $50 000 000 000) funding to buy enough stake. Then you can try. apparently it only costs 200BTC, or approx $100,000, to buy 45M NXT. not quite the same maths.
|
|
|
|
NewLiberty
Legendary
Offline
Activity: 1204
Merit: 1002
Gresham's Lawyer
|
|
September 17, 2014, 02:26:40 AM |
|
You don't even need a derivative market (although that is another way to leverage the nothing at stake problem). You have some coins in block x, you sell the coins, you now have nothing however you can re-org the chain back from block x. Why? Although you have nothing "now" in the past back at block x you did have something. You are attacking with the "memory" or history of coins.
First you must secure $50 bln. (as in $50 000 000 000) funding to buy enough stake. Then you can try. apparently it only costs 200BTC, or approx $100,000, to buy 45M NXT. not quite the same maths. That's a month's rent in NYC: http://observer.com/2014/07/5-nyc-apartments-that-rent-for-more-than-100000-a-month/
|
|
|
|
devphp
|
|
September 17, 2014, 04:28:56 AM |
|
You don't even need a derivative market (although that is another way to leverage the nothing at stake problem). You have some coins in block x, you sell the coins, you now have nothing however you can re-org the chain back from block x. Why? Although you have nothing "now" in the past back at block x you did have something. You are attacking with the "memory" or history of coins.
First you must secure $50 bln. (as in $50 000 000 000) funding to buy enough stake. Then you can try. apparently it only costs 200BTC, or approx $100,000, to buy 45M NXT. not quite the same maths. lol, the bter hacker was under pressure, this wasn't a normal purchase of NXT, it was Bter paying the ransom. It's notable that you guys twist facts to your advantage like that. It means there is really nothing you can find to attack NXT with and catching at straws here.
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
September 17, 2014, 04:41:00 AM |
|
You don't even need a derivative market (although that is another way to leverage the nothing at stake problem). You have some coins in block x, you sell the coins, you now have nothing however you can re-org the chain back from block x. Why? Although you have nothing "now" in the past back at block x you did have something. You are attacking with the "memory" or history of coins.
First you must secure $50 bln. (as in $50 000 000 000) funding to buy enough stake. Then you can try. apparently it only costs 200BTC, or approx $100,000, to buy 45M NXT. not quite the same maths. lol, the bter hacker was under pressure, this wasn't a normal purchase of NXT, it was Bter paying the ransom. It's notable that you guys twist facts to your advantage like that. It means there is really nothing you can find to attack NXT with and catching at straws here. what's even more ridiculous is your claim of $50 bln. lol. if the hacker had dumped that much NXT on the open mkt, the price would've tanked.
|
|
|
|
devphp
|
|
September 17, 2014, 05:09:07 AM |
|
what's even more ridiculous is your claim of $50 bln. lol.
if the hacker had dumped that much NXT on the open mkt, the price would've tanked.
It's not a claim, it's math. Purchasing 1% of all available NXT drives price 10% higher, from observations of the bter market. If you start buying NXT to get a sizeable portion (51% of all available supply), you'll quickly drain all supply at exchanges and drive the price through the roof and still won't get enough. Yeah, DeathAndTaxes presented the same 'argument' about hacker dumping NXT. Well, my answer was, the hacker could do it in two ways: 1) all at once, which would drive the price to ~200 satoshi and there all the 50m would be bought in 1 day, as at that price and all the way to 200 satoshi would be the daily trading volume of NXT in Bitcoins. 2) gradually, 1m per day which would depress price for a couple of months at most. The second scenario obviously would hurt more as it would be prolonged, but even that wouldn't be dramatic. After all, whales have been dumping for 9 months now, and NXT has survived that, although the price doesn't go much higher due to that extensive selling. The hacker could not do anything to the security of NXT itself, he could only hurt the price temporarily, and he realized it's best to get Bitcoins which could be mixed easier, even though he would only get a small number of Bitcoins.
