Opinions regarding Grin

Hi everyone, I’m starting a new thread with the hope of getting community feedback on the issues and challenges facing Grin. Feel free to add your voice here. Keep in mind that this is not in any way just a solely ‘critique’ of Grin. Efforts must be taken to also mention what one feels is good about Grin.

To start things, The good things about Grin:

  • Developers must be commended for their hardwork and effort during the past 4 years. It’s almost completely unheard for a team to undertake a massive project such as this. This is a monumental task within itself and what makes this even more amazing is that the team did this with no reliance on co-operations and institutions. This cannot be overstated, must thanks a bunch to the developers for this amazing work which could disrupt an already disruptive technology advancement.

  • Recently, the council has begun measures to make the grin technocratic council more inclusive to the community.

Areas for improvement:
1. Security audit report:
+ Initial regular updates by Igno in April 2019
+ Lehnberg on the 7th May 2019 stating that the final report has been received and ‘Conservative estimate for the publication of the audit reports is ~ 4 weeks’.
+ Igno added a week later: ‘The more severe issues should be in 1.1.0. Then we should have about a month, perhaps 1.1.1 or so, to make sure we’re all good with respect to all those findings’.
+ Since then, 1.1.0 was released on the 6th of June, and 2.0.0 was released on the 1st of July. During the last 3 (Three) months since, not much was added. Most meetings have simply been posted with ‘no update’ and the only documented action taken was that ‘j01tz’ is tracking the issues. This has raised suspicion that the Grin council is hiding something from the community. I am not saying something sinister is happening, but this has alarm bells ringing everywhere.

Lets just hope that J01tz stays true to his comment on the 16th July 2019 ‘I expect this to wrap up in the next week or so (assuming hardfork is calm) so that we can complete the verification process. My goal by the next meeting is to have all fixes verified by coinspect and have target dates set for blog post/pr stuff’

  1. POW & ASIC changes: On the 26th June 2019, Tromp wrote the following: ‘Let’s start with our commitment to ASIC mfg: In our original commitment we committed to not make changes to primary pow “in the foreseeable future”. I want to make that more concrete now, specifically, that we commit to not making changes that take effect in less than 18 months. This gives ASIC mfg more confidence to invest in ASIC development.’ Since then, the grin team has given out conflicting information, stating a 6 monthly hardfork for the next 18 months specifically to keep ASICs at bay. Maybe I’m missing something here, but I’d appreciate it, if a member of the community can clarify this.

  2. What exactly are Layer1 contributing to the field, because, as far as the community is aware, they have not contributed anything. Questions about external involvement where raised on the gitter chat, but this was immediately shut down by the Grin council.

  3. What thought has Grin given towards grin being more adopted and used. With Grin forks coming out right, left and center (MWcoin/Bitgrin/EPIC), the community is concerned that at current pace, and lack of any discussion to satisfy adoption, these copy cats might one day surpass Grin. If there is one thing for sure, these copies lack any development skills but will aggressively market their project. Should they even get one major listing, they will easily surpass Grin and use those funds to hire more developers that could render Grin insignificant in the future.

Recommendations:

  • Stay awesome
  • Prior to undertaking additional tasks including the RFC, maybe focus on getting some of the issues that have been outstanding for months out of the way first
  • Avoid complacency, competition is developing and make no mistake about it, they have clearly marked and are targeting Grin is an enemy. It would be foolish for Grin to remain in wonderland and dismiss these threats even now
  • Aim towards increasing the community. Poloniex has offered 50% or so of their Grin transaction fees (approx 5 btc donated since Feb). Grin could take on more listings which would not only increase adoption but also potentially lead to hundreds of BTC that can be allocated towards Grin development (should exchanges contribute a percentage of their fee towards Grin development).
4 Likes

Since then, the grin team has given out conflicting information, stating a 6 monthly hardfork for the next 18 months specifically to keep ASICs at bay.

To my knowledge, there is no conflicting information. If you think there is, please provide quotes/sources and we can resolve them. The 4 hard forks have been planned since before mainnet launch. Those forks will be used to introduce consensus-changing improvements, as well as changes in the secondary PoW

What exactly are Layer1 contributing to the field, because, as far as the community is aware, they have not contributed anything.

I have never heard this concern before. Have you asked Layer1 directly what they are contributing?

With Grin forks coming out right, left and center (MWcoin/Bitgrin/EPIC), the community is concerned that at current pace, and lack of any discussion to satisfy adoption, these copy cats might one day surpass Grin.

Grin is the community. Or at least that is what it aims for. So if you think the project needs to do certain things or needs to start certain discussions, you are more than welcome to start on them.

2 Likes

[quote=“jaspervdm, post:2, topic:5650, full:true”]

To my knowledge, there is no conflicting information. If you think there is, please provide quotes/sources and we can resolve them. The 4 hard forks have been planned since before mainnet launch. Those forks will be used to introduce consensus-changing improvements, as well as changes in the secondary PoW

I will re-quote what Tromp said ‘Let’s start with our commitment to ASIC mfg: In our original commitment we committed to not make changes to primary pow “in the foreseeable future”. I want to make that more concrete now, specifically, that we commit to not making changes that take effect in less than 18 months. This gives ASIC mfg more confidence to invest in ASIC development.’

I have never heard this concern before. Have you asked Layer1 directly what they are contributing?

Will do, if a core developer and member of the Grin council can’t say what/if they have contributed, I will raise it up with them directly

Grin is the community. Or at least that is what it aims for. So if you think the project needs to do certain things or needs to start certain discussions, you are more than welcome to start on them.

I have just done so with starting this thread

By the way, thanks for the prompt reply @jaspervdm, great to know that the dev team are on ball with the community. I’d be very interested to hear your opinions about the security audit

1 Like

I think the point you mention about “keeping ASICs at bay” stems from confusion about how the block rewards are divided to allow GPU mining as well as ASIC mining. I think ASICs are intended to target the primary POW and this POW will not be affected by the planned forks – I think that is the commitment that @Tromp was giving. The secondary POW, which allows GPUs to mine, will be affected by the forks because it needs to change to prevent ASICs from muscling in on that POW and in so doing, eliminating GPUs’ ability to mine. @Tromp or somebody, please correct me if I’m wrong.

1 Like

Nice, that makes complete sense now. Thanks dude

1 Like

Maybe I am misunderstanding you, but I don’t see any conflicting information here. The commitment relates to the primary PoW (ASIC friendly), the hard forks will introduce changes to the secondary PoW (ASIC resistant).

I have just done so with starting this thread, obviously

Alright, but “how to increase Grin adoption” seems like a pretty big topic which might deserve its own thread, it might get snowed under here.

I’d be very interested to hear your opinions about the security audit

I don’t have anything interesting to say about it. Most devs working on the project were focussed on the hard fork. Now that that is over, things are moving forward with the audit report but I don’t have an ETA or anything like that to announce

3 Likes

I think you are right. There should be a thread about how to increase grin adoption.

“I hereby propose to accept Pull Request https://github.com/mimblewimble/grin/pull/2714
which preserves the planned phase out of C31 but puts all later phase outs, of C32 and beyond, on hold, and to replace the term “foreseeable future” in our primary PoW commitment at https://forum.grin.mw/t/cuckatoo31-im-mutability by the more specific term “next 18 months”.”

“[20190625 UPDATE] The proposal was accepted in today’s dev meeting.”
March 27, 2019 by, Tromp regarding the hold on cuckatoo32 PoW commitment.

1 Like

that’s what I said with regards to the primary, ASIC-friendy, PoW.

1 Like

Hi @Swizz_beatz, thanks for raising those concerns and encouraging the community to engage.

You are correct that the security audit reporting is an area for improvement.

Especially considering that:

  • transparency is critical for a project like Grin
  • community funds were used
  • the results of a security audit can potentially impact users

I’m hoping to add some clarity around security processes for Grin in an RFC https://github.com/mimblewimble/grin-rfcs/pull/13

This sets a public disclosure time of a maximum of 90 days which is more reasonable for a project like Grin (note that is for disclosure of single vulnerabilities, not entire audit reports).

I’d also like to point out that well-funded centralized projects can take several months to properly address audit reports. I think it’s pretty neat that a donation-based decentralized project was able to receive an audit of this quality, address the findings and ultimately share it with the community in a (somewhat) reasonable timeline.

Regarding the last audit, my understanding is that the core team has had it for about two months. This still gives us an opportunity to publish around the 90 day mark (though it depends on time available from the already spread thin core developers and the auditors- if there is one thing I’ve learned in crypto it is to not set hard dates).

The current status of the audit is “pre-remediation verification”. The core team needs to do a final review of the issues and fixes to make sure we are ready for verification from the auditors. I’m sure this will happen soon™. Everyone has been focused on a successful hardfork as @jaspervdm said. This will be discussed again tomorrow at the developer meeting.

From there the status will be “remediation verification” where the auditors will make sure any issues they raised were properly addressed. If a fix wasn’t effective or created another issue, another cycle happens of issue->fix->verify and the public report will be slightly delayed futher. I’ll do my best to communicate this to the community in that case.

Once all raised issues have been verified to be adequately addressed by the auditing team, the public reports will be compiled and jointly released by the Grin community and the auditing team. I’m happy to answer more questions on this process.

