Pages:
Author

Topic: Nxt source code analysis (QA) (Read 14118 times)

legendary
Activity: 2632
Merit: 1023
January 23, 2014, 07:16:31 PM
can you put a link to the solutions as well as crossing them out.
legendary
Activity: 2142
Merit: 1010
Newbie
January 22, 2014, 07:11:38 AM
Nxt code is extremely vulnerable.

We therefore decided to remove source code 5.9 that we decompiled (and got working) from our repository.

Fix your code.

NXT tip jar:  1552250839866495550

U r allowed to return the source code back online.
legendary
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
January 22, 2014, 06:05:15 AM
Nxt code is extremely vulnerable.

We therefore decided to remove source code 5.9 that we decompiled (and got working) from our repository.

Fix your code.

NXT tip jar:  1552250839866495550
legendary
Activity: 2142
Merit: 1010
Newbie
January 20, 2014, 07:26:24 AM
Our code base is decompiled off the latest 0.5.9 release,  so it has every feature that Nxt has ever implemented.

Why do u want me to submit the code then?  Huh

To save us the trouble of validating our decompilation.

If you don't want to submit source code,  then say so for the record.

We are giving you this last opportunity to save face to the world.

(our next steps is to run one last validation step and then we fork forever)

Well, u have to wait for a while if u want to get a code without flaws.
legendary
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
January 20, 2014, 07:25:21 AM
Our code base is decompiled off the latest 0.5.9 release,  so it has every feature that Nxt has ever implemented.

Why do u want me to submit the code then?  Huh

To save us the trouble of validating our decompilation.

If you don't want to submit source code,  then say so for the record.

We are giving you this last opportunity to save face to the world.

(our next steps is to run one last validation step and then we fork forever)
legendary
Activity: 2142
Merit: 1010
Newbie
January 20, 2014, 07:22:01 AM
Our code base is decompiled off the latest 0.5.9 release,  so it has every feature that Nxt has ever implemented.

Why do u want me to submit the code then?  Huh
legendary
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
January 20, 2014, 07:20:44 AM
Seeking Additional Java Developers

We have successfully decompiled the Nxt source and are now in the process of performing a massive refactoring and cleanup of the code base.

Short term goals.

Remove the primitive addressing scheme and use a scheme that looks like Bitcoin.  Bitcoin addresses are more readable, have a checksum and have many tools to generate them.  Nxt addresses that are all numerical are something that came out of the 1950's.

Secure Wallet.  Nxt wallet is fundamentally insecure.  Exposing a wallet to the public internet for everyone to hack is just idiotic.   No wonder so many Nxt users have lost money!

Nxt does not use an internal database like every other alt coin.  This is idiotic because NXT nodes easily fail and run out of memory.  Furthermore, if you accidentally turn off your node... your wallet can get corrupted!

NEX strives not only to be a fairer distributed Nxt variant,  but a technologically super version.

Join the enterprise... participate with your coding skills!!!

We will not ship SHIT like the Nxt folks.  We will ship product that will secure our users coins!

May I join?

Time to join the winning team!

We have the latest 0.5.9 code for your review!   None of this old garbage, 0.4.7 code that is not relevant!


Oh, we shouldn't rely on 0.5.9, it has unimplemented features. Without this features ur coin won't fly.

Our code base is decompiled off the latest 0.5.9 release,  so it has every feature that Nxt has ever implemented.

Also,  we don't care anymore if you release any new feature, because we are refactoring of of it for to create a more secure and fair platform.

Nxt is going to be ancient technology pretty soon with its PROPRIETARY SOURCE CODE.
legendary
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
January 20, 2014, 07:19:51 AM
One small late night thought...

The User class hold secretPhrase. Every time when we need public or private key, Crypto is used (actually, it is Curve25519.keygen() on SHA-256 hash of secretPassphrase).

As software developer I personally dislike that result of keypair generation is not cached, so recalculated every time. We talk a lot about how PoS is power saving, and than do math (not very simple math!) again and again, and create the job for GC again and again.

And as user I dislike that my passphrase is stayed in memory. Yes, in terms of Nxt security there's no difference what to steal - my passphrase or my private key. But... being cyborg I can invent new password for every service I use. Those of you who are humans use common patterns often. So thief accessing memory of you device can not only steal your coins, but use your password to steal your FB account for example.

NEX is working to fix this problem.  Head over and please contribute your development talents to a "Fair and Honest" coin.
legendary
Activity: 2142
Merit: 1010
Newbie
January 20, 2014, 07:19:28 AM
Seeking Additional Java Developers

We have successfully decompiled the Nxt source and are now in the process of performing a massive refactoring and cleanup of the code base.

Short term goals.

Remove the primitive addressing scheme and use a scheme that looks like Bitcoin.  Bitcoin addresses are more readable, have a checksum and have many tools to generate them.  Nxt addresses that are all numerical are something that came out of the 1950's.

Secure Wallet.  Nxt wallet is fundamentally insecure.  Exposing a wallet to the public internet for everyone to hack is just idiotic.   No wonder so many Nxt users have lost money!

Nxt does not use an internal database like every other alt coin.  This is idiotic because NXT nodes easily fail and run out of memory.  Furthermore, if you accidentally turn off your node... your wallet can get corrupted!

NEX strives not only to be a fairer distributed Nxt variant,  but a technologically super version.

Join the enterprise... participate with your coding skills!!!

We will not ship SHIT like the Nxt folks.  We will ship product that will secure our users coins!

May I join?

Time to join the winning team!

We have the latest 0.5.9 code for your review!   None of this old garbage, 0.4.7 code that is not relevant!


Oh, we shouldn't rely on 0.5.9, it has unimplemented features. Without this features ur coin won't fly.
legendary
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
January 20, 2014, 07:18:11 AM
Seeking Additional Java Developers

We have successfully decompiled the Nxt source and are now in the process of performing a massive refactoring and cleanup of the code base.

Short term goals.

Remove the primitive addressing scheme and use a scheme that looks like Bitcoin.  Bitcoin addresses are more readable, have a checksum and have many tools to generate them.  Nxt addresses that are all numerical are something that came out of the 1950's.

Secure Wallet.  Nxt wallet is fundamentally insecure.  Exposing a wallet to the public internet for everyone to hack is just idiotic.   No wonder so many Nxt users have lost money!

Nxt does not use an internal database like every other alt coin.  This is idiotic because NXT nodes easily fail and run out of memory.  Furthermore, if you accidentally turn off your node... your wallet can get corrupted!

NEX strives not only to be a fairer distributed Nxt variant,  but a technologically super version.

Join the enterprise... participate with your coding skills!!!

We will not ship SHIT like the Nxt folks.  We will ship product that will secure our users coins!

May I join?

Time to join the winning team!

We have the latest 0.5.9 code for your review!   None of this old garbage, 0.4.7 code that is not relevant!
hero member
Activity: 784
Merit: 501
January 13, 2014, 12:44:37 PM
One small late night thought...

The User class hold secretPhrase. Every time when we need public or private key, Crypto is used (actually, it is Curve25519.keygen() on SHA-256 hash of secretPassphrase).

As software developer I personally dislike that result of keypair generation is not cached, so recalculated every time. We talk a lot about how PoS is power saving, and than do math (not very simple math!) again and again, and create the job for GC again and again.

And as user I dislike that my passphrase is stayed in memory. Yes, in terms of Nxt security there's no difference what to steal - my passphrase or my private key. But... being cyborg I can invent new password for every service I use. Those of you who are humans use common patterns often. So thief accessing memory of you device can not only steal your coins, but use your password to steal your FB account for example.
legendary
Activity: 2632
Merit: 1023
January 13, 2014, 06:13:57 AM
i'm a little confused why would you need a spec if you have the code and can code with proficiency, you should be able to read through it in about a week or 2 and figure it out?

sr. member
Activity: 299
Merit: 250
January 11, 2014, 11:55:51 AM
No more analysis, only flaw crawler? Wink
1. Most of discussions are there, on flaw reporting thread. "We need to go deeper" Smiley
2. It's hard to do QA for code, that is known to move forward already. Jean-Luc restrained my ardour on the very first page Smiley
3. If I find something to analyse I will write post Smiley

Agreed. We kept finding things here that were either (1) already fixed or (2) already known as todo items.
hero member
Activity: 784
Merit: 501
January 10, 2014, 11:10:32 AM
No more analysis, only flaw crawler? Wink
1. Most of discussions are there, on flaw reporting thread. "We need to go deeper" Smiley
2. It's hard to do QA for code, that is known to move forward already. Jean-Luc restrained my ardour on the very first page Smiley
3. If I find something to analyse I will write post Smiley
hero member
Activity: 910
Merit: 1000
January 10, 2014, 06:09:24 AM
No more analysis, only flaw crawler? Wink
legendary
Activity: 1470
Merit: 1004
January 08, 2014, 01:03:03 PM
I actually think some of his posts were productive in the sense that he was pointing out bugs.  He definitely has an agenda and strong knowledge of Java, I think we could give him a collective group hug and try to bring him on board with Nxt.  He could certainly profit from his observations and help the forum dev team here.

He hasn't actually pointed out a single bug. All he has done is expressed opinions on code style and software project management. It's trolling.

Those of us who do real world software dev know that the issues that he brings up are stylistic "nice to haves" and can be fixed in a few days of refactoring. No big deal. Code structure, documentation, specs, tests, etc, etc are secondary to a working, innovative system.

Instead, we're focused on 3 types of problems:

1. Immediate/critical bugs causing improper functioning.
2. Attack vectors.
3. Logic flaws - injected or otherwise.

Given the track record of the core dev team (BCNext, C-f-b, Jean-Luc), none of his complaints bother me at all. I have some minor suggestions on process (like how to leverage my 100 nodes for testing), but I'm ok with how things are going given Jean-Luc's release tempo.

Everything in this thread and related ones have me extremely bullish on NXT.

Your work and the work of others here has me very bullish on Nxt as well! 
full member
Activity: 168
Merit: 100
IDEX - LIVE Real-time DEX
January 08, 2014, 12:06:31 PM
I actually think some of his posts were productive in the sense that he was pointing out bugs.  He definitely has an agenda and strong knowledge of Java, I think we could give him a collective group hug and try to bring him on board with Nxt.  He could certainly profit from his observations and help the forum dev team here.

He hasn't actually pointed out a single bug. All he has done is expressed opinions on code style and software project management. It's trolling.

Those of us who do real world software dev know that the issues that he brings up are stylistic "nice to haves" and can be fixed in a few days of refactoring. No big deal. Code structure, documentation, specs, tests, etc, etc are secondary to a working, innovative system.

Instead, we're focused on 3 types of problems:

1. Immediate/critical bugs causing improper functioning.
2. Attack vectors.
3. Logic flaws - injected or otherwise.

Given the track record of the core dev team (BCNext, C-f-b, Jean-Luc), none of his complaints bother me at all. I have some minor suggestions on process (like how to leverage my 100 nodes for testing), but I'm ok with how things are going given Jean-Luc's release tempo.

Everything in this thread and related ones have me extremely bullish on NXT.
hero member
Activity: 784
Merit: 501
January 08, 2014, 11:25:41 AM
He definitely has an agenda and strong knowledge of Java, I think we could give him a collective group hug and try to bring him on board with Nxt.
I see he have knowledge in Java, but do not see any proof that it is strong.
He doesn't found any actual problem except well-known "one big file", "no unit tests", "empty catch blocks", "we all will die".
sr. member
Activity: 441
Merit: 250
January 08, 2014, 11:24:27 AM
@Frictionless.  I see that you know what you're talking about with regard to programming.  In fact, you may very well be a brilliant programmer, but the problem is, no one cares.  Why?  Because you have taken it upon yourself as a right to criticize but have not contributed anything productive.  You haven't earned that right yet.  In order to earn the right to be heard you should contribute, even in small amount, not with criticism, but with real productive help.  Once you do that then you've earned the right to criticize and others will actually listen to you.  As it stands, people just think you are a jerk, and using Simon Crowell, a known jerk, as an example doesn't help your cause.  Simon Crowell may be rich and be a star power broker, but I believe he has very few "real" deep long lasting friendships, if any.  

You have not gone about this in an effective way.  If you had played this right you would have contributed in a huge way and others would have sung your praises and others would have gladly signed up for your next generation plan.  In fact they would have become your best sales people and you would have had more folks sign up to help with your development and vision.  But as it stands there are only a few willing to help you and your chances of developing a great system are slim to none.



Why would I contribute to what obviously looks like a Ponzi scheme?

You all first explain to me why this entire shenanigan is any different from a Ponzi scheme?

You are asking a lot of question here Frictionless. Maybe you can just answer on question yourself: Why are you spending so much time on bashing this?? Look at the frequency of your posts. And it's not only this thread. I would say 85% of the criticism on nxt comes from you. You are doing this all day!! Normally PR agencies are hired for such things...
Are you just taking personal satisfaction from from bringing other people's productive work down because you are (obviously) not very profound it doing productive things and have time for it because you are lying around at home unemployed (consider the amount of time you put in here). Or are you a professional trying to bring the price down to buy in cheap? I can not think of any other intention that would make sense. It certainly doesn't stem from worries about the code itself. Someone worried about the art of the code or people would not put his critique forward in such a hating and destructive manner!

I actually think some of his posts were productive in the sense that he was pointing out bugs.  He definitely has an agenda and strong knowledge of Java, I think we could give him a collective group hug and try to bring him on board with Nxt.  He could certainly profit from his observations and help the forum dev team here.

Sure. Agree. Open Arm for everyone Smiley
I was just wondering about the way and the extend one person presented criticism...
legendary
Activity: 1470
Merit: 1004
January 08, 2014, 11:14:05 AM
@Frictionless.  I see that you know what you're talking about with regard to programming.  In fact, you may very well be a brilliant programmer, but the problem is, no one cares.  Why?  Because you have taken it upon yourself as a right to criticize but have not contributed anything productive.  You haven't earned that right yet.  In order to earn the right to be heard you should contribute, even in small amount, not with criticism, but with real productive help.  Once you do that then you've earned the right to criticize and others will actually listen to you.  As it stands, people just think you are a jerk, and using Simon Crowell, a known jerk, as an example doesn't help your cause.  Simon Crowell may be rich and be a star power broker, but I believe he has very few "real" deep long lasting friendships, if any.  

You have not gone about this in an effective way.  If you had played this right you would have contributed in a huge way and others would have sung your praises and others would have gladly signed up for your next generation plan.  In fact they would have become your best sales people and you would have had more folks sign up to help with your development and vision.  But as it stands there are only a few willing to help you and your chances of developing a great system are slim to none.



Why would I contribute to what obviously looks like a Ponzi scheme?

You all first explain to me why this entire shenanigan is any different from a Ponzi scheme?

You are asking a lot of question here Frictionless. Maybe you can just answer on question yourself: Why are you spending so much time on bashing this?? Look at the frequency of your posts. And it's not only this thread. I would say 85% of the criticism on nxt comes from you. You are doing this all day!! Normally PR agencies are hired for such things...
Are you just taking personal satisfaction from from bringing other people's productive work down because you are (obviously) not very profound it doing productive things and have time for it because you are lying around at home unemployed (consider the amount of time you put in here). Or are you a professional trying to bring the price down to buy in cheap? I can not think of any other intention that would make sense. It certainly doesn't stem from worries about the code itself. Someone worried about the art of the code or people would not put his critique forward in such a hating and destructive manner!

I actually think some of his posts were productive in the sense that he was pointing out bugs.  He definitely has an agenda and strong knowledge of Java, I think we could give him a collective group hug and try to bring him on board with Nxt.  He could certainly profit from his observations and help the forum dev team here.
Pages:
Jump to: