Date   
Re: How to handle changing public IP address on the node for personal user

Stefano Franz
 

One slight subtlety - transactions do not actually depend on the IP address of the node, but the "advertised" p2pAddress, is looked up to open a flow session.

So a simple solution would be to make the p2pAddress config field an environment variable similar to:

p2pAddress: ${MY_P2P_ADDRESS}":10200"

then, in whatever you use to start the node, you can do a lookup of what your current public facing IP address is ( I use: curl ifconfig.me)  and set the environment variable similar to:

MY_P2P_ADDRESS=$(curl ifconfig.me)
./run-corda.sh

This will ensure that everytime you register with the network-map, you will be publishing the correct IP address.


From: corda-dev@groups.io <corda-dev@groups.io> on behalf of Bogdan Paunescu via Groups.Io <Bogdan.Paunescu@...>
Sent: 23 September 2019 23:49
To: corda-dev@groups.io <corda-dev@groups.io>
Subject: Re: [corda-dev] How to handle changing public IP address on the node for personal user
 
Hi,

It is a good question. But, the way I see it, "personal users" that are able to run a node should be "tech savvy" enough to know to have a fixed public IP address and change a line in the config file. 
However, changing the node.conf doesn't propagate the change across the network. Other peers will have no idea you're at a different address. But, for the sake of argument, let's say that a user insists on deploying a Corda node on a machine with a dynamic public IP. The user could register the node with a name instead of an IP and use a DDNS.

Bogdan

Re: How to handle changing public IP address on the node for personal user

Bogdan Paunescu
 

Hi,

It is a good question. But, the way I see it, "personal users" that are able to run a node should be "tech savvy" enough to know to have a fixed public IP address and change a line in the config file. 
However, changing the node.conf doesn't propagate the change across the network. Other peers will have no idea you're at a different address. But, for the sake of argument, let's say that a user insists on deploying a Corda node on a machine with a dynamic public IP. The user could register the node with a name instead of an IP and use a DDNS.

Bogdan

How to handle changing public IP address on the node for personal user

Avery Starr
 

Hi,

 

Transactions depend on the IP address of the node. But for the personal user at home or small office environment, their public IP address of any computer is not fixed. It is difficult to ask personal users who might not be tech savvy to always change the config file.

How do we handle dynamic IP addresses for personal users?

 

Many thanks,

Avery

Only about a month until CordaCon!

Mike Hearn
 

It's that time of year again - I just booked my flights to London for CordaCon 2019 (23rd-24th October), and so should you!


For those who haven't been before, CordaCon is a two day event: there's DevDay and BizDay. Last year I enjoyed both, especially hearing about the practical business use cases people are solving with Corda.

This year's DevDay is shaping up to have a particular focus on secure enclaves/SGX, but there's going to be plenty of interesting content whatever your focus. Some talks that I'll be trying to attend include:
  1. "Enabling the future of settlement" by Dave Ramsden from the Bank of England
  2. Bitcoin on Corda, by Roger Willis. Rog and I have been talking about this topic for years so I'll be interested to see what he comes up with.
  3. Managing private algorithms in SGX enclaves by Kubilay Ahmet Küçük, a research at the University of Oxford
  4. "Transforming Healthcare Operations with Blockchain", as I don't know much about the healthcare market
  5. Digital assets for device-to-device payments by Vodafone
  6. Zero knowledge tx verification by Matthijs van den Bos of ING
  7. Cordacity, a talk by Matt Layton of TradeIX on some of the API extensions he's been working on
But really, just check out the whole agenda on the website.

The videos will be posted online some time after the conference. Attendance is free, so see you there 🙂

Re: PyCorda: Python Node Analytics

Nitesh Solanki
 

I had tried to do same for node.js environment around 1 year back with some RC version of GraalVM where node.js client would directly talk to corda nodes over RPC without any proxy/binding layer.

code: https://github.com/nitesh7sid/cordapp-example-nodejs-server-graalvm


I guess
GraalPython should be able to at least import corda rpc library and talk to corda nodes directly.

 

Thanks

Nitesh

From: corda-dev@groups.io <corda-dev@groups.io> On Behalf Of Mike Hearn via Groups.Io
Sent: 20 September 2019 14:53
To: corda-dev@groups.io
Subject: Re: [corda-dev] PyCorda: Python Node Analytics

 

The core Graal tech is in production at Twitter, at least.

GraalPython specifically is still pretty new and isn't really production grade yet. However it may well suffice for the tasks you want to do.

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.

Re: PyCorda: Python Node Analytics

Mike Hearn
 

The core Graal tech is in production at Twitter, at least.

GraalPython specifically is still pretty new and isn't really production grade yet. However it may well suffice for the tasks you want to do.

Re: PyCorda: Python Node Analytics

Jamiel Sheikh
 

Thanks Mike, will explore Graal this weekend, last I looked at it was not production-grade but that may have changed now


On Mon, Sep 16, 2019 at 9:17 AM Mike Hearn via Groups.Io <mike=r3.com@groups.io> wrote:
Thanks Jamiel, looks good!

One thing you might want to play with is GraalPython. That would let you access the Corda APIs directly from an optimising Python 3 implementation that can use native modules.

https://github.com/graalvm/graalpython

Then you can use the vault query API, but direct query via JDBC and JPA would also work of course.



--
Jamiel Sheikh, CEO
54 W 40th Street
New York, NY 10018

Re: Need to know on network map

Mike Hearn
 

If you're looking primarily for signed transaction graphs without the rest of Corda, what you might want to investigate is just using the "core" module alone, without the node at all. This would be a currently unexplored approach, but a lot of the code in Corda and the node is really about building that peer to peer network and providing distributed governance in various ways. If you don't want that, it's all superfluous and will get in the way.

For the firewalls, R3's enterprise version of Corda has a component called "Corda Firewall" which is designed to solve firewall traversal issues - it's what's called a cryptographic firewall, i.e. it makes per connection allow/deny decisions based on the certificate and public key of the peer rather than IP address. Corda Firewall has enabled even very conservative organisations with complex firewalls to deploy a node, as the node itself can run behind the firewall with only a small set of components outside.

Still, the problem remains that Corda really wants to be a p2p network. Providing SOCKS proxies or running nodes for your customers is probably the way to go.

Re: PyCorda: Python Node Analytics

Mike Hearn
 

Sorry, by "Corda API" I meant the RPC API.

We might be able to support non-bytecode languages inside smart contracts one day using Truffle, yes. It'd mean a partial rewrite of the DJVM and of course, Corda would have to run on a JVM supporting Truffle. Today that means GraalVM which isn't quite the same as OpenJDK, but my understanding is that they're merging over time. Current OpenJDKs can run Truffle languages but, not at any kind of reasonable speed because the JIT compiler doesn't kick in for them.

Problem with proxy.startFlowDynamic

phuocsonhh@...
 

Hi everyone,

          I'm facing with proxy.startFlowDynamic.problem
          Related to https://github.com/corda/samples/tree/token-samples/non-fungible-token-dvp I issued the FiatCurrency in shell successfully with the command :
s
tart FiatCurrencyIssueFlow currency: USD, amount: 100000000, recipient: PartyC

But when I tried to issue in Web controller by
     proxy.startFlowDynamic(FiatCurrencyIssueFlow.class ,"USD", 10000, otherParty)
     it throw exception as be low
net.corda.core.CordaRuntimeException: net.corda.serialization.internal.amqp.IllegalCustomSerializerException: exception(java.lang.Throwable) -> Custom serializer net.corda.serialization.internal.amqp.custom.ThrowableSerializer registered to serialize non-custom-serializable type class net.corda.core.flows.IllegalFlowLogicException
I worked with Java , Corda 4.1 and token SDK-1.0

I searched everywhere but only found
https://r3-cev.atlassian.net/browse/CORDA-3043 but it isn't resolved yet and I'm not sure it is the problem I'm facing so if you have any experience to handle this issue , please help to tell me. Thanks in advance.

Best regards,
Son Huynh







Re: PyCorda: Python Node Analytics

Charles Monteiro
 

Or let’s put it another way when I had in the past asked You about using languages such as jruby or groovy to code smart contracts if I recall you stated that because the byte code generated and your notion of the deterministic Jvm that they would not be suitable 

So I wonder if it’s just the fact that a Lang can run on graal which groovy can , which will make corda accessible or is it also necessary that a language was built on Truffle e.g truffle ruby, truffle python implementation etc

Thanks for the feedback 

On Sep 16, 2019, 12:36 PM -0400, Charles Monteiro via Groups.Io <charles.monteiro@...>, wrote:
Mike 

would anything that runs on Graal enjoy the same benefits? Groovy , Jruby?

Thanks

Charles 
On Sep 16, 2019, 9:17 AM -0400, Mike Hearn via Groups.Io <mike@...>, wrote:
Thanks Jamiel, looks good!

One thing you might want to play with is GraalPython. That would let you access the Corda APIs directly from an optimising Python 3 implementation that can use native modules.

https://github.com/graalvm/graalpython

Then you can use the vault query API, but direct query via JDBC and JPA would also work of course.

Re: PyCorda: Python Node Analytics

Charles Monteiro
 

Mike 

would anything that runs on Graal enjoy the same benefits? Groovy , Jruby?

Thanks

Charles 

On Sep 16, 2019, 9:17 AM -0400, Mike Hearn via Groups.Io <mike@...>, wrote:
Thanks Jamiel, looks good!

One thing you might want to play with is GraalPython. That would let you access the Corda APIs directly from an optimising Python 3 implementation that can use native modules.

https://github.com/graalvm/graalpython

Then you can use the vault query API, but direct query via JDBC and JPA would also work of course.

Re: PyCorda: Python Node Analytics

Mike Hearn
 

Thanks Jamiel, looks good!

One thing you might want to play with is GraalPython. That would let you access the Corda APIs directly from an optimising Python 3 implementation that can use native modules.

https://github.com/graalvm/graalpython

Then you can use the vault query API, but direct query via JDBC and JPA would also work of course.

PyCorda: Python Node Analytics

Jamiel Sheikh
 

If you love analytics, please check out PyCorda (PyCorda.com), an experimental open source Corda node analytics framework for Python 3. Currently, PyCorda uses pandas DataFrames to wrap a node's database for querying. Works only with H2 and should be used only in dev at this moment. What do you think about it? Any suggestions for improvements?

Here's how quickly you can pull node data into Python:

import pycorda as pyc
url = 'jdbc:h2:tcp://localhost:55555/node'
username = 'sa'
password = ''
partyA = pyc.Node(url,username,password)
print(partyA.get_node_infos())

Results:

   NODE_INFO_ID                                     NODE_INFO_HASH  PLATFORM_VERSION         SERIAL
0             1  E5868B2E88D3970E2377916C4D34074971C907CA6B3D40...                 4  1568332664588
1             3  4FDDFBA5BA3C78A98376C1F9396B0607D5E8C200CFA83B...                 4  1568332660427
2             5  147A7E875EB2B5C6D1C955D7EAC337D4F37AED9372250C...                 4  1568332664726
3             7  5B2C3C91AAB0262C59C646A02AD10A25DE4661C5101BD4...                 4  1568332664602


I've also thrown in some charting, with a few lines,

plotter = pyc.Plotter(partyA)
plotter.vault_states_ts()
plotter.show()

You can get this beauty, which depicts the times two UTXOs were consumed:

image.png



--
Jamiel Sheikh, CEO
54 W 40th Street
New York, NY 10018

Re: How to disable command line for nodes

Christian Sailer
 

Hi Avery,

Have a look at the documentation for the shell at https://docs.corda.net/shell.html?highlight=shell#the-shell-via-the-local-terminal - the embedded shell only runs in devMode and can be disabled, the external shell talks to the node via RPC like any other client.

Cheers,

Christian

On 12/09/2019 03:35, Avery Starr via Groups.Io wrote:

Hi

 

Flows can be started by a protocol call like RPC or HTTP, or by command line directly on the node.

 

We want to disable the command line capability for the nodes so that all flows are managed by protocol calls. No node can secretly and manually  run flows from command line which could produce leaks that won’t be captured by the network management software.

 

Anyone has any idea of how to disable that?

 

Appreciate very much!

 

Avery

 

--
Christian Sailer | R3.
christian.sailer@... . www.r3.com

How to disable command line for nodes

Avery Starr
 

Hi

 

Flows can be started by a protocol call like RPC or HTTP, or by command line directly on the node.

 

We want to disable the command line capability for the nodes so that all flows are managed by protocol calls. No node can secretly and manually  run flows from command line which could produce leaks that won’t be captured by the network management software.

 

Anyone has any idea of how to disable that?

 

Appreciate very much!

 

Avery

 

Re: Signature contraints with a new signing cert

Sean
 

Thanks, Mike and James,
  Will look into AAR internally with Android devs.
  In the meantime, the workaround is - prior to the code signing cert expires, replace it by issuing a new cert with the same keypair.  Will give that a try.

\Sean 

Re: Need to know on network map

Avery Starr
 

Thanks Mike!

 

Our network is not a democratic network so we don’t have the philosophic issue of power struggle. The participants in the network are strictly managed and signed roles to play. We use both centralized application/server and Corda to take the advantage of both: the centralized application manages complicated business relationships, business processes, roles, and identity; the trading activity happen on Corda and therefore we gain the shared ledger and traceability.

 

Revealing IP would not be ok in our network as it is too easy to guess or to programmatically figure out the identity should there be bad actors in the network. We have banking accounts of our participants connected with the network too so we need to be very careful.

 

Regarding corporate firewalls, we could possibly request all nodes of the corporate participants being installed on a web server outside the firewall so we don’t have to worry about fighting with different versions of corporate firewalls. If we do that, the nodes will have to interact with each other on HTTP instead of RPC right? I recall Corda implemented HTTP too. Our current code is using RPC calls.  

 

So is there still anything in Corda we can leverage to implement our Private  Network Dispatcher? Or maybe we could take Corda’s Network Map and modify the code and make it fit in our scenario? If that is doable, what about future Corda upgrades? If that is not doable, how about we simply just develop a piece of software on our own that will feed each node the contact info of their counterparties on-demand? Is this approach going to break anything in Corda though so it will give us headache when Corda updates in the future?  

 

 

 

From: corda-dev@groups.io <corda-dev@groups.io> On Behalf Of Mike Hearn via Groups.Io
Sent: Wednesday, September 11, 2019 4:48 AM
To: corda-dev@groups.io
Subject: Re: [corda-dev] Need to know on network map

 

If you're running your own network, you could initialise every node with a randomised Corda identity that gives away nothing about who they are, e.g. is a UUID. Then you implement your own protocol (or flow) to resolve user input to that randomised identity. The resolution must return zero results if the user input is even slightly wrong, for the reasons discussed above, so your own notion of business identity would need to be constructed with that in mind (e.g. check digits, if using numbers).

The advantage of this approach is you don't need to modify Corda. The disadvantage is nodes can see how many participants exist in the network and their IP addresses, but wouldn't know who owns them. The mere existence of an IP address in the system may still reveal too much information for you though.

The problem with wanting to be compatible with corporate firewalls whilst still hiding possible IP addresses is, as JC observes, that some companies want to whitelist IP addresses in advance. This isn't compatible with being peer to peer and also not knowing who your peers are.

Another way to do it is as above, but with the addition of a VPN. Everyone VPNs to a central point you administer and is allocated an internal IP address, so IP ownership is secret and corporate firewalls can whitelist the VPN endpoints. The network map would still reveal the number of participants in the system but nothing else. You can fill it with dummy entries if you want to hide the size of the system.

At this point though, it may not be entirely clear what balance of power you're wanting to achieve. The central party would control all user interactions, would see all business relationships and could probably change node's public keys to impersonate them without anyone noticing. Availability would be identical to a centralised system. What powers do you want users to have in your system? Perhaps there's a more direct way to achieve it.

Re: Signature contraints with a new signing cert

James Brown
 

JAR signing will include a certificate as part of the signature, but the certificate it not used by Corda as part of the signature verification. 

The JAR will contain the code-signing certificate though, and any 3rd-party tools (such as Java jarsigner) will report the signature as being invalid when the certificate expires.

JARs can be signed with a timestamp authority (i.e. timestamp included in the signature) so that the JAR will still be valid even after the cert. expires. i.e. the verifier of the signature will know that the cert was valid at the time the signature was made, because of the timestamp. The next time something needs to be signed, issue (refresh) the code-signing certificate with the existing keypair. This is the approach R3 are taking with code-siging, with the keypair stored inside a HSM. This will ensure continuity of the keypair and will handle the certificate expiration.

Re: Signature contraints with a new signing cert

Mike Hearn
 

The JAR signing spec doesn't allow that unfortunately. It really should, but doesn't. We do it the same way as on Android - you generate a self signed cert and what the platform cares about is key continuity. The details in the cert don't matter because the goal isn't to tie a key to any particular real world identity, just to establish a timeline over upgrades. You can of course create a cert that chains to something and use it as if the cert did matter.

Actually the Android "AAR" format is better than the standard JAR signing approach. AAR = JAR + alternative signing mechanism. Perhaps one day we can move to using it.

If your company publishes Android apps then it will have already found ways to deal with this style of code signing. Maybe find some Android devs and ask how they manage things, policywise?