Pages:
Author

Topic: [EMUNIE] Pre-launch stress test...all security experts and hackers *BOUNTIES* (Read 2300 times)

sr. member
Activity: 265
Merit: 250
So you're going to give an extra 5 bitcoin too the dude who stole all your bitcoin then  Shocked
legendary
Activity: 1367
Merit: 1000
Any news about stress test?  Huh
Does it happen? Roll Eyes
legendary
Activity: 1050
Merit: 1016
Although I deleted all that trolls posts, please don't confuse 4 weeks as posted in the OP as 4 weeks until launch.

This is not the case as Starik is trying to twist in an attempt to make it seem like we are now "rushing", V1.0 will be here when its here and not a moment before.

Then again, anyone that believes anything that Starik states is no better than him anyway, so why worry Smiley
hero member
Activity: 532
Merit: 500
BTW, do people learn from own mistakes?  Huh
We had the same situation in December-January: good closed test, announcement of launch in several weeks - and where we were after that? Roll Eyes

Would you rather a rushed product, or a finished one?
And you have no other variants?  Roll Eyes

Better a late product than a broken one.
Is Bitcoin late or broken one? NXT? Qora? eXo? Etherium? Crypti? NEM? BBR? ... Huh

If you do not like rush why you are rushing now with 4 weeks announsement? Why not to properly do open betatest for another 9 months? Not to have a broken product?  Grin

Bitcoin isn't a good example. It was first.

The eMunie team are the only ones who know how close eMunie is to completion, so I can't really speculate on any of that.
hero member
Activity: 532
Merit: 500
BTW, do people learn from own mistakes?  Huh
We had the same situation in December-January: good closed test, announcement of launch in several weeks - and where we were after that? Roll Eyes

Would you rather a rushed product, or a finished one?
And you have no other variants?  Roll Eyes

Better a late product than a broken one.
full member
Activity: 179
Merit: 100
BTW, do people learn from own mistakes?  Huh

Apparently not, you're still here.   Cheesy  Cheesy  Cheesy  Cheesy  (intentional use of emoticon)
legendary
Activity: 1050
Merit: 1016
It has nothing to do with with me being disgruntled,  it's about the security of the network. Why do emunie people feel the need for personal attacks? 

Not sure how my calling it like it is, is a personal attack  Huh

Otherwise I could claim the same, you're attacking my claim that it wasn't a threat, which in turn is an attack on my intelligence of my own system, which is personal.
hero member
Activity: 616
Merit: 500
It has nothing to do with with me being disgruntled,  it's about the security of the network. Why do emunie people feel the need for personal attacks? 
legendary
Activity: 1050
Merit: 1016
What's the chance of you taking my .dat file manipulation serious this time?

I thought we proved multiple times that what you thought was happening wasn't the case...and more importantly, any glitches you did see were local and didn't jeopardize the network.

Additionally even if you did jeopardize the network and I missed it, that was 8 months back, a lot has changed and been added since then, so it certainly wouldn't be the case now.

Local glitches dont count for this test, it HAS to affect the network as a whole.
The next OB i get my hands I will prove you wrong, there will be sync issues and memory spikes within 4-6 hrs of manipulating the  .dat files, and for the record I was able to generate and spend interest on emu i didn't have. Hardly a local issus.

Still running derby db in test mode as well as mysql in MyISAM?

I did explain in detail what it was you were seeing in a number of threads a long time ago, and how it wasn't a "threat" to the integrity of the system.

However, this is open to all, even disgruntled ex-supporters, so feel free to have a go Smiley
full member
Activity: 179
Merit: 100
stress test
Closed stress test?  Shocked You are kidding?  Cheesy What stress you are going to gain in closed circle of testers?  Huh

You need to work on your reading comprehension my friend.

"...I'm inviting anyone that thinks they have the means, to perform attacks on the network in an attempt to cause disruption in a test environment initially, which will be setup for this task, and also in a future open beta. "
hero member
Activity: 616
Merit: 500
What's the chance of you taking my .dat file manipulation serious this time?

I thought we proved multiple times that what you thought was happening wasn't the case...and more importantly, any glitches you did see were local and didn't jeopardize the network.

Additionally even if you did jeopardize the network and I missed it, that was 8 months back, a lot has changed and been added since then, so it certainly wouldn't be the case now.

Local glitches dont count for this test, it HAS to affect the network as a whole.
The next OB i get my hands I will prove you wrong, there will be sync issues and memory spikes within 4-6 hrs of manipulating the  .dat files, and for the record I was able to generate and spend interest on emu i didn't have. Hardly a local issus.

Still running derby db in test mode as well as mysql in MyISAM?
legendary
Activity: 1050
Merit: 1016
What you suggest is something I could work with I think, I would be comfortable sending none critical core stuff that wouldn't divulge any secrets at first until we build some form of rapport.  Then we could drill into the more sensitive stuff as and when some trust is built.

Language is Java, but as I come from a strong C background that style has very much followed (minimal nesting and abstracted Java functions).

Sounds good, I don't have unlimited time but fire something to [email protected] and I'll review when I can, expect random responses usually within 48 hours.

Sure thing, I'll send you some snippets over once I've got the next beta test version prepped, should be by the end of the week and we can go from there.
sr. member
Activity: 294
Merit: 250
Bitmark Developer
What you suggest is something I could work with I think, I would be comfortable sending none critical core stuff that wouldn't divulge any secrets at first until we build some form of rapport.  Then we could drill into the more sensitive stuff as and when some trust is built.

Language is Java, but as I come from a strong C background that style has very much followed (minimal nesting and abstracted Java functions).

Sounds good, I don't have unlimited time but fire something to [email protected] and I'll review when I can, expect random responses usually within 48 hours.
hero member
Activity: 532
Merit: 500
Is it possible to communicate with eMunie via a web-scripting language such as PHP?

Yes there is an extensive REST API which you can call from any number of web platforms via standard AJAX/JSON calls.

Almost all core functions of the client are possible to perform though these APIs, including transactions, messaging, DMP, chat etc etc

Well, in that case, colour me interested. I've sent over a skype invite. At the very least, if I don't manage to break something, I'll have some excellent future base code for eMunie services later on in the future, but I enjoy to tinker, so if there's anything exploitable there, I'll try to find it.

Any eyes are better than no eyes, so if you would like to start playing with the API's and stuff, I'd be happy to oblige.

I'm just off to eat, I'll jump on Skype when I get back Smiley

Great. Just so you're aware I'm in GMT here, so I'll only have an hour or two left tonight, but I'll be on most evenings this week.
legendary
Activity: 1050
Merit: 1016
Is it possible to communicate with eMunie via a web-scripting language such as PHP?

Yes there is an extensive REST API which you can call from any number of web platforms via standard AJAX/JSON calls.

Almost all core functions of the client are possible to perform though these APIs, including transactions, messaging, DMP, chat etc etc

Well, in that case, colour me interested. I've sent over a skype invite. At the very least, if I don't manage to break something, I'll have some excellent future base code for eMunie services later on in the future, but I enjoy to tinker, so if there's anything exploitable there, I'll try to find it.

Any eyes are better than no eyes, so if you would like to start playing with the API's and stuff, I'd be happy to oblige.

I'm just off to eat, I'll jump on Skype when I get back Smiley
legendary
Activity: 1050
Merit: 1016
What's the chance of you taking my .dat file manipulation serious this time?

I thought we proved multiple times that what you thought was happening wasn't the case...and more importantly, any glitches you did see were local and didn't jeopardize the network.

Additionally even if you did jeopardize the network and I missed it, that was 8 months back, a lot has changed and been added since then, so it certainly wouldn't be the case now.

Local glitches dont count for this test, it HAS to affect the network as a whole.
legendary
Activity: 1050
Merit: 1016
can you link me to the code, pm or email is fine - I'll review then decide Smiley

Escrow some of your most valuable assets as security and I'll send you my most valuable asset which is the code.

Well now I can't escrow you my family, friends, and brain - but you're welcome to escrow all of my opensource unlicensed code and every idea documented which is all public domain.

Your asset is you brain and those around you, your code will be redundant in some time, as will mine, let us hope our brains and friends are not. I know one thing for sure, my own ideas and creations are better when merged with those of others, I was simply offering the same to you, to give another set of eyes to review your hard work, to help you, not to steal it.

You are writing to me on the web which was given to us free, and mentioning fielding's rest which he gave us free, and about json and ajax also free, can you imagine the state of our world had they all been closed and protected? We wouldn't be speaking, and you wouldn't have a project, nor I.

I digress. If you just have some binaries connecting to a network with no implementation details, then one can't really help, it's kind of impossible to review security by just hitting the thing to see if it breaks, somebody else may have a bigger or better hammer later, or more pertinently a little toothpick which opens it all right up.

I thought you were trolling, as this topic has come up many times regarding eMunie code.  Its unfortunate, but after having so many ideas taken by others, then passed off as theirs with no credit given to me, coupled with the huge amount of time, effort, stress, heart ache and personal money vested in this, I simply refuse to give it out to every Tom, Dick and Harry that requests, or as is usual, demands it.

However, your intelligent reply warrants both an apology from myself for jumping the gun (though I hope you can appreciate why), and a dose of respect.  If you are indeed serious about performing a peer review, and would have no problem in a binding legal agreement of non-disclosure, then I would be happy to provide the code and be happy for you to review and assist making eMunie better.

Smiley

I'm happy to sign an NDA, if doing so under a pseudonym would be much use! Perhaps it would be easier to just send a few files from the core, I presume you've caught things generically for anything rest based, data too large or ill-formed and the like. Any client code is perhaps irrelevant, so we'd just be looking at the core, pick a few files you feel are important to review and I can look at them in a test-to-fail manner to see if I catch anything. I'm not a specialist but many sets of eyes are better than one or two. Does that work for you?

Oops, which language?

Warm regards, and apologies for not researching context and history first - now that you've said I remember some of the things you mentioned, sorry,

Mark

Lol pseudonym wouldn't really be of use no Smiley

What you suggest is something I could work with I think, I would be comfortable sending none critical core stuff that wouldn't divulge any secrets at first until we build some form of rapport.  Then we could drill into the more sensitive stuff as and when some trust is built.

Language is Java, but as I come from a strong C background that style has very much followed (minimal nesting and abstracted Java functions).

No problem, thanks for understanding Smiley

Dan
hero member
Activity: 532
Merit: 500
Is it possible to communicate with eMunie via a web-scripting language such as PHP?

Yes there is an extensive REST API which you can call from any number of web platforms via standard AJAX/JSON calls.

Almost all core functions of the client are possible to perform though these APIs, including transactions, messaging, DMP, chat etc etc

Well, in that case, colour me interested. I've sent over a skype invite. At the very least, if I don't manage to break something, I'll have some excellent future base code for eMunie services later on in the future, but I enjoy to tinker, so if there's anything exploitable there, I'll try to find it.
hero member
Activity: 616
Merit: 500
What's the chance of you taking my .dat file manipulation serious this time?
sr. member
Activity: 294
Merit: 250
Bitmark Developer
can you link me to the code, pm or email is fine - I'll review then decide Smiley

Escrow some of your most valuable assets as security and I'll send you my most valuable asset which is the code.

Well now I can't escrow you my family, friends, and brain - but you're welcome to escrow all of my opensource unlicensed code and every idea documented which is all public domain.

Your asset is you brain and those around you, your code will be redundant in some time, as will mine, let us hope our brains and friends are not. I know one thing for sure, my own ideas and creations are better when merged with those of others, I was simply offering the same to you, to give another set of eyes to review your hard work, to help you, not to steal it.

You are writing to me on the web which was given to us free, and mentioning fielding's rest which he gave us free, and about json and ajax also free, can you imagine the state of our world had they all been closed and protected? We wouldn't be speaking, and you wouldn't have a project, nor I.

I digress. If you just have some binaries connecting to a network with no implementation details, then one can't really help, it's kind of impossible to review security by just hitting the thing to see if it breaks, somebody else may have a bigger or better hammer later, or more pertinently a little toothpick which opens it all right up.

I thought you were trolling, as this topic has come up many times regarding eMunie code.  Its unfortunate, but after having so many ideas taken by others, then passed off as theirs with no credit given to me, coupled with the huge amount of time, effort, stress, heart ache and personal money vested in this, I simply refuse to give it out to every Tom, Dick and Harry that requests, or as is usual, demands it.

However, your intelligent reply warrants both an apology from myself for jumping the gun (though I hope you can appreciate why), and a dose of respect.  If you are indeed serious about performing a peer review, and would have no problem in a binding legal agreement of non-disclosure, then I would be happy to provide the code and be happy for you to review and assist making eMunie better.

Smiley

I'm happy to sign an NDA, if doing so under a pseudonym would be much use! Perhaps it would be easier to just send a few files from the core, I presume you've caught things generically for anything rest based, data too large or ill-formed and the like. Any client code is perhaps irrelevant, so we'd just be looking at the core, pick a few files you feel are important to review and I can look at them in a test-to-fail manner to see if I catch anything. I'm not a specialist but many sets of eyes are better than one or two. Does that work for you?

Oops, which language?

Warm regards, and apologies for not researching context and history first - now that you've said I remember some of the things you mentioned, sorry,

Mark
Pages:
Jump to: