Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Feb 28 2019 19:45
    @Arachnid banned @merkle_tree_twitter
  • Feb 17 2019 00:56
    @jpitts banned @Aquentson_twitter
  • Apr 09 2018 04:14
    @holiman banned @JennyJennywren_twitter
  • Oct 21 2017 19:12
    @Arachnid banned @Musk11
Micah Zoltu
@MicahZoltu
The spreadsheet linked previously has a tab for contacts it appears.
Kirill Pimenov
@kirushik

Yes; you either downgrade to pre-Constantinople versions (2.1.9-stable, 2.2.4-beta) — this is probably a worse idea, since you will lose some important improvements.
Or you wait for paritytech/parity-ethereum#10163 and paritytech/parity-ethereum#10164 to be released — will happen ASAP.

We're also going to push this update as critical again — which means that all mainnet parity nodes in default configuration will try to fetch this update via auto-updater.

Hudson Jameson
@Souptacular
Thanks @MicahZoltu
Kirill Pimenov
@kirushik
(Damn, local markdown ate version numbers in links — it's 2.2.7-stable and 2.3.0-beta)
ajlopez
@ajlopez
A new field to accounts giving the creation era could be added in a HF, previous ones have no such field, RLP encoding is untouched, no major problem
Kirill Pimenov
@kirushik
I want to restate — downgrading Parity to pre-Constantinople versions is a bad idea, we don't recommend that to anyone.
Theoretically it should even work, but we don't want to deal with that mess.
Just wait for your release and upgrade to the new release in your release track (stable/beta)
Matthew Halpern
@Matthalp
@Souptacular How often are EIPs audited by a third party before being selected for inclusion in a hard forks? If not, it may be a good idea to consider doing this in the future.
Péter Szilágyi
@karalabe
To be fair, this EIP was out in the open for almost a year
Micah Zoltu
@MicahZoltu
Yeah, this EIP had a lot of discussion from a lot of people.
Péter Szilágyi
@karalabe
That said, maybe it's not a bad idea to do some grants for more focused eyes
Martin Holst Swende
@holiman
There are no third parties which can audit eips. I mean, there's no outside person not already deep into ethereum that can audit an eip based on some general body of knowledge. It's quirks upon quirks
Péter Szilágyi
@karalabe
fair point
Martin Holst Swende
@holiman

That said, maybe it's not a bad idea to do some grants for more focused eyes

also fair point

(for parity)
Taylor Monahan
@tayvano
@twtaylor the release isnt ready yet
it will be unbroken when the release is ready
Thomas Taylor
@twtaylor
ok, thank you
Matthew Halpern
@Matthalp

There are no third parties which can audit eips. I mean, there's no outside person not already deep into ethereum that can audit an eip based on some general body of knowledge. It's quirks upon quirks

@holiman I first learned about the vulnerability from the Chain Security Medium post and assumed they were the ones who discovered it

Nick Johnson
@Arachnid
They were; I believe Martin's point is that they're not a "third party".
Martin Holst Swende
@holiman
Yes, that's true. When you said third party, I thought you meant some outside security firm. Then when Peter commented, I understood that maybe you were referring to the ethereum-related security firms
Matthew Halpern
@Matthalp
No worries. All good here
PlayerOne
@NoPlayerOne_twitter
why not drop the eip only and go forward with the remaining changes.
Micah Zoltu
@MicahZoltu
Something like an Ethereum funded Bug Bounty of finalized EIPs may help attract groups like ChainSecurity at an earlier phase than "right before HF day".
Dan Guido
@dguido
It should not be a bug bounty
Corey Petty
@corpetty
panvala? they're an effort to get people behind funding community security initiatives
Micah Zoltu
@MicahZoltu
@NoPlayerOne_twitter The smallest change possible is to simply change the HF block number. Since we only have ~30 hours left, we want to minimize the chances of complication, which means just changing the block number.
Dan Guido
@dguido
It needs to get funded.
You won't be certain that anyone looked at anything, or that people with the right qualifications and expertise reviewed the EIP if you're not paying for it.
Nick Johnson
@Arachnid
@MicahZoltu I believe future HFs are already covered by the bounty.
Dan Guido
@dguido
This may be a useful read on the effectiveness and limitations of bug bounties: https://blog.trailofbits.com/2019/01/14/on-bounties-and-boffins/
Micah Zoltu
@MicahZoltu
Hmm, OK. Maybe we should just ask ChainSecurity what caused them to review in the 11th hour, and what could have caused them to review sooner?
Could be a good anectdote at least.
Dan Guido
@dguido
If they were paid
People at security firms have a huge amount of work to do at any given moment, research we want to make progress on, clients that need help, code that needs dev, etc etc
There is time in the margins, but even that is subject to intense prioritization
Hudson Jameson
@Souptacular
If people start getting in touch with major stakeholders and exchanges please add them to this list: https://docs.google.com/spreadsheets/d/1GS98k8YosBsqV1UVq57vX-PTOUAcCCcRjJ847H8Y4hw/edit#gid=919960290
Matthias Egli
@MatthiasEgli_twitter
Thanks @dguido, out of my heart. We are already spending quite a lot of effort and time on the research part and on the side trying to figure out how to run a StartUp funded from the money saved during PhDs. Successful so far also thanks to the great open-source work of the community, but there is not a lot of time left at the end of the day. Happy to share the crazy last two days next time at Devcon / EthereumCC though :)
Micah Zoltu
@MicahZoltu
@Souptacular Sadly, it appears someone vandalized that document. :/
I believe Google Drive has administration tools to deal with that?
Hudson Jameson
@Souptacular
Who created that document?
Micah Zoltu
@MicahZoltu
I think @tayvano?
Chase Wright
@MysticRyuujin
Ubuntu PPA updated for Geth, running new version now
IcoCryptex
@IcoCryptex_twitter
icocryptex.io has been updated for Geth new version as well.
5chdn
@5chdn
@IcoCryptex_twitter thanks, noted
Jaap Buurman
@Mushoz
Is there a place where it's being discussed how we are moving forward? Will the EIP be removed and the hardfork be deployed with the remaining EIPs included? Or will the buggy EIP be fixed?
Micah Zoltu
@MicahZoltu
@Mushoz The current plan is to focus on getting through the non-fork, and then evaluate next steps after that.
So for the next probably 3 days or so everyone will be focused on ensuring Constantinople doesn't happen and we don't end up with a chain split.
Jaap Buurman
@Mushoz
@tayvano the google sheet is getting vandalized : /