Moving forward I hope we can make Grin’s security processes more transparent to address the concerns you raised about the lack of updates and complacency- I think we are on the right track but still have more work to do.

4 Likes

I had been following Grin for a couple of months before I cottoned on to this … not sure it’s explicitly stated in one location (?)… Maybe we need to start a new thread called ‘Grin for Dummies’ for posting queries like this :grin: … (PS it has been previously observed that deeply embedded engineers may forget than ordinary mortals may not have the same evolved understanding of the subtleties of what seems patently obvious to them… :stuck_out_tongue_winking_eye:]

2 Likes

I am glad to see there has been some movement on trying to report back to the community about the security audit.

I expect that there are no serious issues still present since the hard fork. It was expected to be delivered within 90 days of the audit. That would have been next week. The devs may end up taking longer to give us the report of the first audit.

Unfortunately any delay in this will give the impression that there is something to hide. Really hope this will be wrapped up as soon as possible.

1 Like

Yea but it is understandable that they needed time to work on this audit. Keep in mind that coinspect asked for a few delays so I’m sure the report is a big one. It’s unfair to the devs to just bring this up again. They have made it clear that it is a top priority and I’m sure they will get it done. Let’s leave them to it peacefully.

Also thank you @joltz @tromp @jaspervdm. Much appreciated

A few quality of life improvement/suggestions from the non-techie user.

  1. An “official” GUI wallet would be nice. Or at least a wallet recommended or vetted by the council that has some GUI interface on it. Most non-techies don’t really want/like to deal with CLI. BEAM has a pretty nice GUI wallet. I really enjoy using that one over the GRIN CLI wallet.

  2. Ledger support of some kind would be nice. Lots of people have Ledgers and having some support on it might increase adoption. I know of at least a handful of people who would like to put GRIN on their Ledger devices but it isn’t supported. Might make people feel safer about where they stash their GRIN.

  3. Some effort to increase liquidity would be nice. Only a handful of exchanges support GRIN.
    Some day it would be nice where every merchant takes GRIN as payment but until that day comes, it would be nice to have some way to make moving/converting/buying/selling GRIN easier. I don’t know if the solution is more outreach to exchanges or working with more merchants to accept GRIN but it would be nice to have GRIN be more liquid. Liquidity would help get GRIN into the hands of more people and increase adoption/awareness.

These are just one non-developer’s suggestions.

6 Likes

Just wanted to say thanks for all the hard work on this!

2 Likes

i agree w u on all this good thinkin ken!!!

2 Likes

In full agreement with you on this as well

1 Like

Thanks Lorna but this thread is about Grin and not Epic. Can you confirm that your above replies are relevant to Grin and Grin alone?

1 Like

Yes, because this community should be aware that the ideas they thought are represented in grin are truly not.

In fact, the censorious response to this plea shows how things really work around here. Your users ask for things to happen, they don’t. The market provides. Instead of using the open source ethos in your favor to actually give users what they want, the answer is to try to prevent people from learning of a form of rust-based mimblewimble that won’t make you constantly poorer. I don’t think anyone is here to lose money, except perhaps those who already can afford to live on nothing?

The interests of those in the high priesthood do not coincide with those of the “community” in whose name you claim to rule. “Not invented here syndrome” is alive and well. Grin has put itself in the position of betamax vs vhs: as we saw in the 80s, then again in 90s and beyond with HD-DVD, the best technology that comes out first is not assured of ultimate victory.

We hear what you say, but we see what you do. Why not adapt positively to the presence of competition in the market, instead of trying to prevent people from seeing how some of the ideologically- rather than practically-motivated choices you made are now translating into marketplace failure.

What is grin anyway? At this point, it’s clear that everything is not as it seems. When even the captains are jumping ship, the rank and file won’t stump up a dime to fund the work, asic manufacturers refunding orders, community participation dwindling, price still losing… how is this success?

It’s time to ask users what they want vs assuming you know better. Because it looks like the market is telling you it’s time for a change but you don’t want to listen.

Epic Cash better represents the stated ideals of grin better than the original, which has unfortunately been hijacked by a “misguided but 100% convinced in their omniscience” minority whose off the wall ideas about basic fundamentals of money and human behavior, to speak nothing of basic economics have destroyed tens of millions of dollars in investor money already.

We are trying to extend an olive branch to the many wonderful people who are currently suffering under this ill-suited regime. This forum claims to be a place for honest discussion of the relevant issues in the marketplace for grin, which certainly include management disgruntledness, user dissatisfaction, hardware manufacturer abandonment, and a market price collapse.

If these are not relevant topics to discuss, what is this forum for?

Screenshotting in anticipation of the next deletion.