Logged Conversation (all times UTC)
[00:14] <everettForth> Hmm, I had some transactions have status "success" and result message "Path could not send partial amount."
[00:26] <andrewstellar> at the time you submitted the transaction, did it return tesSUCCESS?
[00:28] <everettForth> oh no, it's tecPATH_DRY
[00:28] <everettForth> which would mean his trust line wasn't set I guess, though it is now.
[00:30] <everettForth> yeah, I just reprocessed a failed transaction, and it went through. His trust line must not have been set somehow
[00:32] <andrewstellar> an important thing to remember is that those transactions will be applied/forwarded, which means they'll take a sequence number
[00:33] <andrewstellar> not sure what your payments infrastructure looks like, or what stack you're running, but we've added a nodejs library to help process payments https://github.com/stellar/stellar-payments
[00:33] <andrewstellar> still doesn't have multi currency support but i'll be adding that today
[00:35] <everettForth> I don't know what you mean by applied / forwarded
[00:36] <andrewstellar> it means that the transaction is still applied to the ledger
[00:36] <andrewstellar> so your account's sequence number is incremented
[00:36] <everettForth> the user never received any XDG for that transaction. Yes, the transaction is viewable in the ledger
[00:37] <everettForth> I'm not doing anything with sequence numbers. should I be?
[00:37] <andrewstellar> yeah, the transaction won't have any effect, but stellard will still claim a fee and use up a sequence number
[00:37] <everettForth> I use the marker to scan for last transactions, but only on incoming transactions
[00:38] <everettForth> Oh i see, so I lost 10 microstellars
[00:38] <everettForth> so I don't want to keep trying billions of times, or I'll lose fees
[00:38] <andrewstellar> so a good practice is to sign your transactions first and then submit the transaction blob to stellard
[00:39] <andrewstellar> i'm still need to write up a "robust payment processing" guide, but that's basically what my node library is doing
[00:39] <everettForth> wouldn't I still get the path dry error, and be charged a fee?
[00:41] <everettForth> hmm, the stellar client has some way of checking paths before it sends transactions. That's probably a smarter way than attempting to send a transaction without checking if there is a path first.
[00:41] <andrewstellar> yes, but when you're signing and then submiting, you need to keep track of your sequence number locally. and when you receive a "tec..." error, you need to still increment your sequence number (as opposed to a tef... or a tem... error where it would not be applied and just rejected
[00:42] <andrewstellar> but in your case, you're just relying on the submit payment RPC call which signs with your current seuqnece number for you, so you dont need to worry about that
[01:21] <joyce_> We are getting requests from people doing stellar integrations for referrals to software developers who they can hire on contract to help with their stellar integrations. All kinds of stacks. If anyone is interested in this kind of work, can you email me so I can pass along your info? You can email me joyce@stellar.org
[01:40] <everettForth> hi joyce_ I might be interested, sending you an email
[01:59] <joyce_> ok cool
[05:01] <joyce_> Scott's blog post on the technical details of wallet v2 is on the homepage of hackernews ya'all - great post Scott!
[07:22] <Vinnie_win> nite
[16:25] <Vinnie_win> Morning
[17:53] <NwS> Heya, anyone else can't login?
[18:26] <joyce_> I am able to log in - whats happening for you?
[20:18] <andrewstellar> hello world
[20:35] <Eridius> Who's responsible for the Helpdesk articles? I just looked at the "How Can I Create A Strong Password?" one since it was linked in the email newsletter, and I'm concerned that it's actually promoting insecure passwords
[20:36] <Eridius> specifically, the whole idea of taking an english phrase and trying to mutate it to produce the given "C0ffeemaKesmeHap>y!" is actually not particularly secure
[20:36] <Eridius> it may have been good a while ago, but these days password crackers are extremely good at doing exactly that kind of permutation
[20:37] <Eridius> I'd very strongly advise that the number one recommendation be to use a password vault's built-in functionality to randomly generate a password
[20:38] <Eridius> and the "at least 8 characters long" advice is a bit weak as well. Shorter than 8 characters would be horrifically insecure, but 8 characters is also still reasonably insecure (especially when combined with the idea permuting an english phrase)
[20:38] <Eridius> And in the examples of passwords, "serendipity1984" and "sunsetm3lody" are both horrifically insecure passwords as well
[20:52] <Eva_> Hi AMEridius,
[20:52] <Eva_> I wrote the article (as well as most of the others on the helpdesk) - nice to meet you, and thanks for the feedback!
[20:52] <Eva_> I agree with you that password vaults are the best option for users, but my concern is that many folks in our userbase won’t be inclined to actually use them. I want to give people multiple options that can suit them.
[20:52] <Eva_> I would love to talk to you more about potential improvements and revisions to the article. Maybe putting the vault option as #1, and then explaining what else can be done?
[20:52] <Eva_> As for the example pw’s of good (not great) passwords, I ran them through microsoft’s password security checker, and it deemed them mid-level strong. https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx
[20:52] <Eva_> I did run the article by a few of my infosec friends, and they vetted it, but I would love to make it even better. Feel free to email me at eva@stellar.org with your suggestions!
[20:52] <Eridius> Eva_: thanks for the response. I don't trunst arbitrary password strength checkers. They're always ad-hoc with varying sets of rules, that almost never correspond to the actual difficulty of cracking the password using modern password cracking techniques
[20:53] <Eridius> I recognize that a lot of people don't use password vaults, though they really should.
[20:53] <Eva_> Absolutely - I'd like to create a pw article that both meets non-technical users where they're at, and teaches extra-safe practices to folks who want to go deeper.
[20:56] <Eridius> By far the best suggestion is "use a password vault, have it generate a random password for you of at least 12 (ideally more) characters"
[20:58] <Eridius> incidentally, XKCD's old comic about password strenght (http://xkcd.com/936/) was good advice when it came out, but not so much anymore. Password crackers have adapted to trying that technique
[20:58] <Eridius> Eva_: I recommend reading this article by Bruce Schneier: https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
[20:59] <Eridius> (and perhaps even linking to it from the Helpdesk article)
[21:02] <Eva_> @eridius a friend linked me to that article recently, too :) I'll take a look, and likely will link it. Thank you! I think what I'll end up doing is leading off with "use a pw vault, generate random pws" and then follow up with advice for folks who don't do that.
[21:06] <Eridius> Eva_: sounds good. Just make sure that any passwords you suggest as "okay" or "good" are actually at least mildly secure :)
[21:50] <Eva_> @eridius would you say that the only "okay" or "good" pws are randomly generated?
About StellarVerse IRC Logger
StellarValue IRC Logger
is part of