|
|
|
|
User705
Legendary
Offline
Activity: 896
Merit: 1006
First 100% Liquid Stablecoin Backed by Gold
|
|
September 17, 2014, 06:58:25 AM Last edit: September 17, 2014, 07:15:32 AM by User705 |
|
I would argue that the "lazy" people who download and run the JAR rather than compiling their own are probably similar in proportion to the lazy people who download bitcoin-qt without checking the hashes match.. i.e. nearly everyone.. Its 2 seconds to compile Nxt, its 2 seconds to compare Bitcoin binary hashes.. both are ways to ensure your running what you think your running.. both are seldom used i routinely check binary hashes as an investor, i very much disagree with how the Bter hack of 5% of all NXT was handled. i think it's a telling lesson. the debate was whether to freeze the coins after a hack of 5% of existing NXT, a huge %. i saw no attempt at a consensus mechanism. the devs released a patch to freeze the coins and the community rejected the patch. it was bad enough that the devs would even offer such a freeze and indicated mass confusion as far as i'm concerned and a lack of solid economic principles on the part of the devs. what if 51% of users accepted the patch? what would the community have done then? the devs should actually be embarrassed that they didn't accept the patch. with the Bitcoin consensus mechanism, a real effort is made beforehand to determine the pulse of the entire community so that any patches released have a very high likelihood of being accepted so that investors like myself have input and don't get skiddish about wishy washy devs or stakeholders making rash unilateral decisions. eventually, Bter owners had to pay off the hacker with a measly fraction (single digits iirc) of the "market value" of the NXT coins, ironically with BTC. and yet the hacker still holds some. it was clear Bter (composed of majority NXT stakeholders) was terrified that the hacker would put the NXT up for sale and crash the price. the community claims this was a successful outcome. i see it as a failure. You've invested in Nxt. That's great interesting news. Tell us why?
|
|
|
|
valarmg
|
|
September 17, 2014, 08:16:31 AM |
|
i routinely check binary hashes as an investor, i very much disagree with how the Bter hack of 5% of all NXT was handled. i think it's a telling lesson. the debate was whether to freeze the coins after a hack of 5% of existing NXT, a huge %. i saw no attempt at a consensus mechanism. the devs released a patch to freeze the coins and the community rejected the patch. it was bad enough that the devs would even offer such a freeze and indicated mass confusion as far as i'm concerned and a lack of solid economic principles on the part of the devs. what if 51% of users accepted the patch? what would the community have done then? the devs should actually be embarrassed that they didn't accept the patch. with the Bitcoin consensus mechanism, a real effort is made beforehand to determine the pulse of the entire community so that any patches released have a very high likelihood of being accepted so that investors like myself have input and don't get skiddish about wishy washy devs or stakeholders making rash unilateral decisions. eventually, Bter owners had to pay off the hacker with a measly fraction (single digits iirc) of the "market value" of the NXT coins, ironically with BTC. and yet the hacker still holds some. it was clear Bter (composed of majority NXT stakeholders) was terrified that the hacker would put the NXT up for sale and crash the price. the community claims this was a successful outcome. i see it as a failure. The consensus method was releasing two versions of Nxt, one patched to reject the 5% theft, one not. All stakeholders/investors in Nxt then had a choice, stake on the patched or unpatched version. This used the proof of stake as consensus which makes perfect sense for a PoS coin. If 50%+ of stake had switched to patched version, that would have become the main chain. As it turned out, no where close to 50% voted with their stake for the patched version so the blockchain reorg didn't happen.
