Topic: [EMUNIE] Pre-launch stress test...all security experts and hackers *BOUNTIES* (Read 2277 times)
November 20, 2014, 04:12:35 PM
So you're going to give an extra 5 bitcoin too the dude who stole all your bitcoin then
November 20, 2014, 01:05:36 PM
Any news about stress test? 
Does it happen?
Does it happen?
September 07, 2014, 05:41:44 PM
Although I deleted all that trolls posts, please don't confuse 4 weeks as posted in the OP as 4 weeks until launch.
This is not the case as Starik is trying to twist in an attempt to make it seem like we are now "rushing", V1.0 will be here when its here and not a moment before.
Then again, anyone that believes anything that Starik states is no better than him anyway, so why worry
This is not the case as Starik is trying to twist in an attempt to make it seem like we are now "rushing", V1.0 will be here when its here and not a moment before.
Then again, anyone that believes anything that Starik states is no better than him anyway, so why worry
September 07, 2014, 05:09:05 PM
BTW, do people learn from own mistakes?
We had the same situation in December-January: good closed test, announcement of launch in several weeks - and where we were after that?
We had the same situation in December-January: good closed test, announcement of launch in several weeks - and where we were after that?
Would you rather a rushed product, or a finished one?
Better a late product than a broken one.
If you do not like rush why you are rushing now with 4 weeks announsement? Why not to properly do open betatest for another 9 months? Not to have a broken product?
Bitcoin isn't a good example. It was first.
The eMunie team are the only ones who know how close eMunie is to completion, so I can't really speculate on any of that.
September 07, 2014, 04:55:49 PM
BTW, do people learn from own mistakes?
We had the same situation in December-January: good closed test, announcement of launch in several weeks - and where we were after that?
We had the same situation in December-January: good closed test, announcement of launch in several weeks - and where we were after that?
Would you rather a rushed product, or a finished one?
Better a late product than a broken one.
September 07, 2014, 04:45:43 PM
BTW, do people learn from own mistakes?
Apparently not, you're still here.
(intentional use of emoticon) September 07, 2014, 04:41:57 PM
It has nothing to do with with me being disgruntled, it's about the security of the network. Why do emunie people feel the need for personal attacks?
Not sure how my calling it like it is, is a personal attack
Otherwise I could claim the same, you're attacking my claim that it wasn't a threat, which in turn is an attack on my intelligence of my own system, which is personal.
September 07, 2014, 04:36:37 PM
It has nothing to do with with me being disgruntled, it's about the security of the network. Why do emunie people feel the need for personal attacks?
September 07, 2014, 04:25:27 PM
What's the chance of you taking my .dat file manipulation serious this time?
I thought we proved multiple times that what you thought was happening wasn't the case...and more importantly, any glitches you did see were local and didn't jeopardize the network.
Additionally even if you did jeopardize the network and I missed it, that was 8 months back, a lot has changed and been added since then, so it certainly wouldn't be the case now.
Local glitches dont count for this test, it HAS to affect the network as a whole.
Still running derby db in test mode as well as mysql in MyISAM?
I did explain in detail what it was you were seeing in a number of threads a long time ago, and how it wasn't a "threat" to the integrity of the system.
However, this is open to all, even disgruntled ex-supporters, so feel free to have a go
September 07, 2014, 04:21:17 PM
stress test
Closed stress test? You are kidding? What stress you are going to gain in closed circle of testers? You need to work on your reading comprehension my friend.
"...I'm inviting anyone that thinks they have the means, to perform attacks on the network in an attempt to cause disruption in a test environment initially, which will be setup for this task, and also in a future open beta. "
September 07, 2014, 04:05:05 PM
What's the chance of you taking my .dat file manipulation serious this time?
I thought we proved multiple times that what you thought was happening wasn't the case...and more importantly, any glitches you did see were local and didn't jeopardize the network.
Additionally even if you did jeopardize the network and I missed it, that was 8 months back, a lot has changed and been added since then, so it certainly wouldn't be the case now.
Local glitches dont count for this test, it HAS to affect the network as a whole.
Still running derby db in test mode as well as mysql in MyISAM?
September 07, 2014, 03:41:37 PM
What you suggest is something I could work with I think, I would be comfortable sending none critical core stuff that wouldn't divulge any secrets at first until we build some form of rapport. Then we could drill into the more sensitive stuff as and when some trust is built.
