Topic: NXT :: descendant of Bitcoin - Updated Information - page 1004. (Read 2761642 times)

I know it is not perfect, that is why I am asking for feedback to make it right. I think it is at least closer and things like http://www.wired.com/wiredscience/2014/02/cryptography-breakthrough/ give me hope that a solution is possible.

...then why cant all the peers conclude properly that the correct plugin was indeed run on the correct input data (which is the output of NXT VM script)?

Understand that any "step in the script" to "verify a plugin" can *simply be ignored* by Evil Bob's script processor!

This is just wrong - it's like your trusting that other peers are running the correct NRS - of course they may not be and you have no way to know. The only thing you can do is verify results and compare them to what you know (and blacklist peers that disagree with you).

So your verification idea here is "ass about" (it would only be useful for a server to use to check that they are running the correct plugin themselves - it doesn't help the "script" owner in any way at all).

I imagine trusting the plugins because they will be tested and source reviewed and realtime checksummed against tampering and peers will be able to validate that it actually ran and for mission critical plugins, we probably need an external verification, eg. blockchain.info for bitcoind operations

Can you describe with details few things:

• what the plugins could do and why they should be used
• HOW they should be made? (that is should they operate on API or they should be REAL plugins)
• what about people who don't want plugins? how limiting it (lack of plugins) will be?
• How do you actually imagine this smtp plugin would work like (I'd like really detailed description along with use case description https://en.wikipedia.org/wiki/Use_case)
• How do you imagine TRUSTing the plugins?

To be clear, I'm asking those questions, as most likely I will criticize the idea, once you answer to those questions.

I think we can verify the checksum of the running code for plugin matches the source code. Similar to signing of .jar files

I don't see how running the "right plugin" is going to help if the plugin deals with any 3rd party software or protocol at all as Evil Bob doesn't need to *change the plugin* he will make his changes to the 3rd party software or intercept and modify the protocol commands.


It simply isn't relevant if you are going to have other servers "check the script execution" which you will *have* to do in order for it to be correctly verified (which is why sending an email would be silly).

I've been reading your posts with interest and trying to digest them.  Much of it sounds good, but is mostly over my head so it's hard to give good feedback.  My biggest concern is security right now especially after the recent scare.  New features often bring new security holes, so I'd rather not be in too much of a rush to beat the competition for every little thing.  Nxt already has a strong niche (zero inflation, proof-of-stake) and just needs steady, but not rushed, development to bring in the new features which may or may not be embraced by the market.

Has Dr. Evil been hired to continue to looking for exploits and weaknesses and consult?  I saw a couple posts requesting this, but it should be a priority.  He's proven himself by brute forcing something like 3% of Nxt accounts (including genesis) and discovering an x-spend attack.  If we have community funds available then I think we should try to keep him on board as long as we can.

I think we can verify the checksum of the running code for plugin matches the source code. Similar to signing of .jar files

The problem of using blockchain.info is that it is a website and that opens it up to all the problems of websites being hacked. It seemed a lot more secure to be able to verify that bitcoind running matches the bitcoind source code.

I'm no IT project manager but right now, brainstorming some ideas and projects could actually be quite healthy. The problem is maybe that notevery idea (and the interaction/interference) gets discusses here. We have no overview right now of projects, ideas, developments, developers right now.


Did I miss your roadmap?

Why would you need/want that rather than just doing RPC commands to a "real bitcoind"?


You are *always* going to have Evil Bob using the "wrong plugin" and *you will not be able to tell* especially if your plugin has no way to be verified (which was the point about an SMTP plugin).


Exactly my concern - a plugin that issues a "bitcoind" RPC command (hell - why not just use "blockchain.info" for that matter) is at least *verifiable* in that given x servers running the "supposedly same" plugin you would get the exact same result from all of them (if they are able to give a result at all that is).

If you want a "dead simple" plugin then how about one that just does this:

return "hello";

I think, snapshots were mentioned or spoken about a couple of times.

James,

First of all thank you for all your great ideas, but ...

My background is IT project manager and I am going crazy by you.

You throw 10 projects on the table but have not one worked out.

