that’s what I said with regards to the primary, ASIC-friendy, PoW.
Hi @Swizz_beatz, thanks for raising those concerns and encouraging the community to engage.
You are correct that the security audit reporting is an area for improvement.
Especially considering that:
- transparency is critical for a project like Grin
- community funds were used
- the results of a security audit can potentially impact users
I’m hoping to add some clarity around security processes for Grin in an RFC https://github.com/mimblewimble/grin-rfcs/pull/13
This sets a public disclosure time of a maximum of 90 days which is more reasonable for a project like Grin (note that is for disclosure of single vulnerabilities, not entire audit reports).
I’d also like to point out that well-funded centralized projects can take several months to properly address audit reports. I think it’s pretty neat that a donation-based decentralized project was able to receive an audit of this quality, address the findings and ultimately share it with the community in a (somewhat) reasonable timeline.
Regarding the last audit, my understanding is that the core team has had it for about two months. This still gives us an opportunity to publish around the 90 day mark (though it depends on time available from the already spread thin core developers and the auditors- if there is one thing I’ve learned in crypto it is to not set hard dates).
The current status of the audit is “pre-remediation verification”. The core team needs to do a final review of the issues and fixes to make sure we are ready for verification from the auditors. I’m sure this will happen soon™. Everyone has been focused on a successful hardfork as @jaspervdm said. This will be discussed again tomorrow at the developer meeting.
From there the status will be “remediation verification” where the auditors will make sure any issues they raised were properly addressed. If a fix wasn’t effective or created another issue, another cycle happens of issue->fix->verify and the public report will be slightly delayed futher. I’ll do my best to communicate this to the community in that case.
Once all raised issues have been verified to be adequately addressed by the auditing team, the public reports will be compiled and jointly released by the Grin community and the auditing team. I’m happy to answer more questions on this process.
Moving forward I hope we can make Grin’s security processes more transparent to address the concerns you raised about the lack of updates and complacency- I think we are on the right track but still have more work to do.
I had been following Grin for a couple of months before I cottoned on to this … not sure it’s explicitly stated in one location (?)… Maybe we need to start a new thread called ‘Grin for Dummies’ for posting queries like this … (PS it has been previously observed that deeply embedded engineers may forget than ordinary mortals may not have the same evolved understanding of the subtleties of what seems patently obvious to them… ]
I am glad to see there has been some movement on trying to report back to the community about the security audit.
I expect that there are no serious issues still present since the hard fork. It was expected to be delivered within 90 days of the audit. That would have been next week. The devs may end up taking longer to give us the report of the first audit.
Unfortunately any delay in this will give the impression that there is something to hide. Really hope this will be wrapped up as soon as possible.
Yea but it is understandable that they needed time to work on this audit. Keep in mind that coinspect asked for a few delays so I’m sure the report is a big one. It’s unfair to the devs to just bring this up again. They have made it clear that it is a top priority and I’m sure they will get it done. Let’s leave them to it peacefully.
A few quality of life improvement/suggestions from the non-techie user.
An “official” GUI wallet would be nice. Or at least a wallet recommended or vetted by the council that has some GUI interface on it. Most non-techies don’t really want/like to deal with CLI. BEAM has a pretty nice GUI wallet. I really enjoy using that one over the GRIN CLI wallet.
Ledger support of some kind would be nice. Lots of people have Ledgers and having some support on it might increase adoption. I know of at least a handful of people who would like to put GRIN on their Ledger devices but it isn’t supported. Might make people feel safer about where they stash their GRIN.
Some effort to increase liquidity would be nice. Only a handful of exchanges support GRIN.
Some day it would be nice where every merchant takes GRIN as payment but until that day comes, it would be nice to have some way to make moving/converting/buying/selling GRIN easier. I don’t know if the solution is more outreach to exchanges or working with more merchants to accept GRIN but it would be nice to have GRIN be more liquid. Liquidity would help get GRIN into the hands of more people and increase adoption/awareness.
These are just one non-developer’s suggestions.
Just wanted to say thanks for all the hard work on this!
i agree w u on all this good thinkin ken!!!
In full agreement with you on this as well
Thanks Lorna but this thread is about Grin and not Epic. Can you confirm that your above replies are relevant to Grin and Grin alone?
Yes, because this community should be aware that the ideas they thought are represented in grin are truly not.
In fact, the censorious response to this plea shows how things really work around here. Your users ask for things to happen, they don’t. The market provides. Instead of using the open source ethos in your favor to actually give users what they want, the answer is to try to prevent people from learning of a form of rust-based mimblewimble that won’t make you constantly poorer. I don’t think anyone is here to lose money, except perhaps those who already can afford to live on nothing?
The interests of those in the high priesthood do not coincide with those of the “community” in whose name you claim to rule. “Not invented here syndrome” is alive and well. Grin has put itself in the position of betamax vs vhs: as we saw in the 80s, then again in 90s and beyond with HD-DVD, the best technology that comes out first is not assured of ultimate victory.
We hear what you say, but we see what you do. Why not adapt positively to the presence of competition in the market, instead of trying to prevent people from seeing how some of the ideologically- rather than practically-motivated choices you made are now translating into marketplace failure.
What is grin anyway? At this point, it’s clear that everything is not as it seems. When even the captains are jumping ship, the rank and file won’t stump up a dime to fund the work, asic manufacturers refunding orders, community participation dwindling, price still losing… how is this success?
It’s time to ask users what they want vs assuming you know better. Because it looks like the market is telling you it’s time for a change but you don’t want to listen.
