Topic: NXT :: descendant of Bitcoin - Updated Information - page 1006. (Read 2761642 times)
Why target % is so high in the last blocks?
If the source to SMTP server is reviewed that it does send the email (backed up with test results) and as part of the sending process it adds a hash value of email to the blockchain. I think that allows peer verification, please explain where I am wrong. I am certain I have made mistakes somewhere and I am still coming up to speed with this whole decentralized blockchain approach.
You might think that you could try to guarantee than an email has actually been sent if the "receiver" indicated that they had received it through another AM, however, just because they didn't receive it doesn't mean that it was sent - again - "there is simply NO WAY to do this - so please stop trying now" (you are wasting time just as much as you would trying to solve "the halting problem").
Besides, there are many other problems. Most of these emails would end up in spam folders anyway
Sender Policy Framework
http://en.wikipedia.org/wiki/Sender_Policy_Framework
I don't see why you would want a Nxt VM script to "output an email" (or do anything else outside of the blockchain for that matter) - you do understand that whether such email was actually even really sent simply *cannot be proven* (as you are dealing with SMTP rather than a blockchain)?
Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
NXTsmtp is just for proof of concept that incorporates something everybody is familiar with. I want to verify the peer verifiability of hardcoded NXTplugin followed by external NXTplugin. I am not worried about NXTsmtp for anything other than proving that NXTplugins work and are peer verified. At first I couldnt understand how on earth a DAC could be implemented. When I started thinking about email plugin, it became not as hard. Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
If the source to SMTP server is reviewed that it does send the email (backed up with test results) and as part of the sending process it adds a hash value of email to the blockchain. I think that allows peer verification, please explain where I am wrong. I am certain I have made mistakes somewhere and I am still coming up to speed with this whole decentralized blockchain approach.
The problem is that I see all of the things I am posting about as connected. Like the elephant described by different people. All sounds very different, but it is all the same elephant. If I described the elephant in its entirety, it wouldnt fit in posts. I feel a great sense of urgency due to competitive pressures.
James
P.S. I usually dont post when I am sleeping or flying
James,
First of all thank you for all your great ideas, but ...
My background is IT project manager and I am going crazy by you.
You throw 10 projects on the table but have not one worked out.
exactly. it's like everyday there is something new. zerocoin, then turing complete language, then decentralized cross-chain exchanges, then plugins, then emails ... Why on earth would I want to use Nxt for emails? There are zillions of better email services, and Nxt already has private messages.
NxtChg left us, withdraw from the exchange. He had another of his emotional breakdowns caused by his Obsessive–compulsive disorder and left, althought we asked him to stay
a) I am a programmer with OCD, most of you here know what I mean: we obsess about tiniest details and double, triple check everything, especially something as important as sending a big chunk of money.
Thanks salsacz...That doesn't help me with my issue but that's not your concern...Thanks again
If the source to SMTP server is reviewed that it does send the email (backed up with test results) and as part of the sending process it adds a hash value of email to the blockchain. I think that allows peer verification, please explain where I am wrong. I am certain I have made mistakes somewhere and I am still coming up to speed with this whole decentralized blockchain approach.
You might think that you could try to guarantee than an email has actually been sent if the "receiver" indicated that they had received it through another AM, however, just because they didn't receive it doesn't mean that it was sent - again - "there is simply NO WAY to do this - so please stop trying now" (you are wasting time just as much as you would trying to solve "the halting problem").
Understand that this is why you don't want to mix up stuff from "within the blockchain" to stuff that is "outside the blockchain" as only the former can ever "be proven by the blockchain".
Nice!
I don't see why you would want a Nxt VM script to "output an email" (or do anything else outside of the blockchain for that matter) - you do understand that whether such email was actually even really sent simply *cannot be proven* (as you are dealing with SMTP rather than a blockchain)?
Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
NXTsmtp is just for proof of concept that incorporates something everybody is familiar with. I want to verify the peer verifiability of hardcoded NXTplugin followed by external NXTplugin. I am not worried about NXTsmtp for anything other than proving that NXTplugins work and are peer verified. At first I couldnt understand how on earth a DAC could be implemented. When I started thinking about email plugin, it became not as hard. Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
If the source to SMTP server is reviewed that it does send the email (backed up with test results) and as part of the sending process it adds a hash value of email to the blockchain. I think that allows peer verification, please explain where I am wrong. I am certain I have made mistakes somewhere and I am still coming up to speed with this whole decentralized blockchain approach.
The problem is that I see all of the things I am posting about as connected. Like the elephant described by different people. All sounds very different, but it is all the same elephant. If I described the elephant in its entirety, it wouldnt fit in posts. I feel a great sense of urgency due to competitive pressures.
James
P.S. I usually dont post when I am sleeping or flying
I've been working with SNMP on Java but I don't get what tasks you want to solve with NXTsnmp.
25000 NXT bounty for a method and Java implementation that verifies NXTplugin process has not changed. Need an OS independent way of finding the executable code of a previously registered NXTplugin. This means we can constrain the creation method (linker output), probably need to do this for unix, Mac and Windows separately.
I am looking for a practical solution that will allow realtime verification by the NXTcore to make sure that the NXTplugin has not been tampered with. NXTplugins will have to be opensourced and publish signatures for specific compilers. This signature is then verified prior to any usage of that plugin by the NXTcore.
BEFORE we would ever consider submitting this to jean-luc, we of course need to test it like crazy. If the code is changed at all, we assume it is tampered. This probably means we cant do any dynamic linking, and need either static or relative jumps. Not sure though. Just finding where the code is might not be so easy. Figuring out how to get a ptr to the Java process will probably be pretty difficult. Any reasonable one way hash function is fine for this bounty, just want to get the system issues out of the way so we can validate in realtime that a plugin has not been tampered with.
As long as the source is reviewed for Evil Bobness and the code that is executing generates the same signature, I think we are getting close to where we can trust it almost as much as a hardcoded plugin where the plugin is actually part of the NXT core. Once we have the ability to have NXT plugins that are external to the NXT core, that is when things can really take off. We still need a formal validation process before it is approved for inclusion in the approved list of plugins, but maybe we can sidestep that issue by just having web.xml entries?
PLEASE if anybody can find a security flaw in this method, post ASAP. Remember Evil Bob is very evil
James
I am looking for a practical solution that will allow realtime verification by the NXTcore to make sure that the NXTplugin has not been tampered with. NXTplugins will have to be opensourced and publish signatures for specific compilers. This signature is then verified prior to any usage of that plugin by the NXTcore.
BEFORE we would ever consider submitting this to jean-luc, we of course need to test it like crazy. If the code is changed at all, we assume it is tampered. This probably means we cant do any dynamic linking, and need either static or relative jumps. Not sure though. Just finding where the code is might not be so easy. Figuring out how to get a ptr to the Java process will probably be pretty difficult. Any reasonable one way hash function is fine for this bounty, just want to get the system issues out of the way so we can validate in realtime that a plugin has not been tampered with.
As long as the source is reviewed for Evil Bobness and the code that is executing generates the same signature, I think we are getting close to where we can trust it almost as much as a hardcoded plugin where the plugin is actually part of the NXT core. Once we have the ability to have NXT plugins that are external to the NXT core, that is when things can really take off. We still need a formal validation process before it is approved for inclusion in the approved list of plugins, but maybe we can sidestep that issue by just having web.xml entries?
PLEASE if anybody can find a security flaw in this method, post ASAP. Remember Evil Bob is very evil
James
Are these NXTplugins jar files? We could use jar signing feature. See Oracle docs:
- signing: http://docs.oracle.com/javase/tutorial/deployment/jar/signing.html
- verification: http://docs.oracle.com/javase/tutorial/deployment/jar/verify.html
This might work for NXTplugins written in Java, but we need to support more than just code written in Java. For example I am wanting to run bitcoind as one of the external NXTplugins. I dont want to rely on versions that are behind latest bitcoind's and I would imagine that any java implementation of bitcoind will not be totally up to date.
Also, not sure if verification can be done inside Java code and how long it takes, but the general idea is what we need for all the supported executable formats. If we can support the bitcoind and other crypto daemons, then that gives hope to a DAC that does the fancy cross chain algos.
James
Updates - 07/02/2014
- Shows multiple balances.
- Shows node status (Green = ON, Blue = OFF)
Now effective balance 136'722.00 NXT!!!
NXTCoin first automated forging platform!
Website: http://www.nxtio.org/
- Shows multiple balances.
- Shows node status (Green = ON, Blue = OFF)
Now effective balance 136'722.00 NXT!!!
NXTCoin first automated forging platform!
Website: http://www.nxtio.org/
Is that really what we want? Centralization?
I don't see why you would want a Nxt VM script to "output an email" (or do anything else outside of the blockchain for that matter) - you do understand that whether such email was actually even really sent simply *cannot be proven* (as you are dealing with SMTP rather than a blockchain)?
Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
NXTsmtp is just for proof of concept that incorporates something everybody is familiar with. I want to verify the peer verifiability of hardcoded NXTplugin followed by external NXTplugin. I am not worried about NXTsmtp for anything other than proving that NXTplugins work and are peer verified. At first I couldnt understand how on earth a DAC could be implemented. When I started thinking about email plugin, it became not as hard. Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
If the source to SMTP server is reviewed that it does send the email (backed up with test results) and as part of the sending process it adds a hash value of email to the blockchain. I think that allows peer verification, please explain where I am wrong. I am certain I have made mistakes somewhere and I am still coming up to speed with this whole decentralized blockchain approach.
The problem is that I see all of the things I am posting about as connected. Like the elephant described by different people. All sounds very different, but it is all the same elephant. If I described the elephant in its entirety, it wouldnt fit in posts. I feel a great sense of urgency due to competitive pressures.
James
P.S. I usually dont post when I am sleeping or flying
James,
First of all thank you for all your great ideas, but ...
My background is IT project manager and I am going crazy by you.
You throw 10 projects on the table but have not one worked out.
Please for starters pick on project, work it out from start to finish, than pick another.
As of now your way of working getting us nowhere.
You are ddossing us.
I don't see why you would want a Nxt VM script to "output an email" (or do anything else outside of the blockchain for that matter) - you do understand that whether such email was actually even really sent simply *cannot be proven* (as you are dealing with SMTP rather than a blockchain)?
Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
NXTsmtp is just for proof of concept that incorporates something everybody is familiar with. I want to verify the peer verifiability of hardcoded NXTplugin followed by external NXTplugin. I am not worried about NXTsmtp for anything other than proving that NXTplugins work and are peer verified. At first I couldnt understand how on earth a DAC could be implemented. When I started thinking about email plugin, it became not as hard. Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
If the source to SMTP server is reviewed that it does send the email (backed up with test results) and as part of the sending process it adds a hash value of email to the blockchain. I think that allows peer verification, please explain where I am wrong. I am certain I have made mistakes somewhere and I am still coming up to speed with this whole decentralized blockchain approach.
The problem is that I see all of the things I am posting about as connected. Like the elephant described by different people. All sounds very different, but it is all the same elephant. If I described the elephant in its entirety, it wouldnt fit in posts. I feel a great sense of urgency due to competitive pressures.
James
P.S. I usually dont post when I am sleeping or flying
I've been working with SNMP on Java but I don't get what tasks you want to solve with NXTsnmp.
I am a bit concerned that there has been very little feedback on my recent proposals, blockchain FIFO and NXT plugin architecture.
This either means its Friday night and nobody has had a chance to think about them, or it is so ridiculous nobody bothered to comment, or maybe I am on everyone's ignore list?
Please, if you see anything wrong, now is the time to find it. Also, if you think it is mostly right, just +1 it or short comment. I feel like I am in a vacuum here...
James
P.S. I just cant believe that I got everything right as that is the fourth possibility.
This either means its Friday night and nobody has had a chance to think about them, or it is so ridiculous nobody bothered to comment, or maybe I am on everyone's ignore list?
Please, if you see anything wrong, now is the time to find it. Also, if you think it is mostly right, just +1 it or short comment. I feel like I am in a vacuum here...
James
P.S. I just cant believe that I got everything right as that is the fourth possibility.
or people don't understand what you talking about like me
Yeb.. a lot of us don't understand anything that is a little technical..
I started reading a few sentences then i got lost on the third sentence. sorry
Most people are more active in 2-3 hours from now, time zone difference maybe?
Another reason would be this huge thread need to be more organised. Maybe we shall start the great NXT migration to a proper forum with proper topic sections. eg. forums.nxtcrypto.org i have started to promote it for this very reason with my forging competition.
I do not feel confident with the idea of "plugins" and "turing compete" scripting implementation before more basic stuff is complete. We need thorough code rechecking from many more independent sources , finishing already announced projects, and other basic stuff.
I am surprised how little reaction there is to the fact that a guy who discovered a fatal flaw with Nxt code two days ago could have stolen 40 million from bter Nxt account
https://nextcoin.org/index.php/topic,3884.0.html
How many more flaws exist? We don't know, but yet we want to implement "plugins" Wow.
Seriously. Forget plugins and send more resources on code auditing and finishing the announced features.
I am surprised how little reaction there is to the fact that a guy who discovered a fatal flaw with Nxt code two days ago could have stolen 40 million from bter Nxt account
https://nextcoin.org/index.php/topic,3884.0.html
How many more flaws exist? We don't know, but yet we want to implement "plugins" Wow.
Seriously. Forget plugins and send more resources on code auditing and finishing the announced features.
+1 for some kind of odd reason we always drift away from the initial plan and features, they are still NOT implemented.
We cant even walk and already try to run.
finish what is promissed and started.
I would think this would be the more organized way as well.
Finish what is already been promised and you will have developers flying in from all over the world to help implement new features.
Right now, i can say a lot of potential devs arn't taking too much notice on nxt for this reason,
because most devs are paid pretty well and their time = lots of money.
Of-course you have to remember that some devs are limited to their field of expertise and may not be able to help with the promised features but is able to put their time in other new features which is a good thing.
I am a bit concerned that there has been very little feedback on my recent proposals, blockchain FIFO and NXT plugin architecture.
I've been reading your posts with interest and trying to digest them. Much of it sounds good, but is mostly over my head so it's hard to give good feedback. My biggest concern is security right now especially after the recent scare. New features often bring new security holes, so I'd rather not be in too much of a rush to beat the competition for every little thing. Nxt already has a strong niche (zero inflation, proof-of-stake) and just needs steady, but not rushed, development to bring in the new features which may or may not be embraced by the market.
Has Dr. Evil been hired to continue to looking for exploits and weaknesses and consult? I saw a couple posts requesting this, but it should be a priority. He's proven himself by brute forcing something like 3% of Nxt accounts (including genesis) and discovering an x-spend attack. If we have community funds available then I think we should try to keep him on board as long as we can.
25000 NXT bounty for a method and Java implementation that verifies NXTplugin process has not changed. Need an OS independent way of finding the executable code of a previously registered NXTplugin. This means we can constrain the creation method (linker output), probably need to do this for unix, Mac and Windows separately.
I am looking for a practical solution that will allow realtime verification by the NXTcore to make sure that the NXTplugin has not been tampered with. NXTplugins will have to be opensourced and publish signatures for specific compilers. This signature is then verified prior to any usage of that plugin by the NXTcore.
BEFORE we would ever consider submitting this to jean-luc, we of course need to test it like crazy. If the code is changed at all, we assume it is tampered. This probably means we cant do any dynamic linking, and need either static or relative jumps. Not sure though. Just finding where the code is might not be so easy. Figuring out how to get a ptr to the Java process will probably be pretty difficult. Any reasonable one way hash function is fine for this bounty, just want to get the system issues out of the way so we can validate in realtime that a plugin has not been tampered with.
As long as the source is reviewed for Evil Bobness and the code that is executing generates the same signature, I think we are getting close to where we can trust it almost as much as a hardcoded plugin where the plugin is actually part of the NXT core. Once we have the ability to have NXT plugins that are external to the NXT core, that is when things can really take off. We still need a formal validation process before it is approved for inclusion in the approved list of plugins, but maybe we can sidestep that issue by just having web.xml entries?
PLEASE if anybody can find a security flaw in this method, post ASAP. Remember Evil Bob is very evil
James
I am looking for a practical solution that will allow realtime verification by the NXTcore to make sure that the NXTplugin has not been tampered with. NXTplugins will have to be opensourced and publish signatures for specific compilers. This signature is then verified prior to any usage of that plugin by the NXTcore.
BEFORE we would ever consider submitting this to jean-luc, we of course need to test it like crazy. If the code is changed at all, we assume it is tampered. This probably means we cant do any dynamic linking, and need either static or relative jumps. Not sure though. Just finding where the code is might not be so easy. Figuring out how to get a ptr to the Java process will probably be pretty difficult. Any reasonable one way hash function is fine for this bounty, just want to get the system issues out of the way so we can validate in realtime that a plugin has not been tampered with.
As long as the source is reviewed for Evil Bobness and the code that is executing generates the same signature, I think we are getting close to where we can trust it almost as much as a hardcoded plugin where the plugin is actually part of the NXT core. Once we have the ability to have NXT plugins that are external to the NXT core, that is when things can really take off. We still need a formal validation process before it is approved for inclusion in the approved list of plugins, but maybe we can sidestep that issue by just having web.xml entries?
PLEASE if anybody can find a security flaw in this method, post ASAP. Remember Evil Bob is very evil
James
Are these NXTplugins jar files? We could use jar signing feature. See Oracle docs:
- signing: http://docs.oracle.com/javase/tutorial/deployment/jar/signing.html
- verification: http://docs.oracle.com/javase/tutorial/deployment/jar/verify.html
Has anybody seen NxtChg lately??...Thanks
No, please read his last posts.
Where might I find his last post?...Thanks
I do not feel confident with the idea of "plugins" and "turing compete" scripting implementation before more basic stuff is complete. We need thorough code rechecking from many more independent sources , finishing already announced projects, and other basic stuff.
I am surprised how little reaction there is to the fact that a guy who discovered a fatal flaw with Nxt code two days ago could have stolen 40 million from bter Nxt account
https://nextcoin.org/index.php/topic,3884.0.html
How many more flaws exist? We don't know, but yet we want to implement "plugins" Wow.
Seriously. Forget plugins and send more resources on code auditing and finishing the announced features.
I am surprised how little reaction there is to the fact that a guy who discovered a fatal flaw with Nxt code two days ago could have stolen 40 million from bter Nxt account
https://nextcoin.org/index.php/topic,3884.0.html
How many more flaws exist? We don't know, but yet we want to implement "plugins" Wow.
Seriously. Forget plugins and send more resources on code auditing and finishing the announced features.
+1 for some kind of odd reason we always drift away from the initial plan and features, they are still NOT implemented.
We cant even walk and already try to run.
finish what is promissed and started.
I am eager to see NXT first implementation in a working client (a side from messages and aliasses)
I don't see why you would want a Nxt VM script to "output an email" (or do anything else outside of the blockchain for that matter) - you do understand that whether such email was actually even really sent simply *cannot be proven* (as you are dealing with SMTP rather than a blockchain)?
Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
NXTsmtp is just for proof of concept that incorporates something everybody is familiar with. I want to verify the peer verifiability of hardcoded NXTplugin followed by external NXTplugin. I am not worried about NXTsmtp for anything other than proving that NXTplugins work and are peer verified. At first I couldnt understand how on earth a DAC could be implemented. When I started thinking about email plugin, it became not as hard. Also SMTP is going to require accounts that need to be signed into and you don't want to end up with people effectively running "relay servers" or they'll end up on email blacklists.
Wouldn't it make more sense for such things to be services instead?
About walking vs. running - you are getting far too excited jl777 - can you just take something to slow down to a pace that we can keep up with (by the time we've tried to discuss one of your ideas you typically have posted 3 others).
If the source to SMTP server is reviewed that it does send the email (backed up with test results) and as part of the sending process it adds a hash value of email to the blockchain. I think that allows peer verification, please explain where I am wrong. I am certain I have made mistakes somewhere and I am still coming up to speed with this whole decentralized blockchain approach.
The problem is that I see all of the things I am posting about as connected. Like the elephant described by different people. All sounds very different, but it is all the same elephant. If I described the elephant in its entirety, it wouldnt fit in posts. I feel a great sense of urgency due to competitive pressures.
James
P.S. I usually dont post when I am sleeping or flying
NxtChg left us, withdraw from the exchange. He had another of his emotional breakdowns caused by his Obsessive–compulsive disorder and left, althought we asked him to stay
a) I am a programmer with OCD, most of you here know what I mean: we obsess about tiniest details and double, triple check everything, especially something as important as sending a big chunk of money.
Has anybody seen NxtChg lately??...Thanks
No, please read his last posts.
Jump to: