NXT :: descendant of Bitcoin - Updated Information

[Vega]

There's a thread in this forum about bugs in the code release. After my client had been attacked, I analyzed, what exactly happened and figured out, how the attacker managed to get the clients to basically crash. JLP and CfB fixed that now mostly by 0.5.3, the only thing that is left is the actual browser page. So when you see negative blocks, just refresh the tab in your browser and everything will look normal again. On the server side (communicating with other NXT clients) the server now behaves normally, even if you don't refresh your browser window.
If you want to see what kind of bugs we're finding and that are getting fixed, jump over to https://asktom.cf/index.php?topic=397183.0

0.5.3 been running since released, so far so good. If it's still running OK in the morning that would a new record for me. Can't wait to find out.

[jl777]

There's a thread in this forum about bugs in the code release. After my client had been attacked, I analyzed, what exactly happened and figured out, how the attacker managed to get the clients to basically crash. JLP and CfB fixed that now mostly by 0.5.3, the only thing that is left is the actual browser page. So when you see negative blocks, just refresh the tab in your browser and everything will look normal again. On the server side (communicating with other NXT clients) the server now behaves normally, even if you don't refresh your browser window.
If you want to see what kind of bugs we're finding and that are getting fixed, jump over to https://asktom.cf/index.php?topic=397183.0

0.5.3 been running since released, so far so good. If it's still running OK in the morning that would a new record for me. Can't wait to find out.

Running 0.5.3 via NxtMac, on bad branch?
36406      14571285356259793594      January 9, 2014 2:27:28 AM GMT+02:00   
2      0 + 3      305 B   
2      5313834224092465353      74.3 %

2901 orphans, 8651 unconfirmed transactions

[TwinWinNerD]

I guess im pretty unlucky. Forging with 60k-100k for >2 weeks now, no block found...

If you forge non-stop with 60k, and if the total amount of nxt forging in the network is 500million (my guess - is there a way to find out?), then the probability of you forging exactly N blocks in 2 weeks is approx.:

Code:

N=0:  8.898%
N=1: 21.529%
N=2: 26.043%
N=3: 21.001%
N=4: 12.701%
N=5:  6.145%
N=6:  2.477%
N>6:  1.206%

So - if you found no block then you were indeed unlucky. Or did you find a block but it had no fees?

Wohoo, i just found my first block. 0 Fee, but it feels so awesome. !!!!!

[kunibopl]

Im a loyal american veteran who not only served in the desert but went back as a contractor.  I also possess a security clearance.  And I cant find too much terribly wrong with snowden.  Now bradley manning is a different story though. fuck that guy.  except he'd probably enjoy it.

why did you go to this desert? were you curious and wanted to get to know some iraqis or their favorite dish?
if not so, were you alone and depressed and eager to find friends(or partners) in the army?
are you maybe from alaska and did you want to see the sun?

tell me, I am all ears!
I charge 100 NXT for that.

PS. I am from Germany and find it incredible, that their are soldiers, financed from my taxes who drive up the prices for appartments in Kabul, so that Afghanis can't affort them anymore. I find it incredible, that these soldiers, who are freely going to this nonsense in Afghanistan, come back and need psychological help, because they saw a kid die. Fewer kids would die, if they weren't going there.
At least they should pay for this psychological help themselfes.

[TwinWinNerD]

Is there a vanity generator for NXT addresses out there?

This guy got a nice one: 666666817378784428

[ricot]

There's a thread in this forum about bugs in the code release. After my client had been attacked, I analyzed, what exactly happened and figured out, how the attacker managed to get the clients to basically crash. JLP and CfB fixed that now mostly by 0.5.3, the only thing that is left is the actual browser page. So when you see negative blocks, just refresh the tab in your browser and everything will look normal again. On the server side (communicating with other NXT clients) the server now behaves normally, even if you don't refresh your browser window.
If you want to see what kind of bugs we're finding and that are getting fixed, jump over to https://asktom.cf/index.php?topic=397183.0

0.5.3 been running since released, so far so good. If it's still running OK in the morning that would a new record for me. Can't wait to find out.

Running 0.5.3 via NxtMac, on bad branch?
36406      14571285356259793594      January 9, 2014 2:27:28 AM GMT+02:00   
2      0 + 3      305 B   
2      5313834224092465353      74.3 %

2901 orphans, 8651 unconfirmed transactions

See if refreshing your browser window helps...

[jl777]

I am using wesleyh's MaxNXT so not sure how to refresh browser in this context. I click lock and login again, but all the same orphans are there.

I can redownload the entire block chain, that is one option and it fixes it for a few hours, then goes bad again. At least it did the first time. I will do it again and see what happens

James

[ferment]

has anyone done work on creating unix scripts to function as command-line operations using the API?  If not then I will create a bunch of scripts

Here's mine in ruby: nxt

To use (assuming you have ruby installed):

Code:

$ gem install thor json httparty
$ curl -O https://gist.github.com/fermentNXT/8327705/raw/3e1f8a1c2276b38f1c77ba4db60ce013eeeef58e/nxt
$ chmod +x nxt
$ ./nxt help

Let me know what other API calls you want and I can knock them out quick.

UPDATE: added getAliasURI and listAccountAliases.

[ricot]

I am using wesleyh's MaxNXT so not sure how to refresh browser in this context. I click lock and login again, but all the same orphans are there.

I can redownload the entire block chain, that is one option and it fixes it for a few hours, then goes bad again. At least it did the first time. I will do it again and see what happens

James

What's that? Why aren't you using the official client?

Well, if it's based on the official client before 0.5.3 (very likely), then you still have that bug...
Solution: Get the official client

[jl777]

I am using wesleyh's MaxNXT so not sure how to refresh browser in this context. I click lock and login again, but all the same orphans are there.

I can redownload the entire block chain, that is one option and it fixes it for a few hours, then goes bad again. At least it did the first time. I will do it again and see what happens

James

What's that? Why aren't you using the official client?

Well, if it's based on the official client before 0.5.3 (very likely), then you still have that bug...
Solution: Get the official client

My understanding is that MacNXT embeds the official client, it says it is using 0.5.3

All caught up:
36420      14571285356259793594      January 9, 2014 3:16:56 AM GMT+02:00   
5      500'000 + 13      691 B   
2      15607836971861154475      188 %

The problem seems to happen after a few hours. I did "update peers" before this redownload of blockchain, so I am hoping for better stability.

James

P.S. I did not change anything from default installation other than Update peers

[slothbag]

Nxt full source code (decompiled 0.5.2).

https://github.com/slothbag/nxt-decompiled

donations: 6683387465452189666

Updated to 0.5.3

or: go to google, search for "java decompiler", click the first hit, download the program, open the Nxt.class file that is in the NXT-client download

Wont give you diffs though!

[ricot]

I am using wesleyh's MaxNXT so not sure how to refresh browser in this context. I click lock and login again, but all the same orphans are there.

I can redownload the entire block chain, that is one option and it fixes it for a few hours, then goes bad again. At least it did the first time. I will do it again and see what happens

James

What's that? Why aren't you using the official client?

Well, if it's based on the official client before 0.5.3 (very likely), then you still have that bug...
Solution: Get the official client

My understanding is that MacNXT embeds the official client, it says it is using 0.5.3

All caught up:
36420      14571285356259793594      January 9, 2014 3:16:56 AM GMT+02:00   
5      500'000 + 13      691 B   
2      15607836971861154475      188 %

The problem seems to happen after a few hours. I did "update peers" before this redownload of blockchain, so I am hoping for better stability.

James

P.S. I did not change anything from default installation other than Update peers

Ah, ok, found a thread about it in some russian forum
Yes, it's basically just displaying a browser window in a different frame, so unless you refresh that browser window, it won't show correct results...
you can try apple+r, maybe that works, depends on how he implemented it.

[jl777]

ricot,

Plz don't worry about me. Your time much better spent coming up with more evil twisted ways to break NXT. I am super impressed so far by your work!

Just wish I was fluent in java instead of C.  I knew that at a high level, getting untrustworthy data to get trusted was the key, but having to lookup every java call, just made me unable to see the forest through all the trees.

James

[TwinWinNerD]

Is there a vanity generator for NXT addresses out there?

This guy got a nice one: 666666817378784428

Java
====
https://asktom.cf/index.php?topic=345619.msg3759147#msg3759147


x86  (just exe)
===
https://asktom.cf/index.php?topic=345619.msg3735874#msg3735874

thanks,

got: 12345678612257264594

[opticalcarrier]

has anyone done work on creating unix scripts to function as command-line operations using the API?  If not then I will create a bunch of scripts

Here's mine in ruby: nxt

To use (assuming you have ruby installed):

Code:

$ gem install thor json httparty
$ curl -O https://gist.github.com/fermentNXT/8327705/raw/3e1f8a1c2276b38f1c77ba4db60ce013eeeef58e/nxt
$ chmod +x nxt
$ ./nxt help

Let me know what other API calls you want and I can knock them out quick.

UPDATE: added getAliasURI and listAccountAliases.

kickass, well  guess ill have to figure out another little project...  but after apt-get install of ruby1.9.1 and those 4 gems when running your nxt help I get

root@vps1:~/tmp# nxt help
/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': cannot load such file -- httparty (LoadError)
        from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require'
        from /usr/local/bin/nxt:6:in `<main>'
root@vps1:~/tmp#

[jl777]

What web.xml options add most to stability of NXT server? The stability problems could simply be from suboptimal web.xml settings.

Does the 0.5.3 install use the most stable options in web.xml?
Are there any other files that need to be tweaked?

I am thinking that a lot of the problems in the field could be related to having a wrong set of settings. We are so close to a stable NXT server. I updated my peers list and now it is not going brain dead. Still need more time, but looking good so far.

The only thing that was changed was the list of peers, but I remember seeing a bunch of different tweaks. Has anybody tested the effect of the different tweaks on NXT server stability. So much work has been put into NXT, it would be a shame if a new NXT'er gets a bad experience due to suboptimal settings.

James

[ricot]

What web.xml options add most to stability of NXT server? The stability problems could simply be from suboptimal web.xml settings.

Does the 0.5.3 install use the most stable options in web.xml?
Are there any other files that need to be tweaked?

I am thinking that a lot of the problems in the field could be related to having a wrong set of settings. We are so close to a stable NXT server. I updated my peers list and now it is not going brain dead. Still need more time, but looking good so far.

The only thing that was changed was the list of peers, but I remember seeing a bunch of different tweaks. Has anybody tested the effect of the different tweaks on NXT server stability. So much work has been put into NXT, it would be a shame if a new NXT'er gets a bad experience due to suboptimal settings.

James

The problems we have been seeing were mostly due to one specific type of attack combined with a ddos. These attacks seem to have stopped now that they don't have the "desired" effect anymore.
The parameters are fine as they are, no need to adjust them. As are the peers, as soon as you see one peer, it will send you all it's other peers and you're good to go

[Zahlen]

Will make some sort of popover that shows where it links to (in browser extensions)

Blacklist of malicious aliases might be a good idea too...

Who will decide if an alias is malicious enough?

Could be through a 3rd-party web of trust type plugin, or blacklists maintained by 3rd parties. Most important I think is that the user retain the choice of how they want to filter malicious aliases (if at all). So ultimately users, and user demand decides.

Would you kindly pull your collective head out of your collective ass and start taking this issue seriously?

Well, give me an answer on a simple question:

- Where CRC should be added to protect a user from sending 90000 NXT instead of 80000 NXT and how is it different from incorrect account issue?

The solution to that does not have to be through CRC, or other checksums. For instance, to prevent miscommunication for short spoken strings, militaries pad out letters and digits. For instance, they may say NINER instead of NINE. If the problem is the number of digits, e.g. if folks worry about sending 800000 instead of 80000, commas can be used. Easier to spot the difference between 800,000 and 80,000. Different solutions for different problems.

I personally worry about these sort of inputs and double and triple check. As a newcomer to crypto$, all this worrying and checking stressed me out the night I made the trade offer in this thread. So it is a problem for me; I would much rather feel safer with more safeguards built into the protocol/client. For the amount to send, having to type it in two separate fields and disallow pasting in one of them (like email address confirmations) could be a way of solving the problem, and relieving user anxiety.

But I worried about the accuracy of addresses much, much more. NXT addresses are not easily eyeballed like transaction amounts or aliases.

A while back, when I asked CfB about using some of the 192 reserved address bits for check bits, he replied "We can't", which I took to mean it was impossible (without messing up a lot of things). I have much less coding experience and knowledge than most folks here, so on things like the current protocol I trust and defer to others. Now I'm reading stuff that suggests it might be possible. But whether client or protocol side, something MUST be done about this.

One of NxtChg.com's concerns is that if checksums are not implemented at the protocol level, it will not gain widespread adoption. I'm not so sure about this; seems like if no better solutions emerge, this could be adopted as a best practice when designing clients. I'm sure client designers also worry about address accuracy and don't want donations to get sent to the wrong places And after a while, maybe standard libraries/code fragments would get reused, so clients (and consequently users) would converge to standard ways of guarding against errors. He's got some server-side concerns too, which I don't have the experience to say anything about.

Breaking up NXT addresses into groups of digits (like credit cards) might help a little.

[NxtChoice]

@Luc @CfB @info.nxtcrypto

I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.

Thanks.

[opticalcarrier]

@Luc @CfB @info.nxtcrypto

I suggest @info.nxtcrypto link @Luc's BTT post for each client update, so we can do a fast simple comparison with @Luc's post and confirm the sha256sum. If hacker replaced the download file and also replace sha256sum at info.nxtcrypto, it's not so easy to find it, but I think hack those 2 and Luc's account at the same time is more difficult.

Thanks.

I do this on the nxtcrypto forum post when I update it for new clients.  Ill get the info guy to do the same


But I dont think itll work out perfectly.  Most of the time, linking back to a post here just gets you to the top of the page the post is on.  Know how to fix that?