elective-stereophonic
elective-stereophonic
NRS v1.11.0e
singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client: Nxt 1.11.15

Pages: 1 2 3 [All]

Author Topic: NRS v1.11.0e  (Read 19649 times)

Jean-Luc

  • Core Dev
  • Hero Member
  • *****
  • Karma: +816/-81
  • Offline Offline
  • Posts: 1610
    • View Profile
NRS v1.11.0e
« on: October 30, 2016, 11:04:28 am »

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Release 1.11.0e

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.11.0e.zip

sha256:

f1b678c8d34691e655b74c1dd0bd5b499ce10496d787aa7714cad6c24abd4416  nxt-client-1.11.0e.zip

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.11.0e.sh

sha256:

7409df62b029e16ab213afeed62fd4c1626b4fc903a743cc2febfd4c73273edc  nxt-client-1.11.0e.sh

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-client-1.11.0e.exe

https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-installer-1.11.0e.dmg

The exe, dmg, and sh packages must have a digital signature by "Stichting NXT".


Change log:

Added Generators page (under the cogwheel menu), showing the predicted next
block generators.

When working as a roaming or light client, data returned by the remote node is
validated against other remote nodes. In case of a difference a visual
indication is displayed on the toolbar to warn the user that the data returned
by the remote node may not be consistent.

The user interface files are now located under html/www instead of html/ui,
as this is the path required by the Apache Cordova framework used by the
mobile wallet.

The lockup screen now displays a button group of "by account", "by passphrase",
"by QR code" login options side by side above the credentials entry field,
instead of the old "By Account" / "By Password" toggle button.

Scanning a QR code for login, has been implemented by clicking the QR code icon
on the lockup screen. When the value scanned matches an NXT account format it
will be treated as account login, otherwise the value scanned will be treated
as the account passphrase.

The old "Remember Account" and "Remember Passphrase" checkboxes were merged
into a single "Remember Me" checkbox.

Save passphrase in local storage when using passphrase login with "Remember Me"
checked. Choosing logout will clear this data.

Account and passphrase entry fields on modal dialogs now support scanning the
value from a QR code by clicking the QR link above the field.

When logging in with passphrase and the "Remember Me" checkbox checked, the
"Account Details" modal will display the QR code for the account passphrase
in addition to the QR code for the account id.

Experimental support for running the client wallet as a mobile app has been
added. See specific documentation at https://nxtwiki.org/wiki/Mobile_App

Updated Jetty to version 9.3.13, delete the old lib folder before unpacking on
top.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYFac7AAoJENqvaxkWiP4ZiPwQAOgNbyFSWlghI5K2bM01SPoW
bJxroVtap1og+yHvZPfChD5zNDYg+7fTfeoEjikPCs+aZ7nSuUEQLLVYwYW5HSIi
9M3kwyzNrQwi8PBeK4ePcxsEJVsngQODmBq7RLz3liViu+KmyAKIKIBkXZGpPC6Q
m0mOIFzPKTuFPiqn974TqPn1yP+rh3A88TWvO0rTz9Ap+k/csklyLnsMT0n/oJoy
SkKtxtHdhEJqVP2j5PymedBDMdrbE0HkC2QFRViJ7cft2yjEQKDKYRKaRoY9YR7w
72+VH9wEdfggm3hJAR4smtpmarrTh6oWovWMwox8ENmq/xVWZd3qKz9pLV9EaQuf
Mg+vAMzeWfwhf4ux81MmRp4ETiQa+EVRN2HzGVG/Hn+zq/DcjdCEygOb/Mz+46+S
wJKF7SQgV/ZWRFXllkeDRGE/0ddaOJLWZKa1XSz7lvSNFk1+v22bGQ2JGoUqc4pb
q9+SZTFLgSjMg82sMc6FgIog7fFLtyl/218R9AvddweMarGRaO96Ju+TZ1zcPBBV
EMlWYERHKOzsPmoGpipN6hbPu5IYwc2oStF5z0WQ1BFBXHOpjLw09O52yDfL5Z6L
jj1BPtFZMDKvrUYZ+NzipRVvvbW1sNBMOgN018sqn9X10/9ttZqBieqhTVlCAVem
ZVbFz+ii8dCcdbI4eyY+
=Fr8g
-----END PGP SIGNATURE-----
Logged
GPG key fingerprint: 263A 9EB0 29CF C77A 3D06  FD13 811D 6940 E1E4 240C
NXT-X4LF-9A4G-WN9Z-2R322

qq2536007339

  • Hero Member
  • *****
  • Karma: +42/-9
  • Offline Offline
  • Posts: 514
    • View Profile
Re: NRS v1.11.0e
« Reply #1 on: October 30, 2016, 11:11:10 am »

Already try,thank you! QR function is really cool, 8) 8) 8)
« Last Edit: October 30, 2016, 11:29:22 am by qq2536007339 »
Logged
你送我阿朵,我是要的。ARDOR-DJ68-PG7W-4JEU-2LU5T

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #2 on: October 30, 2016, 11:16:32 am »

Mobile app packages:

Android:
https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-mobile-client-android-1.11.0.0e.apk

sha256:
31a4d5b6e223d86440de815907ae3c9a6a8a495116e83ca0b1078c856609f261

iOS:
https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-mobile-client-ios-1.11.0.0e.app.zip

sha256:
3e586a4cab198f069275e39f5db7088c0182cda09c698304e047d1db8279e804

These packages were already uploaded to ionic view, as explained in the NXT Wiki page https://nxtwiki.org/wiki/Mobile_App
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

qq2536007339

  • Hero Member
  • *****
  • Karma: +42/-9
  • Offline Offline
  • Posts: 514
    • View Profile
Re: NRS v1.11.0e
« Reply #3 on: October 30, 2016, 11:30:37 am »

Mobile app packages:

Android:
https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-mobile-client-android-1.11.0.0e.apk

sha256:
31a4d5b6e223d86440de815907ae3c9a6a8a495116e83ca0b1078c856609f261

iOS:
https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-mobile-client-ios-1.11.0.0e.app.zip

sha256:
3e586a4cab198f069275e39f5db7088c0182cda09c698304e047d1db8279e804

These packages were already uploaded to ionic view, as explained in the NXT Wiki page https://nxtwiki.org/wiki/Mobile_App

Finally we have a offical Mobile app,thank you!
Logged
你送我阿朵,我是要的。ARDOR-DJ68-PG7W-4JEU-2LU5T

wolffang

  • Hero Member
  • *****
  • Karma: +98/-5
  • Offline Offline
  • Posts: 690
    • View Profile
Re: NRS v1.11.0e
« Reply #4 on: October 30, 2016, 11:37:57 am »

Thnx guys
Logged

abctc

  • Hero Member
  • *****
  • Karma: +148/-13
  • Offline Offline
  • Posts: 1396
    • View Profile
Re: NRS v1.11.0e
« Reply #5 on: October 30, 2016, 11:40:15 am »

Android:
https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-mobile-client-android-1.11.0.0e.apk
- I'v installed this .apk.  It says "NRS Version: 1.10.3 New Beta". Maybe because it connected to a 1.10.3 node.
Logged
Welcome to the Nxt generation of crypto!   Magis quam Moneta (More than a Coin)
"Do not worry, it is an attack" (c) Jean-Luc

toenu

  • Full Member
  • ***
  • Karma: +52/-1
  • Offline Offline
  • Posts: 231
    • View Profile
Re: NRS v1.11.0e
« Reply #6 on: October 30, 2016, 12:14:32 pm »

Save passphrase in local storage when using passphrase login with "Remember Me"
checked. Choosing logout will clear this data.

Is this data also cleared when the user closes the window instead of logging out, or does it stay in local storage?
Logged

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #7 on: October 30, 2016, 12:22:01 pm »

Android:
https://bitbucket.org/JeanLucPicard/nxt/downloads/nxt-mobile-client-android-1.11.0.0e.apk
- I'v installed this .apk.  It says "NRS Version: 1.10.3 New Beta". Maybe because it connected to a 1.10.3 node.

correct, the version is reported by the remote node.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #8 on: October 30, 2016, 12:23:42 pm »

Save passphrase in local storage when using passphrase login with "Remember Me"
checked. Choosing logout will clear this data.

Is this data also cleared when the user closes the window instead of logging out, or does it stay in local storage?

When choosing "Remember Me" and logging in by passphrase, the passphrase is kept in the local storage until you explicitly logout or until you clear the local storage of the app or browser manually.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

galeki

  • Full Member
  • ***
  • Karma: +16/-2
  • Offline Offline
  • Posts: 228
    • View Profile
Re: NRS v1.11.0e
« Reply #9 on: October 30, 2016, 12:47:27 pm »

Save passphrase in local storage when using passphrase login with "Remember Me"
checked. Choosing logout will clear this data.

Is this data also cleared when the user closes the window instead of logging out, or does it stay in local storage?

When choosing "Remember Me" and logging in by passphrase, the passphrase is kept in the local storage until you explicitly logout or until you clear the local storage of the app or browser manually.

Finally no need to input my passphrase every time after booting or rebooting. And seems it also can start forging automatically.  :D

So if I login with "Remember Me" once, and then close NXT without logout, and then add NXT to start-up list, does this make NXT start forging automatically after booting?
Logged

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #10 on: October 30, 2016, 02:17:46 pm »

Save passphrase in local storage when using passphrase login with "Remember Me"
checked. Choosing logout will clear this data.

Is this data also cleared when the user closes the window instead of logging out, or does it stay in local storage?

When choosing "Remember Me" and logging in by passphrase, the passphrase is kept in the local storage until you explicitly logout or until you clear the local storage of the app or browser manually.

Finally no need to input my passphrase every time after booting or rebooting. And seems it also can start forging automatically.  :D

So if I login with "Remember Me" once, and then close NXT without logout, and then add NXT to start-up list, does this make NXT start forging automatically after booting?

If you choose "Remember Me" for the passphrase in the desktop wallet and login once, then whenever you restart NXT the desktop wallet will login automatically and start forging.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

galeki

  • Full Member
  • ***
  • Karma: +16/-2
  • Offline Offline
  • Posts: 228
    • View Profile
Re: NRS v1.11.0e
« Reply #11 on: October 30, 2016, 02:57:34 pm »

Save passphrase in local storage when using passphrase login with "Remember Me"
checked. Choosing logout will clear this data.

Is this data also cleared when the user closes the window instead of logging out, or does it stay in local storage?

When choosing "Remember Me" and logging in by passphrase, the passphrase is kept in the local storage until you explicitly logout or until you clear the local storage of the app or browser manually.

Finally no need to input my passphrase every time after booting or rebooting. And seems it also can start forging automatically.  :D

So if I login with "Remember Me" once, and then close NXT without logout, and then add NXT to start-up list, does this make NXT start forging automatically after booting?

If you choose "Remember Me" for the passphrase in the desktop wallet and login once, then whenever you restart NXT the desktop wallet will login automatically and start forging.

Cool!!  ;D
Logged

box1413

  • Hero Member
  • *****
  • Karma: +101/-4
  • Offline Offline
  • Posts: 687
    • View Profile
Re: NRS v1.11.0e
« Reply #12 on: October 30, 2016, 03:12:30 pm »

does this mean you have to manage 2 nxt front end views? one for the desktop and mobile app?
Logged

OutSL

  • Sr. Member
  • ****
  • Karma: +60/-0
  • Offline Offline
  • Posts: 332
    • View Profile
Re: NRS v1.11.0e
« Reply #13 on: October 30, 2016, 03:41:03 pm »

Hello World  :D

Thank you for this important implementations, i updated the NXT3D node to try what we can do with them from a virtual world...
i have some technical problems with SSL that force me to use an other port (7877) for the inworld script's http communications... this problem may or may not be related to NRS but when i set the port 7876 for both http/https, the communication fail ... when i use https in the inworld scripts, that fail too (Only NRS<>Scripts; all the other SSLed web APIs work!)... why? i have no idea  :(

i think this port change will exclude my node from the app peers list or the communication will fail ?!?
Now, with the let's encrypt free SSL, why it is not possible to use only SSLed nodes instead of the clear ones? in same way that the browser apps do to connect to the SSLed websites  ::) (WiFi and neighbor phone Apps in mind...)

Quote
Experimental support for running the client wallet as a mobile app has been
added. See specific documentation at https://nxtwiki.org/wiki/Mobile_App

the wallet can now operate autonomously and independent from a local NRS server? the UI is pure JS/HTML and i think it can operate without jetty too... or no?

Thank you again and @++
Logged
Thank you for your financial help, your donations will be used in the R&D related to the implementation of NXT in the virtual worlds running under OpenSimulator.org | Donations Box : NXT-PC8Q-ZW86-7UYK-CC4XJ
Visit The NXT Community Virtal World! Your NXT 3D Chat Service

allwelder

  • Hero Member
  • *****
  • Karma: +196/-13
  • Offline Offline
  • Posts: 1867
  • NxtChina.org
    • View Profile
    • NxtChina.org
Re: NRS v1.11.0e
« Reply #14 on: October 30, 2016, 03:45:19 pm »

Nice,have a mobile wallet eventually. :)
Logged
NxtChina |Weibo |Twitter Donation welcomed:NXT-APL9-66GU-K8LY-B3JJJ

neofelis

  • Hero Member
  • *****
  • Karma: +74/-12
  • Offline Offline
  • Posts: 568
    • View Profile
Re: NRS v1.11.0e
« Reply #15 on: October 30, 2016, 04:18:06 pm »

Desktop application in MAC OS is non-functional. 

The browser application works fine though.

Logged

toenu

  • Full Member
  • ***
  • Karma: +52/-1
  • Offline Offline
  • Posts: 231
    • View Profile
Re: NRS v1.11.0e
« Reply #16 on: October 30, 2016, 04:47:56 pm »

Save passphrase in local storage when using passphrase login with "Remember Me"
checked. Choosing logout will clear this data.

Is this data also cleared when the user closes the window instead of logging out, or does it stay in local storage?

When choosing "Remember Me" and logging in by passphrase, the passphrase is kept in the local storage until you explicitly logout or until you clear the local storage of the app or browser manually.

Finally no need to input my passphrase every time after booting or rebooting. And seems it also can start forging automatically.  :D

So if I login with "Remember Me" once, and then close NXT without logout, and then add NXT to start-up list, does this make NXT start forging automatically after booting?

If you choose "Remember Me" for the passphrase in the desktop wallet and login once, then whenever you restart NXT the desktop wallet will login automatically and start forging.

Cool!!  ;D

The concern is of course someone getting access (physical or otherwise) to one's device and reading the browser's local storage, which is trivial to do. It's the same as storing it in a clear text file, but after logging in once the user might not even be aware his passphrase is lying around unencrypted on disk... I hope this isn't going to cause any problems.

Perhaps a better way is to save the passphrase only for the session and keep only the account ID permanently. Downside is of course you always have to supply the pass for forging
Logged

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #17 on: October 31, 2016, 08:39:00 am »

does this mean you have to manage 2 nxt front end views? one for the desktop and mobile app?

The desktop application, web wallet and mobile wallet share 99% of their code if that what you are asking.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #18 on: October 31, 2016, 08:39:31 am »

Save passphrase in local storage when using passphrase login with "Remember Me"
checked. Choosing logout will clear this data.

Is this data also cleared when the user closes the window instead of logging out, or does it stay in local storage?

It stays in local storage
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #19 on: October 31, 2016, 08:48:04 am »

Hello World  :D

Thank you for this important implementations, i updated the NXT3D node to try what we can do with them from a virtual world...
i have some technical problems with SSL that force me to use an other port (7877) for the inworld script's http communications... this problem may or may not be related to NRS but when i set the port 7876 for both http/https, the communication fail ... when i use https in the inworld scripts, that fail too (Only NRS<>Scripts; all the other SSLed web APIs work!)... why? i have no idea  :(

i think this port change will exclude my node from the app peers list or the communication will fail ?!?
Now, with the let's encrypt free SSL, why it is not possible to use only SSLed nodes instead of the clear ones? in same way that the browser apps do to connect to the SSLed websites  ::) (WiFi and neighbor phone Apps in mind...)

The client should be able to connect to your API node even when using port 7877.
The mobile app cannot communicate with SSL nodes with a self signed certificate, since we assume most SSL nodes are using such certificate, we decided not to rely on SSL for the mobile app remote node and for confirmation nodes.
We do allow you to manually configure your mobile app to connect to a specific node over Https but then you won't have confirmations from other nodes so you most trust this node.

Quote
Quote
Experimental support for running the client wallet as a mobile app has been
added. See specific documentation at https://nxtwiki.org/wiki/Mobile_App

the wallet can now operate autonomously and independent from a local NRS server? the UI is pure JS/HTML and i think it can operate without jetty too... or no?

Thank you again and @++

The mobile app is independent of any specific server. It is a bundle of the existing JS/Html code with a remote node discovery layer on top.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

martismartis

  • Hero Member
  • *****
  • Karma: +73/-10
  • Offline Offline
  • Posts: 1237
    • View Profile
Re: NRS v1.11.0e
« Reply #20 on: October 31, 2016, 08:50:04 am »

Maybe it's a GUI bug, but "assets value" in the main dashboard window shows "0".
Logged

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #21 on: October 31, 2016, 08:57:09 am »

The concern is of course someone getting access (physical or otherwise) to one's device and reading the browser's local storage, which is trivial to do. It's the same as storing it in a clear text file, but after logging in once the user might not even be aware his passphrase is lying around unencrypted on disk... I hope this isn't going to cause any problems.

Perhaps a better way is to save the passphrase only for the session and keep only the account ID permanently. Downside is of course you always have to supply the pass for forging

Is it really trivial to read the device browser local storage?
At least the data saved in disk and memory should be encrypted in most modern browsers.
You'll have to take control over the webview component and development tools while connected to the NXT client in order to steal the passphrase.
Can you do that without root access to the device?

The alternative is that users constantly copy/paste or QR scan the passphrase which opens the door for copy/paste or camera hacking which is not less dangerous.
Steal I don't recommend to store the passphrase of a high balance account on the device.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #22 on: October 31, 2016, 08:58:18 am »

One interesting use case for the mobile app is to use an old phone or tablet completely offline only for signing transactions. This way you never have to expose your passphrase to online computer.
See https://nxtwiki.org/wiki/Offline_Transaction_Signing
If someone likes to try this and report their experience that would be great.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #23 on: October 31, 2016, 09:00:01 am »

Maybe it's a GUI bug, but "assets value" in the main dashboard window shows "0".

Calculating the asset value for account with many assets was identified as a performance problem.
Therefore we now only do it ones when you load the client and not every 30 seconds like it used to be.
Under which circumstances do you see the 0 balance?
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

lurker10

  • Hero Member
  • *****
  • Karma: +168/-33
  • Offline Offline
  • Posts: 1334
    • View Profile
Re: NRS v1.11.0e
« Reply #24 on: October 31, 2016, 09:05:29 am »

One interesting use case for the mobile app is to use an old phone or tablet completely offline only for signing transactions. This way you never have to expose your passphrase to online computer.
See https://nxtwiki.org/wiki/Offline_Transaction_Signing
If someone likes to try this and report their experience that would be great.

Thank you for this mobile client. What is the minimum OS (Android, iOS) requirements?
Logged
Run a node - win a prize! "Lucky node" project jar: NXT-8F28-EDVE-LPPX-HY4E7

martismartis

  • Hero Member
  • *****
  • Karma: +73/-10
  • Offline Offline
  • Posts: 1237
    • View Profile
Re: NRS v1.11.0e
« Reply #25 on: October 31, 2016, 09:44:14 am »

Maybe it's a GUI bug, but "assets value" in the main dashboard window shows "0".

Calculating the asset value for account with many assets was identified as a performance problem.
Therefore we now only do it ones when you load the client and not every 30 seconds like it used to be.
Under which circumstances do you see the 0 balance?

I always see the "0". Maybe problem is, that it is not updated every 30 seconds, just one time during loging in.
Logged

martismartis

  • Hero Member
  • *****
  • Karma: +73/-10
  • Offline Offline
  • Posts: 1237
    • View Profile
Re: NRS v1.11.0e
« Reply #26 on: October 31, 2016, 09:45:21 am »

I see mobile client as the second account for main account control. With few NXT in it. It's like 2FA with mobile phone.
Logged

toenu

  • Full Member
  • ***
  • Karma: +52/-1
  • Offline Offline
  • Posts: 231
    • View Profile
Re: NRS v1.11.0e
« Reply #27 on: October 31, 2016, 10:31:09 am »

The concern is of course someone getting access (physical or otherwise) to one's device and reading the browser's local storage, which is trivial to do. It's the same as storing it in a clear text file, but after logging in once the user might not even be aware his passphrase is lying around unencrypted on disk... I hope this isn't going to cause any problems.

Perhaps a better way is to save the passphrase only for the session and keep only the account ID permanently. Downside is of course you always have to supply the pass for forging

Is it really trivial to read the device browser local storage?
At least the data saved in disk and memory should be encrypted in most modern browsers.
You'll have to take control over the webview component and development tools while connected to the NXT client in order to steal the passphrase.
Can you do that without root access to the device?

The alternative is that users constantly copy/paste or QR scan the passphrase which opens the door for copy/paste or camera hacking which is not less dangerous.
Steal I don't recommend to store the passphrase of a high balance account on the device.

Browsers don't encrypt local storage by default. What would they encrypt it with, unless the user has some sort of master password? An attacker only needs file system access.

I tried to find where it is stored on disk - chromium on ubuntu stores it's in the folder ~/.config/chromium/Default/Local Storage, where for each website there is an unencrypted SQLite DB. Retrieving it is as simple as opening it with an SQLite browser: http://i.imgur.com/wIHjzhI.png
For other browsers/OS it will be similar.

This appears a great risk, as these files may lay around indefinitely without the user knowing it (and closing tabs is probably more common than logging out)
Logged

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #28 on: October 31, 2016, 11:16:02 am »

The concern is of course someone getting access (physical or otherwise) to one's device and reading the browser's local storage, which is trivial to do. It's the same as storing it in a clear text file, but after logging in once the user might not even be aware his passphrase is lying around unencrypted on disk... I hope this isn't going to cause any problems.

Perhaps a better way is to save the passphrase only for the session and keep only the account ID permanently. Downside is of course you always have to supply the pass for forging

Is it really trivial to read the device browser local storage?
At least the data saved in disk and memory should be encrypted in most modern browsers.
You'll have to take control over the webview component and development tools while connected to the NXT client in order to steal the passphrase.
Can you do that without root access to the device?

The alternative is that users constantly copy/paste or QR scan the passphrase which opens the door for copy/paste or camera hacking which is not less dangerous.
Steal I don't recommend to store the passphrase of a high balance account on the device.

Browsers don't encrypt local storage by default. What would they encrypt it with, unless the user has some sort of master password? An attacker only needs file system access.

I tried to find where it is stored on disk - chromium on ubuntu stores it's in the folder ~/.config/chromium/Default/Local Storage, where for each website there is an unencrypted SQLite DB. Retrieving it is as simple as opening it with an SQLite browser: http://i.imgur.com/wIHjzhI.png
For other browsers/OS it will be similar.

This appears a great risk, as these files may lay around indefinitely without the user knowing it (and closing tabs is probably more common than logging out)

I agree, the local storage data is not encrypted just obfuscated, still you need to hack into the workstation or device itself to get to it.
The original plan was to save the passphrase in the local storage only for accounts with a balance of less than 10K NXT, and we can also make this limit configurable.
But this does not take into account asset value and other holdings. I guess it's better than nothing.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #29 on: October 31, 2016, 12:03:27 pm »

Maybe it's a GUI bug, but "assets value" in the main dashboard window shows "0".

Calculating the asset value for account with many assets was identified as a performance problem.
Therefore we now only do it ones when you load the client and not every 30 seconds like it used to be.
Under which circumstances do you see the 0 balance?

I always see the "0". Maybe problem is, that it is not updated every 30 seconds, just one time during loging in.

Works for me, please PM your account id
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

toenu

  • Full Member
  • ***
  • Karma: +52/-1
  • Offline Offline
  • Posts: 231
    • View Profile
Re: NRS v1.11.0e
« Reply #30 on: October 31, 2016, 12:29:06 pm »

The concern is of course someone getting access (physical or otherwise) to one's device and reading the browser's local storage, which is trivial to do. It's the same as storing it in a clear text file, but after logging in once the user might not even be aware his passphrase is lying around unencrypted on disk... I hope this isn't going to cause any problems.

Perhaps a better way is to save the passphrase only for the session and keep only the account ID permanently. Downside is of course you always have to supply the pass for forging

Is it really trivial to read the device browser local storage?
At least the data saved in disk and memory should be encrypted in most modern browsers.
You'll have to take control over the webview component and development tools while connected to the NXT client in order to steal the passphrase.
Can you do that without root access to the device?

The alternative is that users constantly copy/paste or QR scan the passphrase which opens the door for copy/paste or camera hacking which is not less dangerous.
Steal I don't recommend to store the passphrase of a high balance account on the device.

Browsers don't encrypt local storage by default. What would they encrypt it with, unless the user has some sort of master password? An attacker only needs file system access.

I tried to find where it is stored on disk - chromium on ubuntu stores it's in the folder ~/.config/chromium/Default/Local Storage, where for each website there is an unencrypted SQLite DB. Retrieving it is as simple as opening it with an SQLite browser: http://i.imgur.com/wIHjzhI.png
For other browsers/OS it will be similar.

This appears a great risk, as these files may lay around indefinitely without the user knowing it (and closing tabs is probably more common than logging out)

I agree, the local storage data is not encrypted just obfuscated, still you need to hack into the workstation or device itself to get to it.
The original plan was to save the passphrase in the local storage only for accounts with a balance of less than 10K NXT, and we can also make this limit configurable.
But this does not take into account asset value and other holdings. I guess it's better than nothing.

Another way could be to clear the pass from storage on window close event, unless the user has set something like "keep passphrase in local storage" on the settings page, which by default is false. If the user comes back and the passphrase was cleared, log him in with account ID only.
Logged

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: NRS v1.11.0e
« Reply #31 on: November 01, 2016, 10:05:55 pm »

Awesome updates, thanks for the work!

apenzl

  • Hero Member
  • *****
  • Karma: +246/-10
  • Offline Offline
  • Posts: 2493
    • View Profile
    • Nxter.org
Re: NRS v1.11.0e
« Reply #32 on: November 01, 2016, 11:26:53 pm »

Echo that ^ !!!

Will this beautiful (atm BETA) mobile client be available to use for all Ardor childchains too?

Coradan

  • Full Member
  • ***
  • Karma: +21/-3
  • Offline Offline
  • Posts: 206
    • View Profile
Re: NRS v1.11.0e
« Reply #33 on: November 02, 2016, 08:33:01 am »

Sorry, but the ionic view ID ec170f70 is wrong.  It does not work...

Could you give the right one?

Well done! And Thanks a lot...
Logged
One more thing: NXT
http://www.nxt.cool

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #34 on: November 02, 2016, 09:19:06 am »

Sorry, but the ionic view ID ec170f70 is wrong.  It does not work...

Could you give the right one?

Well done! And Thanks a lot...

It appears that you need to register at http://ionic.io/ with your email then PM me your email so that I can share the app with you.
I'll update the instructions.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

cryptomommy

  • Jr. Member
  • **
  • Karma: +3/-0
  • Offline Offline
  • Posts: 26
    • View Profile
Re: NRS v1.11.0e
« Reply #35 on: November 05, 2016, 12:39:02 pm »

Desktop Windows 10 - Browser wallet is working; however desktop loads blue background and nothing else. testing mobile now :)
Logged
"Those who danced were thought to be quite insane by those who could not hear the music"

galeki

  • Full Member
  • ***
  • Karma: +16/-2
  • Offline Offline
  • Posts: 228
    • View Profile
Re: NRS v1.11.0e
« Reply #36 on: November 05, 2016, 12:43:29 pm »

Desktop Windows 10 - Browser wallet is working; however desktop loads blue background and nothing else. testing mobile now :)

Same here(Win10). Need 'Refresh Wallet' manually every time to show the desktop wallet.
Logged

cryptomommy

  • Jr. Member
  • **
  • Karma: +3/-0
  • Offline Offline
  • Posts: 26
    • View Profile
Re: NRS v1.11.0e
« Reply #37 on: November 05, 2016, 01:04:48 pm »

For the mobile app - Dashboard works like a charm - navigation fly to the left stops working if you go into any of the other nav options though making it impossible to use. This is going to be very exciting once it is fully functional - should send data over https be selected by default?
Logged
"Those who danced were thought to be quite insane by those who could not hear the music"

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #38 on: November 05, 2016, 05:42:08 pm »

Desktop Windows 10 - Browser wallet is working; however desktop loads blue background and nothing else. testing mobile now :)

Same here(Win10). Need 'Refresh Wallet' manually every time to show the desktop wallet.

This should be fixed in the next release
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #39 on: November 05, 2016, 05:50:34 pm »

For the mobile app - Dashboard works like a charm - navigation fly to the left stops working if you go into any of the other nav options though making it impossible to use. This is going to be very exciting once it is fully functional - should send data over https be selected by default?

Please explain exactly the steps to reproduce this. For me the left pane navigation always works when clicking the 3 horizontal lines buttons to show and hide it.

Regarding Https, the ajax connection from the webview to remote nodes cannot use Https with a self signed certificate like most of the remote nodes currently implement.
Therefore selecting random Https node does not work. Currently if you need Https you need to make sure you have a CA certified certificate on the remote node and configure the connection manually from the app using the mobile settings modal.

What I can try to do is for each remote Https node, attempt to connect and identify the specific failure on self signed certificate and ignore these nodes. Will try to implement for the next release.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

cryptomommy

  • Jr. Member
  • **
  • Karma: +3/-0
  • Offline Offline
  • Posts: 26
    • View Profile
Re: NRS v1.11.0e
« Reply #40 on: November 07, 2016, 12:43:17 pm »

For mobile navigation the three bar button works however swiping the menu away stops working. Very minor.

Sent from my LGUS990 using Tapatalk

Logged
"Those who danced were thought to be quite insane by those who could not hear the music"

Nexxie

  • Full Member
  • ***
  • Karma: +6/-2
  • Offline Offline
  • Posts: 124
    • View Profile
Re: NRS v1.11.0e
« Reply #41 on: November 11, 2016, 06:11:39 pm »

Desktop application in MAC OS is non-functional. 

The browser application works fine though.

Hi

Where did you get a working browser application?

Thanks
Logged

Seccour

  • Sr. Member
  • ****
  • Karma: +68/-15
  • Offline Offline
  • Posts: 380
    • View Profile
Re: NRS v1.11.0e
« Reply #42 on: November 11, 2016, 08:17:52 pm »

The concern is of course someone getting access (physical or otherwise) to one's device and reading the browser's local storage, which is trivial to do. It's the same as storing it in a clear text file, but after logging in once the user might not even be aware his passphrase is lying around unencrypted on disk... I hope this isn't going to cause any problems.

Perhaps a better way is to save the passphrase only for the session and keep only the account ID permanently. Downside is of course you always have to supply the pass for forging

Is it really trivial to read the device browser local storage?
At least the data saved in disk and memory should be encrypted in most modern browsers.
You'll have to take control over the webview component and development tools while connected to the NXT client in order to steal the passphrase.
Can you do that without root access to the device?

The alternative is that users constantly copy/paste or QR scan the passphrase which opens the door for copy/paste or camera hacking which is not less dangerous.
Steal I don't recommend to store the passphrase of a high balance account on the device.

Browsers don't encrypt local storage by default. What would they encrypt it with, unless the user has some sort of master password? An attacker only needs file system access.

I tried to find where it is stored on disk - chromium on ubuntu stores it's in the folder ~/.config/chromium/Default/Local Storage, where for each website there is an unencrypted SQLite DB. Retrieving it is as simple as opening it with an SQLite browser: http://i.imgur.com/wIHjzhI.png
For other browsers/OS it will be similar.

This appears a great risk, as these files may lay around indefinitely without the user knowing it (and closing tabs is probably more common than logging out)

I agree, the local storage data is not encrypted just obfuscated, still you need to hack into the workstation or device itself to get to it.
The original plan was to save the passphrase in the local storage only for accounts with a balance of less than 10K NXT, and we can also make this limit configurable.
But this does not take into account asset value and other holdings. I guess it's better than nothing.

Another way could be to clear the pass from storage on window close event, unless the user has set something like "keep passphrase in local storage" on the settings page, which by default is false. If the user comes back and the passphrase was cleared, log him in with account ID only.

Agree with that. And you should inform the user that the passphrase is stored un-encrypted ( and possibly accessible by an attacker ) on the computer if he select to keep it in local storage.
Logged
SecFund : 9125535795764729261 (Asset ID)

VanBreuk

  • Administrator
  • Hero Member
  • *****
  • Karma: +362/-19
  • Offline Offline
  • Posts: 2772
    • View Profile
Re: NRS v1.11.0e
« Reply #43 on: November 12, 2016, 03:31:42 am »

Desktop application in MAC OS is non-functional. 

The browser application works fine though.

Hi

Where did you get a working browser application?

Thanks

The zip package in every release (the "Download for Linux" link at https://nxt.org/download ) works as multi-platform release. Instead of running the desktop application you run the Nxt server in a terminal window, and access the wallet using your web browser, locally.

I don't use a mac, but as far as I know if you have Java 8 installed you need to grab the zip, uncompress, and open a terminal window inside of that folder. Then execute the server with run.sh, and once you see a message saying that the Nxt Server has been started successfully just open a web browser to http://localhost:7876
Logged
GPG Fingerprint: B020 D1C1 F289 3B2C 3577  9EAD 455D D175 5913 C7F1

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #44 on: November 12, 2016, 10:26:32 am »

You need to refresh the desktop application from the system tray once. Fixed for the next release
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1793
    • View Profile
Re: NRS v1.11.0e
« Reply #45 on: November 12, 2016, 10:28:46 am »

In the next release we only store the passphrase on the device for the mobile. There is a setting which controls this, turned off by default for the desktop wallet and web wallet
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

box1413

  • Hero Member
  • *****
  • Karma: +101/-4
  • Offline Offline
  • Posts: 687
    • View Profile
Re: NRS v1.11.0e
« Reply #46 on: November 23, 2016, 04:45:05 pm »

Someone can answer this in detail if possible. Add in wallet images of the app to increase expose. http://bitcoin.stackexchange.com/questions/38768/which-altcoins-have-their-own-mobile-friendly-wallet-created-by-the-core-devs
Logged
Pages: 1 2 3 [All]
 

elective-stereophonic
elective-stereophonic
assembly
assembly