Epic Cash better represents the stated ideals of grin better than the original, which has unfortunately been hijacked by a “misguided but 100% convinced in their omniscience” minority whose off the wall ideas about basic fundamentals of money and human behavior, to speak nothing of basic economics have destroyed tens of millions of dollars in investor money already.
We are trying to extend an olive branch to the many wonderful people who are currently suffering under this ill-suited regime. This forum claims to be a place for honest discussion of the relevant issues in the marketplace for grin, which certainly include management disgruntledness, user dissatisfaction, hardware manufacturer abandonment, and a market price collapse.
If these are not relevant topics to discuss, what is this forum for?
Screenshotting in anticipation of the next deletion.
yikes. maybe epic isn’t a good idea and doesn’t contribute anything to the economy (of ideas or otherwise).
This is a Grin platform. Not a platform for you to shill your own dev tax coin. Please go copy Grin again and create your own forum and discuss what you like there.
I’ve requested my account be deleted earlier today and my decision hasn’t changed. Not keen to get into lengthy discussions either but seeing as you have raised some valid points and this is a thread I started. I’m going to try to address them. Hopefully this will be my last post and you find it to your satisfication.
It totally is a relevant topic for discussion, I’m sure the moderators welcome such a contribution. Only reason for my questions asking if your involved with EPIC is because you mentioned a lot of things (Exchange listings, Utility payment system, etc) and I was confused if you were talking about Grin. Only after checking your previous posts did it dawn on me that you actually might have meant EPIC.
Management disgruntledness, user dissatisfaction, hardware abandonment and market price collapse are certainly some issues raised by the community. They have each been raised & shared by the community (myself included) through this forum and the community has begun to take action to address these concerns. The Grin council have also been supportive of any member doing what he or she feels is best regardless of the implications associated with said action.
Your post went completely against community guidelines & was rightfully removed
Grin actually encourages people to take any decision/action they see fit. Ever since bitcoin came out, we have had nothing but centralized projects (EPIC included) where marketing decisions are made solely by the project leaders while their respective communities are completely shut out of the process. It blatantly obvious that Grin’s model works in the interest of the community while I very much doubt the same can be said for EPIC (or the majority of shillcoins out there)
Unfounded statement. Please provide at least a single piece of evidence to back this claim. On the other hand, here is a list of your actions which convey a lot of Epic Cash’s ideals:
- You have just copy/pasted the Grin repository
- Your team has not even contributed a single line of code to Grin or Epic.
- Your team have taken active steps to hide the fact that Epic was hard-forked from Grin
- You never thanked/acknowledged the Grin team (whom’s hard work your plagiarised) except once by a saying ‘thanks’ only when you were called out by the community. It really made you look like fools. You’ve demonstrated this further by spreading false unfounded statements in your last few posts
- Your preaching about the wellbeing of the community while your team has implemented a ridiculous 8.88% DEVELOPER fee WHILE YOUR TEAM HASN’T DEVELOPED ANYTHING.
- You spy on this forum and try to take advantage from any discourse. Your quote of censorship & HD-DVD was taken out of context from their original posts & twisted to suit your agenda.
- You know full well that Grin is decentralized and thus take advantage in knowing that the Grin developer team cannot respond to your false-accusations. I’m at a loss of words to even try to convey how nauseous you make me feel.
It is clear that EPIC cash is a scam, with not an iota of principles and completely lacking in character & morals.
Your post is filled with nothing but FAKE NEWS
I will never even consider investing (more like wasting) a penny in such a terrible project and team.
Do you seriously have no shame? You must be taking us as complete fools & bigots! You, alongside your team and project really sets a new bar for how low humanity can get.
The reason I’m here is because you come in to our telegram and sow discord. Please don’t do that. It’s unfortunate that you are so riled up to lose your composure and comport yourself like this.
We will redeploy our grin-budgeted donations elsewhere, since our cooperation is clearly not desired. No need to delete your account, as we will refrain from further participation here.
Best of luck.
I didn’t even know you had a telegram. loooooolz
No very riled up at all. I actually enjoyed writing this post.
Hallelujah! Glad to see your imaginary co-operation and grin budgeted donation out the door. See ya
Seriously, me deleting my account is in no way associated with the likes of you. Shutting you down was actually a major reason for me NOT to delete my account.
I’m gonna miss you but although I won’t be on the forums, I’m gonna target you down in all social media’s and expose you & Epic as the scams you truly are.
Oops, why you ban me from telegram? So long for censorship/ hearing your community/ decentralization that you were preaching about minutes ago. Nonetheless, I wouldn’t expect anything more from you.
P.S. Don’t forget to screen shot these messages. Your gonna be seeing it a ton load in the future. I might as well do some screen shots myself to prove to the world that you are the true impersonation of all the bad things you’ve tried to label this Project/team/community
Farewell & see you soon
As someone who has believed in Grin for a long time now I am sad to say I am concerned.
I have just asked questions in the dev meeting regarding my concerns over the increase in hash rate and anomalies in mining.
I am shocked that the team are behaving like “move a long here there is nothing to see”
One of my favourite fantasy series is the Wheel of Time. There are characters that only speak the truth. The problem is that they choose to speak truth in a way for you to believe what you want.
I do not believe there were lies in any of the answers I received. The omissions in clarification worry me.
Not clear whats been going on.
Could you elaborate, what is in your eyes the problem with the increased hash rate, and what kind of response did you expect to receive in the dev meeting?
No one has explained, as far as I know, what happened here.
I think it is wrong to assume all is fine.
People have money invested in Grin.
If there is a serious flaw / issue it should be communicated to the community.
Something has happened.