Topic: NXT :: descendant of Bitcoin - Updated Information - page 168. (Read 2761645 times)
The new NXT forum doesn't send out mails -- wesleyh, check and fix your server's sendmail, please.
In InfCom mode:
Bounty ANN:: Papers on NXT network security requested.
The Infrastructure Committee (infCom) would like to put out a public request for papers on aspects of NXT network security.
http://107.170.117.237/index.php?topic=49.msg111#msg111
The papers should address the following from both a general P2P and a specifically NXT perspective:
An analysis/description of the NXT P2P network architecture and the communication within.
Attacks that could be conducted on Nxt infrastructure (the NXTwork), identification methods and countermeasures that could be used against them, including : - DoS - Sybil - Poisoning - Eclipse - Tracking - Node Spoofing and any other relevant attack vectors.
InfCom will be rewarding two bounties for submitted papers, the bounties will be somewhere between 10-20,000 NXT per paper.
Deadline is 2 months from now, 24 May 2014.
If you have any questions:
https://bitcointalk.org/index.php?topic=506757.80
the new NxtForums.org thread:
http://107.170.117.237/index.php/topic,102.0.html
or contact one of the InfCom members via PM.
As inspiration:
http://world-comp.org/p2012/SAM9754.pdf
The Infrastructure Committee (infCom) would like to put out a public request for papers on aspects of NXT network security.
http://107.170.117.237/index.php?topic=49.msg111#msg111
The papers should address the following from both a general P2P and a specifically NXT perspective:
An analysis/description of the NXT P2P network architecture and the communication within.
Attacks that could be conducted on Nxt infrastructure (the NXTwork), identification methods and countermeasures that could be used against them, including : - DoS - Sybil - Poisoning - Eclipse - Tracking - Node Spoofing and any other relevant attack vectors.
InfCom will be rewarding two bounties for submitted papers, the bounties will be somewhere between 10-20,000 NXT per paper.
Deadline is 2 months from now, 24 May 2014.
If you have any questions:
https://bitcointalk.org/index.php?topic=506757.80
the new NxtForums.org thread:
http://107.170.117.237/index.php/topic,102.0.html
or contact one of the InfCom members via PM.
As inspiration:
http://world-comp.org/p2012/SAM9754.pdf
nxt donations: 2319251
Whoa! just noticed your super short acct! Nice one
From what I understand tf uses deterministic selection based on specific environmental variables to form a consensus on who will be able to forge next... I don't think the devs at mastercoin know what they're talking about, at all.
I never said you should care about everyone. This isn't emule we're talking about
I don't care even if Satoshi says that Nxt uses checkpoints, coz it's not the truth. And I'm not going to waste my time trying to tell the others what the truth is. That guy doesn't know what he is talking about, or knows and lies. Anyway, 99% of the listeners don't care about checkpoints, decentralization and other stuff.
If I have to calculate the SHA256 of raw bytes myself, I dont see the point of the "hash" field...
Anyway, what should I do if I detect a collision of identical GUIDs?
James
If you use SSL, at least you are protecting the client privacy from the ISP and anyone who can spy along the route.
This is very easy to attack. A simple correlation between a SSL encyrpted HTTP package of matching size and the timestamp of the transaction will let a third party correlate a transaction with the originator IP. You also have to trust the node operator, since he owns the SSL certificate.
For forums and wiki SSL is indeed essential, unless we all start signing each of our posts and PMs with GPG.
+1
It does make sense to protect the Wiki and forum with SSL (I previously missed that you have to login into the Wiki) and as such, I think InfCom should fund the SSL certificate. The NRS nodes should however not use SSL.
Users of Wesley's client that sign transactions client-side will have their privacy compromised without SSL, even though the transactions and their password will be secure (assuming he is verifying the bytes before signing). I do see the value of SSL in this use case, because it is much simpler for the end user than setting up tor, and we are targeting users who presumably are not sophisticated enough to be running the Java server themselves.
I beg to differ:
- Their privacy is easily compromised to 3rd parties even with SSL (see above).
- Their privacy is always compromised to the node operator since he owns the SSL certificate, thus this is still not a trustless solution.
- If privacy is needed, Tor can deliver.
- I've added support for Tor in my client in like 2 hours (version not yet released). It will come with the tor.exe client and my NXT client simply starts the Tor client if Tor is not running already and shuts it down again on exit if it was started by my client.
All the end user has to do is set the checkbox to use Tor. I also have proposed a bounty for client developers who implement support for Tor (https://bitbucket.org/nxtinfrastructure/committee/issue/33/tor-enabled-capable-nxt-clients) since this would solve the privacy issue very efficiently.
....and we are targeting users who presumably are not sophisticated enough to be running the Java server themselves.
Well, then we exclude these users from forging, since we can't really encourage them to send account secrets to public NRS nodes (even with Tor and SSL used).
