Topic: NXT :: descendant of Bitcoin - Updated Information - page 1940. (Read 2761645 times)
The first good news is that my Raspberry Pi node ran more than 20 hours without crashing, but the second not so good news is that it seems that the unlocked account disappeared. I unlocked two accounts to forge and confirmed from the API "getState" that the numberOfUsers was 2, however now the numberOfUsers was 0. What's the problem? BTW, one account earned 1 Nxt.
Code:
46.19.137.116 NRS (0.4.9e) @ NCC-1701-D
Guys, i was away from NXT for some times.
What did happened?
Should i do something to my coins or account ?
Any news?
What did happened?
Should i do something to my coins or account ?
Any news?
Get the right (!) client 0.4.8 zip file (compare with hash) and transfer your coins to a newly generated account asap.
From where?
what happened ?
Fears of downloading a hacked client are true for every cryptocurrency.
But we can do better!
One thing that hasn't been mentioned (I don't think), how are we going to vet/verify future client downloads?
As much as I don't share some users' level of conviction when it comes to user adoption vs. difficulty (I think this is rickyjames point), regular users having to worry about 1) brain wallet, 2) clunky client installer PLUS having to verify SHA256 for every update might drive people away.
As much as I don't share some users' level of conviction when it comes to user adoption vs. difficulty (I think this is rickyjames point), regular users having to worry about 1) brain wallet, 2) clunky client installer PLUS having to verify SHA256 for every update might drive people away.
I also think a permanent solution should be found the above issues.
To be honest, if the quality of software and all the ecosystem does not improve significantly, people will go away very soon. Now I guess most people here are attracted by the insanely fast growing price. Once it is stabilized, we will see more and more complains about the user experience.
For example, could you imagine an organization having millions of dollars does not have a reliable downloading service for frequent software upgrading? Is it so expensive to get a reliable VPS and setup a downloading server, or simply as a temporary solution just pay dropbox to get an official account with larger bandwidth?
One thing that hasn't been mentioned (I don't think), how are we going to vet/verify future client downloads?
As much as I don't share some users' level of conviction when it comes to user adoption vs. difficulty (I think this is rickyjames point), regular users having to worry about 1) brain wallet, 2) clunky client installer PLUS having to verify SHA256 for every update might drive people away.
As much as I don't share some users' level of conviction when it comes to user adoption vs. difficulty (I think this is rickyjames point), regular users having to worry about 1) brain wallet, 2) clunky client installer PLUS having to verify SHA256 for every update might drive people away.
I also think a permanent solution should be found for the above issues.
One thing that hasn't been mentioned (I don't think), how are we going to vet/verify future client downloads?
As much as I don't share some users' level of conviction when it comes to user adoption vs. difficulty (I think this is rickyjames point), regular users having to worry about 1) brain wallet, 2) clunky client installer PLUS having to verify SHA256 for every update might drive people away.
As much as I don't share some users' level of conviction when it comes to user adoption vs. difficulty (I think this is rickyjames point), regular users having to worry about 1) brain wallet, 2) clunky client installer PLUS having to verify SHA256 for every update might drive people away.
After installing 0.4.8, there's no block except the block 0, no peer list. What's happened? There's no even bootstrap peer list?
You should/could(?) post some extra nodes into the web.xml file. You could generate a node list at: http://nxtra.org/nodes/
Guys, i was away from NXT for some times.
What did happened?
Should i do something to my coins or account ?
Any news?
What did happened?
Should i do something to my coins or account ?
Any news?
Get the right (!) client 0.4.8 zip file (compare with hash) and transfer your coins to a newly generated account asap.
After installing 0.4.8, there's no block except the block 0, no peer list. What's happened? There's no even bootstrap peer list? The two well know peers both went to blacklist even after I moved them to known peers.
Previous versions have correct block files included, but it seems 0.4.8 is empty.
Previous versions have correct block files included, but it seems 0.4.8 is empty.
Guys, i was away from NXT for some times.
What did happened?
Should i do something to my coins or account ?
Any news?
What did happened?
Should i do something to my coins or account ?
Any news?
I've sent them an email, perhaps others can do the same.
I believe the hoster won't tell u the name of the guy. The victims could report this case to the police, just to see what the result will be.
CfB
Architecture question.
All nodes run the same software, each maintaining synchronized copy of blockchain
Your reflex objection to any secondary authentication is that it can only be implemented using some sort of centralized method, defeating the robustness gained from the distributed nature.
I have been thinking about this at a high level this afternoon, so I am sure not all the details are right, but conceptually if we can implement a "centralized" type of action when all the nodes are running the same software and replicating the same dataset, then authentication could be implemented in a distributed context.
Correct or incorrect?
James
Architecture question.
All nodes run the same software, each maintaining synchronized copy of blockchain
Your reflex objection to any secondary authentication is that it can only be implemented using some sort of centralized method, defeating the robustness gained from the distributed nature.
I have been thinking about this at a high level this afternoon, so I am sure not all the details are right, but conceptually if we can implement a "centralized" type of action when all the nodes are running the same software and replicating the same dataset, then authentication could be implemented in a distributed context.
Correct or incorrect?
James
Maybe. Do u have an example of an authentication flow? The description is quite vague.
"Maybe"!!! There is hope, I am glad it wasn't the usual "impossible" response.
Forgive me if I am getting the details wrong as I have not studied the source code yet, but presumably we can guard sending of NXT with an optional authentication step. This would have to be made at the core level as hackers wouldn't be using the secure clients. Each account that wants to enable authentication would need to have an alias that relates
There would be many possibilities if we can have a "centralized" processing done by the forging node to implement authentication. One way would be for the transaction details to be signed using a client generated private key independent from the account's passphrase and submitting the blob of bits and account# as the method for sending NXT.
The forging node would process all the encrypted blobs by retrieving the public key alias and decrypting the encrypted blob of bits
Using this approach, only a single change needs to be made to the core, namely support for accepting the authentication encrypted send NXT commands. Also some client changes, but mostly just generating high entropy private keys. A hacker could stumble upon the passphrase for a NXT account but all he gets then is a chance to crack a public/private key that is unique to each account. Since parallel mining goes out the door and the odds of cracking two independent keys for a single account would make it so nobody would even bother.
I also think we could then make the bold (but true) claim that NXT is the most secure crypto (by far). If something, anything, like this can be done, it would go straight to the top of the requested features list. By far. I know it is probably overkill, but that is what people will want. Overkill amount of security.
Crazy or not so crazy?
James
P.S. For the truly paranoid, they can dynamically change their public key alias (say to match google authenticator) within the client software before submitting sending NXT. After sending, they can change their alias to an invalid key so no sending is possible. Of course this now opens the door for requiring securely updating aliases, but I haven't had my coffee yet and about to go offline.
If stolen keys were sent to 162.243.246.223, can't we just contact the hoster to know real identity of the thief and send hitmans police to him? That's not fair of coz, we r in the world of cryptoanarchy. But still?
It doesn't look like the site is still functioning (even the fake download seems to time out). The same when you try to access port 3000.
It doesn't matter. The hoster knows who paid for the hosting.
I've sent them an email, perhaps others can do the same.
If stolen keys were sent to 162.243.246.223, can't we just contact the hoster to know real identity of the thief and send hitmans police to him? That's not fair of coz, we r in the world of cryptoanarchy. But still?
It doesn't look like the site is still functioning (even the fake download seems to time out). The same when you try to access port 3000.
I believe it's just overloaded, been issuing requests for the last couple of hours, every once in a while I get a response - believe DOS is the best we can do until Come-from-Beyond get's
Smart thinking!
You could check both, if you want. Right now, we believe only the .class file was changed. So checking the hash on this file should be sufficient.
We should check the hash of nxt.zip file or Nxt$Crypto.class file,or both?
What is the difference ?
Thanks.
What is the difference ?
Thanks.
If stolen keys were sent to 162.243.246.223, can't we just contact the hoster to know real identity of the thief and send hitmans police to him? That's not fair of coz, we r in the world of cryptoanarchy. But still?
It doesn't look like the site is still functioning (even the fake download seems to time out). The same when you try to access port 3000.
I believe it's just overloaded, been issuing requests for the last couple of hours, every once in a while I get a response - believe DOS is the best we can do until Come-from-Beyond get's
Regarding the unclaimed coins: Tomorrow is the very last day when legit owners can claim them! Hurry up!
Please clarify, what does it mean? Am I concerned this, if I bought Nxt on exchange?
No. It's only for the founders who didn't claim their coins.
If stolen keys were sent to 162.243.246.223, can't we just contact the hoster to know real identity of the thief and send hitmans police to him? That's not fair of coz, we r in the world of cryptoanarchy. But still?
It doesn't look like the site is still functioning (even the fake download seems to time out). The same when you try to access port 3000.
It doesn't matter. The hoster knows who paid for the hosting.
Jump to: