Done. I also removed several unused wikis on our github repos.biolizard89 wrote:I would love to, except https://github.com/namecoin/namecore doesn't have the issue tracker enabled. @phelix, can you enable it?domob wrote:Should be easy to do. Mind opening a ticket against namecore? I'm travelling right now, but probably can fix this later in the week.biolizard89 wrote:Would be nice if Namecoin Core would refuse to answer name_show queries if the blockchain is incomplete. I've gotten a number of support requests about that in the past year. See https://github.com/namecoin/namecoin/issues/124 .phelix wrote:Is it possible that your namecoind was not synced all the way at the beginning and then catched up? The elpais.bit name currently does not have an IP address in the value. It did some time ago, though.
NMControl-Hyperion
Re: NMControl-Hyperion
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: NMControl-Hyperion
Okay, I've filed an issue. https://github.com/namecoin/namecore/issues/2
Re: NMControl-Hyperion
2015-03-17
* It now uses the new experimental API server https://api.namecoin.org by default. This means it works without a Namecoin client running locally. Note that we could track your requests and IP address.
* Installer can now configure your system to automatically start NMControl on startup
Obviously asking the API server for name data is not very secure and private in comparison to running a local full node.
* It now uses the new experimental API server https://api.namecoin.org by default. This means it works without a Namecoin client running locally. Note that we could track your requests and IP address.
* Installer can now configure your system to automatically start NMControl on startup
Obviously asking the API server for name data is not very secure and private in comparison to running a local full node.
Re: NMControl-Hyperion
After doing this
Is this normal?
I tried the last release on w7 and still it stops resolving dns at random times, i'm starting to think maybe one of the trackers that utorrent queries gives back bad dns info. Or there may be problems when the connection is dropping packets.
Code: Select all
C:\Users\user>nslookup feens.bit
Server: UnKnown
Address: 127.0.0.1
Name: feens.bit
Address: 192.185.225.13
C:\Users\user>nslookup terra.es
Server: UnKnown
Address: 127.0.0.1
Name: terra.es
Addresses: 2604:600:0:aaaa:208:84:244:10
208.84.244.10
C:\Users\user>nslookup yahoo.com
Server: UnKnown
Address: 127.0.0.1
Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24
C:\Users\user>nslookup yahoo.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 127.0.0.1
DNS request timed out.
timeout was 2 seconds.
I tried the last release on w7 and still it stops resolving dns at random times, i'm starting to think maybe one of the trackers that utorrent queries gives back bad dns info. Or there may be problems when the connection is dropping packets.
Code: Select all
Lookup: {'query': '', 'domain': 'bter.com', 'src_addr': ('127.0.0.1', 53301), 'qtype': 1, 'qclass': 1}
Fetching IP Address for: bter.com with NS Server: 8.8.8.8
* result: [{'name': 'bter.com', 'data': '141.101.121.208', 'typename': 'A', 'classstr': 'IN', 'ttl': 16, 'type': 1, 'class': 1, 'rdlength': 4}]
Lookup: {'query': '', 'domain': 'bter.com', 'src_addr': ('127.0.0.1', 63316), 'qtype': 1, 'qclass': 1}
Fetching IP Address for: bter.com with NS Server: 8.8.8.8
* result: [{'name': 'bter.com', 'data': 'bter.com.cdn.cloudflare.net', 'typename': 'CNAME', 'classstr': 'IN', 'ttl': 300, 'type': 5, 'class': 1, 'rdlength': 29}, {'name': 'bter.com.cdn.cloudflare.net', 'data': '141.101.121.208', 'typename': 'A', 'classstr': 'IN', 'ttl': 300, 'type': 1, 'class': 1, 'rdlength': 4}, {'name': 'bter.com.cdn.cloudflare.net', 'data': '141.101.121.207', 'typename': 'A', 'classstr': 'IN', 'ttl': 300, 'type': 1, 'class': 1, 'rdlength': 4}]
Lookup: {'query': '', 'domain': 'tracker.openbittorrent.com', 'src_addr': ('127.0.0.1', 53738), 'qtype': 1, 'qclass': 1}
Fetching IP Address for: tracker.openbittorrent.com with NS Server: 8.8.8.8
Lookup: {'query': '', 'domain': 'tracker.openbittorrent.com', 'src_addr': ('127.0.0.1', 53738), 'qtype': 1, 'qclass': 1}
Fetching IP Address for: tracker.openbittorrent.com with NS Server: 8.8.8.8
Lookup: {'query': '', 'domain': 'tracker.openbittorrent.com', 'src_addr': ('127.0.0.1', 53738), 'qtype': 1, 'qclass': 1}
Fetching IP Address for: tracker.openbittorrent.com with NS Server: 8.8.8.8
Lookup: {'query': '', 'domain': 'tracker.openbittorrent.com', 'src_addr': ('127.0.0.1', 53738), 'qtype': 1, 'qclass': 1}
Fetching IP Address for: tracker.openbittorrent.com with NS Server: 8.8.8.8
Last edited by johnc on Fri Apr 17, 2015 4:02 pm, edited 1 time in total.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: NMControl-Hyperion
I would strongly oppose automatically using the API server unless the user has explicitly opted in.phelix wrote:2015-03-17
* It now uses the new experimental API server https://api.namecoin.org by default. This means it works without a Namecoin client running locally. Note that we could track your requests and IP address.
* Installer can now configure your system to automatically start NMControl on startup
Obviously asking the API server for name data is not very secure and private in comparison to running a local full node.
Re: NMControl-Hyperion
A smooth user experience is important imho, e.g. it would be bad if things would not work because the user did not check a box. What about a confirmation of the warning in the installer or a warning page in the browser before the first server access (the second option would also work without the installer)?biolizard89 wrote:I would strongly oppose automatically using the API server unless the user has explicitly opted in.phelix wrote:2015-03-17
* It now uses the new experimental API server https://api.namecoin.org by default. This means it works without a Namecoin client running locally. Note that we could track your requests and IP address.
* Installer can now configure your system to automatically start NMControl on startup
Obviously asking the API server for name data is not very secure and private in comparison to running a local full node.
Re: NMControl-Hyperion
If there's SSL support, it should be disabled if using the API server. An *active* confirmation should be obtained before using the API server, and clicking "okay" does not count. Either make them type something in a box to confirm, or provide instructions for where to go in the UI. Make it clear that in addition to logging access, the server could spoof results arbitrarily.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: NMControl-Hyperion
+1. It is much worse for someone to get an API server's security properties when they didn't expect it, than for things to not load at all when they didn't expect it.ryanc wrote:If there's SSL support, it should be disabled if using the API server. An *active* confirmation should be obtained before using the API server, and clicking "okay" does not count. Either make them type something in a box to confirm, or provide instructions for where to go in the UI. Make it clear that in addition to logging access, the server could spoof results arbitrarily.
Re: NMControl-Hyperion
why?ryanc wrote:If there's SSL support, it should be disabled if using the API server.
In my eyes you are too paranoid here. What about the DNS servers we advertise? https://wiki.namecoin.info/index.php?ti ... it_domainsbiolizard89 wrote:+1. It is much worse for someone to get an API server's security properties when they didn't expect it, than for things to not load at all when they didn't expect it.ryanc wrote:If there's SSL support, it should be disabled if using the API server. An *active* confirmation should be obtained before using the API server, and clicking "okay" does not count. Either make them type something in a box to confirm, or provide instructions for where to go in the UI. Make it clear that in addition to logging access, the server could spoof results arbitrarily.
If somebody just want's to try things your concerns are not relevant. For privacy you have to download the blockchain (or we have to enable tor in NMControl - btw I tried it already and it was easy, at least without requests).
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: NMControl-Hyperion
Who is "we"? I've never seen that wiki page before. https://bit.namecoin.org is, as far as I know, more official than a wiki page, and it currently lists NMControl and FreeSpeechMe (with a side note at the end that you can use 3rd party DNS, and it discusses the security implications). The disclosure of security properties on the wiki page you linked is near-nonexistent, and it would be irresponsible of us to endorse that wiki page as it currently is written.
Bottom line, we can't make assumptions about what our users need in terms of security. In the absence of evidence to the contrary, we should operate under the assumption that our users are not downloading Namecoin solely to "try things", whatever that means; they are downloading Namecoin to use it for browsing websites (some of which may have sensitive content and/or metadata), quite possibly because they've heard that Namecoin has better security/privacy than standard DNS. It is standard practice in the security community to force users to affirmatively demonstrate consent before the software does something unsafe.
(As an aside, we need to clean up the wiki content, for that and other reasons, but I'll save that for another thread.)
On a completely different note, I'm a little bit concerned that features in Hyperion aren't being submitted as PR's to NMControl upstream. That will happen, right?
Cheers.
Bottom line, we can't make assumptions about what our users need in terms of security. In the absence of evidence to the contrary, we should operate under the assumption that our users are not downloading Namecoin solely to "try things", whatever that means; they are downloading Namecoin to use it for browsing websites (some of which may have sensitive content and/or metadata), quite possibly because they've heard that Namecoin has better security/privacy than standard DNS. It is standard practice in the security community to force users to affirmatively demonstrate consent before the software does something unsafe.
(As an aside, we need to clean up the wiki content, for that and other reasons, but I'll save that for another thread.)
On a completely different note, I'm a little bit concerned that features in Hyperion aren't being submitted as PR's to NMControl upstream. That will happen, right?
Cheers.