Topic: benjyz's topic (Read 4145 times)

benjyz · October 09, 2014, 12:27:59 pm

Hello,

this is the central thread for my work on Nxt.

I have been studying the code since March. I have added small things up to now, and developed some concepts (see below). It takes quite a while to understand the Nxt core. Some of this knowledge is now more widespread than only a couple of months ago. Core questions about PoS remains, because its not well researched yet (especially the 100% PoS variant).

8. November

Digital currency history:
https://nxtforum.org/general-discussion/proof-of-stake-history/

SC use case:
https://nxtforum.org/general-discussion/sc-use-cases/msg113762/#msg113762

On cost:
https://nxtforum.org/general-discussion/current-cost-to-maintain-nxt/msg128156/#msg128156

Nxt growth stats:
https://nxtforum.org/general-discussion/nxt-growth-statistics/msg126992/#msg126992

3. November

Working on the Nxt bridge
https://github.com/benjyz/NxtBtcMap

31.October

Links to previous work and ideas. I have parts of these things implemented in private code. More coming.

Network analysis
https://nxtforum.org/general/network-analysis/

Docker
Added Dockerfile to Nxt core. This will require more work to make useful.

Gradle
https://gist.github.com/benjyz/f948cd8d3ce466dc646d

Mini Python API
https://gist.github.com/benjyz/aaac66720a16c4407d23

Secure assets
https://nxtforum.org/general-discussion/secure-assets/

Security protocols
https://nxtforum.org/general/certificates-and-identities/

Alias as DNS
https://nxtforum.org/alias-system/aliases-as-dns/

Two-factor auth via escrow
https://nxtforum.org/general/two-factor-auth/

9.October

I've added a Pullrequest for some simple code scanning the blockchain by percentage.

https://bitbucket.org/JeanLucPicard/nxt/pull-request/21/implement-total-number-of-blocks-while/diff

LiQio · October 09, 2014, 12:33:36 pm

Good idea, I like every kind of progress information.
Thanks benjyz

kushti · October 09, 2014, 09:41:16 pm

Sounds cool!

benjyz · October 31, 2014, 11:13:08 am

31.10: I have modified first post to show the timeline.

Other easy things I would propose: leveraging the logging library more, see http://logback.qos.ch/

benjyz · October 31, 2014, 11:18:31 am

Server environment.

If I want to run Nxt on a server, the requirements are different. I'm not using the GUI at all, and need more information about the state of the system. This can be done with better logging, and improving the thread. Unit-Tests are especially important for me in this case, because I want HA=High availability. This is similar to requirements of any merchant. Even 5% downtime is a lot in this context. Achieving 99.9% uptime requires much more effort, than 99% or even 95%.

benjyz · November 04, 2014, 09:47:22 am

Solutions for merchants or generally people accepting Nxt on a website

One possibility is making Nxt a good solution for merchants, who will have probably different requirements than P2P users. The general use of Nxt, as I understand it, is an individual user. A shop with say 1000 customers which wants to accept Nxt might have quite different requirements. I think the bridge can be a good first step in making it easier for businesses to accept Nxt. I think Nxt could have a lot of advantages for businesses.

There was also this interesting implementation of a one click button: https://nxtforum.org/nxt-projects/pay-with-nxt-button-%28looking-for-js-developer%29/

A simple use case is: a blog that wants to accept Nxt. I will look around more in the forums what already has been done in this area.

ChuckOne · November 05, 2014, 10:06:10 pm

How can a Merchant keep track of all Nxt customers?

benjyz · November 07, 2014, 12:23:17 pm

Quote from: ChuckOne on November 05, 2014, 10:06:10 pm

How can a Merchant keep track of all Nxt customers?

So say we have the most simplest use case. A Nxt user called "Nxtmerchant" takes Nxt payments in connection to a webapp he is running on the standard web, say under the domain nxtwebshop.com. So he has a webapplication which speaks to the Nxt API, and maps data from the webapp to Nxt in some way. So nxtwebshop.com has users which have Nxt installed. They transfer money to nxtwebshop, but attached to a user-name, so that Nxtmerchant knows who is who and can ship goods. The nxtwebshop needs an interface to NRS. It could be that nxtwebshop has an admin interface under nxtwebshop.com/admin . There is I think many interesting things one could do with this. The first thing would be not use just nxtwebshop.com domain, but a Nxt alias.

benjyz · November 11, 2014, 02:26:53 pm

The steps required to set up a secure web-server with a domain in the year 2014:

1. buy a domain at a registrar. Search for the right registrar.

2. buy a SSL certificate at a separate SSL entity.

3. let the registrar generate a CSR
http://en.wikipedia.org/wiki/Certificate_signing_request

4. find a hosting provider and set up a server
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO17540

5. point the domain address to the IP of the server

6. tell the webserver to use the SSL cerificate
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04

7. register with free email provider which supports custom domains

8. confirm SSL registration request

With Digitalocean's help and Namecheap accepting Bitcoins steps 1-8 can be done in ~1-2 business days, but more realistically this is a 1-2 week effort.

benjyz · November 11, 2014, 02:32:19 pm

Alternative way to host static sites with Dropbox:

https://brace.io

https://www.paperplane.io

benjyz · November 11, 2014, 09:00:51 pm

Blockchains on client and server will radically change security model of all applications on the Internet (more on that later eventually, but some ideas are linked in the first post).

Meteor is a newer framework which integrates client and server in one layer. some of the standard attacks actually go away then: https://www.meteor.com/blog/2014/03/14/session-cookies

It's important to remember that most of Internet security was invented at netscape in 1994/1995:
http://en.wikipedia.org/wiki/HTTP_cookie#History

Moxie explained some of the history of SSL. (around 16:00 mark)
https://www.youtube.com/watch?v=pDmj_xe7EIQ

benjyz · November 12, 2014, 09:57:33 am

More info about DNS. Often times Internet archaeology reveals why things are done in certain ways.

http://en.wikipedia.org/wiki/List_of_DNS_record_types

https://support.google.com/a/answer/48090?hl=en

For example RFC1876 is not used but introduces experimental record of geolocation for DNS http://tools.ietf.org/html/rfc1876

benjyz · November 16, 2014, 02:10:22 pm

Another idea in the direction of servers, authentication and DNS: Nxt could implement an opensource online wallet and OAuth
http://tools.ietf.org/html/rfc6749

I imagine server side apps which hook up to Dropbox as open source variant with use end-to-end encryption + integration with old-style nameregistration.

benjyz · November 16, 2014, 04:13:22 pm

TIL Internet security sucks, Lesson Number 55: http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/

Pretty much all internet security is a joke - most importantly SSL and DNSsec. But even something obvious as OAuth is just broken. Now I understand why it's so hard to implement OAuth2, it's fundamentally bad. The author of the standard withdraw and wrote: "As defined, it is largely useless and must be profiles into a working solution. The WS-* way. 2.0 provides a whole new frontier to sell consulting services and integration solutions." "This outcome is the direct result of the nature of the IETF, and the particular personalities overseeing this work. "

Tosch110 · November 16, 2014, 06:41:18 pm

Quote from: benjyz on November 16, 2014, 04:13:22 pm

TIL Internet security sucks, Lesson Number 55: http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/

Pretty much all internet security is a joke - most importantly SSL and DNSsec. But even something obvious as OAuth is just broken. Now I understand why it's so hard to implement OAuth2, it's fundamentally bad. The author of the standard withdraw and wrote: "As defined, it is largely useless and must be profiles into a working solution. The WS-* way. 2.0 provides a whole new frontier to sell consulting services and integration solutions." "This outcome is the direct result of the nature of the IETF, and the particular personalities overseeing this work. "

Thanks for sharing this. I have been looking at OAuth 2 and had in plan to experiment a little with it. Good that I did not yet...

benjyz · November 25, 2014, 07:55:46 pm

Thinking about how to daemonize Nxt main thread. This solution is unix only. Cross portable solution probably harder. (a few weeks back I tried to name threads, but that's not wanted in Java).

http://barelyenough.org/blog/2005/03/java-daemon/

Code: [Select]

#!/bin/sh

launch_daemon()
{
  /bin/sh &lt;&lt;EOF
     java -Ddaemon.pidfile=mydaemon.pid -cp your_class_path com.domain.main_class &lt;&amp;- &
     pid=\$!
     echo \${pid}
EOF
}

daemon_pid=`launch_daemon`
if ps -p "${daemon_pid}" &gt;/dev/null 2&gt;&1
then
  # daemon is running.
  echo ${daemon_pid} &gt; mydaemon.pid
else
  echo "Daemon did not start."
fi

benjyz · November 30, 2014, 06:46:08 pm

Understanding block-chains - best path IMO:

http://en.wikipedia.org/wiki/Lamport_timestamps

http://research.microsoft.com/en-us/um/people/lamport/pubs/time-clocks.pdf

http://research.microsoft.com/en-us/um/people/lamport/pubs/byz.pdf

http://szabo.best.vwh.net/distributed.html

benjyz · December 03, 2014, 12:30:53 pm

DDOS on DNS. I'm wondering what the advantages of a P2P DNS are.

http://blog.dnsimple.com/2014/12/incident-report-ddos/

benjyz · December 15, 2014, 02:01:29 pm

semibaron · December 18, 2014, 05:00:09 pm

Are you still working on NXTbridge?

News:

Author Topic: benjyz's topic (Read 4145 times)