Please for starters pick on project, work it out from start to finish, than pick another.

As of now your way of working getting us nowhere.

You are ddossing us.

I had thought there was a cry to make sure NXT handles 1000TPS, that we add new tech features, etc. After CfB's set of posts the other day, I have worked very hard to come up with a technical roadmap for after April. If

For the people with less knowledge: Clarify exactly with more than 3 words what's your definition of "service providers" is.

The problem is that I see all of the things I am posting about as connected. Like the elephant described by different people. All sounds very different, but it is all the same elephant. If I described the elephant in its entirety, it wouldnt fit in posts. I feel a great sense of urgency due to competitive pressures.

Not think it is as big concentration. My goal is to create different accounts as you get to an acceptable amount.

Those with very few nxt could forge something through my system. Also, consider that you can be forged without being individually 24hr online.

I think it has advantages and disadvantages.

Yet to be seen, if it is efficient. Is a long-term experiment.
And think that in less than a week running, seem going to to work very well.


If you do not use all your NXTcoin's and you never open your client, what purpose are your NXTcoin's? I think NXTio is the answer to this problem, so I decided to give a solution.

Sorry the bad English, I really speak Spanish.

I didnt think there was a chance to find bitcoind in Java form that jean-luc would consider adding to NXT core.

It is MUCH simpler to solve the issues with a hardcoded NXTplugin since we dont have to deal with Evil Bob changing the executable. Not having to worry about Evil Bob seemed prudent for the first attempt at adding parsing of AM data to see what plugins to call, etc.

If we cant solve the issue with simple hardcoded plugin, no chance for complex external plugin. That is why I chose email as the proof of concept.

If we start pruning someone needs to keep a full copy I guess so some kind of motivation would be needed to maintain this as a service to the network with associated bandwidth etc.

Phone clients should not need a block chain at all (unless someone really wants to burn battery and data bundles forging) when we have proper clients and should just access a public node with a full copy for any block chain needs.

1000TPS will not even touch the sides in a few years, if NXT manages to get it right.

In the adoption of e-currency in emerging markets are light years ahead of western markets. I know its not crypto but the average citizen in the emerging market cares about the outcome not the technology and in this model crucially the bank or telco offering the service helps the person get the money back if it goes astray - when your income is $10 / day then you are very careful where you put your money.

There have until recently been just 2 african countries where this has taken off but from 2012 this phenomenon has been spreading to other countries where telco's or banks basically take away the FIAT and provide electronic tokens that can be used by dumb text phones, to move money electronically and instantly via and e-wallet and yes these phones will be around a long time. no PCs no smart phones - these countries are still toxic to these technologies.

The recent GSMA report I've seen shows at least 10 countries where adoption of this way of paying is following a hyperbolic or hockey stick trajectory. In one of these countries the transaction platform can perform around between 300-400tps and resides in Europe not Africa.

Over a day in one of the major African markets demand can go from 0tps to 500tps, this is with only around 15m active customers and the market is less than 30% penetrated in terms of retail transactions and this is only one country. Average transaction time is <10s with full confirmation (yes this includes shipping everything from Africa to Germany and back) and for small transactions the cost is ZERO.

This kind of stuff is now being trialled in India, and there the transaction volumes will be way higher than 1000tps if you break into the for retail space, but for retail unlike general P2P you need instant transactions - VISA fakes it (authorise and then clear later), the e-money platforms do it all realtime and currently the crypto currencies do not address the problem of the retailer. Although some posts from I think cfb about how to implement instant transactions is the first I've seen of a crypto solution to this problem and i would hang onto it even if its implemented later.

So I would plan for far higher than 1000tps, solve the accompanying block chain problem and make sure you can do instant transactions, unless you just want to nibble around the crumbs that VISA / Mastercard will drop - both of whom have bough e-money platform companies...

I could think of useful ideas for onchain plugins. But offchain?

It's the same as with other offchain activities like crosschain exchange, fiat exchange. Nxt has no control of process outside of it.

Anyway, what I wanted to add is: we should reserve a branch for each plugin on the blockchain. That is nodes that do not want to contribute to that chain does not need to download the data.