I fear that the secretPhrase parameter for forging will backfire on us some day. IMHO, forging (and anything else that needs a secretPhrase parameter) should only be possible when the request comes from localhost.
being able to correlate a single transaction like you describe is an extremely bold claim. Maybe now its not so terribly difficult, but once NXT transactions start to pop it will definitely be impossible. And of course a light client ALWAYS has to trust the node operator. This is the case whether or not you use either SSL or TOR (or not use either/both of them). So just take this argument away.
Like I said before, depending on tor for a home user is just not feasable. I find it extremely hard to believe that you see the SSL correlation such a risk yet completely ignore TOR correlation that is possible unless, like I said previously, the user takes EXTREME steps, nearing on the impossible. Without these drastic extreme steps, eventually tor is correlated. It just takes time.
But whatever, just ignore the dev. Hint, you might want to do a little research about tor correlation, before you depend on it yourself though. In fact, unless you go do your research on it, Im going to assume that not only do you not care about it for yourself, but you also dont care about it for others. IMO this is not exactly the way things should be done, but, oh well, you guys in the committee are supposed to be the experts, after all.
For the user who was asking about wildcard SSL (I think it was xyzzyx) the cost to do it anonymosly is fairly high, almost 500 euro. So unless someone knows that rapidssl/comodo/someoneElse will allow purchase with either anonymous or with known-to-be-not-real ID (startssl is very strict about real names, address, TN, etc) then thats the way to go.
I don't like people spreading FUD about Nxt and thinking they will come away unscathed. If I had any real technical knowledge I would be in the Mastercoin thread ripping him a new one. Anyway, no one probably cares like you say.
I never said you should care about everyone. This isn't emule we're talking about
I don't care even if Satoshi says that Nxt uses checkpoints, coz it's not the truth. And I'm not going to waste my time trying to tell the others what the truth is. That guy doesn't know what he is talking about, or knows and lies. Anyway, 99% of the listeners don't care about checkpoints, decentralization and other stuff.
yes, you don't have to. This was probably the hardest part of my NxtMyths book, when I had to study Proof of Stake theses, but at the end I found and published answers - Nxt doesn't use checkpoints, while all other Proof of Stake coins do.
This guy Peter Todd is listed as Chief Scientist of the Mastercoin Foundation. Don't you think we could make an exception when the FUD reaches this level?
Hmm, you may be right, anyway.
However, it's just a very very short sentence.
Maybe joefox can do something with it on his Nxt minute?
Not directly, but obliquely.
This guy Peter Todd is listed as Chief Scientist of the Mastercoin Foundation. Don't you think we could make an exception when the FUD reaches this level?
nice everyone say true thing except the guy overthere! 
I never said you should care about everyone. This isn't emule we're talking about
I don't care even if Satoshi says that Nxt uses checkpoints, coz it's not the truth. And I'm not going to waste my time trying to tell the others what the truth is. That guy doesn't know what he is talking about, or knows and lies. Anyway, 99% of the listeners don't care about checkpoints, decentralization and other stuff.
True.
Also: if you go on a crusade to defend yourself to every accusation you
a) lend credence to lies (where there is smoke, there must be fire-effect)
and
b) get a headache and become tired very quickly.
Anyway, 99% of the listeners don't care about checkpoints, decentralization and other stuff.
Kinda true.
I never said you should care about everyone. This isn't emule we're talking about
I don't care even if Satoshi says that Nxt uses checkpoints, coz it's not the truth. And I'm not going to waste my time trying to tell the others what the truth is. That guy doesn't know what he is talking about, or knows and lies. Anyway, 99% of the listeners don't care about checkpoints, decentralization and other stuff.
A developer of another coin is making accusations against Nxt on Let's Talk Bitcoin and you don't care?
Correct, I do not care. I can't care about everyone who makes an idiot of himself by saying nonsense.
I never said you should care about everyone. This isn't emule we're talking about
true.
A developer of another coin is making accusations against Nxt on Let's Talk Bitcoin and you don't care?
Correct, I do not care. I can't care about everyone who makes an idiot of himself by saying nonsense.
I never said you should care about everyone. This isn't emule we're talking about
This thread should stay open, as it is give Nxt publicity. But it should be MAINLY use for new people joining nxt. Technical descussion about Nxt should be on the forum.
I agree that marketing should post here new info from time to time, but the technical discussion should REALLY take place on the forum where it is must easier to structure the infrmation.
If you like to have a brainstorm in a main MASSIVE thread, then come at the forum and create one. The question is who will create such one first. Let the competition begin!
I agree that marketing should post here new info from time to time, but the technical discussion should REALLY take place on the forum where it is must easier to structure the infrmation.
If you like to have a brainstorm in a main MASSIVE thread, then come at the forum and create one. The question is who will create such one first. Let the competition begin!
A developer of another coin is making accusations against Nxt on Let's Talk Bitcoin and you don't care?
Correct, I do not care. I can't care about everyone who makes an idiot of himself by saying nonsense.
if anyone here is getting their ID squatted on the new forums site, please IM me here and we will delete the account and let you recreate it
If this still on I would love to ask for testNXT - AE! Thanks
11616982638773905327
11616982638773905327
Jump to: