Qora | POS | Assets | Names | Polls | Automated Transactions | Social Network - page 53.

twospirit

hero member

Activity: 502

Merit: 500

Quote from: jantenner81 on May 18, 2015, 04:01:56 PM

Quote from: Nxtblg on May 18, 2015, 12:26:23 PM

Quote from: Lorenzo on May 18, 2015, 03:55:08 AM

Few exchanges have had zero major security issues. Cryptsy is one of the luckier ones, although lots of people complain about withdrawal delays there.

I think those two are related...

OK, how is the related to this AT thread ?

that centralized trading sucks Grin

and we have AT to finish it

jantenner81

full member

Activity: 228

Merit: 100

CIYAM - UI/UX design

Quote from: Nxtblg on May 18, 2015, 12:26:23 PM

Quote from: Lorenzo on May 18, 2015, 03:55:08 AM

Few exchanges have had zero major security issues. Cryptsy is one of the luckier ones, although lots of people complain about withdrawal delays there.

I think those two are related...

OK, how is the related to this AT thread ?

Nxtblg

legendary

Activity: 924

Merit: 1000

Quote from: Lorenzo on May 18, 2015, 03:55:08 AM

Few exchanges have had zero major security issues. Cryptsy is one of the luckier ones, although lots of people complain about withdrawal delays there.

I think those two are related...

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: bonipper on May 18, 2015, 11:14:11 AM

Have you considered testing your blockchain pruning concept on Qora?

I am not sure exactly what you are referring to - but in regards to blockchain pruning ATs could be removed provided that they have become inactive (we are likely to further formalise this down the track).

wizzardTim

legendary

Activity: 1708

Merit: 1000

Reality is stranger than fiction

@all: let's upvote, for visibility. It's worth it!

https://www.reddit.com/r/Bitcoin/comments/36brps/worlds_first_atomic_crosschain_transfer_performed/

http://www.reddit.com/r/CryptoCurrency/comments/36bao4/worlds_first_atomic_crosschain_transfer_completed/

bonipper

sr. member

Activity: 246

Merit: 250

Quote from: CIYAM on May 18, 2015, 10:44:07 AM

It is possible to hard-code values into ATs but understand as the Initiator and Responder would need different values we'd have to have two ACCT ATs rather than just one (at the moment the code is the same regardless of which role).

The next main focus for the AT project is going to be UI so we will consider how we can make the workflow and UX better as we proceed.

Have you considered testing your blockchain pruning concept on Qora?

rlh

hero member

Activity: 804

Merit: 1004

Ah, ok. Nice! I would have assumed there would have been a 0 Qora TX for such a thing. I'll take a look in the code to try and figure this one out.

wizzardTim

legendary

Activity: 1708

Merit: 1000

Reality is stranger than fiction

Quote from: rlh on May 18, 2015, 11:08:24 AM

Check out thr block explorer. What's with the 0 tx blocks, with 50 Qora fees. Is this a bug on the explorer, or is Qora being exploited?

Quoting from slack:

http://qora.co.in/?q=AVMvpJxRpdHxxEHcmnibDt6nYC3cBe8oH5
this is the address of an Infinite Loop AT that make's the 50 :qora: block reward

you can extend it by sending funds to it

So it is a gift for forgers!

rlh

hero member

Activity: 804

Merit: 1004

Check out thr block explorer. What's with the 0 tx blocks, with 50 Qora fees. Is this a bug on the explorer, or is Qora being exploited?

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

It is possible to hard-code values into ATs but understand as the Initiator and Responder would need different values we'd have to have two ACCT ATs rather than just one (at the moment the code is the same regardless of which role).

The next main focus for the AT project is going to be UI so we will consider how we can make the workflow and UX better as we proceed.

mrvegad

hero member

Activity: 616

Merit: 500

Quote from: CIYAM on May 18, 2015, 09:27:52 AM

Quote from: CryptKeeper on May 18, 2015, 09:23:04 AM

OK, I understand that if Alice's AT - which goes first - has a small timeout of 24 hrs and Bob's AT has a much greater timeout, say 72 hrs, not much can go wrong.

Actually you haven't quite got it - Alice's timeout needs to be the longer one (as it is Alice that will be sending the "key" to Bob's AT first).

Quote from: CryptKeeper on May 18, 2015, 09:23:04 AM

Could the timeouts somehow be part of the secret, so that none of the participants can be tamper with it?

I'm not sure how that could be achieved - the best approach IMO is that the hash of the ACCT AT code could be published and compared to (to prove that it is the code that you think it is without having to actually understand AT machine code) and that you check the timeout value before proceeding.

Assuming there is enough of a time gap then there is not much that can go wrong (unless Bob's internet dies after Alice sent the secret and he can't get it working until the refund expiry time for Alice happens).

Can you have this has a pop up where the user has to click OK on the pop up to close it? Having some kind of reminder is better then nothing, might help cut down on mistakes.

CryptKeeper

legendary

Activity: 2044

Merit: 1055

Quote from: CIYAM on May 18, 2015, 09:27:52 AM

Quote from: CryptKeeper on May 18, 2015, 09:23:04 AM

OK, I understand that if Alice's AT - which goes first - has a small timeout of 24 hrs and Bob's AT has a much greater timeout, say 72 hrs, not much can go wrong.

Actually you haven't quite got it - Alice's timeout needs to be the longer one (as it is Alice that will be sending the "key" to Bob's AT first).

I always fail when the chances are 50:50 ... Grin

Quote from: CIYAM on May 18, 2015, 09:27:52 AM

Quote from: CryptKeeper on May 18, 2015, 09:23:04 AM

Could the timeouts somehow be part of the secret, so that none of the participants can be tamper with it?

