Jump to content
supersonic

Secret Key doesn't match public key

Recommended Posts

I'm not sure what your motive was. But preaching acceptance of my fate was not helpful to me at least.

I was trying to get a response from Ripple, but maybe they would prefer 3rd parties to speak up for them?

Share this post


Link to post
Share on other sites
15 minutes ago, yellowsubmarine said:

If it ever goes to court, then we find out. Seems like an expensive way to get clarity.

Please read the license that accompanies this software that you used. It is a standard license and I think there is some case law, I think. It is also not a common practice in software to do the same cryptographic operation twice just to check whether you got the correct result (at least not in production code).

But why don't you sue e.g. Apple for not implementing their browser correctly?

Users could (and should) do "due diligence" for themselves and check whether they can actually sign and submit transactions. I did this and many other people on this forum did this, too.

 

 

Share this post


Link to post
Share on other sites
Guest

So all the effort I put in to type those explanations that the fault is actually in the apple safari browser was a complete waste of my time then....   sigh.

I can only hope someone else reading understood it.

The problem with folk using public domain software, having a problem and then blaming the developers is that if you had your way nothing would ever get done as a public good because someone would always come along and misunderstand everything and then drag the innocent through courts.

Think about it...  ONLY Safari browsers have the problem....    how do you explain that?

Basically I now think you probably deserve to loose your money and then loose some more paying lawyers to find out what I already told you for free.  If I sound annoyed it's because no good deed goes unpunished.  I'm really out now...   :) 

Share this post


Link to post
Share on other sites

"Please read the license that accompanies this software that you used. It is a standard license and I think there is some case law, I think. It is also not a common practice in software to do the same cryptographic operation twice just to check whether you got the correct result (at least not in production code).

But why don't you sue e.g. Apple for not implementing their browser correctly?

Users could (and should) do "due diligence" for themselves and check whether they can actually sign and submit transactions. I did this and many other people on this forum did this, too."

I see that you are a moderator. Are you speaking as a representative for Ripple?

Is this Ripple's response?

 

Edited by yellowsubmarine

Share this post


Link to post
Share on other sites

"So all the effort I put in to type those explanations that the fault is actually in the apple safari browser was a complete waste of my time then....   sigh.

I can only hope someone else reading understood it."

I think that this was your real motive. To convince others reading this topic that it was all my fault really and everything is OK at Ripple, so don't let the XRP price fall.

Victim blaming won't help Ripple here.

Still no response from anyone at Ripple...

Edited by yellowsubmarine

Share this post


Link to post
Share on other sites
Guest

Your understanding of the world is severely lacking....   you think because a moderator of something called XRPChat comes along he is an official rep of Ripple???    How do people get on in the world with so little understanding of what they are doing and where they are doing it...

My motive was entirely pure...  and now I think it's laughable that you seem to be under the impression that your foolishness will have an effect on anyone other than yourself.  I'm hoping you pursue Ripple to the ends of the earth...  and that it costs you a fortune to do so....  and then you find that it is exactly as I said...  you were barking up the wrong tree.   Go for it mate.   :) 

Share this post


Link to post
Share on other sites
17 minutes ago, yellowsubmarine said:

I see that you are a moderator. Are you speaking as a representative for Ripple?

No. 

17 minutes ago, yellowsubmarine said:

Is this Ripple's response?

No.

Share this post


Link to post
Share on other sites
12 minutes ago, Tinyaccount said:

Your understanding of the world is severely lacking....   you think because a moderator of something called XRPChat comes along he is an official rep of Ripple???    How do people get on in the world with so little understanding of what they are doing and where they are doing it...

My motive was entirely pure...  and now I think it's laughable that you seem to be under the impression that your foolishness will have an effect on anyone other than yourself.  I'm hoping you pursue Ripple to the ends of the earth...  and that it costs you a fortune to do so....  and then you find that it is exactly as I said...  you were barking up the wrong tree.   Go for it mate.   :) 

"Your understanding of the world is severely lacking."

You don't know anything about me.

"you think because a moderator of something called XRPChat comes along he is an official rep of Ripple???"

I know that David Schwartz (aka JoelKatz) has posted on this very thread. I know that he hasn't replied to me yet.

"My motive was entirely pure... I'm hoping you pursue Ripple to the ends of the earth...  and that it costs you a fortune to do so...." 

An outburst like that belies your claims of a pure motive. It won't cost me anything. I've got nothing to lose. Ripple on the other hand...

Edited by yellowsubmarine

Share this post


Link to post
Share on other sites
28 minutes ago, yellowsubmarine said:

"So all the effort I put in to type those explanations that the fault is actually in the apple safari browser was a complete waste of my time then....   sigh.

I can only hope someone else reading understood it."

I think that this was your real motive. To convince others reading this topic that it was all my fault really and everything is OK at Ripple, so don't let the XRP price fall.

Victim blaming won't help Ripple here.

Still no response from anyone at Ripple...

I guess you somehow don't grasp the idea of free and open-source software. You somehow assume that you as a "customer" have some extra rights or something. If authors of such software could be successfully sued for any damage because of bugs, then probably no one would release any software for free and under an open-source license.

Equifax was hacked because of a bug in Apache Struts. Did Equifax sue Apache Software Foundation?

I'm not claiming everything was ok. But using a wallet that wasn't maintained for years (Jatchilli's wallet) and didn't have enough test coverage, should somehow raise some big red flags.

Share this post


Link to post
Share on other sites
25 minutes ago, T8493 said:

I guess you somehow don't grasp the idea of free and open-source software. You somehow assume that you as a "customer" have some extra rights or something. If authors of such software could be successfully sued for any damage because of bugs, then probably no one would release any software for free and under an open-source license.

Equifax was hacked because of a bug in Apache Struts. Did Equifax sue Apache Software Foundation?

I'm not claiming everything was ok. But using a wallet that wasn't maintained for years (Jatchilli's wallet) and didn't have enough test coverage, should somehow raise some big red flags.

Not quite sure what point you are trying to make.

The bug is in ripple-lib, not Jatchili's wallet. Ripple-lib returns invalid keypairs, a black hole.

As David Schwartz (aka JoelKatz) said in May: "jatchili's minimal ripple wallet is a pretty thin wrapper around Ripple's ripple-lib distribution".

The bug is not in Jatchili's wallet, it's just a "pretty thin" wrapper.

He also helpfully pointed out that "it can generate cold wallets". How many people took that as a recommendation, I wonder. Didn't raise big red flags there apparently.

Where is JoelKatz anyway? It's quiet in here.

I'm not looking to attack any developer. I'm looking for a refund of my vanished XRP. Which isn't much, to be frank.

joelkatz.jpg

Share this post


Link to post
Share on other sites
Just now, yellowsubmarine said:

The bug is in ripple-lib, not Jatchili's wallet. Ripple-lib returns invalid keypairs, a black hole.

  • It is not clear whether it is a bug in ripple-lib and not in browser.
  •  Jatchilli's wallet could be "prudent" and check whether it can sign transactions with generated secret key.

 

Share this post


Link to post
Share on other sites
9 minutes ago, T8493 said:
  • It is not clear whether it is a bug in ripple-lib and not in browser.
  •  Jatchilli's wallet could be "prudent" and check whether it can sign transactions with generated secret key.

 

"Jatchilli's wallet could be "prudent" and check whether it can sign transactions with generated secret key"

As I said earlier, Ripple should have performed a check in ripple-lib. Because the consequences of returning an invalid keypair are devastating.

Ripple don't get to escape any obligations by blaming Jatchili for not working around bugs in Ripple code.

Maybe adding an at sign to @JoelKatz will bring him into the thread again.

Edited by yellowsubmarine

Share this post


Link to post
Share on other sites
11 minutes ago, yellowsubmarine said:

Ripple don't get to escape by pointing to the Jatchili (the open-source guy) for not working around bugs in their code.

It is not about "working around bugs in their code".

It is about "separation of concerns". Low-level function shouldn't be responsible for checking their result, especially if checking this results means that have to use other methods that are not directly relevant (e.g. if you want to check whether generated secret key works, you need to create another transaction, serialize it, sign it and then verify this signature).

You need to solve this problem at higher levels where you also know how to handle this problem if it arises.

Share this post


Link to post
Share on other sites
5 minutes ago, T8493 said:

It is not about "working around bugs in their code".

It is about "separation of concerns". Low-level function shouldn't be responsible for checking their result, especially if checking this results means that have to use other methods that are not directly relevant (e.g. if you want to check whether generated secret key works, you need to create another transaction, serialize it, sign it and then verify this signature).

You need to solve this problem at higher levels where you also know how to handle this problem if it arises.

I'm not sure who you are addressing your thoughts on software design to.

It's certainly not me.

Maybe @JoelKatz and the rest of his team should be having that discussion around a whiteboard.

Edited by yellowsubmarine

Share this post


Link to post
Share on other sites

From the license of ripple-lib:

Quote

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

So it's your fault that you didn't use the software in a correct way and resulted in a loss. Ripple will never refund you....

I think you can stop posting useless arguments to get back your XRP because it will never happen. If you think it is worth it you can sue Ripple.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...