|
|
|
|
nexern
|
|
September 17, 2014, 09:34:18 AM |
|
I would argue that the "lazy" people who download and run the JAR rather than compiling their own are probably similar in proportion to the lazy people who download bitcoin-qt without checking the hashes match.. i.e. nearly everyone.. Its 2 seconds to compile Nxt, its 2 seconds to compare Bitcoin binary hashes.. both are ways to ensure your running what you think your running.. both are seldom used i routinely check binary hashes as an investor, i very much disagree with how the Bter hack of 5% of all NXT was handled. i think it's a telling lesson. the debate was whether to freeze the coins after a hack of 5% of existing NXT, a huge %. i saw no attempt at a consensus mechanism. the devs released a patch to freeze the coins and the community rejected the patch. it was bad enough that the devs would even offer such a freeze and indicated mass confusion as far as i'm concerned and a lack of solid economic principles on the part of the devs. what if 51% of users accepted the patch? what would the community have done then? the devs should actually be embarrassed that they didn't accept the patch. with the Bitcoin consensus mechanism, a real effort is made beforehand to determine the pulse of the entire community so that any patches released have a very high likelihood of being accepted so that investors like myself have input and don't get skiddish about wishy washy devs or stakeholders making rash unilateral decisions. eventually, Bter owners had to pay off the hacker with a measly fraction (single digits iirc) of the "market value" of the NXT coins, ironically with BTC. and yet the hacker still holds some. it was clear Bter (composed of majority NXT stakeholders) was terrified that the hacker would put the NXT up for sale and crash the price. the community claims this was a successful outcome. i see it as a failure. what you state here is pure censorship and reveals that you don't understand that the nxt community prefers THE CHOICE instead isolated, above driven decisions, jean-luc (nxt core dev) did great here. he saw there are voices and therefore demand within the community. as a result he provides (btw, superfast) the tools for an independent, consensus based FREE decision, based on common sense by the community. i call this a demonstration of strength, with a healthy portion of common sense, exactly as it has to be. isn't this at least one reason why we are here cypherdoc, able to make free decisons?
|
|
|
|
Damelon
Legendary
Offline
Activity: 1092
Merit: 1010
|
|
September 17, 2014, 10:23:03 AM |
|
Please don't equate the forum community with the people that forge Nxt, either. There were two levels of decision making here, and it was reflected on both the forums and in the forging. The forums are not always a reflection of the Nxt Community, just as BCT is in no way a reflection of the Bitcoin Community as a whole. In PoS, it's the stakeholders that make the choice. Otherwise, we could just hold votes on the forums. The devs provided a choice. Not providing that choice in this case would also have been a means of control. As this was the first time something of this magnitude happened, there is no clear roadmap and it's important to offer the choice. I really cannot see how it's better for the dev team nót to open up that choice, even if it means the possibility of opening up a can of worms. The devs did not push for a choice either way: the forgers had freedom to choose. They chose not to roll back. Only releasing a patch after you know it will be accepted by conventional consensus on a forum (!) is just silly.
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
September 17, 2014, 11:18:03 AM |
|
User705,
You read that wrong. I meant as an investor in cryptocurrencies in general.
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
September 17, 2014, 11:53:51 AM |
|
Imo, if you birth a new cryptocurrency and make a promise of a fixed supply, then that is an immutable contract not up for consideration simply because of a simple theft . I mean, poeple invest based on that assumption. A choice should never have been offered inb the first place in the Bter case. To my mind it reflects a weak mindset of the NXT community or of the devs more specifically. It means you have no idea what the hell they'll do NXT
|
|
|
|
valarmg
|
|
September 17, 2014, 12:10:55 PM Last edit: September 17, 2014, 12:23:31 PM by valarmg |
|
Imo, if you birth a new cryptocurrency and make a promise of a fixed supply, then that is an immutable contract not up for consideration simply because of a simple theft . I mean, poeple invest based on that assumption. A choice should never have been offered inb the first place in the Bter case. To my mind it reflects a weak mindset of the NXT community or of the devs more specifically. It means you have no idea what the hell they'll do NXT I don't understand. Where was the principle of a fixed supply ever in question? The question was about reorganizing the blockchain so that the single transaction was invalidated. There has been talk about blacklisting addresses in bitcoin which is a similar idea. And how is giving a choice a bad thing? You think the devs should have made up their mind and decided to hell with the community, I don't like this, so I won't allow it? No, a better idea was offering a choice in this extreme case. And the Nxt community decided overwhelmingly against invalidating that single transaction based on precedent. Shows a strong mindset and commitment to the ideas of cryptocurrency. Without the choice, you wouldn't have had any idea what they'll do in Nxt. Now you know .
|
|
|
|
|