I'm not sure how that could be achieved - the best approach IMO is that the hash of the ACCT AT code could be published and compared to (to prove that it is the code that you think it is without having to actually understand AT machine code) and that you check the timeout value before proceeding.

Assuming there is enough of a time gap then there is not much that can go wrong (unless Bob's internet dies after Alice sent the secret and he can't get it working until the refund expiry time for Alice happens).

Couldn't you hard code reasonable timeout values into the AT code and publish the code's hash? So if everyone agrees on using the same AT code for ACCT, the timeout values would be common knowledge.

Lorenzo

sr. member

Activity: 406

Merit: 250

Quote from: favdesu on May 18, 2015, 07:00:57 AM

news from BTER Support: "we are updating and configure the qora wallet. withdrawal and deposit will be effect. it is expected to finish in 1-2 days."

Sweet!

I just checked Poloniex and it seems that they were able to fix whatever issues they had with their wallet. Only a few weeks ago, there was no way to buy, sell, or trade QORA. With both exchanges working again (or soon to be working again) and the recent news regarding ACCT integration, Qora is looking much healthier these days.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: CryptKeeper on May 18, 2015, 09:23:04 AM

OK, I understand that if Alice's AT - which goes first - has a small timeout of 24 hrs and Bob's AT has a much greater timeout, say 72 hrs, not much can go wrong.

Actually you haven't quite got it - Alice's timeout needs to be the longer one (as it is Alice that will be sending the "key" to Bob's AT first).

Quote from: CryptKeeper on May 18, 2015, 09:23:04 AM

Could the timeouts somehow be part of the secret, so that none of the participants can be tamper with it?

I'm not sure how that could be achieved - the best approach IMO is that the hash of the ACCT AT code could be published and compared to (to prove that it is the code that you think it is without having to actually understand AT machine code) and that you check the timeout value before proceeding.

Assuming there is enough of a time gap then there is not much that can go wrong (unless Bob's internet dies after Alice sent the secret and he can't get it working until the refund expiry time for Alice happens).

CryptKeeper

legendary

Activity: 2044

Merit: 1055

Quote from: CIYAM on May 18, 2015, 06:41:13 AM

Quote from: CryptKeeper on May 18, 2015, 06:29:21 AM

Can this be enforced by the AT code or must the trade participants agree on the timeouts?

The timeouts can be defaulted by the UI but of course you cannot prevent a user from changing the default.

This is why Bob and Alice must carefully check each others AT's before proceeding. I think we'll eventually create a tool for AT "verification" down the track in order to make it very easy to be sure you aren't being cheated by an incorrectly coded AT.

OK, I understand that if Alice's AT - which goes first - has a small timeout of 24 hrs and Bob's AT has a much greater timeout, say 72 hrs, not much can go wrong.
Could the timeouts somehow be part of the secret, so that none of the participants can be tamper with it?

favdesu

legendary

Activity: 1764

Merit: 1000

news from BTER Support: "we are updating and configure the qora wallet. withdrawal and deposit will be effect. it is expected to finish in 1-2 days."

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: CryptKeeper on May 18, 2015, 06:29:21 AM

Can this be enforced by the AT code or must the trade participants agree on the timeouts?

The timeouts can be defaulted by the UI but of course you cannot prevent a user from changing the default.

This is why Bob and Alice must carefully check each others AT's before proceeding. I think we'll eventually create a tool for AT "verification" down the track in order to make it very easy to be sure you aren't being cheated by an incorrectly coded AT.

vbcs

full member

Activity: 137

Merit: 100

AT - Automated Transactions - CIYAM Developer

Quote from: CryptKeeper on May 18, 2015, 06:29:21 AM

Quote from: Vrontis on May 18, 2015, 05:39:26 AM

Quote from: CryptKeeper on May 18, 2015, 05:33:03 AM

Very interesting! I'm trying to wrap my head around this. I see a potential security issue with the "refund timeouts". What if Alice post her tx just before the timeout elapses, resulting in Bob never get the chance to receive his BURST? Could you elaborate on that?

Bob's AT must have have less length (expiration) than Alice's AT.So in case Alice sends the TX with the key to Bob's AT just before the expiration, Bob will have time to send the key to Alice's AT afterwards.

Can this be enforced by the AT code or must the trade participants agree on the timeouts?

No it cannot be enforced by the AT code itself as the AT on one side is not aware of the other AT. When user A initiates the ACCT then user B can see the timeout and use a proper one when creating the response ACCT.

CryptKeeper

legendary

Activity: 2044

Merit: 1055

Quote from: Vrontis on May 18, 2015, 05:39:26 AM

Quote from: CryptKeeper on May 18, 2015, 05:33:03 AM

Very interesting! I'm trying to wrap my head around this. I see a potential security issue with the "refund timeouts". What if Alice post her tx just before the timeout elapses, resulting in Bob never get the chance to receive his BURST? Could you elaborate on that?

Bob's AT must have have less length (expiration) than Alice's AT.So in case Alice sends the TX with the key to Bob's AT just before the expiration, Bob will have time to send the key to Alice's AT afterwards.

Can this be enforced by the AT code or must the trade participants agree on the timeouts?

Vrontis

sr. member

Activity: 351

Merit: 250

Quote from: CryptKeeper on May 18, 2015, 05:33:03 AM

Very interesting! I'm trying to wrap my head around this. I see a potential security issue with the "refund timeouts". What if Alice post her tx just before the timeout elapses, resulting in Bob never get the chance to receive his BURST? Could you elaborate on that?

Bob's AT must have have less length (expiration) than Alice's AT.So in case Alice sends the TX with the key to Bob's AT just before the expiration, Bob will have time to send the key to Alice's AT afterwards.

Topic: Qora | POS | Assets | Names | Polls | Automated Transactions | Social Network - page 53. (Read 307527 times)