Language is Java, but as I come from a strong C background that style has very much followed (minimal nesting and abstracted Java functions).
Language is Java, but as I come from a strong C background that style has very much followed (minimal nesting and abstracted Java functions).
Sounds good, I don't have unlimited time but fire something to [email protected] and I'll review when I can, expect random responses usually within 48 hours.
Sure thing, I'll send you some snippets over once I've got the next beta test version prepped, should be by the end of the week and we can go from there.
September 07, 2014, 03:40:36 PM
What you suggest is something I could work with I think, I would be comfortable sending none critical core stuff that wouldn't divulge any secrets at first until we build some form of rapport. Then we could drill into the more sensitive stuff as and when some trust is built.
Language is Java, but as I come from a strong C background that style has very much followed (minimal nesting and abstracted Java functions).
Language is Java, but as I come from a strong C background that style has very much followed (minimal nesting and abstracted Java functions).
Sounds good, I don't have unlimited time but fire something to [email protected] and I'll review when I can, expect random responses usually within 48 hours.
September 07, 2014, 03:39:47 PM
Is it possible to communicate with eMunie via a web-scripting language such as PHP?
Yes there is an extensive REST API which you can call from any number of web platforms via standard AJAX/JSON calls.
Almost all core functions of the client are possible to perform though these APIs, including transactions, messaging, DMP, chat etc etc
Well, in that case, colour me interested. I've sent over a skype invite. At the very least, if I don't manage to break something, I'll have some excellent future base code for eMunie services later on in the future, but I enjoy to tinker, so if there's anything exploitable there, I'll try to find it.
Any eyes are better than no eyes, so if you would like to start playing with the API's and stuff, I'd be happy to oblige.
I'm just off to eat, I'll jump on Skype when I get back
Great. Just so you're aware I'm in GMT here, so I'll only have an hour or two left tonight, but I'll be on most evenings this week.
September 07, 2014, 03:37:47 PM
Is it possible to communicate with eMunie via a web-scripting language such as PHP?
Yes there is an extensive REST API which you can call from any number of web platforms via standard AJAX/JSON calls.
Almost all core functions of the client are possible to perform though these APIs, including transactions, messaging, DMP, chat etc etc
Well, in that case, colour me interested. I've sent over a skype invite. At the very least, if I don't manage to break something, I'll have some excellent future base code for eMunie services later on in the future, but I enjoy to tinker, so if there's anything exploitable there, I'll try to find it.
Any eyes are better than no eyes, so if you would like to start playing with the API's and stuff, I'd be happy to oblige.
I'm just off to eat, I'll jump on Skype when I get back
September 07, 2014, 03:36:50 PM
What's the chance of you taking my .dat file manipulation serious this time?
I thought we proved multiple times that what you thought was happening wasn't the case...and more importantly, any glitches you did see were local and didn't jeopardize the network.
Additionally even if you did jeopardize the network and I missed it, that was 8 months back, a lot has changed and been added since then, so it certainly wouldn't be the case now.
Local glitches dont count for this test, it HAS to affect the network as a whole.
September 07, 2014, 03:36:03 PM
can you link me to the code, pm or email is fine - I'll review then decide
Escrow some of your most valuable assets as security and I'll send you my most valuable asset which is the code.
Well now I can't escrow you my family, friends, and brain - but you're welcome to escrow all of my opensource unlicensed code and every idea documented which is all public domain.
Your asset is you brain and those around you, your code will be redundant in some time, as will mine, let us hope our brains and friends are not. I know one thing for sure, my own ideas and creations are better when merged with those of others, I was simply offering the same to you, to give another set of eyes to review your hard work, to help you, not to steal it.
You are writing to me on the web which was given to us free, and mentioning fielding's rest which he gave us free, and about json and ajax also free, can you imagine the state of our world had they all been closed and protected? We wouldn't be speaking, and you wouldn't have a project, nor I.
I digress. If you just have some binaries connecting to a network with no implementation details, then one can't really help, it's kind of impossible to review security by just hitting the thing to see if it breaks, somebody else may have a bigger or better hammer later, or more pertinently a little toothpick which opens it all right up.
I thought you were trolling, as this topic has come up many times regarding eMunie code. Its unfortunate, but after having so many ideas taken by others, then passed off as theirs with no credit given to me, coupled with the huge amount of time, effort, stress, heart ache and personal money vested in this, I simply refuse to give it out to every Tom, Dick and Harry that requests, or as is usual, demands it.
However, your intelligent reply warrants both an apology from myself for jumping the gun (though I hope you can appreciate why), and a dose of respect. If you are indeed serious about performing a peer review, and would have no problem in a binding legal agreement of non-disclosure, then I would be happy to provide the code and be happy for you to review and assist making eMunie better.
I'm happy to sign an NDA, if doing so under a pseudonym would be much use! Perhaps it would be easier to just send a few files from the core, I presume you've caught things generically for anything rest based, data too large or ill-formed and the like. Any client code is perhaps irrelevant, so we'd just be looking at the core, pick a few files you feel are important to review and I can look at them in a test-to-fail manner to see if I catch anything. I'm not a specialist but many sets of eyes are better than one or two. Does that work for you?
Oops, which language?
Warm regards, and apologies for not researching context and history first - now that you've said I remember some of the things you mentioned, sorry,
Mark
Lol pseudonym wouldn't really be of use no
What you suggest is something I could work with I think, I would be comfortable sending none critical core stuff that wouldn't divulge any secrets at first until we build some form of rapport. Then we could drill into the more sensitive stuff as and when some trust is built.
Language is Java, but as I come from a strong C background that style has very much followed (minimal nesting and abstracted Java functions).
No problem, thanks for understanding
Dan
September 07, 2014, 03:25:50 PM
Is it possible to communicate with eMunie via a web-scripting language such as PHP?
Yes there is an extensive REST API which you can call from any number of web platforms via standard AJAX/JSON calls.
Almost all core functions of the client are possible to perform though these APIs, including transactions, messaging, DMP, chat etc etc
Well, in that case, colour me interested. I've sent over a skype invite. At the very least, if I don't manage to break something, I'll have some excellent future base code for eMunie services later on in the future, but I enjoy to tinker, so if there's anything exploitable there, I'll try to find it.
September 07, 2014, 03:24:02 PM
What's the chance of you taking my .dat file manipulation serious this time?
September 07, 2014, 03:21:48 PM
can you link me to the code, pm or email is fine - I'll review then decide
Escrow some of your most valuable assets as security and I'll send you my most valuable asset which is the code.
Well now I can't escrow you my family, friends, and brain - but you're welcome to escrow all of my opensource unlicensed code and every idea documented which is all public domain.
Your asset is you brain and those around you, your code will be redundant in some time, as will mine, let us hope our brains and friends are not. I know one thing for sure, my own ideas and creations are better when merged with those of others, I was simply offering the same to you, to give another set of eyes to review your hard work, to help you, not to steal it.
You are writing to me on the web which was given to us free, and mentioning fielding's rest which he gave us free, and about json and ajax also free, can you imagine the state of our world had they all been closed and protected? We wouldn't be speaking, and you wouldn't have a project, nor I.
I digress. If you just have some binaries connecting to a network with no implementation details, then one can't really help, it's kind of impossible to review security by just hitting the thing to see if it breaks, somebody else may have a bigger or better hammer later, or more pertinently a little toothpick which opens it all right up.
I thought you were trolling, as this topic has come up many times regarding eMunie code. Its unfortunate, but after having so many ideas taken by others, then passed off as theirs with no credit given to me, coupled with the huge amount of time, effort, stress, heart ache and personal money vested in this, I simply refuse to give it out to every Tom, Dick and Harry that requests, or as is usual, demands it.
However, your intelligent reply warrants both an apology from myself for jumping the gun (though I hope you can appreciate why), and a dose of respect. If you are indeed serious about performing a peer review, and would have no problem in a binding legal agreement of non-disclosure, then I would be happy to provide the code and be happy for you to review and assist making eMunie better.
I'm happy to sign an NDA, if doing so under a pseudonym would be much use! Perhaps it would be easier to just send a few files from the core, I presume you've caught things generically for anything rest based, data too large or ill-formed and the like. Any client code is perhaps irrelevant, so we'd just be looking at the core, pick a few files you feel are important to review and I can look at them in a test-to-fail manner to see if I catch anything. I'm not a specialist but many sets of eyes are better than one or two. Does that work for you?
Oops, which language?
Warm regards, and apologies for not researching context and history first - now that you've said I remember some of the things you mentioned, sorry,
Mark
Jump to: